e2ee != security != privacy

Transcript

1. e2ee ≠ security ≠ privacy @vixentael

2. @vixentael head of customer solutions, security software engineer OSS maintainer:

   Themis, Acra focused on applied crypto and building e2ee protocols

3. cossacklabs.com/products Data security tools & solutions @vixentael We make software

   to get data security right – from open-source and proprietary cryptographic tools to custom solutions and consulting.

4. We help with e2ee in apps blog.bear.app cossacklabs.com/blog/ @vixentael appspector.com

   userbase.com

5. Lots of misunderstanding about security, privacy and encryption @vixentael

6. @vixentael

7. @vixentael Using “end-to-end encryption” doesn’t mean that ALL your data

   is encrypted end-to-end AND local data is encrypted AND e2ee is enabled by default AND backups are encrypted AND cipher is modern

8. @vixentael Using “end-to-end encryption” doesn’t mean that ALL your data

   is encrypted end-to-end AND local data is encrypted AND e2ee is enabled by default meta-data, attachments some ppl call TLS — E2EE :) data at rest enc is separate opt-in vs opt-out AND backups are encrypted also separate also apps can collect phone numbers, location, IPs, device info, etc AND cipher is modern xor, base64, AES CBC

9. twitter.com/mikebutcher/status/1347105722035822593 @vixentael All these apps use e2ee

10. securemessagingapps.com @vixentael docs.google.com/spreadsheets/d/1I_qS5Oy1lRpd6FEw-4AqrFxq- FLN-m6bJPJf2drdwRY/htmlview#gid=0

11. @vixentael What data we collect, how we link it to

    the user, who has access to collected info, do we give access to gov, where servers are located. See GDPR/CCPA. Privacy & trust How we protect collected data, access, apps, dbs, servers, backups. See OWASP ASVS/MASVS/SAMM. AppSec, DataSec, InfraSec. Security Some data is e2ee’d from user to same/another user, servers don’t have access to keys/secrets/plaintext. E2EE

12. @vixentael Privacy Security E2EE Any combinations possible

13. Now, let’s talk about encryption from data-flow perspective @vixentael

14. input, generation, local storage processing storage logs, analytics Encryption depends

    on a dataflow web frontend storage mobile frontend web admin backups payment service orders processing analytics i i o i p s s p @vixentael

15. @vixentael Encryption data stored encrypted locally – data-at-rest encryption; also

    FS/OS encryption, TDE. host / server host / server transport layer encryption – data-in-transit encryption (TLS, IPSec, SSH). host / server

16. @vixentael Application-level encryption (ALE) data encrypted by app – application-level

    encryption (ALE) app ALE happens on client side – client-side encryption client ALE happens on server side – server-side encryption server proxy … proxy-side encryption

17. @vixentael server 1 server 2 server 3 TLS (in transit)

    server 1 server 2 server 3 Alice app 2 Bob application-level encryption Alice app 2 Bob

18. @vixentael E2EE, FLE only some data fields are encrypted –

    field-level encryption (FLE) Alice client-side encryption when no keys/ secrets/data is available to servers – end-to-end encryption Bob

19. @vixentael Transparent encryption Data is encrypted in a database, but

    apps don’t know about this – Transparent Database Encryption (TDE) Data is encrypted on a proxy, but apps/dbs don’t know about this – Transparent Proxy-side Encryption proxy app app

20. @vixentael Obviously, because TLS and ALE have totally different threat

    models.

21. @vixentael encryption controls / events transit (TLS) disk / FS

    TDE / DB encryption ALE E2EE physical access to servers ⛔ ✅ ✅ ✅ ✅ MitM ✅ ⛔ ⛔ ✅ ✅ privileged DB access ⛔ ⛔ ⛔ ✅ ✅ privileged system access ⛔ ⛔ ⛔ Depends ✅ backups, logs, snapshots ⛔ ⛔ Few ✅ ✅ infoq.com/articles/ale-software-architects/

22. @vixentael if E2EE is so great, why we don’t use

    it everywhere? TLS FS/OS encr, TDE custom data- at-rest encr ALE E2EE security efforts, tradeoffs

23. @vixentael if E2EE is so great, why we don’t use

    it everywhere? TLS FS/OS encr, TDE custom data- at-rest encr ALE E2EE security efforts, tradeoffs key storage, key rotation, key revocation, data re-encryption, consistency, backups, tying keys w/ identity, search in encrypted data, logging monitoring, and all the NIST SP 800-53,

24. @vixentael Also, using “end-to-end encryption” doesn’t mean that ALL your

    data is encrypted end-to-end AND local data is encrypted AND e2ee is enabled by default meta-data, attachments some ppl call TLS — E2EE :) data at rest enc is separate opt-in vs opt-out AND backups are encrypted also separate also apps can collect phone numbers, location, IPs, device info, etc AND cipher is modern xor, base64, AES CBC

25. More complicated schemes @vixentael

26. app @vixentael Client-side field-level encryption (CSFLE) docs.mongodb.com/drivers/security/client-side-field-level- encryption-guide app code

    MongoDB SDK MongoDB stores records with encrypted fields encryption / decryption key vault TLS writes records with encrypted fields reads records with encrypted fields TLS

27. app / server @vixentael Proxy-side transparent field-level encryption github.com/cossacklabs/acra database

    key vault stores records with encrypted fields writes records with encrypted fields reads records with encrypted fields Acra proxy encryption / decryption TLS TLS TLS

28. That’s all folks @vixentael

29. @vixentael speakerdeck.com/veorq/hunting-for-vulnerabilities-in-signal Hunting for vulnerabilities in Signal, 2017, by @veorq

    and @marver infoq.com/articles/ale-software-architects/ Application Level Encryption for Software Architects, by @9gunpi buttondown.email/cryptography-dispatches/archive/ cryptography-dispatches-the-most-backdoor-looking/ ‘xor nonce’ bug in Telegram protocol, by @FiloSottile

30. @vixentael github.com/vixentael/my-talks