DARPAs I nvestments in Real World Cryptography Dr Josh Baron - - PowerPoint PPT Presentation

darpa s i nvestments in real world cryptography
SMART_READER_LITE
LIVE PREVIEW

DARPAs I nvestments in Real World Cryptography Dr Josh Baron - - PowerPoint PPT Presentation

Oct 20, 2022 97 likes •328 views

DARPAs I nvestments in Real World Cryptography Dr Josh Baron Program Manager, DARPA/I2O Real World Cryptography 2019 9 January 2019 1 Distribution Statement A: Approved for Public Release, Distribution Unlimited Cryptography at DARPA

slide-1
SLIDE 1

Distribution Statement A: Approved for Public Release, Distribution Unlimited

DARPA’s I nvestments in Real World Cryptography

Dr Josh Baron Program Manager, DARPA/I2O

Real World Cryptography 2019 9 January 2019

1

slide-2
SLIDE 2

Distribution Statement A: Approved for Public Release, Distribution Unlimited

2

  • Proceed – Computation on encrypted data
  • Fully Homomorphic Encryption, MPC
  • SAFER – Safe, resilient communications over the Internet
  • Pluggable Transports, Decoy Routing, Three-Party MPC
  • Brandeis – Build privacy-aware systems
  • MPC, Differential privacy, human factors
  • SAFEWARE – Provably-secure software obfuscation
  • Indistinguishability Obfuscation
  • RACE – Secure, distributed messaging in contested network environments
  • MPC, Obfuscated Communications
  • Future?

Cryptography at DARPA Overview

slide-3
SLIDE 3

Distribution Statement A: Approved for Public Release, Distribution Unlimited

3

  • Proceed – Computation on encrypted data
  • Fully Homomorphic Encryption, MPC
  • SAFER – Safe, resilient communications over the Internet
  • Pluggable Transports, Decoy Routing, Three-Party MPC
  • Brandeis – Build privacy-aware systems
  • MPC, Differential privacy, human factors
  • SAFEWARE – Provably-secure software obfuscation
  • Indistinguishability Obfuscation
  • RACE – Secure, distributed messaging in contested network environments
  • MPC, Obfuscated Communications
  • Future?

Today’s Discussion

slide-4
SLIDE 4

Distribution Statement A: Approved for Public Release, Distribution Unlimited

4

Brandeis

slide-5
SLIDE 5

Develop tools and techniques to enable the building of information systems where private data can be used for the intended purpose – and no other

Program Objective

Brandeis data privacy

enable a new direction

  • f movement

data privacy data utility data enclaves unprotected data

Distribution Statement A: Approved for Public Release, Distribution Unlimited

5

slide-6
SLIDE 6

Distribution Statement A: Approved for Public Release, Distribution Unlimited

Brandeis System Concept

Experimental I ntegration Platforms (TA3) Data Requester / User/ Analyst Human Data I nteraction (TA2)

Data Owner

& Devices

TA1s TA1s TA1s TA1s Privacy Policy User I nterface

(Users define and understand policy)

Privacy Preserving Techniques

(Encryption, MPC, Differential Privacy)

Privacy Measurement (TA4)

(Metrics for measuring privacy protection) Data requesters use, analyze privacy protected data

6

Source: CMU Source: UC Berkeley

slide-7
SLIDE 7

Distribution Statement A: Approved for Public Release, Distribution Unlimited

Privacy-Enhanced (PE) Android

Framework Android SDK Level 23

App Development App Execution Brandeis Mobile CRT Research & Integration

Fragment Display RapidGather

Image Data Capsule Location Privacy Manager Privacy Policy Call Logs

PAL Modules

PE Android Framework Modifications

  • Private Data Service
  • Permission Purposes
  • App Install Hooks
  • Runtime Policy Enforcement and HDI
  • Off Device Privacy Policy
  • Runtime Instrumentation / Analysis

PE Android PAL

PE Android SDK Add-On

  • Configurations
  • Private Data

Requests

slide-8
SLIDE 8

8

“Help Me” Application

Distribution Statement A: Approved for Public Release, Distribution Unlimited

slide-9
SLIDE 9

9

Optimized Schedule Docking

Task: Schedule the docking of S Aid Provider ships from N Nations at P ports

within an Aid Recipient country by a given deadline D.

Optimization: Load-balance across ports

MIN (MAX Port_j, Port_k (|{ Assigned(Ship_i, Port_j)} | - |{ Assigned(Ship_i, Port_k)} |))

Intl Response Coordinator Aid Providers Aid Recipient

ship-location ship-maxspeed ship-draft harbor-depth

  • ffload-capability

berth-availability

Nation 1 Nation 2 Nation 3 10 ports Ship-port feasibility:

  • 2-way asymmetric MPC

Ship-port assignments:

  • 3-way symmetric MPC

Distribution Statement A: Approved for Public Release, Distribution Unlimited

slide-10
SLIDE 10

10

Multi Ship Multi Port Aid Distribution Allocation in MPC

Distribution Statement A: Approved for Public Release, Distribution Unlimited

slide-11
SLIDE 11

Distribution Statement A: Approved for Public Release, Distribution Unlimited

11

  • Cryptography
  • SCALE-MAMBA
  • Garbled RAM
  • Oblivious RAM
  • SGX/Sanctum
  • Functional Secret Sharing
  • Differential Privacy
  • Workload Balancing
  • Composition (Ektelo)
  • Local DP
  • Open-source tools (ex: https://github.com/uber/sql-differential-

privacy)

Privacy-Enhancing Technologies within Brandeis

slide-12
SLIDE 12

Resilient Anonymous Communication for Everyone (RACE)

Distribution Statement A: Approved for Public Release, Distribution Unlimited

slide-13
SLIDE 13

13

RACE Goal

Use cryptography and obfuscated communications to build an anonymous, attack-resilient mobile communication system that can reside completely within a contested network environment.

Distribution Statement A: Approved for Public Release, Distribution Unlimited

slide-14
SLIDE 14

Help Wanted

email: af7832bd @lg.net

Resilient app storage and delivery via sharding

Normal-appearing

communications Undiscoverable, encapsulated communication Oblivious message-passing

route assignment

Cryptographic tasking node Cryptographic app delivery node

Key:

bob

alice

14

1) Cryptography: Counter service exploitation via computing on encrypted data 2) Obfuscation: Counter communication exploitation via protocol embedding

RACE Approach: Avoid Large-scale Targeting

Message and addressee are encrypted

Encoded, oblivious tasking

Distribution Statement A: Approved for Public Release, Distribution Unlimited

slide-15
SLIDE 15

15

RACE Security Properties

Type Attribute Property

Confidentiality

user messages Only the sender and receiver of a message can see it user message metadata Confidentiality of who talks to whom and when unobservable communication The fact that Alice possesses and uses the mobile application should not be inferable unless Alice’s mobile device is compromised unobservable service node participation The fact that Bob is running software to execute service node functionality should not be inferable unless Bob’s system is compromised

I ntegrity

user messages User messages cannot be changed in transit

Availability

user messages End-to-end communication time should be one minute

Distribution Statement A: Approved for Public Release, Distribution Unlimited

slide-16
SLIDE 16

16

RACE Program Structure

Testbed and Voice of the Adversary

Realistic network environments Realistic adversarial approaches Assess prototype systems

Prototype releases

Prototype distributed tasking code Communications toolbox

TA3: System

Distributed Messaging Operations

TA2: Obfuscated Communication

Countering Automated Protocol Identification

TA1: Cryptography

Resilient Distributed System Tasking TA 3.1: Resilient App Distribution

Distribution Statement A: Approved for Public Release, Distribution Unlimited

slide-17
SLIDE 17

(Selected) RACE Metrics

Metric Phase 1 (18 mo) Phase 2 (12 mo) Phase 3 (18 mo)

Common

Nodes: users/tasking 10 / 100 100 / 1k 10k / 1k Crypto adversary /corruption level Passive / 20% Active / 10% Active / 20% Crypto key infrastructure Assumed Not assumed Not assumed

TA 1

msg/day / size / delay 500 / 140B / 5 min latency 5k / 140B / 1 min latency 500k / 1MB / 1 min latency Node refresh Demonstrate 1/month 1/week

TA 2

Security Quantitative/ simulated evaluation Statistical distance proof sketch Statistical distance full proof Adversary Passive Active link inject Link+node inject Bandwidth (c-s/s-s) 100 kbps / 5 Mbps 500 kbps / 10 Mbps 500 kbps / 10 Mbps Channel Model Simulation eval Proof (passive adversary) Proof (active adversary)

TA 3

System Architecture Full prototype integration Full demo system Adversarial exploitation Passive Active node exploitation Full spectrum exploitation Comm channels Mock channel TA 2 channel Switch b/t channels

TA 3.1

Logical sharding < 5 Atomic functionalities Innocuous “gadgets” Nodes: total/reconstruct 50/10 250/30 1000/50 App reconstruction 10 min 5 min 5 min

17

Distribution Statement A: Approved for Public Release, Distribution Unlimited

slide-18
SLIDE 18

Future Cryptography Programs at DARPA (?)

Distribution Statement A: Approved for Public Release, Distribution Unlimited

slide-19
SLIDE 19

Distribution Statement A: Approved for Public Release, Distribution Unlimited

19

  • Making Mathematically Verifiable Statements Without Revealing Sensitive

Information

  • Question 1: What can/should I prove in ZK?
  • Question 2: How efficiently can I prove it?
  • Proof and statement/witness efficiency
  • Question 3: What are the big theoretical “heavy lifts” that need to be

addressed?

  • PCPs, Interactive Proof Complexity, etc…

Zero Knowledge

slide-20
SLIDE 20

Distribution Statement A: Approved for Public Release, Distribution Unlimited

20

  • ABC RFI
  • What should DARPA’s role be?
  • Question 1: What can we actually do now that we cannot before?
  • Permissioned blockchains = old news
  • Permissionless blockchains = ?
  • Economic understandings of security + Distributed Computation Protocols = ?
  • Question 2: How secure are consensus protocols really?
  • Are distributed systems truly decentralized?
  • Apostolaki et al, Oakland 2018: at the AS level, Bitcoin is highly centralized

Consensus Protocols (Blockchain)

slide-21
SLIDE 21

www.darpa.mil

21

People/phone/computer icons from https://openclipart.org/ and https://github.com/KDE/breeze-icons Distribution Statement A: Approved for Public Release, Distribution Unlimited