Multi-Factor Authentication in the Cloud

Here are the slides, as promised, from my Multi-Factor Authentication in the Cloud talk at yesterday's Linux Foundation Collaboration Summit.  I really enjoyed this talk, and the excellent questions from the audience!


:-Dustin

The Horror

I had just finished an awesome lunch with my good friend Josh, at a restaurant his brother, Riley, manages in Dallas.  Enjoying the delicious smoked brisket sandwich, Riley walks up to us at the bar and asks if I drive a black Cadillac.  I knew that question couldn't mean good news of any kind -- just how bad would it be, as this has happened to me before.

Josh and I had driven from Austin to Dallas that morning, to attend the Big Texas Beer Festival, which was going on later that afternoon, and had dipped into this really upscale, beautiful barbecue restaurant, Smoke, at 11:45am.  It's in a bit of a rough neighborhood that is in the process of being cleaned up.  But looks like they're still in need of a bit more gentrification.

Josh and I each had an overnight bag packed, with a change of clothes.  I also had a small cooler with a growler of my own home brewed Scotch Ale.  Unfortunately, those three bags were in plain sight on the back seat and not in the trunk.  Within 30 minutes, between 11:45am and 12:15pm, in broad daylight, some lowlife reprobate delinquent hoodlum smashed the back window and swiped all three bags.  My Google Plus post, within 5 minutes of learning of the treachery, expressed my feelings at the time.

Besides the growler of home brew, I also lost a change of clothes (of course, my favorite t-shirt, jacket, and flip flops), and my Asus Transformer TF700T and mobile dock.

The latter is, unfortunately, an expensive toy, and the biggest loss here.  Unfortunately, all of this falls within my insurance's deductible, so it looks like I'm just paying the Shit Happens tax :-(

So the only silver lining of this whole experience that my Android tablet was, in fact, encrypted.  I used the stock device encryption option available in Android 4.0+, which, if I understand correctly, uses dm-crypt to encrypt the device.

I'm confident that I have a sufficiently long and complicated pass phrase that it won't be guessed or brute forced easily.  20+ numbers, capital and lower case letters, and special characters.  That has helped me sleep a bit more easily at night, knowing that all I have lost is the physical machinery itself.

While I do know how Ubuntu's Encrypted Home Directory works, inside and out, I will review Android's encryption implementation, so that I can get completely comfortable with it.

A big thanks to Riley, who called the cops (they filed a report), loaned us his computer and printer to print out our beer fest tickets, and a shop vac to clean up the mess of glass shards.

:-Dustin

Hockeypuck featured on LWN.net

Nathan Willis has written an excellent article on LWN.net about Hockeypuck -- a new, AGPL public key server written in Golang with a MongoDB backend, authored by my esteemed colleague, Casey Marshall.

I recently introduced Hockeypuck here, and Casey wrote his own intro here.

Casey presented Hockeypuck at SCALE11x on Sunday, February 24th, 2013.  Nathan attended Casey's talk, and published his own review of Hockeypuck.  The article is very comprehensive and well written.  If you missed Casey's talk, it's an excellent retrospective and a good technical introduction to the project.

Enjoy,
Dustin

Slides from Austin Cloud Users Group -- Encrypt. Everything. Everywhere.

Here are the slides, as promised, from my Cloud Security presentation to the Austin Cloud Users Group. Enjoy!


:-Dustin

ssh-import-id now supports -r|--remove keys

As a brief followup to my recent post about ssh-import-id now supporting Github in addition to Launchpad, I should also mention that I've also added a new feature for removing keys that were previously imported.

Here's an example, importing kirkland's public keys from Launchpad.

kirkland@x220:~$ ssh-import-id lp:kirkland
2013-02-15 14:53:46,092 INFO Authorized key ['4096', 'd3:dd:e4:72:25:18:f3:ea:93:10:1a:5b:9f:bc:ef:5e', 'kirkland@x220', '(RSA)']
2013-02-15 14:53:46,101 INFO Authorized key ['2048', '69:57:f9:b6:11:73:48:ae:11:10:b5:18:26:7c:15:9d', 'kirkland@mac', '(RSA)']
2013-02-15 14:53:46,102 INFO Authorized [2] SSH keys

And now let's remove those keys...

kirkland@x220:~$ ssh-import-id -r lp:kirkland
2013-02-15 14:53:49,528 INFO Removed labeled key ['4096', 'd3:dd:e4:72:25:18:f3:ea:93:10:1a:5b:9f:bc:ef:5e', 'kirkland@x220', '(RSA)']
2013-02-15 14:53:49,532 INFO Removed labeled key ['2048', '69:57:f9:b6:11:73:48:ae:11:10:b5:18:26:7c:15:9d', 'kirkland@mac', '(RSA)']
2013-02-15 14:53:49,532 INFO Removed [2] SSH keys

Neat!

So the way this works is that ssh-import-id now adds a comment to the end of each line it adds to your ~/.authorized_keys file, "tagging" the keys that it adds.  When removing keys, it simply looks for keys tagged accordingly.

Enjoy!

:-Dustin

Introducing Hockeypuck -- a new HKP server

[Prerequisite: You should first read Casey's introduction
to HKP and Hockeypuck on his blog here.]

Anyone who has ever used Ubuntu, Debian, Launchpad, or apt-get has implicitly trusted a sophisticated public key distribution protocol called "HKP" or, HTTP Keyserver Protocol.  Originally designed for encrypting and signing email, asymmetric key pairs are used to sign, encrypt, decrypt and check signatures of thousands of packages on almost any Linux system.

Many (most?) public key servers today, such as keyserver.ubuntu.com, use an open source package called SKS (synchronizing key server) to distribute public keys.

Within Gazzang's zTrustee product, we rely on HKP to exchange public keys between client's and server.  In our first implementation, we simply used SKS as installed from the Ubuntu repositories.  SKS worked well in some environments, but it didn't scale well to larger environments, where hundreds of thousands of clients running on cloud servers were exchanging public keys in an automated fashion.

Moreover, we envisioned a system where user and host public SSH keys and server public SSL certificates might be exchanged in the same fashion, using the same protocol.  We considered trying to extend SKS to improve the scalability and feature set.

In the end, we decided a new HKP implementation, leveraging a modern, high performance NoSQL key-value store -- MongoDB -- and written in modern language -- The Go Programming Language -- would enable us to build a more efficient, type-safe, memory-safe, concurrent, garbage-collected, fast implementation of HKP.  We could also extend the feature set with a nice user interface and natively support other public keys.

With the general ideas fleshed out, my esteemed colleague, Casey Marshall, got to work on Hockeypuck -- his implementation of HKP in Golang and MongoDB -- freely available under the AGPL.  All credit for the development of Hockeypuck up to this point goes entirely to Casey :-)  That said, he's really quite interested in outside contributions and help at this point, so if you're proficient in Golang and looking to contribute to an awesome security project, here's your bogey!

We at Gazzang are hosting a reference Hockeypuck server at:

• http://hockeypuck.gazzang.net
• https://hockeypuck.gazzang.net

But you don't have to use our Hockeypuck server ... we're absolutely delighted that Hockeypuck has been accepted into Ubuntu's 13.04 (raring) distribution in Universe.  It's as easy as:

$ sudo apt-get install hockeypuck

in Ubuntu 13.04 to get your Hockeypuck server up and running.  For other Ubuntu releases, Casey is publishing backports to a stable and an unstable PPA.

This server has successfully imported the world's current public key ring -- that's 4GB of OpenPGP public key information!  Casey's still working on the synchronization, which is based on SKS's "recon protocol".  Again, if you're into hard core polynomial math, can read and understand OCaml, and are interested in re-working that algorithm in Golang, get in touch with us :-)

We're really, really interested in your feedback at this point!  You can file bugs against the project and packages here.  We're also looking for your feature requests...  How would you like to use a public key server?  Would you find it useful to import your SSH server or host public keys from a key server?  Would you find it useful to see "badges" by keys, indicating that key's level or trust?  Or perhaps that a key has been "verified"?  What about linking public keys to OpenID or OAuth logins?  Or what about [insert your idea here!]...

Comments?  Bring 'em on!

Cheers,
:-Dustin

Linux: Won't you be our Valentine?

It will be a lovely week next week!

Valentines Day is next Thursday, February 14th, of course.  Make sure you have chocolate and beautiful flowers for your sweetheart.  And remember, that nothing says, "Was just thinking of you" like finding something cute on Pinterest and pinning it on their wall.  (I need to go figure out how to do that, actually).  And, for extra bonus points, call Mom too!  She'll just love that you thought of her, too, on V-day ;-)

Near and dear to my heart, I'm personally excited that Gazzang will be introduced as one of the newest card-carrying members of the Linux Foundation!  I've been an individual member of the Foundation for years, and have attended nearly a dozen LF events.  We're extremely, extremely proud to add Gazzang to its very impressive list of active corporate members.  What excellent company!  I feel that we at Gazzang are differentiating ourselves from our competitors with comprehensive offerings around big data security, enterprise class encryption, and innovative key management -- all built exclusively in and on top of Linux.

And in celebration of all this love, Gazzang's fabulous marketing department has created a special Valentine's Day card for Linux, speaking on behalf of enterprises and big businesses far and wide that are just head over heels in love with the Penguin :-)  Enjoy!

XOXO,
:-Dustin