Upgrade to Pro — share decks privately, control downloads, hide ads and more …

peergos-arch-20min-v03.pdf

Ian Preston
July 29, 2018
85

 peergos-arch-20min-v03.pdf

Ian Preston

July 29, 2018
Tweet

Transcript

  1. peergos.org ▪ Ian Preston ▪ @ianopolous  I want to

    store my files online, but without Dropbox being able to read them.  I want to selectively share my photos, but without Facebook seeing them.  I want to store my files online, but not in a company that could go bankrupt.
  2. peergos.org ▪ Ian Preston ▪ @ianopolous What do I want?

    Security  Safelogin  Strong crypto, ideallypost- quantum  Hide filemetadata  Free of SSLCas  Free ofDNS
  3. peergos.org ▪ Ian Preston ▪ @ianopolous What do I want?

    Security  Safelogin  Strong crypto, ideallypost- quantum  Hide filemetadata  Free of SSLCas  Free ofDNS Control • Selfhostable • Selectively sharefiles • Hidecontacts • Pseudonymous
  4. peergos.org ▪ Ian Preston ▪ @ianopolous What do I want?

    Security  Safelogin  Strong crypto, ideallypost- quantum  Hide filemetadata  Free of SSLCas  Free ofDNS Convenience Control • Selfhostable • Selectively sharefiles • Hidecontacts • Pseudonymous • Webinterface • Log in from anydevice • Filesyncing • Publishfiles • Resilient • As convenient as Dropbox,Facebook
  5. peergos.org ▪ Ian Preston ▪ @ianopolous Overall architecture IPFS Hash

    → data IPNS Public key → Hash PKI Server PKI root hash Peergos Server Follow requests Peergos Client
  6. peergos.org ▪ Ian Preston ▪ @ianopolous Basic structure • Global

    file system • /username/yourfiles • Tree of symmetric keys (TweetNaCl) with cryptographic links between (Cryptree) • Location + Key = cryptographic access token or capability (CAP) • Explicitly don't use convergent encryption!
  7. peergos.org ▪ Ian Preston ▪ @ianopolous Base key Directory File

    Metadata key Parent key Metadata key Sub-directory Parent key Metadata key work File contents Parent key Base key Data key Cryptree ianopolous thesis.tex 72 KiB Modified: 15:23 14/3/2016 text/plain
  8. peergos.org ▪ Ian Preston ▪ @ianopolous Chunk raw file Encrypt

    chunk Split Raw file 5 MiB 5 MiB 5 MiB 5 MiB 40 * 128 KiB
  9. peergos.org ▪ Ian Preston ▪ @ianopolous Chunk raw file Encrypt

    chunk Split Upload Raw file 5 MiB 5 MiB 5 MiB 5 MiB 40 * 128 KiB IPFS Encrypted metadata + fragment hashes
  10. peergos.org ▪ Ian Preston ▪ @ianopolous File system CHAMP Cryptree

    node File fragment CHAMP node File fragment File fragment CHAMP node CHAMP node
  11. peergos.org ▪ Ian Preston ▪ @ianopolous How does sharing work?

    • Users have a public boxing key • To send a follow request: create a directory /myname/sharing/friendname • Send a read CAP to this directory encrypted to friend's public key • Shared files are currently vulnerable to a quantum computer • Will move to post-quantum sharing as soon as a clear candidate arrives
  12. peergos.org ▪ Ian Preston ▪ @ianopolous Decentralized login? Scrypt hash

    Password Username Signing keypair ~1 second Only ever stored in RAM, never written to disk or transmitted Root key Boxing keypair
  13. peergos.org ▪ Ian Preston ▪ @ianopolous Public links? Read (or

    write) CAP encoded in a URL: demo.peergos.net/#Public_writing_Key/Subspace_label/Decryption_Key Material after # is not sent to the server → file still isn't exposed to the network Can share an individual file or a folder.
  14. peergos.org ▪ Ian Preston ▪ @ianopolous Can a login be

    cracked? • Brute force is practically impossible with a good password • Random 14 character alpha-numeric password has ~ 2^84 ~ 10^25 possibilities • A GPU can calculate ~ 1M scrypt hashes/s (measured by litecoin users) • One GPU cracking a single user’s login would take 10^19 seconds or ~ 300 billion years • 300 million GPUs would take 1000 years • GPU purchase cost = 300 billion USD
  15. peergos.org ▪ Ian Preston ▪ @ianopolous  All encryption is

    symmetric encryption using TweetNaCl, or hashing through scrypt  Both have no known quantum attacks
  16. peergos.org ▪ Ian Preston ▪ @ianopolous Threat model A (casual

    user): • Trusts our public server • Trust the SSL certificate hierarchy Depends on your threat model...
  17. peergos.org ▪ Ian Preston ▪ @ianopolous Threat model B (paranoid

    user): • Doesn't trust our public server • Doesn't trust the SSL chain Run Peergos on own machine AIR GAP Faraday Cage Binary, compiled with 3 different compilers, from signed source
  18. peergos.org ▪ Ian Preston ▪ @ianopolous Build security • Reproducible

    builds, both server and front end • Do not use npm! Only 8 JS dependencies, all vendored • Have our own deterministic replacement for webpack, and minifiers • Self host all assets • Most of the client code is written in a type-safe language (Java) and cross-compiled to JS
  19. peergos.org ▪ Ian Preston ▪ @ianopolous Current status: Pre alpha

    • Web-interface – done • Use actual IPNS – to do • Tor integration – to do • Fuse client – done • Security audit – to do • Granting write access – not in UI yet • Private keystore of friends (TOFU) – done
  20. peergos.org ▪ Ian Preston ▪ @ianopolous Join community! • Sign

    up to hear when our alpha is ready (soon): https://peergos.org • Read our book: https://peergos.github.io/book • Try our demo at https://demo.peergos.net • Contribute https://github.com/peergos/peergos • Currently we are a team of 4 contributors