Pro Yearly is on sale from $80 to $50! »

Don’t waste time on learning cryptography: better use it properly

042b7c0e45c53de46667f07de2fb2614?s=47 vixentael
December 02, 2017

Don’t waste time on learning cryptography: better use it properly

#crypto #security #trust

Presented at Owasp Winter 2017, Kyiv, Ukraine and at DevExperience18 in Iasi, Romania.

1. The typical engineering workflow "we should protect the data, what shall we do", and possible mistakes.
2. What is "boring crypto", what do we want from using crypto-products.
3. Possible solutions: HSM / TPM / software crypto.
4. How to select appropriate software crypto: libs, systems, containers.
5. We want crypto to be similar to the Edison lamp: controllable and boring system.

--------------------------------------

If you can't tap on the link inside slides, please open as pdf (button on the right).

--------------------------------------

Crypto in our lives: why you shouldn’t spend time learning all the details of the crypto-algorithms. Typical mistakes you make using crypto in your products. How to avoid late night commits, but to code 'fast and boring' instead.

--------------------------------------

Links to follow:

Boring crypto, Daniel J. Bernstein
https://cr.yp.to/talks/2015.10.05/slides-djb-20151005-a4.pdf

Why does cryptographic software fail?
https://pdos.csail.mit.edu/papers/cryptobugs:apsys14.pdf

API design for cryptography
https://2017.hack.lu/archive/2017/hacklu-crypto-api.pdf

Encrypting strings in Android: Let’s make better mistakes
https://tozny.com/blog/encrypting-strings-in-android-lets-make-better-mistakes/

Awesome crypto papers
https://github.com/pFarb/awesome-crypto-papers

12 And 1 Ideas How To Enhance Backend Data Security
https://www.cossacklabs.com/backend-data-security-modern-ideas.html

Attestation and Trusted Computing
https://courses.cs.washington.edu/courses/csep590/06wi/finalprojects/bare.pdf

042b7c0e45c53de46667f07de2fb2614?s=128

vixentael

December 02, 2017
Tweet

Transcript

  1. DON’T WASTE TIME ON LEARNING CRYPTOGRAPHY: BETTER USE IT PROPERLY

    #devexperience18 @vixentael
  2. @vixentael Product Engineer Feel free to reach me with security

    questions. I do check my inbox :)
  3. None
  4. We want to protect our users’ data

  5. We want developers to protect data

  6. We want to protect our users’ data HOW? We want

    developers to protect data
  7. WE HAVE USER DATA. WHAT SHALL WE DO?

  8. #devexperience18 @vixentael PROTECTING USER DATA: STEPS MISTAKES WE DO

  9. 1. DEFINING THE DATA SCOPE sensitive user data GDPR /

    HIPAA / PCI DSS tech data (keys, logs) #devexperience18 @vixentael
  10. 1. DEFINING THE DATA SCOPE sensitive user data GDPR /

    HIPAA / PCI DSS tech data (keys, logs) mistake 1. wrong scope definition #devexperience18 @vixentael
  11. 2. SELECTING ALGORITHM twofish sha1 des md5 #devexperience18 @vixentael

  12. twofish sha1 des md5 #owaspkyiv @vixentael 2. SELECTING ALGORITHM mistake

    2. bad algo selection
  13. THINGS TO DECIDE ON KEY LENGTH DATA SCOPE ALGORITHM #devexperience18

    @vixentael
  14. https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption 3. USING ALGORITHM #devexperience18 @vixentael

  15. https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption 3. USING ALGORITHM #devexperience18 @vixentael

  16. https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption 3. USING ALGORITHM mistake 3. wrong params #devexperience18 @vixentael

  17. THINGS TO DECIDE ON PADDING KEY LENGTH MODE DATA SCOPE

    ALGORITHM IV #devexperience18 @vixentael
  18. 4. KEY MANAGEMENT user password keys KDF #devexperience18 @vixentael

  19. 4. KEY MANAGEMENT user password keys KDF mistake 4. bad

    key management https://www.owasp.org/index.php/Key_Management_Cheat_Sheet #devexperience18 @vixentael
  20. THINGS TO DECIDE ON PADDING KEY LENGTH KEY ROTATION MODE

    KEY DERIVATION KEY STORAGE KEY EXCHANGE DATA SCOPE ALGORITHM IV KEY REVOCATION #devexperience18 @vixentael
  21. 5. INFRASTRUCTURE #devexperience18 @vixentael

  22. PADDING KEY LENGTH KEY ROTATION MODE KEY DERIVATION KEY STORAGE

    THINGS TO DECIDE ON KEY EXCHANGE BACKUPS PLATFORMS DATA SCOPE ALGORITHM IV KEY REVOCATION #devexperience18 @vixentael
  23. None
  24. https://pdos.csail.mit.edu/papers/cryptobugs:apsys14.pdf 269 CVEs from 2011-2014 17% 83% bugs inside crypto

    libs misuses of crypto libs by individual apps #devexperience18 @vixentael
  25. AS USERS WE WANT… more ciphers? #devexperience18 @vixentael

  26. AES DES 3DES CBC CFB SEAL Salsa20 RSA DSA #devexperience18

    @vixentael
  27. AES DES 3DES CBC CFB SEAL Salsa20 RSA DSA OFB

    SHARK RC4 DSS ECB CTR SEED Blowfish #devexperience18 @vixentael
  28. AES DES 3DES CBC CFB SEAL Salsa20 RSA DSA OFB

    Blowfish SHARK RC4 DSS ECB CTR Twofish Camelia SEED Rabbit ECDSA #devexperience18 @vixentael
  29. AS USERS WE WANT… more ciphers! more vulnerabilities! more side

    channel attacks! more attacks! more constant time checks :) more protocols! more patches! #devexperience18 @vixentael
  30. None
  31. EXCITING, BUT FOR CRYPTO RESEARCHERS ONLY

  32. AS USERS WE WANT… more ciphers! BORING CRYPTO #devexperience18 @vixentael

  33. BORING CRYPTO — crypto that simply works, solidly resists attacks,

    never needs any upgrades https://cr.yp.to/talks/2015.10.05/slides-djb-20151005-a4.pdf Daniel J. Bernstein #devexperience18 @vixentael
  34. BORING CRYPTO PLUG & PLAY #devexperience18 @vixentael

  35. WHAT DO WE WANT? instead of adjusting our resources —

    SOLVE USE-CASES!
  36. WHAT DO WE WANT? — HIGH-LEVEL FUNCTIONS I want to

    store data securely I want to send data securely I want to verify data integrity #devexperience18 @vixentael
  37. WHAT DO WE WANT? store data securely send data securely

    verify data integrity key derivation key exchange key rotation sign/verify ephemeral keys encr / decr — HIGH-LEVEL FUNCTIONS #devexperience18 @vixentael
  38. NOBODY READS DOCS #devexperience18 @vixentael

  39. NOBODY READS DOCS “docs are for experts” “I just want

    to try” “gimme code!” #devexperience18 @vixentael
  40. 1. HOW TO START? pod try BoringSSL cmake -DANDROID_ABI=armeabi-v7a \

    -DCMAKE_TOOLCHAIN_FILE=../third_party/ android-cmake/android.toolchain.cmake \ -DANDROID_NATIVE_API_LEVEL=16 \ -GNinja .. https://boringssl.googlesource.com/boringssl/+/HEAD/BUILDING.md #devexperience18 @vixentael
  41. easy, architecture-independent installation 1. HOW TO START? #devexperience18 @vixentael

  42. 2. SUPPORTED PLATFORMS? *nix OSX web browsers embedded iOS Android

    Windows minimum expected: #devexperience18 @vixentael
  43. cross-platform is not an option anymore cross-platform is a must

    have 2. SUPPORTED PLATFORMS? #devexperience18 @vixentael
  44. OPTIONS WE HAVE

  45. #owaspkyiv @vixentael HSM

  46. HARDWARE SECURITY MODULE key generation provides cryptoprocessing key storage portable

    #devexperience18 @vixentael
  47. #owaspkyiv @vixentael TRUSTED PLATFORM MODULE key management disk protection trust

    anchor built-in remote attestation provides cryptoprimitives
  48. HSM & TPM: PROS fast hardware crypto! trusted environment known

    security guarantees keys calculations #devexperience18 @vixentael
  49. HSM & TPM: CONS vendor lock / vendor trust bad

    for interactive encryption complicated to maintain (install, upgrade, support, not cross-platform) #devexperience18 @vixentael
  50. HSM & TPM: PRO & CONS HSM app plaintext data

    plaintext data is far away from the place it is used #devexperience18 @vixentael
  51. SOFTWARE CRYPTO SYSTEMS https://github.com/sobolevn/awesome-cryptography any kind of encryption plaintext data

    is closer to its usage cross-platform
  52. https://github.com/sobolevn/awesome-cryptography SOFTWARE CRYPTO SYSTEMS any kind of encryption plaintext data

    is closer to its usage cross-platform NO DEVICE TRUST
  53. WEBBROWSER CRYPTO: CONS DOM, XSS, NO CODE TRUST #devexperience18 @vixentael

  54. HSM/TPM + SOFTWARE CS keys calculations TPM / own software

    cross-platform take best from both #devexperience18 @vixentael HSM
  55. None
  56. cross-platform easy to install easy to use USING CRYPTO SHOULD

    BE LIKE.. audited open source time proven well-documented #devexperience18 @vixentael
  57. crypto-libraries crypto-systems boxed solutions FORM-FACTOR STAIRS

  58. #devexperience18 @vixentael

  59. 1. CRYPTO-LIBS implements single or multiple security functions #devexperience18 @vixentael

    https://github.com/sobolevn/awesome-cryptography
  60. 1. CRYPTO-LIBS libsodium themis https://github.com/sobolevn/awesome-cryptography implements single or multiple security

    functions keyczar noise #devexperience18 @vixentael
  61. EXAMPLE https://github.com/cossacklabs/themis/wiki/Python-Howto secure messaging with forward secrecy #devexperience18 @vixentael

  62. 2. CRYPTO-SYSTEMS combines security functions for solving exact use-case #devexperience18

    @vixentael
  63. 2. CRYPTO-SYSTEMS axolotl hermes combines security functions for solving exact

    use-case SSL/TLS ZeroKit #devexperience18 @vixentael
  64. EXAMPLE https://github.com/cossacklabs/hermes-core/wiki/Python-tutorial data access control based on crypto-keys python docs/examples/python/hermes_client.py

    --id USER1 --config=docs/examples/python/config.json --private_key USER1.priv --doc secretfile --read #devexperience18 @vixentael
  65. 3. BOXED SOLUTIONS unites crypto-systems and user functions for solving

    problems #devexperience18 @vixentael
  66. 3. BOXED SOLUTIONS truecrypt ssh acra vault unites crypto-systems and

    user functions for solving problems #devexperience18 @vixentael
  67. EXAMPLE https://github.com/cossacklabs/acra/wiki/Trying-Acra-with-Docker database proxy for encrypting / decrypting git clone

    https://github.com/cossacklabs/acra cd acra/docker docker-compose -f acra-pgsql-ssl-proxy.yml up -d #devexperience18 @vixentael
  68. CAN I SOLVE MY USE-CASE USING… boxed solutions

  69. CAN I SOLVE MY USE-CASE USING… crypto-libraries crypto-systems boxed solutions

    more pain
  70. CAN I SOLVE MY USE-CASE USING… crypto-libraries crypto-systems boxed solutions

    more pain even more pain
  71. https://www.cossacklabs.com/choose-your-ios-crypto.html

  72. THE WORLD DOESN’T HAVE A PROBLEM WITH NEW CRYPTO-ALGORITHMS.

  73. THE WORLD DOESN’T HAVE A PROBLEM WITH NEW CRYPTO-ALGORITHMS. PROBLEM

    IS THAT THEY ARE NOT BORING ENOUGH
  74. #devexperience18 @vixentael

  75. VS #devexperience18 @vixentael

  76. make the light controllable #devexperience18 @vixentael

  77. #devexperience18 @vixentael

  78. make the crypto security controllable #devexperience18 @vixentael

  79. make the crypto security controllable and booooring #devexperience18 @vixentael

  80. #owaspkyiv @vixentael

  81. LINKS 1 Boring crypto, Daniel J. Bernstein https://cr.yp.to/talks/2015.10.05/slides-djb-20151005-a4.pdf Why does

    cryptographic software fail? https://pdos.csail.mit.edu/papers/cryptobugs:apsys14.pdf API design for cryptography https://2017.hack.lu/archive/2017/hacklu-crypto-api.pdf
  82. LINKS 2 Encrypting strings in Android: Let’s make better mistakes

    https://tozny.com/blog/encrypting-strings-in-android-lets-make-better-mistakes/ Awesome crypto papers https://github.com/pFarb/awesome-crypto-papers 12 And 1 Ideas How To Enhance Backend Data Security https://www.cossacklabs.com/backend-data-security-modern-ideas.html Attestation and Trusted Computing https://courses.cs.washington.edu/courses/csep590/06wi/finalprojects/bare.pdf
  83. MY OTHER SECURITY SLIDES https://github.com/ vixentael/my-talks …and more

  84. @vixentael Product Engineer Feel free to reach me with security

    questions. I do check my inbox :)