cryptographic security n.
Download
Skip this Video
Download Presentation
Cryptographic Security

Loading in 2 Seconds...

play fullscreen
1 / 19

Cryptographic Security - PowerPoint PPT Presentation


  • 127 Views
  • Uploaded on

Cryptographic Security. Secret Sharing, Vanishing Data. Secret Sharing. How can a group of individuals share a secret? Requirements: some information is confidential the information is only available when any k of the n members of group collaborate (k <= n) k = n implies unanimity

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Cryptographic Security' - doyle


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
cryptographic security

Cryptographic Security

Secret Sharing, Vanishing Data

Dennis Kafura – CS5204 – Operating Systems

secret sharing
Secret Sharing
  • How can a group of individuals share a secret?
  • Requirements:
    • some information is confidential
    • the information is only available when any k of the n members of group collaborate (k <= n)
      • k = n implies unanimity
      • k >= n/2 implies simple majority
      • k = 1 implies independence
  • Assumptions
    • The secret is represented as a number
    • The number may be the secret or a (cryptographic) key that is used to decrypt the secret

Dennis Kafura – CS5204 – Operating Systems

secret sharing1
Secret Sharing
  • General idea:
    • Secret data D is divided in n pieces D1,…Dn
    • Knowledge of k or more Di pieces makes D easily computable
    • Knowledge of k-1 or fewer pieces leaves D completely unknowable
  • Terminology
    • This is called a (k,n) threshold scheme
  • Uses
    • Divided authority (requires multiple distinct approvals from among a set of authorities)
    • Cooperation under mutual suspicion (secret only disclosed with sufficient agreement)

Dennis Kafura – CS5204 – Operating Systems

secret sharing2
Secret Sharing
  • Mathematics
    • A polynomial of degree n-1 is of the form
    • Just as 2 points determine a straight line (a polynomial of degree 1), n+1 points uniquely determine a polynomial of degree n. That is, ifthen

Dennis Kafura – CS5204 – Operating Systems

simple k n threshold scheme
Simple (k,n) Threshold Scheme
  • Given D, k, and n
    • Construct a random k-1 degree polynomial

Dennis Kafura – CS5204 – Operating Systems

simple k n threshold scheme1
Simple (k,n) Threshold Scheme
  • Given D, k, and n
    • Construct a random k-1 degree polynomial
  • Distribute the n pieces as (i, Di)
  • Any k of the n pieces can be used to find the unique polynomial and discover a0 (equivalently solve for q(0) )
  • Finding the polynomial is called polynomial interpolation

Dennis Kafura – CS5204 – Operating Systems

example
Example

Suppose k=2, n=3, and D=34

Choose a random k-1 degree polynomial:

Generate n values:

The n pieces are (1,46), (2,58), and (3,70)

Dennis Kafura – CS5204 – Operating Systems

example1
Example

Given 2 pieces (1,46) and (3,70) find the secret, D, by solving the simultaneous equations:

Dennis Kafura – CS5204 – Operating Systems

vanishing data
Vanishing Data
  • Motivation
    • Many forms of data (e.g., email) are archived by service providers for reliability/availability
    • Data stored “in the cloud” beyond user control
    • Such data creates a target for intruders, and may persist beyond useful lifetime to the user’s detriment through disclosure of personal information
    • Recreates “forget-ability” and/or deniability
    • Protect against retroactive data disclosure
  • Innovation: “vanishing data object” (VDO)

Dennis Kafura – CS5204 – Operating Systems

vanishing data1
Vanishing Data

VDO permanently unreadable after a period

Is readable by legitimate users during the period

Allows attacker to retroactively know the VDO and all persistent cryptographic keys

Dennis Kafura – CS5204 – Operating Systems

vanishing data2
Vanishing Data
  • VDO permanently unreadable after a period
  • Is readable by legitimate users during the period
  • Allows attacker to retroactively know the VDO and all persistent cryptographic keys
  • Does not require
    • explicit action by the user or storage service to render the data unreadable
    • changes to any of the stored copies of the data
    • secure hardware
    • any new services (leverage existing services)

Dennis Kafura – CS5204 – Operating Systems

example applications
Example Applications

Dennis Kafura – CS5204 – Operating Systems

vanish architecture
Vanish Architecture
  • Key elements
    • Threshold secret sharing
    • Distributed hash tables (DHT) P2P systems
      • Availability
      • Scale, geographic distribution, decentralization
      • Churn
        • Median lifetime minutes/hours
        • 2.4 min (Kazaa), 60 min (Gnutella), 5 hours (Vuze)
        • extended to desired period by background refresh
      • VUZE
        • Open-source P2P system
        • using bittorrent protocol

Dennis Kafura – CS5204 – Operating Systems

vanish architecture1
Vanish Architecture
  • Operation
    • Locator is a pseudorandom number generator keyed by L; used to select random locations in the DHT for storing the VDO
    • VDO is encrypted with key K
    • N shares of K are created and then K is erased
    • VDO = (L, C, N, threshold)

Dennis Kafura – CS5204 – Operating Systems

setting parameters
Setting Parameters

Use threshold=90%

Use N=50

Dennis Kafura – CS5204 – Operating Systems

setting parameters1
Setting Parameters
  • Tradeoff
    • Larger threshold values provide more security
    • Larger threshold values provide shorter lifetimes

Dennis Kafura – CS5204 – Operating Systems

performance measurement
Performance Measurement

Prepush – Vanish proactively creates and distributes data keys

Dennis Kafura – CS5204 – Operating Systems

attack vectors and defenses
Attack Vectors and Defenses
  • Decapsulate VDO prior to expiration
    • Further encrypt data using traditional encryption schemes
  • Eavesdrop on net connection
    • Use DHT that encrypts traffic between nodes
    • Compose with system (like TOR) to tunnel interactions with DHT through remote machines
  • Integrate in DHT
    • Eavesdrop on store/lookup operations
      • Possible but extremely expensive to attacker (see next)
    • Standard attacks on DHTs
      • Adopt standard solution

Dennis Kafura – CS5204 – Operating Systems

parameters and security
Parameters and security

Assuming 5% of the DHT nodes are compromised what is the probability of VDO compromise?

Dennis Kafura – CS5204 – Operating Systems