Steve Cornish talks at Digital Henley #4 on Wednesday 4th May regarding Data Security - The best passwords, the most effective ways to protect privacy and private data, data integrity and how big businesses keep your information safe (or don't!).
Breaking the Kubernetes Kill Chain: Host Path Mount
Steve Cornish - "Passing Sensitive Data Through The Public Domain"
1. Passing Sensitive Data Through the Public Domain
Steve Cornish
steve@blazingpath.com | @stevesquirrol | linkedin.com/in/stevecornish
4th May 2016
2. About me
By day…
• Contracting Digital / Integration
Architect
• Currently @ Vodafone
By night…
• CTO of Squirrol – a Social Network
for Collectors
• Cool tech
• Pre-funding stage
• Site is live: https://squirrol.com
3. Why protect data?
Public domain => Internet => untrusted network
• Is the integrity of the data important?
• Is the privacy of the data important?
4. Data Integrity / Authentication
HMAC functions can be used to verify a message…
a) Comes from the expected source
b) Has not been tampered with in flight
With HMAC, both the source and target generate a token (the MAC)
from the message using a shared key which is compared to establish
integrity.
6. Data Privacy
• Symmetric and Asymmetric cryptography can be used to secure
data in flight
• Symmetric encryption (e.g. AES):
• The same key is used to encrypt the data and to decrypt the cipher
• Asymmetric encryption (”Public Key Cryptography” / PKI):
• Consists of a public/private key pair
• The data is encrypted using the public key, and decrypted using the private
key
9. Summary
• Data Integrity and Data Privacy are two concerns of Data Security
• Data Integrity can be assured using HMACs
• Data Privacy can be enforced using cryptography
Data Security is a big subject – we’ve only scratched the surface
11. Appendix
Performance
• HMAC-SHA256
• 1m MACs in 4.76s
• AES-128
• 1m encrypts in 2.54s
• 1m decrypts in 2.13s
(Run on a 5 year old Dell Latitude E6410 with Core i5, 4GB RAM, Win 7 32-Bit…)
Editor's Notes
What do I mean by public domain? The internet - any network you don't have control over
2 key questions if you are passing data through untrusted networks
Integrity
Is it critical that the data could not have been altered?
Is it critical that the recipient can trust the source of the data?
Privacy
Does the data contain any sensitive information
HMAC = Hash-based Message Authentication Code
Subject message: The quick brown fox jumps over the lazy dog