Allow Myself to Encrypt Myself
Show transcript [en]
it's boring topic so I'm glad that nobody came for it um and the one thing that I do I can I like to make fun of myself so it let's let's have a good time and go for it are we good on video whatever alright cool but my buddy Adrian he helps me out so my name is Evan Davison um this is kind of an update on a talk that I gave last year called dungeons dragons siege warfare and fantasy defensive depth and it really took a turn in the middle of it that had absolutely nothing to do with dungeons and dragons and we were talking about escalation of warfare so I'm going to do a real quick recap of that here at
the beginning but these are a few of my favorite things I work at a big-name vendor that you can find out I like to break stuff so if you get a chance check out my blog from time to time I have time to post of the fun stuff that I break like magic on the right one of the talks that I've got coming up in October is hacker halted in Atlanta talking about how to take over the United States emergency alert system so if you're interested in that it's rather interesting some other stuff that's coming up der beek on Scott oak on some of those other ones so what I figured we'd do is we'd start especially for
those of you that haven't weren't here last year to check out to kind of recap some of the stuff and go back in time and if the theme of Austin Powers is not you know interesting to you I guess I can try to get a little bit more animated or something new groovy baby yeah but last year we sacrifice this dude called Edmond dude and we kind of talked about how as security professionals we can deploy tons and tons of stuff and you know try to implement defensive depth and all these types of things but ultimately the failure is to recognize that information warfare is an escalating type of thing and so if we if we take into account all
these are four things that we do flick will you study the past of information warfare or the history of warfare we see that defenses are meant to be over and that there's this escalation of arms that happens and things like that and the progression of warfare for physical defensive tactics and things like that into information warfare and all that other type of stuff and so what we're really what we learned last year is that we're fighting this lesson in futility that we can't keep the bad guy out of our networks we can't keep the you know in general the internet is in a safe place anybody disagree yeah throw something back at me all right like
physically you know verbally whatever keep yourselves awake entertain yourself however you can so ultimately what the talk was about was this progression of things and so some key concepts I want to kind of key in on before we get into the absolute like mind-numbing pneus of an encryption framework that we're going to talk about here and open let's kind of get this concept so in the beginning when we first started to get into we first started to get the interwebs of sorts we wanted connectivity that was that was what everybody clamored for right you wanted access to the Internet you wanted access to the information that type of stuff and then as tom is going on it's become a little bit less
about connectivity we expect connectivity wherever we go we go to a hotel we expect their the internet we go to a you know coffee shop we expect there to be internet then it became about connectedness which is this concept of that I want my data wherever I am so I want to be on my smartphone and have the same PDF file that I have on this other devices I have another one and that everything syncs and you get into this concept of pervasive ubiquity which is kind of this next step this next evolution of of where the internet is going which devices are aware of each other and devices connect to each other just like your laptop connects and they
share bandwidth and they do all these crazy things and some of this stuff is largely a theoretical but the idea comes into that you know that devices don't have to that we're going to move away from this aspect of having connectivity that devices will become much more connected and we have this concept of like I said connectedness where things will continue to help each other out if that makes sense that your data will be all over the place and that it will exist in the cloud or wherever it is and so again why is this important so as we as we continue to move forward and as we start to see stuff we have this concept
some of these concepts I'm going to do this Mike Brown cuz I keep turning my head we have this concept of some of these things that are coming into play like software-defined networking where and an application networking where things are interacting anymore in this concept of like physical data interchange this is stuff that's happening at layers of the OSI stack that divide that regardless of where they are that device has become directly connected to each other directly aware so even between like when you think about Amazon AWS and all these other types of services you allow data to interact in a like in a memory layer right so that things are much more you know you'll have to go up and down
physical connections between servers that we can how can we virtualize this this concept so you start to get what I call like a memory hub of sorts you know like we have memories shared across anybody follow me on that big concept i don't know i'm not an expert on it some of the this is I call this my buzzword slide I guess you Internet of Things 0 infrastructure borderless networks ipv6 all these different things like the concept that they're introducing is that everything is always connected we're seeing this disintegration last year we talked about the erosion of the perimeter so this concept of a border that you can protect this concept of the defense in depth mechanism that you can
employ to keep the bad guy out that there's some delimiter or some line that you can lay out in the sand that says this is mine and that is yours is completely obscured and if it doesn't absolutely fail to exist anymore and so this this gets even further into things like when we talk about our data so we talk about where we're storing our data like iCloud the new what does it LSX I haven't played with it yet but you know its iCloud is directly integrated into it so your data is synchronized and you know you can fire up your iPad have the same documents in all these different places your services like Dropbox and so
forth you know this this line of what is the file system now is completely obscured they're not even talking about like what is it you know what is an asset and what is a physical connection between two devices you're talking about file systems now become virtually connected wherever they are and and now you have this this aspect of virtual connectedness that didn't exist before that our current defense mechanisms don't really deal with very well so let's let's take a moment to to reflect on all that and mr. bigglesworth nobody it's okay to laugh people if you don't laugh i'm going to cry adrienne will come consoled me later so last year some of these slides were from last year so
if you're if you're if you saw this presentation last year all like one and a half of you um yeah because the other one nevermind um half of me because now Amendola brain-dead um security in the current context of things equals Harding devices that end pulling products right we implement solutions we draw our boundaries around things we have our firewalls we have our IDs as we have this thing yeah you know there are more modern approaches and you're going to hear some great things if you're here for black hat Def Con all that so there's all sorts of great stuff that happens in those areas but ultimately those are stopgaps just like the concept of building a castle ultimately became
you know inferior because they realize that the resources and the assets that made the castle possible we're outside of it and if you holed up inside of it you don't really get the benefit of any more you know ultimately economically things start to fail so that was kind of a concept of last year and we talk about this like I said you're not able to draw a perimeter because the the benefits of having that perimeter ultimately undermine the the benefits of keeping things open and so this is kind of a current type of aspect of it you know we keep the bad guys out there for our data is confidential and you know we clean up
after something happens so we can kick the bad guys out but one of the concepts that was introduced last year was in and this is something that's starting to gain traction in a lot of academic circles or even even from secure us as security professionals we talk about that we're having to deal with states of continuous compromise right that that even if we get one bad guy out just another bad guy gets in or maybe we never get rid of them maybe it's just you know we don't even know that they're there whatever that may mean to you so something that's a little bit more realistic is is that security really is about minimizing data exposure so
no can I keep things into a perimeter well maybe maybe not but that may be one methodology that avoidance you know type of risk management practice that if I can encrypt my data protect my devices and prepare for an inevitable reach it's a little bit more proactive and the reality is that that that it's not a con it's not any one thing but a combination of multiple things and so what I need is something that allows me to keep that data exposure to a minimum that allows me to effectively encrypt and protect my devices and and gives me some mechanism to defend my data or defend things when the inevitable breach does happen and so
the way this kind of started out was you know just like how do we do this right like okay we're talking about a bunch of different concepts kind of strung together Evans not making any sense in the world and and that's kind of how it started last year we were looking at this and we were as we're studying the defense of networks and kind of trying to bring you guys something of meaning to talk about was what does this look like I mean how do how do we really do this how do we defend ourselves how do we create something why is what we have now not working or what does work versus what doesn't and maybe we're just are we
doing this the right way or we just doing this completely incorrectly and the answer is I have no idea you know it the answer is different for every single organization and it depends on what you're trying to defend but we we kind of looked at it at an aspect of like what do we have out there already and so one of the things that I'll kind of that we introduced last year was this concept of a introduce this concept that is completely false but borrowed this concept of for this what we're calling kind of presentation layer six and a half and I'll get into more of why it is that a minute is that security is 3d and
so we showed this this is a slide that I stole directly from last year so they had to make one lift slide save me all the five minutes but awesome because it was five minutes I needed is that I'm going to let this kind of warp your mind for a minute but that all of these things are competing with each other for security so you have you know transmission storage and processing how it is interacted with you have the the basic CIA triad of you know information security confidentiality integrity and availability and then other places where information security is implemented so you have technology and policy and process and and the human element of things and so as we last year we kind of
looked at this and said what what do we really have now if we look at the existing mechanisms that are out there two of how my data interacts or how I interact with my data what's realistic and so we've kind of got transmission covered you know we got SSL and VPNs and all these cool technologies that are out there and we've kind of got it from a technology perspective and we've that gives us some confidentiality it gives us some level of integrity of it so I'm not going to go through all the examples but you can kind of see how all these things compete with each other and so ultimately like some of those squares
could be green you know in one direction but any of the other directions can completely negate them so what what is realistic we look at this and it's like we're never how can you get this to all green because obviously humans have not yet learned how to read encrypted data and then if we did at that point if it was human readable in some way it probably would be encrypted anymore so that in the inevitable piece of this is that the the weakest point in any type of security element is the human element and there's an L we're not going to get around that so how do we get as close to this as possible is this even realistic
well you know let's let's explore it a little bit more and find out so let's let's explore encryption and technology from the perspective of the stack so we have the OSI model which is the most commonly accepted you also have the tcp/ip model which kind of lumps together applications become you know the session presentation application layer becomes the most important part of that and then you have what i call the software developer model and any software developers in the room software people suffer writers there's a few of you this is not meant to be an insult in any way shape or form but what I've kind of seen is like the pervasive piece of this is that you interact with api's and
api's allow you a simple mechanism to not have to write quite as much code and that allows you more reliable services better functioning applications and so forth but what they usually do is they provide you some level of you know these services that you can then write applications on top of so you can select your presentation layer formats whether it be a Java and other things and Java provides you with you know jboss to drop your Java applets into and that gives you web services and all those types of things and so but as we start to think about this you know and as we think about the apps that you have on your phone you're not thinking about devices
and other things that are below them anymore software developers are not thinking about those things they're trying to write code that's going to work for vae sively across all of those things they want to want to like one application that works on your iPhone that works on your laptop it works on your linux box that works on everything else and so we have this ubiquity aspect that's coming into play and how we're beginning to have this shift from how we like i said this connectedness to or connectivity to connectedness where we had to write applications in this format where they could they understood that there were services and layers below them to provide interaction with other
hosts and now we've got where applications are now interacting directly with each other because it's ubiquitous to the device and so this kind of enters into the to the viewpoint of where we're going to take the rest of the discussion which is that as devices become less and less important that I mean and that's to say that they are important but but as they become less and less of the focus where I can take my data across anything that I'm on and as I no longer care about you know how I'm accessing this data but the fact that I have access to it anybody following me here still like who's asleep awesome cool um nobody's thrown
anything yet I'm really surprised um should we come yeah um ah yeah okay I'm used to a little bit like feisty your crowd like you suck yeah where those Rockets thing I that's that provide a quick moving target yeah I gotta watch out for that one um so it looks like my slide is all jacked up on this one but nice awesome all right I'm just going to flip through this because my transitions are totally jacked up um so if we look at like encryption and how its applied back up a little bit there sweet okay so let's talk about encryption for a minute um anybody know where the encryption lies in the USA OSI
model anybody okay and I'm kind of giving away some different stuff here but but where does encryption really lie so you're seeing some some protocols and stuff there I kind of started asking this question last year of some some security practitioners and I because I honestly didn't know the answer to the question but it's like weirdoes encryption really lie because you know it's you know you hear about all these different encryption protocols and stuff like that but anybody want to take a guess what layer yeah a little bit all of them but there is a right answer because it only exists at one layer even in all of these protocols encryption the encryption application or like
encryption itself only lies it one layer sure wrong it is the presentation layer okay and why that makes perfect sense right when we start to think about it why does it exist at the presentation layer you're taking data you know clear text putting it into ciphertext and you have to render it right that's what the presentation layer is about is taking data that's in one format and putting it into another one that's readable by another application and so forth so when we look at this we talk about standards the only place that encryption is really supposed to rely is in the presentation layer that's because whatever encryption algorithm that we're using to encrypt it is a presentation layer format so you
have a ES and you know I put Phipps in here but these are about standards these are about algorithms and mechanisms to render clear text into ciphertext and back again but when we look at this we look at all this stuff and we're like wait a minute well what does that like why is later to I've got pptp and l2tp and you know layer 3 i've got IPSec and all this other type of stuff well what does that mean what means that when you interact with encryption at that layer you're really interacting it's really going up the stack and coming back down what's happening is that you know whatever vendor advice or whatever thing you have has an application that's
running in the background that's taking that data running it up the stack and bringing it back down again um so when we start to look at this stuff you know we start to you know obviously this is working right obviously these these mechanisms these implementations have never been messed with and nobody has ever pound okay and fail um so you know they've never been man in the middle they never but you know so why are these getting you know what makes these applications vulnerable like what or what makes these these these different protocols and if ur things vulnerable different things will they provide you know each of them provides their own layer of protection and each of them is used and has some
different means where it's it's the right thing to do so I probably should have put this slide before the last one but so in the OSI model encryption equals presentation if we look at the tcp/ip model encryption is in this application layer so when we talk about how developers implement it it's a little bit less clear you know cutting clear so what I'm trying to try to show you guys is that the reason that we're getting that these overall encryption is either a difficult to implement or be easy to get around or you know to attack and in many instances is because there's this challenge of like where does it really exist so in reality what we see
is instead of it existing it either one of these layers it's all over the place it's you know different ap is will provide some mechanisms for an encryption library at a different layer but what you'll ultimately find is when you get to the root of it the encryption library itself is a library that you interact then an application interacts with to render that text so it always exists at layer 6 questions you suck Evan sure I'm not I have absolutely no idea man um you know the reality is and as far as like comparing you know encryption protocols so let's let me turn that a little bit on this right so when we talk about encryption algorithms
themselves so you look at something like you'll read these headlines that say you know aes 256 compromised or something like that is it really s like so I'm going to debunk something here because in all the research that I've done over the past year I have not read anything that legitimately said that a particular encryption algorithm was compromised any means other than what it was expected to be compromised in so if you think about like aes-256 it is an encryption algorithm that's rated just like a safe is like how many hours is safe for something like that is rated in like how many hours does it take to burn through it or how many you know how
many man hours does it take to break in that's how they rate the protection mechanisms of like security gates and other things encryption is the exact same way so to say that it's unbreakable is not how it was ever intended to be stated in the first place it was about like if you have this big of the computer and you have this much time you're going to be able to brute force or get your way into this so the idea behind encryption technologies and Christian algorithms themselves is to make it so that the data is no longer valuable in the amount of time that it would take you to do it and so you implement encryption algorithms based on
the time to value of that particular piece of data or that particular piece of information and so when we look back at those previous things we can start to see why like aes-256 gets broken no like a particular implementation of it does because it fails to adequately address the security concerns or it allows some mechanism to be bypassed where ats 256 is not even entered into because if the data is in ciphertext it should theoretically take however long it takes you know whatever that algorithm is rated in to break it most of the time it's poor implementation or a Miss implementation of a particular algorithm now can't get into that that stuff is going to happen that's not really the
intent what we're going to what we're going to do is we're going to make some assumptions here we're going to we're going to trust that these algorithms are written and protect data and a manner as described and that we're going to trust that we can use them so let's kind of talk about this later so we're like I said we're going to look at this non ubiquitous layer where developers applications where the data that we we're interested in interacting with resides and we're going to look at some of the things that are in place right now to protect applications so we're kind of getting into this thing that we were talking about so we have all this
different stuff so if presentation exhibit a shin layer is where encryption exists why what's getting compromised and the reality is that we either compromise sessions where we're reading data before it's you know encrypted or we're interacting and able to forge who we are for purposes of retrieving that information or we're going to look at data you know that we're able to extract it out of you know application space memory space and things like that so if we look at we started doing some research in into the different protection mechanisms that are in place for modern operating systems and things like that so you've got things like a SLR address base layer randomization I think that's what it call se ha
certificate pinning all these different types of things that are in place for protection of applications so things like sandboxing are pretty typical in common things but all of this when they're in those in that layer when they're in the application layer they're almost always rendered in clear text right that's why I can use things like memory scrapers and you know the what is it the POS mall where and all that type of stuff to get credit card numbers and all that type of stuff out of out of memory and when it comes down through this next layer it may or may not be encrypted so when you look at like we trust ssl right ssl is a session layer
encryption mechanism so it doesn't get encrypted technically until it goes in transit so now I'm lowering that level like I'm allowing unencrypted data down into a lower level of memory space and in session space that theoretically it shouldn't go to right anybody follow me here that makes sense so then we talked about things that are at a lower level so things like user authentication user access control triple-a services like where do those things terminate well they terminate at the session layer so you can make some assumptions or you can make some comments about it I'm it's not really the point of this presentation you know there's an element of like do you trust that these things to work if
they're implemented and that type of thing you know if you properly choose these you know they provide some level of protection but ultimately the the myth of encrypted data is is that you know yeah those things if you were encrypting data in the right way and that when it went up to the next layer it was either rendered as ciphertext you know you know if it was done right if this process was followed correctly then theoretically those things you know if it was to get compromised at the session layer have been encrypted already right so a little theoretical here but we go back to that what we just talked about a second ago which was that the attacks
themselves on encryption are not coming at encryption themselves they're coming at the various mechanisms above and below the presentation layer and so ultimately the failure of this is not encryption ultimately the failure of its not the application the failure is is that everything implements it differently there is no standard for how encryption is implemented within applications or with an operating systems themselves and so we have this aspect of interpretation that can be taken so so the kind of the piece of this that we that we kind of got into was just like how can we create something that would be or how can you interact with this data in some format that would be you know a little bit more
straightforward so you got this this aspect of the session you know you got your interfaces and services web services you know Apache or whatever you're running and you have encryption libraries like said aes-256 maybe a library you have your application libraries you know your job of portlets and other things like whatever they are I'm not a developer so you know but you've got all your API level stuff that's there that makes development to provide your application to provide your service a little bit easier and then you've got things like up at the higher level layers that are you know application sandboxing for for instance here is kind of a standard deal um follow me still Evan you suck um so what
if we kind of you know took this and provided something instead of having it there what if we provided something a little bit more standard that said you know we can't block access to encryption libraries we can't block access to these different things we wouldn't necessarily want to but what if we provided a library that was standard for a particular operating system that was open source just like a lot of libraries are that allowed a means to interact in a consistent way that would mean that data coming and going from it would be encrypted the right way theoretical right what what what would this solver would this solve anything and the reality is it solves some of it most of
it maybe but about half of it you know we have to provide a means for these application for can we separate you know what's viewed by the application and/or what's viewed by the user and then what's used by the application because in most instances those are pretty different things right you know you know like in a word document the the clear text that you're talking that you know when you type your text into the word document a very only a very little bit of that is really important all the rest of its the you know the crap the formatting you know stuff that's in it and all this other types of what if I could just encrypt
that part the part that the application doesn't necessarily need to see you know for purposes of interacting with it can still do the rest of that stuff with all these other libraries and other stuff but like any time that we interact with human generated data or things like that can we provide a means to enter you know for applications to interact with in a standard way so that I can protect my information but the application can still do its job and and you know and I can protect that stuff going up and down any takers buddy all right so we still have to provide a means for some of this stuff to happen so like the library
itself can still interact with standard encryption libraries so we're not locking ourself into a particular encryption mechanism those libraries and other things continue to interact at layer 6 to do what they need to do and layer 5 can interact with you know the sessions and services and other things to create things theoretical right what if we what if what if type of scenarios but the reality is like something like this could theoretically work and it could provide some level of protection and then the application you know the six and a half application or the library itself provides data back in a standard format for you know human or interacted data or not an application interactive data that that would go back
to the app library and it would continue to get processed so preparation h a through g were total failures so we started looking around it like what's out there already what kind of provides some of the stuff and we're going to get into a handful of things and this is where if you if you're if you haven't taken your nodoz this may be a good time it's going to get a little bit more complicated from here on out so we have some of these different kind of like what's out there already and how do things interact so let's talk about first of all session layer stuff and how we identify users and how do we provide
mechanisms for secure user authentication interaction and stuff like that so we talked about the framework now we're going to kind of talk about a process framework at this point and and we're kind of jumping around here I hope it starts to make sense towards the end otherwise where those little darts looking for you so metadata or when we talk about this we've got some different standard stuff that we deal with every day is like role based authentication kind of a standard mechanism for how users are paired with data but we see that that terminates it like a session layer so the idea and like Active Directory for example is that if I'm a member of a particular group then I have
access to anything that that group has access to and it kind of doesn't take into account much of anything else so you know then we talked about like how do we some of these other aspects of things like mandatory access control like you know I can have access i can be a member of a group but if i don't have this other mandatory piece like you know secret top secret whatever then I then I can't access data up and down and so I'm not going to get into like how all this works but hopefully you kind of understand the concept some of the newer stuff that's coming out that is out there already is like attribute-based
and so when we talk about actually play some of the some of these different types of information and kind of what I kind of Drew some lines out here like metadata like where does the information for this stuff come from what are some current implementations or what are some current things you can think about like how do i get the context or how do i get information to do this type of authentication and so some of the things like attribute-based where you know we talked about like geo specific stuff that if you're in a particular location you have your allowed access to this data or whatever those types of things come into play and so these are some
technologies that aren't necessarily implemented in wide scale or maybe have some very specific uses geo fencing or something like that maybe an example so kind of think about it in that aspect this attribute based stuff you've got metadata pki stuff that trust based risk reputation type of stuff where like if I want to allow data or I want to allow authorization to access particular resources based on some type of you know interaction that I provide based on trust or repute this is very you know new stuff that's coming out and people are trying to work with a lot but like what's in the middle of all of that you know we've got this crazy then diagram
up there the make a whole lot of sense and so you know what if we kind of took some of the pieces this and said like what if we had like attribute based access control kind of combine trust and Trust based and reputation based access access control it creates this concept and something that's that we talked about I talked about very briefly in the presentation last year is this concept of a policy decision point so let's think about the policy decision point from an aspect of its it's not just managing we're no longer just managing users but we have to manage access to attribute attributes other things in data and so forth and so a policy decision point creates it's
kind of like Active Directory or like any type of directory services utility that applies policy but it's based on a larger subset of data instead of just users and groups and things like that follow me know so this is a slide from last year that I wanted to kind of skim over very quickly because I'm going to run out of time some of the concept of this ubiquitous Cod the idea to store store anywhere available everywhere what if we could you know have some of these things like trust-based repute and and other types of things multiple algorithms that the framework that's not dependent on a particular album algorithm to be successful because there are different benefits of using
different levels of algorithms based on speed or performance or whatever it may be so we can't lock that in we don't want to create anything we need to use and leverage things that are already existing out there we're not trying to create the next layer of something but we can all sit something that could take advantage of things like data tagging journaling and all this other type of stuff and support for all those different multiple access control methodologies that we talked about before so we can't lock anybody out but we want to provide a mechanism or a benefit to bringing moves think those newer protocols and technologies in sounds pretty difficult so we kind of
started looking around and said what's out there already so there's a buttload of I ETF rfcs and other things all these standards and if you think this talk is boring oh my god go read some of that stuff um but each of these kind of provides something that's a little bit different so we've got some things like these you know media type for reputation interchange geographic locate you know location area what they're talking about is providing standards for identifying how applications can standardize the presentation or standardize the we'll just call it presentation it's not necessarily a presentation layer library or anything like that but like a format of what does a Geo like a standard geo-information header look
like and stuff like that so these are things that kind of come into play if we want to try to make data to integrate some of this this data into our authentication decisions and our access decisions and our encryption decisions and all these other types of things all right and then I kind of wanted to stop here from it because i know that this doesn't make a whole lot of sense as my buddy Tom sitting in the seat here can tell you it was kind of a beautiful mind moment that I had in a hotel room and I started like riding all over the mirror with a freaking you know expo marker and they start calling the people with the
you know the white jackets and stuff and they think I'm going crazy but the concept that we kind of got to last year was this what if I could create scalable profile pki designed for this concept of ubiquitous computing right we're talking about going to the cloud and how everything will just be application application I don't care about devices you know gugu prone for example right you know you're saved tabs I don't you know I can literally go on my iPhone and then go to my computer and the tabs are all the same and all these things you know how do you think that's happening it's you know the applications are talking to each other it's pfm so but
provides us with a means for active access control and the reason this becomes important is because right now everything that we have as far as most access control mechanisms are completely retroactive they are not they do not protect you into the future they do not make smart decisions necessarily based on the latest bit of information that's coming into them whether it be geoip or repute information or anything else it's not to say that they can't there are some people that are trying to do it and they fail massively that's all we have data loss prevention technologies and those works so well anybody implement those dlp yeah have fun with that so what if we could provide something
that's a little bit smarter than dlp that actually allows us to block something before it happens so we have some things like active access control blah blah blah i'm gonna keep going don't have too much time to go into this but we showed this slide last year and i just wanted to kind of go through it for purposes of kind of showing you know we have applications that are protected oh good lord go how users interact with applications they generate data they have identities that they're interacting with multiple devices and they create data you know we start to encrypt this data in context of domain and user identity instead of encrypting it for purposes of like
dropping it to a file system that data ownership and other things can be managed by a policy decision point that could be specific to an individual user where the user can make decisions on their own about how that data is accessed and shared and you know where you can control that's the concept of this talk which is allow myself to encrypt myself how can I maintain ownership of my data how can i prevent you know still interact with the facebooks and the other applications that I want to interact with but not necessarily provide them any information I can use their application I can generate data in context of that application but still ultimately control what they can and can't see and that
sounds pretty crazy like how do you how do you do that but they're there you know some interest is like said we've kind of outlined some of the ways that that could work the next piece of this is that we we kind of debunked or kind of throughout this concept that I have to keep that encryption keys public private keys are specific to users or applications or devices even what if I were to give what if I were to give public private keys to contexts to attributes in my architecture what if i were to encrypt things in the context of a role or a user role and so a domain can own you know a domain role can own
the public private keys and encrypt things specific or in context to it and because it owns those keys it can prevent data loss right you know if you come and request that data you have to request an unencrypted copy or a rien cryptid copy of the data so let's look at this so what if public product keys were more than just systems and users what if you know and I'd get this argument some people are going to talk about what about the overhead of this stuff the reality is all this stuff is really happening in the background where people are appending data and encrypting between services so I'll if you have time I can tell you why that's complete
bull crap what if keys were disposable just like sessions that if he gets compromised I don't care because I'm just going to you know the data ownership of it is still in context of a of a user of a domain just like you have with you know any other encrypt authentication mechanism that you have and what if we provided a simple mechanism to regenerate encryption keys so that we can take into this concept that things are automatically things are automatically you know that they're going to get compromised right so this is the patent last year we went through and and and I know this looks like insanity I'm going to try to go through it about like five
minutes worth of time which they're telling me I have um so last year out of the talk we we had some guys come up to us and they were like you can't talk about this you need to protect this stuff and I did not necessarily see that at all I had no idea why anybody would you know we were throwing out crap and seeing what stuck but so one of the things that this kind of takes into account we kind of hit on each of these and I'm going to try and draw it together here in the last five minutes and you have this concept of a trust domain which is most what most of us
interact with and this is the most common type of domain right where you have users and devices you have roles and identities and things like that that you interact with and you generate data in the context of and so I know that that's kind of small and stuff but really what we're showing is that a user interacts you know what creates an identity ultimately for a user is the interaction of multiple devices a device and application and a user login and things like that and then I can you know in the content i logged into a domain you know some type of triple-a or something like that and I you know have a user identity interaction and and all
these different types of things you kind of go down through this process and so ultimately these are you know this is kind of the shift where and the reason that devices and applications are outside of this trust domain is the concept that you know BYOD for example I'm no longer just these devices don't necessarily belong to an organization they're ubiquitous right I'm coming and going from them and organizations are allowing you to bring your you know own assets and things like that into the workplace so that aspect of those devices is becoming less and less relevant so what if we don't care about the devices what if we don't trust them so we talk about then we have data
domains and so we understand data domain their existing things out there so we have got abstracted data field so you have data fields and types that tie together to create objects and models and then you can create policy based off of you know if this IP plus this you know social security number plus this whatever you know you can start to create data models and relate objects to each other and they create context Lex it's not going to get into that too much because there's their stuff there but we're seeing this shift to kind of you know some of this user defined stuff so like data tagging within operating systems where you can create regardless
of where that data sits in the operating system you can have a tag or context that brings it all together and makes it relate to you so that's there it can get really granular it can not be so if you think about gmail labels like how do they how do they create those labels for you automatically that's it literally can be that simple how you create policy on these things so what if we extended this scheme and we took that idea of providing keys to more than just you know individual things we've ride it to policies and users devices and all this other type of stuff and we've got things like key management stuff like that it
makes things much more much more flexible what if we you know and it also starts to provide this this aspect of where we can do like real trust based modeling so we can extend the the amount of data that we can control access based on and that type of stuff I'm going to talk about this how the data protection domain kind of works I'm going to publish some of the stuff up and like I said I'm going through this very very fast I probably should've gone through the beginning stuff a lot faster but in a data protection domain so it's kind of the bridge between trust and data domains and so you create a context for
how data is interacted with how data gets encrypted and unencrypted and so you aggregate this policy you can provide extended schema protection so like if you want to some some of the one of the basic things that we talked about as inference based attacks and stuff like that you know if I'm providing you know how do i search for metadata or how do i search for data inside of encrypted data and some of those things if you've got questions that I'll bore the death you know bore you to death on that stuff but continue to talk about data protection domains you have you know data is published in the context of each individual application or each
individual piece that's requesting that data so talk about those verticals of devices and applications and other things each of those have encrypted data based on the public private keys for that particular instance of that piece of data so it provides a much more robust and less revealing piece of data encryption here so that the device only ever sees things that it absolutely needs to see to perform its function so the last piece of this that's that I'll really get into is process pipes and the aspect of process pipes in the framework or to allow existing technologies and future technologies to interact with the framework and the reality is is that we have no idea how we're going to use this
in the future we have no idea what applications are going to exist in what context we're going to want to interact with data how data is going to get generated and so forth you know existing triple-a services that are here now are going to be here in the future and so forth so what the framework gets away from it so we provide in multiple places aspects for process pipes to interact with data to provide like context for data loss prevention technologies or things like that to tag data it's so forth so we're staying away from identity and access management that's a process pipe we're staying away from and user and certificate management those tools and technologies exist that's a
process pipe data and storage and transport those processes exist we're not talking about those things we're talking about how to put them all together and a framework that allows you to protect your data and allows you to control your data and the aspect of how it's used in the future so one of the things that I had talked about last year was like data destruction through certificate revocation and the idea is that all this data is created with certificates that are managed by the the policy decision point and so if I realize that data has been compromised or maybe I see like a virus or piece of malware is running around my network I can instantly kill access to that piece
of mower by revoking the certificate because it has to have a certificate to be reversed and opened up into clear text to operate right buddy follow me I'm going really fast here so what does it do it provides some practical and protection mechanisms the framework assumes compromise right like so all I've got to do is just revoke these certificates and the data goes away right but that could have negative impacts as well but we can reinterpret the biggest thing is that it talks about is it requires more than just compromising a user's identity you would you know it's very easy to you'd have to compromise multiple aspects of the technology in multiple places to to
really get access to all the data to put it in complete context and so it's kind of a small slide there but some of the things that asymmetric encryption I'm going to see this and probably you know provides confidentiality men in the middle protection so some of the things like SSL and other symmetric ciphers are vulnerable to it provides a level of protection above that gives you integrity and non-repudiation which you do not have in current encryption implementations so it actually allows you to know what device what user what application all those different things that are important to you to develop to develop true context and IP and reputation policy and it also could require online access so that you know
somebody steals your data now and they take it off site and they want to crunch it they can't open it because they have to come back to you to get that data or to get the approved unencrypted version of that data re encrypted version of that data metadata tagging custom policy and context journaling machine-based ontology limits data exposure and inference attacks arm and this is I put this this in here on purpose I've gone curl side if you're not ready to kill yourself now so obviously some of the things that are so there you have to protect the keys but what we're providing is a mechanism where keys and key exposure is a little bit less
important so some of the things that we ran into pretty early when we started trying to test this was like impractical data types so like how do i encrypt you know streaming video or audio or something like that maybe I do or don't care but the reality is that we've kind of come up with some ways so what makes like symmetric key ciphers vulnerable to attack is you know intercepting the symmetric cipher on one end or the other but what if i used you know so those ciphers are much more efficient you know i'm not going to send every single video packet you know pki encrypted that would be very inefficient but what if I
exchange that symmetric key with those private keys that instantly allows me a little bit higher level of protection I know I had that non-repudiation stuff like that on the endpoints you know yeah it's still vulnerable to replay attacks but maybe that's you know that's worth it processing Network overhead we're talking about the future here right we're not going to have memory and disk space and other problems in the future I know yes there are tons of problems and tons of cool things to solve with this one thing that I didn't get to talk about last year was how do you attack the framework um and this was this was the biggest thing that people came up to
us afterwards was the second piece as patent trolls and until we started we had no idea we didn't really consider this concept is patentable but apparently it is and so that's the biggest vulnerability that I have right now is exposing you know a concept framework to you guys that somebody could then take and potentially patent and lock it down and prevent all of us from doing things with it but more likely things that are going to be that are going to be attacked as people are going to try to attack the rules attack the libraries you know das it's always a big deal race condition attacks I don't have time to talk about them but it's
the concept that you know I can if I can steal the data and compromise the keys before you can revoke them you know whatever that top finite time period is that I can then get access to all your data so I'm going to blow through this some of the things that reason to test this web ontology languages attribute based access control anybody that knows me will tell you I drink a lot of red bull and dang it and I have yet to grow any wings you got to love that like auto advancing slide type of deal so to keep you guys up to date combo provisional patent protection is there and in place since last year the the reason I
mentioned this is that I'm not an expert in this stuff so I need some help you know currently we're researching some of the most appropriate mechanisms to to release this as a open source framework that people could could leverage so on that note I ran out of time as I always do because I'd like to talk too much but I know it was good for Adrian he left but if you guys have any questions I appreciate guys listening and listening to me ramble some of the guys that contributed last year that were really influential and kind of advancing us to go to take this and get a patent and things like that so that the community
could continue to use it and to advance this concept so anyways thanks
doesn't also lie on the session layer can you tell me why not okay the reason it doesn't rely on the session layer is because the session layer has to enter like it has to take the data that it's receiving run it through an encryption library and bring it back so like you're rendering clear text into cipher text and sending ciphertext out so like even your session layer application is taking it and putting it through some type of presentation layer you know library to render it and do a format that it can then enter you know can send and interact with other set of session layer protocols OAC but isn't the session they are also important and encrypting
ourselves now nothing the framework represented I I mean now well I mean it's always there like the reality is is that like ssssh and old stuff yep the reason that ultimately those are compromises because data enters like data is unencrypted at SSH like it doesn't get encrypted until the session layer receives the clear text data sends it back through an application library and receives it again so instead of it always being like never going below the presentation layer encrypted like that's that's where the man in the middle attacks kind of come into places because if I can intercept it either above the presentation layer or below it those are the vulnerabilities so how can I keep
data in the application stack encrypted for as long as absolutely possible that's what this the concept of the application framework is about okay thank you sure terrible time for one more question are you concerned at all about something like governmental regulations saying that they have to backdoor it so that the NSA or the CIA or the FBI can read the subpoena the data the data absolutely and the reality is that there is absolutely no way that I could do that because the the idea is that this is just a framework we're not providing an encryption algorithm we're not providing any mechanisms for people to encrypt themselves we're not exporting anything that would be controlled all that type stuff right but
it could be a practical limitation in terms of how the government regulates the sort of implementation saying that Google has two always back door it or something like that right theoretically they could but the ultimately just like PGP and just like a lot of these other ones like if we as a user munity provide our own mechanism to do this so like yeah if you want to trust Google to provide you with this you know service or whatever absolutely i mean they can you're trusting them that they're doing the right thing with your data but the idea the framework is is that it's open and anybody can use it to create their own you know key server and
key management policy decision point and that type of stuff you know the pastas pipes are they are designed into the framework on purpose so that you can interact with the data or that you can you know provide data in a format that that is practical to your invitation but doesn't lock you out of using other applications and services well we have to leave it there with all tin foil hats firmly in place if anyone has any of the questions then feel free to hit evan up
Related talks
54:06
58:58
21:20
31:23
31:26
28:39