10 lines of encryption, 1500 lines of key management

Transcript

1. 10 lines of encryption, 1500 lines of key management @vixentael

2. @vixentael product engineer in security and cryptography OSS maintainer: Themis,

   Acra cryptographic tools, security engineering, datasec training

3. @vixentael zero knowledge searchable encryption cossacklabs.com/acra/ e2ee data collaboration cossacklabs.com/hermes/

   zero knowledge authentication github.com/cossacklabs/themis/wiki/Secure-Comparator-cryptosystem cossacklabs.com/whitepapers/

4. Bespoke data security solutions and security engineering.

5. None

6. @vixentael Data encryption without compromising UX

7. 1. Encryption: from GDPR to DoD @vixentael 2. Building security:

   decision making in security, boring crypto, defense in depth 3. E2EE note sharing 4. Cat

8. GDPR @vixentael Article 32/35: responsibly store and process data according

   to risks
 
 Article 33/34: detecting data leakage and alert users & controller https://gdpr-info.eu/

9. @vixentael https://gdpr-info.eu/ Article 32

10. @vixentael US Department of Defense

11. @vixentael US Department of Defense https://media.defense.gov/2018/Apr/22/2001906836/-1/-1/0/ DEFENSEINNOVATIONBOARD_TEN_COMMANDMENTS_OF_SOFT WARE_2018.04.20.PDF

12. @vixentael Apple privacy policy update https://developer.apple.com/news/?id=06032019j

13. @vixentael Google https://support.google.com/cloud/answer/9110914

14. @vixentael Decision making in security 101

15. @vixentael Decision making in security 101 1. “just because we

    can” 3. understanding risks & threats 2. every app should have security features

16. @vixentael Decision making in security 101 1. “just because we

    can” 3. understanding risks & threats 2. every app should have security features ✅

17. @vixentael app flow app features code user problem

18. risk & threat model security methods security controls libraries/ code

    app flow app features code user problem @vixentael

19. @vixentael risk model & threat model create demands for security

20. @vixentael Data & risks PII User data Service data likes,

    preferences purchase history logs keys, accesses, API tokens backups configurations locations

21. @vixentael Data & risks compliance risks legal risks reputational risks

    continuity risks User data Service data reputational risks medium.com/@cossacklabs/trick-or-threat-security-losses-for- business-f5b44243d89c

22. @vixentael Boring crypto

23. https://pdos.csail.mit.edu/papers/cryptobugs:apsys14.pdf 269 CVEs from 2011-2014 17% 83% bugs inside crypto

    libs misuses of crypto libs by individual apps @vixentael

24. — crypto that simply works, solidly resists attacks, never needs

    any upgrades https://cr.yp.to/talks/2015.10.05/slides-djb-20151005-a4.pdf Daniel J. Bernstein Boring crypto @vixentael

25. encryption integration abstraction level complexity @vixentael

26. encryption integration abstraction level complexity cipher crypto- library crypto- system

    boxed solution @vixentael pain

27. @vixentael @vixentael easy to make mistakes

28. @vixentael should be random should use KDF(key) uses AES CBC,

    not AES GCM padding? salt? @vixentael easy to make mistakes

29. Themis: hard to make mistakes @vixentael @vixentael github.com/cossacklabs/themis

30. @vixentael hides cryptographic details: salt, IV, KDF, padding built-in KDF,

    safe to use passphrase uses AES-256-GCM @vixentael github.com/cossacklabs/themis Themis: hard to make mistakes

31. encryption integration abstraction level complexity cipher crypto- library crypto- system

    boxed solution @vixentael pain

32. https://github.com/vixentael/my-talks#dont-waste-time-on-learning-cryptography-better-use-it-properly see full talk about Boring crypto @vixentael

33. @vixentael Defense in depth

34. Defense in depth – independent, yet interconnected, set of security

    controls aimed at mitigating multiple risks during the whole application flow @vixentael

35. @vixentael 1. Encryption to protect data globally 
 (during the

    whole data flow / app lifecycle). 2. Whatever is the attack vector, there is a defense layer. 3. For most popular attack vectors, we want as many independent defenses as possible. Overlapped security controls

36. @vixentael Lines of defense

37. @vixentael

38. @vixentael 10 lines of encryption, 1500 lines of key management

39. @vixentael 10 lines of encryption, 1500 lines of key management

    60 3000

40. @vixentael

41. None

42. @vixentael • smooth UX • not finance/banking app • syncing

    between all user’s devices • privacy • incident response • next versions: Web/Electron Bear e2ee for notes

43. @vixentael 1. user notes encrypted using unique keys (per app

    per user) 2. user password is never stored in plaintext 3. data in Keychain encrypted 4. notes & passwords are synced between devices Results

44. @vixentael UX is important, so we made the security scheme

    more complex from an engineering perspective, but less stressful for users

45. @vixentael note encryption & note locking

46. @vixentael app locking

47. @vixentael note encryption != note locking != app locking

48. @vixentael note encryption != note locking != app locking encryption

    authentication authentication

49. @vixentael note text user passphrase note encryption key data model

    plaintext user input unique per note

50. @vixentael Access Disclosure Modification Access denial note text Moderate Critical

    Critical High user passphrase Moderate Critical Critical Critical note encryption key Moderate Low Low Moderate threats

51. @vixentael Device filesystem Device process memory Device keychain & secure

    enclave Transport, iCloud database iCloud Keychain Medium High High Medium Medium trust model

52. @vixentael Breaking Keychain youtube.com/watch?v=EUGDa0Z71uk youtube.com/watch?v=sR6KeCaCRMA github.com/LinusHenze/Keysteal macOS keychain: https://thetapedrive.com/face-id-fail-ios-13 iOS13

    beta keychain:

53. @vixentael We have more trust towards the data stored on

    the device than the data stored in a cloud

54. @vixentael key model

55. @vixentael from user mind or password mngr cached for some

    time calculated before usage Keychain, Secure Enclave key model

56. @vixentael multiple caches to minimize user distractions user Keychain SecureEnclave

    iCloudKeychain in memory cache temp var password manager

57. @vixentael App encryption key Key stretching: PBKDF2, deterministic long_data =

    user_passphrase + generated_passphrase_password + generated_app_context app_encryption_key = SecureCellContextImprint(data: long_data, context: generated_app_context, key: user_passphrase)

58. @vixentael long_data = user_passphrase + generated_passphrase_password + generated_app_context app_encryption_key =

    SecureCellContextImprint(data: long_data, context: generated_app_context, key: user_passphrase) long_data = app_encryption_key + generated_passphrase_password + generated_app_context note_encryption_key = SecureCellContextImprint(data: long_data, context: note_encryption_id, key: app_encryption_key) App encryption key, note encryption key Key stretching: PBKDF2, deterministic

59. @vixentael data encryption encrypted_note = SecureCellSeal(data: note_text, context: note_encryption_id, key:

    note_encryption_key) decrypted_note = SecureCellSeal(data: encrypted_note, context: note_encryption_id, key: note_encryption_key) AES-256-GCM, random IV/nonce, non-deterministic

60. @vixentael 1. Encryption to protect data globally 
 (during the

    whole data flow / app lifecycle). 2. Whatever is the attack vector, there is a defense layer. 3. For most popular attack vectors, we want as many independent defenses as possible. Overlapped security controls ✅

61. @vixentael encrypted_passphrase = SecureCellSeal(data: user_passphrase, context: nil, key: generated_passphrase_key) decrypted_passphrase

    = SecureCellSeal(data: user_passphrase, context: nil, key: generated_passphrase_key) passphrase encryption https://www.youtube.com/watch?v=EUGDa0Z71uk https://www.youtube.com/watch?v=sR6KeCaCRMA https://github.com/LinusHenze/Keysteal remember about breaking keychain AES-256-GCM, random IV/nonce, non-deterministic https://thetapedrive.com/face-id-fail-ios-13

62. @vixentael hint encryption

63. @vixentael hint encryption encrypted_hint = SecureCellSeal(data: hint, context: nil, key:

    generated_hint_key) decrypted_hint = SecureCellSeal(data: encrypted_hint, context: nil, key: generated_hint_key) AES-256-GCM, random IV/nonce, non-deterministic

64. @vixentael Auto-locking timer clean up caches and decrypted data after

    T seconds let unlockDate = Date() ... let unlockedInterval = unlockDate.timeIntervalSinceNow();

65. @vixentael Auto-locking timer clean up caches and decrypted data after

    T seconds let unlockDate = Date() ... let unlockedInterval = unlockDate.timeIntervalSinceNow(); timezones

66. @vixentael Auto-locking timer monotonic https://twitter.com/wilshipley/status/1130973433120952321

67. @vixentael Failed attempts counter, increasing delays makes it harder to

    brute force the passphrase user_passphrase t

68. @vixentael Failed attempts counter, increasing delays

69. @vixentael Compatibility & incident response

70. 1. Encryption to protect data globally 
 (during the whole

    data flow / app lifecycle). 2. Whatever is the attack vector, there is a defense layer. 3. For most popular attack vectors, we want as many independent defenses as possible. Overlapped security controls ✅ ✅ ✅ @vixentael

71. Key points

72. 1. Encryption: from GDPR to DoD @vixentael 2. Building security:

    decision making in security, boring crypto, defense in depth 3. E2EE note sharing 4. Cat

73. @vixentael crypto gets harder if you need usability 1. E2EE

    for notes, synced between devices – Bear 2. Searchable encryption – Acra 3. E2EE for data collaboration – Hermes

74. @vixentael coming soon

75. @vixentael OWASP ASVS / MASVS

76. It is secure. It’s not broken yet. @vixentael

77. failure of single security control is a question of time

    failure of security system is a question of design

78. @vixentael cryptographic tools, security consulting, training github.com/vixentael/ my-talks