Download Presentation
Cryptographic Security

Loading in 2 Seconds...

1 / 19

# Cryptographic Security - PowerPoint PPT Presentation

Cryptographic Security. Secret Sharing, Vanishing Data. Secret Sharing. How can a group of individuals share a secret? Requirements: some information is confidential the information is only available when any k of the n members of group collaborate (k &lt;= n) k = n implies unanimity

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

## PowerPoint Slideshow about 'Cryptographic Security' - doyle

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

### Cryptographic Security

Secret Sharing, Vanishing Data

Dennis Kafura – CS5204 – Operating Systems

Secret Sharing
• How can a group of individuals share a secret?
• Requirements:
• some information is confidential
• the information is only available when any k of the n members of group collaborate (k <= n)
• k = n implies unanimity
• k >= n/2 implies simple majority
• k = 1 implies independence
• Assumptions
• The secret is represented as a number
• The number may be the secret or a (cryptographic) key that is used to decrypt the secret

Dennis Kafura – CS5204 – Operating Systems

Secret Sharing
• General idea:
• Secret data D is divided in n pieces D1,…Dn
• Knowledge of k or more Di pieces makes D easily computable
• Knowledge of k-1 or fewer pieces leaves D completely unknowable
• Terminology
• This is called a (k,n) threshold scheme
• Uses
• Divided authority (requires multiple distinct approvals from among a set of authorities)
• Cooperation under mutual suspicion (secret only disclosed with sufficient agreement)

Dennis Kafura – CS5204 – Operating Systems

Secret Sharing
• Mathematics
• A polynomial of degree n-1 is of the form
• Just as 2 points determine a straight line (a polynomial of degree 1), n+1 points uniquely determine a polynomial of degree n. That is, ifthen

Dennis Kafura – CS5204 – Operating Systems

Simple (k,n) Threshold Scheme
• Given D, k, and n
• Construct a random k-1 degree polynomial

Dennis Kafura – CS5204 – Operating Systems

Simple (k,n) Threshold Scheme
• Given D, k, and n
• Construct a random k-1 degree polynomial
• Distribute the n pieces as (i, Di)
• Any k of the n pieces can be used to find the unique polynomial and discover a0 (equivalently solve for q(0) )
• Finding the polynomial is called polynomial interpolation

Dennis Kafura – CS5204 – Operating Systems

Example

Suppose k=2, n=3, and D=34

Choose a random k-1 degree polynomial:

Generate n values:

The n pieces are (1,46), (2,58), and (3,70)

Dennis Kafura – CS5204 – Operating Systems

Example

Given 2 pieces (1,46) and (3,70) find the secret, D, by solving the simultaneous equations:

Dennis Kafura – CS5204 – Operating Systems

Vanishing Data
• Motivation
• Many forms of data (e.g., email) are archived by service providers for reliability/availability
• Data stored “in the cloud” beyond user control
• Such data creates a target for intruders, and may persist beyond useful lifetime to the user’s detriment through disclosure of personal information
• Recreates “forget-ability” and/or deniability
• Protect against retroactive data disclosure
• Innovation: “vanishing data object” (VDO)

Dennis Kafura – CS5204 – Operating Systems

Vanishing Data

VDO permanently unreadable after a period

Is readable by legitimate users during the period

Allows attacker to retroactively know the VDO and all persistent cryptographic keys

Dennis Kafura – CS5204 – Operating Systems

Vanishing Data
• VDO permanently unreadable after a period
• Is readable by legitimate users during the period
• Allows attacker to retroactively know the VDO and all persistent cryptographic keys
• Does not require
• explicit action by the user or storage service to render the data unreadable
• changes to any of the stored copies of the data
• secure hardware
• any new services (leverage existing services)

Dennis Kafura – CS5204 – Operating Systems

Example Applications

Dennis Kafura – CS5204 – Operating Systems

Vanish Architecture
• Key elements
• Threshold secret sharing
• Distributed hash tables (DHT) P2P systems
• Availability
• Scale, geographic distribution, decentralization
• Churn
• Median lifetime minutes/hours
• 2.4 min (Kazaa), 60 min (Gnutella), 5 hours (Vuze)
• extended to desired period by background refresh
• VUZE
• Open-source P2P system
• using bittorrent protocol

Dennis Kafura – CS5204 – Operating Systems

Vanish Architecture
• Operation
• Locator is a pseudorandom number generator keyed by L; used to select random locations in the DHT for storing the VDO
• VDO is encrypted with key K
• N shares of K are created and then K is erased
• VDO = (L, C, N, threshold)

Dennis Kafura – CS5204 – Operating Systems

Setting Parameters

Use threshold=90%

Use N=50

Dennis Kafura – CS5204 – Operating Systems

Setting Parameters
• Tradeoff
• Larger threshold values provide more security
• Larger threshold values provide shorter lifetimes

Dennis Kafura – CS5204 – Operating Systems

Performance Measurement

Prepush – Vanish proactively creates and distributes data keys

Dennis Kafura – CS5204 – Operating Systems

Attack Vectors and Defenses
• Decapsulate VDO prior to expiration
• Further encrypt data using traditional encryption schemes
• Eavesdrop on net connection
• Use DHT that encrypts traffic between nodes
• Compose with system (like TOR) to tunnel interactions with DHT through remote machines
• Integrate in DHT
• Eavesdrop on store/lookup operations
• Possible but extremely expensive to attacker (see next)
• Standard attacks on DHTs
• Adopt standard solution

Dennis Kafura – CS5204 – Operating Systems

Parameters and security

Assuming 5% of the DHT nodes are compromised what is the probability of VDO compromise?

Dennis Kafura – CS5204 – Operating Systems