Keys of data protection


CTO at B•Sensory



Founder @Ninfolab

Pillar @AnDaolVras

Organizer @SW_Brest

Develops musical entertainment for childrens @astropolis

OAuth2 is your friend

Resource Server

Client Application

Authorization Server


Access Token

Refresh token

How to build smart and strong tokens

Smart first


JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.

JWT - Details

• Based on JSON

• Digitally signed 

• Compact            

• Self-contained   

JWT - How it's made

Always double protect


The Advanced Encryption Standard or AES is a symmetric block cipher used to protect information and is implemented in software and hardware throughout the world to encrypt sensitive data.

AES - Details

• Symmetric block cipher

• Multiple mode of operation

• Faster than asymmetric encryption

AES - How it's work

AES - Always use IV

Makes each cipher unique

Hide patterns in encrypted data

AES - Always check signature

Use mode of operation that provide data authenticity

AES-256-GCM is a good pick ;)

Take time

Password-Based Key Derivation

A password-based key derivation function (password-based KDF) is generally designed to be computationally intensive, so that it takes a relatively long time to compute (say on the order of several hundred milliseconds).

Password-Based Key Derivation - Scrypt

• Designed to use a large amount of memory

• Use salt                                                               

• Cost parameter                                                 

Password-Based Key Derivation - PBKDF2

• User chosen pseudorandom function (sha, hmac)

• Use salt                                                                          

• Number of iterations parameter                                

Don't speak too much

Constant time

Autonomous validation

Data exchange



Data storage

Encrypt and sign in your software

Hash for index

Key storage


Vault - Detail

• Secures, stores, and tightly controls access to secrets

• Shamir's Secret                                                                    

• Multiple authentication scheme                                       


Or Oss


Thank's for your attention

Create a presentation like this one
Share it on social medias
Share it on your own
Share it on social medias
Share it on your own

How to export your presentation

Please use Google Chrome to obtain the best export results.

How to export your presentation


by kevinc2f


Public - 6/9/16, 12:30 PM