SafeOrbit 0.4.0

SafeOrbit 🛡️ is a security toolset including different high performance algorithms and easy to use classes for advanced memory protection.
     ► Protects your strings in memory while allowing you to securely compare & modify them.
     ► Protects your binary data with SafeBytes.
     ► Anti injection module safeguards your application against memory injections and timing attacks.
     ► Leverages high performance and secure algorithms for encryption, hashing and random in interfaces that makes it much hard to screw up.

Install-Package SafeOrbit -Version 0.4.0
dotnet add package SafeOrbit --version 0.4.0
<PackageReference Include="SafeOrbit" Version="0.4.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add SafeOrbit --version 0.4.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.

SafeOrbit - Protect your memory in .NET 🛡️

What

SafeOrbit is an advanced memory protection library with easy to use classes.

  • Protects your strings in memory while allowing you to securely compare & modify them with SafeString.
  • Protects your binary data with SafeBytes.
  • Anti injection module safeguards your application against memory injections and timing attacks using SafeObject, SafeContainer (injection aware DI container) and more.
  • Leverages high performance and secure algorithms for encryption, hashing and random in interfaces that makes it much hard to screw up.

Why

  • You want to secure strings in memory and modify & compare them without revealing them in memory.
  • You want to take advantage of security best-practices without having any cryptology knowledge.
  • You want to use high-performance algorithms in .NET such as Murmur32 hashing and Blowfish encryption.
  • You do not trust OS generated crypto randoms and want direct access to entropy hashes or non-OS PNRG seeded by them.

Contribute

Feel free to contribute by joining the coding process or opening issues. Read more on wiki.

License

This project is MIT Licensed. It means that you're free to use SafeOrbit freely in any application, copy, and modify its code.

It must not be required to be secret, and it must be able to fall into the hands of the enemy without inconvenience.
-Auguste Kerckhoffs

Quick Documentation

Visit wiki for full documentation

Memory security

SafeString

  • SafeString represents an encrypted string that guarantees to not leak your data in the memory while allowing modifications and comparisons.
  • It has more advantages over System.Security.SecureString because of the security design of the SafeOrbit.

SafeBytes

  • SafeBytes is protected sequence of bytes in memory.
  • It's a lower level module used by SafeString.
  • You can hide any data from the memory, then modify and compare them safely without revealing the bytes.

Detect injections

  • You can detect injections for any of your .NET class including their
    • the state (data in the memory)
    • code that's loaded in memory
  • Internal protection for SafeOrbit library be enabled as default.

SafeObject

An object that can detect memory injections to itself.

    var safeObject = new SafeObject<Customer>();
    // Each change to the object's state or code must be using ApplyChanges
    safeObject.ApplyChanges((customer) => customer.SensitiveInfo = "I'm protected!");
    // Retrieve safe data
    var safeInfo = safeObject.Object.SensitiveInfo; // returns "I'm protected!" or alerts if any injection is detected

SafeContainer

  • SafeContainer is a dependency container that detects and notifies injections to its instances.
  • It's security mode can be changed dynamically.

InjectionDetector

  • A service that's consumed by SafeContainer and SafeObject.
  • Lowest level of the injection detection and alerting mechanism.

Cryptography

Encryption

Supported:

  • Asynchronous encryption using cryptostreams.
  • ISafeEncryptor a.k.a. AES-256
    • Considered as one of the strongest encryption algorithms.
    • Easy-to-use interface using best-practices such as PBKDF2 key derivation, random IV, salt and PKCS7 padding.
  • IFastEncryptor a.k.a. Blowfish
    • Considered as one of the fastest encryption algorithms.
    • ECB & CBC (with IV) implementation that passes the vector tests.

Hashers

Supported :

  • ISafeHasher a.k.a. SHA512 for higher security.
  • IFastHasher a.k.a. MurmurHash (Murmur32) for better performance, it should be seeded and salted.

Random

What if your OS crypto random has in any way been undermined (for example, by a nefarious government agency, or simple incompetence)?

SafeOrbit guarantees not to reduce the strength of your crypto random. It has the ability to improve the strength of your crypto random:

  • SafeRandom combines different entropy sources
  • FastRandom is a simple wrapper around a PRNG, which uses SafeRandom for seed material.

Speed up

  • For better performance, it's highly recommended to start the application early in your application start with SafeOrbitCore.Current.StartEarlyAsync();.

  • Memory injection is enabled as default.

    • It provides self security on client side applications, but on a protected server disabling the memory injection for more performance is recommended. Read more on wiki.

SafeOrbit - Protect your memory in .NET 🛡️

What

SafeOrbit is an advanced memory protection library with easy to use classes.

  • Protects your strings in memory while allowing you to securely compare & modify them with SafeString.
  • Protects your binary data with SafeBytes.
  • Anti injection module safeguards your application against memory injections and timing attacks using SafeObject, SafeContainer (injection aware DI container) and more.
  • Leverages high performance and secure algorithms for encryption, hashing and random in interfaces that makes it much hard to screw up.

Why

  • You want to secure strings in memory and modify & compare them without revealing them in memory.
  • You want to take advantage of security best-practices without having any cryptology knowledge.
  • You want to use high-performance algorithms in .NET such as Murmur32 hashing and Blowfish encryption.
  • You do not trust OS generated crypto randoms and want direct access to entropy hashes or non-OS PNRG seeded by them.

Contribute

Feel free to contribute by joining the coding process or opening issues. Read more on wiki.

License

This project is MIT Licensed. It means that you're free to use SafeOrbit freely in any application, copy, and modify its code.

It must not be required to be secret, and it must be able to fall into the hands of the enemy without inconvenience.
-Auguste Kerckhoffs

Quick Documentation

Visit wiki for full documentation

Memory security

SafeString

  • SafeString represents an encrypted string that guarantees to not leak your data in the memory while allowing modifications and comparisons.
  • It has more advantages over System.Security.SecureString because of the security design of the SafeOrbit.

SafeBytes

  • SafeBytes is protected sequence of bytes in memory.
  • It's a lower level module used by SafeString.
  • You can hide any data from the memory, then modify and compare them safely without revealing the bytes.

Detect injections

  • You can detect injections for any of your .NET class including their
    • the state (data in the memory)
    • code that's loaded in memory
  • Internal protection for SafeOrbit library be enabled as default.

SafeObject

An object that can detect memory injections to itself.

    var safeObject = new SafeObject<Customer>();
    // Each change to the object's state or code must be using ApplyChanges
    safeObject.ApplyChanges((customer) => customer.SensitiveInfo = "I'm protected!");
    // Retrieve safe data
    var safeInfo = safeObject.Object.SensitiveInfo; // returns "I'm protected!" or alerts if any injection is detected

SafeContainer

  • SafeContainer is a dependency container that detects and notifies injections to its instances.
  • It's security mode can be changed dynamically.

InjectionDetector

  • A service that's consumed by SafeContainer and SafeObject.
  • Lowest level of the injection detection and alerting mechanism.

Cryptography

Encryption

Supported:

  • Asynchronous encryption using cryptostreams.
  • ISafeEncryptor a.k.a. AES-256
    • Considered as one of the strongest encryption algorithms.
    • Easy-to-use interface using best-practices such as PBKDF2 key derivation, random IV, salt and PKCS7 padding.
  • IFastEncryptor a.k.a. Blowfish
    • Considered as one of the fastest encryption algorithms.
    • ECB & CBC (with IV) implementation that passes the vector tests.

Hashers

Supported :

  • ISafeHasher a.k.a. SHA512 for higher security.
  • IFastHasher a.k.a. MurmurHash (Murmur32) for better performance, it should be seeded and salted.

Random

What if your OS crypto random has in any way been undermined (for example, by a nefarious government agency, or simple incompetence)?

SafeOrbit guarantees not to reduce the strength of your crypto random. It has the ability to improve the strength of your crypto random:

  • SafeRandom combines different entropy sources
  • FastRandom is a simple wrapper around a PRNG, which uses SafeRandom for seed material.

Speed up

  • For better performance, it's highly recommended to start the application early in your application start with SafeOrbitCore.Current.StartEarlyAsync();.

  • Memory injection is enabled as default.

    • It provides self security on client side applications, but on a protected server disabling the memory injection for more performance is recommended. Read more on wiki.

Release Notes

https://github.com/undergroundwires/SafeOrbit/releases/tag/0.4.0

GitHub repositories

This package is not used by any popular GitHub repositories.

Version History

Version Downloads Last updated
0.4.0 124 2/15/2020
0.3.1 99 12/24/2019
0.3.0 177 3/30/2019
0.2.2 612 12/29/2016
0.2.1 539 11/27/2016
0.2.0 841 11/24/2016