how to prevent cryptographic pitfalls by design
play

How to prevent cryptographic pitfalls by design February 3, 2019 - PowerPoint PPT Presentation

Department of Informatics Security and Privacy Maximilian Blochberger How to prevent cryptographic pitfalls by design February 3, 2019 How to prevent cryptographic pitfalls by design Goal Raise awareness of cryptographic misuse Disclaimer


  1. Department of Informatics Security and Privacy Maximilian Blochberger How to prevent cryptographic pitfalls by design February 3, 2019

  2. How to prevent cryptographic pitfalls by design Goal Raise awareness of cryptographic misuse Disclaimer Project pitch: iOS & macOS framework Don’t panic! Scenario Developer that values privacy intents to add encryption Task : Encrypt a string Android, Java Cryptographic Extensions (JCE), Bouncy Castle February 3, 2019 | Maximilian Blochberger 2

  3. Solution February 3, 2019 | Maximilian Blochberger 3

  4. Solution February 3, 2019 | Maximilian Blochberger 4

  5. Typing? Insecure defaults Obscure choices Insecure key derivation ”AES” , ”DES” , ”RSA” , ”RC2” , … Static parameters Outdated algorithms Not IND-CPA secure Not authenticated Keys, Nonces/IVs, Seeds, Passwords, … SHA1, MD5, DES, … IIII IIII III IIII I IIII II I II IIII III SecureRandom sr = SecureRandom.getInstance( ”SHA1PRNG” ); SecretKeySpec skeySpec = new SecretKeySpec(raw, ”AES” ); Cipher cipher = Cipher.getInstance( ”AES” ); cipher.init(Cipher.ENCRYPT_MODE, skeySpec); byte [] encrypted = cipher.doFinal(clear); return encrypted; } byte [] keyStart = ”this is a key” .getBytes(); KeyGenerator kgen = KeyGenerator.getInstance( ”AES” ); byte [] decryptedData = decrypt(key,encryptedData); https://commons.wikimedia.org/w/index.php?title=File:Tux_ecb.jpg&oldid=109528640 kgen.init(128, sr); // 192 and 256 bits may not be available ”AES/ ECB /PKCS5PADDING” ”AES/ECB/PKCS5PADDING” SecretKey skey = kgen.generateKey(); byte [] key = skey.getEncoded(); ¯\_( ツ )_/¯ private static byte [] encrypt( byte [] raw, byte [] clear) throws Exception { byte [] encryptedData = encrypt(key,b); sr.setSeed(keyStart); What could possibly go wrong? Code taken from https://stackoverflow.com/a/6788456/5082444 February 3, 2019 | Maximilian Blochberger 5

  6. Insecure defaults Obscure choices Insecure key derivation ”AES” , ”DES” , ”RSA” , ”RC2” , … Static parameters Outdated algorithms Not IND-CPA secure Not authenticated Keys, Nonces/IVs, Seeds, Passwords, … SHA1, MD5, DES, … II IIII I IIII IIII III IIII III IIII II SecureRandom sr = SecureRandom.getInstance( ”SHA1PRNG” ); SecretKeySpec skeySpec = new SecretKeySpec(raw, ”AES” ); Cipher cipher = Cipher.getInstance( ”AES” ); cipher.init(Cipher.ENCRYPT_MODE, skeySpec); byte [] encrypted = cipher.doFinal(clear); return encrypted; } byte [] keyStart = ”this is a key” .getBytes(); KeyGenerator kgen = KeyGenerator.getInstance( ”AES” ); byte [] decryptedData = decrypt(key,encryptedData); https://commons.wikimedia.org/w/index.php?title=File:Tux_ecb.jpg&oldid=109528640 ”AES/ECB/PKCS5PADDING” sr.setSeed(keyStart); kgen.init(128, sr); // 192 and 256 bits may not be available ¯\_( ツ )_/¯ private static byte [] encrypt( byte [] raw, byte [] clear) throws Exception { SecretKey skey = kgen.generateKey(); byte [] key = skey.getEncoded(); byte [] encryptedData = encrypt(key,b); ”AES/ ECB /PKCS5PADDING” What could possibly go wrong? Typing? I Code taken from https://stackoverflow.com/a/6788456/5082444 February 3, 2019 | Maximilian Blochberger 5

  7. Typing? Insecure defaults Insecure key derivation Static parameters Outdated algorithms Not IND-CPA secure Not authenticated Keys, Nonces/IVs, Seeds, Passwords, … SHA1, MD5, DES, … IIII I IIII IIII III IIII II IIII III I ”AES/ ECB /PKCS5PADDING” SecretKeySpec skeySpec = new SecretKeySpec(raw, ”AES” ); Cipher cipher = Cipher.getInstance( ”AES” ); cipher.init(Cipher.ENCRYPT_MODE, skeySpec); byte [] encrypted = cipher.doFinal(clear); return encrypted; } byte [] keyStart = ”this is a key” .getBytes(); KeyGenerator kgen = KeyGenerator.getInstance( ”AES” ); byte [] encryptedData = encrypt(key,b); byte [] decryptedData = decrypt(key,encryptedData); SecureRandom sr = SecureRandom.getInstance( ”SHA1PRNG” ); sr.setSeed(keyStart); ¯\_( ツ )_/¯ private static byte [] encrypt( byte [] raw, byte [] clear) throws Exception { kgen.init(128, sr); // 192 and 256 bits may not be available https://commons.wikimedia.org/w/index.php?title=File:Tux_ecb.jpg&oldid=109528640 SecretKey skey = kgen.generateKey(); byte [] key = skey.getEncoded(); ”AES/ECB/PKCS5PADDING” What could possibly go wrong? Obscure choices ”AES” , ”DES” , ”RSA” , ”RC2” , … II Code taken from https://stackoverflow.com/a/6788456/5082444 February 3, 2019 | Maximilian Blochberger 5

  8. Typing? Obscure choices Insecure key derivation ”AES” , ”DES” , ”RSA” , ”RC2” , … Static parameters Outdated algorithms Not IND-CPA secure Not authenticated Keys, Nonces/IVs, Seeds, Passwords, … SHA1, MD5, DES, … II IIII I IIII IIII IIII III I IIII II SecureRandom sr = SecureRandom.getInstance( ”SHA1PRNG” ); SecretKeySpec skeySpec = new SecretKeySpec(raw, ”AES” ); Cipher cipher = Cipher.getInstance( ”AES” ); cipher.init(Cipher.ENCRYPT_MODE, skeySpec); byte [] encrypted = cipher.doFinal(clear); return encrypted; } byte [] keyStart = ”this is a key” .getBytes(); KeyGenerator kgen = KeyGenerator.getInstance( ”AES” ); byte [] decryptedData = decrypt(key,encryptedData); byte [] encryptedData = encrypt(key,b); ”AES/ECB/PKCS5PADDING” sr.setSeed(keyStart); https://commons.wikimedia.org/w/index.php?title=File:Tux_ecb.jpg&oldid=109528640 ¯\_( ツ )_/¯ private static byte [] encrypt( byte [] raw, byte [] clear) throws Exception { kgen.init(128, sr); // 192 and 256 bits may not be available SecretKey skey = kgen.generateKey(); byte [] key = skey.getEncoded(); ”AES/ ECB /PKCS5PADDING” What could possibly go wrong? Insecure defaults III Code taken from https://stackoverflow.com/a/6788456/5082444 February 3, 2019 | Maximilian Blochberger 5

  9. Typing? Obscure choices Insecure key derivation ”AES” , ”DES” , ”RSA” , ”RC2” , … Static parameters Outdated algorithms Not IND-CPA secure Not authenticated Keys, Nonces/IVs, Seeds, Passwords, … SHA1, MD5, DES, … II IIII I IIII IIII IIII III I IIII II SecureRandom sr = SecureRandom.getInstance( ”SHA1PRNG” ); SecretKeySpec skeySpec = new SecretKeySpec(raw, ”AES” ); Cipher cipher = Cipher.getInstance( ”AES” ); cipher.init(Cipher.ENCRYPT_MODE, skeySpec); byte [] encrypted = cipher.doFinal(clear); return encrypted; } byte [] keyStart = ”this is a key” .getBytes(); KeyGenerator kgen = KeyGenerator.getInstance( ”AES” ); byte [] decryptedData = decrypt(key,encryptedData); byte [] encryptedData = encrypt(key,b); ”AES/ECB/PKCS5PADDING” sr.setSeed(keyStart); https://commons.wikimedia.org/w/index.php?title=File:Tux_ecb.jpg&oldid=109528640 ¯\_( ツ )_/¯ private static byte [] encrypt( byte [] raw, byte [] clear) throws Exception { kgen.init(128, sr); // 192 and 256 bits may not be available SecretKey skey = kgen.generateKey(); byte [] key = skey.getEncoded(); ”AES/ ECB /PKCS5PADDING” What could possibly go wrong? Insecure defaults III Code taken from https://stackoverflow.com/a/6788456/5082444 February 3, 2019 | Maximilian Blochberger 5

  10. Typing? Insecure defaults Obscure choices Insecure key derivation ”AES” , ”DES” , ”RSA” , ”RC2” , … Outdated algorithms Not IND-CPA secure Not authenticated SHA1, MD5, DES, … IIII I IIII IIII III III IIII II II I ”AES/ ECB /PKCS5PADDING” SecretKeySpec skeySpec = new SecretKeySpec(raw, ”AES” ); Cipher cipher = Cipher.getInstance( ”AES” ); cipher.init(Cipher.ENCRYPT_MODE, skeySpec); byte [] encrypted = cipher.doFinal(clear); return encrypted; } byte [] keyStart = ”this is a key” .getBytes(); https://commons.wikimedia.org/w/index.php?title=File:Tux_ecb.jpg&oldid=109528640 byte [] encryptedData = encrypt(key,b); byte [] decryptedData = decrypt(key,encryptedData); KeyGenerator kgen = KeyGenerator.getInstance( ”AES” ); SecureRandom sr = SecureRandom.getInstance( ”SHA1PRNG” ); ¯\_( ツ )_/¯ private static byte [] encrypt( byte [] raw, byte [] clear) throws Exception { sr.setSeed(keyStart); kgen.init(128, sr); // 192 and 256 bits may not be available SecretKey skey = kgen.generateKey(); byte [] key = skey.getEncoded(); ”AES/ECB/PKCS5PADDING” What could possibly go wrong? Static parameters Keys, Nonces/IVs, Seeds, Passwords, … IIII Code taken from https://stackoverflow.com/a/6788456/5082444 February 3, 2019 | Maximilian Blochberger 5

Recommend


More recommend