Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/2jWsN95. Anastasiia Voitova talks about cryptography: how it helps to narrow more significant risks to controlled attack surfaces, enables managing the risk efficiently, and how tools and algorithms sit in a broader context of managing infrastructure-wide risks associated with handling sensitive data. She also focuses on what to do after implementing encryption in a system. Filmed at qconlondon.com. Anastasiia Voitova is Product Engineer at Cossacklabs. She has plenty of experience in building mobile apps. She developed many applications, frequently taking care of both iOS and server sides of the system.

1. ENCRYPTION WITHOUT
MAGIC,
RISK MANAGEMENT
WITHOUT PAIN
#qconlondon @vixentael

2. InfoQ.com: News & Community Site
Watch the video with slide
synchronization on InfoQ.com!
https://www.infoq.com/presentations/
encryption-risk-management
• Over 1,000,000 software developers, architects and CTOs read the site world-
wide every month
• 250,000 senior developers subscribe to our weekly newsletter
• Published in 4 languages (English, Chinese, Japanese and Brazilian
Portuguese)
• Post content from our QCon conferences
• 2 dedicated podcast channels: The InfoQ Podcast, with a focus on
Architecture and The Engineering Culture Podcast, with a focus on building
• 96 deep dives on innovative topics packed as downloadable emags and
minibooks
• Over 40 new content items per week

3. Purpose of QCon
- to empower software development by facilitating the spread of
knowledge and innovation
Strategy
- practitioner-driven conference designed for YOU: influencers of
change and innovation in your teams
- speakers and topics driving the evolution and innovation
- connecting and catalyzing the influencers and innovators
Highlights
- attended by more than 12,000 delegates since 2007
- held in 9 cities worldwide
Presented at QCon London
www.qconlondon.com

5. @vixentael Product Engineer
Feel free to reach me with
security questions.
I do check my inbox :)

6. CRYPTOGRAPHY?

7. CRYPTOGRAPHY?
AES
DES
3DES
CBC
CFB
SEAL
Salsa20
RSA
DSA
OFB
Blowfish
SHARK
RC4
DSS
ECB
CTR
Twofish
Camelia
SEED
Rabbit
ECDSA
#qconlondon @vixentael

8. CRYPTOGRAPHY?
AES
#qconlondon @vixentael
DES
3DES
CBC
CFB
SEAL
Salsa20
RSA
DSA
OFB
Blowfish
SHARK
RC4
DSS
ECB
CTR
Twofish
Camelia
SEED
Rabbit
ECDSA
MD5
SHA1
SHA3

9. #qconlondon @vixentael
algorithms
elliptic curves
key management
public key validity
storing secrets
CRYPTOGRAPHY
cool, but…

10. #qconlondon @vixentael
crypto is not a
but a method to manage
the attack surface

11. #qconlondon @vixentael
ATTACK SURFACE
– all the possible places
where sensitive data may be
stolen by adversary
https://www.owasp.org/index.php/Attack_Surface_Analysis_Cheat_Sheet

12. #qconlondon @vixentael
it’s easier to monitor
the suspicious behavior
in a small place

13. #qconlondon @vixentael
HANDLING SECRET DATA WITH CARE
avoid plain text as possible
manage keys properly
decrease time of plaintext secrets in memory
log, monitor and inspect

14. – HOW TO MANAGE
THE ATTACK SURFACE
OF MY DATA?

15. #qconlondon @vixentael
one container one key
symmetric encryption
with poor key management

16. #qconlondon @vixentael
attack surface
is arbitrary
one container one key
symmetric encryption
with poor key management
key leaked
→ data leaked

17. #qconlondon @vixentael
WHAT IS A CRYPTO-SYSTEM
https://en.wikipedia.org/wiki/Cryptosystem

18. #qconlondon @vixentael
KEY AND TRUST MANAGEMENT
SHOULD REFLECT YOUR SYSTEM

19. #qconlondon @vixentael
MESSAGING
https://core.telegram.org/api/end-to-end

20. #qconlondon @vixentael
GOOD MESSAGING
IS E2EE
…but your infrastructuresare not only for messaging

21. #qconlondon @vixentael
NAIVE DATABASE ENCRYPTION
attack surface
is almost everywhere

22. #qconlondon @vixentael
NARROWING ATTACK SURFACE
middleware-side
encryption
client-side
encryption

24. MIDDLEWARE-SIDE
ENCRYPTION

25. #qconlondon @vixentael
SQL injections
code injections
execution flow attacks
reflection attacks
XSS
crypto-miners everywhere
MitM
REAL-WORLD WEB SERVER

26. #qconlondon @vixentael
ATTACK SURFACE IS
EVERYWHERE :(
REAL-WORLD WEB SERVER
monitor everything

27. #qconlondon @vixentael
TRY SYMMETRIC ENCRYPTION?
encrypt/decrypt data
using symm key

28. #qconlondon @vixentael
TRY SYMMETRIC ENCRYPTION?
encrypt/decrypt data
using symm key
easy to steal a key
https://www.alibabacloud.com/
help/faq-detail/37505.htm

29. #qconlondon @vixentael
ASYMMETRIC ENCRYPTION
wrapped data = Enc(data,
random symm key)
container = Enc(wrapped
data, PKweb, PubKtds)

30. #qconlondon @vixentael
wrapped data = Enc(data,
random symm key)
container = Enc(wrapped
data, PKweb, PubKtds)
PubKey of ‘trusted
decryption service’
ASYMMETRIC ENCRYPTION

31. #qconlondon @vixentael
TRUSTED DECRYPTION SERVICE
wrapped_data = Dec(container,
PKtds, PubKweb)
data = Dec(wrapped_data,
random symm key)
decrypts data

32. #qconlondon @vixentael
trusted element in
infrastructure
SEPARATION OF DUTIES
no decryption
keys
monitor & log

33. NARROWED ATTACK
SURFACE
TRUSTED DECRYPTION SERVICE
#qconlondon @vixentael

34. #qconlondon @vixentael
monitor everything
monitor decryption proxy

35. #qconlondon @vixentael
WHERE TO USE THIS TECHNIQUE?
micro-services infrastructure
public-oriented interfaces
non trusted client side (browsers, IoT devices)
hard to store keys securely

36. #qconlondon @vixentael
HOW TO IMPLEMENT?
ACRA
https://github.com/cossacklabs/acra
GREEN SQL
https://github.com/larskanis/greensql-fw
HEXATIER
http://www.hexatier.com/
ORACLE DATABASE
FIREWALL / TDE
http://www.oracle.com/

38. CLIENT-SIDE
ENCRYPTION

39. #qconlondon @vixentael
MOVE TRUST TO CLIENTS
session hijacking
unattended backups
MitM
replay attacks
misconfigured ACL
trusted element in
infrastructure

40. #qconlondon @vixentael
P2P TRUST
system doesn’t know
anything about data
encrypted
containers
user-generated
keys

41. ZERO KNOWLEDGE
ARCHITECTURES
#qconlondon @vixentael

42. ZKA is a design principle that
enables software to provide services
over protected client data without
having an unencrypted access to it.
#qconlondon @vixentael

43. e2ee clients
ZKA INCLUDES:
#qconlondon @vixentael

44. e2ee clients
all operations are on encrypted data:
– control access to data from different users
– CRUD
– search (in encrypted data)
ZKA INCLUDES:
#qconlondon @vixentael

45. #qconlondon @vixentael
weak key management
algorithm weakness
user pocket
attack surface
RISKS FOR ZKA:

46. WHEN TO USE ZKA?
#qconlondon @vixentael
trusted client side (mobile, HSM/TPM)

47. ZKA is already solved for
specific use-cases or
in a naive ways
#qconlondon @vixentael

48. MESSAGING END-TO-END
ENCRYPTION
#qconlondon @vixentael

49. AUTHENTICATION ZERO KNOWLEDGE
PROOF
https://www.cossacklabs.com/zero-
knowledge-protocols-without-magic.html
#qconlondon @vixentael

50. COLLABORATING
ON DATA
– store encrypted
– share with others
– manage access to
parties
#qconlondon @vixentael
???

51. naive approach
– duplications
– key management
problems
#qconlondon @vixentael
SHARING ENCRYPTED DATA

52. give access to
certain blocks of
data to exact users
https://github.com/
cossacklabs/hermes-core
#qconlondon @vixentael
OUR TAKE

53. – Key wrapping
storage keys user keysblocks
#qconlondon @vixentael
HOW TO BUILD IT?

54. #qconlondon @vixentael
HOW TO BUILD IT?
– Key wrapping
– Manage privileges

55. – Key wrapping
– Manage privileges
– Control requests
#qconlondon @vixentael
HOW TO BUILD IT?

56. shared
audit logs complex docs,
spreadsheets
config files
file system
document store
protection
#qconlondon @vixentael
MORE POSSIBLE USE-CASES

57. OTHER IMPLEMENTATIONS
#qconlondon @vixentael
HERMES
https://github.com/cossacklabs/hermes-core
ZEROKIT
https://tresorit.com/zerokit
LAFS
https://tahoe-lafs.org/trac/tahoe-lafs

58. #qconlondon @vixentael
monitor everything
monitor client side

59. MORE GOODIES TO
THINK ABOUT

60. Cryptography is well implemented,
if it allows to narrow attack surface,
and increase control of data.
#qconlondon @vixentael

61. if the system has
one perimeter,
it will fail!
ECHELONIZATION
#qconlondon @vixentael

62. #qconlondon @vixentael
..add more layers
of defense
ECHELONIZATION

63. EXCEPT CRYPTO, YOU ALSO NEED
log and monitor events
intrusion pattern detection
access control
firewall
...

64. https://pdos.csail.mit.edu/papers/cryptobugs:apsys14.pdf
269 CVEs
from 2011-2014
17%
83%
bugs inside crypto libs
misuses of crypto libs
by individual apps
#qconlondon @vixentael

65. RECAP
2

66. #qconlondon @vixentael
THINGS TO REMEMBER
1. cryptography aims to narrow the attack surface
2. choose relevant encryption scheme
3. combine crypto and classic techniques
4. there is a lib for that

68. https://hackernoon.com/eli5-zero-knowledge-proof-78a276db9eff
Explain Like I’m 5: Zero Knowledge Proof
https://medium.com/@9gunpi/devops-and-security-from-trenches-to-command-
centers-466dfb58fe5b
DevOps and security: from trenches to command centers
https://medium.com/@cossacklabs/12-and-1-ideas-how-to-enhance-backend-data-
security-4b8ceb5ccb88
12 and 1 ideas how to enhance backend data security
LINKS
https://www.smashingmagazine.com/2018/02/gdpr-for-web-developers/
How GDPR Will Change The Way You Develop

69. https://github.com/
vixentael/my-talks
…and more
MY OTHER SECURITY SLIDES

70. @vixentael Product Engineer
Feel free to reach me with
security questions.
I do check my inbox :)

71. IMAGE CREDITS
www.flaticon.com
freepik, linector, switficons, pixelperfect, smashicons, icon pond,
dinosoftlabs
Authors:

72. Watch the video with slide
synchronization on InfoQ.com!
https://www.infoq.com/presentations/
encryption-risk-management