Don’t waste time on learning cryptography: better use it properly

042b7c0e45c53de46667f07de2fb2614?s=47 vixentael
December 02, 2017

Don’t waste time on learning cryptography: better use it properly

#crypto #security #trust

Presented at Owasp Winter 2017, Kyiv, Ukraine and at DevExperience18 in Iasi, Romania.

1. The typical engineering workflow "we should protect the data, what shall we do", and possible mistakes.
2. What is "boring crypto", what do we want from using crypto-products.
3. Possible solutions: HSM / TPM / software crypto.
4. How to select appropriate software crypto: libs, systems, containers.
5. We want crypto to be similar to the Edison lamp: controllable and boring system.

--------------------------------------

If you can't tap on the link inside slides, please open as pdf (button on the right).

--------------------------------------

Crypto in our lives: why you shouldn’t spend time learning all the details of the crypto-algorithms. Typical mistakes you make using crypto in your products. How to avoid late night commits, but to code 'fast and boring' instead.

--------------------------------------

Links to follow:

Boring crypto, Daniel J. Bernstein
https://cr.yp.to/talks/2015.10.05/slides-djb-20151005-a4.pdf

Why does cryptographic software fail?
https://pdos.csail.mit.edu/papers/cryptobugs:apsys14.pdf

API design for cryptography
https://2017.hack.lu/archive/2017/hacklu-crypto-api.pdf

Encrypting strings in Android: Let’s make better mistakes
https://tozny.com/blog/encrypting-strings-in-android-lets-make-better-mistakes/

Awesome crypto papers
https://github.com/pFarb/awesome-crypto-papers

12 And 1 Ideas How To Enhance Backend Data Security
https://www.cossacklabs.com/backend-data-security-modern-ideas.html

Attestation and Trusted Computing
https://courses.cs.washington.edu/courses/csep590/06wi/finalprojects/bare.pdf

042b7c0e45c53de46667f07de2fb2614?s=128

vixentael

December 02, 2017
Tweet

Transcript

  1. 3.
  2. 9.

    1. DEFINING THE DATA SCOPE sensitive user data GDPR /

    HIPAA / PCI DSS tech data (keys, logs) #devexperience18 @vixentael
  3. 10.

    1. DEFINING THE DATA SCOPE sensitive user data GDPR /

    HIPAA / PCI DSS tech data (keys, logs) mistake 1. wrong scope definition #devexperience18 @vixentael
  4. 17.

    THINGS TO DECIDE ON PADDING KEY LENGTH MODE DATA SCOPE

    ALGORITHM IV #devexperience18 @vixentael
  5. 19.

    4. KEY MANAGEMENT user password keys KDF mistake 4. bad

    key management https://www.owasp.org/index.php/Key_Management_Cheat_Sheet #devexperience18 @vixentael
  6. 20.

    THINGS TO DECIDE ON PADDING KEY LENGTH KEY ROTATION MODE

    KEY DERIVATION KEY STORAGE KEY EXCHANGE DATA SCOPE ALGORITHM IV KEY REVOCATION #devexperience18 @vixentael
  7. 22.

    PADDING KEY LENGTH KEY ROTATION MODE KEY DERIVATION KEY STORAGE

    THINGS TO DECIDE ON KEY EXCHANGE BACKUPS PLATFORMS DATA SCOPE ALGORITHM IV KEY REVOCATION #devexperience18 @vixentael
  8. 23.
  9. 24.

    https://pdos.csail.mit.edu/papers/cryptobugs:apsys14.pdf 269 CVEs from 2011-2014 17% 83% bugs inside crypto

    libs misuses of crypto libs by individual apps #devexperience18 @vixentael
  10. 27.

    AES DES 3DES CBC CFB SEAL Salsa20 RSA DSA OFB

    SHARK RC4 DSS ECB CTR SEED Blowfish #devexperience18 @vixentael
  11. 28.

    AES DES 3DES CBC CFB SEAL Salsa20 RSA DSA OFB

    Blowfish SHARK RC4 DSS ECB CTR Twofish Camelia SEED Rabbit ECDSA #devexperience18 @vixentael
  12. 29.

    AS USERS WE WANT… more ciphers! more vulnerabilities! more side

    channel attacks! more attacks! more constant time checks :) more protocols! more patches! #devexperience18 @vixentael
  13. 30.
  14. 33.

    BORING CRYPTO — crypto that simply works, solidly resists attacks,

    never needs any upgrades https://cr.yp.to/talks/2015.10.05/slides-djb-20151005-a4.pdf Daniel J. Bernstein #devexperience18 @vixentael
  15. 36.

    WHAT DO WE WANT? — HIGH-LEVEL FUNCTIONS I want to

    store data securely I want to send data securely I want to verify data integrity #devexperience18 @vixentael
  16. 37.

    WHAT DO WE WANT? store data securely send data securely

    verify data integrity key derivation key exchange key rotation sign/verify ephemeral keys encr / decr — HIGH-LEVEL FUNCTIONS #devexperience18 @vixentael
  17. 39.

    NOBODY READS DOCS “docs are for experts” “I just want

    to try” “gimme code!” #devexperience18 @vixentael
  18. 40.

    1. HOW TO START? pod try BoringSSL cmake -DANDROID_ABI=armeabi-v7a \

    -DCMAKE_TOOLCHAIN_FILE=../third_party/ android-cmake/android.toolchain.cmake \ -DANDROID_NATIVE_API_LEVEL=16 \ -GNinja .. https://boringssl.googlesource.com/boringssl/+/HEAD/BUILDING.md #devexperience18 @vixentael
  19. 42.

    2. SUPPORTED PLATFORMS? *nix OSX web browsers embedded iOS Android

    Windows minimum expected: #devexperience18 @vixentael
  20. 43.

    cross-platform is not an option anymore cross-platform is a must

    have 2. SUPPORTED PLATFORMS? #devexperience18 @vixentael
  21. 47.

    #owaspkyiv @vixentael TRUSTED PLATFORM MODULE key management disk protection trust

    anchor built-in remote attestation provides cryptoprimitives
  22. 48.

    HSM & TPM: PROS fast hardware crypto! trusted environment known

    security guarantees keys calculations #devexperience18 @vixentael
  23. 49.

    HSM & TPM: CONS vendor lock / vendor trust bad

    for interactive encryption complicated to maintain (install, upgrade, support, not cross-platform) #devexperience18 @vixentael
  24. 50.

    HSM & TPM: PRO & CONS HSM app plaintext data

    plaintext data is far away from the place it is used #devexperience18 @vixentael
  25. 54.

    HSM/TPM + SOFTWARE CS keys calculations TPM / own software

    cross-platform take best from both #devexperience18 @vixentael HSM
  26. 55.
  27. 56.

    cross-platform easy to install easy to use USING CRYPTO SHOULD

    BE LIKE.. audited open source time proven well-documented #devexperience18 @vixentael
  28. 63.

    2. CRYPTO-SYSTEMS axolotl hermes combines security functions for solving exact

    use-case SSL/TLS ZeroKit #devexperience18 @vixentael
  29. 64.

    EXAMPLE https://github.com/cossacklabs/hermes-core/wiki/Python-tutorial data access control based on crypto-keys python docs/examples/python/hermes_client.py

    --id USER1 --config=docs/examples/python/config.json --private_key USER1.priv --doc secretfile --read #devexperience18 @vixentael
  30. 66.

    3. BOXED SOLUTIONS truecrypt ssh acra vault unites crypto-systems and

    user functions for solving problems #devexperience18 @vixentael
  31. 67.

    EXAMPLE https://github.com/cossacklabs/acra/wiki/Trying-Acra-with-Docker database proxy for encrypting / decrypting git clone

    https://github.com/cossacklabs/acra cd acra/docker docker-compose -f acra-pgsql-ssl-proxy.yml up -d #devexperience18 @vixentael
  32. 81.

    LINKS 1 Boring crypto, Daniel J. Bernstein https://cr.yp.to/talks/2015.10.05/slides-djb-20151005-a4.pdf Why does

    cryptographic software fail? https://pdos.csail.mit.edu/papers/cryptobugs:apsys14.pdf API design for cryptography https://2017.hack.lu/archive/2017/hacklu-crypto-api.pdf
  33. 82.

    LINKS 2 Encrypting strings in Android: Let’s make better mistakes

    https://tozny.com/blog/encrypting-strings-in-android-lets-make-better-mistakes/ Awesome crypto papers https://github.com/pFarb/awesome-crypto-papers 12 And 1 Ideas How To Enhance Backend Data Security https://www.cossacklabs.com/backend-data-security-modern-ideas.html Attestation and Trusted Computing https://courses.cs.washington.edu/courses/csep590/06wi/finalprojects/bare.pdf