Encryption Without Magic, Risk Management Without Pain

Transcript

1. ENCRYPTION WITHOUT MAGIC, RISK MANAGEMENT WITHOUT PAIN @vixentael

2. @vixentael Product Engineer Feel free to reach me with security

   questions. I do check my inbox :)
3. None

4. CRYPTOGRAPHY?

5. CRYPTOGRAPHY? AES DES 3DES CBC CFB SEAL Salsa20 RSA DSA

   OFB Blowfish SHARK RC4 DSS ECB CTR Twofish Camelia SEED Rabbit ECDSA @vixentael

6. MD5 SHA1 SHA256 HASHING PASSWORDS? @vixentael

7. MD5 SHA1 SHA256 HASHING PASSWORDS? https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet https://dusted.codes/sha-256-is-not-a-secure-password-hashing-algorithm HKDF bcrypt PBKDF2

   @vixentael

8. algorithms elliptic curves key management public key validity storing secrets

   CRYPTOGRAPHY cool, but… @vixentael

9. crypto is not a but a method to manage the

   attack surface @vixentael

10. ATTACK SURFACE – all the possible places where sensitive data

    may be stolen by adversary https://www.owasp.org/index.php/Attack_Surface_Analysis_Cheat_Sheet @vixentael

11. it’s easier to monitor the suspicious behavior in a small

    place @vixentael

12. HANDLING SENSITIVE DATA WITH CARE avoid plaintext as possible manage

    keys properly decrease time of plaintext secrets in memory log, monitor and inspect @vixentael limit access to data

13. – HOW TO MANAGE THE ATTACK SURFACE OF MY DATA?

14. one container one key @vixentael symmetric encryption with poor key

    management

15. attack surface is arbitrary one container one key symmetric encryption

    with poor key management key leaked → data leaked @vixentael

16. https://en.wikipedia.org/wiki/Cryptosystem @vixentael

17. KEY AND TRUST MANAGEMENT SHOULD REFLECT YOUR SYSTEM @vixentael

18. MESSAGING https://core.telegram.org/api/end-to-end @vixentael

19. GOOD MESSAGING IS E2EE …but your infrastructures are not only

    for messaging @vixentael

20. NAIVE DATABASE ENCRYPTION attack surface is almost everywhere @vixentael

21. NARROWING ATTACK SURFACE middleware-side encryption client-side encryption @vixentael

22. None

23. MIDDLEWARE-SIDE ENCRYPTION

24. SQL injections code injections execution flow attacks reflection attacks XSS

    crypto-miners everywhere MitM REAL-WORLD WEB SERVER @vixentael

25. ATTACK SURFACE IS EVERYWHERE :( monitor everything @vixentael REAL-WORLD WEB

    SERVER

26. TRY SYMMETRIC ENCRYPTION? encrypt/decrypt data using sym key @vixentael

27. encrypt/decrypt data using sym key easy to steal a key

    https://www.alibabacloud.com/ help/faq-detail/37505.htm @vixentael TRY SYMMETRIC ENCRYPTION?

28. “COMBINED” ENCRYPTION @vixentael what if no decryption key?

29. “COMBINED” ENCRYPTION enc_data = Enc(data, Krand) container = (enc_data, PubKweb,

    enc_key) @vixentael enc_key = Enc(Krand, PrivKweb, PubKtds)

30. PubKey of ‘trusted decryption service’ @vixentael “COMBINED” ENCRYPTION

31. TRUSTED DECRYPTION SERVICE decrypts data @vixentael encrypts data

32. trusted element in infrastructure SEPARATION OF DUTIES no decryption keys

    monitor & log @vixentael

33. TRUSTED DECRYPTION SERVICE @vixentael NARROWED ATTACK SURFACE

34. monitor everything monitor decryption proxy @vixentael

35. WHERE TO USE THIS TECHNIQUE? micro-services infrastructure @vixentael public-oriented interfaces

    non-trusted client side (browsers, IoT devices) hard to store keys securely

36. HOW TO IMPLEMENT? ACRA https://github.com/cossacklabs/acra GREEN SQL https://github.com/larskanis/greensql-fw HEXATIER http://www.hexatier.com/

    ORACLE DATABASE FIREWALL / TDE http://www.oracle.com/ @vixentael
37. None

38. CLIENT-SIDE ENCRYPTION

39. MOVE TRUST TO CLIENTS session hijacking unattended backups MitM replay

    attacks misconfigured ACL trusted element in infrastructure @vixentael

40. P2P TRUST system doesn’t know anything about data encrypted containers

    user-generated keys @vixentael

41. ZERO KNOWLEDGE ARCHITECTURES @vixentael

42. ZKA is a design principle that enables software to provide

    services over protected client data without having an unencrypted access to it. @vixentael

43. e2ee clients @vixentael ZKA INCLUDES:

44. e2ee clients all operations are on encrypted data: – control

    access to data from different users – CRUD – search (in encrypted data) ZKA INCLUDES: @vixentael

45. weak key management algorithm weakness user pocket attack surface RISKS

    FOR ZKA: @vixentael

46. WHEN TO USE ZKA? trusted client side (mobile, HSM/TPM) @vixentael

47. ZKA is already solved for specific use-cases or in a

    naive ways @vixentael

48. MESSAGING END-TO-END ENCRYPTION @vixentael

49. AUTHENTICATION ZERO KNOWLEDGE PROOF https://www.cossacklabs.com/zero- knowledge-protocols-without-magic.html @vixentael

50. COLLABORATING ON DATA – store encrypted – share with others

    – manage access to parties ??? @vixentael

51. naive approach – duplications – key management problems SHARING ENCRYPTED

    DATA @vixentael

52. give access to certain blocks of data to exact users

    github.com/cossacklabs/ hermes-core CRYPTOGRAPHIC ACL @vixentael

53. – Key wrapping storage keys user keys blocks HOW TO

    BUILD IT? @vixentael

54. – Key wrapping – Manage privileges @vixentael HOW TO BUILD

    IT?

55. – Key wrapping – Manage privileges – Control requests @vixentael

    HOW TO BUILD IT?

56. shared audit logs complex docs, spreadsheets config files file system

    document store protection MORE POSSIBLE USE-CASES @vixentael

57. HERMES https://github.com/cossacklabs/hermes-core ZEROKIT https://tresorit.com/zerokit LAFS https://tahoe-lafs.org/trac/tahoe-lafs @vixentael IMPLEMENTATIONS

58. monitor everything monitor client side @vixentael

59. MORE GOODIES TO THINK ABOUT

60. Cryptography is well implemented, if it allows to narrow attack

    surface, and increase control of data. @vixentael

61. if the system has one perimeter, it will fail! ECHELONIZATION

    @vixentael

62. #qconlondon @vixentael ..add more layers of defense ECHELONIZATION

63. EXCEPT CRYPTO, YOU ALSO NEED log and monitor events credential

    management access control, access logging firewall, IDS, infrastructure management ...

64. https://pdos.csail.mit.edu/papers/cryptobugs:apsys14.pdf 269 CVEs from 2011-2014 17% 83% bugs inside crypto

    libs misuses of crypto libs by individual apps @vixentael

65. 2 RECAP

66. THINGS TO REMEMBER 1. cryptography aims to narrow the attack

    surface 2. choose relevant encryption scheme 3. combine cryptography and classic security techniques @vixentael 4. echelonization, compartmentalization

67. https://medium.freecodecamp.org/preventing-leaks-and-injections-in-your-database- be3743af7614 How to prevent database leaks and injections https://medium.com/@cossacklabs/12-and-1-ideas-how-to-enhance-backend-data-

    security-4b8ceb5ccb88 12 and 1 ideas how to enhance backend data security BACKEND SECURITY https://www.cossacklabs.com/blog/gdpr-for-engineers.html GDPR for engineers: technical requirements https://samnewman.io/talks/insecure-transit-microservice-security/ Insecure Transit - Microservice Security

68. CRYPTOGRAPHY https://hackernoon.com/eli5-zero-knowledge-proof-78a276db9eff Explain Like I’m 5: Zero Knowledge Proof https://www.owasp.org/index.php/Secure_Coding_Cheat_Sheet

    Secure Coding Cheat Sheet https://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_- _Quick_Reference_Guide Secure Coding Practices

69. @vixentael cryptographic software, security consulting, developers training github.com/ vixentael/my-talks

70. IMAGE CREDITS www.flaticon.com freepik, linector, switficons, pixelperfect, smashicons, icon pond,

    dinosoftlabs Authors: