Medium.com/Prof Bill Buchanan OBE: Goodbye OpenSSL, and Hello To Google Tink

ASecuritySite: When Bob Met Alice
Member preview
Go to the profile of Prof Bill Buchanan OBE
Prof Bill Buchanan OBE
Prof at Napier. Serial innovator. Crypto Punk. Believer in fairness, justice & freedom. EU Citizen. Auld Reekie native. Old World Breaker. New World Creator.
Aug 30
Goodbye OpenSSL, and Hello To Google Tink

Which program has never reached Version 1.2, but is used as a core of security on the Internet? OpenSSL.

OpenSSL has caused so many problems in the industry including the most severe with Heartbleed. The problem with it is that it has been cobbled together and maintained on a shoe-string budget. Google, though, have been driving cryptography standards, and especially for the adoption of HTTPs.

And so Google have released Tink which is a multi-language, cross-platform cryptographic library. With OpenSSL we have complex bindings and which were often focused on specific systems, such as for DLLs in Windows systems. Tink is open-source and focuses on creating simple APIs and which should make the infrastructure more portable.

To overcome the problems caused by OpenSSL, Amazon too created their own stack: s2n (signal to noise), with a core focus on improving TLS (Transport Layer Security) and using a lighter weight approach. This follows Google’s release of BoringSSL and OpenBSD’s LibreSSL (and which were forks from OpenSSL). Each have defined smaller and more stripped down versions that implement the basic functionality of SSL/TLS. Overall s2n uses only 6,000 lines of code, but, of course, this is likely to increase with new versions, as it is only a basic implementation.

s2n is open source and hosted in GitHub allowing others to view and review the code, along with it being difficult to actually delete a project which is hosted there. Along with this, GitHub allows for a forking of the project, to support new features which the core version does not want to support.

What is interesting too, is that Amazon have generally taken security seriously, and has respond well to bugs found by the community. This includes working with researchers and academics on new addressing bugs.

Problems, too, have been discovered in the random generator for the key generation (one for public and one for the private key), and s2n uses two separate random number generators, which many would struggle to see the advantage of this, but perhaps time will tell.
Meet Tink
Ref: https://en.wikipedia.org/wiki/Authenticated_encryption

For Tink — based on BoringSSL and now at Version 1.2.0 — the adoption has been good and is already integrated into AdMob, Google Pay, Google Assistant, and Firebase. It also integrates AEAD (Authenticated encryption AE and authenticated encryption with associated data) methods and which integrates encryption keys, a hash function, and a message authentication code (MAC). Google, too, have analysed many cryptography weaknesses and have created code which addresses many of these problems.

The minimal standards for AEAD include [RFC5116]:

    The plaintext and associated data can have any length (from 0 to 2³² bytes).
    Supports 80-bit authentication.
    CCA2 security (adaptive chosen-ciphertext attack).

Sample code

A basic cryptography operation is to use symmetric key encryption, and where Bob and Alice use the same key to encrypt and also to decrypt. Either Bob creates the key, and then passes it securely to Alice, or they use a key exchange method to generate a shared key:

Tink aims to simplify encryption processing and use the best methods possible for encryption. In the following we encrypt a string (“napier”) with a key of “qwerty123”:

package com.helloworld;

import com.google.crypto.tink.aead.AeadConfig;
import java.security.GeneralSecurityException;

import com.google.crypto.tink.Aead;
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.aead.AeadFactory;
import com.google.crypto.tink.aead.AeadKeyTemplates;

public final class HelloWorld {
  public static void main(String[] args) throws Exception {

AeadConfig.register();

try {

KeysetHandle keysetHandle = KeysetHandle.generateNew(AeadKeyTemplates.AES128_GCM);

Aead aead = AeadFactory.getPrimitive(keysetHandle);

String plaintext="napier";

String aad="qwerty123";

System.out.println("Text:"+plaintext);
    byte[] ciphertext = aead.encrypt(plaintext.getBytes(), aad.getBytes());
    System.out.println("Cipher:"+ciphertext.toString());

byte[] decrypted = aead.decrypt(ciphertext, aad.getBytes());
    String s = new String(decrypted);
    System.out.println("Text:"+s);

} catch (GeneralSecurityException e) {
      System.out.println(e);
      System.exit(1);
    }

}
}

A sample run proves the process:

Text:  hello123
Password: qwerty
Type:  1
Enc type: 128-bit AES GCM

Cipher: AQbLoE0ino8ofgrvuSSLOKTaYjdPc/ovwWznuMeYfjP+TO1fc6cn7DE=

Cipher: 4151624C6F4530696E6F386F666772767553534C4F4B5461596A6450632F6F7677577A6E754D6559666A502B544F31666336636E3744453D

Decrypted: hello123

In this case we use 128-bit AES with GCM (Galois/counter mode). Our AEAD object is created with:

KeysetHandle keysetHandle = KeysetHandle.generateNew(AeadKeyTemplates.AES128_GCM);

Aead aead = AeadFactory.getPrimitive(keysetHandle);

and then the encrypt() and decrypt() methods are used to create the cipher stream and then decipher it.

A demo of these methods is here.

Google aims to focus the industry on strong encryption methods using AEAD and with integrated authentication: AES-EAX (encrypt-then-authenticate-then-translate), AES-GCM, AES-CTR-HMAC (Counter reset), KMS Envelope. For streaming encryption these methods are converted into: AES-GCM-HKDF-STREAMING, and AES-CTR-HMAC-STREAMING .

This AeadKeyTemplates object has the following properties:

    AES128_CTR_HMAC_SHA25. 16 byte AES key size. IV size: 16 bytes. HMAC key size: 32 bytes.HMAC tag size: 16 bytes. HMAC hash function: SHA256
    AES128_EAX. Key size: 16 bytes. IV size: 16 bytes.
    AES128_GCM Key size: 16 bytes.
    AES256_CTR_HMAC_SHA25. AES key size: 32 bytes. AES IV size: 16 bytes . HMAC key size: 32 bytes. HMAC tag size: 32 bytes. HMAC hash function: SHA256
    AES256_EAX. Key size: 32 bytes. IV size: 16 bytes
    AES256_GCM. Key size: 32 bytes.
    CHACHA20_POLY1305.

Here is an example of creating a stream cipher from AES:
Which Encryption Process Encrypts on Either Side?

Making stream ciphers from AES: CFB Mode
medium.com
Conclusions

Google is changing the world of encryption for the better, and forcing developers to use a good standard (AEAD), and where there is embedded authentication of the cryptography used.

Here is an example of using MAC tags with Tink:
Proving Messages and That Bob Is Still Sending Them: MAC With Google Tink

Google Tink is an open source repository for the integration of cryptography methods. It uses best practice in order to…
medium.com

and for digital signing:
Proving Bob is “Bob”: Using Digital Signatures With Google Tink

Google Tink is an open source repository for the integration of cryptography methods. It uses best practice in order to…
medium.com

    SecurityCryptographyCybersecurity

Like what you read? Give Prof Bill Buchanan OBE a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.
Go to the profile of Prof Bill Buchanan OBE
Prof Bill Buchanan OBE
Medium member since Aug 2018

Prof at Napier. Serial innovator. Crypto Punk. Believer in fairness, justice & freedom. EU Citizen. Auld Reekie native. Old World Breaker. New World Creator.
ASecuritySite: When Bob Met Alice
ASecuritySite: When Bob Met Alice

This publication brings together interesting articles related to cyber security.
More on Cybersecurity from ASecuritySite: When Bob Met Alice
Just A Research Project or a New Spying Network Linking Adverts To Purchases?
Go to the profile of Prof Bill Buchanan OBE
Prof Bill Buchanan OBE
More on Cybersecurity from ASecuritySite: When Bob Met Alice
Let Me Create Your Crypto Wallet For You …
Go to the profile of Prof Bill Buchanan OBE
Prof Bill Buchanan OBE
More on Cybersecurity from ASecuritySite: When Bob Met Alice
Meet Law Enforcement’s New Friend — Alexa
Go to the profile of Prof Bill Buchanan OBE
Prof Bill Buchanan OBE
Responses