Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
TEQneers GmbH & Co. KG www.teqneers.de
Slide
Secret Sharing
Split Brains
1
TEQneers GmbH & Co. KG www.teqneers.de
Slide
Password
‣Everything online or sensitive has a password
‣Usually known by sin...
TEQneers GmbH & Co. KG www.teqneers.de
Slide
Multi people examples
‣NSA access to mobile devices
‣Four-eyes principle for ...
TEQneers GmbH & Co. KG www.teqneers.de
Slide
Advances examples
‣Bank account: access by any 2 of 4 people
‣Nuclear missile...
TEQneers GmbH & Co. KG www.teqneers.de
Slide
Characteristic of multi PW solution
‣Exposure of 1 sub password doesn't expos...
TEQneers GmbH & Co. KG www.teqneers.de
Slide
Characteristic of multi PW solution
‣Generate new passwords, because one got
...
TEQneers GmbH & Co. KG www.teqneers.de
Slide
Ideas?
7
TEQneers GmbH & Co. KG www.teqneers.de
Slide
Password Carve-up
‣Discloses partial information
‣Reduces effort of brute-for...
TEQneers GmbH & Co. KG www.teqneers.de
Slide
Random Offsets
‣Disclose a password doesn't help attacker
‣Magnitude of passw...
TEQneers GmbH & Co. KG www.teqneers.de
Slide
Exclusive Or (XOR)
‣Disclose a password doesn't help attacker
‣Magnitude of p...
TEQneers GmbH & Co. KG www.teqneers.de
Slide
Shamir's Algorithm
‣Using a bit of math
‣Not too complicated
‣Matches all req...
TEQneers GmbH & Co. KG www.teqneers.de
Slide
Back to school
‣Draw a graph
‣Transform password into coordinate (e.g. 25,20)...
TEQneers GmbH & Co. KG www.teqneers.de
Slide
Some examples
‣Infinite possibilities
‣Correct way: you need 2 points
13
TEQneers GmbH & Co. KG www.teqneers.de
Slide
Equation of straight line
‣Y = mX + C
‣M is gradient (slope) of line
‣C is in...
TEQneers GmbH & Co. KG www.teqneers.de
Slide
More solutions
‣Any two point on the line describe the line and
determine the...
TEQneers GmbH & Co. KG www.teqneers.de
Slide
Simplest solution
‣Any number of point we desire
‣Distribute hundreds of coor...
TEQneers GmbH & Co. KG www.teqneers.de
Slide
Order-2
‣From linear to quadratic
‣Straight lines are order-1 polynomials
‣Qu...
TEQneers GmbH & Co. KG www.teqneers.de
Slide
Order-2 example
18
‣Any number of point we desire
‣Distribute hundreds of coo...
TEQneers GmbH & Co. KG www.teqneers.de
Slide
x-order
19
TEQneers GmbH & Co. KG www.teqneers.de
Slide
Advance feature support
‣Not a broken-plate type problem
‣No need of all pass...
TEQneers GmbH & Co. KG www.teqneers.de
Slide
Demo
https://github.com/teqneers/shamir
21
TEQneers GmbH & Co. KG www.teqneers.de
Slide
Links
‣https://github.com/teqneers/shamir
‣http://en.wikipedia.org/wiki/Secre...
Nächste SlideShare
Wird geladen in …5
×

Sharing secrets with PHP

1.229 Aufrufe

Veröffentlicht am

You want to share a secret within a group in a secure way? You want to make sure, that more than one person is needed to recover the secret so no one can do thing single-handed? You need e.g. four-eyes principle?

Cryptography knows a shared secret as a piece of data, which is only known to parties involved. The data might a text, any number, a passphrase or just bits and bytes.

The slides explain the requirements on how to share a secret, which approaches their are and is showing one solution using an algorithm called "Shamir's Secret Sharing".

This cryptographic algorithm was created by Adi Shamir. The algorithm will divide the secret into parts, where each participant receives its own unique part. Most important is, that some of the parts or all of them are needed in order to reconstruct the secret.

In cryptography Shamir's Secret Sharing is a so called threshold scheme. It means, that not all of the parts are needed, but a number of x parts are sufficient to recover the original secret.

The PHP implementation of the algorithm can be found at https://github.com/teqneers/shamir.

The slides are based on a blog called Data Genetics (http://datagenetics.com/blog/november22012/).

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

Sharing secrets with PHP

  1. 1. TEQneers GmbH & Co. KG www.teqneers.de Slide Secret Sharing Split Brains 1
  2. 2. TEQneers GmbH & Co. KG www.teqneers.de Slide Password ‣Everything online or sensitive has a password ‣Usually known by single person ‣Person gone = password gone ‣Equivalent to a door's lock 2
  3. 3. TEQneers GmbH & Co. KG www.teqneers.de Slide Multi people examples ‣NSA access to mobile devices ‣Four-eyes principle for admins ‣Joint bank account of a company ‣Lawyer needs six family member to open a will ‣Nuclear missile launch system ‣and many more 3
  4. 4. TEQneers GmbH & Co. KG www.teqneers.de Slide Advances examples ‣Bank account: access by any 2 of 4 people ‣Nuclear missile: hierarchy of passwords (president counts 3 votes, SoD counts 2, ...) ‣Will: family member die before you, don't want to de-/encrypt will again and send out passwords ‣Will: new family member without redistributing passwords to all again ‣Four-eyes principle: admins can do some operation only with another admin 4
  5. 5. TEQneers GmbH & Co. KG www.teqneers.de Slide Characteristic of multi PW solution ‣Exposure of 1 sub password doesn't expose any more hints to attacker ‣All sub passwords required to obtain solution ‣Knowledge of all-but-one no better than knowing none ‣Sub passwords have same magnitude in length than master password 5
  6. 6. TEQneers GmbH & Co. KG www.teqneers.de Slide Characteristic of multi PW solution ‣Generate new passwords, because one got exposed, without re-issuing the others ‣Keep sub passwords despite additions/deletions ‣Generate new viable sub password without re- issue 6
  7. 7. TEQneers GmbH & Co. KG www.teqneers.de Slide Ideas? 7
  8. 8. TEQneers GmbH & Co. KG www.teqneers.de Slide Password Carve-up ‣Discloses partial information ‣Reduces effort of brute-force attack ‣Not elegant ‣Need all pieces like a broken plate 8
  9. 9. TEQneers GmbH & Co. KG www.teqneers.de Slide Random Offsets ‣Disclose a password doesn't help attacker ‣Magnitude of passwords is good ‣More elegant ‣Still need all pieces 9
  10. 10. TEQneers GmbH & Co. KG www.teqneers.de Slide Exclusive Or (XOR) ‣Disclose a password doesn't help attacker ‣Magnitude of passwords is good ‣More elegant ‣Still need all pieces 10
  11. 11. TEQneers GmbH & Co. KG www.teqneers.de Slide Shamir's Algorithm ‣Using a bit of math ‣Not too complicated ‣Matches all requirements ‣Doesn't need all sub-keys to decrypt ‣Threshold cryptosystem 11
  12. 12. TEQneers GmbH & Co. KG www.teqneers.de Slide Back to school ‣Draw a graph ‣Transform password into coordinate (e.g. 25,20) ‣Now draw a line through this point ‣How would you do it? 12
  13. 13. TEQneers GmbH & Co. KG www.teqneers.de Slide Some examples ‣Infinite possibilities ‣Correct way: you need 2 points 13
  14. 14. TEQneers GmbH & Co. KG www.teqneers.de Slide Equation of straight line ‣Y = mX + C ‣M is gradient (slope) of line ‣C is intercept of y-axis ‣Our Secret S = C 14
  15. 15. TEQneers GmbH & Co. KG www.teqneers.de Slide More solutions ‣Any two point on the line describe the line and determine the interception of y-axis (our S) 15
  16. 16. TEQneers GmbH & Co. KG www.teqneers.de Slide Simplest solution ‣Any number of point we desire ‣Distribute hundreds of coordinates ‣Individually, each coordinate is useless, because infinite number of solutions ‣Any two points together describe 
 solution ‣Awesome! 16
  17. 17. TEQneers GmbH & Co. KG www.teqneers.de Slide Order-2 ‣From linear to quadratic ‣Straight lines are order-1 polynomials ‣Quadratic equations are order-2 ‣e.g. y = Ax 2 + Bx + C ‣Unlimited solution with only 2 points 17
  18. 18. TEQneers GmbH & Co. KG www.teqneers.de Slide Order-2 example 18 ‣Any number of point we desire ‣Distribute hundreds of coordinates ‣Individually, each coordinate is useless, because infinite number of solutions ‣Any three points together describe 
 solution ‣Awesome! Again!
  19. 19. TEQneers GmbH & Co. KG www.teqneers.de Slide x-order 19
  20. 20. TEQneers GmbH & Co. KG www.teqneers.de Slide Advance feature support ‣Not a broken-plate type problem ‣No need of all passwords ‣Non-complete combination no value to attacker ‣Easy to generate new sub passwords, no need to re-issue others ‣In case of compromised passwords: keep uncompromised coords and generate new curve ‣President: just needs more coordinates than others (e.g. 3) and SoD gets 2, others 1 20
  21. 21. TEQneers GmbH & Co. KG www.teqneers.de Slide Demo https://github.com/teqneers/shamir 21
  22. 22. TEQneers GmbH & Co. KG www.teqneers.de Slide Links ‣https://github.com/teqneers/shamir ‣http://en.wikipedia.org/wiki/Secret_sharing ‣http://en.wikipedia.org/wiki/Shamir %27s_Secret_Sharing ‣http://www.cs.cornell.edu/Courses/ cs513/2000SP/SecretSharing.html ‣http://groups.csail.mit.edu/cis/crypto/classes/ 6.857/papers/secret-shamir.pdf 22

×