Don’t waste time on learning cryptography: better use it properly

DON’T WASTE TIME ON
LEARNING CRYPTOGRAPHY:
BETTER USE IT PROPERLY
#devexperience18 @vixentael

View Slide

@vixentael Product Engineer
Feel free to reach me with
security questions.
I do check my inbox :)

View Slide

View Slide

We want to protect
our users’ data

View Slide

We want
developers to
protect data

View Slide

We want to protect
our users’ data
HOW?
We want
developers to
protect data

View Slide

WE HAVE USER DATA.
WHAT SHALL WE DO?

View Slide

PROTECTING USER DATA:
STEPS MISTAKES WE DO

View Slide

1. DEFINING THE DATA SCOPE
sensitive user data
GDPR / HIPAA / PCI DSS
tech data (keys, logs)

View Slide

1. DEFINING THE DATA SCOPE
sensitive user data
GDPR / HIPAA / PCI DSS
tech data (keys, logs)
mistake 1.
wrong scope deﬁnition

View Slide

2. SELECTING ALGORITHM
twoﬁsh
sha1
des
md5

View Slide

twoﬁsh
sha1
des
md5
#owaspkyiv @vixentael
2. SELECTING ALGORITHM
mistake 2.
bad algo selection

View Slide

THINGS TO DECIDE ON
KEY LENGTH
DATA SCOPE ALGORITHM

View Slide

https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption
3. USING ALGORITHM

View Slide

https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption
3. USING ALGORITHM
mistake 3.
wrong params

View Slide

THINGS TO DECIDE ON
PADDING
KEY LENGTH
MODE
IV

View Slide

4. KEY MANAGEMENT
user password
keys
KDF

View Slide

4. KEY MANAGEMENT
user password
keys
KDF
mistake 4.
bad key management
https://www.owasp.org/index.php/Key_Management_Cheat_Sheet #devexperience18 @vixentael

View Slide

THINGS TO DECIDE ON
PADDING
KEY LENGTH
KEY ROTATION
MODE KEY DERIVATION
KEY STORAGE
KEY EXCHANGE
IV
KEY REVOCATION

View Slide

5. INFRASTRUCTURE

View Slide

PADDING
KEY LENGTH
KEY ROTATION
MODE KEY DERIVATION
KEY STORAGE
THINGS TO DECIDE ON
KEY EXCHANGE
BACKUPS
PLATFORMS
IV
KEY REVOCATION

View Slide

View Slide

https://pdos.csail.mit.edu/papers/cryptobugs:apsys14.pdf
269 CVEs
from 2011-2014
17%
83%
bugs inside crypto libs
misuses of crypto libs
by individual apps

View Slide

AS USERS WE WANT…
more ciphers?

View Slide

AES
DES
3DES
CBC
CFB
SEAL
Salsa20
RSA
DSA

View Slide

AES
DES
3DES
CBC
CFB
SEAL
Salsa20
RSA
DSA
OFB
SHARK
RC4
DSS
ECB CTR
SEED
Blowﬁsh

View Slide

AES
DES
3DES
CBC
CFB
SEAL
Salsa20
RSA
DSA
OFB
Blowﬁsh
SHARK
RC4
DSS
ECB CTR
Twoﬁsh
Camelia
SEED
Rabbit
ECDSA

View Slide

AS USERS WE WANT…
more ciphers!
more vulnerabilities!
more side channel attacks!
more attacks!
more constant time checks :)
more protocols!
more patches!

View Slide

View Slide

EXCITING, BUT FOR
CRYPTO RESEARCHERS ONLY

View Slide

AS USERS WE WANT…
more ciphers!
BORING CRYPTO

View Slide

BORING CRYPTO
— crypto that simply works, solidly
resists attacks, never needs any
upgrades
https://cr.yp.to/talks/2015.10.05/slides-djb-20151005-a4.pdf
Daniel J. Bernstein

View Slide

BORING CRYPTO
PLUG & PLAY

View Slide

WHAT DO WE WANT?
instead of adjusting
our resources
— SOLVE USE-CASES!

View Slide

WHAT DO WE WANT?
— HIGH-LEVEL FUNCTIONS
I want to store data securely
I want to send data securely
I want to verify data integrity

View Slide

WHAT DO WE WANT?
store data securely
send data securely
verify data integrity
key derivation
key exchange
key rotation
sign/verify ephemeral keys
encr / decr
— HIGH-LEVEL FUNCTIONS

View Slide

NOBODY
READS DOCS

View Slide

NOBODY
READS DOCS
“docs are for experts”
“I just want to try”
“gimme code!”

View Slide

1. HOW TO START?
pod try BoringSSL
cmake -DANDROID_ABI=armeabi-v7a \
-DCMAKE_TOOLCHAIN_FILE=../third_party/
android-cmake/android.toolchain.cmake \
-DANDROID_NATIVE_API_LEVEL=16 \
-GNinja ..
https://boringssl.googlesource.com/boringssl/+/HEAD/BUILDING.md #devexperience18 @vixentael

View Slide

easy, architecture-independent
installation
1. HOW TO START?

View Slide

2. SUPPORTED PLATFORMS?
*nix
OSX
web browsers embedded
iOS
Android
Windows
minimum expected:

View Slide

cross-platform is not an option anymore
cross-platform is a must have
2. SUPPORTED PLATFORMS?

View Slide

OPTIONS WE HAVE

View Slide

HSM

View Slide

HARDWARE SECURITY MODULE
key generation
provides cryptoprocessing
key storage
portable

View Slide

TRUSTED PLATFORM MODULE
key management
disk protection
trust anchor
built-in
remote attestation
provides cryptoprimitives

View Slide

HSM & TPM: PROS
fast hardware crypto!
trusted environment
known security guarantees
keys calculations

View Slide

HSM & TPM: CONS
vendor lock / vendor trust
bad for interactive encryption
complicated to maintain
(install, upgrade, support,
not cross-platform)

View Slide

HSM & TPM: PRO & CONS
HSM
app
plaintext
data
plaintext data is
far away from
the place it is used

View Slide

SOFTWARE CRYPTO SYSTEMS
https://github.com/sobolevn/awesome-cryptography
any kind of encryption
plaintext data is closer
to its usage
cross-platform

View Slide

SOFTWARE CRYPTO SYSTEMS
any kind of encryption
plaintext data is closer
to its usage
cross-platform
NO DEVICE TRUST

View Slide

WEBBROWSER CRYPTO: CONS
DOM, XSS,
NO CODE TRUST

View Slide

HSM/TPM + SOFTWARE CS
keys calculations
TPM /
own
software
cross-platform
take best from both
HSM

View Slide

View Slide

cross-platform
easy to install
easy to use
USING CRYPTO SHOULD BE LIKE..
audited
open source
time proven
well-documented

View Slide

crypto-libraries
crypto-systems
boxed solutions
FORM-FACTOR STAIRS

View Slide


View Slide

1. CRYPTO-LIBS
implements single or multiple
security functions

View Slide

1. CRYPTO-LIBS
libsodium
themis
implements single or multiple
security functions
keyczar
noise

View Slide

EXAMPLE
https://github.com/cossacklabs/themis/wiki/Python-Howto
secure messaging with forward secrecy

View Slide

2. CRYPTO-SYSTEMS
combines security functions for
solving exact use-case

View Slide

2. CRYPTO-SYSTEMS
axolotl
hermes
combines security functions for
solving exact use-case
SSL/TLS
ZeroKit

View Slide

EXAMPLE
https://github.com/cossacklabs/hermes-core/wiki/Python-tutorial
data access control based on crypto-keys
python docs/examples/python/hermes_client.py
--id USER1
--config=docs/examples/python/config.json
--private_key USER1.priv
--doc secretfile
--read

View Slide

3. BOXED SOLUTIONS
unites crypto-systems and user
functions for solving problems

View Slide

3. BOXED SOLUTIONS
truecrypt
ssh
acra
vault
unites crypto-systems and user
functions for solving problems

View Slide

EXAMPLE
https://github.com/cossacklabs/acra/wiki/Trying-Acra-with-Docker
database proxy for encrypting / decrypting
git clone https://github.com/cossacklabs/acra
cd acra/docker
docker-compose -f acra-pgsql-ssl-proxy.yml up -d

View Slide

CAN I SOLVE MY USE-CASE
USING…
boxed solutions

View Slide

USING…
crypto-libraries
crypto-systems
boxed solutions
more pain

View Slide

USING…
crypto-libraries
crypto-systems
boxed solutions
more pain
even
more pain

View Slide

https://www.cossacklabs.com/choose-your-ios-crypto.html

View Slide

THE WORLD DOESN’T HAVE
A PROBLEM WITH
NEW CRYPTO-ALGORITHMS.

View Slide

THE WORLD DOESN’T HAVE
A PROBLEM WITH
NEW CRYPTO-ALGORITHMS.
PROBLEM IS THAT THEY ARE
NOT BORING ENOUGH

View Slide


View Slide

VS

View Slide

make the light
controllable

View Slide


View Slide

make the crypto
security
controllable

View Slide

make the crypto
security
controllable
and booooring

View Slide


View Slide

LINKS 1
Boring crypto, Daniel J. Bernstein
https://cr.yp.to/talks/2015.10.05/slides-djb-20151005-a4.pdf
Why does cryptographic software fail?
https://pdos.csail.mit.edu/papers/cryptobugs:apsys14.pdf
API design for cryptography
https://2017.hack.lu/archive/2017/hacklu-crypto-api.pdf

View Slide

LINKS 2
Encrypting strings in Android: Let’s make better mistakes
https://tozny.com/blog/encrypting-strings-in-android-lets-make-better-mistakes/
Awesome crypto papers
https://github.com/pFarb/awesome-crypto-papers
12 And 1 Ideas How To Enhance Backend Data Security
https://www.cossacklabs.com/backend-data-security-modern-ideas.html
Attestation and Trusted Computing
https://courses.cs.washington.edu/courses/csep590/06wi/ﬁnalprojects/bare.pdf

View Slide

MY OTHER SECURITY SLIDES
https://github.com/
vixentael/my-talks
…and more

View Slide

@vixentael Product Engineer
Feel free to reach me with
security questions.
I do check my inbox :)

View Slide

Don’t waste time on learning cryptography: better use it properly

Don’t waste time on learning cryptography: better use it properly

vixentael

More Decks by vixentael

Other Decks in Programming

Featured

Transcript