Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Use Cryptography; Don't Learn It

vixentael
September 10, 2018
3
1.3k

Use Cryptography; Don't Learn It

Presentation from Swift and Fika conference.

We talked about securing data, and about mistakes developers make when they are trying to use encryption. And what they actually want from cryptography: they want high level functions, they want easy to use instruments that just works. They want boring crypto. But in a real world we have different levels of paranoia: from Faraday cage to hardware and software solutions. We named three layers of software solutions: boxed, crypto-systems and crypto-libs. And how to select which one to use. And about Edisson lamp as an example of boring, but working system.

vixentael

September 10, 2018
Tweet

More Decks by vixentael

See All by vixentael
Using YubiKey and FIDO U2F for secure authentication
vixentael
0
1.1k
Data is a new security boundary
vixentael
0
4.2k
Cryptographic protection of ML models
vixentael
0
2.5k
e2ee != security != privacy
vixentael
0
2.1k
Maintaining cryptographic library for 12 languages
vixentael
1
3.5k
10 lines of encryption, 1500 lines of key management
vixentael
2
1.5k
Security, privacy and cryptography at WWDC19
vixentael
1
620
Data encryption: CyberKids edition
vixentael
0
550
"Defense in depth": trench warfare principles for building secure distributed applications
vixentael
3
840

Featured

See All Featured
Bootstrapping a Software Product
garrettdimon
PRO
302
110k
Adopting Sorbet at Scale
ufuk
68
8.6k
Mobile First: as difficult as doing things right
swwweet
216
8.6k
Documentation Writing (for coders)
carmenintech
60
3.9k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
19
1.7k
Teambox: Starting and Learning
jrom
128
8.4k
The World Runs on Bad Software
bkeepers
PRO
61
6.7k
Into the Great Unknown - MozCon
thekraken
10
1k
Principles of Awesome APIs and How to Build Them.
keavy
121
16k
Art, The Web, and Tiny UX
lynnandtonic
289
19k
How to train your dragon (web standard)
notwaldorf
73
5.2k
Being A Developer After 40
akosma
57
580k

Transcript

  1. USE CRYPTOGRAPHY, DON’T LEARN IT. @vixentael

  2. @vixentael head of customer solutions, security software engineer OSS maintainer:

    Themis, Acra focused on applied crypto and building e2ee protocols Anastasiia Voitova

  3. database searchable encryption eprint.iacr.org/2019/806.pdf e2ee data collaboration cossacklabs.com/files/hermes-theory-paper-rev1.pdf zero knowledge

    authentication cossacklabs.com/files/secure-comparator-paper-rev12.pdf cossacklabs.com @vixentael Data security solutions based on R&D
  4. None

  5. USABLE

  6. “Let’s protect stored data” …imagine simple use case …and calculate

    potential dev mistakes @vixentael

  7. 1. Defining the data scope business-sensitive data regulations, compliance tech

    data (keys, logs, backups, tokens..) @vixentael

  8. 1. Defining the data scope business-sensitive data regulations, compliance tech

    data (keys, logs, backups, tokens..) @vixentael Mistake 1. wrong scope definition

  9. 2. Selecting crypto function @vixentael twofish sha1 des md5

  10. 2. Selecting crypto function @vixentael twofish sha1 des md5 Mistake

    2. bad algo selection

  11. Things to decide on: KEY LENGTH DATA SCOPE CIPHER @vixentael

  12. 3. Using cipher @vixentael https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption

  13. 3. Using cipher @vixentael https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption

  14. 3. Using cipher @vixentael https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption Mistake 3. wrong params

  15. Things to decide on: PADDING KEY LENGTH MODE DATA SCOPE

    CIPHER IV @vixentael

  16. 4. Key management @vixentael user password DEK, KEK, master key,

    transport key, ephemeral key, OTP, token, keypairs … encryption key KDF

  17. 4. Key management @vixentael user password DEK, KEK, master key,

    transport key, ephemeral key, OTP, token, keypairs … encryption key KDF Mistake 4. bad key management https://www.owasp.org/index.php/Key_Management_Cheat_Sheet

  18. Things to decide on: PADDING KEY LENGTH KEY ROTATION MODE

    KEY DERIVATION KEY STORAGE KEY EXCHANGE DATA SCOPE CIPHER IV KEY REVOCATION KMS @vixentael

  19. 5. Infrastructure @vixentael

  20. Things to decide on: PADDING KEY LENGTH KEY ROTATION MODE

    KEY DERIVATION KEY STORAGE KEY EXCHANGE DATA SCOPE CIPHER IV KEY REVOCATION BACKUPS PLATFORMS KMS @vixentael
  21. None

  22. https://pdos.csail.mit.edu/papers/cryptobugs:apsys14.pdf 269 CVEs from 2011-2014 17% 83% bugs inside crypto

    libs misuses of crypto libs by individual apps @vixentael

  23. AES DES 3DES CBC CFB SEAL Salsa20 RSA DSA Kuznyechik

    Blowfish SHARK RC4 DSS ChaCha20 CTR AES-SIV Camelia SEED Rabbit ECDSA @vixentael

  24. — crypto that simply works, solidly resists attacks, never needs

    any upgrades https://cr.yp.to/talks/2015.10.05/slides-djb-20151005-a4.pdf Daniel J. Bernstein Boring crypto @vixentael

  25. I want to store data securely I want to send

    data securely I want to verify data integrity Solve use-cases @vixentael

  26. o store data securely o send data securely o verify

    data integrity KEY DERIVATION KEY EXCHANGE KEY ROTATION SIGN/VERIFY EPHEMERAL KEYS ENCR / DECR Solve use-cases @vixentael

  27. Crypto should be: cross-platform easy to install easy to use

    audited open source time proven well-documented compliant hard to mis-use @vixentael

  28. Form factor is important @vixentael

  29. encryption integration abstraction level complexity @vixentael

  30. encryption integration abstraction level complexity cipher crypto- library crypto- system

    boxed solution pain @vixentael

  31. 1. CRYPTO-LIBS implements single or multiple security functions https://github.com/sobolevn/awesome-cryptography @vixentael

    RNCryptor Themis OpenSSL/BoringSSL/*SSL CryptoSwift Tink LibSodium/NaCl

  32. Matthew Green @vixentael blog.cryptographyengineering.com/2012/12/28/the-anatomy-of-bad-idea/ “OpenSSL is the space shuttle of

    crypto libraries. It will get you to space, provided you have a team of people to push the ten thousand buttons required to do so. NaCl is more like an elevator — you just press a button and it takes you there. No frills or options. I like elevators.”

  33. OpenSSL “high level” API, AES CBC @vixentael

  34. CommonCrypto AES @vixentael

  35. High lvl API, easy to mis-use @vixentael

  36. should be random should use KDF(key) uses AES CBC, not

    AES GCM padding? salt? High lvl API, easy to mis-use @vixentael

  37. github.com/cossacklabs/themis @vixentael Themis: hard to mis-use

  38. hides cryptographic details: salt, IV, KDF, padding uses AES-256-GCM github.com/cossacklabs/themis

    built-in KDF to make keys stronger Themis: hard to mis-use @vixentael

  39. 2. CRYPTO-SYSTEMS libsignal hermes SSL/TLS ZeroKit noise combines security functions

    for solving exact use-case @vixentael

  40. ACL based on crypto-keys @vixentael hermes python docs/examples/python/hermes_client.py --id USER1

    --config=docs/examples/python/config.json --private_key USER1.priv --doc secretfile --read

  41. 3. BOXED SOLUTIONS @vixentael unites crypto-systems and user functions for

    solving problems truecrypt ssh acra vault Oracle TDE

  42. transparent & searchable encryption @vixentael marketplace.digitalocean.com/apps/acra

  43. transparent & searchable encryption @vixentael marketplace.digitalocean.com/apps/acra very boring

  44. pain curve less boring more boring cipher crypto- library crypto-

    system boxed solution pain @vixentael

  45. Boring crypto tools allow to focus on product, not on

    crypto code. @vixentael

  46. @vixentael

  47. VS @vixentael

  48. make the light controllable @vixentael

  49. make the crypto security controllable and booooring @vixentael

  50. @vixentael Anastasiia Voitova github.com/vixentael/ my-talks