State-Level Secrets When Theory Meets Practice for Journalists Working with Encrypted Documents Bailey Kacsmar and Chelsea H. Komlo Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 1
( t , n ) -Threshold Schemes and Journalism ( 2 , 3 ) -Threshold Scheme Example Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 2
( t , n ) -Threshold Schemes and Journalism ( 2 , 3 ) -Threshold Scheme Example Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 2
( t , n ) -Threshold Schemes and Journalism ( 2 , 3 ) -Threshold Scheme Example Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 2
( t , n ) -Threshold Schemes and Journalism ( 2 , 3 ) -Threshold Scheme Example Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 2
( t , n ) -Threshold Schemes and Journalism ( 2 , 3 ) -Threshold Scheme Example Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 2
Freedom of the Press Foundation and Sunder github.com/freedomofpress/sunder Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 3
Basic Secret Sharing as a Protocol: Generation and Distribution ( 2 , 3 ) -Threshold Scheme Example s 1 P 1 , The dealer s 2 S t , n P 2 s 3 P 3 Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 4
Basic Secret Sharing: Reconstruction ( 2 , 3 ) -Threshold Scheme Example s 1 P 1 S s 3 P 3 , The recovery initiator Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 5
Expanded Secret Sharing: Generation and Distribution ( 2 , 3 ) -Threshold Scheme Example s 1 s 2 S P 1 , The dealer t , n P 2 s 3 Enc( PT , S ) PT P 3 CT Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 6
Expanded Secret Sharing: Generation and Distribution ( 2 , 3 ) -Threshold Scheme Example s 1 s 2 S P 1 , The dealer t , n P 2 s 3 Enc( PT , S ) PT P 3 CT Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 6
Expanded Secret Sharing: Reconstruction ( 2 , 3 ) -Threshold Scheme Example s 1 S P 1 s 3 Dec( CT , S ) CT P 3 , The recovery initiator PT Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 7
Expanded Secret Sharing: Reconstruction ( 2 , 3 ) -Threshold Scheme Example s 1 S P 1 s 3 Dec( CT , S ) CT P 3 PT Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 7
Ceremonies and Security Layers of Security Analysis C. Ellison, Ceremony Design and Analysis, 2007. Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 8
Protocol and Ceremony Security s 1 s 1 S s 2 S t , n s 3 s 3 s 1 s 1 S s 2 S t , n s 3 s 3 CT Dec( CT , S ) Enc( PT , S ) PT PT CT Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 9
Gaps and Improvements: Base Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 10
Share Loss: Gaps Protocol Loss of n − t − 1 shares renders s 1 the secret unrecoverable. s 2 S Attackers can destroy or t , n perform a denial s 3 of service attack against shares. Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 11
Share Loss: Improvements Protocol: (2,3)-Threshold Scheme Example Help me! s 1 s 2 P 1 P 2 Repair Alg. s 2 s 3 P 3 Laing, Stinson, A Survey and Refinement of Repairable Threshold Schemes, 2018. Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 12
Organizational Turnover: Gaps Protocol Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 13
Organizational Turnover: Gaps Protocol Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 13
Organizational Turnover: Improvements Protocol Generating u 1 and u 2 s 1 s 1 u 1 u 1 P 1 s 2 s 2 u 2 P 2 s 3 s 3 Former P 3 Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 14
Gaps and Improvements: Extended Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 15
Integrity for Ciphertext: Gaps and Improvements Ceremony s 1 i ct s 2 i ct S t , n s 3 i ct Enc( PT , S ) PT i ct CT Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 16
Redundancy for Ciphertext: Gaps Ceremony s 1 s 2 S t , n s 3 Enc( PT , S ) PT CT Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 17
Redundancy for Ciphertext: Improvements Ceremony s 1 s 2 S t , n CT s 3 Enc( PT , S ) PT CT CT Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 18
Ongoing and Future Work Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 19
Current Work Complete Ceremony Analysis Updating Shares Functionality s 1 s 1 u 1 s 2 s 2 u 2 s 3 s 3 Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 20
Future Work Adding implementations of repairing algorithms for lost shares Designing schemes to limit dealer trust Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 21
Takeaways Secret sharing schemes are not suitable for real-world use as-is Actionable improvements for gaps found in integrity, confidentiality, authenticity, and availability Ceremony analysis identifies gaps between user responsibility and security expectations Thank You! Watch for our paper at crysp.uwaterloo.ca Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 22
Recommend
More recommend