Use Cryptography; Don't Learn It

042b7c0e45c53de46667f07de2fb2614?s=47 vixentael
September 10, 2018
340

Use Cryptography; Don't Learn It

Presentation from Swift and Fika conference.

We talked about securing data, and about mistakes developers make when they are trying to use encryption. And what they actually want from cryptography: they want high level functions, they want easy to use instruments that just works. They want boring crypto. But in a real world we have different levels of paranoia: from Faraday cage to hardware and software solutions. We named three layers of software solutions: boxed, crypto-systems and crypto-libs. And how to select which one to use. And about Edisson lamp as an example of boring, but working system.

042b7c0e45c53de46667f07de2fb2614?s=128

vixentael

September 10, 2018
Tweet

Transcript

  1. USE CRYPTOGRAPHY, DON’T LEARN IT. @vixentael

  2. @vixentael Product Engineer Feel free to reach me with security

    questions. I do check my inbox :)
  3. None
  4. We want to protect our users’ data

  5. We want developers to protect data

  6. We want to protect our users’ data HOW? We want

    developers to protect data
  7. WE HAVE USER DATA. WHAT SHALL WE DO?

  8. PROTECTING USER DATA: STEPS MISTAKES WE DO @vixentael

  9. 1. DEFINING THE DATA SCOPE sensitive user data GDPR /

    HIPAA / PCI DSS tech data (keys, logs) @vixentael
  10. None
  11. 1. DEFINING THE DATA SCOPE sensitive user data GDPR /

    HIPAA / PCI DSS tech data (keys, logs) mistake 1. wrong scope definition @vixentael
  12. 2. SELECTING ALGORITHM twofish sha1 des md5 @vixentael

  13. twofish sha1 des md5 2. SELECTING ALGORITHM mistake 2. bad

    algo selection @vixentael
  14. THINGS TO DECIDE ON KEY LENGTH DATA SCOPE ALGORITHM @vixentael

  15. https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption 3. USING ALGORITHM @vixentael

  16. https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption 3. USING ALGORITHM @vixentael

  17. https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption 3. USING ALGORITHM mistake 3. wrong params @vixentael

  18. THINGS TO DECIDE ON PADDING KEY LENGTH MODE DATA SCOPE

    ALGORITHM IV @vixentael
  19. 4. KEY MANAGEMENT user password keys KDF @vixentael

  20. 4. KEY MANAGEMENT user password keys KDF mistake 4. bad

    key management https://www.owasp.org/index.php/Key_Management_Cheat_Sheet @vixentael
  21. THINGS TO DECIDE ON PADDING KEY LENGTH KEY ROTATION MODE

    KEY DERIVATION KEY STORAGE KEY EXCHANGE DATA SCOPE ALGORITHM IV KEY REVOCATION @vixentael
  22. 5. INFRASTRUCTURE @vixentael

  23. PADDING KEY LENGTH KEY ROTATION MODE KEY DERIVATION KEY STORAGE

    THINGS TO DECIDE ON KEY EXCHANGE BACKUPS PLATFORMS DATA SCOPE ALGORITHM IV KEY REVOCATION @vixentael
  24. None
  25. AS USERS WE WANT… more ciphers? @vixentael

  26. AES DES 3DES CBC CFB SEAL Salsa20 RSA DSA @vixentael

  27. AES DES 3DES CBC CFB SEAL Salsa20 RSA DSA OFB

    SHARK RC4 DSS ECB CTR SEED Blowfish @vixentael
  28. AES DES 3DES CBC CFB SEAL Salsa20 RSA DSA OFB

    Blowfish SHARK RC4 DSS ECB CTR Twofish Camelia SEED Rabbit ECDSA @vixentael
  29. AS USERS WE WANT… more ciphers! more vulnerabilities! more side

    channel attacks! more attacks! more constant time checks :) more protocols! more patches! @vixentael
  30. None
  31. EXCITING, BUT FOR CRYPTO RESEARCHERS ONLY

  32. AS USERS WE WANT… more ciphers! BORING CRYPTO @vixentael

  33. BORING CRYPTO — crypto that simply works, solidly resists attacks,

    never needs any upgrades https://cr.yp.to/talks/2015.10.05/slides-djb-20151005-a4.pdf Daniel J. Bernstein @vixentael
  34. BORING CRYPTO PLUG & PLAY @vixentael

  35. WHAT DO WE WANT? instead of adjusting our resources —

    SOLVE USE-CASES!
  36. WHAT DO WE WANT? — HIGH-LEVEL FUNCTIONS I want to

    store data securely I want to send data securely I want to verify data integrity @vixentael
  37. WHAT DO WE WANT? store data securely send data securely

    verify data integrity key derivation key exchange key rotation sign/verify ephemeral keys encr / decr — HIGH-LEVEL FUNCTIONS @vixentael
  38. 1. HOW TO START? pod try BoringSSL cmake -DANDROID_ABI=armeabi-v7a \

    -DCMAKE_TOOLCHAIN_FILE=../third_party/ android-cmake/android.toolchain.cmake \ -DANDROID_NATIVE_API_LEVEL=16 \ -GNinja .. https://boringssl.googlesource.com/boringssl/+/HEAD/BUILDING.md @vixentael
  39. easy, architecture-independent installation 1. HOW TO START? @vixentael

  40. 2. SUPPORTED PLATFORMS? *nix OSX web browsers embedded iOS Android

    Windows minimum expected: @vixentael
  41. cross-platform is not an option anymore cross-platform is a must

    have 2. SUPPORTED PLATFORMS? @vixentael
  42. OPTIONS WE HAVE

  43. #owaspkyiv @vixentael HSM

  44. HSM & TPM key management crypto-primitives disk protection crypto-processing trust

    anchor @vixentael
  45. HSM & TPM: PROS fast hardware crypto! trusted environment known

    security guarantees keys calculations @vixentael
  46. HSM & TPM: CONS vendor lock / vendor trust bad

    for interactive encryption complicated to maintain (install, upgrade, support, not cross-platform) @vixentael
  47. SOFTWARE CRYPTO SYSTEMS https://github.com/sobolevn/awesome-cryptography any kind of encryption plaintext data

    is closer to its usage cross-platform
  48. https://github.com/sobolevn/awesome-cryptography SOFTWARE CRYPTO SYSTEMS any kind of encryption plaintext data

    is closer to its usage cross-platform NO DEVICE TRUST
  49. WEBBROWSER CRYPTO: CONS DOM, XSS, NO CODE TRUST @vixentael

  50. HSM/TPM + SOFTWARE CS keys calculations TPM / own software

    cross-platform take best from both HSM @vixentael
  51. PRACTICE TIME

  52. USING CRYPTO SHOULD BE LIKE.. @vixentael cross-platform easy to install

    easy to use audited open source time proven well-documented compliant hard to mis-use
  53. crypto-libraries crypto-systems boxed solutions FORM-FACTOR STAIRS

  54. xoring is not encryption base64 is not encryption

  55. 1. CRYPTO-LIBS implements single or multiple security functions https://github.com/sobolevn/awesome-cryptography @vixentael

  56. 1. CRYPTO-LIBS RNCryptor Themis implements single or multiple security functions

    CommonCrypto/Security CryptoSwift Tink Keyczar LibSodium Noise https://github.com/sobolevn/awesome-cryptography @vixentael
  57. EXAMPLE Common Crypto AES @vixentael

  58. EXAMPLE Common Crypto KDF https://gist.github.com/hfossli/7165dc023a10046e2322b0ce74c596f8 @vixentael

  59. EXAMPLE Themis AES-GCM-256 https://github.com/cossacklabs/themis/wiki/Swift-Howto @vixentael

  60. EXAMPLE secure messaging with forward secrecy https://github.com/cossacklabs/themis/wiki/Swift-Howto @vixentael

  61. 2. CRYPTO-SYSTEMS combines security functions for solving exact use-case @vixentael

  62. 2. CRYPTO-SYSTEMS axolotl hermes combines security functions for solving exact

    use-case SSL/TLS ZeroKit @vixentael
  63. EXAMPLE https://github.com/cossacklabs/hermes-core/wiki/Python-tutorial data access control based on crypto-keys python docs/examples/python/hermes_client.py

    --id USER1 --config=docs/examples/python/config.json --private_key USER1.priv --doc secretfile --read @vixentael
  64. 3. BOXED SOLUTIONS unites crypto-systems and user functions for solving

    problems @vixentael
  65. 3. BOXED SOLUTIONS truecrypt ssh acra vault unites crypto-systems and

    user functions for solving problems @vixentael
  66. EXAMPLE https://github.com/cossacklabs/acra/wiki/Trying-Acra-with-Docker database proxy for encrypting / decrypting git clone

    https://github.com/cossacklabs/acra cd acra/docker docker-compose -f acra-pgsql-ssl-proxy.yml up -d @vixentael
  67. CAN I SOLVE MY USE-CASE USING… boxed solutions

  68. CAN I SOLVE MY USE-CASE USING… crypto-libraries crypto-systems boxed solutions

    more pain
  69. CAN I SOLVE MY USE-CASE USING… crypto-libraries crypto-systems boxed solutions

    more pain even more pain
  70. cross-platform easy to install easy to use audited open source

    time proven well-documented compliant hard to mis-use solves use-case DECISION MAP
  71. THE WORLD DOESN’T HAVE A PROBLEM WITH NEW CRYPTO-ALGORITHMS.

  72. THE WORLD DOESN’T HAVE A PROBLEM WITH NEW CRYPTO-ALGORITHMS. PROBLEM

    IS THAT THEY ARE NOT BORING ENOUGH
  73. @vixentael

  74. VS @vixentael

  75. make the light controllable @vixentael

  76. @vixentael

  77. make the crypto security controllable @vixentael

  78. make the crypto security controllable and booooring @vixentael

  79. #owaspkyiv @vixentael

  80. LINKS 1 Boring crypto, Daniel J. Bernstein https://cr.yp.to/talks/2015.10.05/slides-djb-20151005-a4.pdf Why does

    cryptographic software fail? https://pdos.csail.mit.edu/papers/cryptobugs:apsys14.pdf API design for cryptography https://2017.hack.lu/archive/2017/hacklu-crypto-api.pdf Choosing iOS crypto lib https://www.cossacklabs.com/choose-your-ios-crypto.html
  81. LINKS 2 Encrypting strings in Android: Let’s make better mistakes

    https://tozny.com/blog/encrypting-strings-in-android-lets-make-better-mistakes/ Awesome crypto papers https://github.com/pFarb/awesome-crypto-papers 12 And 1 Ideas How To Enhance Backend Data Security https://www.cossacklabs.com/backend-data-security-modern-ideas.html Attestation and Trusted Computing https://courses.cs.washington.edu/courses/csep590/06wi/finalprojects/bare.pdf
  82. MY OTHER SECURITY TALKS https://github.com/ vixentael/my-talks …and more

  83. @vixentael Product Engineer Feel free to reach me with security

    questions. I do check my inbox :)