Upgrade to Pro — share decks privately, control downloads, hide ads and more …

e2ee != security != privacy

vixentael
January 26, 2021

e2ee != security != privacy

Let's ride a hype wave of Signal-Whatsapp-Telegram drama and talk about encryption. How can an app use end-to-end encryption but still sell your data elsewhere? We will discuss different encryption ways and how they protect data from different threat models.

https://www.youtube.com/watch?v=CqsrA4eeGSs

vixentael

January 26, 2021
Tweet

More Decks by vixentael

Other Decks in Programming

Transcript

  1. @vixentael head of customer solutions, security software engineer OSS maintainer:

    Themis, Acra focused on applied crypto and building e2ee protocols
  2. cossacklabs.com/products Data security tools & solutions @vixentael We make software

    to get data security right – from open-source and proprietary cryptographic tools to custom solutions and consulting.
  3. @vixentael Using “end-to-end encryption” doesn’t mean that ALL your data

    is encrypted end-to-end AND local data is encrypted AND e2ee is enabled by default AND backups are encrypted AND cipher is modern
  4. @vixentael Using “end-to-end encryption” doesn’t mean that ALL your data

    is encrypted end-to-end AND local data is encrypted AND e2ee is enabled by default meta-data, attachments some ppl call TLS — E2EE :) data at rest enc is separate opt-in vs opt-out AND backups are encrypted also separate also apps can collect phone numbers, location, IPs, device info, etc AND cipher is modern xor, base64, AES CBC
  5. @vixentael What data we collect, how we link it to

    the user, who has access to collected info, do we give access to gov, where servers are located. See GDPR/CCPA. Privacy & trust How we protect collected data, access, apps, dbs, servers, backups. See OWASP ASVS/MASVS/SAMM. AppSec, DataSec, InfraSec. Security Some data is e2ee’d from user to same/another user, servers don’t have access to keys/secrets/plaintext. E2EE
  6. input, generation, local storage processing storage logs, analytics Encryption depends

    on a dataflow web frontend storage mobile frontend web admin backups payment service orders processing analytics i i o i p s s p @vixentael
  7. @vixentael Encryption data stored encrypted locally – data-at-rest encryption; also

    FS/OS encryption, TDE. host / server host / server transport layer encryption – data-in-transit encryption (TLS, IPSec, SSH). host / server
  8. @vixentael Application-level encryption (ALE) data encrypted by app – application-level

    encryption (ALE) app ALE happens on client side – client-side encryption client ALE happens on server side – server-side encryption server proxy … proxy-side encryption
  9. @vixentael server 1 server 2 server 3 TLS (in transit)

    server 1 server 2 server 3 Alice app 2 Bob application-level encryption Alice app 2 Bob
  10. @vixentael E2EE, FLE only some data fields are encrypted –

    field-level encryption (FLE) Alice client-side encryption when no keys/ secrets/data is available to servers – end-to-end encryption Bob
  11. @vixentael Transparent encryption Data is encrypted in a database, but

    apps don’t know about this – Transparent Database Encryption (TDE) Data is encrypted on a proxy, but apps/dbs don’t know about this – Transparent Proxy-side Encryption proxy app app
  12. @vixentael encryption controls / events transit (TLS) disk / FS

    TDE / DB encryption ALE E2EE physical access to servers ⛔ ✅ ✅ ✅ ✅ MitM ✅ ⛔ ⛔ ✅ ✅ privileged DB access ⛔ ⛔ ⛔ ✅ ✅ privileged system access ⛔ ⛔ ⛔ Depends ✅ backups, logs, snapshots ⛔ ⛔ Few ✅ ✅ infoq.com/articles/ale-software-architects/
  13. @vixentael if E2EE is so great, why we don’t use

    it everywhere? TLS FS/OS encr, TDE custom data- at-rest encr ALE E2EE security efforts, tradeoffs
  14. @vixentael if E2EE is so great, why we don’t use

    it everywhere? TLS FS/OS encr, TDE custom data- at-rest encr ALE E2EE security efforts, tradeoffs key storage, key rotation, key revocation, data re-encryption, consistency, backups, tying keys w/ identity, search in encrypted data, logging monitoring, and all the NIST SP 800-53,
  15. @vixentael Also, using “end-to-end encryption” doesn’t mean that ALL your

    data is encrypted end-to-end AND local data is encrypted AND e2ee is enabled by default meta-data, attachments some ppl call TLS — E2EE :) data at rest enc is separate opt-in vs opt-out AND backups are encrypted also separate also apps can collect phone numbers, location, IPs, device info, etc AND cipher is modern xor, base64, AES CBC
  16. app @vixentael Client-side field-level encryption (CSFLE) docs.mongodb.com/drivers/security/client-side-field-level- encryption-guide app code

    MongoDB SDK MongoDB stores records with encrypted fields encryption / decryption key vault TLS writes records with encrypted fields reads records with encrypted fields TLS
  17. app / server @vixentael Proxy-side transparent field-level encryption github.com/cossacklabs/acra database

    key vault stores records with encrypted fields writes records with encrypted fields reads records with encrypted fields Acra proxy encryption / decryption TLS TLS TLS
  18. @vixentael speakerdeck.com/veorq/hunting-for-vulnerabilities-in-signal Hunting for vulnerabilities in Signal, 2017, by @veorq

    and @marver infoq.com/articles/ale-software-architects/ Application Level Encryption for Software Architects, by @9gunpi buttondown.email/cryptography-dispatches/archive/ cryptography-dispatches-the-most-backdoor-looking/ ‘xor nonce’ bug in Telegram protocol, by @FiloSottile