steve cornish - "passing sensitive data through the public domain"
TRANSCRIPT
![Page 1: Steve Cornish - "Passing Sensitive Data Through The Public Domain"](https://reader035.vdocuments.mx/reader035/viewer/2022062904/587c579b1a28abc62c8b7415/html5/thumbnails/1.jpg)
Passing Sensitive Data Through the Public DomainSteve Cornish
[email protected] | @stevesquirrol | linkedin.com/in/stevecornish
4th May 2016
![Page 2: Steve Cornish - "Passing Sensitive Data Through The Public Domain"](https://reader035.vdocuments.mx/reader035/viewer/2022062904/587c579b1a28abc62c8b7415/html5/thumbnails/2.jpg)
About meBy day…• Contracting Digital / Integration
Architect• Currently @ Vodafone
By night…• CTO of Squirrol – a Social Network for
Collectors• Cool tech• Pre-funding stage• Site is live: https://squirrol.com
![Page 3: Steve Cornish - "Passing Sensitive Data Through The Public Domain"](https://reader035.vdocuments.mx/reader035/viewer/2022062904/587c579b1a28abc62c8b7415/html5/thumbnails/3.jpg)
Why protect data?Public domain => Internet => untrusted network
• Is the integrity of the data important?• Is the privacy of the data important?
![Page 4: Steve Cornish - "Passing Sensitive Data Through The Public Domain"](https://reader035.vdocuments.mx/reader035/viewer/2022062904/587c579b1a28abc62c8b7415/html5/thumbnails/4.jpg)
Data Integrity / AuthenticationHMAC functions can be used to verify a message…
a) Comes from the expected sourceb) Has not been tampered with in flight
With HMAC, both the source and target generate a token (the MAC) from the message using a shared key which is compared to establish integrity.
![Page 5: Steve Cornish - "Passing Sensitive Data Through The Public Domain"](https://reader035.vdocuments.mx/reader035/viewer/2022062904/587c579b1a28abc62c8b7415/html5/thumbnails/5.jpg)
HMAC…
Message…
Generate MAC from message
Generate MAC from message
MAC 1
Shared Secret
Shared Secret
Source
Target
MAC 2 Compare MACs
![Page 6: Steve Cornish - "Passing Sensitive Data Through The Public Domain"](https://reader035.vdocuments.mx/reader035/viewer/2022062904/587c579b1a28abc62c8b7415/html5/thumbnails/6.jpg)
Data Privacy• Symmetric and Asymmetric cryptography can be used to secure
data in flight
• Symmetric encryption (e.g. AES):• The same key is used to encrypt the data and to decrypt the cipher
• Asymmetric encryption (”Public Key Cryptography” / PKI):• Consists of a public/private key pair• The data is encrypted using the public key, and decrypted using the private key
![Page 7: Steve Cornish - "Passing Sensitive Data Through The Public Domain"](https://reader035.vdocuments.mx/reader035/viewer/2022062904/587c579b1a28abc62c8b7415/html5/thumbnails/7.jpg)
Symmetric…
Message…
encrypt
decrypt…
Message…
110101010101001101010101011
Shared Key
Shared Key
Source
Target
![Page 8: Steve Cornish - "Passing Sensitive Data Through The Public Domain"](https://reader035.vdocuments.mx/reader035/viewer/2022062904/587c579b1a28abc62c8b7415/html5/thumbnails/8.jpg)
Asymmetric…
Message…
encrypt
decrypt…
Message…
110101010101001101010101011
(Target) Public Key
(Target) Private Key
Source
Target
![Page 9: Steve Cornish - "Passing Sensitive Data Through The Public Domain"](https://reader035.vdocuments.mx/reader035/viewer/2022062904/587c579b1a28abc62c8b7415/html5/thumbnails/9.jpg)
Summary• Data Integrity and Data Privacy are two concerns of Data Security• Data Integrity can be assured using HMACs• Data Privacy can be enforced using cryptography
Data Security is a big subject – we’ve only scratched the surface
![Page 10: Steve Cornish - "Passing Sensitive Data Through The Public Domain"](https://reader035.vdocuments.mx/reader035/viewer/2022062904/587c579b1a28abc62c8b7415/html5/thumbnails/10.jpg)
Thank you… Questions?
![Page 11: Steve Cornish - "Passing Sensitive Data Through The Public Domain"](https://reader035.vdocuments.mx/reader035/viewer/2022062904/587c579b1a28abc62c8b7415/html5/thumbnails/11.jpg)
AppendixPerformance• HMAC-SHA256
• 1m MACs in 4.76s• AES-128
• 1m encrypts in 2.54s• 1m decrypts in 2.13s
(Run on a 5 year old Dell Latitude E6410 with Core i5, 4GB RAM, Win 7 32-Bit…)