how to use encryption for defense in depth in native and
play

How to use Encryption for Defense in Depth In Native and Browser - PowerPoint PPT Presentation

Jan 11, 2023 •26 likes •446 views

How to use Encryption for Defense in Depth In Native and Browser Apps Isaac Potoczny-Jones ijones@tozny.com November 13, 2019 @SyntaxPolice https://tozny.com When we think of driving safety We address both the road and the car.

  1. How to use Encryption for Defense in Depth In Native and Browser Apps Isaac Potoczny-Jones ijones@tozny.com November 13, 2019 @SyntaxPolice https://tozny.com

  2. When we think of driving safety… …We address both the road and the car. Proprietary Information

  3. Encrypting the Securing the Road Infrastructure • Stoplights • HTTPS / TLS • Speed limits • VPNs, IPSEC • Gentle curves • Full Disk Encryption • Lines on the road • Transparent Database Encryption • No passing zones

  4. Securing the Securing the Car Application • Seatbelts • Malware • Crumple zones • Buffer Overflows • Airbags • Side Channels • Horns • Broken Authentication • (Better driving) • (Better programming) • (Not much crypto…)

  5. More Application-Level Security Should Include Application-Level Data Encryption Because: Defense In Depth

  6. But Application-Level Means More Programming • Many applications share the same infrastructure • So infrastructure-level cryptography is easier to implement • With application-level cryptography • More programmers write more code • And we will often get it wrong • The encryption community isn’t great about making developer tools • This is the subject of another series of talks As a result, we don’t do it, even though we should

  7. “Developers are adding a lot of crypto to their code, especially in sectors like health care and financial services, but they're doing it poorly” - Veracode CTO Chris Wysopal.

  8. Infrastructure-Layer Encryption In the Browser* *(HTTPS)

  9. Conceptual HTTPS

  10. A more realistic system architecture Oversimplifying the view of infrastructure makes infrastructure-level encryption seem easier

  11. Actual HTTPS (Plus IPSec and DAR)

  12. 169 Trusted Certificate Issuers in MacOS Proprietary Information

  13. Attack Models (HTTPS is great, but) HTTPS has been attacked many times • Subpoena the company storing the data • Break into one of the systems NOT secured by HTTPS • Misconfiguration of HTTPS • Steal a key / Subvert a CA • MITM with an enterprise-issued cert • Trick the user by getting them to visit a different site • JavaScript attack model • etc...

  14. Summary: Why HTTPS is not enough • It doesn’t protect the data everywhere it goes • It relies on a massive trust infrastructure outside user control • It’s necessary, but not sufficient for strong privacy & security

  15. Application-Layer Encryption Introduction

  16. One-Party / One-Device Encryption • Encryption and decrypting is happening: • On the same device / in the same place / by the same person • E.g. local encryption of data on Android • Tozny publishes a popular open source library for Android for this • This is relatively easy • Derive a key from the user’s password, no need to share keys • Biometric on modern mobile operating systems • Encrypt and decrypt in the same programming language Encrypted Data Local Encryption and Decryption Encrypted Local Data Storage

  17. Communicating between users or from user to server Why is this hard? • Encrypting and decrypting in different programming languages • (Good luck getting all AES parameters to line up, or use libSodium) • Various communication attacks that HTTPS takes care of for you • (you probably need HTTPS too) • Key exchange / establishing trust and identity of user / device / server • (Users can’t key) Encrypted Data Local Remote Encryption Decryption Server Storage

  18. Application-Layer Plus HTTPS

  19. End-to-end Encryption

  20. What is End-to-end Encryption? • Data is encrypted on the device of the person who created the data • Data is only decrypted by the intended receiver of the data • No intermediate parties have the keys • No servers, no networks, no wireless protocols, no government Encrypted Encrypted Data Data Data Creation Server Data Use Local Encryption Can’t See Data Local Decryption

  21. Pretty Good Privacy / GPG • PGP is the venerable Swiss Army Knife of encryption • It’ll encrypt anything but you have to find a way to send it • It lets you mark public keys of other users as trusted • We used to have parties where we would sign each-others’ keys • It’s very hard to use, and even harder to use right • Lots of stuff is built on it

  22. Chat Apps • A modern phenomenon is to have encrypted chat apps • Encrypt by the sender, decrypt by the receiver • Examples: Signal, WhatsApp, iMessage • The goal is that people can communicate securely! • Everyday conversations between people who don’t want to be spied on • People who want to share information with reporters • Government employees sometimes use them instead of their official email Encrypted Encrypted Chats Chats Write Message Signal Server Read Message Local Encryption Can’t See Chats Local Decryption

  23. Applications and Code Delivery • Encryption in mobile and desktop applications have a good workflow • Your phone installs an app from the app store (which has digital signatures) • That app has encryption / decryption code in it • Presumably it’s vetted and the vetted app is the one that was installed • You use some out-of-band mechanism like a voice call to verify keys • And unlike browser-based apps: • Code doesn’t change on-the-fly every time you open the app • Your copy of the code is the same as everyone else’s Encrypted Data Encrypted Trusted Data App Data Creation Server Data Use App Store Local Encryption Can’t See Data Local Decryption

  24. Attacking End-to-end encryption • It’s is so powerful that it solves* a bunch of vulnerabilities • Encryption for privacy, not just security • Subpoenas, warrants, and other government intervention against cloud • Misuse of data and other privacy violations • Undermining of HTTPS by CAs, governments, employers, etc. • Attacks • Make it illegal, or target people who use e2e encryption • Force the developer to undermine the encryption • Guess the password works if the key is derived from a password • Best attack is to hack the end device (this has been happening) *mitigates

  25. Hacking the end device “WhatsApp’s End-to-End Encryption Is A Gimmick” –Bloomberg (May ‘19) • Without end-to-end encryption, bad guys can use dragnet attacks • Get all of the data from hacking the database • Use that against whoever you find • With end-to-end encryption, bad guys must use targeted attacks • This is a very good thing! It’s what you want! • Exploits against end user devices get discovered and fixed Celebrate when you see headlines saying “encrypted app got hacked”!

  26. Application-Layer Encryption In the Browser* *(Don’t freak Out)

  27. What it is • Ship encryption code to the browser, probably in JavaScript • Use password-derived keys or local / session storage to manage keys • Encrypt data with JavaScript before sending it on its way • This is how ProtonMail works Encrypted Encrypted Data Data Data Creation Server Data Use

  28. Attacking Browser-Layer Encryption • Crypto code gets dynamically shipped to the browser • That code can exfiltrate the data • Can target specific users • Can change moment to moment • How can you trust it? • e.g. Attack the TLS connection or modify the code before it goes to the user 2. Encrypted 3. Encrypted Data Data 1. Code to Data Creation Server Data Use Encrypt Data (TLS)

  29. A good paper on the topic https://eprint.iacr.org/2018/1121.pdf

  30. But remember that real services are more complex • What if your static hosting bucket is secure • But you have an SQL injection in your API code? • Attacks aren’t “all or nothing” 2. Encrypted Data 3. Injection Attck 4. Encrypted Apps API Data 1. Code to Encrypt Data (TLS) Database Static Hosting

  31. ”It’s Broken Anyway” is a problematic mindset It argues that: • End users shouldn’t use the web for sensitive stuff • It’s impossible to do end-to-end encryption in the browser • It’s not really end-to-end encryption • It relies on TLS anyway

  32. Defense in Depth: Application-Layer crypto mitigates problems* • It reduces the need to trust your entire infrastructure • The API server and the admins on that server don’t see the plain text • The plain text isn’t in the database and subject to e.g. SQL injections • Data has a way of spreading, e.g. going into backups unencrypted • ”Web servers” are not one thing anymore; infrastructure is complex, and attacks are not “all or nothing” • It’s harder to force a company to change code than to hand over data • Attacks are detectable on the client, increasing risk of getting caught • Browsers are improving in the ability to trust code • You can add application-level access rules and enforcement logic (*Even in the browser)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Defense in Depth: In Depth Presented by: Chelsea H. Komlo About me - Software engineer, privacy

Defense in Depth: In Depth Presented by: Chelsea H. Komlo About me - Software engineer, privacy

Defense in Depth: In Depth Presented by: Chelsea H. Komlo About me - Software engineer, privacy and security engineer - HashiCorp, ThoughtWorks, Tor - Worked in 5 countries and two languages About this talk - NOT how to do security -

564 views • 32 slides
USING NATIVE AFRICAN SPECIES TO SOLVE AFRICAN WASTEWATER CHALLENGES: AN IN-DEPTH STUDY OF TWO

USING NATIVE AFRICAN SPECIES TO SOLVE AFRICAN WASTEWATER CHALLENGES: AN IN-DEPTH STUDY OF TWO

1 USING NATIVE AFRICAN SPECIES TO SOLVE AFRICAN WASTEWATER CHALLENGES: AN IN-DEPTH STUDY OF TWO VETIVER GRASS SPECIES Effiom Oku 1 , Kwabena Asubonteng 1 , Catherine Nnamani 2 , Itam Michael 3 and Paul Truong 3 1 United Nations University

556 views • 14 slides
GANT: A Defense in Depth Approach TF-MSP Wayne Routly Trondheim.no Security Manager

GANT: A Defense in Depth Approach TF-MSP Wayne Routly Trondheim.no Security Manager

GANT: A Defense in Depth Approach TF-MSP Wayne Routly Trondheim.no Security Manager September 2013 DANTE connect communicate collaborate Before . connect communicate collaborate Agenda Defence in Depth - A Layered

323 views • 9 slides
In-depth Percona Server/MySQL encryption Robert Golebiowski Percona Keyrings Keyrings

In-depth Percona Server/MySQL encryption Robert Golebiowski Percona Keyrings Keyrings

In-depth Percona Server/MySQL encryption Robert Golebiowski Percona Keyrings Keyrings General Concept Plugin installation - always successful - keyrings variables may need correction - keyring_vault_config - keyring_file_data 3

780 views • 47 slides
Learnings from Fukushima Dai-ichi Accident: - Defense-in-Depth, Human and Organizational aspects,

Learnings from Fukushima Dai-ichi Accident: - Defense-in-Depth, Human and Organizational aspects,

2016/3/30 Learnings from Fukushima Dai-ichi Accident: - Defense-in-Depth, Human and Organizational aspects, Safety approaches- Akira OMOTO, Professor, Tokyo Institute of Technology (omoto@nr.titech.ac.jp) Ou Outline Weakness in the application

650 views • 38 slides
MineSweeper: An In-depth Look into Drive-by Mining and its Defense Veelasha Moonsamy Utrecht

MineSweeper: An In-depth Look into Drive-by Mining and its Defense Veelasha Moonsamy Utrecht

MineSweeper: An In-depth Look into Drive-by Mining and its Defense Veelasha Moonsamy Utrecht University, The Netherlands 28 August 2018 University of Adelaide, Australia Utrecht University, The Netherlands 2 Acknowledgment Joint

874 views • 61 slides
Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about encryption? Encryption Certificates Crypto Currencies Public Key AES Encryption Privacy SSH VPN HTTPS TLS Quantum Digital Signatures

837 views • 46 slides
Information Security Offense and Defense HIMSS Heart of America Chapter February 2015 Depth

Information Security Offense and Defense HIMSS Heart of America Chapter February 2015 Depth

Information Security Offense and Defense HIMSS Heart of America Chapter February 2015 Depth Security Who we are Boutique Information Security Firm Founded in 2006 Based in Kansas City, Missouri Your organizations best

253 views • 12 slides
TLS Record Protocol: Security Analysis and Defense-in-depth Countermeasures for HTTPS Olivier

TLS Record Protocol: Security Analysis and Defense-in-depth Countermeasures for HTTPS Olivier

TLS Record Protocol: Security Analysis and Defense-in-depth Countermeasures for HTTPS Olivier Levillain, Baptiste Gourdin, Herv Debar ANSSI, Sekoia, Tlcom SudParis ASIACCS 2015 Levillain, Gourdin, Debar (ASIACCS) TLS Record Protocol

793 views • 62 slides
Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware Encryption S Web Encryption S Email Encryption OpenPGP S S/MIME S S Online Social Network Public Key Encryption S Encryption/Decryption

842 views • 26 slides
Going Native Getting your content discovered What is NATIVE Advertising? With many different

Going Native Getting your content discovered What is NATIVE Advertising? With many different

Going Native Getting your content discovered What is NATIVE Advertising? With many different definitions in the industry this is still a Native advertising is a form of fuzzy concept but Zane Furtado, Acquire Online Programmatic advertising

750 views • 15 slides
RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of encryption Wednesday, but none of these is good enough to be used in actual situations. Today well talk about one method, RSA Encryption, which is

1.01k views • 59 slides
Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a

Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a

Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a way that only authorized parties can read the content of the original message History of encryption dates back to 1900 BC Two types of

533 views • 38 slides
Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure communication. Does not allow modifying encrypted data. Homomorphic Encryption: allows computation on encrypted data, but result remains encrypted Functional

987 views • 61 slides
Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2

Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2

Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2 What is Encryption? Want to prevent someone (an attacker) from accessing private data Permissions arent good enough Root user can

788 views • 20 slides
Functional Encryption for Regular Languages Brent Waters Public Key Encryption

Functional Encryption for Regular Languages Brent Waters Public Key Encryption

Functional Encryption for Regular Languages Brent Waters Public Key Encryption [DH76,M78,RSA78,GM84] Avoid Prior Secret Exchange PubK SK 2 Functional Encryption [SW05] Functionality: f( , ) MSK Authority Key: y 2 {0,1}* y SK CT: x

945 views • 16 slides
Cybersecurity Today CYBERSECURITY IN TODAYS WORLD Cyberattacks in Wyoming Medical

Cybersecurity Today CYBERSECURITY IN TODAYS WORLD Cyberattacks in Wyoming Medical

Cybersecurity Today CYBERSECURITY IN TODAYS WORLD Cyberattacks in Wyoming Medical Facilities Local Government Schools Law Enforcement Media Outlets The threat and how to think about it Ransomware has rapidly emerged as the most

398 views • 15 slides
WCSP2016 Color Image Encryption in YCbCr Space Xin Jin 1 , Sui Yin 1 , Xiaodong Li 1 , Geng Zhao 1

WCSP2016 Color Image Encryption in YCbCr Space Xin Jin 1 , Sui Yin 1 , Xiaodong Li 1 , Geng Zhao 1

WCSP2016 Color Image Encryption in YCbCr Space Xin Jin 1 , Sui Yin 1 , Xiaodong Li 1 , Geng Zhao 1 , Zhaohui Tian 2 , Nan Sun 1 , Shuyun Zhu 2 1 Beijing Electronic Science and Technology Institute GOCPCCC Key Laboratory of Information Security 2

455 views • 28 slides
A Decentralized and Distributed E-voting Scheme Based on Cryptographic Shuffles Decentralized

A Decentralized and Distributed E-voting Scheme Based on Cryptographic Shuffles Decentralized

A Decentralized and Distributed E-voting Scheme Based on Cryptographic Shuffles Decentralized and Distributed Systems Laboratory Andy Caforio Responsible: Prof. Bryan Ford Supervision: Linus Gasser, Philipp Jovanovic 1 Way back when

445 views • 20 slides
Responding To Ransomware Ransomware Nightmares X by Invincea Ransomware is getting more

Responding To Ransomware Ransomware Nightmares X by Invincea Ransomware is getting more

X by Invincea Responding To Ransomware Ransomware Nightmares X by Invincea Ransomware is getting more sophisticated, and shifting to an enterprise threat Ransomware Nightmares X by Invincea To Pay Or Not To Pay? X by Invincea Your money or

780 views • 23 slides
Story Applications Hardware Software Key features Roadmap Summary Story Story Applications

Story Applications Hardware Software Key features Roadmap Summary Story Story Applications

Story Applications Hardware Software Key features Roadmap Summary Story Story Applications Hardware Software Key features Roadmap Summary Todays enterprise-grade firewalls have highly advanced function

489 views • 29 slides
European Citizens Initiative, Commission regulation proposal Focus on IT aspects Jrme

European Citizens Initiative, Commission regulation proposal Focus on IT aspects Jrme

European Citizens Initiative, Commission regulation proposal Focus on IT aspects Jrme Stefanini DIGIT.B.2 05/06/2018 Informatics Agenda Central platform Supporting an initiative online Validation of Statements of Support by

473 views • 21 slides
Company Presentation September 2019 | | Legal Disclaimer This presentation contains

Company Presentation September 2019 | | Legal Disclaimer This presentation contains

Company Presentation September 2019 | | Legal Disclaimer This presentation contains forward-looking statements within the meaning of the federal statements. Because forward-looking statements are inherently subject to risks and securities

515 views • 51 slides
More Connectivity Status Quo: Congestion Riders are abandoning mass transit, due to the

More Connectivity Status Quo: Congestion Riders are abandoning mass transit, due to the

More Connectivity Status Quo: Congestion Riders are abandoning mass transit, due to the experience. Those who can a f ord are moving to the road, causing congestion. We need a better value solution. More people onto transit /

163 views • 13 slides

More recommend