Introducing Peergos

Transcript

1. Ian Preston @ianopolous peergos.org Is your data secure?

2. Ian Preston @ianopolous peergos.org PEERGOS

3. Ian Preston @ianopolous peergos.org I want to store my files

   online, but without Dropbox being able to read them. I want to selectively share my photos, but without Facebook seeing them. I want to store my files online, but not in a company that could go bankrupt.

4. Ian Preston @ianopolous peergos.org What do I want? Security Convenience

   Control • Safe login • Strong crypto, ideally post-quantum • Hide file metadata • Web interface • Log in from any device • File syncing • Publish files • Resilient • As convenient as Dropbox, Facebook • Self hostable • Selectively share files • Hide contacts • Pseudonymous

5. Ian Preston @ianopolous peergos.org Control • Self hostable • Selectively

   share files • Hide contacts • Pseudonymous

6. Ian Preston @ianopolous peergos.org Overall architecture IPFS Hash → data

   IPNS Public key → Hash Corenode Username ↔ Public key Username → Follow requests Peergos Client

7. Ian Preston @ianopolous peergos.org Basic structure • Global file system

   • /username/yourfiles • Tree of symmetric keys (TweetNaCl) with cryptographic links between (Cryptree) • Location + Key = cryptographic access token or capability (CAP) • Explicitly don't use convergent encryption!

8. Ian Preston @ianopolous peergos.org Base key Directory File Metadata key

   Parent key Metadata key Sub-directory Parent key Metadata key ianopolous work chapter1.tex 72 KiB Modified: 15:23 14/3/2016 File contents Parent key Base key

9. Ian Preston @ianopolous peergos.org 5 MiB Chunk raw file 5

   MiB 5 MiB 5 MiB 5 MiB Encrypt chunk 40 * 128 KiB Erasure code 20 * 128 KiB Upload fragments Upload metadata IPFS Encrypted metadata + fragment hashes

10. Ian Preston @ianopolous peergos.org Decentralized write access? • Cryptographically controlled

    with signing key pair (Ed25519) using IPNS • Can grant other users write access by sharing this key • Easy fine grained write access control

11. Ian Preston @ianopolous peergos.org How does sharing work? • Users

    have a public boxing key • To send a follow request: create a directory /myname/sharing/friendname • Send a read CAP to this directory encrypted to friend's public key • Shared files are currently vulnerable to a quantum computer • Will move to post-quantum sharing as soon as a clear candidate arrives

12. Ian Preston @ianopolous peergos.org Convenience • Web interface • Log

    in from any device • File syncing • Publish files • Resilient

13. Ian Preston @ianopolous peergos.org Decentralized login? • Only ever stored

    in RAM, never written to disk or transmitted Scrypt hash password username Root key Signing keypair Boxing keypair ~1 second

14. Ian Preston @ianopolous peergos.org Public links? • read (or write)

    CAP encoded in a URL • https:// demo.peergos.net/#Public_writing_Key/Subspace_label/Decryption_Key • e.g. https:// demo.peergos.net/#2bBEyF99hKzU98M6y9H4scSXRza7xreaG7PcuydQKbfpp2DR5g4Y VavRsPw1T1u8qDzkA1pYXrs2KxBbFwQuDge6p1U/8gDZHdxtXXNLTghsUXqWtWUwSG VgjkqJhJYyUfrfMAJe/XpbvAJFoAK1hFNh3CLMgZSZvukLVoc794EXhh9YyGqjf • Material after # is not sent to the server file still isn't exposed to the network → • Can share an individual file or a folder

15. Ian Preston @ianopolous peergos.org Security • Safe login • Strong

    crypto, ideally post-quantum • Hide file metadata

16. Ian Preston @ianopolous peergos.org Can a login be cracked? •

    Brute force is practically impossible with a good password • Random 14 character alpha-numeric password has ~ 2^84 ~ 10^25 possibilities • A GPU can calculate ~ 1M scrypt hashes/s (measured by litecoin users) • One GPU cracking a single user’s login would take 10^19 seconds or ~ 300 billion years • 300 million GPUs would take 1000 years • GPU purchase cost = 300 billion USD

17. Ian Preston @ianopolous peergos.org

18. Ian Preston @ianopolous peergos.org What about quantum computer based attacks?

19. Ian Preston @ianopolous peergos.org • All encryption is symmetric encryption

    using TweetNaCl, or hashing through scrypt • Both have no known quantum attacks

20. Ian Preston @ianopolous peergos.org “But Javascript crypto is insecure!”

21. Ian Preston @ianopolous peergos.org Threat model A (The casual user):

    • Trusts our public server • Trust the SSL certificate hierarchy Depends on your threat model..

22. Ian Preston @ianopolous peergos.org Threat model B (The paranoid user):

    • Doesn't trust our public server • Doesn't trust the SSL chain Run Peergos on your machine AIR GAP Faraday cage Binary, compiled with 3 different compilers, from signed source

23. Ian Preston @ianopolous peergos.org Demo

24. Ian Preston @ianopolous peergos.org Current status: Pre alpha • Web-interface

    – largely done • Core node – done • Sharing files – done • Fuse client – wip • Security audit – todo • Granting write access – todo • Private keystore of friends (TOFU) – todo

25. Ian Preston @ianopolous peergos.org Join our community! • Contribute https://github.com/ianopolous/Peergos

    • Sign up to hear when our alpha is ready: https://peergos.org • Demo at https://demo.peergos.net • Currently we are a team of 5 contributors

26. Ian Preston @ianopolous peergos.org Questions?

27. Ian Preston @ianopolous peergos.org

28. Ian Preston @ianopolous peergos.org Peergos Dropbox OwnCloud SeaFile FreeNet Tahoe-LAFS

    Retroshare Open source Y N Y Y Y Y Y Self hostable Y N Y Y Y Y Y Data always encrypted at rest Y N N N Y Y N End to end encrypted (Client side encryption) including web browser Y N N N Y N (Gateway does the encryption) N Private keys never leave the client Y N N N Y N N/A Hides friendship graph Y N N N Y N/A Y Per file access control Y Y Y Y Y Y N Concept of file ownership + deletion Y Y Y Y N N Y Can create public links to files Y Y Y Y Y Y Y Can log in on multiple devices Y Y Y Y Y Y N Web interface Y Y Y Y Y N Quantum computer resistant encryption of non shared files Y N N N Y Y N Your files survive if your server self destructs planned N/A N N Y Y N Server written in a type safe language Y N N N Y N N Quantum computer resistant encryption of shared files planned N N N Y Y N Search planned Y Y Y N N Y Native directory sync planned Y Y Y N N Secure Chat planned N N N Y N Y Comparison