peergos-arch-20min-v03.pdf

Transcript

1. peergos.org ▪ Ian Preston ▪ @ianopolous Is your data secure?

2. peergos.org ▪ Ian Preston ▪ @ianopolous

3. peergos.org ▪ Ian Preston ▪ @ianopolous  I want to

   store my files online, but without Dropbox being able to read them.  I want to selectively share my photos, but without Facebook seeing them.  I want to store my files online, but not in a company that could go bankrupt.

4. peergos.org ▪ Ian Preston ▪ @ianopolous What do I want?

   Security  Safelogin  Strong crypto, ideallypost- quantum  Hide filemetadata  Free of SSLCas  Free ofDNS

5. peergos.org ▪ Ian Preston ▪ @ianopolous What do I want?

   Security  Safelogin  Strong crypto, ideallypost- quantum  Hide filemetadata  Free of SSLCas  Free ofDNS Control • Selfhostable • Selectively sharefiles • Hidecontacts • Pseudonymous

6. peergos.org ▪ Ian Preston ▪ @ianopolous What do I want?

   Security  Safelogin  Strong crypto, ideallypost- quantum  Hide filemetadata  Free of SSLCas  Free ofDNS Convenience Control • Selfhostable • Selectively sharefiles • Hidecontacts • Pseudonymous • Webinterface • Log in from anydevice • Filesyncing • Publishfiles • Resilient • As convenient as Dropbox,Facebook

7. peergos.org ▪ Ian Preston ▪ @ianopolous Control

8. peergos.org ▪ Ian Preston ▪ @ianopolous Overall architecture IPFS Hash

   → data IPNS Public key → Hash PKI Server PKI root hash Peergos Server Follow requests Peergos Client

9. peergos.org ▪ Ian Preston ▪ @ianopolous Basic structure • Global

   file system • /username/yourfiles • Tree of symmetric keys (TweetNaCl) with cryptographic links between (Cryptree) • Location + Key = cryptographic access token or capability (CAP) • Explicitly don't use convergent encryption!

10. peergos.org ▪ Ian Preston ▪ @ianopolous Base key Directory File

    Metadata key Parent key Metadata key Sub-directory Parent key Metadata key work File contents Parent key Base key Data key Cryptree ianopolous thesis.tex 72 KiB Modified: 15:23 14/3/2016 text/plain

11. peergos.org ▪ Ian Preston ▪ @ianopolous Chunk raw file Raw

    file 5 MiB 5 MiB 5 MiB

12. peergos.org ▪ Ian Preston ▪ @ianopolous Chunk raw file Encrypt

    chunk Raw file 5 MiB 5 MiB 5 MiB 5 MiB

13. peergos.org ▪ Ian Preston ▪ @ianopolous Chunk raw file Encrypt

    chunk Split Raw file 5 MiB 5 MiB 5 MiB 5 MiB 40 * 128 KiB

14. peergos.org ▪ Ian Preston ▪ @ianopolous Chunk raw file Encrypt

    chunk Split Upload Raw file 5 MiB 5 MiB 5 MiB 5 MiB 40 * 128 KiB IPFS Encrypted metadata + fragment hashes

15. peergos.org ▪ Ian Preston ▪ @ianopolous File system CHAMP Cryptree

    node File fragment CHAMP node File fragment File fragment CHAMP node CHAMP node

16. peergos.org ▪ Ian Preston ▪ @ianopolous How does sharing work?

    • Users have a public boxing key • To send a follow request: create a directory /myname/sharing/friendname • Send a read CAP to this directory encrypted to friend's public key • Shared files are currently vulnerable to a quantum computer • Will move to post-quantum sharing as soon as a clear candidate arrives

17. peergos.org ▪ Ian Preston ▪ @ianopolous Convenience

18. peergos.org ▪ Ian Preston ▪ @ianopolous Decentralized login? Scrypt hash

    Password Username Signing keypair ~1 second Only ever stored in RAM, never written to disk or transmitted Root key Boxing keypair

19. peergos.org ▪ Ian Preston ▪ @ianopolous Public links? Read (or

    write) CAP encoded in a URL: demo.peergos.net/#Public_writing_Key/Subspace_label/Decryption_Key Material after # is not sent to the server → file still isn't exposed to the network Can share an individual file or a folder.

20. peergos.org ▪ Ian Preston ▪ @ianopolous Security

21. peergos.org ▪ Ian Preston ▪ @ianopolous Can a login be

    cracked? • Brute force is practically impossible with a good password • Random 14 character alpha-numeric password has ~ 2^84 ~ 10^25 possibilities • A GPU can calculate ~ 1M scrypt hashes/s (measured by litecoin users) • One GPU cracking a single user’s login would take 10^19 seconds or ~ 300 billion years • 300 million GPUs would take 1000 years • GPU purchase cost = 300 billion USD

22. peergos.org ▪ Ian Preston ▪ @ianopolous What about quantum computer

    based attacks?

23. peergos.org ▪ Ian Preston ▪ @ianopolous  All encryption is

    symmetric encryption using TweetNaCl, or hashing through scrypt  Both have no known quantum attacks

24. peergos.org ▪ Ian Preston ▪ @ianopolous “But Javascript crypto is

    insecure!”

25. peergos.org ▪ Ian Preston ▪ @ianopolous Threat model A (casual

    user): • Trusts our public server • Trust the SSL certificate hierarchy Depends on your threat model...

26. peergos.org ▪ Ian Preston ▪ @ianopolous Threat model B (paranoid

    user): • Doesn't trust our public server • Doesn't trust the SSL chain Run Peergos on own machine AIR GAP Faraday Cage Binary, compiled with 3 different compilers, from signed source

27. peergos.org ▪ Ian Preston ▪ @ianopolous Build security • Reproducible

    builds, both server and front end • Do not use npm! Only 8 JS dependencies, all vendored • Have our own deterministic replacement for webpack, and minifiers • Self host all assets • Most of the client code is written in a type-safe language (Java) and cross-compiled to JS

28. peergos.org ▪ Ian Preston ▪ @ianopolous Demo

29. peergos.org ▪ Ian Preston ▪ @ianopolous Current status: Pre alpha

    • Web-interface – done • Use actual IPNS – to do • Tor integration – to do • Fuse client – done • Security audit – to do • Granting write access – not in UI yet • Private keystore of friends (TOFU) – done

30. peergos.org ▪ Ian Preston ▪ @ianopolous Join community! • Sign

    up to hear when our alpha is ready (soon): https://peergos.org • Read our book: https://peergos.github.io/book • Try our demo at https://demo.peergos.net • Contribute https://github.com/peergos/peergos • Currently we are a team of 4 contributors

31. peergos.org ▪ Ian Preston ▪ @ianopolous Questions?