Presented at
Black Hat USA 2021,
Aug. 4, 2021, 11:20 a.m.
(40 minutes)
Compromised credentials have been APT groups' favorite tool for accessing, propagating and maintaining access to their victims' networks. Consequently, aware defenders mitigate this risk, by adding additional factors (MFA), so no secret is a single point of failure (SPOF). However, the systems' most lucrative secrets, their "Golden Secrets", are still a SPOF and abused in practice by attackers.<br><br>Golden secrets are at the heart of most current authentication systems. These secrets, such as KRBTGT for Kerberos or private key for SAML, are used to cryptographically secure the issuance of access tokens and protect their integrity. Consequently, they are also the attackers' most lucrative targets. When a golden secret is captured, it allows attackers to issue golden access tokens in an offline manner to take full control over the system.<br><br>Recently, SUNBURST attackers were reported to use stolen private keys to create Golden SAML tokens to access victims' Office 365 environments and a stolen DUO 2FA "akey" secret to create a golden cookie to bypass 2FA access restriction to certain applications.<br><br>In our talk, we will explain the two main issues historically preventing defenders from applying the highly effective MFA approach to Golden Secrets: backward compatibility and lack of orthogonal additional factors, and how they are solved by our solution, already battle-tested in the cryptocurrency domain.<br> <br>Specifically, we will show how some recent advancements in the Cryptography field of Threshold Signatures Schemes (TSS) can "split the atom" and break golden secrets into multiple less precious secrets ("lead secrets") in a fully backward compatible manner. The orthogonality of these secrets is assured with the solution architecture, unintuitively yet securely, requiring the deployment of some of these lead secrets on external service.<br><br>We will share an actual open-source TSS implementation and demonstrate the practical applications of it.
Presenters:
-
Matan Hamilis
- Cryptography Researcher, ZenGo
<p>Matan Hamilis is a cryptography researcher at ZenGo, enabling the secure management of crypto assets with a dedicated wallet mobile app. Formerly, Matan was a cybersecurity research team lead at the IDF. In his 8+ years of experience in the realms of cybersecurity research, he was focusing primarily on a variety of networking stacks for a wide range of industries, appliances and vendors and has found deep interest in various linux kernel topics. Matan holds a B.Sc. and M.Sc. in computer science from the Technion in which he focused primarily on cryptography and the uses of Zero-Knowledge proofs.</p>
-
Tal Be'ery
- Co-Founder, ZenGo
Tal Be'ery is a Co-Founder of ZenGo, securing crypto assets with the ZenGo Wallet mobile app. Tal is a cyber-security researcher, returning speaker in the industry's most prestigious events, including Black Hat and RSA Conference and a member of Facebook's exclusive WhiteHat list. One of his most known works was the TIME attack against the HTTPS/SSL protocol. For the last two decades, Tal had built and led a few Cyber-Security R&D teams, mostly in the field of network monitoring for various security problems and protocols. Previously, Tal has led research for Aorato (acquired by Microsoft) as VP for Research. Tal holds M.Sc. and B.Sc degrees in CS/EE from Tel-Aviv University and a CISSP certification.
Links:
Similar Presentations: