Download presentation
Presentation is loading. Please wait.
Published byEmil Nash Modified over 9 years ago
1
Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Cryptographic Security Secret Sharing, Vanishing Data 1
2
Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science How can a group of individuals share a secret? Requirements: some information is confidential the information is only available when any k of the n members of group collaborate (k <= n) k = n implies unanimity k >= n/2 implies simple majority k = 1 implies independence Assumptions The secret is represented as a number The number may be the secret or a (cryptographic) key that is used to decrypt the secret 2 Secret Sharing
3
Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science General idea: Secret data D is divided in n pieces D 1,…D n Knowledge of k or more Di pieces makes D easily computable Knowledge of k-1 or fewer pieces leaves D completely unknowable Terminology This is called a (k,n) threshold scheme Uses Divided authority (requires multiple distinct approvals from among a set of authorities) Cooperation under mutual suspicion (secret only disclosed with sufficient agreement) 3 Secret Sharing
4
Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Mathematics A polynomial of degree n-1 is of the form Just as 2 points determine a straight line (a polynomial of degree 1), n+1 points uniquely determine a polynomial of degree n. That is, if then 4 Secret Sharing
5
Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Given D, k, and n Construct a random k-1 degree polynomial 5 Simple (k,n) Threshold Scheme
6
Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Given D, k, and n Construct a random k-1 degree polynomial Distribute the n pieces as (i, D i ) Any k of the n pieces can be used to find the unique polynomial and discover a 0 (equivalently solve for q(0) ) Finding the polynomial is called polynomial interpolation 6 Simple (k,n) Threshold Scheme
7
Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Suppose k=2, n=3, and D=34 Choose a random k-1 degree polynomial: Generate n values: The n pieces are (1,46), (2,58), and (3,70) 7 Example
8
Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Given 2 pieces (1,46) and (3,70) find the secret, D, by solving the simultaneous equations: 8 Example
9
Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Given a set of k+1 data points (x 0,y 0 )…(x k,y k ) A k degree polynomial for these points is where Dennis Kafura – CS5204 – Operating Systems 9 What’s Lagrange Got To Do With It? Joseph Louis Lagrange
10
Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Motivation Many forms of data (e.g., email) are archived by service providers for reliability/availability Data stored “in the cloud” beyond user control Such data creates a target for intruders, and may persist beyond useful lifetime to the user’s detriment through disclosure of personal information Recreates “forget-ability” and/or deniability Protect against retroactive data disclosure Innovation: “vanishing data object” (VDO) 10 Vanishing Data
11
Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science VDO permanently unreadable after a period Is readable by legitimate users during the period Allows attacker to retroactively know the VDO and all persistent cryptographic keys 11 Vanishing Data
12
Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science VDO permanently unreadable after a period Is readable by legitimate users during the period Allows attacker to retroactively know the VDO and all persistent cryptographic keys Does not require explicit action by the user or storage service to render the data unreadable changes to any of the stored copies of the data secure hardware any new services (leverage existing services) 12 Vanishing Data
13
Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science 13 Example Applications
14
Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Key elements Threshold secret sharing Distributed hash tables (DHT) P2P systems Availability Scale, geographic distribution, decentralization Churn – Median lifetime minutes/hours – 2.4 min (Kazaa), 60 min (Gnutella), 5 hours (Vuze) – extended to desired period by background refresh VUZE – Open-source P2P system – using bittorrent protocol 14 Vanish Architecture
15
Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Operation Locator is a pseudorandom number generator keyed by L; used to select random locations in the DHT for storing the VDO VDO is encrypted with key K N shares of K are created and then K is erased VDO = (L, C, N, threshold) 15 Vanish Architecture
16
Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science 16 Setting Parameters Use threshold=90% Use N=50
17
Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Tradeoff Larger threshold values provide more security Larger threshold values provide shorter lifetimes 17 Setting Parameters
18
Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Prepush – Vanish proactively creates and distributes data keys 18 Performance Measurement
19
Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Decapsulate VDO prior to expiration Further encrypt data using traditional encryption schemes Eavesdrop on net connection Use DHT that encrypts traffic between nodes Compose with system (like TOR) to tunnel interactions with DHT through remote machines Integrate in DHT Eavesdrop on store/lookup operations Possible but extremely expensive to attacker (see next) Standard attacks on DHTs Adopt standard solution 19 Attack Vectors and Defenses
20
Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Assuming 5% of the DHT nodes are compromised what is the probability of VDO compromise? 20 Parameters and security
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.