A Security Evaluation of Java Mind Your Keys?...
Transcript of A Security Evaluation of Java Mind Your Keys?...
![Page 1: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/1.jpg)
Mind Your Keys?A Security Evaluation of Java KeystoresMarco Squarcina (Università Ca’ Foscari & Cryptosense)
Riccardo FocardiUniversità Ca’ Foscari
Cryptosense
Francesco PalmariniUniversità Ca’ Foscari
Yarix
Graham SteelCryptosense
Mauro TempestaUniversità Ca’ Foscari
![Page 2: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/2.jpg)
BACKGROUNDMOTIVATIONS
![Page 3: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/3.jpg)
PKCS#11
HW Solutions
● HSM● Smartcards
Key Storage
![Page 4: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/4.jpg)
******
Key Storage Keystore
● File containing crypto keys and certificates
● Content is secured by a password
![Page 5: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/5.jpg)
******
Key Storage Keystore
● File containing crypto keys and certificates
● Content is secured by a password
Key Confidentiality
Key Integrity
System Integrity
![Page 6: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/6.jpg)
Password-based Key Derivation
Password: **********
192b 3DES keyKDF(pwd,salt,ic)
SHA1
160b
● Ciphers require a key of a specific length● Produce a key which can be used as a cryptographic key for a given
cipher (e.g. 3DES)
10K
![Page 7: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/7.jpg)
Password-based Key Derivation
Password: **********
192b 3DES keyKDF(pwd,salt,ic)
SHA1
160b
● Ciphers require a key of a specific length● Produce a key which can be used as a cryptographic key for a given
cipher (e.g. 3DES)
AVOID PRECOMPUTATION
PREVENT BRUTEFORCE
10K
![Page 8: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/8.jpg)
Keystore Types
Oracle JRE/JDK
● JKS● JCEKS● PKCS#12
Bouncy Castle
● BKS● UBER● BCPKCS#12● BCFKS
![Page 9: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/9.jpg)
Keystore Types
Oracle JRE/JDK
● JKS● JCEKS● PKCS#12
Bouncy Castle
● BKS● UBER● BCPKCS#12● BCFKS
![Page 10: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/10.jpg)
Keystore Types
Oracle JRE/JDK
● JKS● JCEKS● PKCS#12
Bouncy Castle
● BKS● UBER● BCPKCS#12● BCFKS
![Page 11: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/11.jpg)
Keystore Types
Oracle JRE/JDK
● JKS● JCEKS● PKCS#12
Bouncy Castle
● BKS● UBER● BCPKCS#12● BCFKS
![Page 12: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/12.jpg)
Keystore Types
Oracle JRE/JDK
● JKS● JCEKS● PKCS#12
Bouncy Castle
● BKS● UBER● BCPKCS#12● BCFKS
![Page 13: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/13.jpg)
ATTACKS FLAWS
![Page 14: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/14.jpg)
Oracle JKS Password Cracking
Key Decryption in JKS
E = Encrypted Key
W = Keystream
W0 = Salt
Ki = E
i ⊕ W
i
Wi = SHA1(pw||W
i-1)
CK = SHA1(pw||K)
![Page 15: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/15.jpg)
Oracle JKS Password Cracking
Key Decryption in JKS
E = Encrypted Key
W = Keystream
DER/ASN.1
~100X
speedu
p
W0 = Salt
Ki = E
i ⊕ W
i
Wi = SHA1(pw||W
i-1)
CK = SHA1(pw||K)
![Page 16: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/16.jpg)
Oracle JKS Password Cracking
Key Decryption in JKS
E = Encrypted Key
W = Keystream
DER/ASN.1
~100X
speedu
p
W0 = Salt
Ki = E
i ⊕ W
i
Wi = SHA1(pw||W
i-1)
CK = SHA1(pw||K)
8 billions pw/s with one NVIDIA
GTX 1080
![Page 17: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/17.jpg)
Oracle JKS/JCEKS Integrity Password Cracking
SHA1(...)
![Page 18: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/18.jpg)
Oracle JKS/JCEKS Integrity Password Cracking
SHA1(...) SHA1( ***** || || )
“Mighty Aphrodite”
Keystore content
Integrity password
![Page 19: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/19.jpg)
Oracle JKS/JCEKS Integrity Password Cracking
SHA1(...) SHA1( ***** || || )
● Efficient integrity-password bruteforce (better w. rainbow-tables )● Length extension attacks?● Watch out when integrity password = confidentiality password!
“Mighty Aphrodite”
Keystore content
Integrity password
![Page 20: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/20.jpg)
Oracle JKS/JCEKS Integrity Password Cracking
SHA1(...) SHA1( ***** || || )
● Efficient integrity-password bruteforce (better w. rainbow-tables )● Length extension attacks?● Watch out when integrity password = confidentiality password!
“Mighty Aphrodite”
Keystore content
Integrity password
![Page 21: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/21.jpg)
DoS by Integrity Parameters Abuse
● Oracle PKCS12● Bouncy Castle BKS● Bouncy Castle PKCS12
KDF+HMAC
![Page 22: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/22.jpg)
DoS by Integrity Parameters Abuse
● Oracle PKCS12● Bouncy Castle BKS● Bouncy Castle PKCS12
Parameters
ASN.1 Structure
KDF+HMAC
…SEQUENCE (3 elem)
SEQUENCE (2 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.14.3.2.26 sha1 (OIW)
NULL
OCTET STRING (20 byte) C9C2AF5A...
OCTET STRING (20 byte) 7B223BBC...
INTEGER 1024
![Page 23: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/23.jpg)
DoS by Integrity Parameters Abuse
● Oracle PKCS12● Bouncy Castle BKS● Bouncy Castle PKCS12
Parameters
ASN.1 Structure
KDF+HMAC
…SEQUENCE (3 elem)
SEQUENCE (2 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.14.3.2.26 sha1 (OIW)
NULL
OCTET STRING (20 byte) C9C2AF5A...
OCTET STRING (20 byte) 7B223BBC...
INTEGER 1024
Iteration Count = 2 31–1
DoS the application
loading the keystore!
![Page 24: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/24.jpg)
JCEKS Secret Keys Code Exec
![Page 25: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/25.jpg)
JCEKS Secret Keys Code Exec
SecretKey
![Page 26: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/26.jpg)
SealedObject
JCEKS Secret Keys Code Exec
SecretKey
![Page 27: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/27.jpg)
SealedObject
JCEKS Secret Keys Code Exec
SecretKey
![Page 28: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/28.jpg)
SealedObject
JCEKS Secret Keys Code Exec
SecretKey
KeyStore Load Mechanism
● deserialize each SealedObject● then perform Integrity Check
![Page 29: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/29.jpg)
SealedObject
JCEKS Secret Keys Code Exec
SecretKey
KeyStore Load Mechanism
● deserialize each SealedObject● then perform Integrity Check
![Page 30: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/30.jpg)
SealedObject
JCEKS Secret Keys Code Exec
SecretKey
KeyStore Load Mechanism
● deserialize each SealedObject● then perform Integrity Check
● Command executionJDK≤1.7.21 & JDK≤1.8.20
● DoS JDK>1.8.20● Fixed Oct 2017 CPU
![Page 31: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/31.jpg)
SealedObject
JCEKS Secret Keys Code Exec after Decrypt
SecretKey
![Page 32: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/32.jpg)
SealedObject
JCEKS Secret Keys Code Exec after Decrypt
Deserialize of SecretKey
● Extended classpath● Use gadgets from any 3rd-party library
![Page 33: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/33.jpg)
SealedObject
JCEKS Secret Keys Code Exec after Decrypt
Deserialize of SecretKey
● Extended classpath● Use gadgets from any 3rd-party library
Command execution on latest JDK if integrity & key password are known!
![Page 34: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/34.jpg)
SealedObject
JCEKS Secret Keys Code Exec after Decrypt
SecretKey
Deserialize of SecretKey
● Extended classpath● Use gadgets from any 3rd-party library
Command execution on latest JDK if integrity & key password are known!
JCEKSRebrand
----------------------------
Java Code Execution KeyStore
![Page 35: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/35.jpg)
DISCLOSURECONTRIBUTIONS
![Page 36: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/36.jpg)
Disclosure Timeline
May 2017Report to Oracle and BC
Apr 2017Discovered code executionat RuCTF finals
… 2017KeystoreAnalysis
Jul 2017Issues fixed byOracle
Aug 2017BC1.58 released fixing some issues
Oct 2017Oracle CPUCVE-2017-10345, CVE-2017-10356
Nov 2017JCEKS code exec, again...
TODAYFull disclosure @NDSS18
![Page 37: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/37.jpg)
Responses
● Oracle Keytool, warning on JKS/JCEKS○ The JCEKS keystore uses a proprietary format. It is recommended to
migrate to PKCS12 which is an industry standard format [...]
● Oracle JCEKS KDF params for PBE○ from 20 to 200K iterations (max 5M)
● Oracle PKCS12○ from 1024 to 50K iterations for PBE (max 5M)○ from 1024 to 100K iterations for HMAC (max 5M)
● Partial fix to the Oracle JCEKS code execution
● Similar improvements in Bouncy Castle
![Page 38: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/38.jpg)
Responses
● Oracle Keytool, warning on JKS/JCEKS○ The JCEKS keystore uses a proprietary format. It is recommended to
migrate to PKCS12 which is an industry standard format [...]
● Oracle JCEKS KDF params for PBE○ from 20 to 200K iterations (max 5M)
● Oracle PKCS12○ from 1024 to 50K iterations for PBE (max 5M)○ from 1024 to 100K iterations for HMAC (max 5M)
● Partial fix to the Oracle JCEKS code execution
● Similar improvements in Bouncy Castle
CVE-2017-10356CVSS 6.2
CVE-2017-10345CVSS 3.1
![Page 39: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/39.jpg)
Contributions
● Threat model for password-protected keystores, design rules for secure keystores
● Analysis of 7 keystores○ Cryptographic implementation○ Weaknesses & Attacks
● Brute force time comparison for key confidentiality and integrity passwords
● Concrete improvements to the security of Oracle JDK and Bouncy Castle keystores
![Page 40: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/40.jpg)
THANK YOU!(´ ▽ ` )ノ
![Page 41: A Security Evaluation of Java Mind Your Keys? Keystoreswp.internetsociety.org/.../2018/03/NDSS2018_02B-1_Focardi_Slides.pdf · Riccardo Focardi Università Ca’ Foscari Cryptosense](https://reader031.fdocuments.net/reader031/viewer/2022022800/5c6dfb6a09d3f225408c499f/html5/thumbnails/41.jpg)
???Q??????????U????????????E???????????S???T???????????????I???????O???????????????N???????????S???
@blueminimal
https://www.linkedin.com/in/squarcina/