Forgetting with Puzzles: Using Cryptographic Puzzles to support - - PowerPoint PPT Presentation
Forgetting with Puzzles: Using Cryptographic Puzzles to support Digital Forgetting Shujaat Mirza msm622@nyu.edu Cyber Security & Privacy Lab (CSP-lab) Digital Forgetting Right to Right to be Privacy Forgotten constitutes data
Shujaat Mirza msm622@nyu.edu Cyber Security & Privacy Lab (CSP-lab)
Forgetting with Puzzles; Amjad, Mirza and Pöpper
constitutes data that is not publicly available talks about revocation of public data after a certain point in time and no allowing third parties to access it further
2
Forgetting with Puzzles; Amjad, Mirza and Pöpper
be inaccurate, inadequate, irrelevant, or excessive in the light of the time that had elapsed” where requested by individuals.
[Source: http://ec.europa.eu/justice/data-protection/files/factsheets/factsheet_data_protection_en.pdf]
3
Forgetting with Puzzles; Amjad, Mirza and Pöpper
[Source:- https://transparencyreport.google.com/eu-privacy/ & https://elie.net/blog/web/insights-about-the-first-three-years-of-the-right-to-be-forgotten-requests-at-google ]
4
5/2014-5/2019
Forgetting with Puzzles; Amjad, Mirza and Pöpper
5
Forgetting with Puzzles; Amjad, Mirza and Pöpper
Vanish 2009: DHTs EphPub 2011: DNS caches
Where to store the key(s)?
WPES 2012: Website encoding Neuralyzer 2016: DNS caches Ephemerizer 2005: centralized
6
Forgetting with Puzzles; Amjad, Mirza and Pöpper
Encrypt locally Upload Distribute key 1 key bit → 1 node 1 node → 1 address B A C D Upload object
7
Ephemeral key storage
A D E 1 1 1 B C 1 1 1
[Apostolis Zarras, Katharina Kohls, Markus Dürmuth, Christina Pöpper: Neuralyzer: Flexible Expiration Times for the Revocation of Online Data. ACM Conference
Forgetting with Puzzles; Amjad, Mirza and Pöpper
1 1 1 B A C D
Get encrypt. data Download B A C D Access nodes Recover key 1 1 1
8 [Apostolis Zarras, Katharina Kohls, Markus Dürmuth, Christina Pöpper: Neuralyzer: Flexible Expiration Times for the Revocation of Online Data. ACM Conference
Forgetting with Puzzles; Amjad, Mirza and Pöpper
9
Forgetting with Puzzles; Amjad, Mirza and Pöpper
10
GhousAmjad, Muhammad Shujaat Mirza, Christina Pöpper: Forgetting with Puzzles: Using Cryptographic Puzzles to support Digital Forgetting, ACM Conference on Data and Application Security and Privacy (ACM CODASPY),2018
Forgetting with Puzzles; Amjad, Mirza and Pöpper
Pre Expiry Attackers
11
GhousAmjad, Muhammad Shujaat Mirza, Christina Pöpper: Forgetting with Puzzles: Using Cryptographic Puzzles to support Digital Forgetting, ACM Conference on Data and Application Security and Privacy (ACM CODASPY),2018
Forgetting with Puzzles; Amjad, Mirza and Pöpper
12
GhousAmjad, Muhammad Shujaat Mirza, Christina Pöpper: Forgetting with Puzzles: Using Cryptographic Puzzles to support Digital Forgetting, ACM Conference on Data and Application Security and Privacy (ACM CODASPY),2018
Forgetting with Puzzles; Amjad, Mirza and Pöpper
B A C D
Encrypt with K
○ Encrypt key K using the process outlined by Rivest et al. ○ The process outputs Ck , a , b , N.
○ Square a , b times (sequential) modulo N (call this X) ○ Recover K = Ck- X
b determines the time spent on the puzzle!
13
GhousAmjad, Muhammad Shujaat Mirza, Christina Pöpper: Forgetting with Puzzles: Using Cryptographic Puzzles to support Digital Forgetting, ACM Conference on Data and Application Security and Privacy (ACM CODASPY),2018
Forgetting with Puzzles; Amjad, Mirza and Pöpper
Get encrypt. data Download B A C D
14
GhousAmjad, Muhammad Shujaat Mirza, Christina Pöpper: Forgetting with Puzzles: Using Cryptographic Puzzles to support Digital Forgetting, ACM Conference on Data and Application Security and Privacy (ACM CODASPY),2018
Forgetting with Puzzles; Amjad, Mirza and Pöpper
Get encrypt. data Download B A C D Solve the Puzzle
15
GhousAmjad, Muhammad Shujaat Mirza, Christina Pöpper: Forgetting with Puzzles: Using Cryptographic Puzzles to support Digital Forgetting, ACM Conference on Data and Application Security and Privacy (ACM CODASPY),2018
Forgetting with Puzzles; Amjad, Mirza and Pöpper
1 1 1 B A C D Get encrypt. data Download B A C D Access nodes Solve the Puzzle
16
GhousAmjad, Muhammad Shujaat Mirza, Christina Pöpper: Forgetting with Puzzles: Using Cryptographic Puzzles to support Digital Forgetting, ACM Conference on Data and Application Security and Privacy (ACM CODASPY),2018
Forgetting with Puzzles; Amjad, Mirza and Pöpper
1 1 1 B A C D
Get encrypt. data Download B A C D Access nodes Recover key 1 1 1 Solve the Puzzle
17
GhousAmjad, Muhammad Shujaat Mirza, Christina Pöpper: Forgetting with Puzzles: Using Cryptographic Puzzles to support Digital Forgetting, ACM Conference on Data and Application Security and Privacy (ACM CODASPY),2018
Forgetting with Puzzles; Amjad, Mirza and Pöpper
B A C D G H F E 1 1 1 B A C D 1 1 1 G H F E
Takes 2 seconds to solve Takes 30 seconds to solve
18
GhousAmjad, Muhammad Shujaat Mirza, Christina Pöpper: Forgetting with Puzzles: Using Cryptographic Puzzles to support Digital Forgetting, ACM Conference on Data and Application Security and Privacy (ACM CODASPY),2018
Forgetting with Puzzles; Amjad, Mirza and Pöpper
19
Forgetting with Puzzles; Amjad, Mirza and Pöpper
20
GhousAmjad, Muhammad Shujaat Mirza, Christina Pöpper: Forgetting with Puzzles: Using Cryptographic Puzzles to support Digital Forgetting, ACM Conference on Data and Application Security and Privacy (ACM CODASPY),2018
Forgetting with Puzzles; Amjad, Mirza and Pöpper
21
GhousAmjad, Muhammad Shujaat Mirza, Christina Pöpper: Forgetting with Puzzles: Using Cryptographic Puzzles to support Digital Forgetting, ACM Conference on Data and Application Security and Privacy (ACM CODASPY),2018
Forgetting with Puzzles; Amjad, Mirza and Pöpper
expiry times.
the same time keep user experience relatively smooth.
extension, with promising results
22
ShujaatMirza msm622@nyu.edu
GhousAmjad, Muhammad Shujaat Mirza, Christina Pöpper: Forgetting with Puzzles: Using Cryptographic Puzzles to support Digital Forgetting, ACM Conference on Data and Application Security and Privacy (ACM CODASPY),2018