Upgrade to Pro — share decks privately, control downloads, hide ads and more …

e2ee != security != privacy

042b7c0e45c53de46667f07de2fb2614?s=47 vixentael
January 26, 2021

e2ee != security != privacy

Let's ride a hype wave of Signal-Whatsapp-Telegram drama and talk about encryption. How can an app use end-to-end encryption but still sell your data elsewhere? We will discuss different encryption ways and how they protect data from different threat models.

https://www.youtube.com/watch?v=CqsrA4eeGSs

042b7c0e45c53de46667f07de2fb2614?s=128

vixentael

January 26, 2021
Tweet

Transcript

  1. e2ee ≠ security ≠ privacy @vixentael

  2. @vixentael head of customer solutions, security software engineer OSS maintainer:

    Themis, Acra focused on applied crypto and building e2ee protocols
  3. cossacklabs.com/products Data security tools & solutions @vixentael We make software

    to get data security right – from open-source and proprietary cryptographic tools to custom solutions and consulting.
  4. We help with e2ee in apps blog.bear.app cossacklabs.com/blog/ @vixentael appspector.com

    userbase.com
  5. Lots of misunderstanding about security, privacy and encryption @vixentael

  6. @vixentael

  7. @vixentael Using “end-to-end encryption” doesn’t mean that ALL your data

    is encrypted end-to-end AND local data is encrypted AND e2ee is enabled by default AND backups are encrypted AND cipher is modern
  8. @vixentael Using “end-to-end encryption” doesn’t mean that ALL your data

    is encrypted end-to-end AND local data is encrypted AND e2ee is enabled by default meta-data, attachments some ppl call TLS — E2EE :) data at rest enc is separate opt-in vs opt-out AND backups are encrypted also separate also apps can collect phone numbers, location, IPs, device info, etc AND cipher is modern xor, base64, AES CBC
  9. twitter.com/mikebutcher/status/1347105722035822593 @vixentael All these apps use e2ee

  10. securemessagingapps.com @vixentael docs.google.com/spreadsheets/d/1I_qS5Oy1lRpd6FEw-4AqrFxq- FLN-m6bJPJf2drdwRY/htmlview#gid=0

  11. @vixentael What data we collect, how we link it to

    the user, who has access to collected info, do we give access to gov, where servers are located. See GDPR/CCPA. Privacy & trust How we protect collected data, access, apps, dbs, servers, backups. See OWASP ASVS/MASVS/SAMM. AppSec, DataSec, InfraSec. Security Some data is e2ee’d from user to same/another user, servers don’t have access to keys/secrets/plaintext. E2EE
  12. @vixentael Privacy Security E2EE Any combinations possible

  13. Now, let’s talk about encryption from data-flow perspective @vixentael

  14. input, generation, local storage processing storage logs, analytics Encryption depends

    on a dataflow web frontend storage mobile frontend web admin backups payment service orders processing analytics i i o i p s s p @vixentael
  15. @vixentael Encryption data stored encrypted locally – data-at-rest encryption; also

    FS/OS encryption, TDE. host / server host / server transport layer encryption – data-in-transit encryption (TLS, IPSec, SSH). host / server
  16. @vixentael Application-level encryption (ALE) data encrypted by app – application-level

    encryption (ALE) app ALE happens on client side – client-side encryption client ALE happens on server side – server-side encryption server proxy … proxy-side encryption
  17. @vixentael server 1 server 2 server 3 TLS (in transit)

    server 1 server 2 server 3 Alice app 2 Bob application-level encryption Alice app 2 Bob
  18. @vixentael E2EE, FLE only some data fields are encrypted –

    field-level encryption (FLE) Alice client-side encryption when no keys/ secrets/data is available to servers – end-to-end encryption Bob
  19. @vixentael Transparent encryption Data is encrypted in a database, but

    apps don’t know about this – Transparent Database Encryption (TDE) Data is encrypted on a proxy, but apps/dbs don’t know about this – Transparent Proxy-side Encryption proxy app app
  20. @vixentael Obviously, because TLS and ALE have totally different threat

    models.
  21. @vixentael encryption controls / events transit (TLS) disk / FS

    TDE / DB encryption ALE E2EE physical access to servers ⛔ ✅ ✅ ✅ ✅ MitM ✅ ⛔ ⛔ ✅ ✅ privileged DB access ⛔ ⛔ ⛔ ✅ ✅ privileged system access ⛔ ⛔ ⛔ Depends ✅ backups, logs, snapshots ⛔ ⛔ Few ✅ ✅ infoq.com/articles/ale-software-architects/
  22. @vixentael if E2EE is so great, why we don’t use

    it everywhere? TLS FS/OS encr, TDE custom data- at-rest encr ALE E2EE security efforts, tradeoffs
  23. @vixentael if E2EE is so great, why we don’t use

    it everywhere? TLS FS/OS encr, TDE custom data- at-rest encr ALE E2EE security efforts, tradeoffs key storage, key rotation, key revocation, data re-encryption, consistency, backups, tying keys w/ identity, search in encrypted data, logging monitoring, and all the NIST SP 800-53,
  24. @vixentael Also, using “end-to-end encryption” doesn’t mean that ALL your

    data is encrypted end-to-end AND local data is encrypted AND e2ee is enabled by default meta-data, attachments some ppl call TLS — E2EE :) data at rest enc is separate opt-in vs opt-out AND backups are encrypted also separate also apps can collect phone numbers, location, IPs, device info, etc AND cipher is modern xor, base64, AES CBC
  25. More complicated schemes @vixentael

  26. app @vixentael Client-side field-level encryption (CSFLE) docs.mongodb.com/drivers/security/client-side-field-level- encryption-guide app code

    MongoDB SDK MongoDB stores records with encrypted fields encryption / decryption key vault TLS writes records with encrypted fields reads records with encrypted fields TLS
  27. app / server @vixentael Proxy-side transparent field-level encryption github.com/cossacklabs/acra database

    key vault stores records with encrypted fields writes records with encrypted fields reads records with encrypted fields Acra proxy encryption / decryption TLS TLS TLS
  28. That’s all folks @vixentael

  29. @vixentael speakerdeck.com/veorq/hunting-for-vulnerabilities-in-signal Hunting for vulnerabilities in Signal, 2017, by @veorq

    and @marver infoq.com/articles/ale-software-architects/ Application Level Encryption for Software Architects, by @9gunpi buttondown.email/cryptography-dispatches/archive/ cryptography-dispatches-the-most-backdoor-looking/ ‘xor nonce’ bug in Telegram protocol, by @FiloSottile
  30. @vixentael github.com/vixentael/my-talks