DAVID ACLAND - DIGITAL SIGNATURES Introduc�on > whoami WHOAMI
David Acland @davidacland Introduc�on > whoami Introduc�on > About this talk
ABOUT THIS TALK Introduc�on > About this talk > Progress
Progress Bar Where are we? Introduc�on > About this talk > What WHAT WE’RE TALKING ABOUT Cryptology
Cryptography Cryptanalysis
Asymmetric Symmetric
Encryp�on Digital Signatures Introduc�on > About this talk > Why WHY WE’RE TALKING ABOUT IT DNSSEC Signed Packages Gatekeeper TCC Secure boot
SSL DKIM AutoPkg
SSH Kernel Extensions Introduc�on > About this talk > Why WHY WE’RE TALKING ABOUT IT Introduc�on > About this talk > Why WHY WE’RE TALKING ABOUT IT Trusted signatures are becoming a requirement Introduc�on > About this talk > Contents CONTENTS
▸ Introduc�on to digital signatures ▸ Underlying technologies ▸ Prac�cal usage Introduc�on > About this talk > Warning
THERE’S MATHS IN HERE (sorry) Introduc�on > About this talk > Follow along
IT’S INTERACTIVE
https://bit.ly/2TR6y9a Introduc�on > Introduc�on to digital signatures
INTRODUCTION TO DIGITAL SIGNATURES Introduc�on > Introduc�on to digital signatures
WHAT IS A SIGNATURE? Introduc�on > Introduc�on to digital signatures > What’s a signature? WHAT’S A SIGNATURE? Introduc�on > Introduc�on to digital signatures > What’s a signature? WHAT DO THEY GIVE YOU?
▸ Authen�ca�on ▸ Integrity Security Services ▸ Non-repudia�on Introduc�on > Introduc�on to digital signatures > Paper Signatures
ARE PAPER SIGNATURES EFFECTIVE? Introduc�on > Introduc�on to digital signatures > Paper Signatures ARE PAPER SIGNATURES EFFECTIVE?
▸ Authen�city - You can’t be sure the sender is who they claim to be ▸ Integrity - You can change the contents a�er it’s been signed ▸ Non-repudia�on - I can just deny I signed it Introduc�on > Introduc�on to digital signatures > Digital Signatures
WHAT ABOUT DIGITAL SIGNATURES? Introduc�on > Introduc�on to digital signatures > Digital Signatures DIGITAL SIGNATURES
▸ A private key is used to sign data ▸ It can be used to sign any data ▸ It provides the same security services as paper signatures Introduc�on > Introduc�on to digital signatures > What signing isn’t SIGNING ISN’T ENCRYPTION
▸ We send the plaintext data along with the signature ▸ Signatures aren’t interested in hiding the data UNDERLYING TECHNOLOGIES Underlying Technologies > Contents CONTENTS
▸ Hashing ▸ Asymmetric Cryptography ▸ Signing ▸ Cer�ficates and trust Underlying Technologies > Signing Process
BASIC SIGNING PROCESS Private Key
89630aafea14b2d8 ec9f0ca0251485cb Encryption Algorithm Hash function 94add8ec5�53218 1599b80051a09347 Data Hashed data
Public Key Hashed data 1d008bea0a8272da 89630aafea14b2d8 83842aa4d2f3f73e ec9f0ca0251485cb 9acd9c4dd76df908 Decryption Algorithm 94add8ec5�53218 435a567b55c6534e 1599b80051a09347 Signature Compare 89630aafea14b2d8 ec9f0ca0251485cb Hash function 94add8ec5�53218 1599b80051a09347 Underlying Technologies > Hashing
HASHING Underlying Technologies > Hashing WHAT IS HASHING?
Turns a data input into a fixed length, scrambled output
89630aafea14b2d8 ec9f0ca0251485cb9 Hash function 4add8ec5�532181 599b80051a09347 Data Hex output Underlying Technologies > Hashing
A LITTLE HASHING DEMO Underlying Technologies > Hashing > Why use hashing
WHY USE HASHING? Private Key
Encryption Algorithm
Data
Public Key
1d008bea0a8272da 83842aa4d2f3f73e Decryption Algorithm 9acd9c4dd76df908 435a567b55c6534e Signature Compare Underlying Technologies > Hashing > Why use hashing WHY USE HASHING?
Original 1GB file:
Signed without hashing
Signed with hashing Underlying Technologies > Hashing > Algorithms
WHAT HASHING ALGORITHMS ARE AVAILABLE? Underlying Technologies > Hashing > Algorithms COMMON HASHING ALGORITHMS
▸ MD5 ▸ SHA-1 ▸ SHA-2 ▸ SHA-3 ▸ RIPEMD-160 ▸ Whirlpool ▸ BLAKE2 ▸ … Underlying Technologies > Hashing > Algorithms
WHAT HASHING ALGORITHMS ARE WEBSITES USING? Underlying Technologies > Hashing > Algorithms HASHING Underlying Technologies > Hashing > Algorithms HASHING Underlying Technologies > Hashing > Algorithms HASHING Underlying Technologies > Hashing > SHA256
A QUICK LOOK AT SHA256 Underlying Technologies > Hashing > SHA256 SHA256 Ini�al hash value 0101010101 Data 10011010000000001001101 AND 0001001101 = 0001001000 Underlying Technologies > Hashing > SHA256 SHA256 1. 1001101000 2. 0001001101 3. 0001001000 4. 0110100010 5. 1000000100 6. … 7. … 64. 1001011011 Underlying Technologies > Hashing > SHA256 AVALANCHE EFFECT
Single character change
hello Hello
Hash function Hash function
3362cec4339baf 89630aafea14b
Completely different output Underlying Technologies > Hashing > SHA256 SHA256 - LAST FEW STEPS Ini�al hash value 0001001000 AND + XOR Data 0101010101 89630aafea14b2d8ec9f0c Hash result a0251485cb94add8ec5� 532181599b80051a09347 Underlying Technologies > Asymmetric Cryptography
ASYMMETRIC CRYPTOGRAPHY Underlying Technologies > Asymmetric Cryptography ASYMMETRIC CRYPTOGRAPHY
Symmetric (AES, 3DES, etc…) ABCD1234 ABCD1234
Private Public Asymmetric (RSA, DSA, etc…)
ABCD1234 EFGH5678 Underlying Technologies > Asymmetric Cryptography > SSL Handshake SSL HANDSHAKE
Private
Public Public
Symmetric Key Symmetric Key
Encrypt Decrypt Underlying Technologies > Asymmetric Cryptography > Signing SIGNING
Public
Verify Sign Public Private
Decrypt Encrypt Underlying Technologies > Signing
SIGNING Underlying Technologies > Signing SIGNING
The sender encrypts a hash of the data using their private key and a signature algorithm Underlying Technologies > Signing SIGNING
A LITTLE SIGNING DEMO Underlying Technologies > Signing > Signing Algorithms SIGNING
WHAT SIGNATURE ALGORITHMS ARE AVAILABLE? Underlying Technologies > Signing > Signing Algorithms SIGNING ▸ RSA ▸ Schnorr Signature Algorithm ▸ DSA ▸ Rapid Digital Signature ▸ ElGamal Encryp�on System ▸ GMR Algorithm ▸ DSA ▸ Rabin Cryptosystem ▸ ECDSA ▸ EdDSA Algorithm ▸ GOST R 34 10-2012 ▸ Ed25519 Underlying Technologies > Signing > Signing Algorithms SIGNING
WHAT SIGNATURE ALGORITHMS ARE PEOPLE USING? Underlying Technologies > Signing > Signing Algorithms SIGNING Underlying Technologies > Signing > Signing Algorithms SIGNING Underlying Technologies > Signing > Signing Algorithms SIGNING Underlying Technologies > Signing > RSA
LET’S LOOK AT RSA Underlying Technologies > Signing > RSA RSA
▸ Asymmetric cryptographic algorithm ▸ Clifford Cocks in 1973 ▸ Ron Rivest, Adi Shamir, and Leonard Adleman in 1978 Underlying Technologies > Signing > RSA RSA - STEPS
▸ Key genera�on ▸ Signing ▸ Verifying Underlying Technologies > Signing > RSA > Maths
SOME MATHS Underlying Technologies > Signing > RSA > Maths > Prime Numbers PRIME NUMBERS
A whole number (integer) greater than 1 that can not be made by mul�plying other whole numbers
2 3 5 7 11 13 17 19 23… Underlying Technologies > Signing > RSA > Maths > Coprime COPRIME / RELATIVELY PRIME
Two integers are rela�vely prime if the only posi�ve integer that divides them evenly is 1
e.g. 35 and 18 are rela�vely prime Underlying Technologies > Signing > RSA > Maths > Exponen�a�on EXPONENTIATION
Mul�plying a number by itself n �mes, where n is the exponent Base 24 Exponent
e.g. 24 = 2 x 2 x 2 x 2 = 16 Underlying Technologies > Signing > RSA > Maths > Factors FACTORS
Numbers that, when mul�plied, produce another number 4 x 5 = 20 Factors Underlying Technologies > Signing > RSA > Maths > Factoring FACTORING
Given a number “n”, factoring is the process of working out the numbers, or “factors” that can be mul�plied together to make “n”
e.g. for “20 = A x B”, find out what A and B are Underlying Technologies > Signing > RSA > Maths > Prime Factorisa�on PRIME FACTORISATION
Given a number “n”, find two prime numbers that can be mul�plied together to make “n”
e.g. for “15 = A x B”, find out what A and B are Underlying Technologies > Signing > RSA > Maths > PHI Φ (PHI) A count of the posi�ve integers up to a given integer “n” that are rela�vely prime to “n” So if n = 6: Φ(6) = 2 1 2 3 4 5 6
1 and 5 share no factors with 6 Underlying Technologies > Signing > RSA > Maths > MOD MOD 32 mod 5 = 2 5 mod 8 = 5 38,927 mod 8 = 7 Underlying Technologies > Signing > RSA
RSA PROCESS Underlying Technologies > Signing > RSA > RSA Process RSA - KEY GENERATION
▸ Pick two prime numbers “p” & “q” ▸ Calculate the public key “n” by mul�plying “p” and “q” ▸ Calculate Φ(n) ▸ Pick a public exponent “e”, that is coprime with Φ(n) ▸ Calculate the private key “d”, which is the inverse of e * (mod Φ(n)) Underlying Technologies > Signing > RSA > An Example
AN EXAMPLE… Underlying Technologies > Signing > RSA > An Example RSA - MULTIPLY P & Q p = 17 q = 19
17 * 19 = 323 n = 323 Underlying Technologies > Signing > RSA > An Example RSA - CALCULATE Φ(N) Φ(n) = Φ(p) * Φ(q) p = 17 q = 19 Φ(p) = p-1 Φ(q) = q-1 Φ(p) = 16 Φ(q) = 18 Φ(n) = 16 * 18 = 288 Underlying Technologies > Signing > RSA > An Example RSA - PICK A PUBLIC EXPONENT
11 must be coprime with Φ(n) Underlying Technologies > Signing > RSA > An Example RSA - CALCULATE THE INVERSE OF E * (MOD Φ(N)
11 288
131 Underlying Technologies > Signing > RSA > An Example RSA - FINAL VALUES
▸ n - Public323 (public key, the key) result of p * q ▸ e - Public11 (public exponent, exponent) needed to decrypt the signature ▸ d - Private131 (private key, the key) inverse of e * (mod Φ(n)) Underlying Technologies > Signing > RSA > An Example RSA - SIGNING
▸ Raise the message “m” to the power of the private key “d” ▸ Mod by the public key “n” md mod n Underlying Technologies > Signing > RSA > An Example RSA - SIGNATURE VERIFICATION
▸ Signature “s” raised to the power of the public exponent “e” ▸ Mod by the public key “n” se mod n Underlying Technologies > Signing > RSA > Where is the strength?
WHERE IS THE STRENGTH IN RSA? Underlying Technologies > Signing > RSA > Where is the strength? RSA
What are the factors of 15? 3 x 5 Underlying Technologies > Signing > RSA > Where is the strength? RSA
What are the factors of 133? 7 x 19 Underlying Technologies > Signing > RSA > Where is the strength? RSA
What are the factors of 526,301? 617 x 853 Underlying Technologies > Signing > RSA > Where is the strength?
RSA Example RSA “n” value:
25195908475657893494027183240048398571429282126204032027777137 83604366202070759555626401852588078440691829064124951508218929 85591491761845028084891200728449926873928072877767359714183472 70261896375014971824691165077613379859095700097330459748808428 40179742910064245869181719511874612151517265463228221686998754 91824224336372590851418654620435767984233871847744479207399342 36584823824281198163815010674810451660377306056201619676256133 84414360383390441495263443219011465754445417842402092461651572 33507787077498171257724679629263863563732899121548314381678998 85040445364023527381951378636564391212010397122822120720357 Underlying Technologies > Signing > Summary
SUMMARY OF THE SIGNING PROCESS Underlying Technologies > Signing > Summary SIGNING Step 1 Bob hashes the data using a hashing algorithm like SHA2 Underlying Technologies > Signing > Summary SIGNING Step 2 Bob encrypts the hash with his private key. The result is Bob’s digital signature Underlying Technologies > Signing > Summary SIGNING Step 3
The data is sent, along with the signature Underlying Technologies > Signing > Summary SIGNING Step 4 Alice decrypts the encrypted hash using Bob’s public key Underlying Technologies > Signing > Summary SIGNING Step 5 Alice hashes the plaintext data with the same hashing algorithm and compares the output with the hash provided in the digital signature Underlying Technologies > Cer�ficates
WHAT DO CERTIFICATES HAVE TO DO WITH SIGNING? Underlying Technologies > Cer�ficates CERTIFICATES
Name
Public Key Underlying Technologies > Cer�ficates > Trust
HOW CAN WE TRUST THE SENDER OF SIGNED DATA? Underlying Technologies > Cer�ficates > Self Signed Underlying Technologies > Cer�ficates > Self Signed Underlying Technologies > Cer�ficates > Trust TRUST
Trusted by macOS Presented by server Underlying Technologies > Cer�ficates > Trust TRUST Underlying Technologies > Cer�ficates > Trust INTEGRITY
www.apple1.com PRACTICAL USAGE Prac�cal Usage > Contents CONTENTS
▸ SSL website cer�ficates ▸ Signing a package ▸ Signing an app ▸ Autopkg & signatures ▸ KEXTs ▸ TCC ▸ Secure boot Prac�cal Usage > SSL website cer�ficates SSL WEBSITE CERTIFICATES
1. Create a private 2. Create Cer�ficate 3. 3rd party validates and key Request signs the request
4. Receive your signed cer�ficate Prac�cal Usage > Signing a package SIGNING A PACKAGE
▸ Get the signing cer�ficate ▸ Add to your keychain ▸ Sign packages Prac�cal Usage > Signing a package
GET THE DEV CERT AND SIGN A PACKAGE Prac�cal Usage > Signing an app SIGNING AN APP
▸ Get the signing cer�ficate ▸ Add to your keychain ▸ Sign apps Prac�cal Usage > Signing an app
SIGN AN APP Prac�cal Usage > Autopkg & signatures AUTOPKG & SIGNATURES You can do a code sign check…
▸ KEXTs are codesigned with the vendors developer key ▸ Users can approve the loading of the KEXTs ▸ Admins can whitelist the vendor or the specific KEXT with a profile ▸ All �ed back to the Apple root cer�ficates via a chain of trust Prac�cal Usage > TCC TCC
▸ Similar to KEXTs in regards to signatures ▸ Uses the Team and Bundle iden�fiers to grant apps access ▸ Also �ed back to Apple via a chain of trust Prac�cal Usage > Secure Boot SECURE BOOT
▸ Each step of the boot process is cryptographically signed by Apple: ▸ T2 chip executes code in the Boot ROM ▸ The Boot ROM verifies the iBoot bootloader ▸ iBoot verifies the kernel extension code on the T2 chip ▸ The kernel extension code on the T2 chip verifies the Intel UEFI firmware ▸ UEFI firmware verifies the signature for boot.efi ▸ Boot.efi verifies the signature of a new file called immutablekernel THANKS