Bitcoin Forum
March 29, 2024, 04:45:16 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 »  All
  Print  
Author Topic: What can really be done about server hacking  (Read 8310 times)
mistfpga (OP)
Member
**
Offline Offline

Activity: 86
Merit: 13


View Profile
May 11, 2012, 09:25:16 PM
 #1

Hi all,

It seems now after another major crack we are again in the same position.  I have started this thread to offer some reasonable way of being able to operate with proper server security. And therefore potentially be able to get insurance from _normal_ insurance companies.

For a long time the traditional banks have faced this situation.  The only full solutions for banks is the Hardware Securty Module 8000 from thales or the paysheild 9000 from ncipher (now owned by thales)

These devices will secure the secret keys and sign credit card transactions.  most of the worlds interbanking relies on these devices.

I have worked with both HSM's and PayShields before.  They would not translate in their current format to any non banking transactions. So Thales and nCipher created this at a fraction of the cost, but still with all the goodness that is needed for a tamper proof bitcoin signing box. (it will purge the key if needs be)

http://www.thales-esecurity.com/Products/Hardware%20Security%20Modules/nShield%20Edge.aspx

the nCipher EDGE.

I urge all major bitcoin handlers to seriously consider contacting Thales or nCipher for a demo.

I do not work for Thales or nCipher.  I just know their products very well and this _will_ help the community.  my email address is in my profile if anyone wishes to discuss this further.

(why dont companies purge the keys when the alarms go off? restoring a key from a paper back up is a lot cheaper...)

regards,

steve
1711687516
Hero Member
*
Offline Offline

Posts: 1711687516

View Profile Personal Message (Offline)

Ignore
1711687516
Reply with quote  #2

1711687516
Report to moderator
1711687516
Hero Member
*
Offline Offline

Posts: 1711687516

View Profile Personal Message (Offline)

Ignore
1711687516
Reply with quote  #2

1711687516
Report to moderator
"I'm sure that in 20 years there will either be very large transaction volume or no volume." -- Satoshi
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
rjk
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


1ngldh


View Profile
May 11, 2012, 09:27:23 PM
 #2

How about this? http://www.yubico.com/YubiHSM
I don't know the details of how fast it can go or anything like that, but it is intended to be a secure store of secrets.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
BCB
CTG
VIP
Legendary
*
Offline Offline

Activity: 1078
Merit: 1002


BCJ


View Profile
May 11, 2012, 09:30:59 PM
 #3

Steve,

Thanks for starting this thread.  I think except for those who have BTC tied up in the downed servers the best that can come of this latest incident if for the community to  share their best practices while we come to understand what the root cause of Bitcoinica's issue so others can prevent similar incidents in the future.  I hope others will see fit to post insightful info for the benefit of the community.

Thanks.
check_status
Full Member
***
Offline Offline

Activity: 196
Merit: 100


Web Dev, Db Admin, Computer Technician


View Profile
May 11, 2012, 09:31:44 PM
 #4

Would TPM have stopped this?

For Bitcoin to be a true global currency the value of BTC needs always to rise.
If BTC became the global currency & money supply = 100 Trillion then ⊅1.00 BTC = $4,761,904.76.
P2Pool Server List | How To's and Guides Mega List |  1EndfedSryGUZK9sPrdvxHntYzv2EBexGA
BCB
CTG
VIP
Legendary
*
Offline Offline

Activity: 1078
Merit: 1002


BCJ


View Profile
May 11, 2012, 09:35:44 PM
 #5

Not sure.  Sounds like an email account was accessed which was used to reset the server password.  Seems like "they" had root access.
SgtSpike
Legendary
*
Offline Offline

Activity: 1400
Merit: 1005



View Profile
May 11, 2012, 09:38:47 PM
 #6

Preventing access to the Bitcoin keys should the root password be reset is pretty simple, really.

Encrypt the drive with the keys on it.  If it is mounted, it is accessible.  But as long as the hacker does not have the root password, and has to reset the root password to gain access to it, the drive will unmount, and be inaccessible even with the root password reset.  They would have to know the encryption password for the drive itself to gain access.
BCB
CTG
VIP
Legendary
*
Offline Offline

Activity: 1078
Merit: 1002


BCJ


View Profile
May 11, 2012, 09:44:15 PM
 #7

So are you saying the server has to reboot to change the root password and the encrypted disk would not be automatically remounted on reboot?   I use keys on all my server so I'm not familiar with this.
rjk
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


1ngldh


View Profile
May 11, 2012, 09:46:00 PM
 #8

So are you saying the server has to reboot to change the root password and the encrypted disk would not be automatically remounted on reboot?   I use keys on all my server so I'm not familiar with this.
Well, it might be possible to configure it so that it auto-remounted on reboot, but that would require the boot password to be stored on the machine, which would defeat the purpose of an encrypted disk.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1063


Gerald Davis


View Profile
May 11, 2012, 09:49:14 PM
 #9

Pretty simple stuff:

1) Use your own hardware in a colo-cage.
2) No external password reset.  Period.
3) Remote access only via a dedicated NIC
4) Hardware firewall/VPN which handles IP whitelisting
5) Two factor authentication for all server logins.

TL/DR version:
How about don't let the hacker reset your password and login to your server?
eleuthria
Legendary
*
Offline Offline

Activity: 1750
Merit: 1007



View Profile
May 11, 2012, 09:53:55 PM
 #10

How about don't let the hacker reset your password and login to your server?

+1.  Anybody attempting to host a currency exchange where their machines aren't in a locked cabinet/cage that only they have the key to is only fooling themselves if they think they're being professional.

RIP BTC Guild, April 2011 - June 2015
BCB
CTG
VIP
Legendary
*
Offline Offline

Activity: 1078
Merit: 1002


BCJ


View Profile
May 11, 2012, 09:56:54 PM
 #11

How about don't let the hacker reset your password and login to your server?

+1.  Anybody attempting to host a currency exchange where their machines aren't in a locked cabinet/cage that only they have the key to is only fooling themselves if they think they're being professional.

DeathandTaxes I don't think you can get any more secure then this but I think more then a few of the cloud services could be made just as secure with out owning all the hardware.
eleuthria
Legendary
*
Offline Offline

Activity: 1750
Merit: 1007



View Profile
May 11, 2012, 10:09:07 PM
 #12

How about don't let the hacker reset your password and login to your server?

+1.  Anybody attempting to host a currency exchange where their machines aren't in a locked cabinet/cage that only they have the key to is only fooling themselves if they think they're being professional.

DeathandTaxes I don't think you can get any more secure then this but I think more then a few of the cloud services could be made just as secure with out owning all the hardware.


Yes, there are ways which could prevent your cloud/VPS provider from resetting your password and accessing your stuff.  That's not the point though.  A currency exchange should never be in the situation where an external party could have unauthorized access to your servers [which will ALWAYS be the case for VPS/cloud].  An external party shouldn't even have physical access to their servers.  Sure, there's always the chance of a physical break-in, thats why you still have strong security on the server.

Hosting a site like that on hardware you don't own and have control over in terms of physical access is just asking for trouble.

RIP BTC Guild, April 2011 - June 2015
mistfpga (OP)
Member
**
Offline Offline

Activity: 86
Merit: 13


View Profile
May 11, 2012, 10:14:45 PM
Last edit: May 11, 2012, 10:42:03 PM by mistfpga
 #13

hi,

@rjh
That looks alright, but it doesnt say what antitamper it has, it looks like someone with physical access to the machine could just take the key out, then probe it for the secret key
I would be a little hessitant about running a multimillon dollar business on a $500 key. (it mentions sha but not sha256...)

The Edge usecase is a bit more relevant, when in remote operation mode (via ssh/tls/cert based) it takes a physical device (smart card) inserted at the remote management location to sign something.
so you could have 4 cards, a,b,c and d.  card a inserted allows signing of transactions upto $1000.  if card b is inserted then you can process transactions of $1000 - $5000. for any transactions over $5000 you need cards c and d.

you can have multiple copies of each card with thier own unique encryption code and with their own revocation certificates.

you would always have key a in until you need to process large transactions, then once an hour put card b in once all transactions are verified and clear transactions that are $1000-$5000, then twice a day, you and someone else have to insert keys c and d to process the really large transactions.

on top of this, if anyone tries to mess with the device it will purge all the keys off the device, to a standard you could not get them back by probing or skimming the chips. but not the cards. (which are on the other side of the world anyway) you can then use the cards and the master cards to reprogram the device remotely.

This kind of functionality has been around and avaliable to the public for at least 4 or 5 years. I guess that the Edge costs around $7000 based of the pricing of thales' other products.

physical access does you no good at all.

@check_status maybe, maybe not.  there is no out of the box solution for this that i know of that uses tpm.  the thales technology is proven.

@sgtspike - in that one circumstance that would protect the system.  however it does not help if there is a priv elevation.  Also what happens if the box falls over? someone in the datacentre or nearby must have the keys.

if you are processing $50k a month in profit how can you not spend $7k on one very good layer of defense (shit a paysheild is only around $50k anyway...), then add more layers (i am not suggesting have only one layer of defense) the everyone already knows the drill for that (death and taxes just posted a good list - the edge will do all that too...). but people dont do it, that really amazes me. if you are lazy buy an edge!

 - if someone wants to buy me one, I will write a guide. Smiley

EDIT: from the ncipher website the device "Delivers FIPS compliance" That is the bit that should allow you to be underwritten and insured as a standard finacial institiution. (although i am not in anyway a lawyer at all. I do know you wont get any insurance without it)

EDIT2: they are at least security level 3 in fips... i think payshields are 4 iirc but dont quote me on either Smiley
Littleshop
Legendary
*
Offline Offline

Activity: 1386
Merit: 1003



View Profile WWW
May 12, 2012, 12:17:41 AM
 #14

So are you saying the server has to reboot to change the root password and the encrypted disk would not be automatically remounted on reboot?   I use keys on all my server so I'm not familiar with this.
Well, it might be possible to configure it so that it auto-remounted on reboot, but that would require the boot password to be stored on the machine, which would defeat the purpose of an encrypted disk.

Yes.  If the machine needs to be re-booted, a password needs to be typed in to get it to boot.  This would be inconvenient if the machine was unreliable, but would work fine if the machine was reliable.  The password could be typed remotely through a secured connection of course. 

Keep a smaller wallet online.  So the transaction volume is great?  Ok.  You can re-fill the machine by sending coins to it from a secured offline machine periodically.  Large withdrawals get delayed.  Outgoing transactions should be checked by a human 2x a day looking looking for any loss. 

rjk
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


1ngldh


View Profile
May 12, 2012, 12:31:28 AM
 #15

hi,

@rjh
That looks alright, but it doesnt say what antitamper it has, it looks like someone with physical access to the machine could just take the key out, then probe it for the secret key
I would be a little hessitant about running a multimillon dollar business on a $500 key. (it mentions sha but not sha256...)

The Edge usecase is a bit more relevant, when in remote operation mode (via ssh/tls/cert based) it takes a physical device (smart card) inserted at the remote management location to sign something.
so you could have 4 cards, a,b,c and d.  card a inserted allows signing of transactions upto $1000.  if card b is inserted then you can process transactions of $1000 - $5000. for any transactions over $5000 you need cards c and d.

you can have multiple copies of each card with thier own unique encryption code and with their own revocation certificates.

you would always have key a in until you need to process large transactions, then once an hour put card b in once all transactions are verified and clear transactions that are $1000-$5000, then twice a day, you and someone else have to insert keys c and d to process the really large transactions.

on top of this, if anyone tries to mess with the device it will purge all the keys off the device, to a standard you could not get them back by probing or skimming the chips. but not the cards. (which are on the other side of the world anyway) you can then use the cards and the master cards to reprogram the device remotely.

This kind of functionality has been around and avaliable to the public for at least 4 or 5 years. I guess that the Edge costs around $7000 based of the pricing of thales' other products.

physical access does you no good at all.

Well, note that the YubiHSM is in a small USB stick format - it is designed to be installed inside any server, and then the server itself would have case opening sensors and case locks. I am not sure about the anti-tamper stuff other than that, but the device is designed to be write-only for the keys, and it does its own computations based on signals sent to it to decode. It's kind of complicated and I don't totally understand it, but I think it has a bit more going on behind the scenes then it really looks like.

As for the special smart cards - that sounds like an extremely cool technology to have, and it makes a lot of sense with that kind of design. Kind of like a missile launcher where 2 guys both have to turn their keys at the same time. Grin It sounds like it would be expensive though.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
mistfpga (OP)
Member
**
Offline Offline

Activity: 86
Merit: 13


View Profile
May 14, 2012, 03:40:18 PM
 #16

hey rjh

Yeah, that YUBI does look alright, I was just thinking it is probably easier to break into a data centre and nick the little stick than it is to break into a local bank and getting away with $100k


from their faq it is clear that this device is not the device you want to use to protect a place like an exchange.  However, if you are running your own server, it will help you not lose your bitcoins if you get rooted. so a pratical solution to the allinvain issue (although armoury[1] can have this functionality, i like harware. this yubi might allow for some more interesting use cases)

http://www.yubico.com/YubiHSM-FAQ

Quote
2. Is the YubiHSM security certified (FIPS 140 or similar)?
 NO - we may consider this in the future for a premium version (due to cost). We will decide later on when the final functionality is fully defined and has been tested out thoroughly.

so physical access is still a problem. but for $500 it is a really good product.  I cannot find anything similar for anywhere near that cash.

In some good news, I was speaking to a friend about this over the weekend and he is going to lend me an edge.  Hopefully I can write something that will give people and idea of how all this works.

For a really serious deployment, you can make a bitcoin hsm with the 3 card reader control and exactly the same ACL's that existing banking infrastructure. all that for about $50k (this includes one ncipher solo, 3 edges and $10k for thales or ncipher to set it all up - although this is not a payshield, it will work in the same fashion)

I am not into regulation in the slightest, but i do not see why we cannot use the FIPS 140 standard for security, even if you do not get the cert, why not use certified kit and get someone certified to set it up?

I am going to order one of those yubi's, thanks for the link. It will be interesting to see what can be protected with it, i will write a guide for that too. (i am just waiting for a response that it supports sha256 signatures)

cheers,
steve

[1]I am amazed at the work and how quality the armoury software is.
 
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1063


Gerald Davis


View Profile
May 14, 2012, 03:49:05 PM
Last edit: March 19, 2014, 04:50:21 AM by DeathAndTaxes
 #17

The issue with things like yubi or COTS HSM is the key will be in plaintext at some point.

Even if you use yubi or another HSM to keep keys decrypted to send funds you will need to decrypt them and then the keys can be stolen.  I don't see how any of that provides any security.  Limiting the per tx limit is also of dubious value.  Instead of thief stealing 18K, they simply transfer out 1K, 18 times.  

The only HSM which would provide any real security is one in which the private keys NEVER (under any cirmcumstances) leave the device.  The host would send a payout request to the HSM which would use a private key to construct a tx and return that to the host.  The HSM could be configured with velocity limits and require a key on startup.  Changing an admin password would require a host reboot (thus leaving HSM offline).

Any device which simply encrypts and decrypts the private keys on command provides no security.  The host has to have the ability to issue a decrypt command (or the wallet isn't hot) and if the host can then so can the attacker who has gained access to the host.
nedbert9
Sr. Member
****
Offline Offline

Activity: 252
Merit: 250

Inactive


View Profile
May 14, 2012, 04:12:04 PM
 #18




When considering password reset services external to the system in question this could be seen as a matter of perimeter security.

Sadly, as it was the perimeter wasn't secured very well (no thanks to Rackspace to allow root by way of an email).  For a financial system this is truly scary.  I'm really surprised.


mistfpga (OP)
Member
**
Offline Offline

Activity: 86
Merit: 13


View Profile
May 14, 2012, 04:16:10 PM
 #19

Hi Death and Taxes,

The issue with things like yubi or COTS HSM is the key will be in plaintext at some point.

Even if you use yubi or another HSM to keep keys decrypted to send funds you will need to decrypt them and then the keys can be stolen.  I don't see how any of that provides any security.  Limiting the per tx limit is also of dubious value.  Instead of thief stealing 18K, they simply transfer out 1K, 18 times. 

in my experience no hsms work like this. (none of nciphers' nshield range or thales' hsm products act in this manner,  100% sure on that. I dont think the yubi does either. not sue. that is why I am going to order one, see what it does do, if it will do sha256 signing.)

Quote
The only HSM which would provide any real security is one in which the private keys NEVER (under any cirmcumstance leave).  The host would send a payout request to the HSM which would use a private key to construct a tx and return that to the host.  The HSM could be configured with velocity limits and require a key on startup.  Changing an admin password would require a host reboot (thus leaving HSM offline).

This is exactly how all code signing hsms work, although for us rather than signing code, you sign a bitcoin transaction.

You can set all sorts of reboot security... they nearly always will reboot into standby and need an activation key. (key card or physical key)

I agree on the dubiousness of having withdraw limits, my usecase was to show how the bitcoin private key is never exposed. And the distributed control that could be achieved. I didnt really think too much about the rest of the example. Stopping someone putting invalid transactions through your box is a different problem...

Quote
Any device which simply encrypts and decrypts the private keys on command provides no security.  The host has to have the ability to issue a decrypt command (or the wallet isn't hot) and if the host can then so can the attacker who has gained access to the host.

I agree.

The Edge and Solo both do on chip signing, so the keys never leave the device, nor are in plaintext (both are fips level 3 certified devices.)

using and edge and a solo, the keys can be split amongst people in different parts of the world and never be on the datacentre machines. nor have one person know the whole key. (you dont have to use this functionality)

I hope this clears things up a bit.

cheers,

steve
mb300sd
Legendary
*
Offline Offline

Activity: 1260
Merit: 1000

Drunk Posts


View Profile WWW
May 14, 2012, 04:28:20 PM
 #20

Have a second server do all the transactions. Have the server use a polling method, through TOR so it's IP address is never known. Even if you break into the site, you'd still have to figure out the comm protocol witht he off site server, and event hen you can only steal the maximum single withdraw amount, ~500 BTC sounds reasonable. I have a private server in my apartment with 6-hour UPS, and 5x redundant internet connections through 3 different providers. Certainly an exchange owner can afford the same without resorting to hacking wifis either.

1D7FJWRzeKa4SLmTznd3JpeNU13L1ErEco
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!