How to Delete Data for Realz: This Presentation Will Self-Destruct - - PowerPoint PPT Presentation

SESSION ID: SESSION ID:

#RSAC

Davi Ottenheimer

How to Delete Data for Realz: This Presentation Will Self-Destruct In... (Focus-On)

FON3-R11

President Flyingpenguin @daviottenheimer

Ian Smith

Research Scientist University of Washington @sesosek

Rashomon

System Diagrams: Store, Get, Delete

client rest api model Accounts key store operations Distributed Key Store Manager

kvalet: put/delete secret skaccess: access and decrypt shares pkaccess: put shares

Host

Invariants:

• Manager never sees shares.
• Manager can not read shares from nodes.
• Nodes can not decrypt assembled shares (D).
• Host can verify integrity of shares.
• After host stores key and receives ok from

manager, D is accessible (as quorum) until deleted.

• Shares are immutable until deleted.

accounts db operations

client rest api model Accounts key store operations Store secret S:

• 1. D ← Epk_access(S)
• 2. D1,…,Dn ← ss_split(D, m, n)

Store secret... Distributed Key Store Manager

kvalet: put/delete secret skaccess: access and decrypt shares pkaccess: put shares

Host

accounts db operations

reserve(name, pkaccess, ttl, m, n) [auth with kvalet] client rest api model Accounts key store operations Store secret...

kvalet: put/delete secret skaccess: access and decrypt shares pkaccess: put shares

Distributed Key Store Manager Host

accounts db operations

reserve(name, pkaccess, ttl, m, n) [auth with kvalet] client rest api model Accounts Manager Host key store operations create_reservation(pkaccess, ttl) Store secret...

kvalet: put/delete secret skaccess: access and decrypt shares pkaccess: put shares

Distributed Key Store

accounts db operations

reserve(name, pkaccess, ttl, m, n) [auth with kvalet] client rest api model Accounts key store operations LA LC LB Store secret...

kvalet: put/delete secret skaccess: access and decrypt shares pkaccess: put shares

Manager Host Distributed Key Store LD LE

accounts db operations

reserve(name, pkaccess, ttl, m, n) [auth with kvalet] client rest api

accounts db operations

model Accounts key store operations store reservation Store secret...

kvalet: put/delete secret skaccess: access and decrypt shares pkaccess: put shares

Manager Host LA LC Distributed Key Store LD LE LB

reservation for secret id at LA, LB, LC, LD, LE client rest api model Accounts key store operations Store secret...

kvalet: put/delete secret skaccess: access and decrypt shares pkaccess: put shares

Manager Host Distributed Key Store

accounts db operations

client rest api model Accounts key store operations fill_reservations(Li, Di), [auth with skaccess]

kvalet: put/delete secret skaccess: access and decrypt shares pkaccess: put shares

Store secret... Manager Host Distributed Key Store

accounts db operations

model Accounts key store operations OK Store secret...

kvalet: put/delete secret skaccess: access and decrypt shares pkaccess: put shares

Manager Host Distributed Key Store client rest api

accounts db operations

confirm filled reservation client rest api model Accounts key store operations Store secret...

kvalet: put/delete secret skaccess: access and decrypt shares pkaccess: put shares

Manager Host Distributed Key Store

accounts db operations

confirm filled reservation model Accounts client rest api key store operations confirm filled reservation Store secret...

kvalet: put/delete secret skaccess: access and decrypt shares pkaccess: put shares

Manager Host Distributed Key Store

accounts db operations

OK model Accounts client rest api key store operations Store secret...

kvalet: put/delete secret skaccess: access and decrypt shares pkaccess: put shares

Manager Host Distributed Key Store

accounts db operations

client rest api model Accounts key store operations

kvalet: put/delete secret skaccess: access and decrypt shares pkaccess: put shares

Manager Host Distributed Key Store

accounts db operations

model Accounts key store operations get share(Li), [auth with skaccess]

kvalet: put/delete secret skaccess: access and decrypt shares pkaccess: put shares

Get secret... Manager Host Distributed Key Store client rest api

accounts db operations

model Accounts key store operations D5 D4 D3

kvalet: put/delete secret skaccess: access and decrypt shares pkaccess: put shares

Get secret... Manager Host Distributed Key Store client rest api

accounts db operations

model Accounts key store operations D <- ss_combine(m shares of D) S <- Decryptsk_access(D) Get secret... Manager Distributed Key Store

kvalet: put/delete secret skaccess: access and decrypt shares pkaccess: put shares

Host client rest api

accounts db operations

client rest api model Accounts key store operations

kvalet: put/delete secret skaccess: access and decrypt shares pkaccess: put shares

Delete secret... delete(id) [auth with kvalet] Manager Host Distributed Key Store

accounts db operations

client rest api model Accounts key store operations

kvalet: put/delete secret skaccess: access and decrypt shares pkaccess: put shares

Delete secret... delete(id) [auth with kvalet] delete(Li) Manager Host Distributed Key Store

accounts db operations

model Accounts client rest api key store operations

kvalet: put/delete secret skaccess: access and decrypt shares pkaccess: put shares

Delete secret... delete(id) [auth with kvalet] OK Manager Host Distributed Key Store

accounts db operations

model Accounts key store operations client rest api

kvalet: put/delete secret skaccess: access and decrypt shares pkaccess: put shares

Delete secret... delete(id) [auth with kvalet] confirm deleted locations Manager Host Distributed Key Store

accounts db operations

model Accounts key store operations client rest api

kvalet: put/delete secret skaccess: access and decrypt shares pkaccess: put shares

Delete secret... OK Manager Host Distributed Key Store

accounts db operations