Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Anastasiia Vixentael - Don’t Waste Time on Learning Cryptography: Better Use It Properly

28e7d7d55dc88f37db36bfb2f24c6310?s=47 OWASP Kyiv
December 04, 2017

Anastasiia Vixentael - Don’t Waste Time on Learning Cryptography: Better Use It Properly

Video: https://www.youtube.com/watch?v=SfuN-r3FpdY
OWASP Kyiv Winter 2017 Meetup, Dec 2, 2017
https://www.owasp.org/index.php/Kyiv

28e7d7d55dc88f37db36bfb2f24c6310?s=128

OWASP Kyiv

December 04, 2017
Tweet

Transcript

  1. DON’T WASTE TIME ON LEARNING CRYPTOGRAPHY: BETTER USE IT PROPERLY

    #owaspkyiv @vixentael
  2. @vixentael Product Engineer Feel free to reach me with any

    mobile security questions. I do check my inbox :)
  3. None
  4. We want to protect our users’ data

  5. We want developers to protect data

  6. We want to protect our users’ data HOW? We want

    developers to protect data
  7. WE HAVE USER DATA. WHAT SHALL WE DO?

  8. #owaspkyiv @vixentael 1. DEFINING THE DATA SCOPE sensitive user data

    GDPR / HIPAA / PCI DSS tech data (keys, logs)
  9. #owaspkyiv @vixentael 1. DEFINING THE DATA SCOPE sensitive user data

    GDPR / HIPAA / PCI DSS tech data (keys, logs) mistake 1. wrong scope definition
  10. #owaspkyiv @vixentael 2. SELECTING ALGORITHM twofish sha1 des md5

  11. twofish sha1 des md5 #owaspkyiv @vixentael 2. SELECTING ALGORITHM mistake

    2. bad algo selection
  12. #owaspkyiv @vixentael THINGS TO DECIDE ON KEY LENGTH DATA SCOPE

    ALGORITHM
  13. #owaspkyiv @vixentael https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption 3. USING ALGORITHM

  14. #owaspkyiv @vixentael https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption 3. USING ALGORITHM

  15. #owaspkyiv @vixentael https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption 3. USING ALGORITHM mistake 3. wrong params

  16. #owaspkyiv @vixentael THINGS TO DECIDE ON PADDING KEY LENGTH MODE

    DATA SCOPE ALGORITHM IV
  17. #owaspkyiv @vixentael 4. KEY MANAGEMENT user password keys KDF

  18. #owaspkyiv @vixentael 4. KEY MANAGEMENT user password keys KDF mistake

    4. bad key management
  19. #owaspkyiv @vixentael THINGS TO DECIDE ON PADDING KEY LENGTH KEY

    ROTATION MODE KEY DERIVATION KEY STORAGE KEY EXCHANGE DATA SCOPE ALGORITHM IV KEY REVOCATION
  20. #owaspkyiv @vixentael 5. INFRASTRUCTURE

  21. #owaspkyiv @vixentael PADDING KEY LENGTH KEY ROTATION MODE KEY DERIVATION

    KEY STORAGE THINGS TO DECIDE ON KEY EXCHANGE BACKUPS PLATFORMS DATA SCOPE ALGORITHM IV KEY REVOCATION
  22. None
  23. #owaspkyiv @vixentael https://pdos.csail.mit.edu/papers/cryptobugs:apsys14.pdf 269 CVEs from 2011-2014 17% 83% bugs

    inside crypto libs misuses of crypto libs by individual apps
  24. AS USERS WE WANT… more ciphers? #owaspkyiv @vixentael

  25. AES DES 3DES CBC CFB SEAL Salsa20 RSA DSA #owaspkyiv

    @vixentael
  26. AES DES 3DES CBC CFB SEAL Salsa20 RSA DSA OFB

    SHARK RC4 DSS ECB CTR SEED #owaspkyiv @vixentael Blowfish
  27. AES DES 3DES CBC CFB SEAL Salsa20 RSA DSA OFB

    Blowfish SHARK RC4 DSS ECB CTR Twofish Camelia SEED Rabbit ECDSA #owaspkyiv @vixentael
  28. AS USERS WE WANT… more ciphers! more vulnerabilities! more side

    channel attacks! more attacks! more constant time checks :) more protocols! more patches! #owaspkyiv @vixentael
  29. None
  30. EXCITING, BUT FOR CRYPTO RESEARCHERS ONLY

  31. AS USERS WE WANT… more ciphers! BORING CRYPTO #owaspkyiv @vixentael

  32. BORING CRYPTO #owaspkyiv @vixentael — crypto that simply works, solidly

    resists attacks, never needs any upgrades https://cr.yp.to/talks/2015.10.05/slides-djb-20151005-a4.pdf Daniel J. Bernstein
  33. BORING CRYPTO #owaspkyiv @vixentael PLUG & PLAY

  34. WHAT DO WE WANT? instead of adjusting our resources —

    SOLVE USE-CASES!
  35. WHAT DO WE WANT? — HIGH-LEVEL FUNCTIONS I want to

    store data securely I want to send data securely I want to verify data integrity #owaspkyiv @vixentael
  36. WHAT DO WE WANT? store data securely send data securely

    verify data integrity key derivation key exchange key rotation sign/verify ephemeral keys encr / decr #owaspkyiv @vixentael — HIGH-LEVEL FUNCTIONS
  37. NOBODY READS DOCS #owaspkyiv @vixentael

  38. NOBODY READS DOCS #owaspkyiv @vixentael “docs are for experts” “I

    just want to try” “gimme code!”
  39. 1. HOW TO START? #owaspkyiv @vixentael pod try BoringSSL cmake

    -DANDROID_ABI=armeabi-v7a \ -DCMAKE_TOOLCHAIN_FILE=../third_party/ android-cmake/android.toolchain.cmake \ -DANDROID_NATIVE_API_LEVEL=16 \ -GNinja .. https://boringssl.googlesource.com/boringssl/+/HEAD/BUILDING.md
  40. #owaspkyiv @vixentael easy, architecture-independent installation 1. HOW TO START?

  41. 2. SUPPORTED PLATFORMS? #owaspkyiv @vixentael *nix OSX web browsers embedded

    iOS Android Windows minimum expected:
  42. #owaspkyiv @vixentael cross-platform is not an option anymore cross-platform is

    a must have 2. SUPPORTED PLATFORMS?
  43. OPTIONS WE HAVE

  44. #owaspkyiv @vixentael HSM

  45. #owaspkyiv @vixentael HARDWARE SECURITY MODULE key generation provides cryptoprocessing key

    storage portable
  46. #owaspkyiv @vixentael TRUSTED PLATFORM MODULE key management disk protection trust

    anchor built-in remote attestation provides cryptoprimitives
  47. #owaspkyiv @vixentael HSM & TPM: PROS fast hardware crypto! trusted

    environment known security guarantees keys calculations
  48. #owaspkyiv @vixentael HSM & TPM: CONS vendor lock / vendor

    trust bad for interactive encryption complicated to maintain (install, upgrade, support, not cross-platform)
  49. #owaspkyiv @vixentael HSM & TPM: PRO & CONS HSM app

    plaintext data plaintext data is far away from the place it is used
  50. #owaspkyiv @vixentael SOFTWARE CRYPTO SYSTEMS https://github.com/sobolevn/awesome-cryptography any kind of encryption

    plaintext data is closer to its usage cross-platform
  51. #owaspkyiv @vixentael SOFTWARE CRYPTO SYSTEMS https://github.com/sobolevn/awesome-cryptography any kind of encryption

    plaintext data is closer to its usage cross-platform NO DEVICE TRUST
  52. #owaspkyiv @vixentael WEBBROWSER CRYPTO: CONS DOM, XSS, NO CODE TRUST

  53. #owaspkyiv @vixentael HSM/TPM + SOFTWARE CS keys calculations TPM /

    HSM own software cross-platform take best from both
  54. None
  55. #owaspkyiv @vixentael cross-platform easy to install easy to use USING

    CRYPTO SHOULD BE LIKE.. audited open source time proven well-documented
  56. #owaspkyiv @vixentael crypto-libs crypto-systems boxed solutions

  57. #owaspkyiv @vixentael 1. CRYPTO-LIBS libsodium themis https://github.com/sobolevn/awesome-cryptography implements single or

    multiple security functions keyczar noise
  58. #owaspkyiv @vixentael EXAMPLE https://github.com/cossacklabs/themis/wiki/Python-Howto secure messaging with forward secrecy

  59. #owaspkyiv @vixentael 2. CRYPTO-SYSTEMS axolotl hermes combines security functions for

    solving exact use-case SSL/TLS ZeroKit
  60. #owaspkyiv @vixentael EXAMPLE https://github.com/cossacklabs/hermes-core/wiki/Python-tutorial data access control based on crypto-keys

    python docs/examples/python/hermes_client.py --id user1 --config=docs/examples/python/config.json --private_key user1.priv --doc testfile --read
  61. #owaspkyiv @vixentael 3. BOXED SOLUTIONS truecrypt ssh acra vault unites

    crypto-systems and user functions for solving problems
  62. #owaspkyiv @vixentael EXAMPLE https://github.com/cossacklabs/acra/wiki/Trying-Acra-with-Docker database proxy for encrypting / decrypting

    go run cmd/acra_genkeys/acra_genkeys.go docker-compose -f docker/docker-compose.yml up -d
  63. #owaspkyiv @vixentael CAN I SOLVE MY USE-CASE USING… boxed solutions

  64. #owaspkyiv @vixentael CAN I SOLVE MY USE-CASE USING… crypto-systems boxed

    solutions no :(
  65. #owaspkyiv @vixentael CAN I SOLVE MY USE-CASE USING… crypto-libs crypto-systems

    boxed solutions no :( no :(
  66. https://www.cossacklabs.com/choose-your-ios-crypto.html

  67. THE WORLD DOESN’T HAVE A PROBLEM WITH NEW CRYPTO-ALGORITHMS.

  68. THE WORLD DOESN’T HAVE A PROBLEM WITH NEW CRYPTO-ALGORITHMS. PROBLEM

    IS THAT THEY ARE NOT BORING ENOUGH
  69. #owaspkyiv @vixentael

  70. #owaspkyiv @vixentael VS

  71. #owaspkyiv @vixentael make the light controllable

  72. #owaspkyiv @vixentael

  73. #owaspkyiv @vixentael make the crypto security controllable

  74. #owaspkyiv @vixentael make the crypto security controllable and booooring

  75. #owaspkyiv @vixentael

  76. LINKS 1 Boring crypto, Daniel J. Bernstein https://cr.yp.to/talks/2015.10.05/slides-djb-20151005-a4.pdf Why does

    cryptographic software fail? https://pdos.csail.mit.edu/papers/cryptobugs:apsys14.pdf API design for cryptography https://2017.hack.lu/archive/2017/hacklu-crypto-api.pdf
  77. LINKS 2 Encrypting strings in Android: Let’s make better mistakes

    https://tozny.com/blog/encrypting-strings-in-android-lets-make-better-mistakes/ Awesome crypto papers https://github.com/pFarb/awesome-crypto-papers 12 And 1 Ideas How To Enhance Backend Data Security https://www.cossacklabs.com/backend-data-security-modern-ideas.html Attestation and Trusted Computing https://courses.cs.washington.edu/courses/csep590/06wi/finalprojects/bare.pdf
  78. MY OTHER SECURITY SLIDES https://github.com/ vixentael/my-talks …and more

  79. @vixentael Product Engineer Feel free to reach me with any

    mobile security questions. I do check my inbox :)