Ah the trust model discussion, that wasn't parked for long ;-) On 23/07/16 04:43, Jacob Wilder wrote: > Given that deserialization attacks are a ripe attack surface > <https://www.owasp.org/index.php/Deserialization_of_untrusted_data> it's a > good idea to make it possible to authenticate serialized objects whenever > possible.
Yep, and of course it is broader than serialization issues whenever you open a communication channel with an untrusted agent. Java serialization is notorious. I'd suggest we drop it as soon as a reasonable alternative is put in place. There are more robust options. > In the case of Pirk—where systems which hold sensitive data will > be deserializing objects received from other entities—offering users the > option to sign/verify objects before loading them is valuable. If our users > were not dealing with sensitive information of some sort, they wouldn't be > using Pirk. Agreed. Either we figure out the identity of the sender via establishing a secure communication channel, and trust them to send a well-defined message; or have a more open communication channel and look to verify each message and its sender more thoroughly. > I have written some code that uses BouncyCastle to OpenPGP clearsign base64 > encoded Java objects. I'm going to see how cleanly I can integrate it with > Tim's new Serialization code so that it's automatically available to > anything that uses the serialization tools. > > Where things get complicated is in how to expose it to users. Below is my > current thinking. I'd appreciate any feedback. > > By default, all InputStreams used to read data will be checked to see if > they start with the line "-----BEGIN PGP SIGNED MESSAGE-----". If it does, > we'll pull the PGP public keyring from a path specified by property > serialization.openPGPPublicKeyRing and verify the signature. Failed > signature verifications result in an exit. I guess you are describing your prototype here. In general, the serialized form would dictate how the signature and supporting files are exchanged. > Property serialization.requireSignedInput will reject any input that is not > signed with a valid signature. > Property serialization.signOutgoingObjects will sign all outgoing > Serialized Java objects. > Properties serialization.openPGPPrivateKey, > serialization.openPGPPrivateKeyPassword, > and serialization.openPGPPublicKeyRing will indicate the location of the > private key, the password used to decrypt it, and the location of the > public key ring respectively. Doesn't that require you to know all your senders a priori? Probably better to include the public key in a certificate so Pirk can define the accepted CAs. > I had considered using SignedObjects but decided to give OpenPGP a shot > because it's easier to hand-verify signatures or integrate verification of > signed data into automated data flow (say, between two distinct entities > sharing data using Pirk). Using the JDK APIs can produce standard secure hashes, key/cert, etc representations usable by common tools, though I'd recommend using something like Keyczar to get a good implementation of common crypto patterns. Regards, Tim
