QCon Munich 2020 has been canceled. See our current virtual and in-person events.

You are viewing content from a past/completed QCon -

Presentation: Abstractions to Help Developers Write Good Crypto

Track: Modern CS in the Real World

Location: Pacific DEKJ

Day of week: Wednesday

Slides: Download Slides

Level: Advanced

Persona: Developer, General Software

What You’ll Learn

  • Find out what are some of the mistakes people make using cryptography.
  • Hear why googling for a cryptography answer to a problem may lead to the wrong solution.
  • Learn from code samples the correct way to use certain Android cryptography libraries.

Abstract

More developers are writing cryptographic code, especially in regulated sectors like health care and financial services, but the code suffers from a combination of poor programming interfaces and a lack of developer training. In one study, 83% of cryptographic flaws (CVEs) were due to programmer misuse of otherwise correct libraries. While solutions like LetsEncrypt have made HTTPS cheaper, encryption of data in transit only covers a small part of the problem space. End-to-end crypto is an important approach, and is getting more widespread, but can programmers implement it securely?

In this talk, we will discuss the impact of programming abstractions on the correctness of cryptographic code, and show why some cryptographic libraries succeed in helping the programmers Do The Right Thing, and why some fail.

Question: 

Tell us about what you are doing.

Answer: 

Tozny is a cryptography company that builds software tools for computer programmers. Just as cryptography is difficult for end users, cryptography software tools for developers are quite challenging too. Our focus is to make those tools easier to use for developers.

Question: 

What is the motivation for your talk?

Answer: 

We did some research to understand what mistakes people make in implementing cryptography. This came about because I asked a developer to implement something for me using a basic cipher, and the implementation they came back with was incorrect. To fix it, I tried to find an example of a correct implementation on Stack Overflow, but I could not actually find one that was correct! I had to do a significant amount of research myself in making sure that I was using the Java/Android libraries for cryptography correctly, and eventually we actually built an open source library that's very popular. It's used by Fortune 500 companies, and big or small open source projects. It does one thing and it does it well: it encrypts strings using the Android / Java cryptographic libraries correctly. So, the motivation for this talk is helping people understand what's hard and what's easy about cryptography, and the fact that solving problems in cryptography is not exactly the same as a lot of other areas. Googling for answers or finding them on Stack Overflow is not going to work well for cryptography problems.

Question: 

What is the structure of the talk?

Answer: 

First, I’ll set the context of the problem by reviewing some of the research that academics have done, that commercial industry has done, and a little bit of what we did to ourselves to validate the problem. There is good academic research out there showing that 80% of cryptography CVEs are misuse of libraries. That’s programmers using otherwise correct cryptographic libraries incorrectly. I’ll illustrate this with a few Java examples since the QCon audience is mostly very familiar with Java; these examples will resonate very well with them. These include some clear examples of what you would find if you tried to solve a simple problem, for example how to encrypt strings in Android. You can try to solve that problem using the typical approach of just Googling for the answer or finding code that seems to work. Then I will dive in some specific code problems. It's like 10 lines of code but there are five errors in it. I go into each of those errors and help people understand why it's a problem. What security property that you've now lost because you used this code. And then we'll take a deep dive in a couple of those to give people some intuition for the statistics of why key generation works in one way versus another way, and that would be fairly visual.

We'll use our library as an example of how to do things more correctly. It's open source, it is all free. We won't be marketing it, but we used the open source library to validate that this was a big problem, then we built a whole product that's cross-platform to address it in a more robust way. This is something anyone can try out for free of course.

In the end, we want everyone to come away with some new knowledge of common pitfalls and a few nice reasoning and technical tools they can apply to the problem of securing private information.

Speaker: Isaac Potoczny-Jones

Founder @Tozny & Authentication and Privacy Specialist

Isaac is the founder and CEO of Tozny, LLC, a privacy and security company specializing in easy to use cryptographic toolkits for developers. Isaac’s work in cybersecurity spans open source, the public sector, and commercial companies. His projects have included end-to-end encryption for privacy in human subject research, secure cross-domain collaboration, identity management, anonymous authorization, mobile password-free authentication, anti-forgery in hardware devices, and privacy-preserving authentication. He has worked with agencies including DARPA, the Navy, Air Force Research Laboratory, the Department of Homeland Security, the National Institute of Standards and Technologies, and other elements of the DoD and intelligence communities.  Isaac is an active open source developer in the areas of cryptography and programming languages. Education: B.S. in computer science, M.S. in Cybersecurity.

Find Isaac Potoczny-Jones at

Last Year's Tracks

  • Monday, 16 November

  • Clientside: From WASM to Browser Applications

    Dive into some of the technologies that can be leveraged to ultimately deliver a more impactful interaction between the user and client.

  • Languages of Infra

    More than just Infrastructure as a Service, today we have libraries, languages, and platforms that help us define our infra. Languages of Infra explore languages and libraries being used today to build modern cloud native architectures.

  • Mechanical Sympathy: The Software/Hardware Divide

    Understanding the Hardware Makes You a Better Developer

  • Paths to Production: Deployment Pipelines as a Competitive Advantage

    Deployment pipelines allow us to push to production at ever increasing volume. Paths to production looks at how some of software's most well known shops continuous deliver code.

  • Java, The Platform

    Mobile, Micro, Modular: The platform continues to evolve and change. Discover how the platform continues to drive us forward.

  • Security for Engineers

    How to build secure, yet usable, systems from the engineer's perspective.

  • Tuesday, 17 November

  • Modern Data Engineering

    The innovations necessary to build towards a fully automated decentralized data warehouse.

  • Machine Learning for the Software Engineer

    AI and machine learning are more approachable than ever. Discover how ML, deep learning, and other modern approaches are being used in practice by Software Engineers.

  • Inclusion & Diversity in Tech

    The road map to an inclusive and diverse tech organization. *Diversity & Inclusion defined as the inclusion of all individuals in an within tech, regardless of gender, religion, ethnicity, race, age, sexual orientation, and physical or mental fitness.

  • Architectures You've Always Wondered About

    How do they do it? In QCon's marquee Architectures track, we learn what it takes to operate at large scale from well-known names in our industry. You will take away hard-earned architectural lessons on scalability, reliability, throughput, and performance.

  • Architecting for Confidence: Building Resilient Systems

    Your system will fail. Build systems with the confidence to know when they do and you won’t.

  • Remotely Productive: Remote Teams & Software

    More and more companies are moving to remote work. How do you build, work on, and lead teams remotely?

  • Wednesday, 18 November

  • Operating Microservices

    Building and operating distributed systems is hard, and microservices are no different. Learn strategies for not just building a service but operating them at scale.

  • Distributed Systems for Developers

    Computer science in practice. An applied track that fuses together the human side of computer science with the technical choices that are made along the way

  • The Future of APIs

    Web-based API continue to evolve. The track provides the what, how, and why of future APIs, including GraphQL, Backend for Frontend, gRPC, & ReST

  • Resurgence of Functional Programming

    What was once a paradigm shift in how we thought of programming languages is now main stream in nearly all modern languages. Hear how software shops are infusing concepts like pure functions and immutablity into their architectures and design choices.

  • Social Responsibility: Implications of Building Modern Software

    Software has an ever increasing impact on individuals and society. Understanding these implications helps build software that works for all users

  • Non-Technical Skills for Technical Folks

    To be an effective engineer, requires more than great coding skills. Learn the subtle arts of the tech lead, including empathy, communication, and organization.