steve cornish - "passing sensitive data through the public domain"
TRANSCRIPT
Passing Sensitive Data Through the Public DomainSteve Cornish
[email protected] | @stevesquirrol | linkedin.com/in/stevecornish
4th May 2016
About meBy day…• Contracting Digital / Integration
Architect• Currently @ Vodafone
By night…• CTO of Squirrol – a Social Network for
Collectors• Cool tech• Pre-funding stage• Site is live: https://squirrol.com
Why protect data?Public domain => Internet => untrusted network
• Is the integrity of the data important?• Is the privacy of the data important?
Data Integrity / AuthenticationHMAC functions can be used to verify a message…
a) Comes from the expected sourceb) Has not been tampered with in flight
With HMAC, both the source and target generate a token (the MAC) from the message using a shared key which is compared to establish integrity.
HMAC…
Message…
Generate MAC from message
Generate MAC from message
MAC 1
Shared Secret
Shared Secret
Source
Target
MAC 2 Compare MACs
Data Privacy• Symmetric and Asymmetric cryptography can be used to secure
data in flight
• Symmetric encryption (e.g. AES):• The same key is used to encrypt the data and to decrypt the cipher
• Asymmetric encryption (”Public Key Cryptography” / PKI):• Consists of a public/private key pair• The data is encrypted using the public key, and decrypted using the private key
Symmetric…
Message…
encrypt
decrypt…
Message…
110101010101001101010101011
Shared Key
Shared Key
Source
Target
Asymmetric…
Message…
encrypt
decrypt…
Message…
110101010101001101010101011
(Target) Public Key
(Target) Private Key
Source
Target
Summary• Data Integrity and Data Privacy are two concerns of Data Security• Data Integrity can be assured using HMACs• Data Privacy can be enforced using cryptography
Data Security is a big subject – we’ve only scratched the surface
Thank you… Questions?
AppendixPerformance• HMAC-SHA256
• 1m MACs in 4.76s• AES-128
• 1m encrypts in 2.54s• 1m decrypts in 2.13s
(Run on a 5 year old Dell Latitude E6410 with Core i5, 4GB RAM, Win 7 32-Bit…)