Fireship: The UK demands Apple create a backdoor to access encrypted iCloud data, challenging global privacy.
Microsoft Research: Sophia Chile discusses creating privacy attestations over TLS 1.3 using zero-knowledge proofs, focusing on privacy-preserving technologies and ethical considerations.
Fireship - UK demands backdoor for encrypted Apple user data...
The UK government has issued a technical capability notice to Apple, demanding the creation of a backdoor to access users' encrypted iCloud data globally. This demand is part of the UK's broader surveillance efforts under the Investigatory Powers Act of 2016, which grants extensive data access capabilities to intelligence agencies. The notice is controversial because it challenges the privacy protections offered by Apple's Advanced Data Protection service, which uses end-to-end encryption, meaning only users have the keys to their data. The UK government's demand is seen as a threat to global privacy, as it could set a precedent for other countries to follow. Apple has historically resisted such demands, as seen in their refusal to unlock an iPhone for the FBI in 2016. The video suggests that Apple might negotiate a compromise, potentially discontinuing the service in the UK. For users concerned about privacy, the video recommends using end-to-end encrypted apps, full disk encryption, VPNs, and the Tor browser to protect their data.
Key Points:
- UK demands Apple create a backdoor for iCloud data access.
- Apple's Advanced Data Protection uses end-to-end encryption.
- UK's Investigatory Powers Act enables extensive surveillance.
- Apple historically resists government data access demands.
- Users should use encryption tools and VPNs for privacy.
Details:
1. 🔍 British Empire's Demand for Backdoor Access
- The British Empire issued a secret technical capability notice to Apple, mandating the creation of a backdoor to access users' encrypted iCloud data globally.
- This demand raises significant concerns around user privacy and data security, challenging Apple's commitment to encryption and privacy.
- Apple's response has been one of resistance, emphasizing their dedication to user privacy and encryption without compromises.
- The legal framework for such demands is complex and often involves balancing national security interests with individual privacy rights.
- This demand is part of a broader trend of governments seeking increased access to encrypted communications, reflecting ongoing tensions between privacy advocates and law enforcement.
2. 🔓 Global Implications for Encrypted Apps
- The shift affects not only specific regions but has worldwide implications for all users who can afford Apple products, indicating a significant global shift in privacy expectations and user security.
- The announcement serves as a crucial warning for users of end-to-end encryption apps like Telegram, Signal, and WhatsApp, highlighting potential risks and the need for increased awareness and security measures.
- This change prompts a reevaluation of how encrypted communication apps operate globally, emphasizing the necessity for companies to adapt their strategies to maintain user trust and compliance with varying regional laws.
- For example, countries with strict data privacy laws could see increased scrutiny on these apps, potentially leading to changes in how companies handle user data and encryption.
- As global digital privacy concerns rise, users and companies alike must stay informed about policy changes and their implications on personal and professional communications.
3. 🕵️ UK Surveillance and Legal Secrecy
- The UK Investigatory Powers Act of 2016 grants MI5 and MI6 extensive 'god mode' hacking capabilities, allowing them to bypass digital security measures.
- Internet service providers are mandated to retain records of all websites visited by users, enabling comprehensive mass surveillance.
- It is illegal for companies like Apple to disclose government surveillance demands, highlighting a significant level of legal secrecy and lack of transparency.
- The law's broad scope raises concerns about privacy and civil liberties, as it allows extensive monitoring without public scrutiny.
- In comparison, countries like Germany have stricter oversight and limitations on surveillance, emphasizing the UK's unique approach to national security.
- The Act's implications for digital privacy set a precedent in international surveillance practices and challenge existing norms in data privacy.
4. 🔐 Understanding iCloud Encryption
- The segment explores the implications of encryption for iCloud users, emphasizing the importance of end-to-end encryption in safeguarding private data.
- The technology behind end-to-end encryption is described as amazing and essential for privacy protection.
- The segment humorously suggests preventing even a figure like James Bond from accessing your private data, highlighting the strength of encryption.
5. 🔑 Apple's Encryption Methods and Government Concerns
- Apple's iCloud data storage reaches the exabyte scale, indicating the vast amount of data stored.
- Data in iCloud is encrypted both in transit and at rest, ensuring security during upload and storage.
- Private keys for decryption are stored in Apple's data centers, making them theoretically accessible under government pressure.
- Government access to data is a concern due to potential legal obligations Apple may face to provide access to iCloud contents.
- Apple's approach emphasizes user privacy, but storing decryption keys within their data centers poses a risk if compelled by governments to release them.
- Apple's strong encryption has been a point of contention with law enforcement agencies seeking access to user data for legal investigations.
6. 🛡️ Advanced Data Protection and Its Challenges
- Apple's Advanced Data Protection service, launched in 2022, employs end-to-end encryption, empowering users to manage and control their own encryption keys, thus ensuring that even Apple cannot access their data.
- A critical challenge associated with this service is the potential for data loss if users lose their encryption keys, highlighting the need for robust key management strategies by users.
- The evolution of end-to-end encryption includes technologies like the double ratchet algorithm, used by apps such as Signal and WhatsApp, which ensures forward secrecy and prevents the decryption of past or future messages if a key is compromised.
- The implementation of advanced encryption poses significant challenges to government surveillance, with limited options for access unless advancements in quantum computing occur that could potentially break current encryption standards.
- Implications for users include a higher responsibility for managing their encryption keys securely, and the broader impact on privacy and government access to information.
- Future developments in encryption technology may further enhance data protection but also complicate access for legitimate surveillance needs.
7. ⚖️ Apple's Stance Against Government Pressure
- Apple has historically resisted government pressure to compromise user data privacy, as seen in 2016 when they refused to create an iOS backdoor for the FBI even after the San Bernardino shooting.
- The FBI had to resort to paying a third party over a million dollars to access the phone, highlighting Apple's commitment to user privacy.
- Apple is unlikely to comply with technical capability notices that compromise data security, potentially reaching a compromise that involves discontinuing certain services in specific regions.
8. 🔒 Privacy Measures and Tools for Users
- Utilize end-to-end encryption for all communications, using apps like Signal.
- Implement full disk encryption on your hard drive for enhanced data protection.
- Use a trusted VPN with a strict no-logs policy to maintain anonymity online.
- Access the internet through the Tor browser over the Onion Network to anonymize traffic, noting that ISPs in the UK are required to track website visits.
- Consider using Tails OS, an amnesic operating system, which runs off a USB and wipes memory to prevent data retrieval after shutdown.
9. 📚 Learning Cybersecurity with Brilliant
- Brilliant offers free access to learning math and computer science concepts, essential for cybersecurity, through engaging lessons.
- The platform recommends starting with math courses suitable for all levels and progressing to applied Python courses for practical cybersecurity skills.
- Users can form a daily learning habit with short, rewarding lessons, accessible via phone, requiring only a few minutes each day.
- A 30-day free trial is available through brilliant.org/fireship, allowing users to explore all offerings.
Microsoft Research - Attestations over TLS 1.3 and ZKP
Sophia Chile, a senior cryptography researcher, explores the development of privacy attestations over TLS 1.3 using zero-knowledge proofs. She highlights the need for privacy-preserving technologies in web services, where users often need to prove identity or age. Chile discusses leveraging existing authorizations to access multiple services without repeatedly proving identity. She introduces a complex system that commits to TLS 1.3 encrypted data, allowing for zero-knowledge proofs of statements over this data. The talk covers the challenges of committing to encrypted data, the use of a third-party verifier, and the creation of zero-knowledge proofs without revealing sensitive information. Chile emphasizes the importance of ethical considerations, noting that such systems should not be one-size-fits-all and must avoid enabling surveillance. She also discusses the technical aspects of implementing these systems, including modifications to AES encryption and the use of deterministic finite automata for regex checking. The talk concludes with a call for further research and careful ethical analysis to ensure these technologies do not restrict access or enable surveillance.
Key Points:
- Use zero-knowledge proofs to create privacy attestations over TLS 1.3, allowing users to prove identity without revealing sensitive information.
- Leverage existing authorizations to access multiple services, reducing the need for repeated identity proofs.
- Implement a third-party verifier to commit to encrypted data, ensuring privacy and security in data transmission.
- Modify AES encryption to act as a commitment scheme, enabling zero-knowledge proofs over encrypted data.
- Consider ethical implications and ensure systems do not restrict access or enable surveillance.
Details:
1. 🔍 Introduction to Sophia Chile and Her Work
- Sophia Chile is a senior cryptography researcher at BRAVE, highlighting her expertise in cryptography and involvement in developing privacy-enhancing technologies.
- She plays a crucial role in advancing privacy solutions, particularly in post-quantum cryptography and zero-knowledge proofs (ZKP), indicating her contributions to cutting-edge cryptographic research.
- Her work includes attestations over TLS 1.3, showcasing her specialization in secure communication protocols and zero-knowledge proofs.
- Sophia's contributions are pivotal in developing technologies that ensure secure and private digital interactions, aligning with the latest advancements in cryptographic security.
2. 🌐 Sophia's Contributions and Impact
2.1. Sophia's Technical Contributions
2.2. Sophia's Community Impact
3. 🎤 Sophia's Talk Introduction
- Sophia holds significant roles in various standardization bodies, including ITFIRD and FW3C, contributing to industry standards and protocols.
- She co-founded Crypto Latinos and Wincy Women in Cryptography, initiatives aimed at promoting diversity and inclusion in the cryptography field.
- As a Co-editor of IACRS, Sophia plays a crucial role in shaping the direction and quality of research communicated through the journal.
4. 🔒 Privacy Attestations with TLS 1.3 and ZKP
- The presentation introduces a cutting-edge method for creating privacy attestations over TLS 1.3 encrypted data using zero knowledge proofs (ZKP).
- Zero knowledge proofs are cryptographic methods that allow one party to prove to another that a statement is true, without revealing any additional information beyond the validity of the statement itself.
- This innovative approach is particularly significant as it provides a means to enhance privacy without compromising data security, making it highly relevant in sectors that handle sensitive data.
- The adoption of this methodology is increasing across industries such as finance, healthcare, and e-commerce, where privacy and data protection are paramount.
- By leveraging ZKP with TLS 1.3, organizations can ensure secure data transmission while maintaining robust privacy standards, a critical requirement in today's digital landscape.
- The approach not only addresses current privacy concerns but also aligns with future regulatory requirements focused on data protection and privacy.
- This privacy enhancement technique has the potential to revolutionize data security practices and is gaining recognition as a best practice in the field.
5. 🔑 Designing Complex Distributed Systems
- The speaker attempted to present new work but encountered an issue, leading to the sharing of preliminary insights instead.
- Focus is on early-stage findings related to the design of complex distributed systems, suggesting more comprehensive analysis in future discussions.
6. 🛡️ Proofs and Privacy in Internet Applications
6.1. The Challenge of Proofs in Internet Applications
6.2. Innovative Solutions: Streamlining Proofs
7. 🔐 Challenges and Innovations in Security Protocols
7.1. Challenges in Security Protocols
7.2. Innovations in Security Protocols
8. 🔄 Verifiable Security with DECO Protocol
- The DECO protocol enhances security by leveraging existing TLS 1.3 data to prove connections to servers, which is particularly useful for accessing further services.
- There are two main types of knowledge proofs in the DECO protocol: 'Proof of Providence' which confirms a TLS connection with a specific server, and a second type, more focused on by DECO, which proves the existence of a statement over encrypted TLS data to confirm server connections.
- The practical application includes proving connections to secure entities like banks, ensuring the authenticity of the server in communication.
- DECO's focus on proving statements over encrypted TLS data is instrumental in maintaining security and authenticity in digital communications.
9. 🔍 Detailed Explanation of Security Mechanisms
- Prioritize privacy-preserving technologies, as they prevent revealing server interactions and browser history, thus protecting user privacy.
- Use encrypted TLS 1.3 traffic with AES-GCM in AED settings to demonstrate data commitment over transmitted data, utilizing JSON as a context-sensitive grammar.
- Ensure data integrity by demonstrating the existence of a specific field (e.g., 'age') at the top level of a JSON document.
- Include more practical examples of how these mechanisms are applied in real-world scenarios.
- Expand the discussion to cover a broader range of security mechanisms, providing additional background on each technology mentioned.
10. 🛡️ Commitment and Security in TLS 1.3
- TLS 1.3 introduces enhanced security measures by incorporating a three-party handshake protocol, known as DECO, which commits to encrypted traffic and strengthens data integrity.
- The three-party handshake, or three PS, provides an additional security layer over conventional TLS protocols by involving a third party in the handshake process, ensuring the commitment to data.
- DECO's integration in TLS 1.3 exemplifies a strategic advancement in protocol security, focusing on ensuring that encrypted communications maintain integrity and confidentiality.
11. 🚀 Implementing Secure Protocols in Web Browsers
- CKTLS introduces a modified handshake for exporting statements to verifiers, enhancing security.
- Previous protocols primarily targeted TLS 1.2, which is now considered outdated and less secure.
- TLS 1.3 offers superior security properties and efficiency, being the latest protocol standard.
- The ITF TLS working group has deprecated TLS 1.2, advocating for the adoption of TLS 1.3.
- This work provides a formal security analysis of new protocols, aligning with TLS 1.3 standards.
- Efficiency improvements in TLS 1.3 are leveraged to address previous protocol inefficiencies.
12. 🔄 Phases of Secure Protocols
- Current algorithms used in secure protocols are either slow or broken and lack support for SCCM or Chechapoli, essential for TLS 1.3.
- Existing protocols compromise client privacy by exposing server-client interactions, potentially revealing browsing history.
- A new solution using ring signature/zero-knowledge proof methods addresses these privacy concerns.
- Prior to this work, there were no open-source implementations for such protocols.
- The new protocol, Stefano, which addresses these issues, will be presented at NDSS.
- Protocols, also known as DCTLS, operate in three phases: handshake, query, and an additional phase, all occurring in parallel rather than sequentially.
13. 🔍 Understanding TLS 1.3 Handshake
13.1. Handshake Phase
13.2. Record Layer Phase
14. 🔐 Secret Sharing in TLS 1.3
14.1. Encrypted Client Hello
14.2. 0 RTT Mode for Efficiency
14.3. Key Differences from TLS 1.2
14.4. Secret Sharing with Verifier
14.5. Verifier's Role in Data Security
15. 🔑 Key Derivation and Encryption
- Protocols define three distinct phases: handshake, query, and commitment, which are not sequential.
- The handshake phase involves a secret share between the client and the verifier, forming the basis of communication security.
- TLS 1.3 handshake illustrates the use of key shares visible in client hello and server hello messages.
- Key shares consist of private and public components, essential for generating shared secrets between client and server.
- Public key shares are concatenated additive shares, facilitating the derivation of shared secrets.
- Key shares can be pre-generated before the handshake, optimizing the process.
- The client must ensure the server receives specific client key shares to proceed with secure communication.
16. 🛡️ Verifier's Role in Security Protocols
- In the TLS handshake, specific cipher suites utilize signature and decryption algorithms to generate shared secrets, ensuring secure operations from both client and verifier perspectives.
- Keys are derived for encrypting messages at both the handshake and record layers, maintaining secure communication channels.
- Implementation requires significant modifications to web browsers and the DLS stack on servers, with successful integration in the Brave browser using Boring SSL.
- Implementing these protocols through web browser extensions poses challenges due to the limited ability to modify TLS messages for security reasons.
- The verifier's role significantly impacts overall security by ensuring the integrity and confidentiality of communications.
- Real-world implementation examples like in the Brave browser highlight both the feasibility and challenges of integrating such security protocols.
17. 🔒 Enhancing Security with Ring Signatures
- Modifying TLS via an extension is challenging and requires access to the browser's TLS stack for easier implementation, as server-side modifications are unnecessary due to the server perceiving operations as normal.
- Optimizations have been introduced to reduce the computational cost of deriving shared secrets, a critical aspect of enhancing security.
- One significant optimization involves the use of elliptic curve cryptography in TLS, where optimized points are used instead of full X&Y coordinates, streamlining the cryptographic process.
- These optimizations not only improve efficiency but also maintain or enhance the security integrity of the TLS protocol when implementing ring signatures.
18. 🔑 Optimizations in Key Derivation
- Key derivation is optimized by focusing computations on the X coordinate, which simplifies operations and enables working over a field rather than a full point.
- Utilizing binary garbled circuits enhances two-party computation (2PC) functionalities, including handshake key derivation and record layer key derivation, as well as encryption and decryption using AES.
- The handshake secrets are derived on both the client and server sides, allowing subsequent messages to be encrypted, improving security in the handshake phase of TLS 1.3.
19. 🔄 Commitment Protocols and Privacy
- Commitment protocols ensure authentication and integrity by verifying correct server-client communications.
- TLS 1.3 provides server legitimacy confirmation through a signature tied to a public key, verified via Public Key Infrastructure (PKI).
- Clients receive server certificates and must forward server certificate verified messages to a verifier for client authenticity, preventing false server connections.
- To protect privacy, a zero-knowledge proof, CKPDS, is used to confirm the signature's validity without revealing the specific public key used.
- Example: Public keys from a trusted consortium, like European banks, verify legitimacy without identifying the specific key.
20. 🔍 AES Modifications for Enhanced Security
- The server's identity privacy is maintained by employing a proof of knowledge that confirms a signature belongs to one of several public keys without revealing which one specifically.
- To ensure data integrity and security, the client forwards encrypted messages to the verifier, necessitating the verifier to commit to the data before revealing their key share.
- This process is essential for the client to decrypt the data eventually, thereby ensuring secure communication.
- In the current TLS 1.3 setting with AES, the use of a non-committing cipher complicates the process of forwarding encrypted blocks and decrypting messages, highlighting the need for modifications to enhance security.
21. 🛡️ Preventing Attacks in Secure Communications
- Implement a mechanism where the verifier commits to specific encrypted message blocks and encryption keys, effectively preventing non-committing attacks.
- Transform AES into an AEAD setting to create a committing site, enhancing the security of encrypted communications by ensuring integrity and authenticity.
- Derive distinct keys specifically for encrypting the record layer and generating HMAC messages, which are crucial for verifying the integrity and authenticity of messages in transit.
- TLS 1.3 is equipped with mechanisms that ensure handshake messages are not modified, thus maintaining the integrity of client-server communications and preventing man-in-the-middle attacks.
- Utilize public keys in a manner that does not disclose the exact server, thereby preserving anonymity and ensuring secure client-server communication.
22. 🔄 Implementing Secure Protocols in Practice
22.1. Public Key Infrastructure (PKI) and Authentication
22.2. Zero-Knowledge Tests in Protocols
23. 🔍 Key Challenges in Secure Protocols
23.1. Anonymity and Identification Challenges
23.2. Trust and Authorization
23.3. Encryption Vulnerabilities
24. 🔒 Ensuring Commitment and Security
- The protocol addresses potential client dishonesty by modifying AES encryption to prevent lying about ciphertext blocks.
- A commitment to a specific key is sent before revealing the verifier's key share, utilizing a mask called B prime.
- The creation of a value called EEI acts as a commitment to the key, ensuring that clients cannot alter messages once the key share is revealed.
- This mechanism prevents clients from generating zero-knowledge proofs for false statements, ensuring the integrity of the protocol.
25. 🔑 Commitment Mechanisms with AES
- AES modification serves as a commitment scheme, enhancing security in protocols like TLS 1.3 with shared keys between clients and servers.
- While the verifier can check the client's commitment, the server's inability to do so poses a security gap that needs addressing.
- ESGCM is highlighted as the preferred cipher suite due to its effective block cipher capabilities, which streamline commitment processes and bolster security.
26. 🚀 Implementation and Efficiency
- The implementation was done in C++ over BoringSSL, consisting of around 14K lines of code, indicating a substantial but manageable codebase.
- Experimentation over LAN showed that the online phases of the protocol take less than a second to launch the handshake, demonstrating high efficiency in network operations.
- Preprocessing costs are increased due to AES security optimizations, which is a consideration for resource management.
- The process remains within typical TLS timeout limits of 10-20 seconds, even with the addition of a third-party verifier, ensuring reliability in real-world applications.
- Future work aims to extend the implementation to include the Chechapoli cipher suite, indicating potential for enhanced security features.
27. 🔄 Understanding Commitment and Query Phases
- The commitment and query phases occur in parallel, not sequentially, which significantly impacts the processing of encrypted messages.
- Each encrypted message requires a verifier to modify the AES as part of their commitment, highlighting the necessity for parallel processing.
- The query phase can be initiated by requesting to open a TLS connection, showing the interconnected nature of these phases.
- The record layer phase involves sending queries and may require creating zero-knowledge proofs over handshake messages, underscoring its critical role in application development.
28. 🔍 Zero Knowledge Proofs in Practice
- AES is modified as a commitment scheme to create zero-knowledge proofs directly over AES encryption, avoiding pedestrian commitments and extra proof layers.
- This method allows for commitments creation without plaintext decryption, enhancing efficiency over prior methods.
- By proving over serial knowledge without revealing plaintext, stronger privacy standards are maintained.
- The approach avoids selective block revealing due to privacy concerns, opting for a comprehensive zero-knowledge proof strategy instead.
29. 🔒 Using REEF for Regex and Jason Verification
- Traffic over TLS 1.3 should follow correct formats like HTML or JSON for verification.
- Example: Verify JSON field 'H' is at least 2 for compliance.
- REEF validates document statements against regex patterns, ensuring they meet criteria.
- REEF can validate JSON commitments, ensuring correct format and content.
30. 🔑 Converting Regex to Deterministic Automata
- Regex expressions can be converted into deterministic finite automata (DFA), allowing for more efficient and secure pattern matching.
- This conversion is particularly useful in scenarios where sensitive information, such as passwords, needs to be validated against a regex pattern without exposing the actual data to a server.
- The process involves mapping regex patterns to DFA states; for example, a regex pattern can be represented as a state diagram where specific inputs (e.g., 'A' or 'B') move the automaton through different states.
- Using deterministic finite automata for regex validation enables the creation of functions that efficiently test conditions in the automata, ensuring that a given input matches the regex pattern.
- This method allows for arithmeticization of the match function, enhancing the security and efficiency of regex validation processes.
31. 🔄 Recursive Proofs and Optimization
- Recursive proofs optimize zero-knowledge statement verification by assuming prior states are valid, focusing only on the final state.
- Deterministic finite automata have been modified to enhance optimization while maintaining core functions.
- Lookup tables and recursive proofs efficiently validate statements, particularly in HTML and JSON formats.
- REEF is specialized for reject checking but can apply to broader web data contexts.
32. 🔍 Towards Jason and HTML Verification
32.1. Regex Checking over TLS 1.3
32.2. JSON Grammar Verification
33. 🔒 Parsing and Proving in Zero Knowledge
- Parse trees are interpreted as deterministic finite automata, enabling the use of existing methods to prove properties in zero knowledge efficiently.
- Verification involves checking parse trees of JSON documents for specific paths, ensuring they conform to expected JSON grammar, which is crucial for maintaining data integrity.
- Future directions include expanding these verification methods to demonstrate conformance to both JSON and HTML grammar, and integrating this with AES encryption techniques to streamline proof generation without data recommitment.
34. 🔑 Expanding to Web Verification
- The system uses AES to provide commitments, ensuring JSON is well-formed and keys exist correctly within it.
- A value associated with a specific key is verified as an integer, meeting conditions such as being equal to or greater than two using zero-knowledge proofs.
- The approach currently tests responses from the server, with potential expansion to include queries from the client.
- The protocol can be adapted for use in other protocols like the Signal or DNS protocols, though modifications would be necessary to generate commitments.
- An example of potential expansion includes adapting the protocol to verify client queries, enhancing security by ensuring both ends of communication can be verified.
- For adaptation to protocols like Signal or DNS, the system would need to generate commitments based on their specific requirements, ensuring secure and verifiable communications.
35. 🔍 Applications and Ethical Considerations
- TLS 1.3 protocol requires significant redesign to be applied to platforms like Signal, indicating the complexity of adapting security protocols across different systems.
- Fraud prevention techniques, such as 'honeypot fields,' are used to detect bots by identifying if these fields are completed, which typically only automated systems do.
- The effectiveness of honeypot fields depends on keeping them proprietary and secure, as public exposure could compromise their utility.
- Cryptographic Key Proofs (CKP) are employed to verify user authenticity without disclosing sensitive information, allowing users to demonstrate honesty to other services.
- Ethical considerations are crucial in system development, as protocols may not suit all users, particularly those without traditional identifiers like bank accounts or passports.
- It is vital to separate technical applications from ethical implications to ensure clarity and address each aspect thoroughly, enhancing the understanding of protocol design challenges.
