Presentation is loading. Please wait.

Presentation is loading. Please wait.

Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Cryptographic Security Secret Sharing, Vanishing Data.

Similar presentations


Presentation on theme: "Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Cryptographic Security Secret Sharing, Vanishing Data."— Presentation transcript:

1 Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Cryptographic Security Secret Sharing, Vanishing Data 1

2 Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  How can a group of individuals share a secret?  Requirements:  some information is confidential  the information is only available when any k of the n members of group collaborate (k <= n) k = n implies unanimity k >= n/2 implies simple majority k = 1 implies independence  Assumptions  The secret is represented as a number  The number may be the secret or a (cryptographic) key that is used to decrypt the secret 2 Secret Sharing

3 Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  General idea:  Secret data D is divided in n pieces D 1,…D n  Knowledge of k or more Di pieces makes D easily computable  Knowledge of k-1 or fewer pieces leaves D completely unknowable  Terminology  This is called a (k,n) threshold scheme  Uses  Divided authority (requires multiple distinct approvals from among a set of authorities)  Cooperation under mutual suspicion (secret only disclosed with sufficient agreement) 3 Secret Sharing

4 Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  Mathematics  A polynomial of degree n-1 is of the form  Just as 2 points determine a straight line (a polynomial of degree 1), n+1 points uniquely determine a polynomial of degree n. That is, if then 4 Secret Sharing

5 Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  Given D, k, and n  Construct a random k-1 degree polynomial 5 Simple (k,n) Threshold Scheme

6 Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  Given D, k, and n  Construct a random k-1 degree polynomial  Distribute the n pieces as (i, D i )  Any k of the n pieces can be used to find the unique polynomial and discover a 0 (equivalently solve for q(0) )  Finding the polynomial is called polynomial interpolation 6 Simple (k,n) Threshold Scheme

7 Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  Suppose k=2, n=3, and D=34  Choose a random k-1 degree polynomial:  Generate n values:  The n pieces are (1,46), (2,58), and (3,70) 7 Example

8 Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  Given 2 pieces (1,46) and (3,70) find the secret, D, by solving the simultaneous equations: 8 Example

9 Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  Given a set of k+1 data points (x 0,y 0 )…(x k,y k )  A k degree polynomial for these points is where Dennis Kafura – CS5204 – Operating Systems 9 What’s Lagrange Got To Do With It? Joseph Louis Lagrange

10 Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  Motivation  Many forms of data (e.g., email) are archived by service providers for reliability/availability  Data stored “in the cloud” beyond user control  Such data creates a target for intruders, and may persist beyond useful lifetime to the user’s detriment through disclosure of personal information  Recreates “forget-ability” and/or deniability  Protect against retroactive data disclosure  Innovation: “vanishing data object” (VDO) 10 Vanishing Data

11 Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  VDO permanently unreadable after a period  Is readable by legitimate users during the period  Allows attacker to retroactively know the VDO and all persistent cryptographic keys 11 Vanishing Data

12 Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  VDO permanently unreadable after a period  Is readable by legitimate users during the period  Allows attacker to retroactively know the VDO and all persistent cryptographic keys  Does not require  explicit action by the user or storage service to render the data unreadable  changes to any of the stored copies of the data  secure hardware  any new services (leverage existing services) 12 Vanishing Data

13 Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science 13 Example Applications

14 Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  Key elements  Threshold secret sharing  Distributed hash tables (DHT) P2P systems Availability Scale, geographic distribution, decentralization Churn – Median lifetime minutes/hours – 2.4 min (Kazaa), 60 min (Gnutella), 5 hours (Vuze) – extended to desired period by background refresh VUZE – Open-source P2P system – using bittorrent protocol 14 Vanish Architecture

15 Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  Operation  Locator is a pseudorandom number generator keyed by L; used to select random locations in the DHT for storing the VDO  VDO is encrypted with key K  N shares of K are created and then K is erased  VDO = (L, C, N, threshold) 15 Vanish Architecture

16 Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science 16 Setting Parameters Use threshold=90% Use N=50

17 Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  Tradeoff  Larger threshold values provide more security  Larger threshold values provide shorter lifetimes 17 Setting Parameters

18 Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  Prepush – Vanish proactively creates and distributes data keys 18 Performance Measurement

19 Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  Decapsulate VDO prior to expiration  Further encrypt data using traditional encryption schemes  Eavesdrop on net connection  Use DHT that encrypts traffic between nodes  Compose with system (like TOR) to tunnel interactions with DHT through remote machines  Integrate in DHT  Eavesdrop on store/lookup operations Possible but extremely expensive to attacker (see next)  Standard attacks on DHTs Adopt standard solution 19 Attack Vectors and Defenses

20 Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  Assuming 5% of the DHT nodes are compromised what is the probability of VDO compromise? 20 Parameters and security


Download ppt "Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Cryptographic Security Secret Sharing, Vanishing Data."

Similar presentations


Ads by Google