Encryption of Time-Series Data

•

0 likes•4 views

In this presentation, I discuss my recent project that aims to make time-series data better encrypted. Currently, encryption among several clients relies on static keys. This is far from ideal, as it means that compromised keys can result in the entire communication chain becoming compromised. Using polynomials, we can efficiently update shared keys among large networks. Applications for this include: - VoIP and Teleconferencing - DRM for TV Networks - Secure Radio Broadcasts - Group Messaging Learn more at https://www.alexbeaver.com/events/encryption-of-time-series-data

Encryption of
Time-Series Data
Alex Beaver
alex@beaver.dev
linkedin.com/in/alex-beaver/
21 January 2022 alexbeaver.com 1

Alex Beaver
1st Year CSEC Major
• From SF Bay Area
• 2 Enterprise Security
Internships
• Interested in
cryptography and
secure communication
21 January 2022 alexbeaver.com 2

Agenda
• The State of Key
Ratcheting
• A Scalable Solution
• Potential Use Cases
21 January 2022 alexbeaver.com 3

Agenda
• The State of Key
Ratcheting
• A Scalable Solution
• Potential Use Cases
21 January 2022 alexbeaver.com 4

How do You Secure
Communication
Between Many
Clients?
21 January 2022 alexbeaver.com 5

Static Keys
21 January 2022 alexbeaver.com 6

Static
Keys
• Risk of key compromise
• Difficult to kick clients
• Easy to crack
• Can fix with key
ratcheting
21 January 2022 alexbeaver.com 7

Key
Ratcheting
• Update Keys Over Time
• Common in messaging
clients
• If one key is
compromised, future
aren’t
21 January 2022 alexbeaver.com 8

Works Best
P2P
21 January 2022 alexbeaver.com 9

Well-
Established
Standards
• Diffie Hellman
• ECDH
• Signal Protocol
21 January 2022 alexbeaver.com 10

Not Scalable
21 January 2022 alexbeaver.com 11

Agenda
• The State of Key
Ratcheting
• A Scalable Solution
• Potential Use Cases
21 January 2022 alexbeaver.com 12

Requirements
• Multicast compatible
• Near-infinite # of
clients
• More secure than static
keys
21 January 2022 alexbeaver.com 13

The Concept
21 January 2022 alexbeaver.com 14
MSG 1 MSG 2 MSG 3 MSG 4
New Key New Key New Key New Key

Don’t Want to Transfer Keys
21 January 2022 alexbeaver.com 15
MSG 1 MSG 2 MSG 3 MSG 4
New Key New Key New Key New Key

Polynomials
21 January 2022 alexbeaver.com 16

Why
Polynomials?
• Very flexible
• Efficient calculation
• Deterministic
21 January 2022 alexbeaver.com 17

Deriving a Key from a Polynomial
21 January 2022 alexbeaver.com 18
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Key
Polynomial

Deriving a Nonce from a Polynomial
21 January 2022 alexbeaver.com 19
Nonce
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Key

Deriving a Next X from a Polynomial
21 January 2022 alexbeaver.com 20
X
ID*
* May not be necessary depending on configuration
Nonce
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Key

What Do
We Have?
• Common Algorithm
Across All Clients
• Convert Highly Flexible
Data Set to AES-256
Keys
• Missing Key Ratcheting
21 January 2022 alexbeaver.com 21

Highly
Flexible
Data Set
21 January 2022 alexbeaver.com 22

Modify
Coefficients
21 January 2022 alexbeaver.com 23

Modify
Coefficients
• Establish a changelog
• Wrap around sent data
• If a client does not
receive, loses access to
chain
• Lightning fast
21 January 2022 alexbeaver.com 24

The Concept
21 January 2022 alexbeaver.com 25
MSG 1 MSG 2 MSG 3 MSG 4
Changelog Changelog Changelog Changelog

Single Packet Compromise
• Attacker likely doesn’t have coefficient set
• Cannot go backwards
• Have “next x” n iterations in the future
• Would have to compromise n sequential packets
• Coefficients more difficult to brute-force than sym. key
• Unknown # of coefficients
21 January 2022 alexbeaver.com 26

Caveats
• Recovery mechanism
• Client Kick
• Works best when # coefficients bounded (1024-8192)
• Expensive
• If coefficients at any stage compromised, chain
becomes compromised
• NaN/∞
21 January 2022 alexbeaver.com 27

What Do
We Have?
• Common Algorithm
Generate Keys
• Independent
Ratcheting
• Compromised packet
does not compromise
security
• Constant complexity
21 January 2022 alexbeaver.com 28

Agenda
• The State of Key
Ratcheting
• A Scalable Solution
• Potential Use Cases
21 January 2022 alexbeaver.com 29

Real Time
or At Rest
21 January 2022 alexbeaver.com 30

Potential
Use Cases
• Radio
• Secure VoIP
• IPTV DRM
• Group Messaging
• Time-Series Databases
21 January 2022 alexbeaver.com 31

Talking how and why virtual networking that we use today is not suitable for use in Cloud deployments. First I talk about the gap between "server" & "networks", then discuss the problems of virtual networking that we use today. Then into using software appliances instead of physical devices by highlighting the good & bad. Then a brief overview of Software Defined Networking and how it will impact Cloud Networking in the next two years,

MongoDB Europe 2016 - Building WiredTiger

MongoDB

Hidden inside MongoDB is the WiredTiger data engine, an Open Source, pluggable storage engine that became the database's default in 3.2. Written in C, WiredTiger uses a variety of techniques to provide unmatched performance, low latency and scalability. This talk will explore data structures and techniques C/C++ programmers can use to support heavily threaded applications on modern hardware, using examples from the WiredTiger code base. Data structures and techniques to be covered include hazard pointers, skiplists, ticket locks, atomic instructions and memory barriers.

From Relational to Graph: How Going Graph Revealed the Unknown(Jason_Schatz)....

Neo4j

BRKSEC-2288.pdf

HaitamSouissi1

Don't Drop ACID (July 2021)

Matthew Groves

NoSQL document databases provide unique capabilities of scaling, flexibility, and performance for a wide variety of use cases. However, many developers from relational backgrounds are understandably nervous (for a variety of reasons) about using NoSQL in their next project. This session will address one of those reasons: ACID transactions (or lack thereof). This session will start with some background about why NoSQL databases didn’t (initially) have full ACID capabilities. Next, we’ll look at why lack of ACID may not be a big deal and some of the data modeling and querying techniques to use instead. Finally, we’ll look at the more recent trend of document databases adding distributed multi-document ACID capabilities and show a live demo of a NoSQL transaction. You’ll leave this session with a better understanding of how ACID works and when to use it.

Data Engineer's Lunch #86: Building Real-Time Applications at Scale: A Case S...

Anant Corporation

As the demand for real-time data processing continues to grow, so too do the challenges associated with building production-ready applications that can handle large volumes of data and handle it quickly. In this talk, we will explore common problems faced when building real-time applications at scale, with a focus on a specific use case: detecting and responding to cyclist crashes. Using telemetry data collected from a fitness app, we’ll demonstrate how we used a combination of Apache Kafka and Python-based microservices running on Kubernetes to build a pipeline for processing and analyzing this data in real-time. We'll also discuss how we used machine learning techniques to build a model for detecting collisions and how we implemented notifications to alert family members of a crash. Our ultimate goal is to help you navigate the challenges that come with building data-intensive, real-time applications that use ML models. By showcasing a real-world example, we aim to provide practical solutions and insights that you can apply to your own projects. Key takeaways: An understanding of the common challenges faced when building real-time applications at scale Strategies for using Apache Kafka and Python-based microservices to process and analyze data in real-time Tips for implementing machine learning models in a real-time application Best practices for responding to and handling critical events in a real-time application

Watch the webinar on demand at: nginx.com/resources/webinars/web-microservice-controlled-stateless-and-connected While many articles and books have been written about service design, there is a scarcity of information about how to integrate rich, user-experience-based web development onto a microservice-based application. In many respects the web frontend is the most complex part of the application, but it needs to scale and interface with your system just like any other microservice. The question is, how will your frontend system access your backend microservices? What will you do to make the frontend as stateless and ephemeral as the rest of your microservices? How will you provide your JavaScript application components with access to your microservices? Watch this webinar to learn how to: * Build your frontend using Model-View-Controller frameworks * Implement session state as a cached component in an attached resource * Use NGINX Plus routing and load balancing to give JavaScript access to microservices

Unsung heroes Validator & Infra provider.pdf

Jiyun Kim

Texas Cyber Summit 2022: Challenges Securing Cloud-Native.pdf

Gabriel Schuyler

You've finished your (rushed by lockdown) lift-and-shift to the cloud, and now your developers are adopting cloud-native workloads such as containers, serverless functions, storage buckets, and databases as a service. These and other cloud technologies introduce unique attack vectors, and defense must adapt. This session will provide you with enough knowledge to begin securing your most important assets in the cloud.

Introduction to Apache Cassandra™ + What’s New in 4.0

DataStax

Apache Cassandra has been a driving force for applications that scale for over 10 years. This open-source database now powers 30% of the Fortune 100.Now is your chance to get an inside look, guided by the company that’s responsible for 85% of the code commits.You won’t want to miss this deep dive into the database that has become the power behind the moment — the force behind game-changing, scalable cloud applications - Patrick McFadin, VP Developer Relations at DataStax, is going behind the Cassandra curtain in an exclusive webinar. View recording: https://youtu.be/z8fLn8GL5as Explore all DataStax webinars: https://www.datastax.com/resources/webinars

Data Con LA 2022 - Who Owns That Yacht? How Graphs Are Used to Identify Asset...

Data Con LA

Mark Quinsland, Sr. Field Engineer at Neo4j Luxury yachts, football teams, and mansions are no longer safe havens for the illicit profits of Russian Oligarchs with ties to Putin. Assets are being identified and seized with benefits flowing to causes in Ukraine. This presentation covers: - How are friends and relatives of Putin sheltering immense profits - Graphs and other tools being used to identify sources & destinations of illicit wealth - Latest asset seizures - New regulations to expose hidden investors

Algosec security policy management for financial institutions

Maytal Levi

Financial institutions are constantly seeking to better serve their customers and maintain a competitive edge through new technology innovations and digital transformation initiatives, yet they often fall behind on delivering these new innovations into production. Network and security operations teams are often hampered by manual, slow and error-prone security policy change management processes, and the ever-increasing demands of industry regulations. It often takes several days, or even weeks to process a single change across a complex enterprise environment, which often needs hundreds of these changes each month, directly impacting time-to-market. Geared towards the specific challenges of financial institutions, this webinar will provide technical best practices for managing network security policy changes while reducing risk and enforcing compliance and will cover: • Key industry metrics that compare security environments in and outside the finance industry. • The state of network security and management challenges • How to overcome security management complexity with automation • How to address the ever-increasing demands of the financial industry regulations

Unclouding Container Challenges

Rakuten Group, Inc.

The secure, direct to-internet branch

Zscaler

IT leaders have talked for years about routing traffic directly to the internet from the branch, but network complexity and security challenges have been too great. Times have changed, and today digital transformation is pushing organizations to rapidly evolve branch office IT and security architectures to take advantage of cloud services. Join a conversation with Zeus Kerravala, Founder and Principal Analyst, ZK Research, and Bill Lapp, Vice President of Customer Success, Zscaler, to discuss the challenges of cloud migration, along with the opportunities it presents. We’ll explore the best ways to address complexity and security in the branch, and discuss a strategic approach to providing a scalable architecture for the adoption of SaaS and cloud services

Microservices are the Future! (...and always will be) - Josh Holtzman, PayPal...

Ambassador Labs

Technical Debt - SOTR14 - Clarkie

Andrew Clarke

GridMate - End to end testing is a critical piece to ensure quality and avoid...

ThomasParaiso2

National Security Agency - NSA mobile device best practices

Quotidiano Piemontese

Climate Impact of Software Testing at Nordic Testing Days

Kari Kakkonen

My slides at Nordic Testing Days 6.6.2024 Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Paige Cruz

Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack. While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack. I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Prayukth K V

The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development. The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers: State of global ICS asset and network exposure Sectoral targets and attacks as well as the cost of ransom Global APT activity, AI usage, actor and tactic profiles, and implications Rise in volumes of AI-powered cyberattacks Major cyber events in 2024 Malware and malicious payload trends Cyberattack types and targets Vulnerability exploit attempts on CVEs Attacks on counties – USA Expansion of bot farms – how, where, and why In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East Why are attacks on smart factories rising? Cyber risk predictions Axis of attacks – Europe Systemic attacks in the Middle East Download the full report from here: https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

Neo4j

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

Introduction to CHERI technology - Cybersecurity

mikeeftimakis1

The Future of Platform Engineering

Jemma Hussein Allen

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

Pushing the limits of ePRTC: 100ns holdover for 100 days

Adtran

Similar to Encryption of Time-Series Data

Building a Web Frontend with Microservices and NGINX Plus

NGINX, Inc.

Unsung heroes Validator & Infra provider.pdf

Jiyun Kim

Texas Cyber Summit 2022: Challenges Securing Cloud-Native.pdf

Gabriel Schuyler

Introduction to Apache Cassandra™ + What’s New in 4.0

DataStax

Data Con LA 2022 - Who Owns That Yacht? How Graphs Are Used to Identify Asset...

Data Con LA

Algosec security policy management for financial institutions

Maytal Levi

Unclouding Container Challenges

Rakuten Group, Inc.

The secure, direct to-internet branch

Zscaler

Microservices are the Future! (...and always will be) - Josh Holtzman, PayPal...

Ambassador Labs

Technical Debt - SOTR14 - Clarkie

Andrew Clarke

Similar to Encryption of Time-Series Data (10)

Building a Web Frontend with Microservices and NGINX Plus

Unsung heroes Validator & Infra provider.pdf

Texas Cyber Summit 2022: Challenges Securing Cloud-Native.pdf

Introduction to Apache Cassandra™ + What’s New in 4.0

Data Con LA 2022 - Who Owns That Yacht? How Graphs Are Used to Identify Asset...

Algosec security policy management for financial institutions

Unclouding Container Challenges

The secure, direct to-internet branch

Microservices are the Future! (...and always will be) - Josh Holtzman, PayPal...

Technical Debt - SOTR14 - Clarkie

Recently uploaded

GridMate - End to end testing is a critical piece to ensure quality and avoid...

ThomasParaiso2

National Security Agency - NSA mobile device best practices

Quotidiano Piemontese

Climate Impact of Software Testing at Nordic Testing Days

Kari Kakkonen

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Paige Cruz

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Prayukth K V

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

Neo4j

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Introduction to CHERI technology - Cybersecurity

mikeeftimakis1

The Future of Platform Engineering

Jemma Hussein Allen

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

Pushing the limits of ePRTC: 100ns holdover for 100 days

Adtran

Free Complete Python - A step towards Data Science

RinaMondal9

PCI PIN Basics Webinar from the Controlcase Team

ControlCase

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

SOFTTECHHUB

The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing. One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

91mobiles

Removing Uninteresting Bytes in Software Fuzzing

Aftab Hussain

Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process. In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds. - These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.

DevOps and Testing slides at DASA Connect

Kari Kakkonen

Elevating Tactical DDD Patterns Through Object Calisthenics

Dorra BARTAGUIZ

After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!

GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...

Neo4j

Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.

Recently uploaded (20)

GridMate - End to end testing is a critical piece to ensure quality and avoid...

National Security Agency - NSA mobile device best practices

Climate Impact of Software Testing at Nordic Testing Days

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

The Art of the Pitch: WordPress Relationships and Sales

Introduction to CHERI technology - Cybersecurity

The Future of Platform Engineering

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

Pushing the limits of ePRTC: 100ns holdover for 100 days

Free Complete Python - A step towards Data Science

PCI PIN Basics Webinar from the Controlcase Team

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

Removing Uninteresting Bytes in Software Fuzzing

DevOps and Testing slides at DASA Connect

Elevating Tactical DDD Patterns Through Object Calisthenics

GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...

Encryption of Time-Series Data

1. Encryption of Time-Series Data Alex Beaver alex@beaver.dev linkedin.com/in/alex-beaver/ 21 January 2022 alexbeaver.com 1

2. Alex Beaver 1st Year CSEC Major • From SF Bay Area • 2 Enterprise Security Internships • Interested in cryptography and secure communication 21 January 2022 alexbeaver.com 2

3. Agenda • The State of Key Ratcheting • A Scalable Solution • Potential Use Cases 21 January 2022 alexbeaver.com 3

4. Agenda • The State of Key Ratcheting • A Scalable Solution • Potential Use Cases 21 January 2022 alexbeaver.com 4

5. How do You Secure Communication Between Many Clients? 21 January 2022 alexbeaver.com 5

6. Static Keys 21 January 2022 alexbeaver.com 6

7. Static Keys • Risk of key compromise • Difficult to kick clients • Easy to crack • Can fix with key ratcheting 21 January 2022 alexbeaver.com 7

8. Key Ratcheting • Update Keys Over Time • Common in messaging clients • If one key is compromised, future aren’t 21 January 2022 alexbeaver.com 8

9. Works Best P2P 21 January 2022 alexbeaver.com 9

10. Well- Established Standards • Diffie Hellman • ECDH • Signal Protocol 21 January 2022 alexbeaver.com 10

11. Not Scalable 21 January 2022 alexbeaver.com 11

12. Agenda • The State of Key Ratcheting • A Scalable Solution • Potential Use Cases 21 January 2022 alexbeaver.com 12

13. Requirements • Multicast compatible • Near-infinite # of clients • More secure than static keys 21 January 2022 alexbeaver.com 13

14. The Concept 21 January 2022 alexbeaver.com 14 MSG 1 MSG 2 MSG 3 MSG 4 New Key New Key New Key New Key

15. Don’t Want to Transfer Keys 21 January 2022 alexbeaver.com 15 MSG 1 MSG 2 MSG 3 MSG 4 New Key New Key New Key New Key

16. Polynomials 21 January 2022 alexbeaver.com 16

17. Why Polynomials? • Very flexible • Efficient calculation • Deterministic 21 January 2022 alexbeaver.com 17

18. Deriving a Key from a Polynomial 21 January 2022 alexbeaver.com 18 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Key Polynomial

19. Deriving a Nonce from a Polynomial 21 January 2022 alexbeaver.com 19 Nonce 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Key

20. Deriving a Next X from a Polynomial 21 January 2022 alexbeaver.com 20 X ID* * May not be necessary depending on configuration Nonce 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Key

21. What Do We Have? • Common Algorithm Across All Clients • Convert Highly Flexible Data Set to AES-256 Keys • Missing Key Ratcheting 21 January 2022 alexbeaver.com 21

22. Highly Flexible Data Set 21 January 2022 alexbeaver.com 22

23. Modify Coefficients 21 January 2022 alexbeaver.com 23

24. Modify Coefficients • Establish a changelog • Wrap around sent data • If a client does not receive, loses access to chain • Lightning fast 21 January 2022 alexbeaver.com 24

25. The Concept 21 January 2022 alexbeaver.com 25 MSG 1 MSG 2 MSG 3 MSG 4 Changelog Changelog Changelog Changelog

26. Single Packet Compromise • Attacker likely doesn’t have coefficient set • Cannot go backwards • Have “next x” n iterations in the future • Would have to compromise n sequential packets • Coefficients more difficult to brute-force than sym. key • Unknown # of coefficients 21 January 2022 alexbeaver.com 26

27. Caveats • Recovery mechanism • Client Kick • Works best when # coefficients bounded (1024-8192) • Expensive • If coefficients at any stage compromised, chain becomes compromised • NaN/∞ 21 January 2022 alexbeaver.com 27

28. What Do We Have? • Common Algorithm Generate Keys • Independent Ratcheting • Compromised packet does not compromise security • Constant complexity 21 January 2022 alexbeaver.com 28

29. Agenda • The State of Key Ratcheting • A Scalable Solution • Potential Use Cases 21 January 2022 alexbeaver.com 29

30. Real Time or At Rest 21 January 2022 alexbeaver.com 30

31. Potential Use Cases • Radio • Secure VoIP • IPTV DRM • Group Messaging • Time-Series Databases 21 January 2022 alexbeaver.com 31

32. 21 January 2022 alexbeaver.com 32

Encryption of Time-Series Data

Recommended

Recommended

More Related Content

Similar to Encryption of Time-Series Data

Similar to Encryption of Time-Series Data (10)

Recently uploaded

Recently uploaded (20)

Encryption of Time-Series Data