Keeping Data Secret, Even From Apps That Use It 59
Nerval's Lobster writes "Datacenters wanting to emulate Google by encrypting their data beyond the ability of the NSA to crack it may get some help from a new encryption technique that allows data to be stored, transported and even used by applications without giving away any secrets. In a paper to be presented at a major European security conference this week, researchers from Denmark and the U.K. collaborated on a practical way to implement a long-discussed encryption concept called Multi-Party Computation (MPC). The idea behind MPC is to allow two parties who have to collaborate on an analysis or computation to do so without revealing their own data to the other party. Though the concept was introduced in 1982, ways to accomplish it with more than two parties, or with standardized protocols and procedures, has not become practical in commercial environments. The Danish/British team revamped an MPC protocol nicknamed SPDZ (pronounced 'speeds'), which uses secret, securely generated keys to distribute a second set of keys that can be used for MPC encryptions. The big breakthrough, according to Smart, was to streamline SPDZ by reducing the number of times global MAC keys had to be calculated in order to create pairs of public and private keys for other uses. By cutting down on repetitive tasks, the whole process becomes much faster; because the new technique keeps global MAC keys secret, it should also make the faster process more secure."
Not the first commercial application (Score:4, Informative)
The summary claims that
Though the concept was introduced in 1982, ways to accomplish it with more than two parties, or with standardized protocols and procedures, has not become practical in commercial environments.
(I presume it's quoting the article, but samzenpus has managed to make the link self-referential).
That just isn't true. I've read a very interesting paper about "massively multiplayer" commercial use of MPC [iacr.org] back in 2008. It involved Danish researchers, so it may be the same team, and there may be improvements, but it would be good to limit the claims to the actual novelties.
goog lol (Score:1)
FTFS:
"Datacenters wanting to emulate Google by encrypting their data beyond the ability of the NSA to crack it..."
bahahahahaha! why would anybody think that goog is trying to "protect" the data of its users/product?
Re:goog lol (Score:4, Insightful)
Due to there history of trying to protect their users data?
It's in their best interests not to allow outside parties get at the data?
Re: (Score:1)
have you even heard of snowden? have you been in a cave the last three months? or are you such a fanboi that your head is in the sand still?
Re: (Score:1)
What does Snowden have to do with it? Had the government done a competent job of restricting him to just data that he was supposed to have, most of this mess wouldn't have happened. It didn't even get down to the point of encryption. He was permitted access to a computer with an accessible USB port as well as the ability to access tons of information that he shouldn't have had. Even without the eventual breach, it was a ridiculous set up from the get go.
Re: (Score:1)
What does Snowden have to do with it? Had the government done a competent job of restricting him to just data that he was supposed to have,
Yeah, because he famously googled his information.
Re: (Score:1)
Re: (Score:2)
Only to the point where $$$ is concerned. You forget 99% of Google's income comes from selling ads. Ads that come with piles of analytics (courtesy of "Free" Google Analytics). And Google owns the vast majority of ad networks out there, including the ever-popular DoubleClick (purveyor of famous Pop Ups and Pop Under ads).
I'm fairly certain the NSA could get access at data far
Re:Not the first commercial application (Score:5, Insightful)
Datacenters wanting to emulate Google by encrypting their data beyond the ability of the NSA to crack it
2 years ago, a court ruled that much of the NSA's activities were illegal and unconstitutional. However, because this was a secret ruling, by a secret court, nobody knew about it until just recently and so the NSA was free to go about their business. And they continue to engage in their illegal and unconstituional activities because there is no one in power who is remotely interested in stopping them.
The point is, if you are thinking about encryption or other ways to "hide" from the NSA, you are trying to solve the wrong problem.
If the NSA can't break your encryption or figure out how to get at your data, then they will simply issue a secret order (that you are not allowed to tell anyone about) demanding that you decrypt or turn over your data under the threat of going to prison. A threat which is enforced by a secret court whose rulings are secret and cannot be discussed with anyone.
Until this situation changes, encryption or other schemes are meaningless.
Re: Not the first commercial application (Score:1)
Why am I not surprised ? (Score:3, Interesting)
Last I heard, the Supreme Court ruled that the NSA could collect metadata and such.
The system is indeed stacked against us, the people.
From the court, to the congress, to the White House, to the law enforcement, to the press - their convergence behind the tyrannical regime spelled DOOM to the very concept of the United States of America.
I left USA more than 10 years ago due to my disgust of what had happened, and the more I see my country from afar, the more sad I'm becoming.
What the fuck is happening to America ?
Why the fuck my fellow Americans are allowing this to happen ?
Re: (Score:2)
"Why the fuck my fellow Americans are allowing this to happen ?"
What exactly should Americans be doing start a civil war? The surveillance programs are already out in the open for all to see and criticize. At this very moment there are people publically investigating the legality these programs and working towards modifying or totally shutting these intelligence gathering programs down.
Re: Not the first commercial application (Score:1)
Re: (Score:3)
Even if not it completely defeats his own point. If we have a cryptography breakthrough such that the NSA has to approach individual citizens with secret orders to access each and every one of their GMail accounts then this has two effects:
1) It pisses average citizens off and makes it an election issue to the point you'll get civil disobedience as everyone starts defying their orders and talking about them.
2) It limits the ability of NSA agents to actually spend time using any of the data anyway because th
Re: Not the first commercial application (Score:2)
Why focus on the NSA? (Score:2)
Re: (Score:2)
Which court? As far as I know, only the Chief Justice of the Supreme Court (TM) can declare something unconstitutional.
Sharemind (Score:1)
Well, darn. (Score:3)
I just upgraded to a smart phone and hated how every app I wanted to download wanted everything. Why should Pac Man need my contacts list and GPS information? So when I saw the submission I though ALL RIGHT!!!
Sadly, this is interesting but solves a completely different problem, so I guess I'll be appless for a while (except the KSHE app, everything it needed had to do with its workings).
TFA doesn't say if this could be used for private messages between individuals. But we need to have every damned thing encrypted, the NSA is only one entity that knows everything about your online life. I think it's damned creepy either way and would like to see it outlawed. Fat chance, though, since the corporate spies own the government.
Re:Well, darn. (Score:4, Informative)
I just upgraded to a smart phone and hated how every app I wanted to download wanted everything. Why should Pac Man need my contacts list and GPS information? So when I saw the submission I though ALL RIGHT!!!
The solution you are looking for is SElinux, and it is already enabled in the latest cyanogenmod nightlies.
Re: (Score:2)
The solution you are looking for is SElinux, and it is already enabled in the latest cyanogenmod nightlies.
I'd love to do that but my carrier wouldn't go along. Hell, it's the latest Android and they disabled sideloading apps before shipping it. If I installed Linux it would be a four inch wifi tablet.
Re: (Score:3)
If you cannot root your phone, you should return it and purchase a model you can install a custom ROM on.
If you care about your privacy, with respect to smartphone apps, you'll need root (at minimum) or a custom ROM.
At least with root, you can use DroidWall [google.com] as a firewall to disallow those contact list reading apps from sending your data to the outside world.
If you're stuck with your [poor] choice of smartphone, perhaps App Ops [zdnet.com] can help.
You always have a choice!
Re: (Score:1)
DroidWall has been discontinued for awhile after the dev sold out to an android AV company. But it was forked since then, Android Firewall is pretty much its spiritual successor (free, no ads or tracking networks, no nonsense, and GPLv3): https://play.google.com/store/apps/details?id=com.jtschohl.androidfirewall&hl=en
rooting only superficially works (Score:3)
Re: (Score:2)
Agreed. Root gives you minimal more control over your device, but unless you manually remove the pre-installed bloatware, you'll still worry about it.
A custom ROM image is decent, but you're often relying on blobs for radios and other hardware layers like video. Those could be trojaned as well.
A firewall blocking outgoing connections is nice, if you can trust iptables and the kernel. Though outside of IP (tcp/udp) information could still be sent via the carrier's radio protocols.
The GP was complaining about
Re: (Score:2)
It's not the phone, it's the carrier. At $40 per month for unlimited everything, changing carriers is kind of out of the question. My daughter's on AT&T with an iPhone and her bill is always over $100.
Re: (Score:2)
With every carrier, you have a choice between a shitty phone and a decent phone. You should be able to maintain that plan and purchase your own phone to use on their network. It may not be subsidized (and your current device may go unused), but only you can value your privacy (original nexus4 is pretty cheap).
Re: (Score:2)
You should be able to maintain that plan and purchase your own phone to use on their network.
Yes, you should, and in most places you can, but it's different in the US.
Re: (Score:2)
In the US, ATT, Tmobile, Verizon, Sprint all allow you to use select handsets on their networks. Verizon is the most restrictive, with their use of CDMA instead of GPRS, but you can easily purchase other phone models than the "free" one given with your plan.
$40 for data + voice sounds like a good deal, so it probably isn't from any of those major four listed above.
And, SElinux was given to us by which org? ;-) (Score:3)
I think it was in the news recently, a lot, but not for their Linux contributions...
Though, maybe those were referenced too, along with some other contribs to MS, standards organisations, etc.
If anything, I am sure that someone is giving close and fresh look into SElinux parts right now...
Paul B.
Re: (Score:3)
Re: (Score:2)
Forget SELinux, use http://grsecurity.net/ [grsecurity.net].
See e.g. https://lwn.net/Articles/538221/ [lwn.net]
Re: (Score:2)
I just upgraded to a smart phone and hated how every app I wanted to download wanted everything. Why should Pac Man need my contacts list and GPS information? ...
Exactly why I haven't installed any new apps on my Galaxy S4 since buying it. I figured I'll download the SDK and build what little I need. For all you know some of the simplest free* apps may be written by NSA fronts.
* as in beer.
Re: (Score:2)
I just upgraded to a smart phone and hated how every app I wanted to download wanted everything. Why should Pac Man need my contacts list and GPS information? ...
Exactly why I haven't installed any new apps on my Galaxy S4 since buying it. I figured I'll download the SDK and build what little I need. For all you know some of the simplest free* apps may be written by NSA fronts.
* as in beer.
or free as in speech, considering nsa worked to influence encryption standards and put shills into the open source development process.
Re: (Score:2)
All the KSHE app wanted was access to the internet, sound chip, and sleep circuitry (so It wouldn't stop playing when the screen blanked out). So far, playing KSHE is the only thing the Android does that the Motorola feature phone wouldn't, although the camera is a lot better and it has way more storage. Hell, I could play pac-man on the feature phone without telling them who I knew and where I was.
Wait - OK, this one is "waterproof". Dropping it in the toilet isn't as dangerous (that's how my Razr died ten
Re: (Score:2)
Re: (Score:2)
I don't believe an Android phone is ever 'appless'. There are plenty of hidden processes running that are very difficult to weed out. And since even a dumb phone is sending everything through the NSA anyway, you may as well enjoy all the toys you can. Maybe there is a network sniffer (illegal hacking tool in Germany, no doubt) you can install, and block all unwanted traffic. That's the only hope I see in this scenario.
Re:Well, darn. (Score:5, Interesting)
It's not just the NSA. I'm outraged that they're spying on citizens, even though they have no reason to be interested in me. I'm outraged that advertisers insist on knowing my GPS position, who's on my contacts list, etc. It's creepy and it pisses me off. I thought stalking was illegal?
Re: (Score:1)
I thought stalking was illegal?
Like terrorism, it depends on who the perpetrator and the target is.
Re: (Score:2)
I think the most important aspect is that the right people (or the right kind of people) are making money off it. If connected people are profiting from it, anything is legal.
Like homomorphism (Score:4, Interesting)
How is this different from homomorphism? The thing is that it's not intended to keep secrets. Correlations might still exist that could give basic traffic kinds of data away. Have they figured ways to prevent those secrets from leaking?
Eh.... (Score:5, Informative)
Two datacenters owned by the same company using MPC is a really dumb use case. That won't help at all. The point of Google encrypting cross-dc communications is a forcing manoeuvre - it forces intelligence agencies to go via Google Legal to get information where the request can be analyzed and pushed back on. Even in countries where the legal system is flimsy and corrupt, that's an issue that can be improved significantly just with a single act of Congress or Parliament, whereas undoing their wiretapping infrastructure will prove somewhat harder because there's no adversarial lawyer standing in the way.
A better example might be two datacenters owned by different companies, where they don't mutually trust each other. Or, to give an actual use case, the OTR chat encryption protocol uses MPC to authenticate connections. They call it the socialist millionaires protocol. The two parties agree on a secret word (typically by one user posing a question to the other), and then a variant of MPC is used to verify that both parties selected the same word. The word itself never transits the wire and it's only used for authentication, so it's relatively strong even if the secret word is short or predictable.
Now, for some background. The paper can be found here [iacr.org] if you want to skip the million+1 links and registration crap.
The basic idea behind MPC is that you write your shared computation in the form of a boolean circuit, made up of logic gates as if you were making an electronic circuit. The inputs to the program are represented as if they were electronic signals (i.e. as one and zero bits on wires). Once done, there are two protocols you can follow. The original one is by a guy named Andrew Yao. Each wire in the circuit is assigned a pair of keys. The details I'll gloss over now, but basically given the circuit (program) as a template, lots of random keys are created by party A, then the entire "garbled circuit" is sent to party B who will run it. Party A also selects the keys for his input wires and sends them to party B, who doesn't know whether they represent 0 or 1, only party A knows that.
Now party B wants to run the program with his input, but he doesn't want party A to know what his input is. So they use a separate protocol called an oblivious transfer protocol to get party A to cough up the right keys for B's input wires, without A finding out what they were. Finally, party B can run the program by progressively decrypting the wires until the output is arrived at.
What I described above is Yao's protocol. There is also a slightly different protocol called BGV. In BGV you don't send the entire program all at once. Instead, as party B runs through the program, each time they encounter an AND gate they do an oblivious transfer with party A. XOR gates are "free" and don't require any interaction. I forgot what happens for other kinds of gates. Basically, BGV involves both parties interacting throughout the computation, however, it can result in much less network traffic being required if your OT protocol is cheap, because if your circuit is very wide and shallow then most of the garbled program never has to even get transferred at all.
From what I can tell, most of the best results in MPC these days are coming from BGV coupled with new, highly efficient OT protocols. SPDZ appears to work on yet another design, but the basic reliance on circuit form remains.
Re: (Score:2)
lake front property in Death Valley.
That's not as far-fetched as you think. The lake is there [google.com] it's just not usually very wet. During wet years people have floated canoes and kayaks there for a while.
It Has My Support (Score:2)
Um... wait. Never mind.