state level secrets
play

State-Level Secrets When Theory Meets Practice for Journalists - PowerPoint PPT Presentation

State-Level Secrets When Theory Meets Practice for Journalists Working with Encrypted Documents Bailey Kacsmar and Chelsea H. Komlo Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 1 ( t , n ) -Threshold Schemes and Journalism ( 2 , 3 )


  1. State-Level Secrets When Theory Meets Practice for Journalists Working with Encrypted Documents Bailey Kacsmar and Chelsea H. Komlo Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 1

  2. ( t , n ) -Threshold Schemes and Journalism ( 2 , 3 ) -Threshold Scheme Example Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 2

  3. ( t , n ) -Threshold Schemes and Journalism ( 2 , 3 ) -Threshold Scheme Example Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 2

  4. ( t , n ) -Threshold Schemes and Journalism ( 2 , 3 ) -Threshold Scheme Example Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 2

  5. ( t , n ) -Threshold Schemes and Journalism ( 2 , 3 ) -Threshold Scheme Example Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 2

  6. ( t , n ) -Threshold Schemes and Journalism ( 2 , 3 ) -Threshold Scheme Example Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 2

  7. Freedom of the Press Foundation and Sunder github.com/freedomofpress/sunder Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 3

  8. Basic Secret Sharing as a Protocol: Generation and Distribution ( 2 , 3 ) -Threshold Scheme Example s 1 P 1 , The dealer s 2 S t , n P 2 s 3 P 3 Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 4

  9. Basic Secret Sharing: Reconstruction ( 2 , 3 ) -Threshold Scheme Example s 1 P 1 S s 3 P 3 , The recovery initiator Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 5

  10. Expanded Secret Sharing: Generation and Distribution ( 2 , 3 ) -Threshold Scheme Example s 1 s 2 S P 1 , The dealer t , n P 2 s 3 Enc( PT , S ) PT P 3 CT Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 6

  11. Expanded Secret Sharing: Generation and Distribution ( 2 , 3 ) -Threshold Scheme Example s 1 s 2 S P 1 , The dealer t , n P 2 s 3 Enc( PT , S ) PT P 3 CT Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 6

  12. Expanded Secret Sharing: Reconstruction ( 2 , 3 ) -Threshold Scheme Example s 1 S P 1 s 3 Dec( CT , S ) CT P 3 , The recovery initiator PT Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 7

  13. Expanded Secret Sharing: Reconstruction ( 2 , 3 ) -Threshold Scheme Example s 1 S P 1 s 3 Dec( CT , S ) CT P 3 PT Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 7

  14. Ceremonies and Security Layers of Security Analysis C. Ellison, Ceremony Design and Analysis, 2007. Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 8

  15. Protocol and Ceremony Security s 1 s 1 S s 2 S t , n s 3 s 3 s 1 s 1 S s 2 S t , n s 3 s 3 CT Dec( CT , S ) Enc( PT , S ) PT PT CT Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 9

  16. Gaps and Improvements: Base Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 10

  17. Share Loss: Gaps Protocol Loss of n − t − 1 shares renders s 1 the secret unrecoverable. s 2 S Attackers can destroy or t , n perform a denial s 3 of service attack against shares. Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 11

  18. Share Loss: Improvements Protocol: (2,3)-Threshold Scheme Example Help me! s 1 s 2 P 1 P 2 Repair Alg. s 2 s 3 P 3 Laing, Stinson, A Survey and Refinement of Repairable Threshold Schemes, 2018. Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 12

  19. Organizational Turnover: Gaps Protocol Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 13

  20. Organizational Turnover: Gaps Protocol Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 13

  21. Organizational Turnover: Improvements Protocol Generating u 1 and u 2 s 1 s 1 u 1 u 1 P 1 s 2 s 2 u 2 P 2 s 3 s 3 Former P 3 Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 14

  22. Gaps and Improvements: Extended Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 15

  23. Integrity for Ciphertext: Gaps and Improvements Ceremony s 1 i ct s 2 i ct S t , n s 3 i ct Enc( PT , S ) PT i ct CT Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 16

  24. Redundancy for Ciphertext: Gaps Ceremony s 1 s 2 S t , n s 3 Enc( PT , S ) PT CT Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 17

  25. Redundancy for Ciphertext: Improvements Ceremony s 1 s 2 S t , n CT s 3 Enc( PT , S ) PT CT CT Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 18

  26. Ongoing and Future Work Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 19

  27. Current Work Complete Ceremony Analysis Updating Shares Functionality s 1 s 1 u 1 s 2 s 2 u 2 s 3 s 3 Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 20

  28. Future Work Adding implementations of repairing algorithms for lost shares Designing schemes to limit dealer trust Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 21

  29. Takeaways Secret sharing schemes are not suitable for real-world use as-is Actionable improvements for gaps found in integrity, confidentiality, authenticity, and availability Ceremony analysis identifies gaps between user responsibility and security expectations Thank You! Watch for our paper at crysp.uwaterloo.ca Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 22

Recommend


More recommend