Upgrade to Pro — share decks privately, control downloads, hide ads and more …

e2ee != security != privacy

vixentael
January 26, 2021

e2ee != security != privacy

Let's ride a hype wave of Signal-Whatsapp-Telegram drama and talk about encryption. How can an app use end-to-end encryption but still sell your data elsewhere? We will discuss different encryption ways and how they protect data from different threat models.

https://www.youtube.com/watch?v=CqsrA4eeGSs

vixentael

January 26, 2021
Tweet

More Decks by vixentael

Other Decks in Programming

Transcript

  1. e2ee ≠ security ≠ privacy
    @vixentael

    View Slide

  2. @vixentael
    head of customer solutions,
    security software engineer
    OSS maintainer: Themis, Acra
    focused on applied crypto and
    building e2ee protocols

    View Slide

  3. cossacklabs.com/products
    Data security tools & solutions
    @vixentael
    We make software to get data security right –
    from open-source and proprietary cryptographic
    tools to custom solutions and consulting.

    View Slide

  4. We help with e2ee in apps
    blog.bear.app
    cossacklabs.com/blog/ @vixentael
    appspector.com
    userbase.com

    View Slide

  5. Lots of misunderstanding about
    security, privacy and encryption
    @vixentael

    View Slide

  6. @vixentael

    View Slide

  7. @vixentael
    Using “end-to-end encryption” doesn’t mean that
    ALL your data
    is encrypted end-to-end
    AND local data is encrypted
    AND e2ee is enabled by default
    AND backups are encrypted
    AND cipher is modern

    View Slide

  8. @vixentael
    Using “end-to-end encryption” doesn’t mean that
    ALL your data
    is encrypted end-to-end
    AND local data is encrypted
    AND e2ee is enabled by default
    meta-data, attachments
    some ppl call TLS — E2EE :)
    data at rest enc is separate
    opt-in vs opt-out
    AND backups are encrypted also separate
    also apps can collect phone numbers, location, IPs, device
    info, etc
    AND cipher is modern xor, base64, AES CBC

    View Slide

  9. twitter.com/mikebutcher/status/1347105722035822593 @vixentael
    All these apps use e2ee

    View Slide

  10. securemessagingapps.com @vixentael
    docs.google.com/spreadsheets/d/1I_qS5Oy1lRpd6FEw-4AqrFxq-
    FLN-m6bJPJf2drdwRY/htmlview#gid=0

    View Slide

  11. @vixentael
    What data we collect, how we link it to the user, who has access to collected
    info, do we give access to gov, where servers are located. See GDPR/CCPA.
    Privacy & trust
    How we protect collected data, access, apps, dbs, servers, backups. See
    OWASP ASVS/MASVS/SAMM. AppSec, DataSec, InfraSec.
    Security
    Some data is e2ee’d from user to same/another user, servers don’t have
    access to keys/secrets/plaintext.
    E2EE

    View Slide

  12. @vixentael
    Privacy
    Security
    E2EE
    Any combinations
    possible

    View Slide

  13. Now, let’s talk about encryption from
    data-flow perspective
    @vixentael

    View Slide

  14. input, generation,
    local storage
    processing
    storage
    logs, analytics
    Encryption depends on
    a dataflow
    web
    frontend
    storage
    mobile
    frontend
    web
    admin
    backups
    payment
    service
    orders
    processing
    analytics
    i
    i
    o
    i
    p s
    s
    p
    @vixentael

    View Slide

  15. @vixentael
    Encryption
    data stored encrypted locally – data-at-rest
    encryption; also FS/OS encryption, TDE.
    host /
    server
    host /
    server
    transport layer encryption – data-in-transit
    encryption (TLS, IPSec, SSH).
    host /
    server

    View Slide

  16. @vixentael
    Application-level encryption (ALE)
    data encrypted by app – application-level
    encryption (ALE)
    app
    ALE happens on client side – client-side
    encryption
    client
    ALE happens on server side – server-side
    encryption
    server
    proxy … proxy-side encryption

    View Slide

  17. @vixentael
    server 1 server 2 server 3
    TLS (in transit)
    server 1 server 2 server 3
    Alice app 2 Bob
    application-level encryption
    Alice app 2 Bob

    View Slide

  18. @vixentael
    E2EE, FLE
    only some data fields are encrypted –
    field-level encryption (FLE)
    Alice client-side encryption when no keys/
    secrets/data is available to servers –
    end-to-end encryption
    Bob

    View Slide

  19. @vixentael
    Transparent encryption
    Data is encrypted in a database, but apps don’t know
    about this – Transparent Database Encryption (TDE)
    Data is encrypted on a proxy, but apps/dbs don’t know
    about this – Transparent Proxy-side Encryption
    proxy
    app
    app

    View Slide

  20. @vixentael
    Obviously, because TLS and ALE have totally
    different threat models.

    View Slide

  21. @vixentael
    encryption
    controls / events
    transit (TLS) disk / FS
    TDE / DB
    encryption
    ALE E2EE
    physical access
    to servers
    ⛔ ✅ ✅ ✅ ✅
    MitM
    ✅ ⛔ ⛔ ✅ ✅
    privileged DB
    access
    ⛔ ⛔ ⛔ ✅ ✅
    privileged
    system access
    ⛔ ⛔ ⛔ Depends

    backups, logs,
    snapshots
    ⛔ ⛔ Few
    ✅ ✅
    infoq.com/articles/ale-software-architects/

    View Slide

  22. @vixentael
    if E2EE is so great, why we don’t use it everywhere?
    TLS
    FS/OS
    encr,
    TDE
    custom data-
    at-rest encr
    ALE
    E2EE
    security
    efforts,
    tradeoffs

    View Slide

  23. @vixentael
    if E2EE is so great, why we don’t use it everywhere?
    TLS
    FS/OS
    encr,
    TDE
    custom data-
    at-rest encr
    ALE
    E2EE
    security
    efforts,
    tradeoffs
    key storage,
    key rotation, key
    revocation,
    data re-encryption,
    consistency, backups,
    tying keys w/ identity,
    search in encrypted data,
    logging monitoring,
    and all the NIST SP
    800-53,

    View Slide

  24. @vixentael
    Also, using “end-to-end encryption” doesn’t mean that
    ALL your data
    is encrypted end-to-end
    AND local data is encrypted
    AND e2ee is enabled by default
    meta-data, attachments
    some ppl call TLS — E2EE :)
    data at rest enc is separate
    opt-in vs opt-out
    AND backups are encrypted also separate
    also apps can collect phone numbers, location, IPs, device
    info, etc
    AND cipher is modern xor, base64, AES CBC

    View Slide

  25. More complicated schemes
    @vixentael

    View Slide

  26. app
    @vixentael
    Client-side field-level encryption (CSFLE)
    docs.mongodb.com/drivers/security/client-side-field-level-
    encryption-guide
    app code
    MongoDB
    SDK MongoDB
    stores records
    with encrypted
    fields
    encryption /
    decryption
    key vault
    TLS
    writes records with encrypted fields
    reads records with encrypted fields
    TLS

    View Slide

  27. app / server
    @vixentael
    Proxy-side transparent field-level encryption
    github.com/cossacklabs/acra
    database
    key vault
    stores records
    with encrypted
    fields
    writes records with encrypted fields
    reads records with encrypted fields
    Acra proxy
    encryption /
    decryption
    TLS
    TLS
    TLS

    View Slide

  28. That’s all folks
    @vixentael

    View Slide

  29. @vixentael
    speakerdeck.com/veorq/hunting-for-vulnerabilities-in-signal
    Hunting for vulnerabilities in Signal, 2017, by @veorq and @marver
    infoq.com/articles/ale-software-architects/
    Application Level Encryption for Software Architects, by @9gunpi
    buttondown.email/cryptography-dispatches/archive/
    cryptography-dispatches-the-most-backdoor-looking/
    ‘xor nonce’ bug in Telegram protocol, by @FiloSottile

    View Slide

  30. @vixentael
    github.com/vixentael/my-talks

    View Slide