DON’T WASTE TIME ON
LEARNING CRYPTOGRAPHY:
BETTER USE IT PROPERLY
#devexperience18 @vixentael
Slide 2
Slide 2 text
@vixentael Product Engineer
Feel free to reach me with
security questions.
I do check my inbox :)
Slide 3
Slide 3 text
No content
Slide 4
Slide 4 text
We want to protect
our users’ data
Slide 5
Slide 5 text
We want
developers to
protect data
Slide 6
Slide 6 text
We want to protect
our users’ data
HOW?
We want
developers to
protect data
Slide 7
Slide 7 text
WE HAVE USER DATA.
WHAT SHALL WE DO?
Slide 8
Slide 8 text
#devexperience18 @vixentael
PROTECTING USER DATA:
STEPS MISTAKES WE DO
Slide 9
Slide 9 text
1. DEFINING THE DATA SCOPE
sensitive user data
GDPR / HIPAA / PCI DSS
tech data (keys, logs)
#devexperience18 @vixentael
Slide 10
Slide 10 text
1. DEFINING THE DATA SCOPE
sensitive user data
GDPR / HIPAA / PCI DSS
tech data (keys, logs)
mistake 1.
wrong scope definition
#devexperience18 @vixentael
Slide 11
Slide 11 text
2. SELECTING ALGORITHM
twofish
sha1
des
md5
#devexperience18 @vixentael
Slide 12
Slide 12 text
twofish
sha1
des
md5
#owaspkyiv @vixentael
2. SELECTING ALGORITHM
mistake 2.
bad algo selection
Slide 13
Slide 13 text
THINGS TO DECIDE ON
KEY LENGTH
DATA SCOPE ALGORITHM
#devexperience18 @vixentael
Slide 14
Slide 14 text
https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption
3. USING ALGORITHM
#devexperience18 @vixentael
Slide 15
Slide 15 text
https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption
3. USING ALGORITHM
#devexperience18 @vixentael
Slide 16
Slide 16 text
https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption
3. USING ALGORITHM
mistake 3.
wrong params
#devexperience18 @vixentael
Slide 17
Slide 17 text
THINGS TO DECIDE ON
PADDING
KEY LENGTH
MODE
DATA SCOPE ALGORITHM
IV
#devexperience18 @vixentael
Slide 18
Slide 18 text
4. KEY MANAGEMENT
user password
keys
KDF
#devexperience18 @vixentael
Slide 19
Slide 19 text
4. KEY MANAGEMENT
user password
keys
KDF
mistake 4.
bad key management
https://www.owasp.org/index.php/Key_Management_Cheat_Sheet #devexperience18 @vixentael
Slide 20
Slide 20 text
THINGS TO DECIDE ON
PADDING
KEY LENGTH
KEY ROTATION
MODE KEY DERIVATION
KEY STORAGE
KEY EXCHANGE
DATA SCOPE ALGORITHM
IV
KEY REVOCATION
#devexperience18 @vixentael
Slide 21
Slide 21 text
5. INFRASTRUCTURE
#devexperience18 @vixentael
Slide 22
Slide 22 text
PADDING
KEY LENGTH
KEY ROTATION
MODE KEY DERIVATION
KEY STORAGE
THINGS TO DECIDE ON
KEY EXCHANGE
BACKUPS
PLATFORMS
DATA SCOPE ALGORITHM
IV
KEY REVOCATION
#devexperience18 @vixentael
Slide 23
Slide 23 text
No content
Slide 24
Slide 24 text
https://pdos.csail.mit.edu/papers/cryptobugs:apsys14.pdf
269 CVEs
from 2011-2014
17%
83%
bugs inside crypto libs
misuses of crypto libs
by individual apps
#devexperience18 @vixentael
Slide 25
Slide 25 text
AS USERS WE WANT…
more ciphers?
#devexperience18 @vixentael
Slide 26
Slide 26 text
AES
DES
3DES
CBC
CFB
SEAL
Salsa20
RSA
DSA
#devexperience18 @vixentael
Slide 27
Slide 27 text
AES
DES
3DES
CBC
CFB
SEAL
Salsa20
RSA
DSA
OFB
SHARK
RC4
DSS
ECB CTR
SEED
Blowfish
#devexperience18 @vixentael
AS USERS WE WANT…
more ciphers!
more vulnerabilities!
more side channel attacks!
more attacks!
more constant time checks :)
more protocols!
more patches!
#devexperience18 @vixentael
Slide 30
Slide 30 text
No content
Slide 31
Slide 31 text
EXCITING, BUT FOR
CRYPTO RESEARCHERS ONLY
Slide 32
Slide 32 text
AS USERS WE WANT…
more ciphers!
BORING CRYPTO
#devexperience18 @vixentael
Slide 33
Slide 33 text
BORING CRYPTO
— crypto that simply works, solidly
resists attacks, never needs any
upgrades
https://cr.yp.to/talks/2015.10.05/slides-djb-20151005-a4.pdf
Daniel J. Bernstein
#devexperience18 @vixentael
Slide 34
Slide 34 text
BORING CRYPTO
PLUG & PLAY
#devexperience18 @vixentael
Slide 35
Slide 35 text
WHAT DO WE WANT?
instead of adjusting
our resources
— SOLVE USE-CASES!
Slide 36
Slide 36 text
WHAT DO WE WANT?
— HIGH-LEVEL FUNCTIONS
I want to store data securely
I want to send data securely
I want to verify data integrity
#devexperience18 @vixentael
Slide 37
Slide 37 text
WHAT DO WE WANT?
store data securely
send data securely
verify data integrity
key derivation
key exchange
key rotation
sign/verify ephemeral keys
encr / decr
— HIGH-LEVEL FUNCTIONS
#devexperience18 @vixentael
Slide 38
Slide 38 text
NOBODY
READS DOCS
#devexperience18 @vixentael
Slide 39
Slide 39 text
NOBODY
READS DOCS
“docs are for experts”
“I just want to try”
“gimme code!”
#devexperience18 @vixentael
Slide 40
Slide 40 text
1. HOW TO START?
pod try BoringSSL
cmake -DANDROID_ABI=armeabi-v7a \
-DCMAKE_TOOLCHAIN_FILE=../third_party/
android-cmake/android.toolchain.cmake \
-DANDROID_NATIVE_API_LEVEL=16 \
-GNinja ..
https://boringssl.googlesource.com/boringssl/+/HEAD/BUILDING.md #devexperience18 @vixentael
Slide 41
Slide 41 text
easy, architecture-independent
installation
1. HOW TO START?
#devexperience18 @vixentael
Slide 42
Slide 42 text
2. SUPPORTED PLATFORMS?
*nix
OSX
web browsers embedded
iOS
Android
Windows
minimum expected:
#devexperience18 @vixentael
Slide 43
Slide 43 text
cross-platform is not an option anymore
cross-platform is a must have
2. SUPPORTED PLATFORMS?
#devexperience18 @vixentael
HSM & TPM: PROS
fast hardware crypto!
trusted environment
known security guarantees
keys calculations
#devexperience18 @vixentael
Slide 49
Slide 49 text
HSM & TPM: CONS
vendor lock / vendor trust
bad for interactive encryption
complicated to maintain
(install, upgrade, support,
not cross-platform)
#devexperience18 @vixentael
Slide 50
Slide 50 text
HSM & TPM: PRO & CONS
HSM
app
plaintext
data
plaintext data is
far away from
the place it is used
#devexperience18 @vixentael
Slide 51
Slide 51 text
SOFTWARE CRYPTO SYSTEMS
https://github.com/sobolevn/awesome-cryptography
any kind of encryption
plaintext data is closer
to its usage
cross-platform
Slide 52
Slide 52 text
https://github.com/sobolevn/awesome-cryptography
SOFTWARE CRYPTO SYSTEMS
any kind of encryption
plaintext data is closer
to its usage
cross-platform
NO DEVICE TRUST
Slide 53
Slide 53 text
WEBBROWSER CRYPTO: CONS
DOM, XSS,
NO CODE TRUST
#devexperience18 @vixentael
Slide 54
Slide 54 text
HSM/TPM + SOFTWARE CS
keys calculations
TPM /
own
software
cross-platform
take best from both
#devexperience18 @vixentael
HSM
Slide 55
Slide 55 text
No content
Slide 56
Slide 56 text
cross-platform
easy to install
easy to use
USING CRYPTO SHOULD BE LIKE..
audited
open source
time proven
well-documented
#devexperience18 @vixentael
EXAMPLE
https://github.com/cossacklabs/hermes-core/wiki/Python-tutorial
data access control based on crypto-keys
python docs/examples/python/hermes_client.py
--id USER1
--config=docs/examples/python/config.json
--private_key USER1.priv
--doc secretfile
--read
#devexperience18 @vixentael
Slide 65
Slide 65 text
3. BOXED SOLUTIONS
unites crypto-systems and user
functions for solving problems
#devexperience18 @vixentael
Slide 66
Slide 66 text
3. BOXED SOLUTIONS
truecrypt
ssh
acra
vault
unites crypto-systems and user
functions for solving problems
#devexperience18 @vixentael
Slide 67
Slide 67 text
EXAMPLE
https://github.com/cossacklabs/acra/wiki/Trying-Acra-with-Docker
database proxy for encrypting / decrypting
git clone https://github.com/cossacklabs/acra
cd acra/docker
docker-compose -f acra-pgsql-ssl-proxy.yml up -d
#devexperience18 @vixentael
Slide 68
Slide 68 text
CAN I SOLVE MY USE-CASE
USING…
boxed solutions
Slide 69
Slide 69 text
CAN I SOLVE MY USE-CASE
USING…
crypto-libraries
crypto-systems
boxed solutions
more pain
Slide 70
Slide 70 text
CAN I SOLVE MY USE-CASE
USING…
crypto-libraries
crypto-systems
boxed solutions
more pain
even
more pain
THE WORLD DOESN’T HAVE
A PROBLEM WITH
NEW CRYPTO-ALGORITHMS.
Slide 73
Slide 73 text
THE WORLD DOESN’T HAVE
A PROBLEM WITH
NEW CRYPTO-ALGORITHMS.
PROBLEM IS THAT THEY ARE
NOT BORING ENOUGH
Slide 74
Slide 74 text
#devexperience18 @vixentael
Slide 75
Slide 75 text
VS
#devexperience18 @vixentael
Slide 76
Slide 76 text
make the light
controllable
#devexperience18 @vixentael
Slide 77
Slide 77 text
#devexperience18 @vixentael
Slide 78
Slide 78 text
make the crypto
security
controllable
#devexperience18 @vixentael
Slide 79
Slide 79 text
make the crypto
security
controllable
and booooring
#devexperience18 @vixentael
Slide 80
Slide 80 text
#owaspkyiv @vixentael
Slide 81
Slide 81 text
LINKS 1
Boring crypto, Daniel J. Bernstein
https://cr.yp.to/talks/2015.10.05/slides-djb-20151005-a4.pdf
Why does cryptographic software fail?
https://pdos.csail.mit.edu/papers/cryptobugs:apsys14.pdf
API design for cryptography
https://2017.hack.lu/archive/2017/hacklu-crypto-api.pdf
Slide 82
Slide 82 text
LINKS 2
Encrypting strings in Android: Let’s make better mistakes
https://tozny.com/blog/encrypting-strings-in-android-lets-make-better-mistakes/
Awesome crypto papers
https://github.com/pFarb/awesome-crypto-papers
12 And 1 Ideas How To Enhance Backend Data Security
https://www.cossacklabs.com/backend-data-security-modern-ideas.html
Attestation and Trusted Computing
https://courses.cs.washington.edu/courses/csep590/06wi/finalprojects/bare.pdf
Slide 83
Slide 83 text
MY OTHER SECURITY SLIDES
https://github.com/
vixentael/my-talks
…and more
Slide 84
Slide 84 text
@vixentael Product Engineer
Feel free to reach me with
security questions.
I do check my inbox :)