@vixentael
head of customer solutions,
security software engineer
OSS maintainer: Themis, Acra
focused on applied crypto and
building e2ee protocols
Anastasiia Voitova
Slide 3
Slide 3 text
database searchable encryption
eprint.iacr.org/2019/806.pdf
e2ee data collaboration
cossacklabs.com/files/hermes-theory-paper-rev1.pdf
zero knowledge authentication
cossacklabs.com/files/secure-comparator-paper-rev12.pdf
cossacklabs.com @vixentael
Data security solutions based on R&D
Slide 4
Slide 4 text
No content
Slide 5
Slide 5 text
USABLE
Slide 6
Slide 6 text
“Let’s protect stored data”
…imagine simple use case
…and calculate potential dev
mistakes
@vixentael
Slide 7
Slide 7 text
1. Defining the data scope
business-sensitive data
regulations, compliance
tech data (keys, logs, backups, tokens..)
@vixentael
Slide 8
Slide 8 text
1. Defining the data scope
business-sensitive data
regulations, compliance
tech data (keys, logs, backups, tokens..)
@vixentael
Mistake 1.
wrong scope definition
Slide 9
Slide 9 text
2. Selecting crypto function
@vixentael
twofish
sha1
des
md5
Slide 10
Slide 10 text
2. Selecting crypto function
@vixentael
twofish
sha1
des
md5
Mistake 2.
bad algo selection
Slide 11
Slide 11 text
Things to decide on:
KEY LENGTH
DATA SCOPE CIPHER
@vixentael
Slide 12
Slide 12 text
3. Using cipher
@vixentael
https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption
Slide 13
Slide 13 text
3. Using cipher
@vixentael
https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption
Slide 14
Slide 14 text
3. Using cipher
@vixentael
https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption
Mistake 3.
wrong params
Slide 15
Slide 15 text
Things to decide on:
PADDING
KEY LENGTH
MODE
DATA SCOPE CIPHER
IV
@vixentael
— crypto that simply works, solidly
resists attacks, never needs any
upgrades
https://cr.yp.to/talks/2015.10.05/slides-djb-20151005-a4.pdf
Daniel J. Bernstein
Boring crypto
@vixentael
Slide 25
Slide 25 text
I want to store data securely
I want to send data securely
I want to verify data integrity
Solve use-cases
@vixentael
Slide 26
Slide 26 text
o store data securely
o send data securely
o verify data integrity KEY DERIVATION
KEY EXCHANGE
KEY ROTATION
SIGN/VERIFY EPHEMERAL KEYS
ENCR / DECR
Solve use-cases
@vixentael
Slide 27
Slide 27 text
Crypto should be:
cross-platform
easy to install
easy to use audited
open source
time proven
well-documented
compliant
hard to mis-use
@vixentael
1. CRYPTO-LIBS
implements single or multiple
security functions
https://github.com/sobolevn/awesome-cryptography @vixentael
RNCryptor
Themis
OpenSSL/BoringSSL/*SSL
CryptoSwift Tink
LibSodium/NaCl
Slide 32
Slide 32 text
Matthew Green
@vixentael
blog.cryptographyengineering.com/2012/12/28/the-anatomy-of-bad-idea/
“OpenSSL is the space shuttle of crypto libraries. It will
get you to space, provided you have a team of people to
push the ten thousand buttons required to do so.
NaCl is more like an elevator — you just press a button
and it takes you there. No frills or options.
I like elevators.”
Slide 33
Slide 33 text
OpenSSL “high level” API, AES CBC
@vixentael
Slide 34
Slide 34 text
CommonCrypto AES
@vixentael
Slide 35
Slide 35 text
High lvl API, easy to mis-use
@vixentael
Slide 36
Slide 36 text
should be random
should use KDF(key)
uses AES CBC, not AES GCM
padding? salt?
High lvl API, easy to mis-use
@vixentael
Slide 37
Slide 37 text
github.com/cossacklabs/themis @vixentael
Themis: hard to mis-use
Slide 38
Slide 38 text
hides cryptographic details: salt, IV, KDF, padding
uses AES-256-GCM
github.com/cossacklabs/themis
built-in KDF to make keys stronger
Themis: hard to mis-use
@vixentael