Crypto storage

Cryptographic storagefor people in a hurry Graham Lee Smartphone security bofﬁn, Fuzzy Aliens Ltd. fuzzyaliens.com

Cryptographic storagefor people in a hurry Graham Lee Smartphone security bofﬁn, Fuzzy Aliens Ltd.

From App to Crap

Nut[the problem]shell

Nut[the problem]shell• Want to store data

Nut[the problem]shell• Want to store data• But it must be secret

Nut[the problem]shell• Want to store data• But it must be secret • if the phone is stolen

Nut[the problem]shell• Want to store data• But it must be secret • if the phone is stolen • if the iTunes backup is stolen

Nut[the problem]shell• Want to store data• But it must be secret • if the phone is stolen • if the iTunes backup is stolen• It must be tamper-proof

Nut[the problem]shell• Want to store data• But it must be secret • if the phone is stolen • if the iTunes backup is stolen• It must be tamper-proof• …to some extent

Solution: aescrypt

Solution: aescrypt• Unencumbered (public domain) format and freeware implementation at http:// aescrypt.org

Solution: aescrypt• Unencumbered (public domain) format and freeware implementation at http:// aescrypt.org• Not just you using it

Solution: aescrypt• Unencumbered (public domain) format and freeware implementation at http:// aescrypt.org• Not just you using it• Mac, iOS, more

Solution: aescrypt• Unencumbered (public domain) format and freeware implementation at http:// aescrypt.org• Not just you using it• Mac, iOS, more• Let’s start at byte 0 :-)

‘AES0020’• Magic number• Tells you the version of the crypto format

Meet a Data

Metadata

Metadata• Arbitrary ‘extensions’ section

Metadata• Arbitrary ‘extensions’ section• Creator ID, creation date…

Metadata• Arbitrary ‘extensions’ section• Creator ID, creation date…• …as long as that stuff isn’t a secret

What’s our vector, Victor? // We will use an initialization vector comprised of thecurrent time // process ID, and random data, all hashed togetherwith SHA-256. source: wikipedia

You can’t come in here unless you say “Swordﬁsh” // Hash the IV and password 8192 times memset(digest, 0, 32); memcpy(digest, IV, 16); for(i=0; i<8192; i++) { sha256_starts( &sha_ctx); sha256_update( &sha_ctx, digest, 32); sha256_update( &sha_ctx, (unsigned char*)passwd, (unsigned long)passlen); sha256_ﬁnish( &sha_ctx, digest); }

Cutty say e cant HANG!

Cutty say e cant HANG! • The key we just derived is not used to encrypt the plaintext ﬁle • Instead, it’s used to encrypt a key, which is itself used to encrypt the ﬁle. • …why?

Irony: Eminem tribute actsinging “the real slim shady”…16 Octets - Initialization Vector (IV) used for encrypting the IV and symmetric key that is actually used to encrypt the bulk of the plaintext file.48 Octets - Encrypted IV and 256-bit AES key used to encrypt the bulk of the file 16 octets - initialization vector 32 octets - encryption key32 Octets - HMACnn Octets - Encrypted message (2^64 octets max) 1 Octet - File size modulo 16 in least significant bit positions32 Octets - HMAC…

Filler material…16 Octets - Initialization Vector (IV) used for encrypting the IV and symmetric key that is actually used to encrypt the bulk of the plaintext file.48 Octets - Encrypted IV and 256-bit AES key used to encrypt the bulk of the file 16 octets - initialization vector 32 octets - encryption key32 Octets - HMACnn Octets - Encrypted message (2^64 octets max) 1 Octet - File size modulo 16 in least significant bit positions32 Octets - HMAC…

To the Question Pit! @iamleeg

To the Question Pit! @iamleeg fuzzyaliens.com

Crypto storage

by Graham Lee on Mar 24, 2011

Accessibility

Categories

Tags

Upload Details

Usage Rights

1 Embed 22

Statistics

Crypto storage — Presentation Transcript