From 76bae02bcd7d6b3ec9eea428e5e95da184a8dbfb Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Tue, 15 Oct 2024 15:35:20 +0200 Subject: Rescue some slides from old private mono repos --- slides/2021-padsec/src/body.tex | 366 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 366 insertions(+) create mode 100644 slides/2021-padsec/src/body.tex (limited to 'slides/2021-padsec/src/body.tex') diff --git a/slides/2021-padsec/src/body.tex b/slides/2021-padsec/src/body.tex new file mode 100644 index 0000000..f748c79 --- /dev/null +++ b/slides/2021-padsec/src/body.tex @@ -0,0 +1,366 @@ +\begin{frame} + \begin{columns} + \begin{column}{0.5\textwidth} + \mktitle{Outline} + \begin{enumerate} + \item Explore the problem area + \item A bird's view of the design + \item Revisit the problem area + \item How to get involved + \end{enumerate} + \end{column} + \begin{column}{0.5\textwidth} + \centering + \includegraphics[width=\columnwidth]{img/rgdd} + \burl{https://creativecommons.org/licenses/by-sa/4.0/} + \end{column} + \end{columns} +\end{frame} + +% +% https://curl.se/download.html +% +\begin{frame} + % + % 1. Introduce the setup. Daniel represents many software projects. + % 2. How would you know if your private key got compromised? + % + \begin{columns} + \begin{column}{0.5\textwidth} + \mktitle{Meet Daniel, the author of \texttt{curl}} + \begin{itemize} + \item Digital signing using \texttt{gpg} + \item Long-term RSA public key + \end{itemize} + \end{column} + \begin{column}{0.5\textwidth} + \centering + \includegraphics[height=.75\textheight]{img/curl} + \burl{https://creativecommons.org/licenses/by-sa/4.0/} + \end{column} + \end{columns} +\end{frame} + +%% +%% signify: https://www.openbsd.org/papers/bsdcan-signify.html +%% +%% Locate next public key from the current OpenBSD, version 69. +%% 1. Download from mirror: https://cdn.openbsd.org/pub/OpenBSD/6.9/ +%% 2. Unpack src.tar.gz +%% 3. See etc/signify/openbsd-70-base.pub +%% +%\begin{frame} +% % +% % 1. Introduce the setup. A newer type of tooling than gpg. Sort of built- +% % in revocation by "ignoring the problem until it goes away". +% % 2. However, you would still like to know if you have a problem or not. +% % +% \vfill +% \begin{columns} +% \begin{column}{0.5\textwidth} +% \mktitle{Meet Puffy, the OpenBSD cartoon} +% \begin{itemize} +% \item Digital signing using \texttt{signify} +% \item Basically an interface to use Ed25519 +% \item Public keys are rotated every release +% \end{itemize} +% \end{column} +% \begin{column}{0.5\textwidth} +% \centering +% \includegraphics[width=\columnwidth]{img/openbsd} +% \burl{https://www.openbsd.org/art4.html} +% \end{column} +% \end{columns} +%\end{frame} + +% +% https://arxiv.org/pdf/2104.06020.pdf, page 6 for the challenge. +% +\begin{frame} + % + % 1. What is R-B. + % 2. Challenge + % 3. How I think that challenge could be approached + % + \vfill + \begin{columns} + \begin{column}{0.5\textwidth} + \mktitle{Meet the R-B project} + \begin{itemize} + \item Same input gives the same output + \item Consensus of ``valid'' checksum? + \end{itemize} + \end{column} + \begin{column}{0.5\textwidth} + \centering + \includegraphics[width=\columnwidth]{img/rb} + \burl{https://creativecommons.org/licenses/by-sa/4.0/} + \end{column} + \end{columns} +\end{frame} + +\begin{frame} + \mktitle{Problem summary} + \vfill + \begin{columns} + \begin{column}{0.125\textwidth} + \end{column} + \begin{column}{0.75\textwidth} + \begin{enumerate} + \item What signatures were produced by a given private key? + \item Consensus of checksums that should be considered valid? + \end{enumerate} + \end{column} + \begin{column}{0.125\textwidth} + \end{column} + \end{columns} + \vfill +\end{frame} + +\begin{frame} + % + % 1. Introduce the system. Think first two paragraphs in design.md + % + \mktitle{Our starting point} + \begin{columns} + \begin{column}{0.5\textwidth} + \begin{itemize} + \item Data publisher + \item End-user + \item Assumptions + \begin{itemize} + \item Public key can be located + \item Signed data can be located + \item End-user can install extra tooling + \end{itemize} + \end{itemize} + \end{column} + \begin{column}{0.5\textwidth} + \centering + \input{img/before} + \end{column} + \end{columns} + \vfill + \pause + \alert{The attacker can compromise the data publisher}\\ + \pause + \alert{The goal is to detect unwanted key-usage} +\end{frame} + +\begin{frame} + % + % 1. Our design is about transparency logs. So, I need to explain briefly + % what a transparency log is. + % 2. Append-only Merkle tree. You can think of the data as being stored in + % the leaves. Each leaf is hashed. Parents concatenate their children + % hashes to produces their own hash values. Repeat until single root hash. + % 3. The root hash is usually called a tree head. + % 4. Tree head interesting because it fixes the structure and the content of + % the tree. Add/remove/modify -> new tree head. + % 5. If the log signs the tree head, you can hold it accountable for its + % structure and content. + % 6. This is important because the attacker can control the log. + % 7. So we cannot trust that the log is append-only. We will need to verify + % that. To this end we have consistency proofs. The intuition is that you + % can force the log to reveal a number of cryptographic hashes. These + % hashes will prove that the tree head you see today is consistent with the + % tree head you saw yesterday. + % 8. You can also prove that something is in the log efficiently. This is + % called an inclusion proof. The intuition is that you reveal a number of + % hashes. If you can use them to reconstruct the root of a globally + % consistent tree head you can be sure that some data is in the log. + % 8. Global consistency (as opposed to just consistency) is what prevents + % the log from creating forks. I will return to this later on because it is + % an important part of our design. + % (9. Not having global consistency would be like having a blockchain + % without a consensus mechanism.) + % + \mktitle{A quick step back---Transparency log crash course} + \input{img/mt} + \vfill + \begin{columns} + \begin{column}{0.33\textwidth} + \begin{itemize} + \item Tree head + \end{itemize} + \end{column} + \begin{column}{0.33\textwidth} + \begin{itemize} + \item Consistency proof + \end{itemize} + \end{column} + \begin{column}{0.33\textwidth} + \begin{itemize} + \item Inclusion proof + \end{itemize} + \end{column} + \end{columns} + \vfill + \pause + \alert{The attacker can control the log} +\end{frame} + +\begin{frame} + \mktitle{Preparing a logging request} + \begin{columns} + \begin{column}{0.5\textwidth} + \begin{itemize} + \item Select a shard hint and checksum + \item Sign using your private key + \end{itemize} + \end{column} + \begin{column}{0.5\textwidth} + \lstinputlisting[style=CStyle]{img/tree-leaf.trunnel} + \end{column} + \end{columns} +\end{frame} + +\begin{frame} + \mktitle{Submitting a logging request} + \begin{columns} + \begin{column}{0.2\textwidth} + \underline{Key-value pairs:} + \begin{itemize} + \item Shard hint + \item Checksum + \item Signature + \item Public key + \item Domain hint + \end{itemize} + \end{column} + \begin{column}{0.8\textwidth} + \centering + \input{img/log-request} + \end{column} + \end{columns} +\end{frame} + +\begin{frame} + \mktitle{Distributing proofs of public logging} + \begin{columns} + \begin{column}{0.5\textwidth} + \begin{itemize} + \item End-user will not talk to the log + \item Proofs of logging + \begin{itemize} + \item Inclusion proof + \item Tree head + \end{itemize} + \item Witness cosigning + \end{itemize} + \end{column} + \begin{column}{0.5\textwidth} + \centering + \input{img/after} + \end{column} + \end{columns} + \pause + \alert{The attacker can control a threshold of witnesses} +\end{frame} + +\begin{frame} + \mktitle{Summary and additional details} + \begin{columns} + \begin{column}{0.5\textwidth} + \begin{itemize} + \item Signed checksums + \item Sharding + \item Preserved data flows + \item Anti-spam + \item Global consistency + \item Few simple parsers + \item No cryptographic agility + \end{itemize} + \end{column} + \begin{column}{0.5\textwidth} + \includegraphics[width=\columnwidth]{img/clean} + \end{column} + \end{columns} +\end{frame} + +\begin{frame} + \begin{columns} + \begin{column}{0.5\textwidth} + \mktitle{Remember Daniel?} + \begin{itemize} + \item (Cross-)sign with Ed25519 + \item Backwards compatible verification? + \begin{enumerate} + \item Verify RSA \texttt{gpg} signature + \item Verify the rest with tlog tooling + \end{enumerate} + \item Monitor the log for your own leaves + \end{itemize} + \end{column} + \begin{column}{0.5\textwidth} + \centering + \includegraphics[height=.75\textheight]{img/curl} + \burl{https://creativecommons.org/licenses/by-sa/4.0/} + \end{column} + \end{columns} +\end{frame} + +%\begin{frame} +% \vfill +% \begin{columns} +% \begin{column}{0.5\textwidth} +% \mktitle{Remember Puffy?} +% \begin{itemize} +% \item No extra key-pair +% \item Cross-sign for backwards compatibility +% \item Possible end-user verification +% \begin{enumerate} +% \item Verify \texttt{signify} signature +% \item Verify the rest with tlog tooling +% \end{enumerate} +% \end{itemize} +% \end{column} +% \begin{column}{0.5\textwidth} +% \centering +% \includegraphics[width=\columnwidth]{img/openbsd} +% \burl{https://www.openbsd.org/art4.html} +% \end{column} +% \end{columns} +%\end{frame} + +\begin{frame} + \vfill + \begin{columns} + \begin{column}{0.5\textwidth} + \mktitle{Remember the R-B project?} + \begin{itemize} + \item Sign and log the expected checksums + \item Valid checksum is a logged checksum + \item Rebuilders monitor the log + \end{itemize} + \end{column} + \begin{column}{0.5\textwidth} + \centering + \includegraphics[width=\columnwidth]{img/rb} + \burl{https://creativecommons.org/licenses/by-sa/4.0/} + \end{column} + \end{columns} +\end{frame} + +\begin{frame} + \vfill + \begin{columns} + \begin{column}{0.7\textwidth} + \mktitle{Get involved} + \begin{itemize} + \item Feedback on our v0 design\footnotemark and API\footnotemark? + \item Is this a service that you would use? Why (not)? + \item Want to run an experimental log or witness? + \item Implementation and tooling is still early-days + \item Reach out via slack\footnotemark, GitHub, or DM + \end{itemize} + \end{column} + \begin{column}{0.3\textwidth} + \centering + \includegraphics[width=\columnwidth]{img/thanks} + \end{column} + \end{columns} + \footnotetext[1]{\burl{https://github.com/system-transparency/stfe/blob/design/doc/design.md}} + \footnotetext[2]{\burl{https://github.com/system-transparency/stfe/blob/design/doc/api.md}} + \footnotetext[3]{\burl{https://communityinviter.com/apps/system-transparency/join}} +\end{frame} -- cgit v1.2.3