Forgot your password?
typodupeerror
Privacy

Keeping Data Secret, Even From Apps That Use It 59

Posted by samzenpus
from the no-information dept.
Nerval's Lobster writes "Datacenters wanting to emulate Google by encrypting their data beyond the ability of the NSA to crack it may get some help from a new encryption technique that allows data to be stored, transported and even used by applications without giving away any secrets. In a paper to be presented at a major European security conference this week, researchers from Denmark and the U.K. collaborated on a practical way to implement a long-discussed encryption concept called Multi-Party Computation (MPC). The idea behind MPC is to allow two parties who have to collaborate on an analysis or computation to do so without revealing their own data to the other party. Though the concept was introduced in 1982, ways to accomplish it with more than two parties, or with standardized protocols and procedures, has not become practical in commercial environments. The Danish/British team revamped an MPC protocol nicknamed SPDZ (pronounced 'speeds'), which uses secret, securely generated keys to distribute a second set of keys that can be used for MPC encryptions. The big breakthrough, according to Smart, was to streamline SPDZ by reducing the number of times global MAC keys had to be calculated in order to create pairs of public and private keys for other uses. By cutting down on repetitive tasks, the whole process becomes much faster; because the new technique keeps global MAC keys secret, it should also make the faster process more secure."
This discussion has been archived. No new comments can be posted.

Keeping Data Secret, Even From Apps That Use It

Comments Filter:
  • by pjt33 (739471) on Monday September 09, 2013 @06:02PM (#44803169)

    The summary claims that

    Though the concept was introduced in 1982, ways to accomplish it with more than two parties, or with standardized protocols and procedures, has not become practical in commercial environments.

    (I presume it's quoting the article, but samzenpus has managed to make the link self-referential).

    That just isn't true. I've read a very interesting paper about "massively multiplayer" commercial use of MPC [iacr.org] back in 2008. It involved Danish researchers, so it may be the same team, and there may be improvements, but it would be good to limit the claims to the actual novelties.

    • FTFS:

      "Datacenters wanting to emulate Google by encrypting their data beyond the ability of the NSA to crack it..."

      bahahahahaha! why would anybody think that goog is trying to "protect" the data of its users/product?

      • Re:goog lol (Score:4, Insightful)

        by geekoid (135745) <dadinportlandNO@SPAMyahoo.com> on Monday September 09, 2013 @06:19PM (#44803297) Homepage Journal

        Due to there history of trying to protect their users data?

        It's in their best interests not to allow outside parties get at the data?

        • by noh8rz10 (2716597)

          have you even heard of snowden? have you been in a cave the last three months? or are you such a fanboi that your head is in the sand still?

          • by Anonymous Coward

            What does Snowden have to do with it? Had the government done a competent job of restricting him to just data that he was supposed to have, most of this mess wouldn't have happened. It didn't even get down to the point of encryption. He was permitted access to a computer with an accessible USB port as well as the ability to access tons of information that he shouldn't have had. Even without the eventual breach, it was a ridiculous set up from the get go.

            • What does Snowden have to do with it? Had the government done a competent job of restricting him to just data that he was supposed to have,

              Yeah, because he famously googled his information.

              • doh, quoted wrong post, was supposed to be that one "have you even heard of snowden? have you been in a cave the last three months? or are you such a fanboi that your head is in the sand still?"
        • by tlhIngan (30335)

          Due to there history of trying to protect their users data?

          It's in their best interests not to allow outside parties get at the data?

          Only to the point where $$$ is concerned. You forget 99% of Google's income comes from selling ads. Ads that come with piles of analytics (courtesy of "Free" Google Analytics). And Google owns the vast majority of ad networks out there, including the ever-popular DoubleClick (purveyor of famous Pop Ups and Pop Under ads).

          I'm fairly certain the NSA could get access at data far

    • by rudy_wayne (414635) on Monday September 09, 2013 @06:37PM (#44803383)

      Datacenters wanting to emulate Google by encrypting their data beyond the ability of the NSA to crack it

      2 years ago, a court ruled that much of the NSA's activities were illegal and unconstitutional. However, because this was a secret ruling, by a secret court, nobody knew about it until just recently and so the NSA was free to go about their business. And they continue to engage in their illegal and unconstituional activities because there is no one in power who is remotely interested in stopping them.

      The point is, if you are thinking about encryption or other ways to "hide" from the NSA, you are trying to solve the wrong problem.

      If the NSA can't break your encryption or figure out how to get at your data, then they will simply issue a secret order (that you are not allowed to tell anyone about) demanding that you decrypt or turn over your data under the threat of going to prison. A threat which is enforced by a secret court whose rulings are secret and cannot be discussed with anyone.

      Until this situation changes, encryption or other schemes are meaningless.

      • Citations? I don't disbelieve you, I just don't want to hunt down information that's less than correct.
      • You almost suggest preemptive surrender. Cryptography should continue to develop, regardless of how government bodies are perverted. We're now playing catch up on one side. The other side should not suffer from defeatism.
      • The NSA may be a big problem, but it's hardly the only threat to people looking at data they have nothing to do with. How many admins have access to large troves of user data they have nothing to do with, that would make good money if sold to certain parties? How many databases hold data that can't be effectively shielded with more than a single layer from people that should only have access to parts of it? Stop fretting about the NSA in this context, they are only one of many threats this problem tries to
      • by Trogre (513942)

        Which court? As far as I know, only the Chief Justice of the Supreme Court (TM) can declare something unconstitutional.

    • Check out the Sharemind, three-party secure computation system, it has even a SDK available: http://sharemind.cyber.ee/download-sdk [cyber.ee] .
  • by mcgrew (92797) * on Monday September 09, 2013 @06:04PM (#44803187) Homepage Journal

    I just upgraded to a smart phone and hated how every app I wanted to download wanted everything. Why should Pac Man need my contacts list and GPS information? So when I saw the submission I though ALL RIGHT!!!

    Sadly, this is interesting but solves a completely different problem, so I guess I'll be appless for a while (except the KSHE app, everything it needed had to do with its workings).

    TFA doesn't say if this could be used for private messages between individuals. But we need to have every damned thing encrypted, the NSA is only one entity that knows everything about your online life. I think it's damned creepy either way and would like to see it outlawed. Fat chance, though, since the corporate spies own the government.

    • Re:Well, darn. (Score:4, Informative)

      by DavidClarkeHR (2769805) <(david.clarke) (at) (hrgeneralist.ca)> on Monday September 09, 2013 @06:10PM (#44803245)

      I just upgraded to a smart phone and hated how every app I wanted to download wanted everything. Why should Pac Man need my contacts list and GPS information? So when I saw the submission I though ALL RIGHT!!!

      The solution you are looking for is SElinux, and it is already enabled in the latest cyanogenmod nightlies.

      • by mcgrew (92797) *

        The solution you are looking for is SElinux, and it is already enabled in the latest cyanogenmod nightlies.

        I'd love to do that but my carrier wouldn't go along. Hell, it's the latest Android and they disabled sideloading apps before shipping it. If I installed Linux it would be a four inch wifi tablet.

        • by nullchar (446050)

          If you cannot root your phone, you should return it and purchase a model you can install a custom ROM on.

          If you care about your privacy, with respect to smartphone apps, you'll need root (at minimum) or a custom ROM.

          At least with root, you can use DroidWall [google.com] as a firewall to disallow those contact list reading apps from sending your data to the outside world.

          If you're stuck with your [poor] choice of smartphone, perhaps App Ops [zdnet.com] can help.

          You always have a choice!

          • by Anonymous Coward

            DroidWall has been discontinued for awhile after the dev sold out to an android AV company. But it was forked since then, Android Firewall is pretty much its spiritual successor (free, no ads or tracking networks, no nonsense, and GPLv3): https://play.google.com/store/apps/details?id=com.jtschohl.androidfirewall&hl=en

          • There are large binary blobs in your phone that hold the firmware for the baseband processor and other chips. Rooting the phone will give you some form of control over the OS running the user interface, but not the rest. It is probably trivial for attackers to find a backdoor in one of the binary blobs, once they start looking for it. It may be restricted to that model phone and that version of the binary blob, but chances are, that with just a few actual backdoors, implementations for most of the smart pho
            • by nullchar (446050)

              Agreed. Root gives you minimal more control over your device, but unless you manually remove the pre-installed bloatware, you'll still worry about it.

              A custom ROM image is decent, but you're often relying on blobs for radios and other hardware layers like video. Those could be trojaned as well.

              A firewall blocking outgoing connections is nice, if you can trust iptables and the kernel. Though outside of IP (tcp/udp) information could still be sent via the carrier's radio protocols.

              The GP was complaining about

          • by mcgrew (92797) *

            It's not the phone, it's the carrier. At $40 per month for unlimited everything, changing carriers is kind of out of the question. My daughter's on AT&T with an iPhone and her bill is always over $100.

            • by nullchar (446050)

              With every carrier, you have a choice between a shitty phone and a decent phone. You should be able to maintain that plan and purchase your own phone to use on their network. It may not be subsidized (and your current device may go unused), but only you can value your privacy (original nexus4 is pretty cheap).

              • by mcgrew (92797) *

                You should be able to maintain that plan and purchase your own phone to use on their network.

                Yes, you should, and in most places you can, but it's different in the US.

                • by nullchar (446050)

                  In the US, ATT, Tmobile, Verizon, Sprint all allow you to use select handsets on their networks. Verizon is the most restrictive, with their use of CDMA instead of GPRS, but you can easily purchase other phone models than the "free" one given with your plan.

                  $40 for data + voice sounds like a good deal, so it probably isn't from any of those major four listed above.

      • I think it was in the news recently, a lot, but not for their Linux contributions...

        Though, maybe those were referenced too, along with some other contribs to MS, standards organisations, etc.

        If anything, I am sure that someone is giving close and fresh look into SElinux parts right now...

        Paul B.

      • So to hide data from the likes of the NSA, you want me to use a system developed by the NSA? Brilliant!
      • by jhol13 (1087781)

        Forget SELinux, use http://grsecurity.net/ [grsecurity.net].
        See e.g. https://lwn.net/Articles/538221/ [lwn.net]

    • by ackthpt (218170)

      I just upgraded to a smart phone and hated how every app I wanted to download wanted everything. Why should Pac Man need my contacts list and GPS information? ...

      Exactly why I haven't installed any new apps on my Galaxy S4 since buying it. I figured I'll download the SDK and build what little I need. For all you know some of the simplest free* apps may be written by NSA fronts.

      * as in beer.

      • by noh8rz10 (2716597)

        I just upgraded to a smart phone and hated how every app I wanted to download wanted everything. Why should Pac Man need my contacts list and GPS information? ...

        Exactly why I haven't installed any new apps on my Galaxy S4 since buying it. I figured I'll download the SDK and build what little I need. For all you know some of the simplest free* apps may be written by NSA fronts.

        * as in beer.

        or free as in speech, considering nsa worked to influence encryption standards and put shills into the open source development process.

      • by mcgrew (92797) *

        All the KSHE app wanted was access to the internet, sound chip, and sleep circuitry (so It wouldn't stop playing when the screen blanked out). So far, playing KSHE is the only thing the Android does that the Motorola feature phone wouldn't, although the camera is a lot better and it has way more storage. Hell, I could play pac-man on the feature phone without telling them who I knew and where I was.

        Wait - OK, this one is "waterproof". Dropping it in the toilet isn't as dangerous (that's how my Razr died ten

      • https://f-droid.org/repository/browse/?fdid=dev.ukanth.ufirewall may be something you'd like. It's an open-source frontend for iptables. Or you could just use a terminal emulator (or Android's USB Debugging and the SDK) and the command line iptables...
    • I don't believe an Android phone is ever 'appless'. There are plenty of hidden processes running that are very difficult to weed out. And since even a dumb phone is sending everything through the NSA anyway, you may as well enjoy all the toys you can. Maybe there is a network sniffer (illegal hacking tool in Germany, no doubt) you can install, and block all unwanted traffic. That's the only hope I see in this scenario.

      • Re:Well, darn. (Score:5, Interesting)

        by mcgrew (92797) * on Monday September 09, 2013 @07:00PM (#44803531) Homepage Journal

        It's not just the NSA. I'm outraged that they're spying on citizens, even though they have no reason to be interested in me. I'm outraged that advertisers insist on knowing my GPS position, who's on my contacts list, etc. It's creepy and it pisses me off. I thought stalking was illegal?

        • I thought stalking was illegal?

          Like terrorism, it depends on who the perpetrator and the target is.

          • by chihowa (366380)

            I think the most important aspect is that the right people (or the right kind of people) are making money off it. If connected people are profiting from it, anything is legal.

  • Like homomorphism (Score:4, Interesting)

    by plover (150551) on Monday September 09, 2013 @06:13PM (#44803259) Homepage Journal

    How is this different from homomorphism? The thing is that it's not intended to keep secrets. Correlations might still exist that could give basic traffic kinds of data away. Have they figured ways to prevent those secrets from leaking?

  • Eh.... (Score:5, Informative)

    by IamTheRealMike (537420) <mike@plan99.net> on Monday September 09, 2013 @06:35PM (#44803371) Homepage

    Two datacenters owned by the same company using MPC is a really dumb use case. That won't help at all. The point of Google encrypting cross-dc communications is a forcing manoeuvre - it forces intelligence agencies to go via Google Legal to get information where the request can be analyzed and pushed back on. Even in countries where the legal system is flimsy and corrupt, that's an issue that can be improved significantly just with a single act of Congress or Parliament, whereas undoing their wiretapping infrastructure will prove somewhat harder because there's no adversarial lawyer standing in the way.

    A better example might be two datacenters owned by different companies, where they don't mutually trust each other. Or, to give an actual use case, the OTR chat encryption protocol uses MPC to authenticate connections. They call it the socialist millionaires protocol. The two parties agree on a secret word (typically by one user posing a question to the other), and then a variant of MPC is used to verify that both parties selected the same word. The word itself never transits the wire and it's only used for authentication, so it's relatively strong even if the secret word is short or predictable.

    Now, for some background. The paper can be found here [iacr.org] if you want to skip the million+1 links and registration crap.

    The basic idea behind MPC is that you write your shared computation in the form of a boolean circuit, made up of logic gates as if you were making an electronic circuit. The inputs to the program are represented as if they were electronic signals (i.e. as one and zero bits on wires). Once done, there are two protocols you can follow. The original one is by a guy named Andrew Yao. Each wire in the circuit is assigned a pair of keys. The details I'll gloss over now, but basically given the circuit (program) as a template, lots of random keys are created by party A, then the entire "garbled circuit" is sent to party B who will run it. Party A also selects the keys for his input wires and sends them to party B, who doesn't know whether they represent 0 or 1, only party A knows that.

    Now party B wants to run the program with his input, but he doesn't want party A to know what his input is. So they use a separate protocol called an oblivious transfer protocol to get party A to cough up the right keys for B's input wires, without A finding out what they were. Finally, party B can run the program by progressively decrypting the wires until the output is arrived at.

    What I described above is Yao's protocol. There is also a slightly different protocol called BGV. In BGV you don't send the entire program all at once. Instead, as party B runs through the program, each time they encounter an AND gate they do an oblivious transfer with party A. XOR gates are "free" and don't require any interaction. I forgot what happens for other kinds of gates. Basically, BGV involves both parties interacting throughout the computation, however, it can result in much less network traffic being required if your OT protocol is cheap, because if your circuit is very wide and shallow then most of the garbled program never has to even get transferred at all.

    From what I can tell, most of the best results in MPC these days are coming from BGV coupled with new, highly efficient OT protocols. SPDZ appears to work on yet another design, but the basic reliance on circuit form remains.

  • I'm all for "Keeping Data Secret, Even From Apes That Use It"

    Um... wait. Never mind.

Some programming languages manage to absorb change, but withstand progress. -- Epigrams in Programming, ACM SIGPLAN Sept. 1982

Working...