Huawei trusted Design and Reconfiguration Professional-level examination (Subject 4) has always been an insurmountable obstacle for many Huawei employees. This examination covers the most core modules of the entire software engineering through several parts, such as requirement analysis, trusted design, software modeling, design pattern, and reconfiguration analysis. This requires us to spend a lot of time studying and thoroughly using the knowledge to pass the exam. I will walk you through these modules in a series of articles. In this article we’ll look at trusted design. Trusted design is developed from security architecture and design, product network security, cryptography, privacy protection and so on.

Security architecture and design

1. Security architecture design and method

Nowadays, more and more Internet IT enterprises consider network security architecture in the design of product system architecture, which is mainly reflected in the following aspects: network physical security, network topology security, application system security, network management security, etc. The senior management of the company began to pay attention to the network security design of the product line, and put forward higher requirements for the product architecture design, especially the security architecture design. With the rapid development of cloud computing services, open networks and service sharing scenarios become more complex and changeable, which puts forward higher requirements for the security of virtualization technology in the underlying architecture of cloud computing (IaaS and PaaS layer). The industry has increased the formulation of safety standards, CC, FIPS safety certification, ISO27001 standard and more and more international standards certification organizations pay attention to the evaluation of security architecture design. A series of factors above constitute the source of current security architecture design appeals. A great deal of historical experience shows that systems that consider security early in the architectural design phase are much more secure than those that do so later in the development and design phase.

  • Definition of software system architecture:

  • Definition of security architecture:

So what are the main concerns of a security architecture? Should be concerned but not limited to the following issues:

  1. Security threats are analyzed from the system architecture level, and how to combine various security components in the entire architecture to ensure that the selection of security components and mechanisms meets the requirements of in-depth defense.
  2. Ensure the confidentiality, availability and integrity of the system;
  3. Security architecture is a model that can protect itself, detect itself, and adapt to future security development.

Classic security architecture in the industry, such as Ali Financial Cloud security architecture diagram:

We can also learn about the security architecture of the whole product from the example diagram of the security function of a certain product of the company:

2. Security architecture design method based on 8-dimension design framework

Huawei cloud refers to the security function items of CC and the NIST control set, and summarizes the product security architecture design into 8 dimensions and 24 sub-items, which leads the architecture designers to systematically and comprehensively design the security architecture to avoid the omission of architecture-level security design. The 8-dimensional security architecture refers to the NIST control items of the architecture Level, and then integrates with the high-level threat analysis questionnaire, and finally outputs the framework solution. The 8-dimensional security architecture design includes the following aspects:

3. Architecture-level security threat analysis — ASTRIDE High Level

High-level threat modeling analysis is to identify security threats to the product architecture and formulate corresponding mitigation suggestions to optimize the security of the product architecture. How to combine the High Level part of STRIDE method with system architecture design, and become an important part of system security architecture design? We modified the High Level part of the original STRIDE method to make it as architecture-level threat modeling method as possible. What are the major changes to ASTRIDE’s High Level threat modeling approach?

  1. Changes to the data flow diagram
  • The traditional STRIDE uses data flow graph as the analysis input, and its advantages are as follows: 1. Data flow is similar to attack flow, suitable for finding possible attack points; 2. Standardization of data flow graph elements;
  • However, data flow diagrams also have obvious limitations and are not suitable for describing product architectures.
  • Our company uses functional view and logical view more in product architecture design.
  • Therefore, in ASTRIDE, we use the logical view as the analysis input, and use interfaces and components as standard elements in the logical view.
  1. Major changes in ASTRIDE High Level threat modeling methods
  • Analysis of system architecture based on product instead of data flow graph;
  • Structural reconstruction was carried out for the standard elements in the 6 threats and data flow graph of STRIDE, focusing on the analysis of two key elements of business components and interfaces in architectural view.

  1. Changes in abatement proposals
  • Reduction proposal standardization: According to the 8-dimension security architecture design framework, the security reduction proposal corresponds to the 8 security dimensions
  • Reduction proposal schematization: in architecture design, we should not only consider the reduction proposal at a single point, but also need to pull through at the architecture level to form corresponding solutions; If encryption is required in many places, a unified encryption and key management scheme is required in architecture design.

Huawei cloud security architecture design process diagram:

4. Safety three elements and safety design principles

The three elements of safety mainly include:

  • Availability – The system must be serviced in a timely manner and cannot deny services to authorized users
  • Integrity – Information and programs cannot be subject to intentional or unintentional unauthorized manipulation
  • Confidentiality – Private data cannot be disclosed to unauthorized individuals

In 1974, Professor Jerry Saltzer of Massachusetts Institute of Technology proposed eight basic principles for designing and implementing security mechanisms. These eight principles exemplified the simplicity and limitations of design:

  1. Open Design Principles
  2. Failure – Default security principle
  3. Separation of responsibilities
  4. Principle of least authority
  5. The principle of least commonality
  6. Principle of economic application
  7. Principle of complete arbitration
  8. The heart can bear the principle

After years of development and summary of the industry, and the development of some other security principles, such as defense in depth principle, privacy protection principle, do not easily trust principle, protect the weakest link principle

ASTRIDE Low Level Threat analysis

There are many potential security threats in the software system, we need to identify the risks and establish the corresponding mitigation mechanism through ASTRIDE analysis. Let’s take a look at common problem scenarios:

  • Red line: The password cannot be transmitted in plain text. So the password (passwd) is hashed using SHA512 (passwd) and then transmitted? Safe?
  • Red line requirement: Use a separate operating system non-administrator account to run the database? Why is that?
  • In Linux, the root user does not need the old password to change the password? Why is that?
  • In WEB scenarios, session ids are generated using secure random numbers and have length requirements. Why is that?
  • In WEB scenarios, CSRF uses secure random number protection, is it really foolproof?
  • The system uses user name and password authentication, is it safe?
  • Is the system secure when TLS is used?

ASTRIDE LowLevel Threat modeling process

Threat modeling is a structured approach that helps products identify potential threats through threat modeling to improve design security. The goal is to assess the security of the product design and not to identify security issues at the code level. The Lowlevel threat analysis should be completed before the end of THE TR2 phase.

  • Step 1: Draw a data flow diagram

  • Step 2: Threat analysis
  1. Spoofing counterfeit
  2. Tampering manipulation
  3. Repudiation denial
  4. Imformation Disclosure Information is leaked
  5. Denial of Service
  6. Elevation of Privilege
  7. Privacy (illegal processing of personal data)

Threat analysis – Incremental analysis Scenario: For incremental features, you can inherit the existing analysis results and analyze only the increased or changed parts. This reduces the analysis workload and increases the threat analysis processChanges to identifyThe steps of:

Threat Analysis – Extended scenarios: For common components in data flow diagrams or business scenarios that have already been analyzed, the analysis results can be directly referenced:

  • There are related scene primitives, which can be directly used when drawing data flow diagrams.
  • Existing business scenario baselines (composite primitives) can be inherited and data flow diagrams can be modified based on the existing baselines

  • Step 3: Risk assessment

Security risk = attacker access location * technical condition of exploit defect * impact

  • Attacker access location: specifies the access conditions for an attacker to launch attacks on the target system. The more open the access environment is, the higher the risk is
  • Technical conditions for exploiting the defect: the prerequisite conditions (technical resources, permissions, attack time window, and user interaction) that must be possessed by the attacker to exploit the defect. The lower the difficulty, the higher the risk.
  • Impact: Refers to the damage to the target system, including the impact on integrity, confidentiality and availability, if the defect is exploited. After a defect is exploited, the greater the impact on the system, the higher the risk

Privacy risk = country/role * Technical conditions of exploit of defect * impact

  • Country/role: Refers to the country to which the product is shipped and the role of the product itself. Different countries attach different importance to privacy, and different product roles bear different legal risks

  • Technical conditions for defect utilization: the prerequisite conditions must be met when the attacker uses the defect. The lower the difficulty, the higher the risk.

  • Impact: Refers to the impact of defects in the system on the rationality and legality of privacy. When defects are discovered, the greater the impact on the rationality and legality of privacy, the higher the risk

  • Step 4: Specify mitigation actions

  • Step 5: Product response

Product network security red line

Company designated product network security red line objectives:

  1. Avoid security crises: be legal, comply with regional regulations and eliminate political hype
  2. Avoid crisis of confidence: Meet the basic security threshold of T and avoid the overall crisis of confidence in Huawei
  3. Reduce security accidents: solve the problem of live network security and realize the basic guarantee of network security

Source of safety red line:

  1. Safety regulations, safety requirements of governmental organizations
  2. Big T operator access requirements
  3. Large T operator bid requirements
  4. Summary of live network security issues
  5. Technical analysis, industry trends

Classification of safety red lines:

  1. Red Lines for Legal/Compliance Requirements (Category A1)

2. Red line to be cleared of safety responsibilities (Category A2)3. Red line for Basic Safety Functions (Category B)

Cryptography applications

Modern cryptography is based on key security, because the cryptography algorithm is open, and the cryptography algorithm authenticated by the authority is safe, so the security of the key determines the security strength of the cryptography system to a great extent. Under such a premise, it is acquired by attackThe keyIt’s the most direct way to get clear text.Security strength is a numerical measure of the amount of work required to crack a cryptographic algorithm or system. It is used to measure the security of a cryptographic algorithm or system. The security of a cryptographic algorithm depends on the algorithm itself and the length of the key used. To some extent, the difficulty of exhaustive attack can measure the difficulty of cracking cryptographic algorithm. As computer technology continues to evolve, cryptographic algorithms that are currently considered secure and reliable may soon be easily cracked. Therefore, we should keep pace with The Times and update the current security cryptography algorithm recognized by the industry.

Usage scenarios for random numbers

  1. Used to generate a key — directly as a key; Used as key material during key negotiation
  2. Used to generate unmeasured IV — IV (initialization vector); Some algorithm modes of symmetric cryptography require that a segment must be provided as the initial input data segment, so IV does not need to be secret. However, for some algorithm modes (such as CBC and CFB modes), IV must be unpredictable
  3. Used to produce “salt” — the output of the one-way hash function is always given, and the salt is used to confuse the given output of the one-way hash function; A one-way hash function is like splitting a plate in half. For the same plate (data), the same breaking method is used (one-way hash function), and the broken pieces are always the same 2 pieces. However, if you throw the plate on the floor at random (adding salt value), the number of pieces becomes an unpredictable N. This effectively confuses the size and shape of the plate itself, effectively increasing the difficulty of the attack.

The industry believes that the results of truly random numbers are unpredictable. In the computer, some uncertain factors (such as instruction set execution time) are usually used in combination with specific random number generation algorithm to obtain random numbers. The random numbers obtained in this way are pseudo-random numbers. Pseudorandom numbers are classified into cryptographically secure pseudorandom numbers and non-cryptographically secure pseudorandom numbers. Cryptography focuses on random numbers which are cryptographically safe. Safe random number requirements: as unpredictable as possible, enough random! The recommended RNG secure random number generator is as follows:

  • The OpenSSL library RAND_bytes ()
  • CRYPT_random() for soft iPSI components
  • The JDK Java. Security. SecureRandom ()
  • /dev/random file for Unix-like platforms
  • RtlGenRandom () for Windows
  • CciRand () of CCI component of VxWorks platform

Symmetric cryptographic algorithm

Modern cryptographic algorithms are mainly divided into symmetric cryptographic algorithms and asymmetric cryptographic algorithms. In symmetric cryptographic algorithms, the encryption key and the decryption key are the same or easily determined from each other.As shown in the figure below, symmetric secret algorithms are divided intoStream cryptographyandBlock cipher algorithm.

  • Stream cryptography – a type of symmetric cryptography that uses the algorithm and the key together to produce a random codestream (keystream), which is combined with the data stream XOR to produce an encrypted ciphertext data stream. In practice the data is usually a bit, and encryption and decryption use the same key stream. The typical algorithm is RC4 algorithm, which was developed by Rivest of RSA company in 1987. The key length is between 40-256 bits and it is applied to Remote Desktop, Skype and other software. SSL protocol also supports RC4 algorithm. The defect is that all stream cryptography algorithms have structural weaknesses. Instead, NIST recommends using the AES algorithm’s stream encryption working mode (CTR or OFB).
  • Block cipher algorithm – Divides plaintext messages into fixed-length groups, each of which uses the same key and algorithm to compute the ciphertext. In practical encryption applications, it is usually necessary to encrypt messages (data) of arbitrary length, but the length of messages (data) processed by block cipher algorithm is usually fixed, so the working mode of block cipher algorithm is introduced to solve this problem.

Asymmetric cryptographic algorithms

Asymmetric cryptography is also called public key cryptography. The algorithm uses two keys, a public key and a private key. The public key can be disclosed to all users, and the private key must be kept secret. Asymmetric cryptographic algorithms are widely used in key negotiation, digital signature, digital certificate and other security fields. Common asymmetric cryptography algorithms include RSA, DSA, DH, ECC, etc.

  • Digital signature — A digital signature is an ordinary physical signature similar to that written on paper, but it uses public-key encryption technology and can be used to sign and authenticate digital information. A set of digital signatures typically defines two complementary operations: one for signing and one for authentication, which uses a private key and a public key. Signature algorithm should be used together with secure hash algorithm. Only sign data from trusted sources; If both encryption and signature are performed at the same time, the encryption mode is signed before encryption
  • RSA algorithm – THE RSA algorithm is the first algorithm that can be used for both asymmetric data encryption and digital signature. Select a secure key length. The key length must be greater than or equal to 2048bits. Select the appropriate public index E, usually 216+1, namely 0x10001; Filling in RSA encryption: OAEP filling mode should be preferred. Different key pairs are used for encryption and signature

  • ECC algorithm — Elliptic Curve Cryptography (ECC) is a public key encryption method based on Elliptic curve mathematics. The ECC algorithm also provides asymmetric encryption and digital signature. Common ECC algorithms include ECDSA and ECDH, as well as SM2 algorithm of State Secret. RSA is suitable for the scenario with high verification frequency but low signature frequency, and ECDSA is suitable for the scenario with the same signature and verification frequency.

Use the curve parameter recommended in standards to select a secure key length, which must be greater than or equal to 256bits. When using the ECDSA algorithm, do not use the ECDSA authentication mode in the binary domain.

  • DH algorithm — The Diffie-Hellman algorithm is also called the DH key exchange algorithm. It was published by Whitfield Diffie and Martin Hellman in 1976 and is the first public key algorithm in the world. Its security depends on the mathematical fact that calculating discrete logarithms over finite fields is more difficult than calculating exponents. DH algorithm greatly simplifies the key distribution in the previous symmetric key system. It allows communication parties to negotiate symmetric keys shared by both parties through an insecure channel without any prior information from the other party. Before establishing an encrypted communication channel, the DH algorithm can be used to ensure the confidentiality of key distribution. OpenSSL supports DH as the key negotiation algorithm. The DH algorithm is vulnerable to man-in-the-middle attacks and requires a signature or identity authentication mechanism.

The Hash algorithm

In cryptography, the Hash Function is often used to construct a MAC address or extract digital fingerprints in a digital signature scheme. It is also often used in digital signature, software integrity protection, key export, and password unidirectional storage. Common Hash algorithms include MD5, SHA-1, and SHA256. MD2, MD4, and MD5 have been proved to be insecure Hash algorithms. Sha-1 has been proved to be insecure (complexity 263) when used for digital signatures, and is disabled in digital signature scenarios.

  • Message Digest algorithm – The size of a digital Digest is typically much smaller than its corresponding Message size. In the case of SHA-1, the message length can be up to 250 times the length of the digest value. So the Hash function is an irreversible “compression function”. This design can greatly reduce the amount of additional information transferred to ensure data integrity.
  • Digital Fingerprint algorithm — A Digital Fingerprint is similar to a human Fingerprint. Each person has a unique Fingerprint, even twins have different fingerprints. For digital information, a small change in the information (for example, 1 bit) will result in a large change in the Hash value of the information. Hash functions, which are very “sensitive” to tampering, are particularly useful for protecting data integrity.
  • One-way Hash algorithms — The security of Hash functions depends on their unidirectionality. Just as we cannot recover a perfectly good dish from a broken piece of porcelain, an attacker cannot recover information from a Hash value before performing a Hash operation. The Hash algorithm is not an encryption algorithm because plaintext information cannot be “decrypted”