State-Level Secrets When Theory Meets Practice for Journalists - - PowerPoint PPT Presentation

▶

Nov 02, 2023 477 likes •774 views

State-Level Secrets When Theory Meets Practice for Journalists Working with Encrypted Documents Bailey Kacsmar and Chelsea H. Komlo Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 1 ( t , n ) -Threshold Schemes and Journalism ( 2 , 3 )

SLIDE 1

State-Level Secrets

When Theory Meets Practice for Journalists Working with Encrypted Documents Bailey Kacsmar and Chelsea H. Komlo

Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 1

SLIDE 2

(t, n)-Threshold Schemes and Journalism

(2, 3)-Threshold Scheme Example

Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 2

SLIDE 3

(t, n)-Threshold Schemes and Journalism

(2, 3)-Threshold Scheme Example

Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 2

SLIDE 4

(t, n)-Threshold Schemes and Journalism

(2, 3)-Threshold Scheme Example

Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 2

SLIDE 5

(t, n)-Threshold Schemes and Journalism

(2, 3)-Threshold Scheme Example

Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 2

SLIDE 6

(t, n)-Threshold Schemes and Journalism

(2, 3)-Threshold Scheme Example

Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 2

SLIDE 7

Freedom of the Press Foundation and Sunder

github.com/freedomofpress/sunder

Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 3

SLIDE 8

Basic Secret Sharing as a Protocol: Generation and Distribution

(2, 3)-Threshold Scheme Example

S t, n s1 s2 s3 P1, The dealer P2 P3

Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 4

SLIDE 9

Basic Secret Sharing: Reconstruction

(2, 3)-Threshold Scheme Example

S s1 s3 P1 P3, The recovery initiator

Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 5

SLIDE 10

Expanded Secret Sharing: Generation and Distribution

(2, 3)-Threshold Scheme Example PT CT Enc(PT, S) S t, n s1 s2 s3

P1, The dealer P2 P3

Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 6

SLIDE 11

Expanded Secret Sharing: Generation and Distribution

(2, 3)-Threshold Scheme Example PT CT Enc(PT, S) S t, n s1 s2 s3

P1, The dealer P2 P3

Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 6

SLIDE 12

Expanded Secret Sharing: Reconstruction

(2, 3)-Threshold Scheme Example CT PT Dec(CT, S) S s1 s3

P1 P3, The recovery initiator

Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 7

SLIDE 13

Expanded Secret Sharing: Reconstruction

(2, 3)-Threshold Scheme Example CT PT Dec(CT, S) S s1 s3

P1 P3

Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 7

SLIDE 14

Ceremonies and Security

Layers of Security Analysis

C. Ellison, Ceremony Design and Analysis, 2007.

Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 8

SLIDE 15

Protocol and Ceremony Security

S t, n s1 s2 s3 S s1 s3 S t, n s1 s2 s3 PT CT Enc(PT, S) S s1 s3 CT PT Dec(CT, S) Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 9

SLIDE 16

Gaps and Improvements: Base

Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 10

SLIDE 17

Share Loss: Gaps

Protocol

S t, n s1 s2 s3 Loss of n − t − 1 shares renders the secret unrecoverable. Attackers can destroy or perform a denial

f service attack

against shares.

Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 11

SLIDE 18

Share Loss: Improvements

Protocol: (2,3)-Threshold Scheme Example

s1 s3 Repair Alg. s2 P1 P3 P2 s2

Help me!

Laing, Stinson, A Survey and Refinement of Repairable Threshold Schemes, 2018.

Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 12

SLIDE 19

Organizational Turnover: Gaps

Protocol

Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 13

SLIDE 20

Organizational Turnover: Gaps

Protocol

Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 13

SLIDE 21

Organizational Turnover: Improvements

Protocol

s1 s2 s3 s1 s2 u1 u2 s3 P1

Generating u1 and u2

P2 Former P3 u1

Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 14

SLIDE 22

Gaps and Improvements: Extended

Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 15

SLIDE 23

Integrity for Ciphertext: Gaps and Improvements

Ceremony

S t, n s1 s2 s3 PT CT Enc(PT, S) ict ict ict ict

Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 16

SLIDE 24

Redundancy for Ciphertext: Gaps

Ceremony

PT CT Enc(PT, S) S t, n s1 s2 s3

Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 17

SLIDE 25

Redundancy for Ciphertext: Improvements

Ceremony

PT CT Enc(PT, S) S t, n s1 s2 s3

CT CT

Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 18

SLIDE 26

Ongoing and Future Work

Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 19

SLIDE 27

Current Work

s1 s2 s3 s1 s2 u1 u2 s3

Complete Ceremony Analysis Updating Shares Functionality

Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 20

SLIDE 28

Future Work

Adding implementations of repairing algorithms for lost shares Designing schemes to limit dealer trust

Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 21

SLIDE 29

Takeaways

Secret sharing schemes are not suitable for real-world use as-is Actionable improvements for gaps found in integrity, confidentiality, authenticity, and availability Ceremony analysis identifies gaps between user responsibility and security expectations Thank You!

Watch for our paper at crysp.uwaterloo.ca

Bailey Kacsmar and Chelsea H. Komlo State-Level Secrets 22