slides/2021-padsec/src/body.tex


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366

\begin{frame}
	\begin{columns}
		\begin{column}{0.5\textwidth}
			\mktitle{Outline}
			\begin{enumerate}
				\item Explore the problem area
				\item A bird's view of the design
				\item Revisit the problem area
				\item How to get involved
			\end{enumerate}
		\end{column}
		\begin{column}{0.5\textwidth}
			\centering
			\includegraphics[width=\columnwidth]{img/rgdd}
			\burl{https://creativecommons.org/licenses/by-sa/4.0/}
		\end{column}
	\end{columns}
\end{frame}

%
% https://curl.se/download.html
%
\begin{frame}
	%
	% 1. Introduce the setup.  Daniel represents many software projects.
	% 2. How would you know if your private key got compromised?
	%
	\begin{columns}
		\begin{column}{0.5\textwidth}
			\mktitle{Meet Daniel, the author of \texttt{curl}}
			\begin{itemize}
				\item Digital signing using \texttt{gpg}
				\item Long-term RSA public key
			\end{itemize}
		\end{column}
		\begin{column}{0.5\textwidth}
			\centering
			\includegraphics[height=.75\textheight]{img/curl}
			\burl{https://creativecommons.org/licenses/by-sa/4.0/}
		\end{column}
	\end{columns}
\end{frame}

%%
%% signify: https://www.openbsd.org/papers/bsdcan-signify.html
%%
%% Locate next public key from the current OpenBSD, version 69.
%% 1. Download from mirror: https://cdn.openbsd.org/pub/OpenBSD/6.9/
%% 2. Unpack src.tar.gz
%% 3. See etc/signify/openbsd-70-base.pub
%%
%\begin{frame}
%	%
%	% 1. Introduce the setup.  A newer type of tooling than gpg.  Sort of built-
%	% in revocation by "ignoring the problem until it goes away".
%	% 2. However, you would still like to know if you have a problem or not.
%	%
%	\vfill
%	\begin{columns}
%		\begin{column}{0.5\textwidth}
%			\mktitle{Meet Puffy, the OpenBSD cartoon}
%			\begin{itemize}
%				\item Digital signing using \texttt{signify}
%				\item Basically an interface to use Ed25519
%				\item Public keys are rotated every release
%			\end{itemize}
%		\end{column}
%		\begin{column}{0.5\textwidth}
%			\centering
%			\includegraphics[width=\columnwidth]{img/openbsd}
%			\burl{https://www.openbsd.org/art4.html}
%		\end{column}
%	\end{columns}
%\end{frame}

%
% https://arxiv.org/pdf/2104.06020.pdf, page 6 for the challenge.
%
\begin{frame}
	%
	% 1. What is R-B.
	% 2. Challenge
	% 3. How I think that challenge could be approached
	%
	\vfill
	\begin{columns}
		\begin{column}{0.5\textwidth}
			\mktitle{Meet the R-B project}
			\begin{itemize}
				\item Same input gives the same output
				\item Consensus of ``valid'' checksum?
			\end{itemize}
		\end{column}
		\begin{column}{0.5\textwidth}
			\centering
			\includegraphics[width=\columnwidth]{img/rb}
			\burl{https://creativecommons.org/licenses/by-sa/4.0/}
		\end{column}
	\end{columns}
\end{frame}

\begin{frame}
	\mktitle{Problem summary}
	\vfill
	\begin{columns}
		\begin{column}{0.125\textwidth}
		\end{column}
		\begin{column}{0.75\textwidth}
			\begin{enumerate}
				\item What signatures were produced by a given private key?
				\item Consensus of checksums that should be considered valid?
			\end{enumerate}
		\end{column}
		\begin{column}{0.125\textwidth}
		\end{column}
	\end{columns}
	\vfill
\end{frame}

\begin{frame}
	%
	% 1. Introduce the system.  Think first two paragraphs in design.md
	%
	\mktitle{Our starting point}
	\begin{columns}
		\begin{column}{0.5\textwidth}
			\begin{itemize}
				\item Data publisher
				\item End-user
				\item Assumptions
					\begin{itemize}
						\item Public key can be located
						\item Signed data can be located
						\item End-user can install extra tooling
					\end{itemize}
			\end{itemize}
		\end{column}
		\begin{column}{0.5\textwidth}
			\centering
			\input{img/before}
		\end{column}
	\end{columns}
	\vfill
	\pause
	\alert{The attacker can compromise the data publisher}\\
	\pause
	\alert{The goal is to detect unwanted key-usage}
\end{frame}

\begin{frame}
	%
	% 1. Our design is about transparency logs.  So, I need to explain briefly
	% what a transparency log is.
	% 2. Append-only Merkle tree.  You can think of the data as being stored in
	% the leaves.  Each leaf is hashed.  Parents concatenate their children
	% hashes to produces their own hash values.  Repeat until single root hash.
	% 3. The root hash is usually called a tree head.
	% 4. Tree head interesting because it fixes the structure and the content of
	% the tree.  Add/remove/modify -> new tree head.
	% 5. If the log signs the tree head, you can hold it accountable for its
	% structure and content.
	% 6. This is important because the attacker can control the log.
	% 7. So we cannot trust that the log is append-only.  We will need to verify
	% that.  To this end we have consistency proofs.  The intuition is that you
	% can force the log to reveal a number of cryptographic hashes.  These
	% hashes will prove that the tree head you see today is consistent with the
	% tree head you saw yesterday.
	% 8. You can also prove that something is in the log efficiently.  This is
	% called an inclusion proof.  The intuition is that you reveal a number of
	% hashes.  If you can use them to reconstruct the root of a globally
	% consistent tree head you can be sure that some data is in the log.
	% 8. Global consistency (as opposed to just consistency) is what prevents
	% the log from creating forks.  I will return to this later on because it is
	% an important part of our design.
	% (9. Not having global consistency would be like having a blockchain
	% without a consensus mechanism.)
	%
	\mktitle{A quick step back---Transparency log crash course}
	\input{img/mt}
	\vfill
	\begin{columns}
		\begin{column}{0.33\textwidth}
			\begin{itemize}
				\item Tree head
			\end{itemize}
		\end{column}
		\begin{column}{0.33\textwidth}
			\begin{itemize}
				\item Consistency proof
			\end{itemize}
		\end{column}
		\begin{column}{0.33\textwidth}
			\begin{itemize}
				\item Inclusion proof
			\end{itemize}
		\end{column}
	\end{columns}
	\vfill
	\pause
	\alert{The attacker can control the log}
\end{frame}

\begin{frame}
	\mktitle{Preparing a logging request}
	\begin{columns}
		\begin{column}{0.5\textwidth}
			\begin{itemize}
				\item Select a shard hint and checksum
				\item Sign using your private key
			\end{itemize}
		\end{column}
		\begin{column}{0.5\textwidth}
			\lstinputlisting[style=CStyle]{img/tree-leaf.trunnel}
		\end{column}
	\end{columns}
\end{frame}

\begin{frame}
	\mktitle{Submitting a logging request}
	\begin{columns}
		\begin{column}{0.2\textwidth}
			\underline{Key-value pairs:}
			\begin{itemize}
				\item Shard hint
				\item Checksum
				\item Signature
				\item Public key
				\item Domain hint
			\end{itemize}
		\end{column}
		\begin{column}{0.8\textwidth}
			\centering
			\input{img/log-request}
		\end{column}
	\end{columns}
\end{frame}

\begin{frame}
	\mktitle{Distributing proofs of public logging}
	\begin{columns}
		\begin{column}{0.5\textwidth}
			\begin{itemize}
				\item End-user will not talk to the log
				\item Proofs of logging
					\begin{itemize}
						\item Inclusion proof
						\item Tree head
					\end{itemize}
				\item Witness cosigning
			\end{itemize}
		\end{column}
		\begin{column}{0.5\textwidth}
			\centering
			\input{img/after}
		\end{column}
	\end{columns}
	\pause
	\alert{The attacker can control a threshold of witnesses}
\end{frame}

\begin{frame}
	\mktitle{Summary and additional details}
	\begin{columns}
		\begin{column}{0.5\textwidth}
			\begin{itemize}
				\item Signed checksums
				\item Sharding
				\item Preserved data flows
				\item Anti-spam
				\item Global consistency
				\item Few simple parsers
				\item No cryptographic agility
			\end{itemize}
		\end{column}
		\begin{column}{0.5\textwidth}
			\includegraphics[width=\columnwidth]{img/clean}
		\end{column}
	\end{columns}
\end{frame}

\begin{frame}
	\begin{columns}
		\begin{column}{0.5\textwidth}
			\mktitle{Remember Daniel?}
			\begin{itemize}
				\item (Cross-)sign with Ed25519
				\item Backwards compatible verification?
					\begin{enumerate}
						\item Verify RSA \texttt{gpg} signature
						\item Verify the rest with tlog tooling
					\end{enumerate}
				\item Monitor the log for your own leaves
			\end{itemize}
		\end{column}
		\begin{column}{0.5\textwidth}
			\centering
			\includegraphics[height=.75\textheight]{img/curl}
			\burl{https://creativecommons.org/licenses/by-sa/4.0/}
		\end{column}
	\end{columns}
\end{frame}

%\begin{frame}
%	\vfill
%	\begin{columns}
%		\begin{column}{0.5\textwidth}
%			\mktitle{Remember Puffy?}
%			\begin{itemize}
%				\item No extra key-pair
%				\item Cross-sign for backwards compatibility
%				\item Possible end-user verification
%					\begin{enumerate}
%						\item Verify \texttt{signify} signature
%						\item Verify the rest with tlog tooling
%					\end{enumerate}
%			\end{itemize}
%		\end{column}
%		\begin{column}{0.5\textwidth}
%			\centering
%			\includegraphics[width=\columnwidth]{img/openbsd}
%			\burl{https://www.openbsd.org/art4.html}
%		\end{column}
%	\end{columns}
%\end{frame}

\begin{frame}
	\vfill
	\begin{columns}
		\begin{column}{0.5\textwidth}
			\mktitle{Remember the R-B project?}
			\begin{itemize}
				\item Sign and log the expected checksums
				\item Valid checksum is a logged checksum
				\item Rebuilders monitor the log
			\end{itemize}
		\end{column}
		\begin{column}{0.5\textwidth}
			\centering
			\includegraphics[width=\columnwidth]{img/rb}
			\burl{https://creativecommons.org/licenses/by-sa/4.0/}
		\end{column}
	\end{columns}
\end{frame}

\begin{frame}
	\vfill
	\begin{columns}
		\begin{column}{0.7\textwidth}
			\mktitle{Get involved}
			\begin{itemize}
				\item Feedback on our v0 design\footnotemark and API\footnotemark?
				\item Is this a service that you would use?  Why (not)?
				\item Want to run an experimental log or witness?
				\item Implementation and tooling is still early-days
				\item Reach out via slack\footnotemark, GitHub, or DM
			\end{itemize}
		\end{column}
		\begin{column}{0.3\textwidth}
			\centering
			\includegraphics[width=\columnwidth]{img/thanks}
		\end{column}
	\end{columns}
	\footnotetext[1]{\burl{https://github.com/system-transparency/stfe/blob/design/doc/design.md}}
	\footnotetext[2]{\burl{https://github.com/system-transparency/stfe/blob/design/doc/api.md}}
	\footnotetext[3]{\burl{https://communityinviter.com/apps/system-transparency/join}}
\end{frame}