Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Zero Knowledge Architectures for mobile Applications

vixentael
October 05, 2017

Zero Knowledge Architectures for mobile Applications

#iosdev #security #trust #keys

- why we need ZKA
- what is ZKA, what are parts of ZKA system
- messaging, auth, data: how to use ZKA in these usecases
- ZKA data management example
- implementation details
- other possible usecases
- recap

--------------------------------------

If you can't tap on the link inside slides, please open as pdf (button on the right).

--------------------------------------

With intensifying threat access, snooping governments and insecure-internet-of-everything, the importance of zero-knowledge application architectures and end-to-end trust, for things more complicated than simple messaging, becomes more and more obvious for the app developers.

We will talk about real-world problems that ZKA fights against, learn typical cryptographic designs and progress in different spheres of ZKA. We will find out how to make data sharing, user collaboration on data in the cloud with your app provably secure.

--------------------------------------

text:
https://medium.com/@vixentael/zero-knowledge-architectures-for-mobile-applications-b00a231fda75

--------------------------------------

video from MobiConf17
https://youtu.be/79iqPsPc6ZE

--------------------------------------

Links to follow:

Hermes
https://github.com/cossacklabs/hermes-core

Anatomy of a Zero-Knowledge Web Application, 2007
https://clipperz.is/blog/2007/08/24/anatomy_zero_knowledge_web_application/

Zero Knowledge Protocols Without Magic
https://www.cossacklabs.com/zero-knowledge-protocols-without-magic.html

Why We Develop Zero Knowledge Software
https://brainsware.at/blog/9-zero-knowledge-saas

Keybase launches encrypted git
https://keybase.io/blog/encrypted-git-for-everyone

Why We Will No Longer Use the Phrase Zero Knowledge to Describe Our Software
https://spideroak.com/articles/why-we-will-no-longer-use-the-phrase-zero-
knowledge-to-describe-our-software/

Explain Like I’m 5: End-to-end Encryption
https://medium.com/@cossacklabs/eli5-end-to-end-encryption-ae46821db74f

Explain Like I’m 5: Zero Knowledge Proof
https://hackernoon.com/eli5-zero-knowledge-proof-78a276db9eff

Zero Knowledge Proofs: An illustrated primer
https://blog.cryptographyengineering.com/2014/11/27/zero-knowledge-proofs-illustrated-primer/

vixentael

October 05, 2017
Tweet

More Decks by vixentael

Other Decks in Programming

Transcript

  1. ZERO KNOWLEDGE
    ARCHITECTURES
    for mobile applications

    View Slide

  2. @vixentael Mobile
    Tech Lead
    Feel free to reach me with any
    mobile security questions.
    I do check my inbox :)

    View Slide

  3. Let’s play a game

    View Slide

  4. Sensitive data – ?
    @vixentael

    View Slide

  5. E2EE – ?
    @vixentael

    View Slide

  6. GDPR – ?
    @vixentael

    View Slide

  7. GDPR – ?
    Equifax – ?
    @vixentael

    View Slide

  8. #mobiconf @vixentael

    View Slide

  9. Where we are

    View Slide

  10. We have sensitive data
    @vixentael

    View Slide

  11. We have sensitive data
    We put it to the “cloud”
    @vixentael

    View Slide

  12. We put it to the “cloud”

    View Slide

  13. We put it to the “cloud”
    Everything runs
    on smbd’s software, on smbd’s computer,
    is maintained by someone else
    @vixentael

    View Slide

  14. We have sensitive data
    We put it to the “cloud”
    Everything runs
    on smbd’s software, on smbd’s computer,
    is maintained by someone else
    @vixentael

    View Slide

  15. Do we trust them?
    @vixentael

    View Slide

  16. Do we trust them?
    Do we want to trust them?
    @vixentael

    View Slide

  17. – NO.

    View Slide

  18. We don’t want.
    @vixentael

    View Slide

  19. to know how secure cloud is
    We don’t want
    @vixentael

    View Slide

  20. to trust other ppl’s software,
    computers, and maintenance
    practices
    - to know how secure cloud is
    We don’t want
    @vixentael

    View Slide

  21. to think about sensitive data
    leakage
    - to trust other people’s software, computers, and
    maintenance practices
    - to know how secure cloud is
    We don’t want
    @vixentael

    View Slide

  22. - to think about sensitive data leakage
    - to trust other people’s software, computers, and
    maintenance practices
    - to know how secure cloud is
    We don’t want
    @vixentael

    View Slide

  23. View Slide

  24. We don’t want to share
    sensitive data.

    View Slide

  25. We don’t want to share
    sensitive data,
    but we must

    View Slide

  26. medical records
    credit history
    ?
    }
    @vixentael

    View Slide

  27. your data,
    managed
    by someone
    medical records
    credit history
    =
    @vixentael

    View Slide

  28. – Need control.

    View Slide

  29. Control access to the sensitive
    data during storing and sharing.
    @vixentael

    View Slide

  30. How?
    Control access to the sensitive
    data during storing and sharing.
    @vixentael

    View Slide

  31. – Encryption.

    View Slide

  32. Messaging End-to-End
    Encryption
    @vixentael

    View Slide

  33. Authentication Zero Knowledge
    Proof
    https://www.cossacklabs.com/zero-
    knowledge-protocols-without-magic.html
    @vixentael

    View Slide

  34. Data ???
    - store encrypted
    - share with others
    - manage access to
    parties
    @vixentael

    View Slide

  35. – Zero Knowledge
    Architectures

    View Slide

  36. ZKA is a design principle that
    enables software to provide
    services over protected client data
    without having an unencrypted
    access to it.
    @vixentael

    View Slide

  37. e2ee clients
    ZKA includes
    @vixentael

    View Slide

  38. e2ee clients
    all operations are on encrypted data:
    – control access to data from different users
    – CRUD
    – search (in encrypted data)
    ZKA includes
    @vixentael

    View Slide

  39. ZKA is already solved for
    specific use-cases or
    in a naive ways
    @vixentael

    View Slide

  40. Sharing encrypted data:
    naive approach
    – duplications
    – key management
    problems
    @vixentael

    View Slide

  41. give access to
    certain blocks of
    data to exact users
    https://github.com/cossacklabs/
    hermes-core
    Our take
    @vixentael

    View Slide

  42. - Why me?

    View Slide

  43. ZKA relies on trust to the client
    @vixentael

    View Slide

  44. ZKA relies on trust to the client
    Mobile runs code safely*
    @vixentael

    View Slide

  45. ZKA relies on trust to the client
    Mobile stores keys safely*
    Mobile runs code safely*
    @vixentael

    View Slide

  46. Mobile stores keys safely*
    ZKA relies on trust to the client
    Mobile runs code safely*
    Mobile is a good client Brent
    @vixentael

    View Slide

  47. – Meanwhile in
    the real world…

    View Slide

  48. View Slide

  49. {
    "personal_data": {
    "name": "Cat",
    "surname": "Black",
    "age": 25,
    "home_address": "large box in living room",
    "birth_date": "01/04/1992"
    },
    "credit_rating": 8.7,
    "transactions": [{
    "operation": "credit",
    "bank": "CatBank1",
    "amount": "2000",
    "currency": "eur",
    "date": "02/10/2017"
    },
    {
    "operation": "credit",
    "bank": "CatBank2",
    "amount": "500",
    "currency": "eur",
    "date": "14/02/2015"
    }
    ]
    } @vixentael

    View Slide

  50. {
    "personal_data": {
    "name": "Cat",
    "surname": "Black",
    "age": 25,
    "home_address": "large box in living room",
    "birth_date": "01/04/1992"
    },
    "credit_rating": 8.7,
    "transactions": [{
    "operation": "credit",
    "bank": "CatBank1",
    "amount": "2000",
    "currency": "eur",
    "date": "02/10/2017"
    },
    {
    "operation": "credit",
    "bank": "CatBank2",
    "amount": "500",
    "currency": "eur",
    "date": "14/02/2015"
    }
    ]
    }
    personal data
    @vixentael

    View Slide

  51. protected data
    {
    "personal_data": {
    "name": "Cat",
    "surname": "Black",
    "age": 25,
    "home_address": "large box in living room",
    "birth_date": "01/04/1992"
    },
    "credit_rating": 8.7,
    "transactions": [{
    "operation": "credit",
    "bank": "CatBank1",
    "amount": "2000",
    "currency": "eur",
    "date": "02/10/2017"
    },
    {
    "operation": "credit",
    "bank": "CatBank2",
    "amount": "500",
    "currency": "eur",
    "date": "14/02/2015"
    }
    ]
    } @vixentael

    View Slide

  52. {
    "personal_data": {
    "name": "Cat",
    "surname": "Black",
    "age": 25,
    "home_address": "large box in living room",
    "birth_date": "01/04/1992"
    },
    "credit_rating": 8.7,
    "transactions": [{
    "operation": "credit",
    "bank": "CatBank1",
    "amount": "2000",
    "currency": "eur",
    "date": "02/10/2017"
    },
    {
    "operation": "credit",
    "bank": "CatBank2",
    "amount": "500",
    "currency": "eur",
    "date": "14/02/2015"
    }
    ]
    }
    really-really
    protected data
    @vixentael

    View Slide

  53. you
    bank
    credit
    bureau
    @vixentael

    View Slide

  54. you
    bank
    credit
    bureau
    @vixentael

    View Slide

  55. you
    bank
    credit
    bureau
    @vixentael

    View Slide

  56. you
    bank
    credit
    bureau
    @vixentael

    View Slide

  57. you
    bank
    credit
    bureau
    @vixentael

    View Slide

  58. you
    bank
    credit
    bureau
    @vixentael

    View Slide

  59. you
    bank
    credit
    bureau
    what could possibly go wrong?
    @vixentael

    View Slide

  60. leakage from –
    your data is available everywhere
    Risks
    @vixentael

    View Slide

  61. leakage from –
    your data is available everywhere
    Risks
    encrypt data with one shared ?
    leak one key – leak everything
    @vixentael

    View Slide

  62. B&B can accumulate extra data
    about you.
    Risks
    @vixentael

    View Slide

  63. B&B can judge you by things
    you haven’t done.
    Risks
    @vixentael

    View Slide

  64. B&B can record requests about
    people they don’t know.
    Risks
    @vixentael

    View Slide

  65. How ZKA can help?

    View Slide

  66. {
    "personal_data": {
    "name": "Cat",
    "surname": "Black",
    "age": 25,
    "home_address": "large box in living room",
    "birth_date": "01/04/1992"
    },
    "credit_rating": 8.7,
    "transactions": [{
    "operation": "credit",
    "bank": "CatBank1",
    "amount": "2000",
    "currency": "eur",
    "date": "02/10/2017"
    },
    {
    "operation": "credit",
    "bank": "CatBank2",
    "amount": "500",
    "currency": "eur",
    "date": "14/02/2015"
    }
    ]
    }
    RW
    RO
    RO, customer
    verification
    RW
    @vixentael

    View Slide

  67. access to data
    blocks
    encrypted
    controlled by
    owner
    @vixentael

    View Slide

  68. stores encrypted
    updates only credit score
    owns,
    controls access
    RW only their
    transactions
    access
    revoked
    @vixentael

    View Slide

  69. - Key wrapping
    storage keys user keys
    How to build it?
    @vixentael
    blocks

    View Slide

  70. - Key wrapping
    - Manage privileges
    How to build it?
    @vixentael

    View Slide

  71. - Key wrapping
    - Manage privileges
    - Control requests
    How to build it?
    @vixentael

    View Slide

  72. - Key wrapping
    - Manage privileges
    - Control requests
    - Mitigate remaining attacks
    How to build it?
    @vixentael

    View Slide

  73. leakage →
    privileges →
    replay →
    other? →
    Mitigating the risks:
    @vixentael

    View Slide

  74. leakage → it’s encrypted
    privileges →
    replay →
    other? →
    Mitigating the risks:
    @vixentael

    View Slide

  75. leakage → it’s encrypted
    privileges → it’s encrypted
    replay →
    other? →
    Mitigating the risks:
    @vixentael

    View Slide

  76. leakage → it’s encrypted
    privileges → it’s encrypted
    replay → ZKP (it’s encrypted ;)
    other? →
    Mitigating the risks:
    @vixentael

    View Slide

  77. leakage → it’s encrypted
    privileges → it’s encrypted
    replay → ZKP (it’s encrypted ;)
    other? → tiny attack surface
    Mitigating the risks:
    @vixentael

    View Slide

  78. ZKA elsewhere

    View Slide

  79. shared
    audit logs
    complex docs,
    spreadsheets
    config files
    file system
    document store
    protection
    @vixentael

    View Slide

  80. Is it difficult
    to implement?

    View Slide

  81. Signal https://github.com/WhisperSystems/
    SignalProtocolKit/blob/master/AxolotlKit/Classes/
    Sessions/SessionBuilder.m
    @vixentael

    View Slide

  82. Swift Alps Demo https://github.com/cossacklabs/theswiftalpsdemo/
    blob/master/ios-project/SwiftAlpsSecDemo/
    SwiftAlpsSecDemo/SessionDemo.swift
    github.com/
    cossacklabs/themis
    @vixentael

    View Slide

  83. Hermes
    github.com/cossacklabs/
    hermes-core
    ODING IN PROGRESS
    CODING IN PROG @vixentael

    View Slide

  84. Other examples
    https://tahoe-lafs.org/trac/tahoe-lafs
    The Least-Authority File Store
    https://tresorit.com/zerokit
    ZeroKit from Tresorit
    @vixentael

    View Slide

  85. Recap

    View Slide

  86. 1. We know a lot about data protection and
    peer-to-peer communication.
    2. Collaborating on data exposes more
    advanced risks. One key is not enough.
    3. ZKA helps against advanced risks.
    4. Sooner or later, everything will be
    collaborative.
    5. Learn ZKA in advance!
    @vixentael

    View Slide

  87. Links 1
    https://clipperz.is/blog/2007/08/24/anatomy_zero_knowledge_web_application/
    Anatomy of a Zero-Knowledge Web Application, 2007
    https://www.cossacklabs.com/zero-knowledge-protocols-without-magic.html
    Zero Knowledge Protocols Without Magic
    https://brainsware.at/blog/9-zero-knowledge-saas
    Why We Develop Zero Knowledge Software

    View Slide

  88. Links 2
    https://spideroak.com/articles/why-we-will-no-longer-use-the-phrase-zero-
    knowledge-to-describe-our-software/
    Why We Will No Longer Use the Phrase Zero Knowledge to
    Describe Our Software
    https://medium.com/@cossacklabs/eli5-end-to-end-encryption-ae46821db74f
    Explain Like I’m 5: End-to-end Encryption
    https://keybase.io/blog/encrypted-git-for-everyone
    Keybase launches encrypted git

    View Slide

  89. My other security slides
    https://github.com/
    vixentael/my-talks

    View Slide

  90. @vixentael Mobile
    Tech Lead
    Feel free to reach me with any
    mobile security questions.
    I do check my inbox :)

    View Slide

  91. Image credits
    www.flaticon.com
    freepik, linector, switficons, pixelperfect, smashicons
    Authors:

    View Slide