Slide 1

Slide 1 text

peergos.org ■ Ian Preston ■ @ianopolous Is your data secure?

Slide 2

Slide 2 text

peergos.org ■ Ian Preston ■ @ianopolous

Slide 3

Slide 3 text

peergos.org ■ Ian Preston ■ @ianopolous  I want to store my files online, but without Dropbox being able to read them.  I want to selectively share my photos, but without Facebook seeing them.  I want to store my files online, but not in a company that could go bankrupt.

Slide 4

Slide 4 text

peergos.org ■ Ian Preston ■ @ianopolous What do I want? Security  Safelogin  Strong crypto, ideallypost- quantum  Hide filemetadata  Free of SSLCas  Free ofDNS

Slide 5

Slide 5 text

peergos.org ■ Ian Preston ■ @ianopolous What do I want? Security  Safelogin  Strong crypto, ideallypost- quantum  Hide filemetadata  Free of SSLCas  Free ofDNS Control ● Selfhostable ● Selectively sharefiles ● Hidecontacts ● Pseudonymous

Slide 6

Slide 6 text

peergos.org ■ Ian Preston ■ @ianopolous What do I want? Security  Safelogin  Strong crypto, ideallypost- quantum  Hide filemetadata  Free of SSLCas  Free ofDNS Convenience Control ● Selfhostable ● Selectively sharefiles ● Hidecontacts ● Pseudonymous ● Webinterface ● Log in from anydevice ● Filesyncing ● Publishfiles ● Resilient ● As convenient as Dropbox,Facebook

Slide 7

Slide 7 text

peergos.org ■ Ian Preston ■ @ianopolous Control

Slide 8

Slide 8 text

peergos.org ■ Ian Preston ■ @ianopolous Overall architecture IPFS Hash → data IPNS Public key → Hash PKI Server PKI root hash Peergos Server Follow requests Peergos Client

Slide 9

Slide 9 text

peergos.org ■ Ian Preston ■ @ianopolous Basic structure ● Global file system ● /username/yourfiles ● Tree of symmetric keys (TweetNaCl) with cryptographic links between (Cryptree) ● Location + Key = cryptographic access token or capability (CAP) ● Explicitly don't use convergent encryption!

Slide 10

Slide 10 text

peergos.org ■ Ian Preston ■ @ianopolous Base key Directory File Metadata key Parent key Metadata key Sub-directory Parent key Metadata key work File contents Parent key Base key Data key Cryptree ianopolous thesis.tex 72 KiB Modified: 15:23 14/3/2016 text/plain

Slide 11

Slide 11 text

peergos.org ■ Ian Preston ■ @ianopolous Chunk raw file Raw file 5 MiB 5 MiB 5 MiB

Slide 12

Slide 12 text

peergos.org ■ Ian Preston ■ @ianopolous Chunk raw file Encrypt chunk Raw file 5 MiB 5 MiB 5 MiB 5 MiB

Slide 13

Slide 13 text

peergos.org ■ Ian Preston ■ @ianopolous Chunk raw file Encrypt chunk Split Raw file 5 MiB 5 MiB 5 MiB 5 MiB 40 * 128 KiB

Slide 14

Slide 14 text

peergos.org ■ Ian Preston ■ @ianopolous Chunk raw file Encrypt chunk Split Upload Raw file 5 MiB 5 MiB 5 MiB 5 MiB 40 * 128 KiB IPFS Encrypted metadata + fragment hashes

Slide 15

Slide 15 text

peergos.org ■ Ian Preston ■ @ianopolous File system CHAMP Cryptree node File fragment CHAMP node File fragment File fragment CHAMP node CHAMP node

Slide 16

Slide 16 text

peergos.org ■ Ian Preston ■ @ianopolous How does sharing work? ● Users have a public boxing key ● To send a follow request: create a directory /myname/sharing/friendname ● Send a read CAP to this directory encrypted to friend's public key ● Shared files are currently vulnerable to a quantum computer ● Will move to post-quantum sharing as soon as a clear candidate arrives

Slide 17

Slide 17 text

peergos.org ■ Ian Preston ■ @ianopolous Convenience

Slide 18

Slide 18 text

peergos.org ■ Ian Preston ■ @ianopolous Decentralized login? Scrypt hash Password Username Signing keypair ~1 second Only ever stored in RAM, never written to disk or transmitted Root key Boxing keypair

Slide 19

Slide 19 text

peergos.org ■ Ian Preston ■ @ianopolous Public links? Read (or write) CAP encoded in a URL: demo.peergos.net/#Public_writing_Key/Subspace_label/Decryption_Key Material after # is not sent to the server → file still isn't exposed to the network Can share an individual file or a folder.

Slide 20

Slide 20 text

peergos.org ■ Ian Preston ■ @ianopolous Security

Slide 21

Slide 21 text

peergos.org ■ Ian Preston ■ @ianopolous Can a login be cracked? ● Brute force is practically impossible with a good password ● Random 14 character alpha-numeric password has ~ 2^84 ~ 10^25 possibilities ● A GPU can calculate ~ 1M scrypt hashes/s (measured by litecoin users) ● One GPU cracking a single user’s login would take 10^19 seconds or ~ 300 billion years ● 300 million GPUs would take 1000 years ● GPU purchase cost = 300 billion USD

Slide 22

Slide 22 text

peergos.org ■ Ian Preston ■ @ianopolous What about quantum computer based attacks?

Slide 23

Slide 23 text

peergos.org ■ Ian Preston ■ @ianopolous  All encryption is symmetric encryption using TweetNaCl, or hashing through scrypt  Both have no known quantum attacks

Slide 24

Slide 24 text

peergos.org ■ Ian Preston ■ @ianopolous “But Javascript crypto is insecure!”

Slide 25

Slide 25 text

peergos.org ■ Ian Preston ■ @ianopolous Threat model A (casual user): ● Trusts our public server ● Trust the SSL certificate hierarchy Depends on your threat model...

Slide 26

Slide 26 text

peergos.org ■ Ian Preston ■ @ianopolous Threat model B (paranoid user): ● Doesn't trust our public server ● Doesn't trust the SSL chain Run Peergos on own machine AIR GAP Faraday Cage Binary, compiled with 3 different compilers, from signed source

Slide 27

Slide 27 text

peergos.org ■ Ian Preston ■ @ianopolous Build security ● Reproducible builds, both server and front end ● Do not use npm! Only 8 JS dependencies, all vendored ● Have our own deterministic replacement for webpack, and minifiers ● Self host all assets ● Most of the client code is written in a type-safe language (Java) and cross-compiled to JS

Slide 28

Slide 28 text

peergos.org ■ Ian Preston ■ @ianopolous Demo

Slide 29

Slide 29 text

peergos.org ■ Ian Preston ■ @ianopolous Current status: Pre alpha ● Web-interface – done ● Use actual IPNS – to do ● Tor integration – to do ● Fuse client – done ● Security audit – to do ● Granting write access – not in UI yet ● Private keystore of friends (TOFU) – done

Slide 30

Slide 30 text

peergos.org ■ Ian Preston ■ @ianopolous Join community! ● Sign up to hear when our alpha is ready (soon): https://peergos.org ● Read our book: https://peergos.github.io/book ● Try our demo at https://demo.peergos.net ● Contribute https://github.com/peergos/peergos ● Currently we are a team of 4 contributors

Slide 31

Slide 31 text

peergos.org ■ Ian Preston ■ @ianopolous Questions?