SlideShare una empresa de Scribd logo

End-to-End Encryption Methods for Apps

J
Jeff Lambert

In today's internet connected environment protection from hackers when developing a distributed or internet connected application is crucial. This talk will discuss the options available to us as developers for encrypting the traffic between the nodes of our distributed applications to insure that even intercepted messages are un-readable, and un-encryptable by an adversary. To achieve this we will use one-time and self-destructible private keys, along with dispensable, one-use secrets to generate our encrypted message. We will then learn how to structure our message for transmission to insure it is decryptable by the receiving party, with little risk of being compromised during transmission. To end, we will learn how to decrypt the messages received "on the fly", using only the supplied crypted message itself. This talk is aimed at mid-level Python users but is understandable by beginners.

Presentaciones y charlas públicas
1 de 54
Descargar para leer sin conexión
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru Hi, I'm Jeff
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru The need for applications to speak in encrypted messages is no longer an after-thought it is a requirement
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru What is End-to-End Encryption?
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru A method of communicating where only the authorized users can read the messages
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru This method is used by apps like WhatsApp & Signal
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru It prevents man-in-the-middle attacks
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru If done right, you need physical access to read the communications
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru Even if an ISP is asked to supply a customers communications, it will only appear as..
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru The recent WikiLeaks show that even.. The CIA could not break End-to-End Encryption
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru They had to create malware that “uses” the app on your phone in order to read the messages. Or Keyloggers that capture the message as you enter it into the program before it is encrypted
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru So how do we implement this?
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru We want our system to be as secure as possible
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru We don't want to store our keys somewhere they can be hacked/stolen. They need to be generated and one-time use only.
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru Give Me Your Keys!!!
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru What Keys?
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru When encrypting our messages, we also don't want to know the password. They need to be generated and one-time use only.
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru We want to use the strongest encryption available
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru Not SHA-1 ;) Thanks Google!
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru We want to sign our message so we know it was not tampered with during transit.
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru We don't want someone monitoring our network traffic to easily recognize the format of our messages. The structure should be random.
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru What are some of options we have?
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru Option 01: JSON Web Tokens
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru Output: Our Code:
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru The Benefits
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru Our payload is encrypted into a small packet
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru We can use different algorithms
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru The Problems
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru There are too many constants, even when the payload and secret are different
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru This is partly because the header contains information about what algorithm is used and the type of token So it will remain constant if these are the same
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru The separator is always a period
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru The secret is embedded into our code
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru Is there a better way?
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru Option 02: blanket
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru Output: Our Code:
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru The Benefits
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru Our outputs are more randomized than in JWT
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru The secret is generated for us and destroyed after use
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru The Problems
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru Our separator could be more random It is currently a random three digit number
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru The message size is much bigger vs
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru The Differences
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru JWT blanket
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru In JSON Web Tokens (JWT) Even with a new secret, parts of the message structure and output are always the same
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru In blanket Our secret is random and the output is always different, even with the same input
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru Things We Can Improve
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru We can randomize the size and location of the separator to further disguise the structure of our messages
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru We can use a hardware secret generator Like YubiKey or Embedded Chips
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru Over time our own sequence, even though more random, could be discovered. So we should constantly improve our own code and think of ways to break it
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru Nothing is ever “secure enough”!
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru For more information you can visit.. github.com/jpadilla/pyjwt or github.com/JeffinkoGuru/blanket
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru Thank You!
End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru Questions?

Recomendados

The strategies of password
The strategies of passwordThe strategies of password
The strategies of passwordAlimasmali3
 
WhatsApp End to End encryption
WhatsApp End to End encryptionWhatsApp End to End encryption
WhatsApp End to End encryptionVenkatesh Kariappa
 
End-to-end encryption explained
End-to-end encryption explainedEnd-to-end encryption explained
End-to-end encryption explainedTodd Merrill
 
Review on Whatsapp's End to End encryption and Facebook integration
Review on Whatsapp's End to End encryption and Facebook integrationReview on Whatsapp's End to End encryption and Facebook integration
Review on Whatsapp's End to End encryption and Facebook integrationGovindarrajan NV
 
Labmeeting - 20150211 - Novel End-to-End Voice Encryption Method in GSM System
Labmeeting - 20150211 - Novel End-to-End Voice Encryption Method in GSM SystemLabmeeting - 20150211 - Novel End-to-End Voice Encryption Method in GSM System
Labmeeting - 20150211 - Novel End-to-End Voice Encryption Method in GSM SystemSyuan Wang
 
CCNAv5 - S4: Chapter 7: Securing Site-to-site Connectivity
CCNAv5 - S4: Chapter 7: Securing Site-to-site ConnectivityCCNAv5 - S4: Chapter 7: Securing Site-to-site Connectivity
CCNAv5 - S4: Chapter 7: Securing Site-to-site ConnectivityVuz Dở Hơi
 
NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...
NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...
NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...Alex Tan
 
End-to-End Encryption for Credit Card Processing
End-to-End Encryption for Credit Card ProcessingEnd-to-End Encryption for Credit Card Processing
End-to-End Encryption for Credit Card ProcessingLennon808
 

Recomendados

The strategies of password
The strategies of passwordThe strategies of password
The strategies of passwordAlimasmali3
 
WhatsApp End to End encryption
WhatsApp End to End encryptionWhatsApp End to End encryption
WhatsApp End to End encryptionVenkatesh Kariappa
 
End-to-end encryption explained
End-to-end encryption explainedEnd-to-end encryption explained
End-to-end encryption explainedTodd Merrill
 
Review on Whatsapp's End to End encryption and Facebook integration
Review on Whatsapp's End to End encryption and Facebook integrationReview on Whatsapp's End to End encryption and Facebook integration
Review on Whatsapp's End to End encryption and Facebook integrationGovindarrajan NV
 
Labmeeting - 20150211 - Novel End-to-End Voice Encryption Method in GSM System
Labmeeting - 20150211 - Novel End-to-End Voice Encryption Method in GSM SystemLabmeeting - 20150211 - Novel End-to-End Voice Encryption Method in GSM System
Labmeeting - 20150211 - Novel End-to-End Voice Encryption Method in GSM SystemSyuan Wang
 
CCNAv5 - S4: Chapter 7: Securing Site-to-site Connectivity
CCNAv5 - S4: Chapter 7: Securing Site-to-site ConnectivityCCNAv5 - S4: Chapter 7: Securing Site-to-site Connectivity
CCNAv5 - S4: Chapter 7: Securing Site-to-site ConnectivityVuz Dở Hơi
 
NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...
NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...
NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...Alex Tan
 
End-to-End Encryption for Credit Card Processing
End-to-End Encryption for Credit Card ProcessingEnd-to-End Encryption for Credit Card Processing
End-to-End Encryption for Credit Card ProcessingLennon808
 
Privacy is a UX problem (David Dahl)
Privacy is a UX problem (David Dahl)Privacy is a UX problem (David Dahl)
Privacy is a UX problem (David Dahl)Future Insights
 
digiCRYPT_ENG
digiCRYPT_ENGdigiCRYPT_ENG
digiCRYPT_ENGAkihiro Ota
 
Discourage hackers using the ecc 521 system
Discourage hackers using the ecc 521 systemDiscourage hackers using the ecc 521 system
Discourage hackers using the ecc 521 systemGlobal Secured - Reclaim Your Privacy - Gsecc
 
PBU-Intro_to_PGP
PBU-Intro_to_PGPPBU-Intro_to_PGP
PBU-Intro_to_PGPauremoser
 
ChatCrypt
ChatCryptChatCrypt
ChatCryptManinda Edirisooriya
 
Migrating PGP to the Cloud
Migrating PGP to the CloudMigrating PGP to the Cloud
Migrating PGP to the CloudEchoworx
 
Safer Online Communication
Safer Online CommunicationSafer Online Communication
Safer Online CommunicationMaja Kraljič
 
IRJET - Secure Banking Application with Image and GPS Location
IRJET - Secure Banking Application with Image and GPS LocationIRJET - Secure Banking Application with Image and GPS Location
IRJET - Secure Banking Application with Image and GPS LocationIRJET Journal
 
EDU 01SEMINAR.pdf
EDU 01SEMINAR.pdfEDU 01SEMINAR.pdf
EDU 01SEMINAR.pdfJihithaJP
 
Arbina project
Arbina projectArbina project
Arbina projectArbinaSulthana15
 
Secured key distribution techniques in wireless sensor networks 150429171406
Secured key distribution techniques in wireless sensor networks 150429171406Secured key distribution techniques in wireless sensor networks 150429171406
Secured key distribution techniques in wireless sensor networks 150429171406pradip patel
 
Secured key distribution techniques in wireless sensor networks 150429171406
Secured key distribution techniques in wireless sensor networks 150429171406Secured key distribution techniques in wireless sensor networks 150429171406
Secured key distribution techniques in wireless sensor networks 150429171406pradip patel
 
LoginCat from TekMonks
LoginCat from TekMonksLoginCat from TekMonks
LoginCat from TekMonksRohit Kapoor
 
C0210014017
C0210014017C0210014017
C0210014017researchinventy
 
ITT 2015 - Simon Tennant - Your App Just Got Social: Adding Messaging to Your...
ITT 2015 - Simon Tennant - Your App Just Got Social: Adding Messaging to Your...ITT 2015 - Simon Tennant - Your App Just Got Social: Adding Messaging to Your...
ITT 2015 - Simon Tennant - Your App Just Got Social: Adding Messaging to Your...Istanbul Tech Talks
 
Secure Channels Presentation
Secure Channels PresentationSecure Channels Presentation
Secure Channels PresentationRichard Blech
 
PGP.ppt
PGP.pptPGP.ppt
PGP.pptssuserec53e73
 
1.pdf
1.pdf1.pdf
1.pdfssusere02009
 
THUMBS ON – ACCESS ALL YOUR ACCOUNTS SAME WAY, SAFEST WAY
THUMBS ON – ACCESS ALL YOUR ACCOUNTS SAME WAY, SAFEST WAYTHUMBS ON – ACCESS ALL YOUR ACCOUNTS SAME WAY, SAFEST WAY
THUMBS ON – ACCESS ALL YOUR ACCOUNTS SAME WAY, SAFEST WAYrccglp25giictwin
 
Opass
OpassOpass
OpassMigrant Systems
 
Air breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsAir breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsaqsarehman5055
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubssamaasim06
 

Más contenido relacionado

Similar a End-to-End Encryption Methods for Apps

Privacy is a UX problem (David Dahl)
Privacy is a UX problem (David Dahl)Privacy is a UX problem (David Dahl)
Privacy is a UX problem (David Dahl)Future Insights
 
PBU-Intro_to_PGP
PBU-Intro_to_PGPPBU-Intro_to_PGP
PBU-Intro_to_PGPauremoser
 
Migrating PGP to the Cloud
Migrating PGP to the CloudMigrating PGP to the Cloud
Migrating PGP to the CloudEchoworx
 
Safer Online Communication
Safer Online CommunicationSafer Online Communication
Safer Online CommunicationMaja Kraljič
 
IRJET - Secure Banking Application with Image and GPS Location
IRJET - Secure Banking Application with Image and GPS LocationIRJET - Secure Banking Application with Image and GPS Location
IRJET - Secure Banking Application with Image and GPS LocationIRJET Journal
 
EDU 01SEMINAR.pdf
EDU 01SEMINAR.pdfEDU 01SEMINAR.pdf
EDU 01SEMINAR.pdfJihithaJP
 
Secured key distribution techniques in wireless sensor networks 150429171406
Secured key distribution techniques in wireless sensor networks 150429171406Secured key distribution techniques in wireless sensor networks 150429171406
Secured key distribution techniques in wireless sensor networks 150429171406pradip patel
 
Secured key distribution techniques in wireless sensor networks 150429171406
Secured key distribution techniques in wireless sensor networks 150429171406Secured key distribution techniques in wireless sensor networks 150429171406
Secured key distribution techniques in wireless sensor networks 150429171406pradip patel
 
LoginCat from TekMonks
LoginCat from TekMonksLoginCat from TekMonks
LoginCat from TekMonksRohit Kapoor
 
ITT 2015 - Simon Tennant - Your App Just Got Social: Adding Messaging to Your...
ITT 2015 - Simon Tennant - Your App Just Got Social: Adding Messaging to Your...ITT 2015 - Simon Tennant - Your App Just Got Social: Adding Messaging to Your...
ITT 2015 - Simon Tennant - Your App Just Got Social: Adding Messaging to Your...Istanbul Tech Talks
 
Secure Channels Presentation
Secure Channels PresentationSecure Channels Presentation
Secure Channels PresentationRichard Blech
 
THUMBS ON – ACCESS ALL YOUR ACCOUNTS SAME WAY, SAFEST WAY
THUMBS ON – ACCESS ALL YOUR ACCOUNTS SAME WAY, SAFEST WAYTHUMBS ON – ACCESS ALL YOUR ACCOUNTS SAME WAY, SAFEST WAY
THUMBS ON – ACCESS ALL YOUR ACCOUNTS SAME WAY, SAFEST WAYrccglp25giictwin
 

Similar a End-to-End Encryption Methods for Apps (20)

Privacy is a UX problem (David Dahl)
Privacy is a UX problem (David Dahl)Privacy is a UX problem (David Dahl)
Privacy is a UX problem (David Dahl)
 
digiCRYPT_ENG
digiCRYPT_ENGdigiCRYPT_ENG
digiCRYPT_ENG
 
Discourage hackers using the ecc 521 system
Discourage hackers using the ecc 521 systemDiscourage hackers using the ecc 521 system
Discourage hackers using the ecc 521 system
 
PBU-Intro_to_PGP
PBU-Intro_to_PGPPBU-Intro_to_PGP
PBU-Intro_to_PGP
 
ChatCrypt
ChatCryptChatCrypt
ChatCrypt
 
Migrating PGP to the Cloud
Migrating PGP to the CloudMigrating PGP to the Cloud
Migrating PGP to the Cloud
 
Safer Online Communication
Safer Online CommunicationSafer Online Communication
Safer Online Communication
 
IRJET - Secure Banking Application with Image and GPS Location
IRJET - Secure Banking Application with Image and GPS LocationIRJET - Secure Banking Application with Image and GPS Location
IRJET - Secure Banking Application with Image and GPS Location
 
EDU 01SEMINAR.pdf
EDU 01SEMINAR.pdfEDU 01SEMINAR.pdf
EDU 01SEMINAR.pdf
 
Arbina project
Arbina projectArbina project
Arbina project
 
Secured key distribution techniques in wireless sensor networks 150429171406
Secured key distribution techniques in wireless sensor networks 150429171406Secured key distribution techniques in wireless sensor networks 150429171406
Secured key distribution techniques in wireless sensor networks 150429171406
 
Secured key distribution techniques in wireless sensor networks 150429171406
Secured key distribution techniques in wireless sensor networks 150429171406Secured key distribution techniques in wireless sensor networks 150429171406
Secured key distribution techniques in wireless sensor networks 150429171406
 
LoginCat from TekMonks
LoginCat from TekMonksLoginCat from TekMonks
LoginCat from TekMonks
 
C0210014017
C0210014017C0210014017
C0210014017
 
ITT 2015 - Simon Tennant - Your App Just Got Social: Adding Messaging to Your...
ITT 2015 - Simon Tennant - Your App Just Got Social: Adding Messaging to Your...ITT 2015 - Simon Tennant - Your App Just Got Social: Adding Messaging to Your...
ITT 2015 - Simon Tennant - Your App Just Got Social: Adding Messaging to Your...
 
Secure Channels Presentation
Secure Channels PresentationSecure Channels Presentation
Secure Channels Presentation
 
PGP.ppt
PGP.pptPGP.ppt
PGP.ppt
 
1.pdf
1.pdf1.pdf
1.pdf
 
THUMBS ON – ACCESS ALL YOUR ACCOUNTS SAME WAY, SAFEST WAY
THUMBS ON – ACCESS ALL YOUR ACCOUNTS SAME WAY, SAFEST WAYTHUMBS ON – ACCESS ALL YOUR ACCOUNTS SAME WAY, SAFEST WAY
THUMBS ON – ACCESS ALL YOUR ACCOUNTS SAME WAY, SAFEST WAY
 
Opass
OpassOpass
Opass
 

Último

Air breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsAir breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsaqsarehman5055
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubssamaasim06
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024eCommerce Institute
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...Sheetaleventcompany
 
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxraffaeleoman
 
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, YardstickSaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, Yardsticksaastr
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar TrainingKylaCullinane
 
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesPooja Nehwal
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Vipesco
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaKayode Fayemi
 
Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Chameera Dedduwage
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Delhi Call girls
 
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfThe workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfSenaatti-kiinteistöt
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyPooja Nehwal
 
Mathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptxMathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptxMoumonDas2
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxmohammadalnahdi22
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024eCommerce Institute
 
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AITatiana Gurgel
 

Último (20)

Air breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsAir breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animals
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubs
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
 
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
 
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, YardstickSaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar Training
 
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
 
Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
 
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfThe workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
 
Mathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptxMathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptx
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024
 
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AI
 

End-to-End Encryption Methods for Apps

  • 1. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru Hi, I'm Jeff
  • 2. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru The need for applications to speak in encrypted messages is no longer an after-thought it is a requirement
  • 3. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru What is End-to-End Encryption?
  • 4. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru A method of communicating where only the authorized users can read the messages
  • 5. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru This method is used by apps like WhatsApp & Signal
  • 6. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru It prevents man-in-the-middle attacks
  • 7. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru If done right, you need physical access to read the communications
  • 8. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru Even if an ISP is asked to supply a customers communications, it will only appear as..
  • 9. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru The recent WikiLeaks show that even.. The CIA could not break End-to-End Encryption
  • 10. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru They had to create malware that “uses” the app on your phone in order to read the messages. Or Keyloggers that capture the message as you enter it into the program before it is encrypted
  • 11. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru So how do we implement this?
  • 12. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru We want our system to be as secure as possible
  • 13. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru We don't want to store our keys somewhere they can be hacked/stolen. They need to be generated and one-time use only.
  • 14. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru Give Me Your Keys!!!
  • 15. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru What Keys?
  • 16. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru When encrypting our messages, we also don't want to know the password. They need to be generated and one-time use only.
  • 17. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru We want to use the strongest encryption available
  • 18. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru Not SHA-1 ;) Thanks Google!
  • 19. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru We want to sign our message so we know it was not tampered with during transit.
  • 20. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru We don't want someone monitoring our network traffic to easily recognize the format of our messages. The structure should be random.
  • 21. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru What are some of options we have?
  • 22. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru Option 01: JSON Web Tokens
  • 23. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru Output: Our Code:
  • 24. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru The Benefits
  • 25. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru Our payload is encrypted into a small packet
  • 26. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru We can use different algorithms
  • 27. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru The Problems
  • 28. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru There are too many constants, even when the payload and secret are different
  • 29. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru
  • 30. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru This is partly because the header contains information about what algorithm is used and the type of token So it will remain constant if these are the same
  • 31. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru The separator is always a period
  • 32. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru The secret is embedded into our code
  • 33. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru Is there a better way?
  • 34. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru Option 02: blanket
  • 35. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru Output: Our Code:
  • 36. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru The Benefits
  • 37. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru Our outputs are more randomized than in JWT
  • 38. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru
  • 39. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru The secret is generated for us and destroyed after use
  • 40. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru The Problems
  • 41. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru Our separator could be more random It is currently a random three digit number
  • 42. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru The message size is much bigger vs
  • 43. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru The Differences
  • 44. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru JWT blanket
  • 45. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru In JSON Web Tokens (JWT) Even with a new secret, parts of the message structure and output are always the same
  • 46. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru In blanket Our secret is random and the output is always different, even with the same input
  • 47. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru Things We Can Improve
  • 48. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru We can randomize the size and location of the separator to further disguise the structure of our messages
  • 49. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru We can use a hardware secret generator Like YubiKey or Embedded Chips
  • 50. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru Over time our own sequence, even though more random, could be discovered. So we should constantly improve our own code and think of ways to break it
  • 51. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru Nothing is ever “secure enough”!
  • 52. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru For more information you can visit.. github.com/jpadilla/pyjwt or github.com/JeffinkoGuru/blanket
  • 53. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru Thank You!
  • 54. End-to-End Encryption in Distributed Applications @jeffinkoguru – emailme@jeffinko.guru Questions?