How to Secure My Files - Speaker Deck

How to Secure My Files

by Buzzvil

Embed

Start on current slide

Slide 1

Slide 1 text

How to Secure My Files 2020-08-05 Brice

Slide 2

Slide 2 text

No content

Slide 3

Slide 3 text

Network

Slide 4

Slide 4 text

Network Security

Slide 5

Slide 5 text

Network Security

Slide 6

Slide 6 text

Network Security

Slide 7

Slide 7 text

Network Security

Slide 8

Slide 8 text

Network Security

Slide 9

Slide 9 text

Network Security How to Secure My Files

Slide 10

Slide 10 text

The States of Digital Data

Slide 11

Slide 11 text

The States of Digital Data

Slide 12

Slide 12 text

No content

Slide 13

Slide 13 text

No content

Slide 14

Slide 14 text

No content

Slide 15

Slide 15 text

How to Secure Your Secret 2019.05.08 Brice Bang Buzzvil

Slide 16

Slide 16 text

Security Chain

Slide 17

Slide 17 text

How to save password securely

Slide 18

Slide 18 text

The Updated Version of This Naver Blog https://d2.naver.com/helloworld/318732

Slide 19

Slide 19 text

Save as Plain Text I don’t know

Slide 20

Slide 20 text

Save as Plain Text The hacker uploaded the database dump on PasteBin Winwinsoft denied our proposal to negotiate with us. But, we are generous and our window to negotiations is still open. We will disclose every information we have in a few days if the negotiation is denied. Until then, stay tuned :) P.S. Here are some informations that we have. It is dangerous because people generally use the same password on multiple services

Slide 21

Slide 21 text

Key Derivation Function (KDF) • It derives one or more secret keys from a secret value using pseudorandom function • Has the characteristics for a password hash function • DK = KDF(key, salt, iterations) • ex) • PBKDF2: NIST standard, government-friendly • bcrypt • scrypt • argon2: Password Hashing Competition Winner Master Key KDF Secret Key

Slide 22

Slide 22 text

How About Buzzvil

Slide 23

Slide 23 text

How About Buzzvil

Slide 24

Slide 24 text

How to save password securely

Slide 25

Slide 25 text

How to save password securely A. Use argon2 or PBKDF2

Slide 26

Slide 26 text

No content

Slide 27

Slide 27 text

Our Solutions 1. How to create password securely • Password generator 2. How to manage password securely • Password manager 3. How to transfer password securely • TLS 1.2+ 4. How to save password securely • argon2, PBKDF2

Slide 28

Slide 28 text

No content

Slide 29

Slide 29 text

No content

Slide 30

Slide 30 text

Public PC on 3rd floor

Slide 31

Slide 31 text

Please delete the accredited certificate after using the public PC

Slide 32

Slide 32 text

Remaining Accredited Certificates in the Public PC on 4, Oct. 2020

Slide 33

Slide 33 text

Cons of One-Way Hash Function – Speed Original password can be found on average of • 9.2 hours on a single core • 1.15 hours on a 8 cores

Slide 34

Slide 34 text

Hack the Accredited Certificates by Brute-force Attack 공인인증서 크래킹 - Inc0gnito 2015 6800 passwords per second in Intel Core i7-4770 Millions per second are also possible.

Slide 35

Slide 35 text

The Safest Way, Degaussing or Destruct

Slide 36

Slide 36 text

Prison: Welcome :)

Slide 37

Slide 37 text

No content

Slide 38

Slide 38 text

No content

Slide 39

Slide 39 text

No content

Slide 40

Slide 40 text

No content

Slide 41

Slide 41 text

Deleted Files Can Be Recovered

Slide 42

Slide 42 text

How the ‘Delete’ Function Works Just marked. The building has not been destroyed, so it can be recovered.

Slide 43

Slide 43 text

Overwrite

Slide 44

Slide 44 text

Download Big File

Slide 45

Slide 45 text

Zero-fill (Quick Format / Low Level Format)

Slide 46

Slide 46 text

We’re Living in the Analog World

Slide 47

Slide 47 text

In the analog world Real value 11 -11 9 -9 Threshold 10 -10 10 -10 Read 1 0 1 1

Slide 48

Slide 48 text

In the analog world Real value 11 -11 9 -9 Ideal value 10 -10 10 -10 Read 1 0 1 1 Difference 1 -1 -1 1 Amplifier (x10) 10 -10 -10 10 Restored 1 0 0 1

Slide 49

Slide 49 text

Increase the number of times the data is overwritten

Slide 50

Slide 50 text

Software-based Overwriting Algorithms for Secure Erasing ● DoD 5220.22-M ● Gutmann method

Slide 51

Slide 51 text

Slide 52

Slide 52 text

Software-based Overwriting Algorithms for Secure Erasing ● DoD 5220.22-M • The standard of US • Data is overwritten in order (example: ECE of BCWipe): ■ 0xD3 → 0x2C → random → a character → 0x95 → 0x6A → random ● Gutmann method • Designed by Peter Gutmann • Write a series of 35 patterns ■ random 4 times -> 0x55 → 0xAA → 0x924924 → 0x492492 → 0x249249 → 0x00 → … → 0xFF →0x924924 → 0x492492 → 0x249249 → 0x6DB6DB → 0xB6DB6D → 0xDB6DB6 → random 4 times

Slide 53

Slide 53 text

The Drawbacks of Erasing Algorithms ● Takes long time ● Reduces the lifetime of data storage ● Increases power consumption ● Post-treatment is easy to forget ● There are some cases we can’t do

Slide 54

Slide 54 text

My Laptop was Stolen

Slide 55

Slide 55 text

Erase or destroy my disk when I die

Slide 56

Slide 56 text

Crypto-Shredding

Slide 57

Slide 57 text

Crypto-Shredding

Slide 58

Slide 58 text

Crypto-Shredding

Slide 59

Slide 59 text

Crypto-Shredding

Slide 60

Slide 60 text

How to Secure Your Secret 2019.05.08 Brice Bang Buzzvil

Slide 61

Slide 61 text

Trusted Platform Module (TPM) ● A key store for hardware authentication

Slide 62

Slide 62 text

Secure Enclave ●

Slide 63

Slide 63 text

Crypto-Shredding

Slide 64

Slide 64 text

Disk Encryption

Slide 65

Slide 65 text

Disk Encryption

Slide 66

Slide 66 text

Requirement of Cipher for Disk Encryption ● Length-preserving ● AES-XTS ● AES-CBC-ESSIV Disk OS Encryption Middleware Write 4096 bytes Write 4096 bytes Read 4096 bytes Read 4096 bytes

Slide 67

Slide 67 text

Mac - FileVault

Slide 68

Slide 68 text

Mac - FileVault - Performance

Slide 69

Slide 69 text

Mac - FileVault - Performance

Slide 70

Slide 70 text

Apple T2 Chip

Slide 71

Slide 71 text

Mac - SSD is Encrypted by Default

Slide 72

Slide 72 text

Windows Bitlocker Performance HDD SSD

Slide 73

Slide 73 text

Intel AES-NI Performance

Slide 74

Slide 74 text

AES Performance using TrueCrypt The max read speed of Samsung 980 PRO M.2 NVMe (1TB): 6,500MB/s

Slide 75

Slide 75 text

Android ● How to support lots of devices which do not have hardware support for AES? ○ For TLS, ChaCha20-Poly1305 was the choice of Google

Slide 76

Slide 76 text

Adiantum: The ChaCha Stream Cipher in a Length-Preserving Mode ●

Slide 77

Slide 77 text

iPhone ● On devices running iOS 4–iOS 7 ○ Open the General settings and choose Passcode (or iTouch & Passcode). ○ Follow the prompts to create a passcode. ● On device running iOS 8 ~ ○ Open the Settings app ○ Tap Touch ID & Passcode ○ Follow the prompts to create a passcode.

Slide 78

Slide 78 text

Crypto-Shredding

Slide 79

Slide 79 text

Slide 80

Slide 80 text

The Drawbacks of Disk Encryption ● Takes some time ● Increases power consumption

Slide 81

Slide 81 text

References ● Data erasure ● Gutmann method ● Crypto-shredding ● 파일의 완전 삭제란 - 제로필과 DoD 5220.22-M 와이핑 (Chrome shows warning now) ● Caught On Camera: Berkeley Laptop Theft ● Block cipher mode of operation ● Ciphertext stealing ● Trusted Platform Module ● Secure Enclave overview ● 하드 드라이브 암호화 문제 해결 ● Use FileVault to encrypt the startup disk on your Mac ● Do I Really Need FileVault? – MacMyths ● About the Apple T2 Security Chip ● About encrypted storage on your new Mac ● Does the BitLocker Encryption Impact Your Disk Performance? ● A Look at the Performance Impact of Hardware-Accelerated AES ● Introducing Adiantum: Encryption for the Next Billion Users ● 삼성전자, CES서 PCIe 4.0 M.2 SSD 980 Pro 시리즈 공개 : 기사 - 아이폰, 갤럭시S, 안드로이드 스마트폰을 위한 보드나라 모바일

Slide 82

Slide 82 text

For the next... ● WPA Enterprise ● VPN ● DNS ● My Smart Home ● ...