Exceptional Access Protocols. Alex Tong

Similar documents
Distributed Ledger Technology & Fintech Applications. Hart Montgomery, NFIC 2017

About & Beyond PKI. Blockchain and PKI. André Clerc Dipl. Inf.-Ing. FH, CISSP, CAS PM TEMET AG, Zürich. February 9, 2017

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

Making Decryption Accountable

Key Security Issues for implementation of Digital Currency, including ITU-T SG17 activities

As a 3rd generation currency, not only are transactions secured, private and fast, you actually get paid for holding DigitalPrice coins.

Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric

CS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to talk so much?!? Content taken from the following:

BaFin-Tech 2018 BlockChain & Security (from #developerview)

Network Working Group Request for Comments: 1984 Category: Informational August 1996

Secret Sharing, Key Escrow

Secure Multiparty Computation

Lecture 44 Blockchain Security I (Overview)

ENEE 457: E-Cash and Bitcoin

Introduction to Blockchain

Hyperledger fabric: towards scalable blockchain for business

CS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to share so many secrets?!?

SOME OF THE PROBLEMS IN BLOCKCHAIN TODAY

DAVID ANDREWS, FOUNDER RYATTA BLOCKCHAIN FOUNDATIONS

MASP Chapter on Safety and Security

Lightpaper TENZORUM. The unstoppable machine for self-sovereign key management and access to the decentralized world.

Fair Cryptography. Cryptography CS 507 Erkay Savas Sabanci University

DEV. Deviant Coin, Innovative Anonymity. A PoS/Masternode cr yptocurrency developed with POS proof of stake.

Using Chains for what They re Good For

TC307 SG3 - SECURITY & PRIVACY

Security Protections for Mobile Agents

Creating Trust in a Highly Mobile World

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

Cryptographic Concepts

Program 1. THE USE OF CYBER ACTIVE DEFENSE BY THE PRIVATE SECTOR

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University

Biomedical Security. Some Security News 10/5/2018. Erwin M. Bakker

fips185 U.S. DEPARTMENT OF COMMERCE/National Institute of Standards and Technology

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Security Analysis of Bitcoin. Dibyojyoti Mukherjee Jaswant Katragadda Yashwant Gazula

Bitcoin, a decentralized and trustless protocol

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Decentralized Identity for a Decentralized World. Alex Simons Partner Director Program Management, Identity Division Microsoft

Problem: Equivocation!

White Paper. Blockchain alternatives: The case for CRAQ

Bitcoin/Namecoin/*coin: On Bitcoin like protocols and their relation to other IT-Security issues

Computer Security: Principles and Practice

NON-TECHNICAL WHITEPAPER Version 1.0

Security context. Technology. Solution highlights

Design and Implementation of Privacy-Preserving Surveillance. Aaron Segal

Certificateless Public Key Cryptography

Biomedical and Healthcare Applications for Blockchain. Tiffany J. Callahan Computational Bioscience Program Hunter/Kahn Labs

Biomedical Security. Cipher Block Chaining and Applications

GENESIS VISION NETWORK

Implementing Cryptography: Good Theory vs. Bad Practice

Key concepts of blockchain

The security and insecurity of blockchains and smart contracts

KDC COIN WHITEPAPER KDC COIN WHITEPAPER.

Introduction to Bitcoin I

Algorand: Scaling Byzantine Agreements for Cryptocurrencies

Blockchain Beyond Bitcoin. Mark O Connell

Founder of NKN & Co-Founder of Onchain. Open source guru, Linux Kernel network subsystem code contributor.

Security Solutions. End-to-end security. Protecting your physical access control system.

The power of Blockchain: Smart Contracts. Foteini Baldimtsi

On the impact of propogation delay on mining rewards in Bitcoin. Xuan Wen 1. Abstract

Blockchain & Distributed Internet Infrastructure

How Formal Analysis and Verification Add Security to Blockchain-based Systems

Blockchain Frameworks

Executive Summary. (The Abridged Version of The White Paper) BLOCKCHAIN OF THINGS, INC. A Delaware Corporation

BBc-1 : Beyond Blockchain One - An Architecture for Promise-Fixation Device in the Air -

Adapting Blockchain Technology for Scientific Computing. Wei Li

Cryptocurrencies for Investigators

ETHERNITY DECENTRALIZED CLOUD COMPUTING

IT Security Evaluation : Common Criteria

IoT security based on the DPK platform

Design and Validation Strategies for Obtaining Assurance in Countermeasures to Power Analysis and Related Attacks

Whitepaper Rcoin Global

Public Key Infrastructures

Security in Computing

EECS 498 Introduction to Distributed Systems

ARM Security Solutions and Numonyx Authenticated Flash

Design Patterns which Facilitate Message Digest Collision Attacks on Blockchains

KEY ESCROW AND KEY RECOVERY LABORATORY MODULE FOR COMPUTER SECURITY AND INFORMATION ASSURANCE CURRICULUM

hard to perform, easy to verify

Adapting Blockchain Technology for Scientific Computing. Wei Li

priveos Angelo Laub, Fabian Frank, Marcel Vaschauner, Michael Breidenbruecker, Stefan Ionescu, Tassia Breidenbruecker DRAFT Slant Team

Candidates Day Modeling the Energy Consumption of. Ryan Cole Liang Cheng. CSE Department Lehigh University

BEYOND TRADITIONAL PASSWORD AUTHENTICATION: PKI & BLOCKCHAIN

White-Box Cryptography State of the Art. Paul Gorissen

Accountable SDNs for Cyber Resiliency UIUC/R2 Monthly Group Meeting. Presented by Ben Ujcich March 31, 2017

CPSC 467: Cryptography and Computer Security

BITCOIN PROTOCOL & CONSENSUS: A HIGH LEVEL OVERVIEW

Overview. Cryptographic key infrastructure Certificates. May 13, 2004 ECS 235 Slide #1. Notation

Federal Information Processing Standard (FIPS) What is it? Why should you care?

Securely backing up GPG private keys

Blockchains & Cryptocurrencies

BLOCKCHAIN ARCHITECT Certification. Blockchain Architect

Securely backing up GPG private keys... to the cloud. Joey Hess LibrePlanet 2017

A Lightweight Blockchain Consensus Protocol

Chapter 10: Key Management

Software Security. Final Exam Preparation. Be aware, there is no guarantee for the correctness of the answers!

On the Security of a Certificateless Public-Key Encryption

Sneaking key escrow in through the back door

CS573 Data Privacy and Security. Cryptographic Primitives and Secure Multiparty Computation. Li Xiong

Grenzen der Kryptographie

Transcription:

Exceptional Access Protocols Alex Tong

Motivation Crypto Wars FBI vs. Apple What is the job of engineers?

Requirements Government Decryption without notice to the user Ubiquitous international capability Decryption time of less than two hours Communications and Data at rest Crypto Community Forward Security Well-defined technical requirements Low additional system complexity Decentralized targets H. Abelson et al. Keys Under Doormats (2015) H. Abelson et al. The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption (1997)

Existing Compromise Solutions Clipper Chip NSA (1993-1996) Key Escrow Oblivious Key Escrow M. Blaze et al. (1996) Partial Key Escrow A. Shamir (1995) Recent Work Key Recovery: Inert and Public C. Boyd et al. (2016) DEcryption Contract ENforcement Tool (DECENT) P. Linder (2016)

Key Escrow Oblivious Key Escrow Threshold cryptography amongst a large number of servers Oblivious to who holds the key share to a particular key, preventing coercion Angry mob cryptanalysis Criticism Parameter Tuning Difficult / Impossible to implement Partial Key Escrow Escrow of part of private key Requires computational power to obtain a targeted key Prevents mass surveillance Criticism Parameter Tuning Cost of recovering a key is unknown, unpredictable, decreasing, and potentially private

Recent Attempts: High level overview DECENT Developed by Assured Enterprises Uses 2 of 3 threshold cryptography between User, Corporation, Escrow Agent Uses Blockchain to maintain accountability Key Recovery: Inert and Public Based on recent cryptocurrency development (Ethereum) Revival of oblivious and partial key escrow Uses unrealized public cryptography scheme adaptable to proof-of-work

DECENT Linder. DECENT (2016)

DECENT Linder. DECENT (2016)

DECENT Concerns Security of Ks, Ke Contract correctness / Key Recovery Can the government coerce both Service Provider and Escrow Agent? Linder. DECENT (2016)

Boyd Key Recovery: Goals Mimic physical world in the cryptographic world Inert - Recovery cost should increase with the number of keys Public - Attempted key recovery must be public Strong Keys - Long lived keys Resistance to Sybil Vulnerability

Boyd Key Recovery (1) Decentralised Oblivious Key Escrow Implemented Using Smart Contracts (2) Partial Key Escrow Whitebox Execution Share sharded key to random selection of participating nodes Use new POW scheme with 4 criteria based on public key encryption Unclear of how to measure the security under key length

Boyd Key Recovery (1) (2) (3) Decentralized Oblivious Key Escrow Partial Key Escrow Combination

Boyd Key Recovery (1) (2) (3) Decentralized Oblivious Key Escrow Partial Key Escrow Combination Concerns Relies heavily on theoretic public key construction Requires tuning many parameters correctly Insecure against a large enough botnet

Assumptions No magic bullet for Exceptional Access Distributed attacks are legally difficult to prosecute Only concerned with data at rest Physical access to device https://d3nj7353mvgauu.cloudfront.net/media/categories/iphone-77-plus-40-b1ac.png http://courseminer.com/2017/09/30/bitcoin-mining-warehouse-5

Main Idea Extend physical premises analogy with locality

My Key Recovery: Goals Mimic physical world in the cryptographic world Inert - Recovery cost should increase with the number of keys Public - Attempted key recovery must be public Strong Keys - Long lived keys Resistance to Sybil Vulnerability Physically Centralized

Requirements Government Decryption without notice to the user Ubiquitous international capability Decryption time of less than two hours Communications and Data at rest Crypto Community Forward Security Well-defined technical requirements Low additional system complexity Decentralized targets H. Abelson et al. Keys Under Doormats (2015) H. Abelson et al. The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption (1997)

Proposal - Recovery Mode Phone 1. 2. 3. Recovery Mode enabled by key held by manufacturer Phone displays challenge based on private key and current time for T time a. Bitcoin block mean propagation time ~12 seconds If receives acceptable nonce where sha256(challenge, nonce) < difficulty Legal framework Registration of sufficiently powerful data centers Government can request access to recovery mode key in exceptional circumstances Recoverer 1. Attempts to find nonce where sha256(challenge, nonce) < difficulty http://i0.kym-cdn.com/photos/images/original/001/293/153/4b8.png

Proposal - Advantages Forces centralization of potential illegal access Uses encryption scheme where there is monetary incentive to exploit vulnerabilities Inert - Preventing mass surveillance by other agencies Small number of adaptable parameters

Conclusions Purely technical solutions are insecure and insufficient Key recovery is not a single solution space Any solution can only guard against the default case

Questions Are these assumptions reasonable? Is it better to use a well known algorithm (sha256) or a more exotic one?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback