78 minutes read

Going Nuclear: Modeling Threats to Distributed Systems

It probably won’t come as a shock to you that as I was writing up my last post on IoT and my new Geiger counter I was mentally reviewing all the things that scared the crap out of me had me concerned security-wise. I don’t mean the apocalyptic visions of Fallout, but about the fact that I have a device I don’t necessarily trust sitting on my network constantly feeding data to a remote server without much control by me. I’m predictable like that. Upon further review I realized I wanted to write up my thoughts on how I would protect against such an…

3 minutes read

Creating Authority-Signed and Self-Signed Certificates in .NET

Whenever I get some free time I like to tackle certain projects that have piqued my interest. Often times I don’t get to complete these projects, or they take months to complete. In this case I’ve spent the last few months trying to get these samples to work. Hopefully you’ll find them useful. In the world of security, and more specifically in .NET, there aren’t a whole lot of options for creating certificates for development. Sure you could use makecert.exe or if you’re truly masochistic you could spin up a CA, but both are a pain to use and aren’t…

20 minutes read

Windows Azure Pack Authentication Part 2

Last time we looked at how Windows Azure Pack authenticates users in the Admin Portal. In this post we are going to look at how authentication works in the Tenant Portal. Authentication in the Tenant Portal works exactly the same way authentication in the Admin Portal works. Detailed and informative explanation, right? Actually, with any luck you’ve read, and were more importantly, able to decipher my (probably overly complicated) explanations in the last post. The reason for that is because we’re going to go a bit deeper into the configuration of how authentication is configured.  If that’s actually the case then…

31 minutes read

Tamper-Evident Configuration Files in ASP.NET

A couple weeks ago someone sent a message to one of our internal mailing lists. His message was pretty straightforward: how do you prevent modifications of a configuration file for an application [while the user has administrative rights on the machine]? There were a couple responses including mine, which was to cryptographically sign the configuration file with an asymmetric key. For a primer on digital signing, take a look here. Asymmetric signing is one possible way of signing a file. By signing it this way the configuration file could be signed by an administrator before deploying the application, and all…

0 minutes Less than a minute read

Proceedings from the Crypto 2010 Conference

Originally found on Bruce Schneier’s blog.  All credit to him… Springer-Verlag publishes the proceedings, but they’re available as a free download for the next few days. Interesting read.

2 minutes read

Working with Certificates in Code

Just a quick little collection of useful code snippets when dealing with certificates.  Some of these don’t really need to be in their own methods but it helps for clarification. Namespaces for Everything using System.Security.Cryptography.X509Certificates; using System.Security; Save Certificate to Store // Nothing fancy here. Just a helper method to parse strings. private StoreName parseStoreName(string name) { return (StoreName)Enum.Parse(typeof(StoreName), name); } // Same here private StoreLocation parseStoreLocation(string location) { return (StoreLocation)Enum.Parse(typeof(StoreLocation), location); } private void saveCertToStore(X509Certificate2 x509Certificate2, StoreName storeName, StoreLocation storeLocation) { X509Store store = new X509Store(storeName, storeLocation); store.Open(OpenFlags.ReadWrite); store.Add(x509Certificate2); store.Close(); } Create Certificate from byte[] array private X509Certificate2 CreateCertificateFromByteArray(byte[]…