Cryptographic security
This presentation is the property of its rightful owner.
Sponsored Links
1 / 19

Cryptographic Security PowerPoint PPT Presentation


  • 95 Views
  • Uploaded on
  • Presentation posted in: General

Cryptographic Security. Secret Sharing, Vanishing Data. Secret Sharing. How can a group of individuals share a secret? Requirements: some information is confidential the information is only available when any k of the n members of group collaborate (k <= n) k = n implies unanimity

Download Presentation

Cryptographic Security

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Cryptographic security

Cryptographic Security

Secret Sharing, Vanishing Data

Dennis Kafura – CS5204 – Operating Systems


Secret sharing

Secret Sharing

  • How can a group of individuals share a secret?

  • Requirements:

    • some information is confidential

    • the information is only available when any k of the n members of group collaborate (k <= n)

      • k = n implies unanimity

      • k >= n/2 implies simple majority

      • k = 1 implies independence

  • Assumptions

    • The secret is represented as a number

    • The number may be the secret or a (cryptographic) key that is used to decrypt the secret

Dennis Kafura – CS5204 – Operating Systems


Secret sharing1

Secret Sharing

  • General idea:

    • Secret data D is divided in n pieces D1,…Dn

    • Knowledge of k or more Di pieces makes D easily computable

    • Knowledge of k-1 or fewer pieces leaves D completely unknowable

  • Terminology

    • This is called a (k,n) threshold scheme

  • Uses

    • Divided authority (requires multiple distinct approvals from among a set of authorities)

    • Cooperation under mutual suspicion (secret only disclosed with sufficient agreement)

Dennis Kafura – CS5204 – Operating Systems


Secret sharing2

Secret Sharing

  • Mathematics

    • A polynomial of degree n-1 is of the form

    • Just as 2 points determine a straight line (a polynomial of degree 1), n+1 points uniquely determine a polynomial of degree n. That is, ifthen

Dennis Kafura – CS5204 – Operating Systems


Simple k n threshold scheme

Simple (k,n) Threshold Scheme

  • Given D, k, and n

    • Construct a random k-1 degree polynomial

Dennis Kafura – CS5204 – Operating Systems


Simple k n threshold scheme1

Simple (k,n) Threshold Scheme

  • Given D, k, and n

    • Construct a random k-1 degree polynomial

  • Distribute the n pieces as (i, Di)

  • Any k of the n pieces can be used to find the unique polynomial and discover a0 (equivalently solve for q(0) )

  • Finding the polynomial is called polynomial interpolation

Dennis Kafura – CS5204 – Operating Systems


Example

Example

Suppose k=2, n=3, and D=34

Choose a random k-1 degree polynomial:

Generate n values:

The n pieces are (1,46), (2,58), and (3,70)

Dennis Kafura – CS5204 – Operating Systems


Example1

Example

Given 2 pieces (1,46) and (3,70) find the secret, D, by solving the simultaneous equations:

Dennis Kafura – CS5204 – Operating Systems


Vanishing data

Vanishing Data

  • Motivation

    • Many forms of data (e.g., email) are archived by service providers for reliability/availability

    • Data stored “in the cloud” beyond user control

    • Such data creates a target for intruders, and may persist beyond useful lifetime to the user’s detriment through disclosure of personal information

    • Recreates “forget-ability” and/or deniability

    • Protect against retroactive data disclosure

  • Innovation: “vanishing data object” (VDO)

Dennis Kafura – CS5204 – Operating Systems


Vanishing data1

Vanishing Data

VDO permanently unreadable after a period

Is readable by legitimate users during the period

Allows attacker to retroactively know the VDO and all persistent cryptographic keys

Dennis Kafura – CS5204 – Operating Systems


Vanishing data2

Vanishing Data

  • VDO permanently unreadable after a period

  • Is readable by legitimate users during the period

  • Allows attacker to retroactively know the VDO and all persistent cryptographic keys

  • Does not require

    • explicit action by the user or storage service to render the data unreadable

    • changes to any of the stored copies of the data

    • secure hardware

    • any new services (leverage existing services)

Dennis Kafura – CS5204 – Operating Systems


Example applications

Example Applications

Dennis Kafura – CS5204 – Operating Systems


Vanish architecture

Vanish Architecture

  • Key elements

    • Threshold secret sharing

    • Distributed hash tables (DHT) P2P systems

      • Availability

      • Scale, geographic distribution, decentralization

      • Churn

        • Median lifetime minutes/hours

        • 2.4 min (Kazaa), 60 min (Gnutella), 5 hours (Vuze)

        • extended to desired period by background refresh

      • VUZE

        • Open-source P2P system

        • using bittorrent protocol

Dennis Kafura – CS5204 – Operating Systems


Vanish architecture1

Vanish Architecture

  • Operation

    • Locator is a pseudorandom number generator keyed by L; used to select random locations in the DHT for storing the VDO

    • VDO is encrypted with key K

    • N shares of K are created and then K is erased

    • VDO = (L, C, N, threshold)

Dennis Kafura – CS5204 – Operating Systems


Setting parameters

Setting Parameters

Use threshold=90%

Use N=50

Dennis Kafura – CS5204 – Operating Systems


Setting parameters1

Setting Parameters

  • Tradeoff

    • Larger threshold values provide more security

    • Larger threshold values provide shorter lifetimes

Dennis Kafura – CS5204 – Operating Systems


Performance measurement

Performance Measurement

Prepush – Vanish proactively creates and distributes data keys

Dennis Kafura – CS5204 – Operating Systems


Attack vectors and defenses

Attack Vectors and Defenses

  • Decapsulate VDO prior to expiration

    • Further encrypt data using traditional encryption schemes

  • Eavesdrop on net connection

    • Use DHT that encrypts traffic between nodes

    • Compose with system (like TOR) to tunnel interactions with DHT through remote machines

  • Integrate in DHT

    • Eavesdrop on store/lookup operations

      • Possible but extremely expensive to attacker (see next)

    • Standard attacks on DHTs

      • Adopt standard solution

Dennis Kafura – CS5204 – Operating Systems


Parameters and security

Parameters and security

Assuming 5% of the DHT nodes are compromised what is the probability of VDO compromise?

Dennis Kafura – CS5204 – Operating Systems


  • Login