Slide 1

Slide 1 text

USE CRYPTOGRAPHY, DON’T LEARN IT. @vixentael

Slide 2

Slide 2 text

@vixentael head of customer solutions, security software engineer OSS maintainer: Themis, Acra focused on applied crypto and building e2ee protocols Anastasiia Voitova

Slide 3

Slide 3 text

database searchable encryption eprint.iacr.org/2019/806.pdf e2ee data collaboration cossacklabs.com/files/hermes-theory-paper-rev1.pdf zero knowledge authentication cossacklabs.com/files/secure-comparator-paper-rev12.pdf cossacklabs.com @vixentael Data security solutions based on R&D

Slide 4

Slide 4 text

No content

Slide 5

Slide 5 text

USABLE

Slide 6

Slide 6 text

“Let’s protect stored data” …imagine simple use case …and calculate potential dev mistakes @vixentael

Slide 7

Slide 7 text

1. Defining the data scope business-sensitive data regulations, compliance tech data (keys, logs, backups, tokens..) @vixentael

Slide 8

Slide 8 text

1. Defining the data scope business-sensitive data regulations, compliance tech data (keys, logs, backups, tokens..) @vixentael Mistake 1. wrong scope definition

Slide 9

Slide 9 text

2. Selecting crypto function @vixentael twofish sha1 des md5

Slide 10

Slide 10 text

2. Selecting crypto function @vixentael twofish sha1 des md5 Mistake 2. bad algo selection

Slide 11

Slide 11 text

Things to decide on: KEY LENGTH DATA SCOPE CIPHER @vixentael

Slide 12

Slide 12 text

3. Using cipher @vixentael https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption

Slide 13

Slide 13 text

3. Using cipher @vixentael https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption

Slide 14

Slide 14 text

3. Using cipher @vixentael https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption Mistake 3. wrong params

Slide 15

Slide 15 text

Things to decide on: PADDING KEY LENGTH MODE DATA SCOPE CIPHER IV @vixentael

Slide 16

Slide 16 text

4. Key management @vixentael user password DEK, KEK, master key, transport key, ephemeral key, OTP, token, keypairs … encryption key KDF

Slide 17

Slide 17 text

4. Key management @vixentael user password DEK, KEK, master key, transport key, ephemeral key, OTP, token, keypairs … encryption key KDF Mistake 4. bad key management https://www.owasp.org/index.php/Key_Management_Cheat_Sheet

Slide 18

Slide 18 text

Things to decide on: PADDING KEY LENGTH KEY ROTATION MODE KEY DERIVATION KEY STORAGE KEY EXCHANGE DATA SCOPE CIPHER IV KEY REVOCATION KMS @vixentael

Slide 19

Slide 19 text

5. Infrastructure @vixentael

Slide 20

Slide 20 text

Things to decide on: PADDING KEY LENGTH KEY ROTATION MODE KEY DERIVATION KEY STORAGE KEY EXCHANGE DATA SCOPE CIPHER IV KEY REVOCATION BACKUPS PLATFORMS KMS @vixentael

Slide 21

Slide 21 text

No content

Slide 22

Slide 22 text

https://pdos.csail.mit.edu/papers/cryptobugs:apsys14.pdf 269 CVEs from 2011-2014 17% 83% bugs inside crypto libs misuses of crypto libs by individual apps @vixentael

Slide 23

Slide 23 text

AES DES 3DES CBC CFB SEAL Salsa20 RSA DSA Kuznyechik Blowfish SHARK RC4 DSS ChaCha20 CTR AES-SIV Camelia SEED Rabbit ECDSA @vixentael

Slide 24

Slide 24 text

— crypto that simply works, solidly resists attacks, never needs any upgrades https://cr.yp.to/talks/2015.10.05/slides-djb-20151005-a4.pdf Daniel J. Bernstein Boring crypto @vixentael

Slide 25

Slide 25 text

I want to store data securely I want to send data securely I want to verify data integrity Solve use-cases @vixentael

Slide 26

Slide 26 text

o store data securely o send data securely o verify data integrity KEY DERIVATION KEY EXCHANGE KEY ROTATION SIGN/VERIFY EPHEMERAL KEYS ENCR / DECR Solve use-cases @vixentael

Slide 27

Slide 27 text

Crypto should be: cross-platform easy to install easy to use audited open source time proven well-documented compliant hard to mis-use @vixentael

Slide 28

Slide 28 text

Form factor is important @vixentael

Slide 29

Slide 29 text

encryption integration abstraction level complexity @vixentael

Slide 30

Slide 30 text

encryption integration abstraction level complexity cipher crypto- library crypto- system boxed solution pain @vixentael

Slide 31

Slide 31 text

1. CRYPTO-LIBS implements single or multiple security functions https://github.com/sobolevn/awesome-cryptography @vixentael RNCryptor Themis OpenSSL/BoringSSL/*SSL CryptoSwift Tink LibSodium/NaCl

Slide 32

Slide 32 text

Matthew Green @vixentael blog.cryptographyengineering.com/2012/12/28/the-anatomy-of-bad-idea/ “OpenSSL is the space shuttle of crypto libraries. It will get you to space, provided you have a team of people to push the ten thousand buttons required to do so. NaCl is more like an elevator — you just press a button and it takes you there. No frills or options. I like elevators.”

Slide 33

Slide 33 text

OpenSSL “high level” API, AES CBC @vixentael

Slide 34

Slide 34 text

CommonCrypto AES @vixentael

Slide 35

Slide 35 text

High lvl API, easy to mis-use @vixentael

Slide 36

Slide 36 text

should be random should use KDF(key) uses AES CBC, not AES GCM padding? salt? High lvl API, easy to mis-use @vixentael

Slide 37

Slide 37 text

github.com/cossacklabs/themis @vixentael Themis: hard to mis-use

Slide 38

Slide 38 text

hides cryptographic details: salt, IV, KDF, padding uses AES-256-GCM github.com/cossacklabs/themis built-in KDF to make keys stronger Themis: hard to mis-use @vixentael

Slide 39

Slide 39 text

2. CRYPTO-SYSTEMS libsignal hermes SSL/TLS ZeroKit noise combines security functions for solving exact use-case @vixentael

Slide 40

Slide 40 text

ACL based on crypto-keys @vixentael hermes python docs/examples/python/hermes_client.py --id USER1 --config=docs/examples/python/config.json --private_key USER1.priv --doc secretfile --read

Slide 41

Slide 41 text

3. BOXED SOLUTIONS @vixentael unites crypto-systems and user functions for solving problems truecrypt ssh acra vault Oracle TDE

Slide 42

Slide 42 text

transparent & searchable encryption @vixentael marketplace.digitalocean.com/apps/acra

Slide 43

Slide 43 text

transparent & searchable encryption @vixentael marketplace.digitalocean.com/apps/acra very boring

Slide 44

Slide 44 text

pain curve less boring more boring cipher crypto- library crypto- system boxed solution pain @vixentael

Slide 45

Slide 45 text

Boring crypto tools allow to focus on product, not on crypto code. @vixentael

Slide 46

Slide 46 text

@vixentael

Slide 47

Slide 47 text

VS @vixentael

Slide 48

Slide 48 text

make the light controllable @vixentael

Slide 49

Slide 49 text

make the crypto security controllable and booooring @vixentael

Slide 50

Slide 50 text

@vixentael Anastasiia Voitova github.com/vixentael/ my-talks