Alice in Cyber world

Size: px

Start display at page:

Download "Alice in Cyber world"

Katrina Charleen Miles
5 years ago
Views:

1 Alice in Cyber world

2 Protecting Secrets in The Connected World K.S.Sreedharan Director IT Zoho

3 Cast Alice Claude Eve Bob Govan

4 Story So Far

5 Symmetric Key

6 Asymmetric Key

7 Twist in the Tale

8 Claude Convenience

9 Peeping Govan GOOG FB MSFT 15,000-15,999 YHOO

10 Ever-present Eve

11 Claude s Problem

12 Alice s Quandary Convenience Privacy

13 Solution

14 Saving Private Data

15 Weak spots Transport Sniffing Stealing passwords Store Key management Sensitive data for calculation Rest Key compromise

16 Transport Security

17 Transport Travails Snooping by Eve BEAST Session Negotiation Vulnerability Passwords by interception Snooping by Govan Improper Key exchange selection Retrospective decryption from stored data

18 SSL Key Exchange A L I C E Request SSL Signature + Public Key Offer Encryption Schemes Pick Encryption Scheme Shared Key enc with Public Key Accept Shared Key C L A U D E Server Certificate Private Key can be used to read communication

19 Forward Security Ephemeral Diffie-Hellman Server generates a new Diffie-Hellman public key for each session and signs the public key. The client also generates a public key Using Diffie-Hellman they both generate a mutual session key % overhead with ECDHE-RSA

20 Securing Transport Always on Encryption Session-wide encryption. SSL default Configuration Forward secrecy, Cipher Selection Update Browser, SSL libraries Test Ssllabs Browser

21 Zero Knowledge Proof

22 ZKPP - SRP LTPK = Hash of Salt and Password Derive EPK A from random number Compute CEP S & hash to derive K M1=Hash(A,B,K) Verify M2 A L I C E Name Send Salt A B, u (a random param) M1 M2 C L A U D E Lookup salt, verifier Derive EPK B from random number Compute CEP S & hash to derive K Verify M1 M2=Hash(A,M1,K)

23 Zero Knowledge Proof Do not send sensitive information at all Prove that a computation can be done without actually performing it Applications Authentication Auctions Financial transactions Voting

24 Store Security

25 Problems Overheads due to encryption Managing Keys and rotating them Preventing Key compromise Performing operations on data without exposing the data

26 Split Key Management Key for data encryption Should be rotated Encrypted using Master Key Master Key Generated on initialization Master Key encrypted with Key encrypting Key and stored Key Encrypting Key generated from passwords from two custodians

27 Secret Computing Cryptographic Dark Room Information is encrypted by Alice Evaluation function on encrypted data by Claude Result in encrypted form sent to Alice Alice decrypts and gets the result Applications Encrypted Search terms Computations

28 FHE - GloveBox

29 Homomorphic encryption ROT 13 Concat (HELLO WORLD) > HELLOWORLD Concat(Enc(HELLO WORLD)) > URYYBJBEYQ Dec(URYYBJBEYQ) > HELLOWORLD RSA ϵ(x1) = x1 e mod m ϵ(x2) = x2 e mod m ϵ(x1). ϵ(x2) = (x1.x2) e mod m = ϵ(x1.x2)

30 FHE Fully Homomorphic Handle all functions Has compact ciphertexts Efficient for server and decryption for client Binary AND, OR, NOT operations will handle all functions Functions as circuits Work in Progress

32 Security at Rest

33 Problems Key compromise Claude storing keys Claude giving the keys to Govan Eve stealing it Control of Keys Split control of Keys

34 Solutions Hardware Security Module Tamper Proof Amazon Cloud HSM Tresorit Encryption at Alice s end Porticor Split control of Keys (Alice + Claude) Partial homomorphic encryption

35 Bruce Schenier

Understand the TLS handshake Understand client/server authentication in TLS. Understand session resumption Understand the limitations of TLS

Last Updated: Oct 31, 2017 Understand the TLS handshake Understand client/server authentication in TLS RSA key exchange DHE key exchange Explain certificate ownership proofs in detail What cryptographic