Horcruxes for Everyone - A Framework for Key-Loss Recovery by Splitting Trust

Felix Hörandner, Christof Rabensteiner

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem Konferenzband

Abstract

Many modern applications require users to manage keys on their own devices, which, in case of device loss or failure, may lead to serious consequences, e.g., losing access to their Bitcoin wallet. These applications need a secure and user-friendly strategy that protects users from losing keys while preserving the keys' confidentiality. Fortunately, password-protected secret sharing (PPSS) can be used to design such a key-loss recovery strategy: It enables users to split their keys into shares, to distribute these shares across third parties and, if necessary, to recover keys via password authentication. However, deploying PPSS in a key-loss recovery strategy leaves the following practical questions unanswered: Which third parties should a user pick to diversify the trust? How can these third parties be recruited? And: How can other applications benefit from such a strategy?

In this paper, we develop a framework for key-loss recovery, which allows users to distribute shares in a hierarchy that is aligned with relevant trust factors. As part of the framework, we propose a management app that supports users in building and managing hierarchical trust policies, and that offers its service to other applications. To convince organizations to operate servers, we implement our framework with a focus on server-side cost-efficiency. We extend a PPSS scheme with hierarchical trust policies, add efficient prevention of online guessing, and measure the performance of the overall system at-scale on AWS. The cost projection shows that deploying our framework is inexpensive: 40 organizations, each operating server resources for less than $20, support 50 million users when splitting and recovering their keys.
Originalspracheenglisch
Titel18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE Trustcom-19)
Herausgeber (Verlag)Institute of Electrical and Electronics Engineers
Seiten50-57
ISBN (elektronisch)978-1-7281-2777-4
ISBN (Print)978-1-7281-2778-1
DOIs
PublikationsstatusVeröffentlicht - 2019
Veranstaltung18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering - Rotorua, Neuseeland
Dauer: 5 Aug 20198 Aug 2019

Konferenz

Konferenz18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering
KurztitelTrustCom/BigDataSE 2019
LandNeuseeland
OrtRotorua
Zeitraum5/08/198/08/19

Fingerprint

Untersuchen Sie die Forschungsthemen von „Horcruxes for Everyone - A Framework for Key-Loss Recovery by Splitting Trust“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren