Encryption Without Magic, Risk Management Without Pain

Slide 1

Slide 1 text

ENCRYPTION WITHOUT MAGIC, RISK MANAGEMENT WITHOUT PAIN @vixentael

Slide 2

Slide 2 text

@vixentael Product Engineer Feel free to reach me with security questions. I do check my inbox :)

Slide 3

Slide 3 text

No content

Slide 4

Slide 4 text

CRYPTOGRAPHY?

Slide 5

Slide 5 text

CRYPTOGRAPHY? AES DES 3DES CBC CFB SEAL Salsa20 RSA DSA OFB Blowﬁsh SHARK RC4 DSS ECB CTR Twoﬁsh Camelia SEED Rabbit ECDSA @vixentael

Slide 6

Slide 6 text

MD5 SHA1 SHA256 HASHING PASSWORDS? @vixentael

Slide 7

Slide 7 text

MD5 SHA1 SHA256 HASHING PASSWORDS? https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet https://dusted.codes/sha-256-is-not-a-secure-password-hashing-algorithm HKDF bcrypt PBKDF2 @vixentael

Slide 8

Slide 8 text

algorithms elliptic curves key management public key validity storing secrets CRYPTOGRAPHY cool, but… @vixentael

Slide 9

Slide 9 text

crypto is not a but a method to manage the attack surface @vixentael

Slide 10

Slide 10 text

ATTACK SURFACE – all the possible places where sensitive data may be stolen by adversary https://www.owasp.org/index.php/Attack_Surface_Analysis_Cheat_Sheet @vixentael

Slide 11

Slide 11 text

it’s easier to monitor the suspicious behavior in a small place @vixentael

Slide 12

Slide 12 text

HANDLING SENSITIVE DATA WITH CARE avoid plaintext as possible manage keys properly decrease time of plaintext secrets in memory log, monitor and inspect @vixentael limit access to data

Slide 13

Slide 13 text

– HOW TO MANAGE THE ATTACK SURFACE OF MY DATA?

Slide 14

Slide 14 text

one container one key @vixentael symmetric encryption with poor key management

Slide 15

Slide 15 text

attack surface is arbitrary one container one key symmetric encryption with poor key management key leaked → data leaked @vixentael

Slide 16

Slide 16 text

https://en.wikipedia.org/wiki/Cryptosystem @vixentael

Slide 17

Slide 17 text

KEY AND TRUST MANAGEMENT SHOULD REFLECT YOUR SYSTEM @vixentael

Slide 18

Slide 18 text

MESSAGING https://core.telegram.org/api/end-to-end @vixentael

Slide 19

Slide 19 text

GOOD MESSAGING IS E2EE …but your infrastructures are not only for messaging @vixentael

Slide 20

Slide 20 text

NAIVE DATABASE ENCRYPTION attack surface is almost everywhere @vixentael

Slide 21

Slide 21 text

NARROWING ATTACK SURFACE middleware-side encryption client-side encryption @vixentael

Slide 22

Slide 22 text

No content

Slide 23

Slide 23 text

MIDDLEWARE-SIDE ENCRYPTION

Slide 24

Slide 24 text

SQL injections code injections execution flow attacks reflection attacks XSS crypto-miners everywhere MitM REAL-WORLD WEB SERVER @vixentael

Slide 25

Slide 25 text

ATTACK SURFACE IS EVERYWHERE :( monitor everything @vixentael REAL-WORLD WEB SERVER

Slide 26

Slide 26 text

TRY SYMMETRIC ENCRYPTION? encrypt/decrypt data using sym key @vixentael

Slide 27

Slide 27 text

encrypt/decrypt data using sym key easy to steal a key https://www.alibabacloud.com/ help/faq-detail/37505.htm @vixentael TRY SYMMETRIC ENCRYPTION?

Slide 28

Slide 28 text

“COMBINED” ENCRYPTION @vixentael what if no decryption key?

Slide 29

Slide 29 text

“COMBINED” ENCRYPTION enc_data = Enc(data, Krand) container = (enc_data, PubKweb, enc_key) @vixentael enc_key = Enc(Krand, PrivKweb, PubKtds)

Slide 30

Slide 30 text

PubKey of ‘trusted decryption service’ @vixentael “COMBINED” ENCRYPTION

Slide 31

Slide 31 text

TRUSTED DECRYPTION SERVICE decrypts data @vixentael encrypts data

Slide 32

Slide 32 text

trusted element in infrastructure SEPARATION OF DUTIES no decryption keys monitor & log @vixentael

Slide 33

Slide 33 text

TRUSTED DECRYPTION SERVICE @vixentael NARROWED ATTACK SURFACE

Slide 34

Slide 34 text

monitor everything monitor decryption proxy @vixentael

Slide 35

Slide 35 text

WHERE TO USE THIS TECHNIQUE? micro-services infrastructure @vixentael public-oriented interfaces non-trusted client side (browsers, IoT devices) hard to store keys securely

Slide 36

Slide 36 text

HOW TO IMPLEMENT? ACRA https://github.com/cossacklabs/acra GREEN SQL https://github.com/larskanis/greensql-fw HEXATIER http://www.hexatier.com/ ORACLE DATABASE FIREWALL / TDE http://www.oracle.com/ @vixentael

Slide 37

Slide 37 text

No content

Slide 38

Slide 38 text

CLIENT-SIDE ENCRYPTION

Slide 39

Slide 39 text

MOVE TRUST TO CLIENTS session hijacking unattended backups MitM replay attacks misconﬁgured ACL trusted element in infrastructure @vixentael

Slide 40

Slide 40 text

P2P TRUST system doesn’t know anything about data encrypted containers user-generated keys @vixentael

Slide 41

Slide 41 text

ZERO KNOWLEDGE ARCHITECTURES @vixentael

Slide 42

Slide 42 text

ZKA is a design principle that enables software to provide services over protected client data without having an unencrypted access to it. @vixentael

Slide 43

Slide 43 text

e2ee clients @vixentael ZKA INCLUDES:

Slide 44

Slide 44 text

e2ee clients all operations are on encrypted data: – control access to data from different users – CRUD – search (in encrypted data) ZKA INCLUDES: @vixentael

Slide 45

Slide 45 text

weak key management algorithm weakness user pocket attack surface RISKS FOR ZKA: @vixentael

Slide 46

Slide 46 text

WHEN TO USE ZKA? trusted client side (mobile, HSM/TPM) @vixentael

Slide 47

Slide 47 text

ZKA is already solved for speciﬁc use-cases or in a naive ways @vixentael

Slide 48

Slide 48 text

MESSAGING END-TO-END ENCRYPTION @vixentael

Slide 49

Slide 49 text

AUTHENTICATION ZERO KNOWLEDGE PROOF https://www.cossacklabs.com/zero- knowledge-protocols-without-magic.html @vixentael

Slide 50

Slide 50 text

COLLABORATING ON DATA – store encrypted – share with others – manage access to parties ??? @vixentael

Slide 51

Slide 51 text

naive approach – duplications – key management problems SHARING ENCRYPTED DATA @vixentael

Slide 52

Slide 52 text

give access to certain blocks of data to exact users github.com/cossacklabs/ hermes-core CRYPTOGRAPHIC ACL @vixentael

Slide 53

Slide 53 text

– Key wrapping storage keys user keys blocks HOW TO BUILD IT? @vixentael

Slide 54

Slide 54 text

– Key wrapping – Manage privileges @vixentael HOW TO BUILD IT?

Slide 55

Slide 55 text

– Key wrapping – Manage privileges – Control requests @vixentael HOW TO BUILD IT?

Slide 56

Slide 56 text

shared audit logs complex docs, spreadsheets config files file system document store protection MORE POSSIBLE USE-CASES @vixentael

Slide 57

Slide 57 text

HERMES https://github.com/cossacklabs/hermes-core ZEROKIT https://tresorit.com/zerokit LAFS https://tahoe-lafs.org/trac/tahoe-lafs @vixentael IMPLEMENTATIONS

Slide 58

Slide 58 text

monitor everything monitor client side @vixentael

Slide 59

Slide 59 text

MORE GOODIES TO THINK ABOUT

Slide 60

Slide 60 text

Cryptography is well implemented, if it allows to narrow attack surface, and increase control of data. @vixentael

Slide 61

Slide 61 text

if the system has one perimeter, it will fail! ECHELONIZATION @vixentael

Slide 62

Slide 62 text

#qconlondon @vixentael ..add more layers of defense ECHELONIZATION

Slide 63

Slide 63 text

EXCEPT CRYPTO, YOU ALSO NEED log and monitor events credential management access control, access logging ﬁrewall, IDS, infrastructure management ...

Slide 64

Slide 64 text

https://pdos.csail.mit.edu/papers/cryptobugs:apsys14.pdf 269 CVEs from 2011-2014 17% 83% bugs inside crypto libs misuses of crypto libs by individual apps @vixentael

Slide 65

Slide 65 text

2 RECAP

Slide 66

Slide 66 text

THINGS TO REMEMBER 1. cryptography aims to narrow the attack surface 2. choose relevant encryption scheme 3. combine cryptography and classic security techniques @vixentael 4. echelonization, compartmentalization

Slide 67

Slide 67 text

https://medium.freecodecamp.org/preventing-leaks-and-injections-in-your-database- be3743af7614 How to prevent database leaks and injections https://medium.com/@cossacklabs/12-and-1-ideas-how-to-enhance-backend-data- security-4b8ceb5ccb88 12 and 1 ideas how to enhance backend data security BACKEND SECURITY https://www.cossacklabs.com/blog/gdpr-for-engineers.html GDPR for engineers: technical requirements https://samnewman.io/talks/insecure-transit-microservice-security/ Insecure Transit - Microservice Security

Slide 68

Slide 68 text

CRYPTOGRAPHY https://hackernoon.com/eli5-zero-knowledge-proof-78a276db9eff Explain Like I’m 5: Zero Knowledge Proof https://www.owasp.org/index.php/Secure_Coding_Cheat_Sheet Secure Coding Cheat Sheet https://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_- _Quick_Reference_Guide Secure Coding Practices

Slide 69

Slide 69 text

@vixentael cryptographic software, security consulting, developers training github.com/ vixentael/my-talks

Slide 70

Slide 70 text

IMAGE CREDITS www.flaticon.com freepik, linector, switﬁcons, pixelperfect, smashicons, icon pond, dinosoftlabs Authors: