CWS - Cryptographic Web Store

we are only in the middle of a war ongoing war it's not a traditional one with bunch of soldiers running around and shooting at each other it's cyber everything is slowly online countries are attacking each other constantly it's kind of a cheap way of fighting a war because on one hand they can do a lot of damage just look at Russia recently trying to attacked you as an amateur nets and at the same time they're sending a smile in happiness and in sentencing you're not doing any think we're just nice guys trust us well it's a little hard to trust countries who are acting like that but that's just to territory regimes we also have the other

countries we consider more local and they also fighting these wars and for their prepare purpose they are also using a lot of legal information so we have the United States they are the good guys according to themselves and they have a ton of laws added we have the fighter which is fairly infamous basically just says we just want to read data from everybody else because everybody else is potentially doing something bad against us where thousand nine eleven after 9/11 they found another one to pay for that and now this year they just completed the cloud Act which seems to be the most bad of them all because it just says we don't give it your data is ours period

so what happens well in 2000 he you and us tried to put together something they had this thing called safe harbor cool we trust each other then something happened in 2013 dude call Snowden here Azim and we suddenly find out that it was not the case so 2015 European Court justice simply just threw away the entire things thing nope not allowed anymore panic politicians and panic they quickly tried to hash something together called the pricey shield and it was basically more the same thing but at least now in a couple of weeks the general data protection regulation depr is going to go live it has had an incubation time of finger roughly 18 months or so for companies to adjust to

it and let's see now we're gonna have us on one hand saying all your data is ours in there for us on one hand saying all the data is out and EU and the other thing we want to protect the data we want protect citizens that's going to be a funny battle so by popcorns and beers and watch from the sideline some two biggest cloud providers we have in the world its Microsoft we have Amazon we have IBM this little box here is from SETI net from February where they're kind of listing the biggest when it comes to money a lot of big companies of they might recognize that's also Alibaba that's Chinese and you can yeah so what

they usually offering in cloud system is a bunch of different AAS phase everything is as a service and what we can do we can go into into those two types which is called IaaS infrastructure as a service or paas platform as a service in those two we can actually add software we can't add any hardware but we can add software so as I mentioned Snowden he was selling knows all about what NSA gh HQ sorry GCHQ we're doing and it back then is sad reminded me a little bit about an old document I read many years ago when I was slightly younger by Ken Thompson wanna see guys who was helping building eunuchs he got

a Turing award and he wrote a little paper from three pages reflections on trusting trusts why basically went through some of the the simple ideas that you want to build some software and you want to add a little bit of something nasty to it so what do you do if you build a C compiler you take the C compiler you have the source code you add something that tells of this C compiler whenever it's compiling anything adds a sort of Nasaf into the button on the end of it so it's always that then you remove this piece of code from the source code and you publish the source code and see here's a compiler here's a source code

source code look all perfectly wonderful nothing there to see but when you compile it anything compiled with it always got this little block in the back appended that just does something nasty whatever it is so trusting trust we already heard that before words trust it's it's an important thing and the question is how far down the rabbit hole can we go so as already mentioned most of the clouds are American to get Alibaba but Alibaba is Chinese and I don't know how many people trust the Chinese will be doing anything oh nothing bad will our data but let's see Microsoft actually sissified I find it fantastic being in this building today Microsoft has been once a few companies who

actually stood up and did something so go Microsoft 20 years ago I wouldn't have said that but today though Microsoft I'm really curious about this result from Supreme Court in the United States which is coming in June starting about what to do about data stored in a cloud or page on some servers and I which the United States would like to get the hands on it's got to be interesting so what can we actually do well as a start of ensuring we have a high for IAS and pas as to potential cloud systems we can work with because we run our own software we can't use our own opera unless we also go into an

actual hosting company but if you just focus in clouds not possible encryption is everybody's solution for everything but encryption is just a technology and a technology used wrong and go wrong you have to put it in right so you need to ask yourself some questions where you want to add cryptography which layers not about managing the keys so without further ado let's introduce the thing I started working on 18 months ago cryptographic webstore or C we yes focus should be purely on data collaboration sure a secure way for people to exchange data which is stored in a cloud or on a hosting provider somewhere so instead of focusing on we want to know a lot of

things I'm just trying to narrow it down to one little thing bytes don't care about anything else but bytes we just something comes in we encrypt it we store it someone else can decrypt it if they allow and they can get it back we do not care about what's in it that's not the main target of this system the system should also be something integrate into existing applications into mobile apps you should be able to just take it it's an open source so you can just take it download it and just build your own system around it or directly embedded if you like but main point is simple API public API and make sure that it's something that is

completely versatile so you can do aspects you need to and of course open source you have to put the trust somewhere and open sources at least a basis and since I'm not one building the system and giving it to it unless you ask me to you can trust me oh I'll use a hope so one of the core concepts is this thing I mean I am calling circles of trust when you want multiple people to exchange information together you want them to be able to control who can access who may write something who can add people to this trusting circle and you also want to be able to remove them again because if you're looking at a

company you have someone started working for you they become a trustee they leave you're removing them they're no longer a trustee so this brings a couple of interesting questions regarding how to manage the keys the current the actual call part of the information which the system is supposed to hold dear in here this is where I'm using the same techniques as in critical privacy the new privacy got meaning if a person has an asymmetric key consisting of a public and private key I'm storing the private key encrypted just a bit sure and every serving of trust has its own symmetric key so each trustee has a copy of the symmetric key which they which is

encrypted using the public key and when they want to access it they have the private key whereby they can open it and extract all the information which is inside the circle or add data do whatever they have to so I think for a local focus on server side because if you want to make sure you want you can remove a person from the system you also have to say yeah how can we make sure it's really done properly and if they has a key on the smartphone on the home computer how can I remove it I can't so service Ike I'm sorry to say but it's just a solution that works when you do it like that the technologies is

build around is primarily Java based on Java 8 using Java EE 7 as basis for all the front-end pot means you do the soap and rest 80 eyes and it's also used for the database path so it's an abstraction layer that's present it also means that the entire system is really you know a complete system built with all bells and whistles have added to it is around 160 Kate so it's not really a huge thing today's world it's based on Java primarily because well have done Java for many years have really liked a technology and server-side Java has not really had that many really terrible security flaws most people think Java is a terrible nightmare is usually looking

at things on the front-end GUI desktops browsers so for those um I hope you will trust me when I say that part is not something I've used just using the core backing path which is actually quite good also because the jcd this German cryptography extension is really a solid piece of technology which also allows that you can replace the implementation it's just an API the entire system is stateless meaning you can deploy it on several servers but doesn't they don't do any communication with each other if you do suddenly you and have a lot of memory keys in memory you have to swap them over and it brings up no safe let's keep it simple

and finally there's no third party it Pence's almost all security problems you're seeing is always because someone has have includes some kind of dependency from from somewhere and you end up with a system that has a lot of float in it because you just thought how cool feature somewhere you just want to use it yeah good software out there cooler features but also detention threats so only Java nothing else Stein Leggero should mention no third-party dependencies so these security features added we have this fantastic algorithm called a PB k d if and it's version two that's currently most used it's a way to take a passphrase password stretch it and generate a symmetric key based on

using this I'm allowed to go in and unlock the private key for a person thereby suddenly granting access to everything internally so that's what I'm using for people to lock in all keys are encrypted well not the public key from the asymmetric key that's not encrypted that kind of would go against a purpose and by default first time someone installs the system I have an admin account for the administered past there's no password set for it because one of the things I always remember reading about is oh my god the default password in this thing has been not been updated and a lot of people are misusing it so Hopper would just change it around

the person and set some system sets a password that way I have no idea about it nobody else knows about it except that administrator I need to pick or cheap sorry she can pick any password preferred since it may be a system that can be used in environments where you may not trust things for example a journalist travels around a lot go to unsaved countries and they have a lot of things on the phones so you if you have access to the system on your phone and you have an account for your phone just for that phone and you have second account at home in the office and you suddenly lose your phone because well the custom

services say I just want to make sure it's ok after that do you know if you can trust it anymore nay in Veritate account basically it means everything looks like it's working correctly but the keys have just been destroyed data corruption checks I don't know how many of you are as old as I am when it comes to IT but I have been working on systems where you have something running somewhere for many years and it was never rebooted so suddenly you don't know it's app server still something we can trust it's a dis kind of corrupt or crash - when you reboot it so yeah I have experienced that and that's gonna turn into many hours of

work so I added a little sanitizing functionality enjoyed doing just say everything which has not been touched by any user or something accessing data within say six months configurable of course it's just going to be read in we're gonna make a check of the make a checksum check of it and if everything is fine cool if not we'll flag it and then it's possible for the administrators to read a list our flag files to see up over there some hats which is corrupted either we hope you have backup so you can restore it from that or you just have to live with the fact that this is encrypted and there's something wrong with the bytes and I'm terribly sorry

but that data has been lost another thing is when you are running in memory you want to make sure that your runtime environment that the data Indian memory is only there as briefly as possible the short of the time to the bed so I'm trying to also actively destroy sensitive data it's all about it uses passphrases and I also wanted to destroy the keys unfortunately I don't know it's anybody here working for horrible from Oregon hi can you please talk to Sean Mullan ask him to fix these free bucks because it's kind of annoying that your headset has a wonderful feature in the oak Cady casing destroy the key and it's not implemented yes we can I just wanted

to mention it so the API as tried to mentor and I try to work on a versatile API communication using web technologies so rest kind of like I signed up it's a XML based for the rest mainly because for all the trips are handing some of the objects can get a little bit more complex than just a simple listing of data there's more things to it documentation well the entire system should hopefully be well enough documented so people can understand it implemented use it all of it is written in Java and of course as a lot of functionality for administrating configuring the system creating or adding members to it creating circles of trust and adding removing changing

trustees information that the system administrator in the system has a special account cannot participate in a servant of trust mainly because well that could be construed as a security problem for many if you don't know if whoever is setting up the system is also adding a system administrator to all your circles of trust so anyone who has access can create circles of trust as many as I'd like add as many trustees as alike but not the system administrator since this is going to be hopefully used by companies by organizations private people creating new members is only allowed by the system traitor made it because it could be some area where as billing information or other things you wanted to control also

if you want to add a lot of people to it you wanna make sure that people don't just invite all the funny friends in and I have one little request from a potential customer that's about signatures so it's also possible sign documents and verify the signatures of these and one little curious things regarding the data that is also added something called a data type a data type is an optional information if you have a system in your building and you have disappeared interfaces for it you may not have the exact same information about how to interpretate a block of bytes coming back so the data type is just a way to say this blob of byte is supposed to be

this object and that by you can interpretate it blob of bytes can of course also be files it is anything it's up to whoever uses it so the quality of it I have tried to make sure that the system is really really well built so close 100% code coverage the exact design was ninety nine point six if you wanna note and yes a lot of these setters and getters are tested in case there's a lot of programs around who thrown about that but once you start testing everything they automatically is included so it's not like they intentionally test but automatically also tested all test is done through the public API I'm also having bills running constantly every

time was a commit that's going to a circle see I'm Travis CI and they're both running a bill to make sure that the system is always in good shape and there's a lot of static analysis running I really like synopsis Coverity it's an extremely expensive system to use for non open-source projects but the home sauce is for free and it's good sonar cloud also a really good system checks a lot of things but doesn't get as deep as Coverity I finally have co2 co2 see his mom also put it more more based on the styles of the coat so it doesn't go saggy so deep into the security problems of course with manual reviews we have a dude

called Michael who was doing a lot of code review for me and I even have in Pentos and Jennifer sitting right in front of me so who is this actually for well it is supposed to be for anybody who requires central storage of data and would like to make sure it's safe so privacy concerned individuals organizations needing to share companies needing to share data anyone so a couple of you skated you have to show what it can be used for everybody in those Rock box Dropbox has a plug-in called trip to boxes and levitate which allows the dude from a client perspective can encryption data put it into a Dropbox Center installed somewhere but Dropbox itself

is not encrypting anything it also means that you from Dropbox can create a public link to it either data until money to get it through the public API but if you really want to trust your data if it's something really sensitive Dropbox is not really the best solution so instead you can use this everything is encrypted using user credentials going down with the a symmetric and symmetric keys and it's possible to create folder structures and put data into them and here you can see data type can be a mine side if you like I don't up to you so you can if you like you can just set up your own cloud system put CVS into it and run things from there

then it's yours or you can set up a group sharing system you can set up for companies organizations up to you everything is open source no strings attached the more interesting use case is this one here when I started working this was actually what I wanted to do I had a couple of ideas for some mobile absalon's built and I needed a central source of data and it was just always a problem finding something that's encrypted hoping a story a lot of companies offer something like this but it costs so much money and you have to go and have custom build things and no no I want to have something I can use like I want to so let's take an example

if you are often going to a doctor in Denmark where I'm from they are storing a lot of information in a central place meaning you go to the doctor you get a prescription go down to a pharmacy you give your information and they pull out information from the system unfortunately it's not really encrypted it's stored somewhere and that's been a few little tiny hiccups with that Germany you kind of had the opposite thing I go to one doctor I get a prescription for something it goes another doctor and get a second prescription I don't know if these two prescriptions if there's going to be any kind of weird complications if I take both types of medicine so it's really

good if the doctors put some house talk together so we could build some kind of crypto medicine system where you come in to a doctor put your finger on top of some kind of little fingerprint reading and the receptionist open up your profile and it's drawn into system extracting all the data decrypted because you gave your fingerprint then the doctor can see it update your information save it all and then it's closed gone doctor cannot access it again then he goes to a second doctor because you had never referrals for a second or all you have to go to the pharmacy pick it up pharmacy you can read you will be a doctor note okay most of them actually

use computers data printed out but in old days it was like a guessing game but many of these places it's good if you can go in and you if you go to a second doctor it's good if you can they can somehow extract your profile so if you go to for an operation it might be helpful if the if the doctors at the hospital can see that you might have some medical issues regarding heart problems blood pressure and stuff like that I have an entire family work in a medical sector in Denmark so anyway that's just an example of how it can be used and thing all my mentoring and we are the company I'm working with is I

want to make integration that's sis lab and they actually want to build some kind of things with clone just to see that they have there's an actual real-life usage of this system somewhere another thing I already mention it journalist so I mean journalist is a Fourth Estate it's like we really have to take care of them they travel around and do a lot of taking a lot of things and they get into trouble someplace because they are working with whistleblowers or sources that they shouldn't have access to so we have to do something about these journalists and the suggestion would be to work on a journalist app with a blow app color would you like

away for a we supposed to contact a person let's take an example you have a janitor working at rub towel the janitor suddenly finds stacked pictures lying somewhere after they were sweeping around with Putin on them and Trump doing things let's just say we should not know about however someone may want to know about it so how can that person suddenly get that information out you have Russian one hand you know that they how they treat former agents of our country likes that was funny not you have America who is the good guys who of course never have done anything bad to people who try to show information you have of course online systems like WikiLeaks

where you can also say we want to push on all data there but Julian Assange is stuck some wine and in Ecuador in an embassy in London and whoever visits him is filmed by about 10 different journalists at the same time so we cannot really trust him either so what can we do so just build a journalist app for whistleblowers you set up as a journalist I see we as instance somewhere you add to whistle blow up an invitation so the whistle blow doesn't give a lot of information you just hear some kind of contact information you use that set up an invitation keep it through a different channel to journalism journalist art to whistleblower and whistleblower condemns

by him or herself access the system and thereby you can start sharing data that's all encrypted so hopefully it might be enough to to hide your tracks especially to combine with something like to Sony you have a really hard set of security build up around your exchange data so I was one case we can also take in more exotic use case like crypto Chet I don't know if anybody here familiar with signal okay that was a report a few months ago the signal had a vulnerability which was that all the keys all the information stored client-side meaning if you have a group set up and you want to kick out a person well that person has a phone with the

app was the ID of the group you're in on the key and you have everything and that's actually a hole in the system so it's possible via the APR to get in and reattach yourself to that proved not good so I saw them entering early on that once a key feature Singh in CVS is the key management part wet put everything server-side if you combine client-side and server-side them have doubled encryption if you're kicked out and even though we still have access to the keys in terrific client-side if you kicked out from a server also you cannot access that data anymore you don't have access to that key you only have the one half not the - huh both halves can't get

banging so it was just an example of trying to introduce crypto chat cool unfortunate free mail already exists so I can recommend that another exotic use case correctable we all heard about Cambridge analytic and Facebook having a little yeah playing around user data in ways that users really don't like unfortunately this kind of like got completely obsolete this morning when I read that Mark Zuckerberg he has agreed to apply the EU GDP our rule said globally so good for Facebook let's see when it's country time and if they're gonna do it properly but if it's all true good so okay now getting into the more interesting theme troubles trouble areas I have to ask is that Thomas yeah no

he's not okay well when beside Munich announced on Twitter that I was giving the talk he wrote and I had to write wrote back the areas of concern is of course when it comes to any computer system its patches configuration make sure you have the correct setup with firewalls your network is encrypted using as a cell kind of leaves a runtime for a short moment and the real danger for most of us we have already seen a couple of talks about uses and how much we can trust the user this is actually the place where I think most hacks today that occurred through a user you can build up the most secure thing me a good

example during World War two or before World War two the Franks people a little bit afraid of a country called Germany they built a huge defense line called national line huge lines of trailer sorry train tracks going in so they could transport a munitions and troops and they moved all around those huge Finn so what they determined to when they want to attack France that who cares we don't want to go through that we just go around classic thing real danger is users you can say you can build as many firewalls as many things you can do but it in it boils down to users so we can passional systems we can make sure we have everything running

perfectly fine firewalls with networks completely secure secure there is one area where I will say it's a little hard to secure it that's a runtime environment the virtual machines running and that's where I come back to this discussion of reflecting reflections of trusting trust how deep down the rabbit hole do we have to go if you want to build something highly secure and you want to use a public cloud you can't you don't know anything about the specs how they're running you don't know anything about the hack where they running on you cannot add your own hardware you have to trust what's there it pulses it you have to trust it if you don't trust it don't use a public cloud

set up your own server somewhere you can go to a hosting provider saying okay we're gonna have own service installed here that's a huge rank hopefully don't they don't have a copy of the key for that Frank how deep down the rabbit hole do we have to go for small organizations they can't afford having something hosted in a hosting center that costs a lot of money you can maybe go to a hosting provider and say I want to rent a server you can do that because 10 50 euro a month it's fine those organizations kind of all-time but you have to put your trust somewhere and for this system I built I just had to

say ok this is the point where I have to apply a trust I trust that the administrators at Amazon Google whoever is running this system that they do not screw up with the runtime environment they don't go in and keep many memory dumps or whatever to read all the keys out or the unencrypted information that's the place where I had to put the trust here so for Thomas who unfortunately is not present so I can't say to him directly this is the area where it is not possible to add a lot of trust if you want to do it you have to go into the pathway I'm I'm talking about earlier way to use different desi implementations so

here under HSMs hot red cryptography so future plans generally support for more JT implementations we want to have someone implant implementing the system we also want to add something ourselves me and Joffrey other people integrating it into other application would be cool but we don't have all those applications on one else hopefully has areas where they want to use it and one of the other things we are considering for a next version is copy and moving so you can copy move data between circles changing the keys using a rekey feature so if you say your data is kind of like mmm we want to change all these frequently you can do it on a master key master key is

in progress I have not completed it yet but it's also something that's going to be added so as possible to have master key plus a user key so both have to work otherwise forget about it and any other features someone else may withdraw so from Sisler alex friend of mine you want to integrate it and also make sure wheels can provide some kind of commercial support if people want to use it and buy it and basically just from you guys I hope that you will help spread the word about the system is an open-source volunteer system it's try to build to protect data and improve security it's not perfect I'm sorry but hopefully it will make sure our data is

a little bit more safe thank you [Applause]

sorry yeah I mean the call of the system was it's a back-end component you deploy and use as part of other applications which base it just another layer in your stack so you come in potato okay you can it's up to you as a customer usually I'm not sure get your point here

to trust Google Santa Clara commencement of the keys here why should you this system here is not there if you trust Google it's there if you don't trust Google you can put it into cloud if you like and you can add the security from Amazon from Google or from Oracle or whoever but they provide some kind of security features for you but then again do you know that when the German sorry the Americans the part of Justice are FBI CIA whoever comes over and say we won't see the data can you trust that Google Amazon Oracle that they are not gonna hand over the keys that they're using no that's appointment so let me see if I

can understand okay I see it is a problem some companies really are organization three who want to use cloud for everything it's like a huge new thing everybody has put everything in the cloud but you may have a problem you do not trust those clouds because the key management they are offering it's not something that you like this is just gonna add one more layer of security to it so if the management of the the way they manage their own keys doesn't really live up to the EU regulations well what do you do this little system here is only there to add one more layer it's not there to provide perfect security is just how to try to provide

one more layer of security let's answer your question okay I suggest we wrap up because we have a target 1210 it's not being reported want to have time to catch on the other the other talk

[Applause]