burnbox
play

BurnBox Self-Revocable Encryption in a World of Compelled Access - PowerPoint PPT Presentation

Jun 09, 2023 •247 likes •787 views

BurnBox Self-Revocable Encryption in a World of Compelled Access Nirvan Tyagi Muhammad Haris Thomas Ristenpart Ian Miers Mughees Usenix Security 2018 1 Compelled Access Setting file 1 file 2 file 3 2 Compelled Access Setting file 1

  1. BurnBox Self-Revocable Encryption in a World of Compelled Access Nirvan Tyagi Muhammad Haris Thomas Ristenpart Ian Miers Mughees Usenix Security 2018 1

  2. Compelled Access Setting file 1 file 2 file 3 2

  3. Compelled Access Setting file 1 file 2 file 3 3

  4. Compelled Access Setting file 1 file 2 e.g., border crossing, file 3 airport security, police checkpoints 4

  5. Compelled Access Setting file 1 file 2 e.g., border crossing, file 3 airport security, police checkpoints e.g., journalists, dissidents, activists 5

  6. Compelled Access Setting > 50% increase file 1 file 2 e.g., border crossing, file 3 airport security, police checkpoints e.g., journalists, dissidents, activists 6

  7. Contributions ● BurnBox: Cloud storage secure in compelled access setting Allow users to honestly comply with authorities while preserving ○ confidentiality Secure deletion: permanently delete files ○ Temporary revocation: self-revoke access to files temporarily ○ ● Formal compelled access security notions and analysis ● Proof-of-concept prototype 7

  8. Deniable/Steganographic file systems hide files by [CDNO96, ANS98, deceiving authority ADW97, Truecrypt] Real Duress file 1 file 2 file 3 8

  9. Deniable/Steganographic file systems hide files by [CDNO96, ANS98, deceiving authority ADW97, Truecrypt] file 1 file 2 file 3 9

  10. Deniable/Steganographic file systems hide files by [CDNO96, ANS98, deceiving authority ADW97, Truecrypt] file 1 fake 1 file 2 fake 2 file 3 fake 3 10

  11. Deniable/Steganographic file systems hide files by [CDNO96, ANS98, deceiving authority ADW97, Truecrypt] Limitation: High usability burden where deception is inherent to security Maintenance of “realistic-looking” fake content ● Ability to convincingly lie about duress key ● file 1 fake 1 file 2 fake 2 file 3 fake 3 11

  12. Deniable/Steganographic file systems hide files by [CDNO96, ANS98, deceiving authority ADW97, Truecrypt] Limitation: High usability burden where deception is inherent to security Maintenance of “realistic-looking” fake content ● Is this really Ability to convincingly lie about duress key ● your key? file 1 fake 1 file 2 fake 2 file 3 fake 3 12

  13. Deniable/Steganographic file systems hide files by [CDNO96, ANS98, deceiving authority ADW97, Truecrypt] Limitation: High usability burden where deception is inherent to security Maintenance of “realistic-looking” fake content ● Is this really Ability to convincingly lie about duress key ● your key? file 1 fake 1 file 2 fake 2 file 3 fake 3 13

  14. A Different Approach 1. Allow users to honestly comply at compelled access checkpoints 14

  15. A Different Approach 1. Allow users to honestly comply at compelled access checkpoints Strawman: burner device or full wipe of device 15

  16. A Different Approach 1. Allow users to honestly comply at compelled access checkpoints Strawman: burner device or full wipe of device BurnBox: selective temporary self-revocation of sensitive files 16

  17. A Different Approach 1. Allow users to honestly comply at compelled access checkpoints Strawman: burner device or full wipe of device BurnBox: selective temporary self-revocation of sensitive files 2. Designed specifically for use with the cloud BurnBox: secure against passive cloud adversaries 17

  18. Threat Model Untrusted Cloud Storage Write-only store ● Passive attacker ● file 1 file 2 file 3 18

  19. Threat Model Untrusted Cloud Storage Write-only store ● Passive attacker ● file 1 file 2 file 3 19

  20. Threat Model Untrusted Cloud Storage Write-only store ● Passive attacker ● file 1 file 2 file 3 20

  21. Threat Model Untrusted Cloud Storage Write-only store ● Passive attacker ● Compelling Agent Access to local device ● User passwords ● Cloud history ● file 1 file 2 file 3 21

  22. Threat Model Untrusted Cloud Storage Write-only store ● Passive attacker ● Offline Restoration Cache Inaccessible to ● Compelling Agent compelling agent Access to local device Inaccessible to user ● ● User passwords during checkpoint ● Cloud history ● file 1 file 2 file 3 22

  23. BurnBox Overview file 1 file 2 file 3 23

  24. BurnBox Overview Offline Restoration Cache Local Device file 1 file 2 file 3 24

  25. BurnBox Overview Untrusted Cloud Storage f0c531 39731a 0dea2d file 1 file 2 file 3 25

  26. BurnBox Overview Before Compelled Access User selectively deletes and revokes sensitive files f0c531 39731a 0dea2d file 1 file 2 file 3 26

  27. BurnBox Overview Before Compelled Access User selectively deletes and revokes sensitive files f0c531 39731a 0dea2d file 1 revoke delete 27

  28. BurnBox Overview Before Compelled Access User selectively deletes and revokes sensitive files f0c531 During Compelled Access Deleted files and revoked 39731a files are inaccessible and 0dea2d are cryptographically indistinguishable file 1 file 1 revoke delete 28

  29. BurnBox Overview Before Compelled Access User selectively deletes and revokes sensitive files f0c531 During Compelled Access Deleted files and revoked 39731a files are inaccessible and 0dea2d are cryptographically indistinguishable After Compelled Access file 1 User restores access to revoked files with access revoke to restoration key delete 29

  30. BurnBox Overview Before Compelled Access User selectively deletes and revokes sensitive files f0c531 During Compelled Access Deleted files and revoked 39731a files are inaccessible and 0dea2d are cryptographically indistinguishable After Compelled Access file 1 User restores access to revoked files with access file 2 to restoration key 30

  31. Conventional client-side encryption f0c531 39731a 0dea2d Device State file 1 encryption encrypted filename key file file 2 f1.txt cc64c3 f0c531 file 3 f2.txt 5707dd 39731a f3.txt 1be052 0dea2d 31

  32. Compelled access reveals local keys f0c531 39731a 0dea2d Device State file 1 encryption encrypted filename key file file 2 f1.txt cc64c3 f0c531 file 3 f2.txt 5707dd 39731a f3.txt 1be052 0dea2d 32

  33. Delete rows of sensitive files f0c531 39731a 0dea2d Device State file 1 encryption encrypted filename key file file 2 f1.txt cc64c3 f0c531 file 3 f2.txt 5707dd 39731a f3.txt 1be052 0dea2d 33

  34. Delete rows of sensitive files Problem 1: How to support revocation? f0c531 Problem 2: Secure deletion of persistent state is hard . 39731a 0dea2d Device State file 1 encryption encrypted filename key file file 2 f1.txt cc64c3 f0c531 file 3 f2.txt 5707dd 39731a f3.txt 1be052 0dea2d Forensic analysis 34

  35. Revocation: use public-key encryption f0c531 39731a 0dea2d Device State file 1 encryption encrypted restoration filename key file ciphertext file 2 f1.txt cc64c3 f0c531 E(pk ,cc64c3 ) file 3 f2.txt 5707dd 39731a E(pk ,39731a ) f3.txt 1be052 0dea2d E(pk ,1be052 ) 35

  36. Revocation: use public-key encryption f0c531 39731a 0dea2d Device State file 1 encryption encrypted restoration filename key file ciphertext file 2 Revoke f1.txt cc64c3 f0c531 E(pk ,cc64c3 ) file 3 f2.txt 5707dd 39731a E(pk ,39731a ) f3.txt 1be052 0dea2d E(pk ,1be052 ) 36

  37. Revocation: use public-key encryption f0c531 39731a 0dea2d Device State file 1 encryption encrypted restoration filename key file ciphertext file 2 Revoke f1.txt cc64c3 f0c531 E(pk ,cc64c3 ) file 3 Delete f2.txt 5707dd 39731a E(pk ,39731a ) f3.txt 1be052 0dea2d E(pk ,000000 ) 37

  38. Revocation: use public-key encryption Problem 1: How to support revocation? f0c531 Problem 2: Secure deletion of persistent state is hard . 39731a 0dea2d Device State file 1 encryption encrypted restoration filename key file ciphertext file 2 Revoke f1.txt cc64c3 f0c531 E(pk ,cc64c3 ) file 3 Delete f2.txt 5707dd 39731a E(pk ,39731a ) f3.txt 1be052 0dea2d E(pk ,000000 ) 38

  39. Erasable Index File keys stored in append-only table ● f1.txt cc64c3... f2.txt 5707dd... f3.txt 1be052... f4.txt ca46b6... 39

  40. Erasable Index File keys stored in append-only table ● Secure deletion of row keys with trusted hardware [RRBC13] ● Trusted hardware assumed to manage small “effaceable” storage ○ E.g., TPM, iOS/Android keystore APIs ○ effaceable storage f1.txt cc64c3... f2.txt 5707dd... f3.txt 1be052... key tree f4.txt ca46b6... 40

  41. Erasable Index File keys stored in append-only table ● Secure deletion of row keys with trusted hardware [RRBC13] ● Trusted hardware assumed to manage small “effaceable” storage ○ E.g., TPM, iOS/Android keystore APIs ○ effaceable storage f1.txt cc64c3... f2.txt 5707dd... f3.txt 1be052... key tree f4.txt ca46b6... 41

  42. Erasable Index File keys stored in append-only table ● Secure deletion of row keys with trusted hardware [RRBC13] ● Trusted hardware assumed to manage small “effaceable” storage ○ E.g., TPM, iOS/Android keystore APIs ○ effaceable storage f1.txt cc64c3... f2.txt 5707dd... f3.txt 1be052... key tree f4.txt ca46b6... 42

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

MUNICIPAL DEBT ISSUANCE FUNDAMENTALS SESSION 1: THE PATH TO ISSUANCE SEPTEMBER 9, 2020 Jay

MUNICIPAL DEBT ISSUANCE FUNDAMENTALS SESSION 1: THE PATH TO ISSUANCE SEPTEMBER 9, 2020 Jay

MUNICIPAL DEBT ISSUANCE FUNDAMENTALS SESSION 1: THE PATH TO ISSUANCE SEPTEMBER 9, 2020 Jay Goldstone, Former Chief Operating Officer and Chief Financial Officer, City of San Diego Steve Heaney, Former Co-Head Municipal Securities Group, Stifel

744 views • 49 slides
Efficient Certificateless Signcryption Diego Aranha, Rafael Castro, Julio L opez, Ricardo Dahab

Efficient Certificateless Signcryption Diego Aranha, Rafael Castro, Julio L opez, Ricardo Dahab

Efficient Certificateless Signcryption Diego Aranha, Rafael Castro, Julio L opez, Ricardo Dahab Institute of Computing - UNICAMP Funded by FAPESP, Grant No. 2007/06950-0 Diego Aranha, Rafael Castro, Julio L opez, Ricardo Dahab Efficient

182 views • 5 slides
GreenWave Reality Peter Wilmar Christensen Co-Founder, GM Europe and group CFO September 25th,

GreenWave Reality Peter Wilmar Christensen Co-Founder, GM Europe and group CFO September 25th,

GreenWave Reality Peter Wilmar Christensen Co-Founder, GM Europe and group CFO September 25th, 2012 GreenWave Reality Company Confidential torsdag den 27. september 12 32 Global Customers GreenWave Reality Company Confidential torsdag den

424 views • 29 slides
Dynamic Threshold Public-Key Encryption C ecile Delerabl ee David Pointcheval Ecole

Dynamic Threshold Public-Key Encryption C ecile Delerabl ee David Pointcheval Ecole

Dynamic Threshold Public-Key Encryption C ecile Delerabl ee David Pointcheval Ecole normale sup Orange Labs erieure CRYPTO 2008 August 20th, 2008 Formal Model Our Construction Conclusion Threshold Cryptography When one cannot

286 views • 11 slides
Update May 2, 2019 Purpose Gemini Project Overview Timeline for Implementation New

Update May 2, 2019 Purpose Gemini Project Overview Timeline for Implementation New

Employer Reporting Update May 2, 2019 Purpose Gemini Project Overview Timeline for Implementation New Reporting Process Key Concepts File Layout Q&A Gemini Project The Gemini Project team is tasked with

592 views • 22 slides
What's New in Percona Server for MongoDB? 2019 Q3: Enterprise Enhancements and v4.2 4:00 PM -

What's New in Percona Server for MongoDB? 2019 Q3: Enterprise Enhancements and v4.2 4:00 PM -

What's New in Percona Server for MongoDB? 2019 Q3: Enterprise Enhancements and v4.2 4:00 PM - 4:50 PM - Room B About Adamo and Akira Two of the most experienced MongoDB field experts in the world. Adamo w/ MongoDB: 2013 ~ MongoDB: 2009 ~

811 views • 66 slides
The Key-Value SSD as a First-Class Citizen in the 1 Systems Software & Architecture Lab,

The Key-Value SSD as a First-Class Citizen in the 1 Systems Software & Architecture Lab,

Carl Duffy 1 Sang-Hoon Kim 2 Jin-Soo Kim 1 The Key-Value SSD as a First-Class Citizen in the 1 Systems Software & Architecture Lab, Operating System Seoul National University 2 Systems Software Lab, Ajou University Key-value stores

423 views • 8 slides
Managing Projects with Git (and other command-line skills) Dr. Chris Mayfield Department of

Managing Projects with Git (and other command-line skills) Dr. Chris Mayfield Department of

Managing Projects with Git (and other command-line skills) Dr. Chris Mayfield Department of Computer Science James Madison University Feb 18, 2020 Part 1: Group Repository What is Git/GitHub? Git is a version control system GitHub is a

384 views • 14 slides
Patent Law Prof. Roger Ford March 8, 2016 Class 10 Statutory bars: introduction; public

Patent Law Prof. Roger Ford March 8, 2016 Class 10 Statutory bars: introduction; public

Patent Law Prof. Roger Ford March 8, 2016 Class 10 Statutory bars: introduction; public use Recap Recap priority of invention and 102(g) abandoned, suppressed, or concealed inventions 102(g) as prior art Todays

383 views • 34 slides
COSIC Ashur, Benedikt Gierlichs and Bart Preneel an imec research group at KU Leuven Lennert

COSIC Ashur, Benedikt Gierlichs and Bart Preneel an imec research group at KU Leuven Lennert

Fast, Furious and Insecure Lennert Wouters , Eduard Marin, Tomer COSIC Ashur, Benedikt Gierlichs and Bart Preneel an imec research group at KU Leuven Lennert Wouters , Eduard Marin, Tomer Ashur, Benedikt Gierlichs and Bart Preneel Passive

659 views • 37 slides
Hacking Joshua Lackey, Ph.D. Ph.D., Mathematics. University of Oregon. 1995 2000

Hacking Joshua Lackey, Ph.D. Ph.D., Mathematics. University of Oregon. 1995 2000

Hacking Joshua Lackey, Ph.D. Ph.D., Mathematics. University of Oregon. 1995 2000 Background Senior Ethical Hacker. IBM Global Services. 1999 2005 Security Software Developer. Microsoft SWI Attack Team. 2005

943 views • 62 slides
Mobile Goes Remote 25. september 2012 1 onsdag den 26. september 12 Before going remote...

Mobile Goes Remote 25. september 2012 1 onsdag den 26. september 12 Before going remote...

Mobile Goes Remote 25. september 2012 1 onsdag den 26. september 12 Before going remote... Enablers Purpose Execution 2 onsdag den 26. september 12 Market perspective Check: Critical mass on mobile In your pocket Used everywhere

263 views • 23 slides
Two factor authentication Open, trustworthy and enterprise ready Two factor authentication

Two factor authentication Open, trustworthy and enterprise ready Two factor authentication

Version 1.0 Cornelius Klbel (corny@cornelinux.de) May 2014 (CC BY-NC-SA 4.0) Everybody knows that a password - be it simple or even complex - is a potential vulnerability. Two factor authentication is the way to authenticate a user not only

400 views • 5 slides
Security Patterns for Automotive Systems Betty H.C. Cheng with Bradley Doherty, Nick Polanco, and

Security Patterns for Automotive Systems Betty H.C. Cheng with Bradley Doherty, Nick Polanco, and

9/16/19 Security Patterns for Automotive Systems Betty H.C. Cheng with Bradley Doherty, Nick Polanco, and Matthew Pasco Overview Background Review of threat surfaces Automotive Security Pattern structure Excerpts from Automotive

327 views • 16 slides
AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

SECURITY TOPICS PART 2 AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources: getting entrance to a computer lab

833 views • 44 slides
How can webapps benefit from automotive environment, with safety? Web and automotive W3C

How can webapps benefit from automotive environment, with safety? Web and automotive W3C

How can webapps benefit from automotive environment, with safety? Web and automotive W3C workshop Pierre.Girard@gemalto.com Rome, November 14, 2012 Agenda Gemalto introduction Car as a programming platform Safety, security and

179 views • 15 slides
Enroll 2FA to thousands of users Automating processes with privacyIDEA FOSDEM 2018 Cornelius

Enroll 2FA to thousands of users Automating processes with privacyIDEA FOSDEM 2018 Cornelius

Enroll 2FA to thousands of users Automating processes with privacyIDEA FOSDEM 2018 Cornelius Klbel About Cornelius Cornelius Klbel 2FA since 2005 Smartcards, Aladdin eT oken, privacyIDEA since 2014

311 views • 27 slides
CSCI 4250/6250 Fall 2013 Computer and Networks Security

CSCI 4250/6250 Fall 2013 Computer and Networks Security

CSCI 4250/6250 Fall 2013 Computer and Networks Security CHAPTER 1 - INTRODUCTION 1 Research in Computer Security Studies in what ways

794 views • 77 slides
CGE Models for Regional Policy Research: Notes and Examples David Roland-Holst, UC Berkeley DRC

CGE Models for Regional Policy Research: Notes and Examples David Roland-Holst, UC Berkeley DRC

CGE Models for Regional Policy Research: Notes and Examples David Roland-Holst, UC Berkeley DRC Modeling Workshop Beijing, PRC November, 2004 Contents General considerations for policy modeling 1. Examples of CGE applications 2. Strategy

375 views • 34 slides
MFA? www.id e ntit yexpe rts. co .uk | @Id e ntit y E xpe rts With Am y St o k e s-W a t e rs ulti

MFA? www.id e ntit yexpe rts. co .uk | @Id e ntit y E xpe rts With Am y St o k e s-W a t e rs ulti

Y ea h, but wh a t is MFA? www.id e ntit yexpe rts. co .uk | @Id e ntit y E xpe rts With Am y St o k e s-W a t e rs ulti M ac t o r L e t ' s st a rt with F th e b a si c s. MFA st a nds f o r uth e nti ca ti o n A " But Am y , wh a t d

331 views • 7 slides
Washington SEL Capacity Building Series Training 1 Orientation to Washington SEL Resources Sarah

Washington SEL Capacity Building Series Training 1 Orientation to Washington SEL Resources Sarah

Washington SEL Capacity Building Series Training 1 Orientation to Washington SEL Resources Sarah Pierce Vicki Nishioka, Ph.D. Senior Advisor- Indian Education Senior Advisor- Evaluation Agenda 1 Welcome and opening activity 2 SEL Policy,

631 views • 31 slides
iA Financial Group establishes a leading presence in the U.S. vehicle warranty market with the

iA Financial Group establishes a leading presence in the U.S. vehicle warranty market with the

iA Financial Group establishes a leading presence in the U.S. vehicle warranty market with the acquisition of IAS December 4, 2019 Caution regarding forward-looking statements Some of the statements contained in this Presentation, including

580 views • 18 slides
Cryptography [Symmetric Encryption] Fall 2017 Franziska (Franzi) Roesner

Cryptography [Symmetric Encryption] Fall 2017 Franziska (Franzi) Roesner

CSE 484 / CSE M 584: Computer Security and Privacy Cryptography [Symmetric Encryption] Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner, John Manferdelli,

439 views • 19 slides
The Multi-User Security of Double Encryption Viet Tung Hoang Stefano Tessaro Florida State

The Multi-User Security of Double Encryption Viet Tung Hoang Stefano Tessaro Florida State

The Multi-User Security of Double Encryption Viet Tung Hoang Stefano Tessaro Florida State University UC Santa Barbara EUROCRYPT 2017 May 3, 2017 1 Double Encryption Single Encryption: trivial E J key-recovery in O(2 k ) time. Double

1.25k views • 51 slides

More recommend