Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Use Cryptography; Don't Learn It

vixentael
September 10, 2018
3
1.2k

Use Cryptography; Don't Learn It

Presentation from Swift and Fika conference.

We talked about securing data, and about mistakes developers make when they are trying to use encryption. And what they actually want from cryptography: they want high level functions, they want easy to use instruments that just works. They want boring crypto. But in a real world we have different levels of paranoia: from Faraday cage to hardware and software solutions. We named three layers of software solutions: boxed, crypto-systems and crypto-libs. And how to select which one to use. And about Edisson lamp as an example of boring, but working system.

vixentael

September 10, 2018
Tweet

More Decks by vixentael

See All by vixentael
Data is a new security boundary
vixentael
0
2.9k
Cryptographic protection of ML models
vixentael
0
2.2k
e2ee != security != privacy
vixentael
1
1.9k
Maintaining cryptographic library for 12 languages
vixentael
1
3k
10 lines of encryption, 1500 lines of key management
vixentael
2
1.3k
Security, privacy and cryptography at WWDC19
vixentael
1
520
Data encryption: CyberKids edition
vixentael
0
460
"Defense in depth": trench warfare principles for building secure distributed applications
vixentael
3
760
Workshop: Secure Software Development: From Rookie to Hardcore in 90 Minutes
vixentael
1
920

Featured

See All Featured
Clear Off the Table
cherdarchuk
81
300k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
226
16k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
318
20k
Keith and Marios Guide to Fast Websites
keithpitt
407
21k
Design by the Numbers
sachag
272
18k
Code Review Best Practice
trishagee
53
13k
The Straight Up "How To Draw Better" Workshop
denniskardys
226
130k
Pencils Down: Stop Designing & Start Developing
hursman
115
10k
Ruby is Unlike a Banana
tanoku
93
9.9k
Bash Introduction
62gerente
603
210k
How GitHub (no longer) Works
holman
300
140k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
33
8.6k

Transcript

  1. USE CRYPTOGRAPHY,
    DON’T LEARN IT.
    @vixentael

    View Slide

  2. @vixentael
    head of customer solutions,
    security software engineer
    OSS maintainer: Themis, Acra
    focused on applied crypto and
    building e2ee protocols
    Anastasiia Voitova

    View Slide

  3. database searchable encryption
    eprint.iacr.org/2019/806.pdf
    e2ee data collaboration
    cossacklabs.com/files/hermes-theory-paper-rev1.pdf
    zero knowledge authentication
    cossacklabs.com/files/secure-comparator-paper-rev12.pdf
    cossacklabs.com @vixentael
    Data security solutions based on R&D

    View Slide

  4. View Slide

  5. USABLE

    View Slide

  6. “Let’s protect stored data”
    …imagine simple use case
    …and calculate potential dev
    mistakes
    @vixentael

    View Slide

  7. 1. Defining the data scope
    business-sensitive data
    regulations, compliance
    tech data (keys, logs, backups, tokens..)
    @vixentael

    View Slide

  8. 1. Defining the data scope
    business-sensitive data
    regulations, compliance
    tech data (keys, logs, backups, tokens..)
    @vixentael
    Mistake 1.
    wrong scope definition

    View Slide

  9. 2. Selecting crypto function
    @vixentael
    twofish
    sha1
    des
    md5

    View Slide

  10. 2. Selecting crypto function
    @vixentael
    twofish
    sha1
    des
    md5
    Mistake 2.
    bad algo selection

    View Slide

  11. Things to decide on:
    KEY LENGTH
    DATA SCOPE CIPHER
    @vixentael

    View Slide

  12. 3. Using cipher
    @vixentael
    https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption

    View Slide

  13. 3. Using cipher
    @vixentael
    https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption

    View Slide

  14. 3. Using cipher
    @vixentael
    https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption
    Mistake 3.
    wrong params

    View Slide

  15. Things to decide on:
    PADDING
    KEY LENGTH
    MODE
    DATA SCOPE CIPHER
    IV
    @vixentael

    View Slide

  16. 4. Key management
    @vixentael
    user password
    DEK, KEK, master key, transport key,
    ephemeral key, OTP, token, keypairs …
    encryption key
    KDF

    View Slide

  17. 4. Key management
    @vixentael
    user password
    DEK, KEK, master key, transport key,
    ephemeral key, OTP, token, keypairs …
    encryption key
    KDF
    Mistake 4.
    bad key management
    https://www.owasp.org/index.php/Key_Management_Cheat_Sheet

    View Slide

  18. Things to decide on:
    PADDING
    KEY LENGTH
    KEY ROTATION
    MODE
    KEY DERIVATION KEY STORAGE
    KEY EXCHANGE
    DATA SCOPE CIPHER
    IV
    KEY REVOCATION
    KMS
    @vixentael

    View Slide

  19. 5. Infrastructure
    @vixentael

    View Slide

  20. Things to decide on:
    PADDING
    KEY LENGTH
    KEY ROTATION
    MODE
    KEY DERIVATION KEY STORAGE
    KEY EXCHANGE
    DATA SCOPE CIPHER
    IV
    KEY REVOCATION
    BACKUPS
    PLATFORMS
    KMS
    @vixentael

    View Slide

  21. View Slide

  22. https://pdos.csail.mit.edu/papers/cryptobugs:apsys14.pdf
    269 CVEs
    from 2011-2014
    17%
    83%
    bugs inside crypto libs
    misuses of crypto libs
    by individual apps
    @vixentael

    View Slide

  23. AES
    DES
    3DES
    CBC
    CFB
    SEAL
    Salsa20
    RSA
    DSA
    Kuznyechik
    Blowfish
    SHARK
    RC4
    DSS
    ChaCha20
    CTR
    AES-SIV
    Camelia
    SEED
    Rabbit
    ECDSA
    @vixentael

    View Slide

  24. — crypto that simply works, solidly
    resists attacks, never needs any
    upgrades
    https://cr.yp.to/talks/2015.10.05/slides-djb-20151005-a4.pdf
    Daniel J. Bernstein
    Boring crypto
    @vixentael

    View Slide

  25. I want to store data securely
    I want to send data securely
    I want to verify data integrity
    Solve use-cases
    @vixentael

    View Slide

  26. o store data securely
    o send data securely
    o verify data integrity KEY DERIVATION
    KEY EXCHANGE
    KEY ROTATION
    SIGN/VERIFY EPHEMERAL KEYS
    ENCR / DECR
    Solve use-cases
    @vixentael

    View Slide

  27. Crypto should be:
    cross-platform
    easy to install
    easy to use audited
    open source
    time proven
    well-documented
    compliant
    hard to mis-use
    @vixentael

    View Slide

  28. Form factor is important
    @vixentael

    View Slide

  29. encryption integration
    abstraction level
    complexity
    @vixentael

    View Slide

  30. encryption integration
    abstraction level
    complexity
    cipher
    crypto-
    library
    crypto-
    system
    boxed
    solution
    pain
    @vixentael

    View Slide

  31. 1. CRYPTO-LIBS
    implements single or multiple
    security functions
    https://github.com/sobolevn/awesome-cryptography @vixentael
    RNCryptor
    Themis
    OpenSSL/BoringSSL/*SSL
    CryptoSwift Tink
    LibSodium/NaCl

    View Slide

  32. Matthew Green
    @vixentael
    blog.cryptographyengineering.com/2012/12/28/the-anatomy-of-bad-idea/
    “OpenSSL is the space shuttle of crypto libraries. It will
    get you to space, provided you have a team of people to
    push the ten thousand buttons required to do so.
    NaCl is more like an elevator — you just press a button
    and it takes you there. No frills or options.
    I like elevators.”

    View Slide

  33. OpenSSL “high level” API, AES CBC
    @vixentael

    View Slide

  34. CommonCrypto AES
    @vixentael

    View Slide

  35. High lvl API, easy to mis-use
    @vixentael

    View Slide

  36. should be random
    should use KDF(key)
    uses AES CBC, not AES GCM
    padding? salt?

    High lvl API, easy to mis-use
    @vixentael

    View Slide

  37. github.com/cossacklabs/themis @vixentael
    Themis: hard to mis-use

    View Slide

  38. hides cryptographic details: salt, IV, KDF, padding
    uses AES-256-GCM
    github.com/cossacklabs/themis
    built-in KDF to make keys stronger
    Themis: hard to mis-use
    @vixentael

    View Slide

  39. 2. CRYPTO-SYSTEMS
    libsignal
    hermes SSL/TLS
    ZeroKit
    noise
    combines security functions for
    solving exact use-case
    @vixentael

    View Slide

  40. ACL based on crypto-keys
    @vixentael
    hermes
    python docs/examples/python/hermes_client.py
    --id USER1
    --config=docs/examples/python/config.json
    --private_key USER1.priv
    --doc secretfile
    --read

    View Slide

  41. 3. BOXED SOLUTIONS
    @vixentael
    unites crypto-systems and user
    functions for solving problems
    truecrypt
    ssh
    acra
    vault
    Oracle TDE

    View Slide

  42. transparent & searchable encryption
    @vixentael
    marketplace.digitalocean.com/apps/acra

    View Slide

  43. transparent & searchable encryption
    @vixentael
    marketplace.digitalocean.com/apps/acra
    very boring

    View Slide

  44. pain curve
    less boring more boring
    cipher
    crypto-
    library
    crypto-
    system
    boxed
    solution
    pain
    @vixentael

    View Slide

  45. Boring crypto tools allow to focus on
    product,
    not on crypto code.
    @vixentael

    View Slide

  46. @vixentael

    View Slide

  47. VS
    @vixentael

    View Slide

  48. make the light
    controllable
    @vixentael

    View Slide

  49. make the
    crypto security
    controllable
    and booooring
    @vixentael

    View Slide

  50. @vixentael
    Anastasiia Voitova
    github.com/vixentael/
    my-talks

    View Slide