DEGREE PROJECT IN INFORMATION AND COMMUNICATION TECHNOLOGY, SECOND CYCLE, 30 CREDITS STOCKHOLM, SWEDEN 2018 Private, secure, and censorship resistant document sharing for individuals and groups based on distributed ledger technology JENS RÖWEKAMP KTH ROYAL INSTITUTE OF TECHNOLOGY SCHOOL OF ELECTRICAL ENGINEERING AND COMPUTER SCIENCE TRITA EECS-EX-2018:519 www.kth.se Abstract The scandal around Facebook and Cambridge Analytica in 2017 showed drastically that new concepts to share and store information need to be developed in order to minim- ize the huge potential for abuse resulting from centralized information stored at trusted third parties. This thesis analysed to what degree current document ex- change systems (e.g. Dropbox) comply with the information security services confidentiality, integrity, privacy, anonym- ity, authenticity of authors, non-repudiation, and accountab- ility; with the result that all analysed systems lack support for privacy and anonymity. Mainly due to their centralized design, missing (meta)data encryption, and regulations of jurisdictions in which they operate. Based on that analysis a decentralized concept for docu- ment sharing in a peer-to-peer fashion utilising client-side encryption, the separation of data and metadata, metadata masking through Tor hidden services, and distributed ledger technology for directory service provision, was developed. The concept was proven through prototype implementation of a document exchange software called docShare and its information security services were compared with former analysed exchange technologies. The analysis showed that docShare has a better information security service provi- sion but is still leaking identity information in form of IP addresses when interacting with the distributed ledger Eth- ereum. Mainly because Ethereum doesn’t support traffic anonymization through Tor. iii Referat Privat, säker och censurresistent document sharing för individer och grupper baserad på DLT Skandalen kring Facebook och Cambridge Analystica i 2017 visade drastiskt att nya koncept för hur information delas och sparas behöver utvecklas för att reducera den stora missbrukspotentialen som är ett resultat av att information sparas centralt hos betrodda tredje partier. Denna avhandling analyserar till vilken utsträckning nuva- rande document exchange system(s) (till exempel Dropbox) följer säkerhetsservices såsom förtrolighet, integritet, ano- nymitet, autorernas autenticitet, påvislighet och räkenskap. Undersökningen visar att alla analyserade system saknar stöd för integritet och anonymitet, mest på grund av den centraliserade designen, saknande informationskryptering och de juridiska reglerna som gäller för dem. Baserad på denna undersökning utvecklades ett koncept för peer-to-peer document sharing som innebär att information krypteras, att information och metainformation separeras, metainformation skyddas genom TOR hidden services samt att DLT används för katalogtjänster. Detta koncept bevisades genom prototypisk implementation av en dokumentutbytningssoftware som kallas för docSha- re vars information security services jämfördes med andra analyserade utbytetekniker. Analysen visade att docShare har en bättre information security service tillhandhållande, men den läcker fortfarande identitetinformationer i form av IP adresser när den interagerar med den distribuerande ledger Ethereum, främst för att Ethereum inte stödjer traffic anonymisering genom Tor. iv Acknowledgments I am deeply thankful to • my family, friends, fellow students, and professors for their support during my studies, • Pia Ströhle and Anja Pflugfelder for translating my abstract to Swedish, and • George Lucas for creating the Star Wars universe. Menlo Park, CA, 27th August 2018 Jens Röwekamp v Contents 1 Introduction1 1.1 Problem statement............................ 1 1.2 Research methodology.......................... 2 1.3 Goals ................................... 2 1.3.1 Objectives............................. 3 1.3.2 Deliverables............................ 3 1.4 Purpose.................................. 3 1.5 Scope, limitations, and assumptions .................. 4 1.6 Ethical and sustainable aspects..................... 5 1.7 Outline .................................. 5 2 Technical background7 2.1 Information security services ...................... 7 2.1.1 Data integrity........................... 7 2.1.2 Data confidentiality ....................... 7 2.1.3 Data security, privacy, and anonymity............. 8 2.1.4 Non-repudiation ......................... 8 2.1.5 Accountability .......................... 9 2.1.6 Authentication.......................... 9 2.1.7 Access Control.......................... 9 2.1.8 Availability............................ 9 2.2 Cryptography............................... 10 2.2.1 Symmetric cryptography..................... 10 2.2.2 Hashing.............................. 10 2.2.3 Asymmetric cryptography.................... 11 2.2.4 Public key management..................... 13 2.2.5 Digital envelopes......................... 14 2.2.6 Zero-knowledge proof ...................... 15 2.3 Distributed ledger ............................ 16 2.3.1 Bitcoin .............................. 16 2.3.2 Ethereum............................. 18 2.3.3 Tendermint............................ 19 2.3.4 Corda............................... 21 2.4 The Onion Router ............................ 21 vi CONTENTS 2.4.1 Traffic anonymization ...................... 22 2.4.2 Location-hidden-services..................... 22 3 Security assessment of related work 25 3.1 Document exchange use case analysis and sensitivity categorization . 25 3.2 Centralized file-sharing services..................... 27 3.2.1 Box ................................ 28 3.2.2 Dropbox.............................. 28 3.2.3 Nextcloud............................. 29 3.2.4 Citrix RightSignature ...................... 30 3.3 Decentralized data storage and file-sharing services.......... 30 3.3.1 Sia................................. 31 3.3.2 Storj................................ 32 3.3.3 SecuRES ............................. 33 3.4 Miscellaneous............................... 34 3.4.1 Secure E-Mail through OpenPGP................ 34 3.5 Summary ................................. 34 3.6 Conclusion ................................ 35 4 Prototype specification 38 4.1 Architecture................................ 38 4.1.1 Identity management....................... 40 4.1.2 Anonymization network..................... 41 4.1.3 docShare client.......................... 41 4.2 Protocols ................................. 42 4.2.1 User registration in the identity management system (IMS) . 42 4.2.2 Legal identity verification of an entity in the IMS . 42 4.2.3 Data exchange with compliance to private . 44 4.2.4 Data exchange with compliance to anonymous . 44 4.2.5 Data exchange with compliance to tracking . 44 4.2.6 Data exchange with compliance to business . 47 5 Prototype implementation 49 5.1 Limitations to the specification..................... 49 5.2 Public identity management service................... 49 5.3 Key value storage for tracking ...................... 50 5.4 Anonymization network ......................... 51 5.5 docShare client.............................. 51 5.5.1 SQLite3 metadata database................... 52 5.5.2 docShare library ......................... 52 5.5.3 Services.............................. 55 5.5.4 Terminal scripts ......................... 57 6 Prototype evaluation 62 6.1 Evaluation environment ......................... 62 6.2 Public identity management....................... 62 vii 6.3 Partner management........................... 63 6.4 Document exchange with regards to secure and private . 64 6.5 Document exchange with regards to anonymous . 64 6.6 Document exchange with regards to tracking . 65 6.7 Document exchange with regards to business . 65 6.8 Summary ................................. 65 6.9 Theoretical connection of the concept ................. 67 7 Conclusion 68 7.1 Recommendations for future work ................... 69 Bibliography 71 Appendencies A Declaration of independence 79 B Installation and usage guide 80 C Digital Content 84 List of Figures 2.1 Structure of a hash-linked list. ....................... 11 2.2 Structure of a Merkle tree. ......................... 12 2.3 Structure of the Bitcoin blockchain. .................... 17 2.4 High level structure of a replicted state machine.............. 20 2.5 Traffic anonymization in Tor......................... 22 2.6 Simplified version of the Tor rendezvous protocol.............. 23 4.1 Prototype architecture overview. ...................... 39 5.1 Screenshot of docShare’s public identity management system’s web-frontend. 50 5.2 Screenshot of docShare’s key value store’s web-frontend.......... 51 5.3 Message format specification used in docShare communications. 52 5.4 Digital envelope format for documents of sensitivity secure and private. 54 5.5 Digital envelope format for documents of sensitivity tracking. 55 6.1 Environment used to evaluate docShare’s implementation. 63 viii List of Tables List of Tables 2.1 Specification of combinations of data security, privacy, and anonymity.. 8 3.1 Summary of information security services based on the use case analysis. 26 3.2 Categorization of documents based on their need of information security services..................................... 27 3.3 Compliance of analysed document-sharing systems with defined document sensitivity levels in section 3.1. ....................... 35 3.4 Overview of the analysed systems