Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Use Cryptography; Don't Learn It

vixentael
September 10, 2018
1.3k

Use Cryptography; Don't Learn It

Presentation from Swift and Fika conference.

We talked about securing data, and about mistakes developers make when they are trying to use encryption. And what they actually want from cryptography: they want high level functions, they want easy to use instruments that just works. They want boring crypto. But in a real world we have different levels of paranoia: from Faraday cage to hardware and software solutions. We named three layers of software solutions: boxed, crypto-systems and crypto-libs. And how to select which one to use. And about Edisson lamp as an example of boring, but working system.

vixentael

September 10, 2018
Tweet

Transcript

  1. USE CRYPTOGRAPHY,
    DON’T LEARN IT.
    @vixentael

    View full-size slide

  2. @vixentael
    head of customer solutions,
    security software engineer
    OSS maintainer: Themis, Acra
    focused on applied crypto and
    building e2ee protocols
    Anastasiia Voitova

    View full-size slide

  3. database searchable encryption
    eprint.iacr.org/2019/806.pdf
    e2ee data collaboration
    cossacklabs.com/files/hermes-theory-paper-rev1.pdf
    zero knowledge authentication
    cossacklabs.com/files/secure-comparator-paper-rev12.pdf
    cossacklabs.com @vixentael
    Data security solutions based on R&D

    View full-size slide

  4. “Let’s protect stored data”
    …imagine simple use case
    …and calculate potential dev
    mistakes
    @vixentael

    View full-size slide

  5. 1. Defining the data scope
    business-sensitive data
    regulations, compliance
    tech data (keys, logs, backups, tokens..)
    @vixentael

    View full-size slide

  6. 1. Defining the data scope
    business-sensitive data
    regulations, compliance
    tech data (keys, logs, backups, tokens..)
    @vixentael
    Mistake 1.
    wrong scope definition

    View full-size slide

  7. 2. Selecting crypto function
    @vixentael
    twofish
    sha1
    des
    md5

    View full-size slide

  8. 2. Selecting crypto function
    @vixentael
    twofish
    sha1
    des
    md5
    Mistake 2.
    bad algo selection

    View full-size slide

  9. Things to decide on:
    KEY LENGTH
    DATA SCOPE CIPHER
    @vixentael

    View full-size slide

  10. 3. Using cipher
    @vixentael
    https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption

    View full-size slide

  11. 3. Using cipher
    @vixentael
    https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption

    View full-size slide

  12. 3. Using cipher
    @vixentael
    https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption
    Mistake 3.
    wrong params

    View full-size slide

  13. Things to decide on:
    PADDING
    KEY LENGTH
    MODE
    DATA SCOPE CIPHER
    IV
    @vixentael

    View full-size slide

  14. 4. Key management
    @vixentael
    user password
    DEK, KEK, master key, transport key,
    ephemeral key, OTP, token, keypairs …
    encryption key
    KDF

    View full-size slide

  15. 4. Key management
    @vixentael
    user password
    DEK, KEK, master key, transport key,
    ephemeral key, OTP, token, keypairs …
    encryption key
    KDF
    Mistake 4.
    bad key management
    https://www.owasp.org/index.php/Key_Management_Cheat_Sheet

    View full-size slide

  16. Things to decide on:
    PADDING
    KEY LENGTH
    KEY ROTATION
    MODE
    KEY DERIVATION KEY STORAGE
    KEY EXCHANGE
    DATA SCOPE CIPHER
    IV
    KEY REVOCATION
    KMS
    @vixentael

    View full-size slide

  17. 5. Infrastructure
    @vixentael

    View full-size slide

  18. Things to decide on:
    PADDING
    KEY LENGTH
    KEY ROTATION
    MODE
    KEY DERIVATION KEY STORAGE
    KEY EXCHANGE
    DATA SCOPE CIPHER
    IV
    KEY REVOCATION
    BACKUPS
    PLATFORMS
    KMS
    @vixentael

    View full-size slide

  19. https://pdos.csail.mit.edu/papers/cryptobugs:apsys14.pdf
    269 CVEs
    from 2011-2014
    17%
    83%
    bugs inside crypto libs
    misuses of crypto libs
    by individual apps
    @vixentael

    View full-size slide

  20. AES
    DES
    3DES
    CBC
    CFB
    SEAL
    Salsa20
    RSA
    DSA
    Kuznyechik
    Blowfish
    SHARK
    RC4
    DSS
    ChaCha20
    CTR
    AES-SIV
    Camelia
    SEED
    Rabbit
    ECDSA
    @vixentael

    View full-size slide

  21. — crypto that simply works, solidly
    resists attacks, never needs any
    upgrades
    https://cr.yp.to/talks/2015.10.05/slides-djb-20151005-a4.pdf
    Daniel J. Bernstein
    Boring crypto
    @vixentael

    View full-size slide

  22. I want to store data securely
    I want to send data securely
    I want to verify data integrity
    Solve use-cases
    @vixentael

    View full-size slide

  23. o store data securely
    o send data securely
    o verify data integrity KEY DERIVATION
    KEY EXCHANGE
    KEY ROTATION
    SIGN/VERIFY EPHEMERAL KEYS
    ENCR / DECR
    Solve use-cases
    @vixentael

    View full-size slide

  24. Crypto should be:
    cross-platform
    easy to install
    easy to use audited
    open source
    time proven
    well-documented
    compliant
    hard to mis-use
    @vixentael

    View full-size slide

  25. Form factor is important
    @vixentael

    View full-size slide

  26. encryption integration
    abstraction level
    complexity
    @vixentael

    View full-size slide

  27. encryption integration
    abstraction level
    complexity
    cipher
    crypto-
    library
    crypto-
    system
    boxed
    solution
    pain
    @vixentael

    View full-size slide

  28. 1. CRYPTO-LIBS
    implements single or multiple
    security functions
    https://github.com/sobolevn/awesome-cryptography @vixentael
    RNCryptor
    Themis
    OpenSSL/BoringSSL/*SSL
    CryptoSwift Tink
    LibSodium/NaCl

    View full-size slide

  29. Matthew Green
    @vixentael
    blog.cryptographyengineering.com/2012/12/28/the-anatomy-of-bad-idea/
    “OpenSSL is the space shuttle of crypto libraries. It will
    get you to space, provided you have a team of people to
    push the ten thousand buttons required to do so.
    NaCl is more like an elevator — you just press a button
    and it takes you there. No frills or options.
    I like elevators.”

    View full-size slide

  30. OpenSSL “high level” API, AES CBC
    @vixentael

    View full-size slide

  31. CommonCrypto AES
    @vixentael

    View full-size slide

  32. High lvl API, easy to mis-use
    @vixentael

    View full-size slide

  33. should be random
    should use KDF(key)
    uses AES CBC, not AES GCM
    padding? salt?

    High lvl API, easy to mis-use
    @vixentael

    View full-size slide

  34. github.com/cossacklabs/themis @vixentael
    Themis: hard to mis-use

    View full-size slide

  35. hides cryptographic details: salt, IV, KDF, padding
    uses AES-256-GCM
    github.com/cossacklabs/themis
    built-in KDF to make keys stronger
    Themis: hard to mis-use
    @vixentael

    View full-size slide

  36. 2. CRYPTO-SYSTEMS
    libsignal
    hermes SSL/TLS
    ZeroKit
    noise
    combines security functions for
    solving exact use-case
    @vixentael

    View full-size slide

  37. ACL based on crypto-keys
    @vixentael
    hermes
    python docs/examples/python/hermes_client.py
    --id USER1
    --config=docs/examples/python/config.json
    --private_key USER1.priv
    --doc secretfile
    --read

    View full-size slide

  38. 3. BOXED SOLUTIONS
    @vixentael
    unites crypto-systems and user
    functions for solving problems
    truecrypt
    ssh
    acra
    vault
    Oracle TDE

    View full-size slide

  39. transparent & searchable encryption
    @vixentael
    marketplace.digitalocean.com/apps/acra

    View full-size slide

  40. transparent & searchable encryption
    @vixentael
    marketplace.digitalocean.com/apps/acra
    very boring

    View full-size slide

  41. pain curve
    less boring more boring
    cipher
    crypto-
    library
    crypto-
    system
    boxed
    solution
    pain
    @vixentael

    View full-size slide

  42. Boring crypto tools allow to focus on
    product,
    not on crypto code.
    @vixentael

    View full-size slide

  43. VS
    @vixentael

    View full-size slide

  44. make the light
    controllable
    @vixentael

    View full-size slide

  45. make the
    crypto security
    controllable
    and booooring
    @vixentael

    View full-size slide

  46. @vixentael
    Anastasiia Voitova
    github.com/vixentael/
    my-talks

    View full-size slide