Table of Links
-
Related Work
-
The Proposed Secret Backup Approaches
-
Security and Reliability Analysis
3 THE PROPOSED SECRET BACKUP APPROACHES
Before we elaborate on our proposed backup method, we first introduce the involved factors and the models of security and reliability. Then after describing our proposed approach, we quantitatively analyze our method's security and reliability measures and compare our results with other approaches.
3.1 Notations
In this section, we first identify involved parties and channels and examine the secret protection process. We first introduce a few terms to simplify the discussion of the encryption process. We also formally define the objective of security and reliability.
3.1.1 Parties
We call the owner of the private key simply the owner, who possesses the private key (or the secret key, SK) and generates the backup.
To use social authentication, the owner selects some trustees from his contacts, and the remaining contacts are simply called contacts. The chosen trustees are supposed to be able to identify the owner via interactions and help to recover the owner's private key.
An adversary is the one who attempts to steal the owner's private key and break into his account. Generally, the adversary has a low probability of physically stealing the owner's backup. In contrast, traditional backup methods are vulnerable to being stolen, as we have discussed before. With the computing power of current technologies, we assume that the adversary cannot break the owner's public key encrypted information, and the adversary cannot fully emulate the interaction style and details of the owner. The potential threats of quantum computing shall be investigated in future work.
3.1.2 Communication Channels
User-Server: We assume the channel between a user to a server is secured by the PKA method. In other words, we assume no adversary can eavesdrop or forge messages over such a channel.
Peer-Peer: We assume that every owner can establish a secure communication channel with trustees. No adversary can eavesdrop, forge or intercept messages in the transactions.
3.1.3 Encryption Notation
We use the notation "⊙" to denote the operation of encryption. For example, "PK⊙information" gives the result after PK encrypts the information
3.1.4 Evaluation Measures
Here, we first define the security and reliability measures and later use them to evaluate the quality of backup approaches. The security measure is the probability that adversaries fail to retrieve the backup, and the reliability measure is the probability that an owner can successfully recover the backup. A backup fails if it is either not secure or not reliable.
3.2 Assumptions
We assume that PKA will be the primary authentication method in the future because of its security and mature key management solution. The owner can openly access trustees' public keys through online identity servers without the need to inform trustees. Additionally, the access is not constrained to specific servers; hence, no service providers can control or dictate the operation of our proposed method.
Since we assume the adversary could not break into the CMD, an owner needs to perform recovery only when his CMD is lost or not functional. Generally, the owner and trustees tend to protect their private keys well and rarely change them.
Finally, we assume the owner and trustees have a secure computing environment for processing the encryption and decryption.
Authors:
(1) Wei-Hsin Chang, Deepmentor Inc. ([email protected]);
(2) Ren-Song Tsay, Computer Science Department, National TsingHua University, Hsinchu, Taiwan ([email protected]).
This paper is