Conference: Nov 5-7, 2018
Workshops: Nov 8–9, 2018
Presentation: Abstractions to Help Developers Write Good Crypto
Share this on:
What You’ll Learn
- Find out what are some of the mistakes people make using cryptography.
- Hear why googling for a cryptography answer to a problem may lead to the wrong solution.
- Learn from code samples the correct way to use certain Android cryptography libraries.
Abstract
More developers are writing cryptographic code, especially in regulated sectors like health care and financial services, but the code suffers from a combination of poor programming interfaces and a lack of developer training. In one study, 83% of cryptographic flaws (CVEs) were due to programmer misuse of otherwise correct libraries. While solutions like LetsEncrypt have made HTTPS cheaper, encryption of data in transit only covers a small part of the problem space. End-to-end crypto is an important approach, and is getting more widespread, but can programmers implement it securely?
In this talk, we will discuss the impact of programming abstractions on the correctness of cryptographic code, and show why some cryptographic libraries succeed in helping the programmers Do The Right Thing, and why some fail.
Interview
Tozny is a cryptography company that builds software tools for computer programmers. Just as cryptography is difficult for end users, cryptography software tools for developers are quite challenging too. Our focus is to make those tools easier to use for developers.
We did some research to understand what mistakes people make in implementing cryptography. This came about because I asked a developer to implement something for me using a basic cipher, and the implementation they came back with was incorrect. To fix it, I tried to find an example of a correct implementation on Stack Overflow, but I could not actually find one that was correct! I had to do a significant amount of research myself in making sure that I was using the Java/Android libraries for cryptography correctly, and eventually we actually built an open source library that's very popular. It's used by Fortune 500 companies, and big or small open source projects. It does one thing and it does it well: it encrypts strings using the Android / Java cryptographic libraries correctly. So, the motivation for this talk is helping people understand what's hard and what's easy about cryptography, and the fact that solving problems in cryptography is not exactly the same as a lot of other areas. Googling for answers or finding them on Stack Overflow is not going to work well for cryptography problems.
First, I’ll set the context of the problem by reviewing some of the research that academics have done, that commercial industry has done, and a little bit of what we did to ourselves to validate the problem. There is good academic research out there showing that 80% of cryptography CVEs are misuse of libraries. That’s programmers using otherwise correct cryptographic libraries incorrectly. I’ll illustrate this with a few Java examples since the QCon audience is mostly very familiar with Java; these examples will resonate very well with them. These include some clear examples of what you would find if you tried to solve a simple problem, for example how to encrypt strings in Android. You can try to solve that problem using the typical approach of just Googling for the answer or finding code that seems to work. Then I will dive in some specific code problems. It's like 10 lines of code but there are five errors in it. I go into each of those errors and help people understand why it's a problem. What security property that you've now lost because you used this code. And then we'll take a deep dive in a couple of those to give people some intuition for the statistics of why key generation works in one way versus another way, and that would be fairly visual.
We'll use our library as an example of how to do things more correctly. It's open source, it is all free. We won't be marketing it, but we used the open source library to validate that this was a big problem, then we built a whole product that's cross-platform to address it in a more robust way. This is something anyone can try out for free of course.
In the end, we want everyone to come away with some new knowledge of common pitfalls and a few nice reasoning and technical tools they can apply to the problem of securing private information.
Similar Talks
.
Tracks
-
Architectures You've Always Wondered About
Architectural practices from the world's most well-known properties, featuring startups, massive scale, evolving architectures, and software tools used by nearly all of us.
-
Going Serverless
Learn about the state of Serverless & how to successfully leverage it! Lessons learned in the track hit on security, scalability, IoT, and offer warnings to watch out for.
-
Microservices: Patterns and Practices
Stories of success and failure building modern Microservices, including event sourcing, reactive, decomposition, & more.
-
DevOps: You Build It, You Run It
Pushing DevOps beyond adoption into cultural change. Hear about designing resilience, managing alerting, CI/CD lessons, & security. Features lessons from open source, Linkedin, Netflix, Financial Times, & more.
-
The Art of Chaos Engineering
Failure is going to happen - Are you ready? Chaos engineering is an emerging discipline - What is the state of the art?
-
The Whole Engineer
Success as an engineer is more than writing code. Hear inward looking thoughts on inclusion, attitude, leadership, remote working, and not becoming the brilliant jerk.
-
Evolving Java
Java continues to evolve & change. Track covers Spring 5, async, Kotlin, serverless, the 6-month cadence plans, & AI/ML use cases.
-
Security: Attacking and Defending
Offense and defensive security evolution that application developers should know about including SGX Enclaves, effects of AI, software exploitation techniques, & crowd defense
-
The Practice & Frontiers of AI
Learn about machine learning in practice and on the horizon. Learn about ML at Quora, Uber's Michelangelo, ML workflow with Netflix Meson and topics on Bots, Conversational interfaces, automation, and deployment practices in the space.
-
21st Century Languages
Compile to Native, Microservices, Machine learning... tailor-made languages solving modern challenges, featuring use cases around Go, Rust, C#, and Elm.
-
Modern CS in the Real World
Applied trends in Computer Science that are likely to affect Software Engineers today. Topics include category theory, crypto, CRDT's, logic-based automated reasoning, and more.
-
Stream Processing In The Modern Age
Compelling applications of stream processing using Flink, Beam, Spark, Strymon & recent advances in the field, including Custom Windowing, Stateful Streaming, SQL over Streams.
-
Performance Mythbusting
Real world, applied performance proofs across stacks. Hear performance consideratiosn for .NET, Python, & Java. Learn performance use cases with OpenJ9, Instagram, and Netflix.
-
Tools and Culture: What's Beyond a Stack of Containers?
Containers are not just a techology. It's a platform. Push your knowledge.
-
Web as Platform
All things Browser, from JavaScript Frameworks for animation and AR / VR to Web Assembly and from protocol work to open standards evolution.
-
Beyond Being an Individual Contributor
Beyond being an individual contributor. Building and Evolving managers and tech leadership.
-
Building Great Engineering Cultures
Why engineering culture matters. Track features org scaling, memes as a culture tool, Ally skills, and panels on diversity / inclusion.
-
Hardware Frontiers: Changes Affecting Software Developers Today
Topics around: Quantum computing, NVM, SMR, GPU, custom hardware, self-driving cars, and mobile hardware.