If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!
So last night I decided it would be pretty cool and take the information access process from the DOD and figure out how you could apply them to a php application.
After a few hours spec’ing out the system i got to coding. I now have a quick and easy class I call Cryption. Its built to work with an overall larger framework project i’ve been thinking about for a few years.
I’m still pretty new to encryption, but I like it, and hopefully once I get some books from amazon I can dive a bit deeper into it. Let me say I understand encryption is just a part of a security process, but its a pretty cool one.
Overview of Cryption:
- can handle multiple layers of encryption, So far I’ve only tested blowfish->AES encryption and the respective decryption.
- returns encoded hex string
- does base64 encoding before and after plaintext encryption, and decodes respectively. I thought a bit of obscuring couldn’t hurt
- right now I only have tested support for blowfish and aes, I’ll need to update mcrypt to test the others, I’ll also add in des support later tonight
- built to work in the larger proof of concept php system
- md5 function with auto salting
- all encryption is done using two keys
- can produce encryption strings that can’t fully decrypt, but can be used for validation by comparison
- can select ciphers to use at runtime as param
Cryption example:
//cryption requires two defined values - this should hopefully be handled by a db config to env function in the end system
define(’SYSTEM_ENCRYPTION_MASTER_SALT’,md5(’something’));
define(’SYSTEM_ENCRYPTION_MASTER_KEY’,md5(’something else’.SYSTEM_ENCRYPTION_MASTER_SALT));
$test=new SystemCryption();
$key=$test->md5(’hi’);
$en=$test->encryptX2(’I am a funyon, funyons are fun, pudding is better, but we are all out at moment :(’,$key);
$de=$test->decryptX2($en,$key);
print “encode : $en<br>ecode len : “.strlen($en).”<br>decode : $de<br>key : $key<br>master : “.SYSTEM_ENCRYPTION_MASTER_KEY.”<br>salt : “.SYSTEM_ENCRYPTION_MASTER_SALT;
produces
encode : NTM3ZWE3ZjBkMzllNjI5ODU1MDgwY2ZmODM5OGQ1Zjk1YWIyZjUyNjM1MjRmMjMxOTk5MDc5YmNmZWE1NDNlZjVhMmU3YWY1Y2E1MmFkZDFlYjE2MjcxZjhmNTdkZDEyNmQ3MjY3YjU4ZmU4ZWQzYTNkYTQyZmU3Nzg0Y2ZjZmUxZTAzNGJkNTgyMzZkOWFjZjdhMWMyN2UxNzJiMDJlODcwMTQyMGMxYTkyNTI0YTczODdmMmJlN2EyOTU1YjNmMWUzOGQ3NGVhNzhmZDk5NzYxNTVmOTgzNjg3ZGIyZjg0ZjFlYTM2NzIzNGU5OGNmZThhZjQ0YjU1ODlkZmQ0ZmYwMzJjZGNjNjM3NmU3MTYyNWVkNzFkYzM3ZDliYjk3YmZmN2MzNzI0YmJhODQ0ZjE0ZGM4NmEzODQ5OTdmZjgxYzEyZjUzMjVjMmIwMDExODRiZTQ2NDcxNTE5OTM2MzgyY2VmYjhhNmZmMDE0MTk2YmJjOTI3Y2Y2OTdmOWFhYmRjNjhhZjY1NWQwYmI2NmM0OWEyZWE0ZDRlNDA1YTJmNGU5ZDY0MzczMTY3MDA0ZjY3MWJmYzAyNWRmMWJjMw==
ecode len : 600
decode :
key : b8ab1a3b670c88253ea0b64d92ebe98e
master : d2ffb926189acbbe3a85ca44051976c4
salt : 437b930db84b8079c2dd804a71936b5f
My thoughts so far
Overall I have to say I thought doing double encryption would take pretty long to process, but php handled it pretty well. I’m pretty new to this all but so far its been really fun. Also I know blowfish is no longer recommended, but it was the only other cipher i had a class / support made for at the moment. I may end up using it as the first level encryption when doing multipule layers, just due its speed, but will probably always use AES-256 as the last level. I’ve heard twofish is pretty good for speed as well, or serpent would be better for security. any insight is welcome. the encryptX4 method uses all 4, as well as base64. I haven’t tested it yet, and its really just another way of calling the encrypt method.
Another issue is the length of the encrypted string, but i think removing the some of the base64 calls and bin to hex conversions may help this.
The concept system
Now on to the reason I’m building this thing. So I was thinking In the dod theres levels of classification that also uses colors, so I could classify data, with each classification level using a respective encryption scheme, and color.
Next you have need to know level which basically would mean access requirements like user j might have a role of admin, but whats their need to know level.
after that we of course have roles. The role idea came from the fact that intel is compartmentalized. So instead of creating intelligence compartments, why not just have roles. Let me explain. just because something is classified secret, doesn’t mean you can access it, there are compartments with in classifications of information, and each clearance has sub compartments. Mostly the idea of compartments just seems to overkill in an already overkill idea. Also everyone knows roles, so it seemed like a good idea.
DOD
now you have classification levels, ntk, and role, that come into play when accessing data. But thats all pointless if the data isn’t secured. Thats where dod comes into play. Not the real dod, but what I call the dod in the system. a central table that is fully encrypted to the systems ts (top secret) level (still deciding on the proper encryption for this).
dod acts like the dod, telling which tables access permission via the system and how data is encoded, all in an encoded format. I thought it would be a good idea to not use the same two keys for everything. So while the system has a master key that is used in key generation, having a second unique key should only make it more secure you would think.
So a dod entry would look something like encrypted (table name), encrypted(ntk),encrypted(classification color),encrypted(role),encrypted(key). so when accessing a table the system would get the security data from the dod by table name, or role (still working out some things), decrypt it and now be able to access the tables data because it now knows which encryption level is used (classification color), which roles and ntk’s are allowed, and most importantly it’ll have the decrypted other half of the encryption key for that table. then data from that table could be accessed as normal (with a quick pass to through decryption of course).
example?
An example would be a table that holds cc data (or at least in my mind). So if for any reason a tape got lost the data should still be safe. the problem I’m having is when is it to much overkill. Like do you encrypt the table and column names themselves so that they only make sense to the system? or do you just encrypt the column names? of course the data is encrypted, but I figured for ts level you would use a light weight encryption for column names to reduce load, increase speed in encrypting for queries, and do the higher level encryption on the actual data.
Still got questions
The system will of course take some hits from all the conversions, but would this be ok in a real application? Of course caches would greatly help. I built a home brew one to help last night, and will attempt to add it to the encryption process. Which leads me to ask is caching encryption / decryption only adding a larger hole the system if i’m using hashes for names or simpler encryption in the cache file?
So yes, still alot of questions. I’ll hopefully have them figured out in the next few weeks. Now to the bigger question: Who would even want to do this? most companies I’ve encountered (big and small, and yes the Marines) care less about securing data, and mostly only about securing the server and network / physical access, So would something like this actually be needed?
well i need a rest, sid in overkill concepts land
