1 / 19

Cryptographic Security

Cryptographic Security. Secret Sharing, Vanishing Data. Secret Sharing. How can a group of individuals share a secret? Requirements: some information is confidential the information is only available when any k of the n members of group collaborate (k <= n) k = n implies unanimity

doyle
Download Presentation

Cryptographic Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cryptographic Security Secret Sharing, Vanishing Data Dennis Kafura – CS5204 – Operating Systems

  2. Secret Sharing • How can a group of individuals share a secret? • Requirements: • some information is confidential • the information is only available when any k of the n members of group collaborate (k <= n) • k = n implies unanimity • k >= n/2 implies simple majority • k = 1 implies independence • Assumptions • The secret is represented as a number • The number may be the secret or a (cryptographic) key that is used to decrypt the secret Dennis Kafura – CS5204 – Operating Systems

  3. Secret Sharing • General idea: • Secret data D is divided in n pieces D1,…Dn • Knowledge of k or more Di pieces makes D easily computable • Knowledge of k-1 or fewer pieces leaves D completely unknowable • Terminology • This is called a (k,n) threshold scheme • Uses • Divided authority (requires multiple distinct approvals from among a set of authorities) • Cooperation under mutual suspicion (secret only disclosed with sufficient agreement) Dennis Kafura – CS5204 – Operating Systems

  4. Secret Sharing • Mathematics • A polynomial of degree n-1 is of the form • Just as 2 points determine a straight line (a polynomial of degree 1), n+1 points uniquely determine a polynomial of degree n. That is, ifthen Dennis Kafura – CS5204 – Operating Systems

  5. Simple (k,n) Threshold Scheme • Given D, k, and n • Construct a random k-1 degree polynomial Dennis Kafura – CS5204 – Operating Systems

  6. Simple (k,n) Threshold Scheme • Given D, k, and n • Construct a random k-1 degree polynomial • Distribute the n pieces as (i, Di) • Any k of the n pieces can be used to find the unique polynomial and discover a0 (equivalently solve for q(0) ) • Finding the polynomial is called polynomial interpolation Dennis Kafura – CS5204 – Operating Systems

  7. Example Suppose k=2, n=3, and D=34 Choose a random k-1 degree polynomial: Generate n values: The n pieces are (1,46), (2,58), and (3,70) Dennis Kafura – CS5204 – Operating Systems

  8. Example Given 2 pieces (1,46) and (3,70) find the secret, D, by solving the simultaneous equations: Dennis Kafura – CS5204 – Operating Systems

  9. Vanishing Data • Motivation • Many forms of data (e.g., email) are archived by service providers for reliability/availability • Data stored “in the cloud” beyond user control • Such data creates a target for intruders, and may persist beyond useful lifetime to the user’s detriment through disclosure of personal information • Recreates “forget-ability” and/or deniability • Protect against retroactive data disclosure • Innovation: “vanishing data object” (VDO) Dennis Kafura – CS5204 – Operating Systems

  10. Vanishing Data VDO permanently unreadable after a period Is readable by legitimate users during the period Allows attacker to retroactively know the VDO and all persistent cryptographic keys Dennis Kafura – CS5204 – Operating Systems

  11. Vanishing Data • VDO permanently unreadable after a period • Is readable by legitimate users during the period • Allows attacker to retroactively know the VDO and all persistent cryptographic keys • Does not require • explicit action by the user or storage service to render the data unreadable • changes to any of the stored copies of the data • secure hardware • any new services (leverage existing services) Dennis Kafura – CS5204 – Operating Systems

  12. Example Applications Dennis Kafura – CS5204 – Operating Systems

  13. Vanish Architecture • Key elements • Threshold secret sharing • Distributed hash tables (DHT) P2P systems • Availability • Scale, geographic distribution, decentralization • Churn • Median lifetime minutes/hours • 2.4 min (Kazaa), 60 min (Gnutella), 5 hours (Vuze) • extended to desired period by background refresh • VUZE • Open-source P2P system • using bittorrent protocol Dennis Kafura – CS5204 – Operating Systems

  14. Vanish Architecture • Operation • Locator is a pseudorandom number generator keyed by L; used to select random locations in the DHT for storing the VDO • VDO is encrypted with key K • N shares of K are created and then K is erased • VDO = (L, C, N, threshold) Dennis Kafura – CS5204 – Operating Systems

  15. Setting Parameters Use threshold=90% Use N=50 Dennis Kafura – CS5204 – Operating Systems

  16. Setting Parameters • Tradeoff • Larger threshold values provide more security • Larger threshold values provide shorter lifetimes Dennis Kafura – CS5204 – Operating Systems

  17. Performance Measurement Prepush – Vanish proactively creates and distributes data keys Dennis Kafura – CS5204 – Operating Systems

  18. Attack Vectors and Defenses • Decapsulate VDO prior to expiration • Further encrypt data using traditional encryption schemes • Eavesdrop on net connection • Use DHT that encrypts traffic between nodes • Compose with system (like TOR) to tunnel interactions with DHT through remote machines • Integrate in DHT • Eavesdrop on store/lookup operations • Possible but extremely expensive to attacker (see next) • Standard attacks on DHTs • Adopt standard solution Dennis Kafura – CS5204 – Operating Systems

  19. Parameters and security Assuming 5% of the DHT nodes are compromised what is the probability of VDO compromise? Dennis Kafura – CS5204 – Operating Systems

More Related