Horcruxes for Everyone - A Framework for Key-Loss Recovery by Splitting Trust

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

Abstract

Many modern applications require users to manage keys on their own devices, which, in case of device loss or failure, may lead to serious consequences, e.g., losing access to their Bitcoin wallet. These applications need a secure and user-friendly strategy that protects users from losing keys while preserving the keys' confidentiality. Fortunately, password-protected secret sharing (PPSS) can be used to design such a key-loss recovery strategy: It enables users to split their keys into shares, to distribute these shares across third parties and, if necessary, to recover keys via password authentication. However, deploying PPSS in a key-loss recovery strategy leaves the following practical questions unanswered: Which third parties should a user pick to diversify the trust? How can these third parties be recruited? And: How can other applications benefit from such a strategy?

In this paper, we develop a framework for key-loss recovery, which allows users to distribute shares in a hierarchy that is aligned with relevant trust factors. As part of the framework, we propose a management app that supports users in building and managing hierarchical trust policies, and that offers its service to other applications. To convince organizations to operate servers, we implement our framework with a focus on server-side cost-efficiency. We extend a PPSS scheme with hierarchical trust policies, add efficient prevention of online guessing, and measure the performance of the overall system at-scale on AWS. The cost projection shows that deploying our framework is inexpensive: 40 organizations, each operating server resources for less than $20, support 50 million users when splitting and recovering their keys.
Originalspracheenglisch
Titel18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE Trustcom-19)
PublikationsstatusAngenommen/In Druck - 2019

Fingerprint

Recovery
Servers
Application programs
Authentication
Costs

Dies zitieren

Hörandner, F., & Rabensteiner, C. (Angenommen/Im Druck). Horcruxes for Everyone - A Framework for Key-Loss Recovery by Splitting Trust. in 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE Trustcom-19)

Horcruxes for Everyone - A Framework for Key-Loss Recovery by Splitting Trust. / Hörandner, Felix; Rabensteiner, Christof.

18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE Trustcom-19). 2019.

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

Hörandner, F & Rabensteiner, C 2019, Horcruxes for Everyone - A Framework for Key-Loss Recovery by Splitting Trust. in 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE Trustcom-19).
Hörandner F, Rabensteiner C. Horcruxes for Everyone - A Framework for Key-Loss Recovery by Splitting Trust. in 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE Trustcom-19). 2019
Hörandner, Felix ; Rabensteiner, Christof. / Horcruxes for Everyone - A Framework for Key-Loss Recovery by Splitting Trust. 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE Trustcom-19). 2019.
@inproceedings{a61c75803a4e481bba6904e48fd2da0e,
title = "Horcruxes for Everyone - A Framework for Key-Loss Recovery by Splitting Trust",
abstract = "Many modern applications require users to manage keys on their own devices, which, in case of device loss or failure, may lead to serious consequences, e.g., losing access to their Bitcoin wallet. These applications need a secure and user-friendly strategy that protects users from losing keys while preserving the keys' confidentiality. Fortunately, password-protected secret sharing (PPSS) can be used to design such a key-loss recovery strategy: It enables users to split their keys into shares, to distribute these shares across third parties and, if necessary, to recover keys via password authentication. However, deploying PPSS in a key-loss recovery strategy leaves the following practical questions unanswered: Which third parties should a user pick to diversify the trust? How can these third parties be recruited? And: How can other applications benefit from such a strategy?In this paper, we develop a framework for key-loss recovery, which allows users to distribute shares in a hierarchy that is aligned with relevant trust factors. As part of the framework, we propose a management app that supports users in building and managing hierarchical trust policies, and that offers its service to other applications. To convince organizations to operate servers, we implement our framework with a focus on server-side cost-efficiency. We extend a PPSS scheme with hierarchical trust policies, add efficient prevention of online guessing, and measure the performance of the overall system at-scale on AWS. The cost projection shows that deploying our framework is inexpensive: 40 organizations, each operating server resources for less than $20, support 50 million users when splitting and recovering their keys.",
author = "Felix H{\"o}randner and Christof Rabensteiner",
year = "2019",
language = "English",
booktitle = "18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE Trustcom-19)",

}

TY - GEN

T1 - Horcruxes for Everyone - A Framework for Key-Loss Recovery by Splitting Trust

AU - Hörandner, Felix

AU - Rabensteiner, Christof

PY - 2019

Y1 - 2019

N2 - Many modern applications require users to manage keys on their own devices, which, in case of device loss or failure, may lead to serious consequences, e.g., losing access to their Bitcoin wallet. These applications need a secure and user-friendly strategy that protects users from losing keys while preserving the keys' confidentiality. Fortunately, password-protected secret sharing (PPSS) can be used to design such a key-loss recovery strategy: It enables users to split their keys into shares, to distribute these shares across third parties and, if necessary, to recover keys via password authentication. However, deploying PPSS in a key-loss recovery strategy leaves the following practical questions unanswered: Which third parties should a user pick to diversify the trust? How can these third parties be recruited? And: How can other applications benefit from such a strategy?In this paper, we develop a framework for key-loss recovery, which allows users to distribute shares in a hierarchy that is aligned with relevant trust factors. As part of the framework, we propose a management app that supports users in building and managing hierarchical trust policies, and that offers its service to other applications. To convince organizations to operate servers, we implement our framework with a focus on server-side cost-efficiency. We extend a PPSS scheme with hierarchical trust policies, add efficient prevention of online guessing, and measure the performance of the overall system at-scale on AWS. The cost projection shows that deploying our framework is inexpensive: 40 organizations, each operating server resources for less than $20, support 50 million users when splitting and recovering their keys.

AB - Many modern applications require users to manage keys on their own devices, which, in case of device loss or failure, may lead to serious consequences, e.g., losing access to their Bitcoin wallet. These applications need a secure and user-friendly strategy that protects users from losing keys while preserving the keys' confidentiality. Fortunately, password-protected secret sharing (PPSS) can be used to design such a key-loss recovery strategy: It enables users to split their keys into shares, to distribute these shares across third parties and, if necessary, to recover keys via password authentication. However, deploying PPSS in a key-loss recovery strategy leaves the following practical questions unanswered: Which third parties should a user pick to diversify the trust? How can these third parties be recruited? And: How can other applications benefit from such a strategy?In this paper, we develop a framework for key-loss recovery, which allows users to distribute shares in a hierarchy that is aligned with relevant trust factors. As part of the framework, we propose a management app that supports users in building and managing hierarchical trust policies, and that offers its service to other applications. To convince organizations to operate servers, we implement our framework with a focus on server-side cost-efficiency. We extend a PPSS scheme with hierarchical trust policies, add efficient prevention of online guessing, and measure the performance of the overall system at-scale on AWS. The cost projection shows that deploying our framework is inexpensive: 40 organizations, each operating server resources for less than $20, support 50 million users when splitting and recovering their keys.

M3 - Conference contribution

BT - 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE Trustcom-19)

ER -