End-to-End Encryption of Distributed Applications

End-to-End Encryption in Distributed Applications

@jeffinkoguru – emailme@jeffinko.guru

Hi, I'm Jeff

The need for applications to speak in encryptedmessages is no longer an after-thought it is

a requirement

What is End-to-End Encryption?

A method of communicating where only theauthorized users can read the messages

This method is used by apps like WhatsApp & Signal

It prevents man-in-the-middle attacks

If done right, you need physical accessto read the communications

Even if an ISP is asked to supply a customerscommunications, it will only appear as..

The recent WikiLeaks show that even.. The CIA could not break End-to-End Encryption

They had to create malware that “uses” the app onyour phone in order to read the messages.

Keyloggers that capture the message as youenter it into the program before it is encrypted

So how do we implement this?

We want our system to be as secure as possible

We don't want to store our keys somewherethey can be hacked/stolen. They need to be

generated and one-time use only.

Give Me Your Keys!!!

What Keys?

When encrypting our messages, we also don'twant to know the password. They need to be

generated and one-time use only.

We want to use the strongest encryption available

Not SHA-1 ;)

Thanks Google!

We want to sign our message so weknow it was not tampered with during transit.

We don't want someone monitoring our networktraffic to easily recognize the format of our

messages. The structure should be random.

What are some of options we have?

Option 01:

JSON Web Tokens

Output:

Our Code:

The Benefits

Our payload is encrypted into a small packet

We can use different algorithms

The Problems

There are too many constants, even when thepayload and secret are different

This is partly because the header containsinformation about what algorithm

is used and the type of token

So it will remain constant if these are the same

The separator is always a period

The secret is embedded into our code

Is there a better way?

Option 02:

blanket

Output:

Our Code:

The Benefits

Our outputs are more randomized than in JWT

The secret is generated for us and destroyed after use

The Problems

Our separator could be more random

It is currently a random three digit number

The message size is much bigger

The Differences

JWT blanket

In JSON Web Tokens (JWT)

Even with a new secret, parts of the message structure and output are always the same

In blanket

Our secret is random and the output is always different,

even with the same input

Things We Can Improve

We can randomize the size and location of theseparator to further disguise the

structure of our messages

We can use a hardware secret generator

Like YubiKey or Embedded Chips

Over time our own sequence, even though morerandom, could be discovered. So we should

constantly improve our own code and think of ways to break it

Nothing is ever “secure enough”!

For more information you can visit..

github.com/jpadilla/pyjwt

github.com/JeffinkoGuru/blanket

Thank You!

Questions?

End-to-End Encryption of Distributed Applications

Presentations & Public Speaking

on End-to-end Encryption For Cloud-based Services · On End-to-end encryption for Cloud-based ... with weak secrets for secure key ... added as an essential security feature in most

JEDI: Many-to-Many End-to-End Encryption and Key Delegation for … · 2019-08-19 · JEDI: Many-to-Many End-to-End Encryption and Key Delegation for IoT Sam Kumar, Yuncong Hu, Michael

End-to-End Voice Encryption over GSM

End to End Encryption using QKD Algorithm

Breaking Message Integrity of an End-to-End Encryption ... · encryption break. Key words: E2EE, LINE, key exchange, group message, authenticated encryption 1 Introduction 1.1 Background

JEDI: Many-to-Many End-to-End Encryption and Key ...raluca/JEDIFinal.pdfJEDI: Many-to-Many End-to-End Encryption and Key Delegation for IoT Sam Kumar, Yuncong Hu, Michael P Andersen,

Dell EMC PowerMax: End-to-End Efficient Encryption...Efficient encryption with PowerMax 10 Dell EMC PowerMax: End-to-End Efficient Encryption | H18483 You can set a volume as encryption

XMC20 SECU1 Unit for highly secure end-to-end encryption ... · XMC20 SECU1 Unit for highly secure end-to-end encryption in mission-critical communication networks The encryption

AVG Encrypted Email · Transparent Email Encryption Public encryption keys are automatically retrieved and distributed enabling transparent email encryption between all encryption

Alcatel-Lucent network group encryption - · PDF fileAlcatel-Lucent network group encryption Seamless encryption for mission-critical networks ... complete solution to implement end-to-end

Enable End to End Encryption feature for HP Access Control

NetMatrix TLE Terminal Line Encryption, point-to-point encryption (P2PE), PCI-DSS compliance, SPVA certified, DUKPT, 3DES, DES, AES, End-to-end encryption (E2EE), Multiple MACing algorithms,

Encrypted Distributed Hash TablesDHTs and end-to-end encryption. As discussed, DHTs are a fundamental building block in distributed systems with applications ranging from CDNs to blockchains

TETRA handheld radio - Hytera · Air interface encryption (TEA1, TEA2 *, TEA3, TEA4) End-to-end encryption (E2EE) TETRA security classes 1, 2, 3 – non-encrypted, static encryption

End to End Orchestration of Distributed Cloud … · End to End Orchestration of Distributed Cloud Applications Saeed Arezoumand Master of Applied Science Department of Electrical

REVERSE ENGINEERING WHATSAPP ENCRYPTION FOR …...with WhatsApp to provide end-to-end encryption by incorporating the Signal Protocol into each WhatsApp client platform. On April 5,

LH* RE : A Scalable Distributed Data Structure with Recoverable Encryption

PaaSword - Distributed Searchable Encryption Engine

End to End Encryption in 10 minutes -

In Encryption We Don’t Trust: The Effect of End-To-End