Use Cryptography; Don't Learn It

042b7c0e45c53de46667f07de2fb2614?s=47 vixentael
September 10, 2018
350

Use Cryptography; Don't Learn It

Presentation from Swift and Fika conference.

We talked about securing data, and about mistakes developers make when they are trying to use encryption. And what they actually want from cryptography: they want high level functions, they want easy to use instruments that just works. They want boring crypto. But in a real world we have different levels of paranoia: from Faraday cage to hardware and software solutions. We named three layers of software solutions: boxed, crypto-systems and crypto-libs. And how to select which one to use. And about Edisson lamp as an example of boring, but working system.

042b7c0e45c53de46667f07de2fb2614?s=128

vixentael

September 10, 2018
Tweet

Transcript

  1. USE CRYPTOGRAPHY, DON’T LEARN IT. @vixentael

  2. @vixentael head of customer solutions, security software engineer OSS maintainer:

    Themis, Acra focused on applied crypto and building e2ee protocols Anastasiia Voitova
  3. database searchable encryption eprint.iacr.org/2019/806.pdf e2ee data collaboration cossacklabs.com/files/hermes-theory-paper-rev1.pdf zero knowledge

    authentication cossacklabs.com/files/secure-comparator-paper-rev12.pdf cossacklabs.com @vixentael Data security solutions based on R&D
  4. None
  5. USABLE

  6. “Let’s protect stored data” …imagine simple use case …and calculate

    potential dev mistakes @vixentael
  7. 1. Defining the data scope business-sensitive data regulations, compliance tech

    data (keys, logs, backups, tokens..) @vixentael
  8. 1. Defining the data scope business-sensitive data regulations, compliance tech

    data (keys, logs, backups, tokens..) @vixentael Mistake 1. wrong scope definition
  9. 2. Selecting crypto function @vixentael twofish sha1 des md5

  10. 2. Selecting crypto function @vixentael twofish sha1 des md5 Mistake

    2. bad algo selection
  11. Things to decide on: KEY LENGTH DATA SCOPE CIPHER @vixentael

  12. 3. Using cipher @vixentael https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption

  13. 3. Using cipher @vixentael https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption

  14. 3. Using cipher @vixentael https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption Mistake 3. wrong params

  15. Things to decide on: PADDING KEY LENGTH MODE DATA SCOPE

    CIPHER IV @vixentael
  16. 4. Key management @vixentael user password DEK, KEK, master key,

    transport key, ephemeral key, OTP, token, keypairs … encryption key KDF
  17. 4. Key management @vixentael user password DEK, KEK, master key,

    transport key, ephemeral key, OTP, token, keypairs … encryption key KDF Mistake 4. bad key management https://www.owasp.org/index.php/Key_Management_Cheat_Sheet
  18. Things to decide on: PADDING KEY LENGTH KEY ROTATION MODE

    KEY DERIVATION KEY STORAGE KEY EXCHANGE DATA SCOPE CIPHER IV KEY REVOCATION KMS @vixentael
  19. 5. Infrastructure @vixentael

  20. Things to decide on: PADDING KEY LENGTH KEY ROTATION MODE

    KEY DERIVATION KEY STORAGE KEY EXCHANGE DATA SCOPE CIPHER IV KEY REVOCATION BACKUPS PLATFORMS KMS @vixentael
  21. None
  22. https://pdos.csail.mit.edu/papers/cryptobugs:apsys14.pdf 269 CVEs from 2011-2014 17% 83% bugs inside crypto

    libs misuses of crypto libs by individual apps @vixentael
  23. AES DES 3DES CBC CFB SEAL Salsa20 RSA DSA Kuznyechik

    Blowfish SHARK RC4 DSS ChaCha20 CTR AES-SIV Camelia SEED Rabbit ECDSA @vixentael
  24. — crypto that simply works, solidly resists attacks, never needs

    any upgrades https://cr.yp.to/talks/2015.10.05/slides-djb-20151005-a4.pdf Daniel J. Bernstein Boring crypto @vixentael
  25. I want to store data securely I want to send

    data securely I want to verify data integrity Solve use-cases @vixentael
  26. o store data securely o send data securely o verify

    data integrity KEY DERIVATION KEY EXCHANGE KEY ROTATION SIGN/VERIFY EPHEMERAL KEYS ENCR / DECR Solve use-cases @vixentael
  27. Crypto should be: cross-platform easy to install easy to use

    audited open source time proven well-documented compliant hard to mis-use @vixentael
  28. Form factor is important @vixentael

  29. encryption integration abstraction level complexity @vixentael

  30. encryption integration abstraction level complexity cipher crypto- library crypto- system

    boxed solution pain @vixentael
  31. 1. CRYPTO-LIBS implements single or multiple security functions https://github.com/sobolevn/awesome-cryptography @vixentael

    RNCryptor Themis OpenSSL/BoringSSL/*SSL CryptoSwift Tink LibSodium/NaCl
  32. Matthew Green @vixentael blog.cryptographyengineering.com/2012/12/28/the-anatomy-of-bad-idea/ “OpenSSL is the space shuttle of

    crypto libraries. It will get you to space, provided you have a team of people to push the ten thousand buttons required to do so. NaCl is more like an elevator — you just press a button and it takes you there. No frills or options. I like elevators.”
  33. OpenSSL “high level” API, AES CBC @vixentael

  34. CommonCrypto AES @vixentael

  35. High lvl API, easy to mis-use @vixentael

  36. should be random should use KDF(key) uses AES CBC, not

    AES GCM padding? salt? High lvl API, easy to mis-use @vixentael
  37. github.com/cossacklabs/themis @vixentael Themis: hard to mis-use

  38. hides cryptographic details: salt, IV, KDF, padding uses AES-256-GCM github.com/cossacklabs/themis

    built-in KDF to make keys stronger Themis: hard to mis-use @vixentael
  39. 2. CRYPTO-SYSTEMS libsignal hermes SSL/TLS ZeroKit noise combines security functions

    for solving exact use-case @vixentael
  40. ACL based on crypto-keys @vixentael hermes python docs/examples/python/hermes_client.py --id USER1

    --config=docs/examples/python/config.json --private_key USER1.priv --doc secretfile --read
  41. 3. BOXED SOLUTIONS @vixentael unites crypto-systems and user functions for

    solving problems truecrypt ssh acra vault Oracle TDE
  42. transparent & searchable encryption @vixentael marketplace.digitalocean.com/apps/acra

  43. transparent & searchable encryption @vixentael marketplace.digitalocean.com/apps/acra very boring

  44. pain curve less boring more boring cipher crypto- library crypto-

    system boxed solution pain @vixentael
  45. Boring crypto tools allow to focus on product, not on

    crypto code. @vixentael
  46. @vixentael

  47. VS @vixentael

  48. make the light controllable @vixentael

  49. make the crypto security controllable and booooring @vixentael

  50. @vixentael Anastasiia Voitova github.com/vixentael/ my-talks