Slide 1

Slide 1 text

DON’T WASTE TIME ON LEARNING CRYPTOGRAPHY: BETTER USE IT PROPERLY #devexperience18 @vixentael

Slide 2

Slide 2 text

@vixentael Product Engineer Feel free to reach me with security questions. I do check my inbox :)

Slide 3

Slide 3 text

No content

Slide 4

Slide 4 text

We want to protect our users’ data

Slide 5

Slide 5 text

We want developers to protect data

Slide 6

Slide 6 text

We want to protect our users’ data HOW? We want developers to protect data

Slide 7

Slide 7 text

WE HAVE USER DATA. WHAT SHALL WE DO?

Slide 8

Slide 8 text

#devexperience18 @vixentael PROTECTING USER DATA: STEPS MISTAKES WE DO

Slide 9

Slide 9 text

1. DEFINING THE DATA SCOPE sensitive user data GDPR / HIPAA / PCI DSS tech data (keys, logs) #devexperience18 @vixentael

Slide 10

Slide 10 text

1. DEFINING THE DATA SCOPE sensitive user data GDPR / HIPAA / PCI DSS tech data (keys, logs) mistake 1. wrong scope definition #devexperience18 @vixentael

Slide 11

Slide 11 text

2. SELECTING ALGORITHM twofish sha1 des md5 #devexperience18 @vixentael

Slide 12

Slide 12 text

twofish sha1 des md5 #owaspkyiv @vixentael 2. SELECTING ALGORITHM mistake 2. bad algo selection

Slide 13

Slide 13 text

THINGS TO DECIDE ON KEY LENGTH DATA SCOPE ALGORITHM #devexperience18 @vixentael

Slide 14

Slide 14 text

https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption 3. USING ALGORITHM #devexperience18 @vixentael

Slide 15

Slide 15 text

https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption 3. USING ALGORITHM #devexperience18 @vixentael

Slide 16

Slide 16 text

https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption 3. USING ALGORITHM mistake 3. wrong params #devexperience18 @vixentael

Slide 17

Slide 17 text

THINGS TO DECIDE ON PADDING KEY LENGTH MODE DATA SCOPE ALGORITHM IV #devexperience18 @vixentael

Slide 18

Slide 18 text

4. KEY MANAGEMENT user password keys KDF #devexperience18 @vixentael

Slide 19

Slide 19 text

4. KEY MANAGEMENT user password keys KDF mistake 4. bad key management https://www.owasp.org/index.php/Key_Management_Cheat_Sheet #devexperience18 @vixentael

Slide 20

Slide 20 text

THINGS TO DECIDE ON PADDING KEY LENGTH KEY ROTATION MODE KEY DERIVATION KEY STORAGE KEY EXCHANGE DATA SCOPE ALGORITHM IV KEY REVOCATION #devexperience18 @vixentael

Slide 21

Slide 21 text

5. INFRASTRUCTURE #devexperience18 @vixentael

Slide 22

Slide 22 text

PADDING KEY LENGTH KEY ROTATION MODE KEY DERIVATION KEY STORAGE THINGS TO DECIDE ON KEY EXCHANGE BACKUPS PLATFORMS DATA SCOPE ALGORITHM IV KEY REVOCATION #devexperience18 @vixentael

Slide 23

Slide 23 text

No content

Slide 24

Slide 24 text

https://pdos.csail.mit.edu/papers/cryptobugs:apsys14.pdf 269 CVEs from 2011-2014 17% 83% bugs inside crypto libs misuses of crypto libs by individual apps #devexperience18 @vixentael

Slide 25

Slide 25 text

AS USERS WE WANT… more ciphers? #devexperience18 @vixentael

Slide 26

Slide 26 text

AES DES 3DES CBC CFB SEAL Salsa20 RSA DSA #devexperience18 @vixentael

Slide 27

Slide 27 text

AES DES 3DES CBC CFB SEAL Salsa20 RSA DSA OFB SHARK RC4 DSS ECB CTR SEED Blowfish #devexperience18 @vixentael

Slide 28

Slide 28 text

AES DES 3DES CBC CFB SEAL Salsa20 RSA DSA OFB Blowfish SHARK RC4 DSS ECB CTR Twofish Camelia SEED Rabbit ECDSA #devexperience18 @vixentael

Slide 29

Slide 29 text

AS USERS WE WANT… more ciphers! more vulnerabilities! more side channel attacks! more attacks! more constant time checks :) more protocols! more patches! #devexperience18 @vixentael

Slide 30

Slide 30 text

No content

Slide 31

Slide 31 text

EXCITING, BUT FOR CRYPTO RESEARCHERS ONLY

Slide 32

Slide 32 text

AS USERS WE WANT… more ciphers! BORING CRYPTO #devexperience18 @vixentael

Slide 33

Slide 33 text

BORING CRYPTO — crypto that simply works, solidly resists attacks, never needs any upgrades https://cr.yp.to/talks/2015.10.05/slides-djb-20151005-a4.pdf Daniel J. Bernstein #devexperience18 @vixentael

Slide 34

Slide 34 text

BORING CRYPTO PLUG & PLAY #devexperience18 @vixentael

Slide 35

Slide 35 text

WHAT DO WE WANT? instead of adjusting our resources — SOLVE USE-CASES!

Slide 36

Slide 36 text

WHAT DO WE WANT? — HIGH-LEVEL FUNCTIONS I want to store data securely I want to send data securely I want to verify data integrity #devexperience18 @vixentael

Slide 37

Slide 37 text

WHAT DO WE WANT? store data securely send data securely verify data integrity key derivation key exchange key rotation sign/verify ephemeral keys encr / decr — HIGH-LEVEL FUNCTIONS #devexperience18 @vixentael

Slide 38

Slide 38 text

NOBODY READS DOCS #devexperience18 @vixentael

Slide 39

Slide 39 text

NOBODY READS DOCS “docs are for experts” “I just want to try” “gimme code!” #devexperience18 @vixentael

Slide 40

Slide 40 text

1. HOW TO START? pod try BoringSSL cmake -DANDROID_ABI=armeabi-v7a \ -DCMAKE_TOOLCHAIN_FILE=../third_party/ android-cmake/android.toolchain.cmake \ -DANDROID_NATIVE_API_LEVEL=16 \ -GNinja .. https://boringssl.googlesource.com/boringssl/+/HEAD/BUILDING.md #devexperience18 @vixentael

Slide 41

Slide 41 text

easy, architecture-independent installation 1. HOW TO START? #devexperience18 @vixentael

Slide 42

Slide 42 text

2. SUPPORTED PLATFORMS? *nix OSX web browsers embedded iOS Android Windows minimum expected: #devexperience18 @vixentael

Slide 43

Slide 43 text

cross-platform is not an option anymore cross-platform is a must have 2. SUPPORTED PLATFORMS? #devexperience18 @vixentael

Slide 44

Slide 44 text

OPTIONS WE HAVE

Slide 45

Slide 45 text

#owaspkyiv @vixentael HSM

Slide 46

Slide 46 text

HARDWARE SECURITY MODULE key generation provides cryptoprocessing key storage portable #devexperience18 @vixentael

Slide 47

Slide 47 text

#owaspkyiv @vixentael TRUSTED PLATFORM MODULE key management disk protection trust anchor built-in remote attestation provides cryptoprimitives

Slide 48

Slide 48 text

HSM & TPM: PROS fast hardware crypto! trusted environment known security guarantees keys calculations #devexperience18 @vixentael

Slide 49

Slide 49 text

HSM & TPM: CONS vendor lock / vendor trust bad for interactive encryption complicated to maintain (install, upgrade, support, not cross-platform) #devexperience18 @vixentael

Slide 50

Slide 50 text

HSM & TPM: PRO & CONS HSM app plaintext data plaintext data is far away from the place it is used #devexperience18 @vixentael

Slide 51

Slide 51 text

SOFTWARE CRYPTO SYSTEMS https://github.com/sobolevn/awesome-cryptography any kind of encryption plaintext data is closer to its usage cross-platform

Slide 52

Slide 52 text

https://github.com/sobolevn/awesome-cryptography SOFTWARE CRYPTO SYSTEMS any kind of encryption plaintext data is closer to its usage cross-platform NO DEVICE TRUST

Slide 53

Slide 53 text

WEBBROWSER CRYPTO: CONS DOM, XSS, NO CODE TRUST #devexperience18 @vixentael

Slide 54

Slide 54 text

HSM/TPM + SOFTWARE CS keys calculations TPM / own software cross-platform take best from both #devexperience18 @vixentael HSM

Slide 55

Slide 55 text

No content

Slide 56

Slide 56 text

cross-platform easy to install easy to use USING CRYPTO SHOULD BE LIKE.. audited open source time proven well-documented #devexperience18 @vixentael

Slide 57

Slide 57 text

crypto-libraries crypto-systems boxed solutions FORM-FACTOR STAIRS

Slide 58

Slide 58 text

#devexperience18 @vixentael

Slide 59

Slide 59 text

1. CRYPTO-LIBS implements single or multiple security functions #devexperience18 @vixentael https://github.com/sobolevn/awesome-cryptography

Slide 60

Slide 60 text

1. CRYPTO-LIBS libsodium themis https://github.com/sobolevn/awesome-cryptography implements single or multiple security functions keyczar noise #devexperience18 @vixentael

Slide 61

Slide 61 text

EXAMPLE https://github.com/cossacklabs/themis/wiki/Python-Howto secure messaging with forward secrecy #devexperience18 @vixentael

Slide 62

Slide 62 text

2. CRYPTO-SYSTEMS combines security functions for solving exact use-case #devexperience18 @vixentael

Slide 63

Slide 63 text

2. CRYPTO-SYSTEMS axolotl hermes combines security functions for solving exact use-case SSL/TLS ZeroKit #devexperience18 @vixentael

Slide 64

Slide 64 text

EXAMPLE https://github.com/cossacklabs/hermes-core/wiki/Python-tutorial data access control based on crypto-keys python docs/examples/python/hermes_client.py --id USER1 --config=docs/examples/python/config.json --private_key USER1.priv --doc secretfile --read #devexperience18 @vixentael

Slide 65

Slide 65 text

3. BOXED SOLUTIONS unites crypto-systems and user functions for solving problems #devexperience18 @vixentael

Slide 66

Slide 66 text

3. BOXED SOLUTIONS truecrypt ssh acra vault unites crypto-systems and user functions for solving problems #devexperience18 @vixentael

Slide 67

Slide 67 text

EXAMPLE https://github.com/cossacklabs/acra/wiki/Trying-Acra-with-Docker database proxy for encrypting / decrypting git clone https://github.com/cossacklabs/acra cd acra/docker docker-compose -f acra-pgsql-ssl-proxy.yml up -d #devexperience18 @vixentael

Slide 68

Slide 68 text

CAN I SOLVE MY USE-CASE USING… boxed solutions

Slide 69

Slide 69 text

CAN I SOLVE MY USE-CASE USING… crypto-libraries crypto-systems boxed solutions more pain

Slide 70

Slide 70 text

CAN I SOLVE MY USE-CASE USING… crypto-libraries crypto-systems boxed solutions more pain even more pain

Slide 71

Slide 71 text

https://www.cossacklabs.com/choose-your-ios-crypto.html

Slide 72

Slide 72 text

THE WORLD DOESN’T HAVE A PROBLEM WITH NEW CRYPTO-ALGORITHMS.

Slide 73

Slide 73 text

THE WORLD DOESN’T HAVE A PROBLEM WITH NEW CRYPTO-ALGORITHMS. PROBLEM IS THAT THEY ARE NOT BORING ENOUGH

Slide 74

Slide 74 text

#devexperience18 @vixentael

Slide 75

Slide 75 text

VS #devexperience18 @vixentael

Slide 76

Slide 76 text

make the light controllable #devexperience18 @vixentael

Slide 77

Slide 77 text

#devexperience18 @vixentael

Slide 78

Slide 78 text

make the crypto security controllable #devexperience18 @vixentael

Slide 79

Slide 79 text

make the crypto security controllable and booooring #devexperience18 @vixentael

Slide 80

Slide 80 text

#owaspkyiv @vixentael

Slide 81

Slide 81 text

LINKS 1 Boring crypto, Daniel J. Bernstein https://cr.yp.to/talks/2015.10.05/slides-djb-20151005-a4.pdf Why does cryptographic software fail? https://pdos.csail.mit.edu/papers/cryptobugs:apsys14.pdf API design for cryptography https://2017.hack.lu/archive/2017/hacklu-crypto-api.pdf

Slide 82

Slide 82 text

LINKS 2 Encrypting strings in Android: Let’s make better mistakes https://tozny.com/blog/encrypting-strings-in-android-lets-make-better-mistakes/ Awesome crypto papers https://github.com/pFarb/awesome-crypto-papers 12 And 1 Ideas How To Enhance Backend Data Security https://www.cossacklabs.com/backend-data-security-modern-ideas.html Attestation and Trusted Computing https://courses.cs.washington.edu/courses/csep590/06wi/finalprojects/bare.pdf

Slide 83

Slide 83 text

MY OTHER SECURITY SLIDES https://github.com/ vixentael/my-talks …and more

Slide 84

Slide 84 text

@vixentael Product Engineer Feel free to reach me with security questions. I do check my inbox :)