uvic startup slam september 2014 (kiind)

Practical Cryptography

• A brief introduction to one-way cryptography: cryptographic hashing and hash-based message authentication code (HMAC).

• Diving deep: HMAC in our API keys to protect our infrastructure

• Questions

Agenda

• A cryptographic hash function: a one way cryptographic function that is practically impossible to invert.

• H(“This is my input, called a message”) -> Ro0CUfOqk6cXEKf3d

Cryptography intro: hashes

H(“This is my input, called a message”) -> Ro0CUfOqk6cXEKf3d

---

‣ it is infeasible to generate a message that has a given hash

‣ it is infeasible to modify a message without changing the hash

‣ The hash cannot be used to reconstruct any part of the message

Cryptography intro: properties of a good hash

• Computing a hash before sending and after receiving a large message ensures the message was unchanged.

‣ Software or other large file download pages online may have a hash of the file in question.

Hashes on their own: integrity

Hashes on their own: integrity

• Using cryptographic hashes to determine equality without ever needing to store the original message is a powerful, commonly used tool.

• Every site you create an account on stores a hash of your password, not the password itself.

‣ When you try and log in, the hash of your attempt is compared against the stored hash

Hashes on their own: integrity

• Hashes give you integrity and let you know if a message was unintentionally changed, but not where the message came from, as anyone can create a hash. This matters.

• By using a carefully guarded secret key and an HMAC algorithm, only the holder(s) of the key can validate a supplied hash produced with that key as good. This is called ‘authenticity’

Adding Authenticity:Hashed based Message Authentication Code(HMAC)

• Integrity+Authenticity: I know this message came from me originally (in our case, we don’t share the secret key with anyone), and is unchanged.

Adding authenticity:Hashed based Message Authentication Code(HMAC)

• Standard API authentication without using any cryptography:

• API access consists of:

• UserId

• Id of some user database object

• Secret Key

• Long random string of characters

Diving deep: HMAC as infrastructure protectionTraditional API access

• Why Might this be a problem?

• We need to hit the database before we know if you are a valid user

• We need to hit the database before we know if you have

permission to use this resource

• Traditional API access is incredibly sensitive to brute force attempts

and DOS attacks

Diving deep: HMAC as infrastructure protectionTraditional API access

• Goal:

• Authentication without hitting the database.

• How?

• API authentication using keys with HMAC

Diving deep: HMAC as infrastructure protection

• What do we want?

• TokenId

• Expiry

• Roles

• JWT: JSON Web Token

Diving deep: Adding Encryption With JWT

Token: {

“t” : 7849334 , “x” : ”2014-09-20 13:00:00” , ”r” : [ “send” , ”redeem” ]

}

Diving deep: Adding Encryption With JWT

• Header:• { "typ" : "JWT" , "alg" : "HS256" }

• Payload:• { “u” : ”U784K9334” ,

“x” : ”2014-09-20 13:00:00” , ”r” : [ “send” , ”redeem” ] }

Diving deep: Adding Encryption With JWT

Base64 encode the header and the payload

• Header:• eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9

• Payload:• eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogI

mh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ

Diving deep: Adding Encryption With JWT

Create a signature using HMAC and our secret key

• Header:• eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9

• Payload:• eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogI

mh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ• Signature:

• H( k, header + payload )

Diving deep: Adding Encryption With JWT

Create a signature using HMAC and our secret key

• Header:• eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9

• Payload:• eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogI

mh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ• Signature:

• dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk

Diving deep: Adding Encryption With JWT

Concat the header and payload and signature

Token: • eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9·eyJpc3MiOiJqb2UiLA

0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ·dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk

Diving deep: Adding Encryption With JWT

What can we do with our signed token that cannot be done with traditional api user ids and keys?

• Validate a user

• Validate a user’s roles

• Check the token expiry

• Ensure that the token has not been modified

All without hitting the database.

Diving deep: Adding Encryption With JWTAdding it all up

http://knd.am/XwTqwrfWv3j

We use a similar practice on our gift URL shortlinks

http://knd.am/ XwTqwrfWv 3j

S( k, “XwTqwrfWv” ) = ”3j”

We use a similar practice on our gift URL shortlinks

Questions