restructuring the nsa metadata program
play

Restructuring the NSA Metadata Program Seny Kamara Microsoft - PowerPoint PPT Presentation

May 02, 2023 •107 likes •554 views

Restructuring the NSA Metadata Program Seny Kamara Microsoft Research Thanks to: Timothy Edgar, Matt Green, Noah Kunin, Payman Mohassel, Kurt Rohloff, Chris Soghoian and Marcy Wheeler June 5 th , 2013 1 st Snowden document published Verizon

  1. Restructuring the NSA Metadata Program Seny Kamara Microsoft Research Thanks to: Timothy Edgar, Matt Green, Noah Kunin, Payman Mohassel, Kurt Rohloff, Chris Soghoian and Marcy Wheeler

  2. June 5 th , 2013 1 st Snowden document published

  3. Verizon Court Order Top secret court order Compels Verizon to give NSA metadata of every US to Foreign call US to US call Foreign to US call On a daily basis! Similar arrangement with Sprint and AT&T

  5. Why the Outrage? Most Americans believed NSA could only spy on foreigners A warrant was required to access someone’s data The meta-data program Includes US-to-US calls NSA gets everyone’s meta data with a single court order Order provided by a secret court

  6. Q: Is the Metadata Program Legal?

  7. Is it Constitutional? 4 th Amendment Gov. cannot search your home without a warrant 1967 Supreme court says 4 th Amendment protects people W henever they have a “ reasonable expectation of privacy ” 1970’s 3 rd Party Doctrine Metadata not protected by 4 th Amendment Customers have no “reasonable expectation of privacy” about metadata

  8. Is it Consistent with FISA/Patriot Act? Sec. 501 of Foreign Intelligence Surveillance Act (FISA) Amended by Sec. 215 of PATRIOT Act Says a provider can be compelled to hand over data “if there are reasonable grounds to believe that the tangible things sought are rele relevant to an authorized investigation” The FISA court interpreted “ rele levant ” so as to include every record

  9. “… I believe we need a new approach . I am therefore ordering a transition that will end the Section 215 bulk metadata program as it currently exists and establish a mechanism that preserves the January 17 th , 2014 capabilities we need without the government holding this bulk metadata .” Obama speech on NSA reform “I have instructed the intelligence community … to develop options for a new approach that can match the capabilities and fill the gaps that the Section 215 program was designed to address, without the government holding this metadata itself .”

  10. Q: How do we design such a system ?

  11. Outline MetaDB (current NSA system) Possible Solutions Motivation How does it work? The OB protocol Security analysis The IARPA protocols MetaCrypt Secure multi-party computation Structured encryption

  12. How Does MetaDB Work? 1 3 2 To & from numbers, time of call, duration for all US-to-US, US-to-Foreign and Foreign-to-US calls 1 MDB can only be queried by individual phone number (seed) 2 Analyst queries must be approved by small number of NSA officials 3

  13. Functionality of MetaDB Includes data from (at least) 3 parties Supports 3-hop queries reduced to 2 hops by Obama Hops include incoming & outgoing calls Holds data for at least 5 years Data deleted after that

  14. Security Mechanisms of MetaDB Few analysts can query MetaDB Each one receives “appropriate & adequate” training Only for foreign intelligence information Seed has to be suspected of terrorist association Suspicion decided independently by at least 2/20 trained NSA officials Approved by 1/2 trained NSA supervisors Suspicion not based on activities protected by 1 st Amendment List of terrorist organizations approved by FISA court Access is logged and audited

  15. What Security Properties do We Want? Isolation MetaDB should be protected from outsiders Query Certification Only certified queries can be executed Data privacy Analysts learn at most query response Query privacy Telcos learn nothing about NSA queries

  16. Security Analysis of MetaDB Let’s assume (best -case) Process is enforced at the system level e .g., supervisors use credentials to certify seed query, etc… Security of current design relies on following assumptions Isolation under secure systems assumption Query cert. under secure systems assumption & non-collusion b/w analysts & supervisors Data privacy under secure systems assumption Query privacy without assumptions

  17. Q: Can we do better ?

  18. Options Under Consideration Office of Director of National Intelligence & Justice Department Discontinue program completely Not going to happen… Non-NSA government agency holds MetaDB (e.g., FBI…) Who? Private 3rd-party holds MetaDB Who? Would be filling a government function with less oversight Telcos hold data Telcos do not want to hold data Liability, cost, bad PR, …

  19. A Modest Proposal [Kamara13] “ Are Privacy and Compliance Always at Odds ” from Outsourcedbits.org Solution with following properties Isolation Existence of symmetric-key encryption, Data privacy public-key encryption and Certified queries pseudo-random functions Query privacy Design based on combination of Keyword OT [Freedman-Ishai-Pinkas-Reingold05] Secure two-party computation [Yao82] Message authentication codes (MACs)

  20. The OB Protocol [Kamara13] K C ℓ i |p i ← F K V (w i ) K V , K C w (ℓ 1 , d i ⊕ p i ), … , (ℓ n , d n ⊕ p n ) 𝟑𝐐𝐃 f, K V , w, τ τ ← MAC K C (w) w 1 d 1 … … w n d n f K V , w, τ : Check that Vrfy K C w, τ = 1 1. F: pseudo-random function If so output ℓ i |p i ← F K V (w) MAC, Vrfy: mess. auth. code 2.

  21. IARPA Intelligence Advanced Research Projects Activity “invests in high-risk, high-payoff research programs that have the potential to provide the United States with an overwhelming intelligence advantage over future adversaries” Security and Privacy Assurance Research (SPAR) Started in 2011 Program manager: Konrad Vesey Two teams: IBM Research & Columbia University [Cash-Jarecki-Jutla-Krawczyk-Rosu-Steiner13] [Jarecki-Jutla-Krawczyk-Rosu-Steiner14] [Cash-Jarecki-Jutla-Krawczyk-Rosu-Steiner14] [Krell-Pappas-Vo-Choi-Bellovin-Keromitis-Kolenikov-Malkin14] “ efficient cryptographic protocols for querying a database that keep the query confidential, yet still allow the database owner to determine if the query is authorized and, if so, return only those records that match it”

  22. Outsourced Symmetric PIR [JJKRS14] [Jarecki-Jutla-Krawczyk-Rosu-Steiner14] Based on [ …,Cash -JJKRS13,CJJKRS14] Similar ( at a very high-level ) to OB protocol Much more challenging due to support for Boolean queries! Uses Oblivious PRFs and homomorphic signatures Security Isolation Existence of random oracles, Data privacy one-more gap Diffie-Hellman groups, Certified queries symmetric-key encryption, authenticated encryption Query privacy

  23. Can We Use OB or OSPIR ? OB & OSPIR rely on following assumptions OB relies on standard crypto assumptions   OSPIR relies on reasonable crypto assumptions  Crypto can be securely implemented  Keys can be protected  Functionality  OB & OSPIR are encrypted text databases that support keyword search MetaDB is a graph database that supports 2-hop neighbor queries ! Certification   OB & OSPIR support only basic query certification OB query certification by single human party OSPIR query certification by “format” (full version will include certification by single “human” party) MetaDB requires certification by multiple (human) parties

  24. A New Design: MetaCrypt

  25. The MetaCrypt Protocol N+6 parties N Telcos 1 server which can be an untrusted cloud ! 2 NSA analysts, 2 NSA supervisors, 1 NSA party Two phases Store phase between Telcos & server Query phase between Telcos & NSA parties

  26. Formalizing Security Goals of MetaCrypt Ideal/real-world paradigm [ …, Canetti01 ] Secure multi-party computation type definition Indistinguishability of two worlds In real-world parties execute protocol Π In ideal-world parties interact with ideal functionality F If real-world execution is indistinguishable from ideal-world then Π is secure F Π ≈

  27. Formalizing Security Goals of MetaCrypt

  28. Formalizing Security Goals of MetaCrypt F OK OK L OK OK OK OK

  29. MetaCrypt Building Blocks Structured encryption [Chase-Kamara10] New graph encryption scheme with support for 2-hop neighbor queries Combination of two graph encryptions with support for 1-hop neighbor queries Secure multi-party computation [Yao82,Goldreich-Micali-Wigderson87] N telcos, 2 NSA analysts, 2 NSA supervisors, 1 NSA party

  30. Structured Encryption [Chase-Kamara10] EncK q EncK Enc K

  31. Graph Encryption [Chase-Kamara10] EncK Token EncK EncK

  32. Secure Multi-Party Computation [Yao82,GMW87] Allows N parties to compute privately The parties learn only their prescribed output N othing about other parties’ inputs Except what they can infer from their output Computation can be any arbitrary function Π Result is guaranteed to be correct Else parties abort

  33. The MetaCrypt Protocol Store Phase K V EncK K A EncK

  34. The MetaCrypt Protocol Query Phase #1 K V 7PC K A CQ CQ NO, ⊥ OK OK, or org 𝐮 𝐁 , 𝐮 𝐖

  35. The Certification Functionality 7PC CQ K V , K A , q 1 , q 2 , (q 3 , m 3 , org 3 , (q 4 , m 4 , org 4 ), (TL, 𝜏)) CQ if 𝑟 1 ≠ 𝑟 2 abort; if Vrfy TL, σ = false abort; if (m 3 = NO ⋀ m 4 = NO) abort; if (q i ≠ q 1 ⋁org i ∉ TL) abort, where i is accepting SV; Output to Analyst t A ← Token K A q 1 and t V ← Token K V (q 1 )

  36. The MetaCrypt Protocol PK 𝐮 𝐁 , 𝐮 𝐖 Enc K V EncK Enc PK (K) Enc K A EncK Enc PK (K) Query Phase #2

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Practice of Metadata The hows and whys of metadata at USGS U.S. Department of the

The Practice of Metadata The hows and whys of metadata at USGS U.S. Department of the

The Practice of Metadata The hows and whys of metadata at USGS U.S. Department of the Interior U.S. Geological Survey Presenter Viv Hutchison USGS Core Science Systems / Core Science Analytics and Synthesis (CSAS) Program Denver,

639 views • 44 slides
m e t a d a t a how much of a difference does metadata really make to your bottom line?

m e t a d a t a how much of a difference does metadata really make to your bottom line?

it might be the giant in the room, but it doesnt ha ve t o be scary l e t s t a l k a b o u t What is metadata? What differentiates great metadata from merely good? Do you really need to worry about it? As a publisher, m

253 views • 6 slides
International Insolvency Institute NextGen Program Insolvency and restructuring in the time of

International Insolvency Institute NextGen Program Insolvency and restructuring in the time of

International Insolvency Institute NextGen Program Insolvency and restructuring in the time of Covid-19 June 4, 2020 Focus on ASIA PROGRAM Opening remarks: Annika Wolf, Executive Director of the International Insolvency Institute

434 views • 28 slides
From SDTM to displays, through ADaM & Analyses Results Metadata, a flight on board METADATA

From SDTM to displays, through ADaM & Analyses Results Metadata, a flight on board METADATA

From SDTM to displays, through ADaM & Analyses Results Metadata, a flight on board METADATA Airlines Omar SEFIANI - Stphane BOUGET, Boehringer Ingelheim DH13, PhUSE Barcelona 2016, October, 12 th Outline Background Metadata Driven

683 views • 19 slides
Plans Update Leadership Update June 2012 Rationale for Restructuring Program Simplify the

Plans Update Leadership Update June 2012 Rationale for Restructuring Program Simplify the

Voluntary Retirement Plans Update Leadership Update June 2012 Rationale for Restructuring Program Simplify the program to: - Better meet the needs of faculty and staff (only 16% currently participate) - Increase participation by making

502 views • 9 slides
Metadata In ArcGIS 10.0 Jason Cupp Whats New In ArcGIS 10.0 New Metadata Editor for

Metadata In ArcGIS 10.0 Jason Cupp Whats New In ArcGIS 10.0 New Metadata Editor for

Esri International User Conference | San Diego, CA Technical Workshops | 2011-07-12 Metadata In ArcGIS 10.0 Jason Cupp Whats New In ArcGIS 10.0 New Metadata Editor for Multiple Standards New Tools and Workflows Metadata Editor

332 views • 22 slides
UNSD metadata template / SDMX Metadata Structure Definition Elena De Jess, UNSD Standardized

UNSD metadata template / SDMX Metadata Structure Definition Elena De Jess, UNSD Standardized

UNSD metadata template / SDMX Metadata Structure Definition Elena De Jess, UNSD Standardized metadata improves usability and comparability Metadata (and data) that follow specific standardized patterns: are easier for users to interpret

991 views • 19 slides
State Revenue Restructuring Act HB 115 30 th Legislature State Revenue Restructuring Act House

State Revenue Restructuring Act HB 115 30 th Legislature State Revenue Restructuring Act House

State Revenue Restructuring Act HB 115 30 th Legislature State Revenue Restructuring Act House Finance Committee February 13, 2017 1 Addressing the budget deficit through a diversified approach will provide a smoother economic transition

525 views • 19 slides
Float metadata on DAC GDAC CATHERINE SCHMECHTIG Tentative Conclusions (from M. Donnelly)

Float metadata on DAC GDAC CATHERINE SCHMECHTIG Tentative Conclusions (from M. Donnelly)

An extension of the Argo program to include biogeochemical observations Float metadata on DAC GDAC CATHERINE SCHMECHTIG Tentative Conclusions (from M. Donnelly) Inconsistency in encoding BGC metadata in the Argo data system Effects a

485 views • 16 slides
Restructuring A Tutorial Program Florida State University Athletic Academic Support Services

Restructuring A Tutorial Program Florida State University Athletic Academic Support Services

Restructuring A Tutorial Program Florida State University Athletic Academic Support Services Rachel Fineberg Assistant Director of Educational Services Jen Kentera Tutorial Coordinator Background The FSU Tutorial Program underwent

540 views • 29 slides
DUNE Data Model Meeting: Metadata Metadata Needs And Considerations Steven Timm The following

DUNE Data Model Meeting: Metadata Metadata Needs And Considerations Steven Timm The following

DUNE Data Model Meeting: Metadata Metadata Needs And Considerations Steven Timm The following are design concerns for whatever new metadata system is written or adopted. They are written from the point of view of data management operations and

166 views • 4 slides
WEIRD MACHINES IN PROGRAM METADATA: ATTACKS AND DEFENSES NOVEMBER 2013 REBECCA . bx

WEIRD MACHINES IN PROGRAM METADATA: ATTACKS AND DEFENSES NOVEMBER 2013 REBECCA . bx

ANNUAL INDUSTRY WORKSHOP NOVEMBER 6-7, 2013 WEIRD MACHINES IN PROGRAM METADATA: ATTACKS AND DEFENSES NOVEMBER 2013 REBECCA . bx SHAPIRO DARTMOUTH COLLEGE TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.ORG 1 UNIVERSITY

566 views • 13 slides
Expanding Metadata Reuse with an Islandora Metadata Extraction Utility Serhiy Polyakov and

Expanding Metadata Reuse with an Islandora Metadata Extraction Utility Serhiy Polyakov and

Expanding Metadata Reuse with an Islandora Metadata Extraction Utility Serhiy Polyakov and William E. Moen University of North Texas International conference Open Repositories 2013 Charlottetown, Prince Edward Island, Canada Paper presented at

474 views • 25 slides
Debt Restructuring and NPL Resolution The private banks restructuring initiative Workshop

Debt Restructuring and NPL Resolution The private banks restructuring initiative Workshop

Debt Restructuring and NPL Resolution The private banks restructuring initiative Workshop convened under the Vienna Initiative 2.0 Vienna, 23 September 2014 Perspectives from Erste Group in Croatia Macroeconomic Framework Croatia 2010 2011

418 views • 17 slides
WARD RESTRUCTURING Township of Leeds and the Thousand Islands BACKGROUND At Councils

WARD RESTRUCTURING Township of Leeds and the Thousand Islands BACKGROUND At Councils

WARD RESTRUCTURING Township of Leeds and the Thousand Islands BACKGROUND At Councils request, the Clerks Department brought a Ward Restructuring report in November 2015. The report outlined 5 ward restructuring options and the

325 views • 14 slides
Concurrent clinical condition - on presentation Important note: This is an archived metadata

Concurrent clinical condition - on presentation Important note: This is an archived metadata

Concurrent clinical condition - on presentation Important note: This is an archived metadata standard from the AIHW Knowledgebase. For current metadata standards and related information please access METeOR, the AIHW's Metadata Online Registry

180 views • 3 slides
Advanced Tools from Modern Cryptography Lecture 13 MPC: Honest-Majority + Active Corruption

Advanced Tools from Modern Cryptography Lecture 13 MPC: Honest-Majority + Active Corruption

Advanced Tools from Modern Cryptography Lecture 13 MPC: Honest-Majority + Active Corruption UC-Secure Information-Theoretic MPC MPC protocols for general functions With no honest-majority (e.g., GMW paradigm) Information-theoretic

144 views • 13 slides
Mesos A Platform for Fine-Grained Resource Sharing in the

Mesos A Platform for Fine-Grained Resource Sharing in the

Mesos A Platform for Fine-Grained Resource Sharing in the Data Center Benjamin Hindman, Andy Konwinski, Matei Zaharia , Ali Ghodsi, Anthony Joseph,

438 views • 32 slides
Haskell Concurrency and STM Liam OConnor CSE, UNSW (and data61) Term 3 2019 1 Readers and

Haskell Concurrency and STM Liam OConnor CSE, UNSW (and data61) Term 3 2019 1 Readers and

Readers and Writers Haskell Issues with Locks Software Transactional Memory Wrap-up Bonus: Semantics for IO Haskell Concurrency and STM Liam OConnor CSE, UNSW (and data61) Term 3 2019 1 Readers and Writers Haskell Issues with Locks

876 views • 49 slides
GASPI Tutorial Christian Simmendinger Mirko Rahn Daniel Grnewald Goals Get an overview

GASPI Tutorial Christian Simmendinger Mirko Rahn Daniel Grnewald Goals Get an overview

GASPI Tutorial Christian Simmendinger Mirko Rahn Daniel Grnewald Goals Get an overview over GASPI Learn how to Compile a GASPI program Execute a GASPI program Get used to the GASPI programming model one-sided

1.1k views • 93 slides
FAST ALGORITHMS FOR THE COMPUTATION OF FOURIER EXTENSIONS OF ARBITRARY LENGTH ROEL MATTHYSEN,

FAST ALGORITHMS FOR THE COMPUTATION OF FOURIER EXTENSIONS OF ARBITRARY LENGTH ROEL MATTHYSEN,

FAST ALGORITHMS FOR THE COMPUTATION OF FOURIER EXTENSIONS OF ARBITRARY LENGTH ROEL MATTHYSEN, DAAN HUYBRECHS Abstract. Fourier series of smooth, non-periodic functions on [ 1 , 1] are known to exhibit the Gibbs phenomenon, and exhibit

570 views • 21 slides
OpenMP Language Features ! The parallel construct ! ! Work-sharing ! ! Data-sharing !

OpenMP Language Features ! The parallel construct ! ! Work-sharing ! ! Data-sharing !

Agenda ! OpenMP Language Features ! The parallel construct ! ! Work-sharing ! ! Data-sharing ! ! Synchronization ! ! Interaction with the execution environment ! ! More OpenMP clauses ! ! Advanced OpenMP constructs

414 views • 19 slides
Programming 1 Lecture 1 COP 3014 Fall 2018 August 28, 2018 Programming I - Course Information

Programming 1 Lecture 1 COP 3014 Fall 2018 August 28, 2018 Programming I - Course Information

Programming 1 Lecture 1 COP 3014 Fall 2018 August 28, 2018 Programming I - Course Information Instructor: Sharanya Jayaraman PhD Candidate in Computer Science Research Interests: High Performance Computing, Numerical Methods,

741 views • 31 slides
SUICIDAL BEHAVIORS IN CLINICAL HIGH-RISK POPULATIONS Shirley Yen, Ph.D. Associate Professor

SUICIDAL BEHAVIORS IN CLINICAL HIGH-RISK POPULATIONS Shirley Yen, Ph.D. Associate Professor

SUICIDAL BEHAVIORS IN CLINICAL HIGH-RISK POPULATIONS Shirley Yen, Ph.D. Associate Professor Department of Psychiatry Beth Israel Deaconess Medical Center, Harvard Medical School OBJECTIVES Review evidence for increased risk of suicidal

695 views • 43 slides

More recommend