Slashdot Mirror

← Back to Stories (view on slashdot.org)

Keeping Data Secret, Even From Apps That Use It

Posted by samzenpus on from the no-information dept.

Nerval's Lobster writes "Datacenters wanting to emulate Google by encrypting their data beyond the ability of the NSA to crack it may get some help from a new encryption technique that allows data to be stored, transported and even used by applications without giving away any secrets. In a paper to be presented at a major European security conference this week, researchers from Denmark and the U.K. collaborated on a practical way to implement a long-discussed encryption concept called Multi-Party Computation (MPC). The idea behind MPC is to allow two parties who have to collaborate on an analysis or computation to do so without revealing their own data to the other party. Though the concept was introduced in 1982, ways to accomplish it with more than two parties, or with standardized protocols and procedures, has not become practical in commercial environments. The Danish/British team revamped an MPC protocol nicknamed SPDZ (pronounced 'speeds'), which uses secret, securely generated keys to distribute a second set of keys that can be used for MPC encryptions. The big breakthrough, according to Smart, was to streamline SPDZ by reducing the number of times global MAC keys had to be calculated in order to create pairs of public and private keys for other uses. By cutting down on repetitive tasks, the whole process becomes much faster; because the new technique keeps global MAC keys secret, it should also make the faster process more secure."

15 of 59 comments (clear)

  1. Not the first commercial application by pjt33 · · Score: 3, Informative

    The summary claims that

    Though the concept was introduced in 1982, ways to accomplish it with more than two parties, or with standardized protocols and procedures, has not become practical in commercial environments.

    (I presume it's quoting the article, but samzenpus has managed to make the link self-referential).

    That just isn't true. I've read a very interesting paper about "massively multiplayer" commercial use of MPC back in 2008. It involved Danish researchers, so it may be the same team, and there may be improvements, but it would be good to limit the claims to the actual novelties.

    1. Re:Not the first commercial application by rudy_wayne · · Score: 4, Insightful

      Datacenters wanting to emulate Google by encrypting their data beyond the ability of the NSA to crack it

      2 years ago, a court ruled that much of the NSA's activities were illegal and unconstitutional. However, because this was a secret ruling, by a secret court, nobody knew about it until just recently and so the NSA was free to go about their business. And they continue to engage in their illegal and unconstituional activities because there is no one in power who is remotely interested in stopping them.

      The point is, if you are thinking about encryption or other ways to "hide" from the NSA, you are trying to solve the wrong problem.

      If the NSA can't break your encryption or figure out how to get at your data, then they will simply issue a secret order (that you are not allowed to tell anyone about) demanding that you decrypt or turn over your data under the threat of going to prison. A threat which is enforced by a secret court whose rulings are secret and cannot be discussed with anyone.

      Until this situation changes, encryption or other schemes are meaningless.

    2. Re: Not the first commercial application by Xest · · Score: 2

      Even if not it completely defeats his own point. If we have a cryptography breakthrough such that the NSA has to approach individual citizens with secret orders to access each and every one of their GMail accounts then this has two effects:

      1) It pisses average citizens off and makes it an election issue to the point you'll get civil disobedience as everyone starts defying their orders and talking about them.

      2) It limits the ability of NSA agents to actually spend time using any of the data anyway because they're all tied up visiting people's houses getting them to sign secret orders.

      That's why people claiming technology is irrelevant are wrong and simply don't get it, technology is still the vessel by which you can enact political movement on the issue. You wont just be able to magic up political movement by itself like some people seem to believe, you have to keep fighting and push the likes of the NSA to become so intrusive in their actions, or their operations become so prohibitively expensive that people do begin to care and you do that by making the technology less trivial and more inconvenient to defeat.

      The point isn't about inventing some magical technology that can defeat the NSA, the point is to make the NSA's blanket spying program ever more difficult and ever more cost and time prohibitive to perform by using better technology.

  2. Well, darn. by mcgrew · · Score: 2

    I just upgraded to a smart phone and hated how every app I wanted to download wanted everything. Why should Pac Man need my contacts list and GPS information? So when I saw the submission I though ALL RIGHT!!!

    Sadly, this is interesting but solves a completely different problem, so I guess I'll be appless for a while (except the KSHE app, everything it needed had to do with its workings).

    TFA doesn't say if this could be used for private messages between individuals. But we need to have every damned thing encrypted, the NSA is only one entity that knows everything about your online life. I think it's damned creepy either way and would like to see it outlawed. Fat chance, though, since the corporate spies own the government.

    --
    Free Martian Whores!
    1. Re:Well, darn. by DavidClarkeHR · · Score: 3, Informative

      I just upgraded to a smart phone and hated how every app I wanted to download wanted everything. Why should Pac Man need my contacts list and GPS information? So when I saw the submission I though ALL RIGHT!!!

      The solution you are looking for is SElinux, and it is already enabled in the latest cyanogenmod nightlies.

      --
      - Nec Impar Pluribus, or so I'm told.
    2. Re:Well, darn. by fustakrakich · · Score: 2

      I don't believe an Android phone is ever 'appless'. There are plenty of hidden processes running that are very difficult to weed out. And since even a dumb phone is sending everything through the NSA anyway, you may as well enjoy all the toys you can. Maybe there is a network sniffer (illegal hacking tool in Germany, no doubt) you can install, and block all unwanted traffic. That's the only hope I see in this scenario.

      --
      “He’s not deformed, he’s just drunk!”
    3. Re:Well, darn. by nullchar · · Score: 2

      If you cannot root your phone, you should return it and purchase a model you can install a custom ROM on.

      If you care about your privacy, with respect to smartphone apps, you'll need root (at minimum) or a custom ROM.

      At least with root, you can use DroidWall as a firewall to disallow those contact list reading apps from sending your data to the outside world.

      If you're stuck with your [poor] choice of smartphone, perhaps App Ops can help.

      You always have a choice!

    4. Re:Well, darn. by mcgrew · · Score: 4, Interesting

      It's not just the NSA. I'm outraged that they're spying on citizens, even though they have no reason to be interested in me. I'm outraged that advertisers insist on knowing my GPS position, who's on my contacts list, etc. It's creepy and it pisses me off. I thought stalking was illegal?

      --
      Free Martian Whores!
    5. Re:Well, darn. by TheRealMindChild · · Score: 2

      So to hide data from the likes of the NSA, you want me to use a system developed by the NSA? Brilliant!

      --

      "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
  3. Like homomorphism by plover · · Score: 3, Interesting

    How is this different from homomorphism? The thing is that it's not intended to keep secrets. Correlations might still exist that could give basic traffic kinds of data away. Have they figured ways to prevent those secrets from leaking?

    --
    John
  4. Re:goog lol by geekoid · · Score: 3, Insightful

    Due to there history of trying to protect their users data?

    It's in their best interests not to allow outside parties get at the data?

    --
    The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
  5. Eh.... by IamTheRealMike · · Score: 5, Informative

    Two datacenters owned by the same company using MPC is a really dumb use case. That won't help at all. The point of Google encrypting cross-dc communications is a forcing manoeuvre - it forces intelligence agencies to go via Google Legal to get information where the request can be analyzed and pushed back on. Even in countries where the legal system is flimsy and corrupt, that's an issue that can be improved significantly just with a single act of Congress or Parliament, whereas undoing their wiretapping infrastructure will prove somewhat harder because there's no adversarial lawyer standing in the way.

    A better example might be two datacenters owned by different companies, where they don't mutually trust each other. Or, to give an actual use case, the OTR chat encryption protocol uses MPC to authenticate connections. They call it the socialist millionaires protocol. The two parties agree on a secret word (typically by one user posing a question to the other), and then a variant of MPC is used to verify that both parties selected the same word. The word itself never transits the wire and it's only used for authentication, so it's relatively strong even if the secret word is short or predictable.

    Now, for some background. The paper can be found here if you want to skip the million+1 links and registration crap.

    The basic idea behind MPC is that you write your shared computation in the form of a boolean circuit, made up of logic gates as if you were making an electronic circuit. The inputs to the program are represented as if they were electronic signals (i.e. as one and zero bits on wires). Once done, there are two protocols you can follow. The original one is by a guy named Andrew Yao. Each wire in the circuit is assigned a pair of keys. The details I'll gloss over now, but basically given the circuit (program) as a template, lots of random keys are created by party A, then the entire "garbled circuit" is sent to party B who will run it. Party A also selects the keys for his input wires and sends them to party B, who doesn't know whether they represent 0 or 1, only party A knows that.

    Now party B wants to run the program with his input, but he doesn't want party A to know what his input is. So they use a separate protocol called an oblivious transfer protocol to get party A to cough up the right keys for B's input wires, without A finding out what they were. Finally, party B can run the program by progressively decrypting the wires until the output is arrived at.

    What I described above is Yao's protocol. There is also a slightly different protocol called BGV. In BGV you don't send the entire program all at once. Instead, as party B runs through the program, each time they encounter an AND gate they do an oblivious transfer with party A. XOR gates are "free" and don't require any interaction. I forgot what happens for other kinds of gates. Basically, BGV involves both parties interacting throughout the computation, however, it can result in much less network traffic being required if your OT protocol is cheap, because if your circuit is very wide and shallow then most of the garbled program never has to even get transferred at all.

    From what I can tell, most of the best results in MPC these days are coming from BGV coupled with new, highly efficient OT protocols. SPDZ appears to work on yet another design, but the basic reliance on circuit form remains.

  6. And, SElinux was given to us by which org? ;-) by PaulBu · · Score: 2

    I think it was in the news recently, a lot, but not for their Linux contributions...

    Though, maybe those were referenced too, along with some other contribs to MS, standards organisations, etc.

    If anything, I am sure that someone is giving close and fresh look into SElinux parts right now...

    Paul B.

  7. Why am I not surprised ? by Taco+Cowboy · · Score: 3, Interesting

    Last I heard, the Supreme Court ruled that the NSA could collect metadata and such.

    The system is indeed stacked against us, the people.

    From the court, to the congress, to the White House, to the law enforcement, to the press - their convergence behind the tyrannical regime spelled DOOM to the very concept of the United States of America.

    I left USA more than 10 years ago due to my disgust of what had happened, and the more I see my country from afar, the more sad I'm becoming.

    What the fuck is happening to America ?

    Why the fuck my fellow Americans are allowing this to happen ?

    --
    Muchas Gracias, Señor Edward Snowden !
  8. rooting only superficially works by dutchwhizzman · · Score: 2

    There are large binary blobs in your phone that hold the firmware for the baseband processor and other chips. Rooting the phone will give you some form of control over the OS running the user interface, but not the rest. It is probably trivial for attackers to find a backdoor in one of the binary blobs, once they start looking for it. It may be restricted to that model phone and that version of the binary blob, but chances are, that with just a few actual backdoors, implementations for most of the smart phones can be made. Don't trust your phone any more rooted than non-rooted, it's still mostly unknown territory for you even if you have it rooted.

    --
    I was promised a flying car. Where is my flying car?