#RSAC SESSION ID: SESSION ID: FON3-R11 How to Delete Data for Realz: This Presentation Will Self-Destruct In... (Focus-On) Davi Ottenheimer Ian Smith President Research Scientist Flyingpenguin University of Washington @daviottenheimer @sesosek
Rashomon System Diagrams: Store, Get, Delete
Invariants: Distributed Key Store ● Manager never sees shares. Manager can not read shares from nodes. ● Nodes can not decrypt assembled shares (D). ● ● Host can verify integrity of shares. After host stores key and receives ok from ● manager, D is accessible (as quorum) until deleted. Shares are immutable until deleted. ● key store operations k valet : put/delete secret client rest api sk access : access and decrypt shares pk access : put shares accounts db operations Accounts Host model Manager
Distributed Key Store Store secret... Store secret S: 1. D ← E pk_access (S) 2. D 1 ,…,D n ← ss_split(D, m, n) key store operations k valet : put/delete secret client rest api sk access : access and decrypt shares pk access : put shares accounts db operations Accounts Host model Manager
Distributed Key Store Store secret... key store operations k valet : put/delete secret reserve(name, pk access , ttl, m, n) client rest api sk access : access and decrypt shares pk access : put shares [auth with k valet ] accounts db operations Accounts Host model Manager
Distributed Key Store Store secret... create_reservation(pk access , ttl) key store operations k valet : put/delete secret reserve(name, pk access , ttl, m, n) client rest api sk access : access and decrypt shares pk access : put shares [auth with k valet ] accounts db operations Accounts Host model Manager
Distributed Key Store Store secret... L A L B L C L D L E key store operations k valet : put/delete secret reserve(name, pk access , ttl, m, n) client rest api sk access : access and decrypt shares pk access : put shares [auth with k valet ] accounts db operations Accounts Host model Manager
Distributed Key Store Store secret... L A L B L C L D L E key store operations k valet : put/delete secret store reserve(name, pk access , ttl, m, n) client rest api sk access : access and decrypt shares reservation pk access : put shares [auth with k valet ] accounts db operations Accounts Host model Manager
Distributed Key Store Store secret... key store operations reservation for secret id at L A , L B , L C , L D , L E k valet : put/delete secret client rest api sk access : access and decrypt shares pk access : put shares accounts db operations Accounts Host model Manager
Distributed Key Store Store secret... fill_reservations(L i , D i ), [auth with sk access ] key store operations k valet : put/delete secret client rest api sk access : access and decrypt shares pk access : put shares accounts db operations Accounts Host model Manager
Distributed Key Store Store secret... OK key store operations k valet : put/delete secret client rest api sk access : access and decrypt shares pk access : put shares accounts db operations Accounts Host model Manager
Distributed Key Store Store secret... key store operations k valet : put/delete secret confirm filled reservation client rest api sk access : access and decrypt shares pk access : put shares accounts db operations Accounts Host model Manager
Distributed Key Store Store secret... key store operations confirm filled k valet : put/delete secret reservation confirm filled reservation client rest api sk access : access and decrypt shares pk access : put shares accounts db operations Accounts Host model Manager
Distributed Key Store Store secret... key store operations k valet : put/delete secret OK client rest api sk access : access and decrypt shares pk access : put shares accounts db operations Accounts Host model Manager
Distributed Key Store key store operations k valet : put/delete secret client rest api sk access : access and decrypt shares pk access : put shares accounts db operations Accounts Host model Manager
Distributed Key Store Get secret... get share(L i ), [auth with sk access ] key store operations k valet : put/delete secret client rest api sk access : access and decrypt shares pk access : put shares accounts db operations Accounts Host model Manager
Distributed Key Store Get secret... D 3 D 4 D 5 key store operations k valet : put/delete secret client rest api sk access : access and decrypt shares pk access : put shares accounts db operations Accounts Host model Manager
Distributed Key Store Get secret... D <- ss_combine(m shares of D) S <- Decrypt sk_access (D) key store operations k valet : put/delete secret client rest api sk access : access and decrypt shares pk access : put shares accounts db operations Accounts Host model Manager
Distributed Key Store Delete secret... key store operations k valet : put/delete secret delete(id) client rest api sk access : access and decrypt shares [auth with k valet ] pk access : put shares accounts db operations Accounts Host model Manager
Distributed Key Store Delete secret... delete(L i ) key store operations k valet : put/delete secret delete(id) client rest api sk access : access and decrypt shares [auth with k valet ] pk access : put shares accounts db operations Accounts Host model Manager
Distributed Key Store Delete secret... OK key store operations k valet : put/delete secret delete(id) client rest api sk access : access and decrypt shares [auth with k valet ] pk access : put shares accounts db operations Accounts Host model Manager
Distributed Key Store Delete secret... key store operations confirm k valet : put/delete secret deleted delete(id) client rest api sk access : access and decrypt shares locations [auth with k valet ] pk access : put shares accounts db operations Accounts Host model Manager
Distributed Key Store Delete secret... key store operations k valet : put/delete secret OK client rest api sk access : access and decrypt shares pk access : put shares accounts db operations Accounts Host model Manager
Recommend
More recommend