Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use It Properly

552 views

Published on

Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use It Properly

Published in: Technology
  • Login to see the comments

  • Be the first to like this

Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use It Properly

  1. 1. DON’T WASTE TIME ON LEARNING CRYPTOGRAPHY: BETTER USE IT PROPERLY #owaspkyiv @vixentael
  2. 2. @vixentael Product Engineer Feel free to reach me with any mobile security questions. I do check my inbox :)
  3. 3. We want to protect our users’ data
  4. 4. We want developers to protect data
  5. 5. We want to protect our users’ data HOW? We want developers to protect data
  6. 6. WE HAVE USER DATA. WHAT SHALL WE DO?
  7. 7. #owaspkyiv @vixentael 1. DEFINING THE DATA SCOPE sensitive user data GDPR / HIPAA / PCI DSS tech data (keys, logs)
  8. 8. #owaspkyiv @vixentael 1. DEFINING THE DATA SCOPE sensitive user data GDPR / HIPAA / PCI DSS tech data (keys, logs) mistake 1. wrong scope definition
  9. 9. #owaspkyiv @vixentael 2. SELECTING ALGORITHM twofish sha1 des md5
  10. 10. twofish sha1 des md5 #owaspkyiv @vixentael 2. SELECTING ALGORITHM mistake 2. bad algo selection
  11. 11. #owaspkyiv @vixentael THINGS TO DECIDE ON KEY LENGTHDATA SCOPE ALGORITHM
  12. 12. #owaspkyiv @vixentaelhttps://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption 3. USING ALGORITHM
  13. 13. #owaspkyiv @vixentaelhttps://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption 3. USING ALGORITHM
  14. 14. #owaspkyiv @vixentaelhttps://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption 3. USING ALGORITHM mistake 3. wrong params
  15. 15. #owaspkyiv @vixentael THINGS TO DECIDE ON PADDING KEY LENGTH MODE DATA SCOPE ALGORITHM IV
  16. 16. #owaspkyiv @vixentael 4. KEY MANAGEMENT user password keys KDF
  17. 17. #owaspkyiv @vixentael 4. KEY MANAGEMENT user password keys KDF mistake 4. bad key management
  18. 18. #owaspkyiv @vixentael THINGS TO DECIDE ON PADDING KEY LENGTH KEY ROTATION MODE KEY DERIVATION KEY STORAGE KEY EXCHANGE DATA SCOPE ALGORITHM IV KEY REVOCATION
  19. 19. #owaspkyiv @vixentael 5. INFRASTRUCTURE
  20. 20. #owaspkyiv @vixentael PADDING KEY LENGTH KEY ROTATION MODE KEY DERIVATION KEY STORAGE THINGS TO DECIDE ON KEY EXCHANGE BACKUPSPLATFORMS DATA SCOPE ALGORITHM IV KEY REVOCATION
  21. 21. #owaspkyiv @vixentaelhttps://pdos.csail.mit.edu/papers/cryptobugs:apsys14.pdf 269 CVEs from 2011-2014 17% 83% bugs inside crypto libs misuses of crypto libs by individual apps
  22. 22. AS USERS WE WANT… more ciphers? #owaspkyiv @vixentael
  23. 23. AES DES 3DES CBC CFB SEAL Salsa20 RSA DSA #owaspkyiv @vixentael
  24. 24. AES DES 3DES CBC CFB SEAL Salsa20 RSA DSA OFB SHARK RC4 DSS ECB CTR SEED #owaspkyiv @vixentael Blowfish
  25. 25. AES DES 3DES CBC CFB SEAL Salsa20 RSA DSA OFB Blowfish SHARK RC4 DSS ECB CTR Twofish Camelia SEED Rabbit ECDSA #owaspkyiv @vixentael
  26. 26. AS USERS WE WANT… more ciphers! more vulnerabilities! more side channel attacks! more attacks! more constant time checks :) more protocols! more patches! #owaspkyiv @vixentael
  27. 27. EXCITING, BUT FOR CRYPTO RESEARCHERS ONLY
  28. 28. AS USERS WE WANT… more ciphers! BORING CRYPTO #owaspkyiv @vixentael
  29. 29. BORING CRYPTO #owaspkyiv @vixentael — crypto that simply works, solidly resists attacks, never needs any upgrades https://cr.yp.to/talks/2015.10.05/slides-djb-20151005-a4.pdf Daniel J. Bernstein
  30. 30. BORING CRYPTO #owaspkyiv @vixentael PLUG & PLAY
  31. 31. WHAT DO WE WANT? instead of adjusting our resources — SOLVE USE-CASES!
  32. 32. WHAT DO WE WANT? — HIGH-LEVEL FUNCTIONS I want to store data securely I want to send data securely I want to verify data integrity #owaspkyiv @vixentael
  33. 33. WHAT DO WE WANT? store data securely send data securely verify data integrity key derivation key exchange key rotation sign/verify ephemeral keys encr / decr #owaspkyiv @vixentael — HIGH-LEVEL FUNCTIONS
  34. 34. NOBODY READS DOCS #owaspkyiv @vixentael
  35. 35. NOBODY READS DOCS #owaspkyiv @vixentael “docs are for experts” “I just want to try” “gimme code!”
  36. 36. 1. HOW TO START? #owaspkyiv @vixentael pod try BoringSSL cmake -DANDROID_ABI=armeabi-v7a -DCMAKE_TOOLCHAIN_FILE=../third_party/ android-cmake/android.toolchain.cmake -DANDROID_NATIVE_API_LEVEL=16 -GNinja .. https://boringssl.googlesource.com/boringssl/+/HEAD/BUILDING.md
  37. 37. #owaspkyiv @vixentael easy, architecture-independent installation 1. HOW TO START?
  38. 38. 2. SUPPORTED PLATFORMS? #owaspkyiv @vixentael *nix OSX web browsers embedded iOS Android Windows minimum expected:
  39. 39. #owaspkyiv @vixentael cross-platform is not an option anymore cross-platform is a must have 2. SUPPORTED PLATFORMS?
  40. 40. OPTIONS WE HAVE
  41. 41. #owaspkyiv @vixentael HSM
  42. 42. #owaspkyiv @vixentael HARDWARE SECURITY MODULE key generation provides cryptoprocessing key storage portable
  43. 43. #owaspkyiv @vixentael TRUSTED PLATFORM MODULE key management disk protection trust anchor built-in remote attestation provides cryptoprimitives
  44. 44. #owaspkyiv @vixentael HSM & TPM: PROS fast hardware crypto! trusted environment known security guarantees keys calculations
  45. 45. #owaspkyiv @vixentael HSM & TPM: CONS vendor lock / vendor trust bad for interactive encryption complicated to maintain (install, upgrade, support, not cross-platform)
  46. 46. #owaspkyiv @vixentael HSM & TPM: PRO & CONS HSM app plaintext data plaintext data is far away from the place it is used
  47. 47. #owaspkyiv @vixentael SOFTWARE CRYPTO SYSTEMS https://github.com/sobolevn/awesome-cryptography any kind of encryption plaintext data is closer to its usage cross-platform
  48. 48. #owaspkyiv @vixentael SOFTWARE CRYPTO SYSTEMS https://github.com/sobolevn/awesome-cryptography any kind of encryption plaintext data is closer to its usage cross-platform NO DEVICE TRUST
  49. 49. #owaspkyiv @vixentael WEBBROWSER CRYPTO: CONS DOM, XSS, NO CODE TRUST
  50. 50. #owaspkyiv @vixentael HSM/TPM + SOFTWARE CS keys calculations TPM / HSM own software cross-platform take best from both
  51. 51. #owaspkyiv @vixentael cross-platform easy to install easy to use USING CRYPTO SHOULD BE LIKE.. audited open source time proven well-documented
  52. 52. #owaspkyiv @vixentael crypto-libs crypto-systems boxed solutions
  53. 53. #owaspkyiv @vixentael 1. CRYPTO-LIBS libsodium themis https://github.com/sobolevn/awesome-cryptography implements single or multiple security functions keyczar noise
  54. 54. #owaspkyiv @vixentael EXAMPLE https://github.com/cossacklabs/themis/wiki/Python-Howto secure messaging with forward secrecy
  55. 55. #owaspkyiv @vixentael 2. CRYPTO-SYSTEMS axolotl hermes combines security functions for solving exact use-case SSL/TLS ZeroKit
  56. 56. #owaspkyiv @vixentael EXAMPLE https://github.com/cossacklabs/hermes-core/wiki/Python-tutorial data access control based on crypto-keys python docs/examples/python/hermes_client.py --id user1 --config=docs/examples/python/config.json --private_key user1.priv --doc testfile --read
  57. 57. #owaspkyiv @vixentael 3. BOXED SOLUTIONS truecrypt ssh acra vault unites crypto-systems and user functions for solving problems
  58. 58. #owaspkyiv @vixentael EXAMPLE https://github.com/cossacklabs/acra/wiki/Trying-Acra-with-Docker database proxy for encrypting / decrypting go run cmd/acra_genkeys/acra_genkeys.go docker-compose -f docker/docker-compose.yml up -d
  59. 59. #owaspkyiv @vixentael CAN I SOLVE MY USE-CASE USING… boxed solutions
  60. 60. #owaspkyiv @vixentael CAN I SOLVE MY USE-CASE USING… crypto-systems boxed solutions no :(
  61. 61. #owaspkyiv @vixentael CAN I SOLVE MY USE-CASE USING… crypto-libs crypto-systems boxed solutions no :( no :(
  62. 62. https://www.cossacklabs.com/choose-your-ios-crypto.html
  63. 63. THE WORLD DOESN’T HAVE A PROBLEM WITH NEW CRYPTO-ALGORITHMS.
  64. 64. THE WORLD DOESN’T HAVE A PROBLEM WITH NEW CRYPTO-ALGORITHMS. PROBLEM IS THAT THEY ARE NOT BORING ENOUGH
  65. 65. #owaspkyiv @vixentael
  66. 66. #owaspkyiv @vixentael VS
  67. 67. #owaspkyiv @vixentael make the light controllable
  68. 68. #owaspkyiv @vixentael
  69. 69. #owaspkyiv @vixentael make the crypto security controllable
  70. 70. #owaspkyiv @vixentael make the crypto security controllable and booooring
  71. 71. #owaspkyiv @vixentael
  72. 72. LINKS 1 Boring crypto, Daniel J. Bernstein https://cr.yp.to/talks/2015.10.05/slides-djb-20151005-a4.pdf Why does cryptographic software fail? https://pdos.csail.mit.edu/papers/cryptobugs:apsys14.pdf API design for cryptography https://2017.hack.lu/archive/2017/hacklu-crypto-api.pdf
  73. 73. LINKS 2 Encrypting strings in Android: Let’s make better mistakes https://tozny.com/blog/encrypting-strings-in-android-lets-make-better-mistakes/ Awesome crypto papers https://github.com/pFarb/awesome-crypto-papers 12 And 1 Ideas How To Enhance Backend Data Security https://www.cossacklabs.com/backend-data-security-modern-ideas.html Attestation and Trusted Computing https://courses.cs.washington.edu/courses/csep590/06wi/finalprojects/bare.pdf
  74. 74. MY OTHER SECURITY SLIDES https://github.com/ vixentael/my-talks …and more
  75. 75. @vixentael Product Engineer Feel free to reach me with any mobile security questions. I do check my inbox :)

×