API

Keys of data protection

Kevin GEORGES


CTO at B•Sensory

@d33d33k


kevin@b-sensory.com

Founder @Ninfolab


Pillar @AnDaolVras


Organizer @SW_Brest


Develops musical entertainment for childrens @astropolis

OAuth2 is your friend

Resource Server

Client Application

Authorization Server

Tokens

Access Token

Refresh token

How to build smart and strong tokens

Smart first

JWT

JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.

JWT - Details

• Based on JSON

• Digitally signed 

• Compact            

• Self-contained   

JWT - How it's made

Always double protect

AES

The Advanced Encryption Standard or AES is a symmetric block cipher used to protect information and is implemented in software and hardware throughout the world to encrypt sensitive data.

AES - Details

• Symmetric block cipher

• Multiple mode of operation

• Faster than asymmetric encryption

AES - How it's work

AES - Always use IV

Makes each cipher unique

Hide patterns in encrypted data

AES - Always check signature

Use mode of operation that provide data authenticity


AES-256-GCM is a good pick ;)

Take time

Password-Based Key Derivation

A password-based key derivation function (password-based KDF) is generally designed to be computationally intensive, so that it takes a relatively long time to compute (say on the order of several hundred milliseconds).

Password-Based Key Derivation - Scrypt

• Designed to use a large amount of memory

• Use salt                                                               

• Cost parameter                                                 

Password-Based Key Derivation - PBKDF2

• User chosen pseudorandom function (sha, hmac)

• Use salt                                                                          

• Number of iterations parameter                                

Don't speak too much

Constant time

Autonomous validation

Data exchange

Encrypt

Sign

Data storage

Encrypt and sign in your software

Hash for index

Key storage

Vault

Vault - Detail

• Secures, stores, and tightly controls access to secrets

• Shamir's Secret                                                                    

• Multiple authentication scheme                                       



https://www.vaultproject.io/

Or Oss

https://github.com/hbs/oss

Thank's for your attention

Create a presentation like this one
Share it on social medias
Share it on your own
Share it on social medias
Share it on your own

How to export your presentation

Please use Google Chrome to obtain the best export results.


How to export your presentation

Web2Day

by kevinc2f

22 views

Public - 6/9/16, 12:30 PM