Upgrade to Pro — share decks privately, control downloads, hide ads and more …

e2ee != security != privacy

vixentael
January 26, 2021

e2ee != security != privacy

Let's ride a hype wave of Signal-Whatsapp-Telegram drama and talk about encryption. How can an app use end-to-end encryption but still sell your data elsewhere? We will discuss different encryption ways and how they protect data from different threat models.

https://www.youtube.com/watch?v=CqsrA4eeGSs

vixentael

January 26, 2021
Tweet

More Decks by vixentael

Other Decks in Programming

Transcript

  1. e2ee ≠ security ≠ privacy
    @vixentael

    View full-size slide

  2. @vixentael
    head of customer solutions,
    security software engineer
    OSS maintainer: Themis, Acra
    focused on applied crypto and
    building e2ee protocols

    View full-size slide

  3. cossacklabs.com/products
    Data security tools & solutions
    @vixentael
    We make software to get data security right –
    from open-source and proprietary cryptographic
    tools to custom solutions and consulting.

    View full-size slide

  4. We help with e2ee in apps
    blog.bear.app
    cossacklabs.com/blog/ @vixentael
    appspector.com
    userbase.com

    View full-size slide

  5. Lots of misunderstanding about
    security, privacy and encryption
    @vixentael

    View full-size slide

  6. @vixentael
    Using “end-to-end encryption” doesn’t mean that
    ALL your data
    is encrypted end-to-end
    AND local data is encrypted
    AND e2ee is enabled by default
    AND backups are encrypted
    AND cipher is modern

    View full-size slide

  7. @vixentael
    Using “end-to-end encryption” doesn’t mean that
    ALL your data
    is encrypted end-to-end
    AND local data is encrypted
    AND e2ee is enabled by default
    meta-data, attachments
    some ppl call TLS — E2EE :)
    data at rest enc is separate
    opt-in vs opt-out
    AND backups are encrypted also separate
    also apps can collect phone numbers, location, IPs, device
    info, etc
    AND cipher is modern xor, base64, AES CBC

    View full-size slide

  8. twitter.com/mikebutcher/status/1347105722035822593 @vixentael
    All these apps use e2ee

    View full-size slide

  9. securemessagingapps.com @vixentael
    docs.google.com/spreadsheets/d/1I_qS5Oy1lRpd6FEw-4AqrFxq-
    FLN-m6bJPJf2drdwRY/htmlview#gid=0

    View full-size slide

  10. @vixentael
    What data we collect, how we link it to the user, who has access to collected
    info, do we give access to gov, where servers are located. See GDPR/CCPA.
    Privacy & trust
    How we protect collected data, access, apps, dbs, servers, backups. See
    OWASP ASVS/MASVS/SAMM. AppSec, DataSec, InfraSec.
    Security
    Some data is e2ee’d from user to same/another user, servers don’t have
    access to keys/secrets/plaintext.
    E2EE

    View full-size slide

  11. @vixentael
    Privacy
    Security
    E2EE
    Any combinations
    possible

    View full-size slide

  12. Now, let’s talk about encryption from
    data-flow perspective
    @vixentael

    View full-size slide

  13. input, generation,
    local storage
    processing
    storage
    logs, analytics
    Encryption depends on
    a dataflow
    web
    frontend
    storage
    mobile
    frontend
    web
    admin
    backups
    payment
    service
    orders
    processing
    analytics
    i
    i
    o
    i
    p s
    s
    p
    @vixentael

    View full-size slide

  14. @vixentael
    Encryption
    data stored encrypted locally – data-at-rest
    encryption; also FS/OS encryption, TDE.
    host /
    server
    host /
    server
    transport layer encryption – data-in-transit
    encryption (TLS, IPSec, SSH).
    host /
    server

    View full-size slide

  15. @vixentael
    Application-level encryption (ALE)
    data encrypted by app – application-level
    encryption (ALE)
    app
    ALE happens on client side – client-side
    encryption
    client
    ALE happens on server side – server-side
    encryption
    server
    proxy … proxy-side encryption

    View full-size slide

  16. @vixentael
    server 1 server 2 server 3
    TLS (in transit)
    server 1 server 2 server 3
    Alice app 2 Bob
    application-level encryption
    Alice app 2 Bob

    View full-size slide

  17. @vixentael
    E2EE, FLE
    only some data fields are encrypted –
    field-level encryption (FLE)
    Alice client-side encryption when no keys/
    secrets/data is available to servers –
    end-to-end encryption
    Bob

    View full-size slide

  18. @vixentael
    Transparent encryption
    Data is encrypted in a database, but apps don’t know
    about this – Transparent Database Encryption (TDE)
    Data is encrypted on a proxy, but apps/dbs don’t know
    about this – Transparent Proxy-side Encryption
    proxy
    app
    app

    View full-size slide

  19. @vixentael
    Obviously, because TLS and ALE have totally
    different threat models.

    View full-size slide

  20. @vixentael
    encryption
    controls / events
    transit (TLS) disk / FS
    TDE / DB
    encryption
    ALE E2EE
    physical access
    to servers
    ⛔ ✅ ✅ ✅ ✅
    MitM
    ✅ ⛔ ⛔ ✅ ✅
    privileged DB
    access
    ⛔ ⛔ ⛔ ✅ ✅
    privileged
    system access
    ⛔ ⛔ ⛔ Depends

    backups, logs,
    snapshots
    ⛔ ⛔ Few
    ✅ ✅
    infoq.com/articles/ale-software-architects/

    View full-size slide

  21. @vixentael
    if E2EE is so great, why we don’t use it everywhere?
    TLS
    FS/OS
    encr,
    TDE
    custom data-
    at-rest encr
    ALE
    E2EE
    security
    efforts,
    tradeoffs

    View full-size slide

  22. @vixentael
    if E2EE is so great, why we don’t use it everywhere?
    TLS
    FS/OS
    encr,
    TDE
    custom data-
    at-rest encr
    ALE
    E2EE
    security
    efforts,
    tradeoffs
    key storage,
    key rotation, key
    revocation,
    data re-encryption,
    consistency, backups,
    tying keys w/ identity,
    search in encrypted data,
    logging monitoring,
    and all the NIST SP
    800-53,

    View full-size slide

  23. @vixentael
    Also, using “end-to-end encryption” doesn’t mean that
    ALL your data
    is encrypted end-to-end
    AND local data is encrypted
    AND e2ee is enabled by default
    meta-data, attachments
    some ppl call TLS — E2EE :)
    data at rest enc is separate
    opt-in vs opt-out
    AND backups are encrypted also separate
    also apps can collect phone numbers, location, IPs, device
    info, etc
    AND cipher is modern xor, base64, AES CBC

    View full-size slide

  24. More complicated schemes
    @vixentael

    View full-size slide

  25. app
    @vixentael
    Client-side field-level encryption (CSFLE)
    docs.mongodb.com/drivers/security/client-side-field-level-
    encryption-guide
    app code
    MongoDB
    SDK MongoDB
    stores records
    with encrypted
    fields
    encryption /
    decryption
    key vault
    TLS
    writes records with encrypted fields
    reads records with encrypted fields
    TLS

    View full-size slide

  26. app / server
    @vixentael
    Proxy-side transparent field-level encryption
    github.com/cossacklabs/acra
    database
    key vault
    stores records
    with encrypted
    fields
    writes records with encrypted fields
    reads records with encrypted fields
    Acra proxy
    encryption /
    decryption
    TLS
    TLS
    TLS

    View full-size slide

  27. That’s all folks
    @vixentael

    View full-size slide

  28. @vixentael
    speakerdeck.com/veorq/hunting-for-vulnerabilities-in-signal
    Hunting for vulnerabilities in Signal, 2017, by @veorq and @marver
    infoq.com/articles/ale-software-architects/
    Application Level Encryption for Software Architects, by @9gunpi
    buttondown.email/cryptography-dispatches/archive/
    cryptography-dispatches-the-most-backdoor-looking/
    ‘xor nonce’ bug in Telegram protocol, by @FiloSottile

    View full-size slide

  29. @vixentael
    github.com/vixentael/my-talks

    View full-size slide