e2ee != security != privacy

e2ee ≠ security ≠ privacy
@vixentael

View Slide

@vixentael
head of customer solutions,
security software engineer
OSS maintainer: Themis, Acra
focused on applied crypto and
building e2ee protocols

View Slide

cossacklabs.com/products
Data security tools & solutions
@vixentael
We make software to get data security right –
from open-source and proprietary cryptographic
tools to custom solutions and consulting.

View Slide

We help with e2ee in apps
blog.bear.app
cossacklabs.com/blog/ @vixentael
appspector.com
userbase.com

View Slide

Lots of misunderstanding about
security, privacy and encryption
@vixentael

View Slide

@vixentael

View Slide

@vixentael
Using “end-to-end encryption” doesn’t mean that
ALL your data
is encrypted end-to-end
AND local data is encrypted
AND e2ee is enabled by default
AND backups are encrypted
AND cipher is modern

View Slide

@vixentael
Using “end-to-end encryption” doesn’t mean that
ALL your data
meta-data, attachments
some ppl call TLS — E2EE :)
data at rest enc is separate
opt-in vs opt-out
AND backups are encrypted also separate
also apps can collect phone numbers, location, IPs, device
info, etc
AND cipher is modern xor, base64, AES CBC

View Slide

twitter.com/mikebutcher/status/1347105722035822593 @vixentael
All these apps use e2ee

View Slide

securemessagingapps.com @vixentael
docs.google.com/spreadsheets/d/1I_qS5Oy1lRpd6FEw-4AqrFxq-
FLN-m6bJPJf2drdwRY/htmlview#gid=0

View Slide

@vixentael
What data we collect, how we link it to the user, who has access to collected
info, do we give access to gov, where servers are located. See GDPR/CCPA.
Privacy & trust
How we protect collected data, access, apps, dbs, servers, backups. See
OWASP ASVS/MASVS/SAMM. AppSec, DataSec, InfraSec.
Security
Some data is e2ee’d from user to same/another user, servers don’t have
access to keys/secrets/plaintext.
E2EE

View Slide

@vixentael
Privacy
Security
E2EE
Any combinations
possible

View Slide

Now, let’s talk about encryption from
data-ﬂow perspective
@vixentael

View Slide

input, generation,
local storage
processing
storage
logs, analytics
Encryption depends on
a dataﬂow
web
frontend
storage
mobile
frontend
web
admin
backups
payment
service
orders
processing
analytics
i
i
o
i
p s
s
p
@vixentael

View Slide

@vixentael
Encryption
data stored encrypted locally – data-at-rest
encryption; also FS/OS encryption, TDE.
host /
server
host /
server
transport layer encryption – data-in-transit
encryption (TLS, IPSec, SSH).
host /
server

View Slide

@vixentael
Application-level encryption (ALE)
data encrypted by app – application-level
encryption (ALE)
app
ALE happens on client side – client-side
encryption
client
ALE happens on server side – server-side
encryption
server
proxy … proxy-side encryption

View Slide

@vixentael
server 1 server 2 server 3
TLS (in transit)
server 1 server 2 server 3
Alice app 2 Bob
application-level encryption
Alice app 2 Bob

View Slide

@vixentael
E2EE, FLE
only some data ﬁelds are encrypted –
ﬁeld-level encryption (FLE)
Alice client-side encryption when no keys/
secrets/data is available to servers –
end-to-end encryption
Bob

View Slide

@vixentael
Transparent encryption
Data is encrypted in a database, but apps don’t know
about this – Transparent Database Encryption (TDE)
Data is encrypted on a proxy, but apps/dbs don’t know
about this – Transparent Proxy-side Encryption
proxy
app
app

View Slide

@vixentael
Obviously, because TLS and ALE have totally
different threat models.

View Slide

@vixentael
encryption
controls / events
transit (TLS) disk / FS
TDE / DB
encryption
ALE E2EE
physical access
to servers
⛔ ✅ ✅ ✅ ✅
MitM
✅ ⛔ ⛔ ✅ ✅
privileged DB
access
⛔ ⛔ ⛔ ✅ ✅
privileged
system access
⛔ ⛔ ⛔ Depends
✅
backups, logs,
snapshots
⛔ ⛔ Few
✅ ✅
infoq.com/articles/ale-software-architects/

View Slide

@vixentael
if E2EE is so great, why we don’t use it everywhere?
TLS
FS/OS
encr,
TDE
custom data-
at-rest encr
ALE
E2EE
security
efforts,
tradeoffs

View Slide

@vixentael
if E2EE is so great, why we don’t use it everywhere?
TLS
FS/OS
encr,
TDE
custom data-
at-rest encr
ALE
E2EE
security
efforts,
tradeoffs
key storage,
key rotation, key
revocation,
data re-encryption,
consistency, backups,
tying keys w/ identity,
search in encrypted data,
logging monitoring,
and all the NIST SP
800-53,

View Slide

@vixentael
Also, using “end-to-end encryption” doesn’t mean that
ALL your data
meta-data, attachments
some ppl call TLS — E2EE :)
data at rest enc is separate
opt-in vs opt-out
AND backups are encrypted also separate
also apps can collect phone numbers, location, IPs, device
info, etc
AND cipher is modern xor, base64, AES CBC

View Slide

More complicated schemes
@vixentael

View Slide

app
@vixentael
Client-side field-level encryption (CSFLE)
docs.mongodb.com/drivers/security/client-side-field-level-
encryption-guide
app code
MongoDB
SDK MongoDB
stores records
with encrypted
fields
encryption /
decryption
key vault
TLS
writes records with encrypted fields
reads records with encrypted fields
TLS

View Slide

app / server
@vixentael
Proxy-side transparent field-level encryption
github.com/cossacklabs/acra
database
key vault
stores records
with encrypted
fields
writes records with encrypted fields
reads records with encrypted fields
Acra proxy
encryption /
decryption
TLS
TLS
TLS

View Slide

That’s all folks
@vixentael

View Slide

@vixentael
speakerdeck.com/veorq/hunting-for-vulnerabilities-in-signal
Hunting for vulnerabilities in Signal, 2017, by @veorq and @marver
infoq.com/articles/ale-software-architects/
Application Level Encryption for Software Architects, by @9gunpi
buttondown.email/cryptography-dispatches/archive/
cryptography-dispatches-the-most-backdoor-looking/
‘xor nonce’ bug in Telegram protocol, by @FiloSottile

View Slide

@vixentael
github.com/vixentael/my-talks

View Slide

e2ee != security != privacy

e2ee != security != privacy

vixentael

More Decks by vixentael

Other Decks in Programming

Featured

Transcript