servers can t be trusted and thanks to tamper proof
play

Servers can't be trusted, and thanks to tamper-proof Servers can't - PowerPoint PPT Presentation

Nov 29, 2022 •185 likes •498 views

Servers can't be trusted, and thanks to tamper-proof Servers can't be trusted, and thanks to tamper-proof journals EteSync doesn't need to! journals EteSync doesn't need to! stosb.com/talks Tom Hacohen tom@stosb.com FOSDEM 2018 @TomHacohen

  1. Servers can't be trusted, and thanks to tamper-proof Servers can't be trusted, and thanks to tamper-proof journals EteSync doesn't need to! journals EteSync doesn't need to! stosb.com/talks Tom Hacohen tom@stosb.com FOSDEM 2018 @TomHacohen

  2. Simple Server Communication Simple Server Communication

  3. What Are We Leaking? What Are We Leaking? Data Data Metadata Metadata Emails IP address Calendars Social graph Personal notes Time of access Secret business What data is used and how information o�en When specific data is accessed

  4. Metadata Is Data! Metadata Is Data! Exploiting Social Graphs Exploiting Social Graphs

  5. Metadata Is Data! Metadata Is Data! Exploiting Access Patterns Exploiting Access Patterns

  6. Real Example: CardDAV Real Example: CardDAV

  7. Information Leaked Information Leaked Address Book Information IP address Social graph Time of access What data is used and how o�en When specific data is accessed

  8. Potential Solutions Potential Solutions Using Tor to hide origin Controlling access patterns Trusting the server: Using a trusted provider Hosting on our own server ( "self host" )

  9. Should We Trust The Server? Should We Trust The Server? It could get hacked (remote or physical access) Could get stolen (literally someone picking it up and taking it) Hosted: a rogue employee could access your data Hosted: could be compelled to provide access Self-hosted: a lot of work and hard to maintain

  10. Reducing Server Trust Reducing Server Trust End-to-end encryption Mostly offline operation (if possible) Fake access patterns?

  11. Hardened CardDAV Hardened CardDAV

  12. That's It, We Are Safe! That's It, We Are Safe! Questions? Well, actually...

  13. Our Data Can Be Manipulated! Our Data Can Be Manipulated!

  14. Bit Flipping Bit Flipping Imagine the access level is stored encrypted Original Modified Encrypted 0x4a 0x4b Decrypted 0x00 0x19

  15. Data Omission Data Omission

  16. Data Omission: Solution Data Omission: Solution Verify the state Verify the state

  17. Data Rollback Data Rollback

  18. The Solution: The Solution: Tamer-proof journals! Tamer-proof journals!

  19. What Is It? What Is It? Change Journal Change Journal

  20. What Is It? What Is It? Immutable And Tamper-Proof Immutable And Tamper-Proof UID is a HMAC of content + previous UID

  21. Protections Against Tampering Protections Against Tampering Immutable, so data can only be appended Signed, so data can't be manipulated or faked Prev UID is signed, no omission or reordering Verified on each client

  22. Previously Unsolved Attacks Previously Unsolved Attacks Which data is accessed and modified Data Omission Data Rollback

  23. Secure, end-to-end encrypted and journaled personal information cloud synchronization for Android, the desktop and the web. A real-life example.

  24. Journal Format Journal Format UID "7ecda2139a45a1674c1b991760f4ae56718b06c0d0b9ed459eea86f709c6d02b" CONTENT {"action": "CHANGE", "content": "BEGIN:VCALENDAR\r\n VERSION:2.0\r\n PRODID:-//EteSync//com.etesync.syncadapter 0.16.0//ical4androi BEGIN:VEVENT\r\n SUMMARY:Feed cats\r\n ... snip ... END:VEVENT\r\n END:VCALENDAR\r\n" } UID "513da45c2d6562c511b898f6f191631c56dfa33d789a399000e99df9b6b8e480" CONTENT {"action":"DELETE","content":"BEGIN:VCALENDAR\r\nVERSION:2.0\r\nPRODID:-//E

  25. Having A Change History Having A Change History Auditing changes Recovering lost data Finding entries based on date

  26. Signed Pages Signed Pages Devs PGP sign web pages Users add website config Extension verifies signatures Should be used in conjunction with subresource integrity Future: signature verifying service workers (collaboration with airborn.io )

  27. Finishing Notes Finishing Notes Privacy is a sacred right, don't give it up! You're the weakest link:

  28. Useful Links Useful Links My blog: https://stosb.com EteSync's website: https://www.etesync.com EteSync's sources: https://github.com/etesync Signed Pages: https://github.com/tasn/webext-signed- pages

  29. Questions? Questions? stosb.com/talks Tom Hacohen tom@stosb.com FOSDEM 2018 @TomHacohen

  30. Attribution Attribution Icon by Freepik from flaticon.com is licensed under CC 3.0 BY Icon by Smashicons from flaticon.com is licensed under CC 3.0 BY Security by Randall Munroe ( XKCD )

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution Riccardo

Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution Riccardo

Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution Riccardo Paccagnella, Pubali Datta, Wajih Ul Hassan, Adam Bates, Christopher W. Fletcher, Andrew Miller, Dave Tian Logs Are Useful 2 Custos: Practical

730 views • 58 slides
Why we need to tamper-proof our society Data manipulation poses a more systemic threat than theft

Why we need to tamper-proof our society Data manipulation poses a more systemic threat than theft

Why we need to tamper-proof our society Data manipulation poses a more systemic threat than theft or disruption Risks Command and Control Systems Military Logistics Financial systems Political institutions Mitigation Risk:

582 views • 9 slides
AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing G. Edward Suh, Dwaine

AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing G. Edward Suh, Dwaine

AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing G. Edward Suh, Dwaine Clarke, Blaise Gassend, Marten van Dijk, Srinivas Devadas Massachusetts Institute of Technology L C S Cases for Physical Security Applications

519 views • 23 slides
Digital Currencies Chris Head Digital Monetary Trust Trusted central authority

Digital Currencies Chris Head Digital Monetary Trust Trusted central authority

Digital Currencies Chris Head Digital Monetary Trust Trusted central authority Tamper-resistant cryptographic coprocessor Anonymity of account holders' identities Deposits backed by investments into securities Closed 2005

375 views • 14 slides
http://www.cl.cam.ac.uk/~mgk25/sc99-tamper[-slides].pdf Classes of Attacks on Security Modules

http://www.cl.cam.ac.uk/~mgk25/sc99-tamper[-slides].pdf Classes of Attacks on Security Modules

Design Principles for Tamper-Resistant Smartcard Processors Oliver Kmmerling Markus G. Kuhn ADSR Computer Laboratory http://www.cl.cam.ac.uk/~mgk25/sc99-tamper[-slides].pdf Classes of Attacks on Security Modules Microprobing Open the

465 views • 22 slides
Authentication Scenarios 2. Users share a password with a trusted authority (authentication

Authentication Scenarios 2. Users share a password with a trusted authority (authentication

Authentication Scenarios 2. Users share a password with a trusted authority (authentication servers) Kerberos Challenge-response Symm.Key What do we learn from previous attacks? Timestamps: are valid only in a small time window

334 views • 22 slides
Efficient Data Structures for Tamper-Evident Logging Scott A. Crosby Dan S. Wallach Rice

Efficient Data Structures for Tamper-Evident Logging Scott A. Crosby Dan S. Wallach Rice

Efficient Data Structures for Tamper-Evident Logging Scott A. Crosby Dan S. Wallach Rice University Everyone has logs Tamper evident solutions Current commercial solutions Write only hardware appliances Security depends on

1.32k views • 82 slides
2/13/2014 What is Tamper Resistance? Resistance to tampering the device by either normal

2/13/2014 What is Tamper Resistance? Resistance to tampering the device by either normal

2/13/2014 What is Tamper Resistance? Resistance to tampering the device by either normal users or systems or others with physical Physical Attacks and Tamper Resistance access to it

449 views • 11 slides
Tamper Resistance - a Cautionary Note Ross Anderson Markus Kuhn University of Cambridge

Tamper Resistance - a Cautionary Note Ross Anderson Markus Kuhn University of Cambridge

Tamper Resistance - a Cautionary Note Ross Anderson Markus Kuhn University of Cambridge University of Erlangen/ Computer Laboratory Purdue University Applications of Tamper Resistant Modules Security of cryptographic applications is based

149 views • 12 slides
Chip-Secured Data Access: Confidential Data on Untrusted Servers L. Bouganim, P. Pucheral

Chip-Secured Data Access: Confidential Data on Untrusted Servers L. Bouganim, P. Pucheral

Chip-Secured Data Access: Confidential Data on Untrusted Servers L. Bouganim, P. Pucheral University of Versailles The need for Open Trusted Data Stores PAGE 2 Virtual teams distributed among space, time and organizations

394 views • 12 slides
Bitcoin Tom Anderson Bitcoin Network of bitcoin peers (servers) run by volunteers Peers

Bitcoin Tom Anderson Bitcoin Network of bitcoin peers (servers) run by volunteers Peers

Bitcoin Tom Anderson Bitcoin Network of bitcoin peers (servers) run by volunteers Peers are not trusted: may be greedy or corrupt Each peer knows about all bitcoins and transactions Transaction (sender -> receiver): sender

958 views • 23 slides
TCP Servers: Offloading TCP Processing in Internet Servers. Design, Implementation, and

TCP Servers: Offloading TCP Processing in Internet Servers. Design, Implementation, and

TCP Servers: Offloading TCP Processing in Internet Servers. Design, Implementation, and Performance M. Rangarajan, A. Bohra, K. Banerjee, E.V. Carrera, R. Bianchini, L. Iftode, W. Zwaenepoel. Presented by: Thomas Repantis trep@cs.ucr.edu

510 views • 35 slides
3515ICT Theory of Computation Some sample proofs 4-0 Proof types 1. Proof

3515ICT Theory of Computation Some sample proofs 4-0 Proof types 1. Proof

Griffith University 3515ICT Theory of Computation Some sample proofs 4-0 Proof types 1. Proof by construction 2. Proof by equivalence 3. Proof by contradiction 4. Proof by case analysis 5. Proof by induction

549 views • 11 slides
TRUSTED MEMORY Software-Based O-Chip Memory Protection for RISC-V Trusted Execution

TRUSTED MEMORY Software-Based O-Chip Memory Protection for RISC-V Trusted Execution

TRUSTED MEMORY Software-Based O-Chip Memory Protection for RISC-V Trusted Execution Environments Gui Andrade Krste Asanovi Dayeol Lee David Kohlbrenner Dawn Song University of California, Berkeley TRUSTED MEMORY? Securing data/code

703 views • 48 slides
TAMPER EVIDENT BYPASSES BY MOS AND BOO THE PACKAGING COUNCIL OF AUSTRALIA Packaging which

TAMPER EVIDENT BYPASSES BY MOS AND BOO THE PACKAGING COUNCIL OF AUSTRALIA Packaging which

TAMPER EVIDENT BYPASSES BY MOS AND BOO THE PACKAGING COUNCIL OF AUSTRALIA Packaging which possesses a barrier to entry which, if breached or missing, will provide visible evidence to consumers that tampering had occurred MESOPOTAMIAN

516 views • 30 slides
Trusted Caregivers, On Demand An app that provides a marketplace of trusted, convenient, and

Trusted Caregivers, On Demand An app that provides a marketplace of trusted, convenient, and

Trusted Caregivers, On Demand An app that provides a marketplace of trusted, convenient, and affordable caregivers to families on demand. Why create RestUp? Americans provide $470 Billion in unpaid care in 2015. Emergency Staffing

324 views • 8 slides
Linux Kung-Fu James Droste UBNetDef Fall 2016 $ init 1 GO TO https://apps.ubnetdef.org

Linux Kung-Fu James Droste UBNetDef Fall 2016 $ init 1 GO TO https://apps.ubnetdef.org

Linux Kung-Fu James Droste UBNetDef Fall 2016 $ init 1 GO TO https://apps.ubnetdef.org GO TO https://apps.ubnetdef.org GO TO https://apps.ubnetdef.org GO TO https://apps.ubnetdef.org GO TO https://apps.ubnetdef.org GO TO

397 views • 35 slides
Satellite Based IP Content Delivery Network Taylor Jacob ReCon Brussels 2017 27 Jan 2017 Taylor

Satellite Based IP Content Delivery Network Taylor Jacob ReCon Brussels 2017 27 Jan 2017 Taylor

Satellite Based IP Content Delivery Network Taylor Jacob ReCon Brussels 2017 27 Jan 2017 Taylor Jacob (ReCon Brussels 2017) Satellite Based IP Content Delivery Network 27 Jan 2017 1 / 32 Receive Only Satellite Network Network Diagram

475 views • 32 slides
Discoverable Metadata for System Monitoring Data S. Leak, A. Greiner, A. Gentile, J. Brant

Discoverable Metadata for System Monitoring Data S. Leak, A. Greiner, A. Gentile, J. Brant

Discoverable Metadata for System Monitoring Data S. Leak, A. Greiner, A. Gentile, J. Brant Context and Premise Much log data being collected, hard to coordinate who is collecting what, where, how DOE Resilience Project: how to make log

268 views • 8 slides
Performing and interpreting discrete choice analyses in Stata Joerg Luedicke StataCorp LLC May

Performing and interpreting discrete choice analyses in Stata Joerg Luedicke StataCorp LLC May

Performing and interpreting discrete choice analyses in Stata Joerg Luedicke StataCorp LLC May 24, 2019 Munich (StataCorp LLC) May 24, 2019 Munich 1 / 32 Discrete choice analysis with alternative-specific variables . webuse transport

584 views • 32 slides
Typing the Numeric Tower Vincent St-Amour, Sam Tobin-Hochstadt, Matthew Flatt, Matthias Felleisen

Typing the Numeric Tower Vincent St-Amour, Sam Tobin-Hochstadt, Matthew Flatt, Matthias Felleisen

Typing the Numeric Tower Vincent St-Amour, Sam Tobin-Hochstadt, Matthew Flatt, Matthias Felleisen PLT PADL 2012 - January 24th, 2012 Approaches to numerics Traditional Java, C(++), Fortran, ... Type Classes Haskell, Clean, ...

1.16k views • 82 slides
DDoS: Barbarians At The Gate(way) Examination of actors, tools and defenses #whoami Dave Lewis

DDoS: Barbarians At The Gate(way) Examination of actors, tools and defenses #whoami Dave Lewis

Text DDoS: Barbarians At The Gate(way) Examination of actors, tools and defenses #whoami Dave Lewis @gattaca dave@akamai.com It left me wanting Game Plan Actors Attacks Tools Trends Data Now what? Actors: For Hire Current(ish)

1.03k views • 77 slides
#prep X Assembly 05: Wire Harness It is HIGHLY recommended to watch the video for this part. It's a

#prep X Assembly 05: Wire Harness It is HIGHLY recommended to watch the video for this part. It's a

#prep X Assembly 05: Wire Harness It is HIGHLY recommended to watch the video for this part. It's a better learning experience; the images can't easily convey how the wire slack should feel and what are the wire paths. PS: In the videos, we are

434 views • 15 slides
Requirements Project overview and update TONY BREEDS PRINCIPAL SOFTWARE ENGINEER - REDHAT What

Requirements Project overview and update TONY BREEDS PRINCIPAL SOFTWARE ENGINEER - REDHAT What

2019-05-01 Requirements Project overview and update TONY BREEDS PRINCIPAL SOFTWARE ENGINEER - REDHAT What does Requirements do? Manages OpenStack wide python requirements Coordinating and converging the libraries used by OpenStack

371 views • 12 slides

More recommend