secret sharingfor laptop data protection

1. secret sharing
for laptop data
protection
Submitted by
Chippy Thomas
Mtech cs
Roll no 4

2. Introduction
• With the benefits of portability
and mobility, laptops have
become more and more popular.
• People usually believe that their
personal laptop is safe, and they
store sensitive data in it.
• Sensitive data includes business
documents, credit card
information, E-mail and

3. • For this reason, several security
mechanisms for protecting
sensitive data on laptops have
been designed.
• Kao et al. designed a protocol
(MELP)
• That allowed laptop users to use
their mobile phones as the
encryption key to protect their
files.
• Although the mobile-based

4. • This paper present about a novel
scheme based on secret-sharing
technique.
• Users can easily encrypt/decrypt
their laptop data offline, that is,
without access to the Internet.
• security analysis shows that
their scheme satisfies all of the
essential requirements for
security and functionality.
• performance analysis indicates

5. Existing system
• Studer and Perrig proposed a
location-based scheme [mobile
user location-specific encryption
(MULE)].
• The MULE scheme provides an
automatic mechanism for
encrypting/decrypting the
sensitive data on a laptop in a
trusted place.

6. • Then, Kao et al. designed a
protocol (MELP)
• That allows users to use their
mobile phones as the encryption
key to protect the files in their
laptops.
• In their scheme, first, the user
must register her/his laptop and
mobile phone as the legal devices
• after that sensitive data can be
encrypted.

7. Proposed system
• In this paper, we proposed a
novel scheme based on a secret-
sharing (SS) technique protecting
sensitive data on laptops.
• We realised that not all users
who wish to encrypt/decrypt the
data on their laptops have
mobile phones and Internet
access.
• Thus, our scheme enhances the

8. • There are three members in our
scheme, that is, the laptop, the
USB device and the server.
• Our scheme can be easily divided
into four phases, that is,
• (i) the registration phase
• (ii) the encryption/decryption
phase
• (iii) the recovery phase
• (iv) the reuse phase.

9. • The user to register his laptop
and universal serial bus (USB)
device only one time on the
Internet.
• After that, the user can offline
encrypt and decrypt data on
laptop with the assist of
registered USB device and
laptop.
• when the user has lost his USB
device, he can recover the

10. • In addition, when a thief steals
the laptop, our scheme can
guarantee that the thief cannot
extract and decrypt the data in
the laptop.
• Proposed scheme uses :
Secure sockets layer
SS scheme

11. • Algorithm used here is shamir
secret sharing algorithm
• In this a secret is shared among
members
• We can reconstruct secret only if
we have k number of shares
• we define a polynomial f (x) = a0 +
a1x + a2x2
+ · · · +an−1xn−1
for SS, where
n is the integer and a0 is the secret
S.
• Then, we compute n shares as D1,

12. Registration phase
• In this phase, we describe how a
user registers her/his laptop and
USB device in our scheme.
• When a user who wants to
protect his files that are stored
in a laptop, he must register the
devices (i.e. the laptop and USB
device) as legal devices.
• After that, the user can

13. • Step 1: User i connects a USB device
to her/his laptop.
• Step 2: User i uses his laptop to
choose an identity IDi, a password
Pwi and three random
numbers, that is, R1, x1 and x2. After
that, the laptop computes A = h(R1||
PWi).
• Step 3: User i sends A, x1, x2 and
IDi to the server by her/his laptop.
• Step 4: After receiving the message,
the server chooses a master key Z, and

14. • Next, the server picks a polynomial f (x) =
aix + si, which is based on Shamir’s SS
scheme.
• The server computes and sets Lt = f
(x1), Usb = f (x2) and Ser = f (x3).
• The server uses f (x3) and its master key
Z to compute E = h( f (x3)||Z) and
stores C, D and f (x3) in its database.
• Step 5: The server sends B, C, Lt, Usb
and E to the laptop.
• Step 6: First, the laptop uses A to
encrypt B, E and Usb as (B)A, (E)A

16. Encryption/decryption phase
• In this phase, when a user wants
to encrypt/decrypt the files in his
laptop, he first must use the
registered USB device connected to
his laptop.
• After that, the user can use his
identity and password to log into
the USB device to verify his
identity.
• Then, the laptop and USB device

17. • Step 1: At the beginning of this phase,
user i must connect the registered USB
device to her/his laptop.
• Step 2: The user enters IDi and PWi into
the laptop.
• Step 3: The laptop forwards IDi and
PWi to the USB device.
• Step 4: After receiving the messages
from the laptop, the USB device uses the
received IDi and PWi to compute A =′
h(R1||PWi).
• And then, the USB device uses A′ to

18. • Step 5: The USB device sends the
decryption value Usb to the laptop.
• Step 6: After receiving the decryption
value Usb, the laptop can use
Lt = f (x1) and Usb = f (x2) to
compute s and set it as the key for
encryption/decryption.

20. Recovery phase
• When a user loses his USB device
in our proposed scheme he can
still recover his encrypted file by
executing the recovery phase that
we designed.
• In this phase, the user must
connect his laptop to the Internet
and use online decryption to
decrypt the file.

21. • Step 1: The user enters his identity IDi
and password PWi into his laptop.
• The laptop computes A = h(R1||PWi)′
to decrypt (B)A and generates
• F = B IDi.⊕
• After that, the laptop uses the value A′ to
decrypt (E)A, and it uses E to encrypt Lt,
IDi, B, A′, Ti and F as G = (Lt, IDi, B, A′, Ti,
F)E, where Ti is a timestamp.
• Step 2: The laptop sends F, Ti and G to
the server.
• Step 3: The server immediately checks

22. • If the timestamp is not valid, the server
terminates the procedure; otherwise, it
computes D = F Z′ ⊕ = R2⊕IDi by the
received F and its master key Z.
• After that, the server uses D′ to determine
the corresponding C and f(x3) in its
database.
• At the same time, server uses Z and f (x3)
to compute E′=h( f(x3)||Z), uses E′ to
decrypt G and then checks the timestamp
Ti in the message G.
• After that, the server computes C″ = h(B||

23. • Step 4: The server sends H to the laptop.
• Step 5: The laptop uses E to decrypt H.
Then, the laptop can use Lt = f (x1) and f
(x3) to compute 3i=1, i=2 f (xi)3r=1, r=2
and i (x − xr)/(xi− xr).
• Then, the laptop can retrieve the value s
and set it as the key for the decryption of
the files.

25. Reuse phase
• In our proposed scheme, we
provide the recovery phase fo
reconstructing the encrypted file
when the user loses his USB
device.
• Also, we provide the reuse phase
for rebuilding a new USB device to
use in the future without double
registering.

26. • Step 1: After decrypting the file, the laptop
generates a timestamp Ti2 and chooses
two random numbers, x4 and x5. And, the
laptop uses E to encrypt two values as I =
(Ti2, x4,x5)E.
• Step 2: The laptop sends Ti2 and I to the
server.
• Step 3: After receiving the message, the
server first checks the timestamps Ti2.
Then, the server picks a polynomial f (x) =
ai ′x + si′ that is based on Shamir’s SS
scheme.

27. • Finally, the server updates the original f
(x3) to f (x6) in its database.
• Step 4: The server sends J to the laptop.
• Step 5: After receiving J from the server,
the laptop uses E to decrypt J = (Lt′, Usb′,
E′′)E′ . And then, the laptop uses A to
encrypt Usb′ and E″ as (Usb′)A and (E″)A.
After that, the laptop updates Lt and (E)A
to Lt′ and (E″)A.
• Step 6: The user connects a new USB
device.
• Step 7: The laptop sends R1, (B)A, C and

29. Security analysis
• we assume that an attacker tries
to access the data in the laptop
by common attacks, that is,
• the replay attack and the
impersonation attack.
• our proposed scheme can
withstand these attacks.

30. Withstanding the replay attack
• The replay attack is when an
attacker intercepts one log-in
message from a legal user
• And then the attacker may try to
resend the log-in message to the
server and pretend to be the
original user.
• Attacker may replay messages
using recovery phase and reuse

31. Replaying messages in recovery
phase
• Attacker may intercepts the
messages F, G and Ti in Step 2
of ‘the recovery phase’.
• She may try to resend them to
impersonate the original user.
• Fortunately, Eve will not be
successful because the server can
easily detect that these messages
are not fresh.

32. Replaying messages in reuse phase
• If we assume that Eve intercepts the
messages Ti2 and I in Step 2 of ‘the
reuse phase’ and resends the
messages to the server
• she still can do nothing. Our proposed
scheme uses a timestamp that
ensures the freshness of the received
message.
• So server checks the timestamp Ti2,
the server can determine that these

33. Withstanding the impersonation attack
• 2 cases
• (i) impersonating the user
• (ii)impersonating the server
• Impersonating the user:
• Attacker tries to impersonate a legal
user in our proposed scheme.

34. • She may intercept and modify the
messages F, Ti and G in Step 2 of the
‘recovery phase’, where F = B⊕IDi
and G =(Lt, IDi, B, A′, Ti, F)E.
• without knowing parameter B and key
E, Eve cannot arbitrarily modify F and
G.
• If Eve uses the fake timestamp Teve to
cheat the server, she also cannot
pass the verification when the server
decrypts the message G and uses the

35. • If we assume that Eve intercepts the
messages Ti2 and I in Step 2 of the
‘reuse phase’, where I = (Ti2, x4,
x5)E.
• She may try to modify the intercepted
message so that she can pretend to
be the original user.
• She cannot accomplish this because,
without knowing key E, Eve cannot
modify the message I.
• To protect the transmitted messages

36. Impersonating the server:
• Eve impersonates the server in order
to obtain useful information from
users.
• Case 1 :When she receives the
messages F, Ti and G from the user
in Step 2 of the ‘recovery phase’,
• she cannot obtain useful information
without knowing parameter B and key
E.

37. • Without the correct value f (x3) and
correct master key Z, Eve cannot
generate the encryption key E′.
• This encryption key E′ is equal to the
user’s decryption key E.
• Hence, when the user cannot use his
key E to decrypt the fake message H′′
= (f (xeve))Eeve .
• he will immediately know that
message H″ is incorrect and
terminate the procedure.

38. • Case 2 : When Eve receives the
message I and Ti2 in Step 2 of the
‘reuse phase’ , she also tries to :
• (i) obtain useful information from these
messages
• (ii) generate the valid message J.
• To prevent Eve from obtaining useful
information from the received
message, we use symmetrical key E
to protect the transmitted message.
• In addition, Eve cannot generate the

39. Case of withstanding the loss of the
device
• To prevent an attacker from
extracting sensitive information from
the devices, we have to ensure that
the laptop and the USB device are
secure.
• our proposed scheme can withstand
the case in which either or both of the
devices are lost or stolen.
• 1)Loss of the laptop :

40. • She may extract the parameters Lt, a
random number R1, (B)A and (E)A
from this laptop, where Lt = f (x1), B =
Z⊕R2, E = h( f (x3)||Z) and A = h(R1||
PWi) are symmetrical
encryption/decryption keys.
• Obviously, without the symmetrical
encryption/decryption key A, Eve
cannot decrypt and extract any useful
information from parameters (B)A and
(E)A.

41. • Next, we assume that Eve attempts to
recover the encrypted messages that
were stored in the stolen laptop by
using the recovery phase.
• Fortunately, she cannot ask for one
recovery share from the server
because she does not have the
correct identity and password.
• our proposed scheme still ensured
that the sensitive data in the laptop
will not be available to the attacker.

42. • She may obtain the random number
R1, parameters (Usb)A, (B)A and C
from the USB device, where C = h(B||
A||IDi).
• Eve may omit the random number R1
and the hash value C, because these
two parameters are useless information
for her.
• In addition, she cannot extract any
message in (B)A and (Usb′)A because
those parameters are protected by

43. 3)Loss of both the laptop and the
USB device:
• In this third scenario, we give the
attacker more power.
• Assuming that Eve steals both the
laptop and the corresponding USB
device,
• she may try to connect the stolen laptop
with the stolen USB device and execute
the encryption/decryption phase.
• Fortunately, without the user’s identity

44. • In addition, even if Eve extracts the
parameters Lt, a random number R1,
(B)A and (E)A from this laptop
• and the random number R1, parameters
(Usb)A, (B)A and C from the USB
device, she still can do nothing
• because all of the important parameters
are protected by the encryption key A,
that is, (B)A, (Usb)A and (E)A.
• In our proposed scheme, an attacker
will be unable to retrieve any useful

45. Advantage
• User-friendliness
• In our proposed scheme, we designed
the ‘recovery phase’ and the ‘reuse
phase’ to ensure that the scheme was
user-friendly.
• Withstand attacks
• Our security analysis showed that our
scheme can withstand various well-
known attacks .
• Replay attack and impersonation attack

46. • It also can withstand three other
serious threats, that is,
• (i) the loss of the laptop
• (ii) the loss of the USB device and
• (iii) the loss of both the laptop and the
USB device.
• Uses symmetric key encryption for
transmitted messages
• So attacker cant modify the transmitted
messages
• Users can easily encrypt/decrypt

47. Conclusion
• In this paper, we proposed a novel,
secure and practical Scheme based on
SS for protecting sensitive data on
laptops.
• Our proposed scheme provides a
simple way that the user can easily
register the service
• And the user can execute the
encryption/decryption phase offline to
access her or his data easily.

48. • And generating a new registered USB
device for encryption/decryption without
having to register twice.
• our proposed scheme can still withstand
several well-known attacks and provide
better performance.
• The security and performance analyses
showed that our proposed scheme is
secure and more suitable for protecting
sensitive data on laptops.