Windows SSH client with TPM

2016-10-17, Categories: tpm, hsm, security, windows

I managed to get an SSH client working using an SSH pubkey protected by a TPM.

Read the rest of this entry »

Yubikey 4 for SSH with physical presence proof

2016-01-28, Categories: security

This is another post in the series of how to protect SSH keys with hardware, making them impossible to steal.

This means that you know that your piece of hardware (e.g. Yubikey or TPM inside your laptop) was actively involved in the transaction, and not, say, turned off and disconnected from the Internet at the time (like in a safe or on an airplane).

What’s new this time is that we can now have a physical presence test on every use of the key. That means that even if someone hacks your workstation completely and installs a keylogger to get your PIN, unless they also break into your home they can’t use the key even while the machine is on and connected. Evil hackers in another country are out of luck.

Read the rest of this entry »

How to boot an encrypted system safely

2015-03-27, Categories: security, tpm

These are my notes on how to set up a system securely, in a way that would prevent attackers from being capable of performing an “evil maid attack”.

Read the rest of this entry »

Secure browser-to-proxy communication - again

2014-09-20, Categories: security, network

I've previously blogged about a secure connection between browser and proxy. Unfortunately that doesn't work on Android yet, since except if you use Google for Work (an enterprise offering) you can't set Proxy Auto-Config.

This post shows you how to get that working for Android. Also it skips the stunnel hop since it doesn't add value and only makes Squid not know your real address. I'm here also using username and password to authenticate to the proxy instead of client certificates, to make it easier to set up.

Read the rest of this entry »

Another way to protect your SSH keys

2014-06-17, Categories: security, network, unix

Let's say you don't have a TPM chip, or you hate them, or for some other reason don't want to use it to protect your SSH keys. There's still hope! Here's a way to make it possible to use a key without having access to it. Meaning if you get hacked the key can't be stolen.

Read the rest of this entry »

Don't forget to restart all your OpenSSL binaries

2014-04-20, Categories: security

The wonder of UNIX is that you can delete running binaries and loaded shared libraries. The drawback is that you get no warning that you're still actually running old versions. E.g. old heartbleed-vulnerable OpenSSL.

Server binaries are often not forgotten by upgrade scripts, but client binaries almost certainly are. Did you restart your irssi? PostgreSQL client? OpenVPN client?

Find processes running with deleted OpenSSL libraries:

$ sudo lsof | grep DEL.*libssl
apache   17179      root  DEL       REG        8,1               24756 /usr/lib/x86_64-linux-gnu/

Read the rest of this entry »

How TPM-protected SSH keys work

2013-11-30, Categories: security, unix, hsm

In my last blog post I described how to set up SSH with TPM-protected keys. This time I'll try to explain how it works.

Read the rest of this entry »

TPM chip protecting SSH keys - properly

2013-11-26, Categories: security, hsm, tpm, unix

Not long after getting my TPM chip to protect SSH keys in a recent blog post, it started to become obvious that OpenCryptoKi was not the best solution. It's large, complicated, and, frankly, insecure. I dug in to see if I could fix it, but there was too much I wanted to fix, and too many features I didn't need.

So I wrote my own. It's smaller, simpler, and more secure. This post is about this new solution.

Read the rest of this entry »

Should I generate my keys in software or hardware?

2013-11-25, Categories: security, tpm, hsm

A Hardware Security Module (HSM) is any hardware that you can use for crypto operations without revealing the crypto keys. Specifically I'm referring to the Yubikey NEO and TPM chips, but it should apply to other kinds of special hardware that does crypto operations. I'll refer to this hardware as the "device" as the general term, below.

Read the rest of this entry »

TPM chip protecting SSH keys

2013-11-12, Categories: security, hsm, tpm, unix

STOP! There is a better way. this post explains a simpler and more secure way.

Update 2: I have something I think will be better up my sleeve for using the TPM chip with SSH. Stay tuned. In the mean time, the below works.

Finally, I found out how to use a TPM chip to protect SSH keys. Thanks to Perry Lorier. I'm just going to note down those same steps, but with my notes.

I've written about hardware protecting crypto keys and increasing SSH security before:

but this is what I've always been after. With this solution the SSH key cannot be stolen. If someone uses this SSH key that means that the machine with the TPM chip is involved right now. Right now it's not turned off, or disconnected from the network.

Update: you need to delete /var/lib/opencryptoki/tpm/your-username/*.pem, because otherwise your keys will be migratable. I'm looking into how to either never generating these files, or making them unusable by having the TPM chip reject them. Update to come.

Read the rest of this entry »

GPG and SSH with Yubikey NEO

2013-02-27, Categories: security, unix, hsm

I'm a big fan of hardware tokens for access. The three basic technologies where you have public key crypto are SSH, GPG and SSL. Here I will show how to use a Yubikey NEO to protect GPG and SSH keys so that they cannot be stolen or copied. (well, they can be physically stolen, of course).

Read the rest of this entry »

Plug computer for always-on VPN

2013-02-08, Categories: security, network, unix

Last time I was at a hacker conference I for obvious reasons didn't want to connect to the local network. It's not just a matter of setting up some simple firewall rules, since the people around you are people who have and are inventing new and unusual attacks. Examples of this would be rogue IPv6 RA and NDs, and people who have actually generated their own signed root CAs. There's also the risk (or certainty) of having all your unencrypted traffic sniffed and altered.

For next time I've prepared a SheevaPlug computer I had laying around. I updated it to a modern Debian installation, added a USB network card, and set it up to provide always-on VPN. This could also be done using a raspberry pi, but I don't have one.

Read the rest of this entry »

Be careful with hashmaps

2012-02-07, Categories: security, coding

As you remember from long ago hashes are O(1) best case, but can be O(n) if you get hash collisions. And if you're adding n new entries that means O(n^2).

I thought I'd take a look at the hash_set/hash_map GNU C++ extension.

Read the rest of this entry »

Benchmarking TPM-backed SSL

2012-02-04, Categories: security, network, tpm, hsm

As you can plainly see from this graph, my TPM chip can do approximately 1.4 SSL handshakes per second. A handshake takes about 0.7 seconds of TPM time, so when two clients are connecting the average connect time is 1.4 seconds. This means probably not useful on server side, but should be good for some client side applications.

Read the rest of this entry »

TPM-backed SSL

2012-02-03, Categories: security, network, coding, tpm, hsm

This is a short howto on setting up TPM-backed SSL. This means that the secret key belonging to an SSL cert is protected by the TPM and cannot be copied off of the machine or otherwise inspected.

Meaning even if you get hacked the attackers cannot impersonate you, if you manage to kick them off or just shut down the server. The secret key is safe. It has never been outside the TPM and never will be.

This can be used for both client and server certs.

Read the rest of this entry »

Secure browser-to-proxy communication

2011-12-27, Categories: security, network

When connecting to a possibly hostile network I want to tunnel all traffic from my browser to some proxy I have set up on the Internet.

The obvious way to do this is with a proxy. The problem with that is that the traffic from the browser to the proxy is not encrypted. Even when you browse to secure SSL sites some traffic is being sent in the clear, such as the host name. That's not so bad, but I want to hide my HTTP traffic too.

Read the rest of this entry »

Yubico is awesome

2011-07-16, Categories: security, coding, unix, hsm

Yubico and their products are awesome.

That pretty much sums up this blog post but I'm going to go on anyway. If you're thinking of introducing two-factor authentication to your company, or you're using something that's fundamentally broken (like RSA SecureID) you simply must at least take Yubikeys into consideration.

Read the rest of this entry »

OpenSSH certificates

2011-07-05, Categories: unix, security

The documentation for OpenSSH certificates (introduced in OpenSSH 5.4) are, shall we say, a bit lacking. So I'm writing down the essentials of what they are and how to use them.

What they are NOT

They're not SSH PubkeyAuthentication

In other words if your .pub file doesn't end in and you haven't used ssh-keygen -s, then you aren't using certificates.

Read the rest of this entry »

tlssh - a replacement for SSH

2010-08-05, Categories: security, unix, coding, network

I've started writing a replacement for SSH.

Why? Because SSH has some drawbacks that sometimes annoy me. I also wanted an authentication scheme that's more similar to SSL/TLS than what SSH does.

With tlssh you don't specify username or password, you simply connect to the server using a client-side certificate to log in as the user specified in the certificate. No interaction until you reach the shell prompt on the server.

Read the rest of this entry »

Clipboard sniffer

2010-01-26, Categories: security, coding, unix

Yes clipboard, not keyboard. I've made a clipboard sniffer for X called ClipSniff.

It periodically saves whatever is in the clipboard (both the "PRIMARY" and the "CLIPBOARD") into a sqlite database.

git clone

Read the rest of this entry »