Securing Secrets and Managing Trust in Modern Computing Applications by Andy Sayler B.S.E.E., Tufts University, 2011 M.S.C.S., University of Colorado, 2013 A thesis submitted to the Faculty of the Graduate School of the University of Colorado in partial fulfillment of the requirements for the degree of Doctor of Philosophy Department of Computer Science 2016 This thesis entitled: Securing Secrets and Managing Trust in Modern Computing Applications written by Andy Sayler has been approved for the Department of Computer Science Prof. Dirk Grunwald Prof. Eric Keller Prof. John Black Prof. Sangtae Ha Prof. Blake Reid Date The final copy of this thesis has been examined by the signatories, and we find that both the content and the form meet acceptable presentation standards of scholarly work in the above mentioned discipline. iii Sayler, Andy (Dissertation) Securing Secrets and Managing Trust in Modern Computing Applications Thesis directed by Prof. Dirk Grunwald The amount of digital data generated and stored by users increases every day. In order to protect this data, modern computing systems employ numerous cryptographic and access control solutions. Almost all of such solutions, however, require the keeping of certain secrets as the basis of their security models. How best to securely store and control access to these secrets is a significant challenge: such secrets must be stored in a manner that protects them from a variety of potentially malicious actors while still enabling the kinds of functionality users expect. This dissertation discusses a system for isolating secrets from the applications that rely on them and storing these secrets via a standardized, service-oriented secret storage system. This \Secret Storage as a Service" (SSaaS) model allows users to reduce the trust they must place in any single actor while still providing mechanisms to support a range of cloud-based, multi-user, and multi-device use cases. This dissertation contains the following contributions: an overview of the secret-storage prob- lem and how it relates to the security and privacy of modern computing systems and users, a frame- work for evaluating the degree by which one must trust various actors across a range of popular use cases and the mechanisms by which this trust can be violated, a description of the SSaaS model and how it helps avoid such trust and security failures, a discussion of how the SSaaS approach can integrate with and improve the security of a range of applications, an overview of Custos { a first-generation SSaaS prototype, an overview of Tutamen { a next-generation SSaaS prototypes, and an exploration of the legal and policy implications of the SSaaS ecosystem. Dedication Dedicated to Edward Snowden, Chelsea Manning, Bill Binney, Thomas Drake, Perry Fell- wock, Russ Tice, Mark Klein, Thomas Tamm, and all those who have risked and who will risk their lives and livelihoods to expose the privacy and security abuses of governments around the world. vii Acknowledgements This document could not have been completed without the assistance of a variety of indi- viduals. First, thanks to all of my committee members for their oversight, suggestions, and time. Dirk Grunwald, my advisor, provided numerous suggestions and coauthored the Custos and Tu- tamen papers that predated this document. Eric Keller provided suggestions and assistance on a variety of topics including the original Custos implementation that was undertaken as project for his course. Blake Reid provided the impetus for me to get more involved in the policy side of technology and was kind enough to have me as a member of the Colorado Technology Law and Policy Clinic (TLPC) during the Spring of 2015. John Black and Sangtae Ha have both provided suggestions and answers a variety of technical questions. Beyond those that served on my committee, many other individuals also provided technical support and insights. Matt Monaco provided the implementation of the Tutamen dm-crypt FDE client and is a coauthor on the Tutamen paper. Taylor Andrews provided the Tutamen-backed encrypted Dropbox client implementation and is also a coauthor on the Tutamen paper. Joseph Lorenzo Hall and Erik Stallman both provided mentorship and guidance on a variety of security and policy topics during my time in Washington, DC at the Center for Democracy and Technology. Finally, a big thanks to my partner Denali Hussin for her continual support throughout my time as a PhD student, as well as her editing support on a range of (overly) verbose technical documents. Thanks also to my parents Mike and Lori for their 27+ years of support and assistance. And thanks to all those who assisted and supported my efforts, but whom I have unintentionally failed to mention here. Contents Chapter 1 Introduction 1 1.1 Overview..........................................1 1.2 Motivating Examples....................................3 1.3 Goals............................................6 2 Background 9 2.1 Cryptography........................................9 2.1.1 Symmetric Cryptography.............................9 2.1.2 Asymmetric Cryptography............................ 11 2.1.3 Secret Sharing................................... 14 2.2 Usability........................................... 15 2.3 Storage........................................... 16 2.4 Access Control....................................... 19 2.5 The Cloud.......................................... 22 2.5.1 Benefits....................................... 22 2.5.2 Service Classes................................... 24 2.5.3 Enabling Technologies............................... 25 3 Challenges to Privacy and Security 27 3.1 Modern Use Cases..................................... 27 x 3.1.1 Consumer Use Cases................................ 28 3.1.2 Developer Use Cases................................ 34 3.2 Threats to Security and Privacy.............................. 37 3.2.1 Misuse of Data................................... 37 3.2.2 Data Breaches................................... 38 3.2.3 Government Intrusion............................... 40 3.2.4 Physical Security.................................. 42 3.3 Need for New Solutions.................................. 43 4 Related Work 47 4.1 Trust, Threat, and Security Models............................ 47 4.2 Minimizing Third Party Trust............................... 48 4.2.1 Cryptographic Access Control........................... 49 4.2.2 Homomorphic Encryption............................. 50 4.2.3 Secure Storage................................... 51 4.3 Enhancing End User Security............................... 52 4.3.1 Communication Tools............................... 52 4.3.2 Password Managers................................ 53 4.3.3 Storage Tools.................................... 54 4.4 Key and Secret Management Systems.......................... 55 4.4.1 Key Management in Storage Systems...................... 56 4.4.2 Key Escrow..................................... 56 4.4.3 Automated and Cloud-based Secret Management................ 57 5 An Issue of Trust 61 5.1 Analyses Framework.................................... 61 5.2 Traditional Model..................................... 64 5.3 SSaaS Model........................................ 66 xi 5.4 Trust Survey of Existing Systems............................. 68 5.4.1 Cloud File Storage................................. 71 5.4.2 Social Media.................................... 73 5.4.3 Communications.................................. 74 5.4.4 Password Managers................................ 77 5.4.5 Cloud Infrastructure Services........................... 78 5.4.6 SSaaS Alternatives................................. 79 6 Secret Storage as a Service 83 6.1 Architecture......................................... 84 6.1.1 Stored Secrets................................... 84 6.1.2 Secret Storage Providers.............................. 85 6.1.3 Clients........................................ 88 6.2 Economics.......................................... 89 6.3 Security and Trust..................................... 92 7 SSaaS Applications 95 7.1 Common Patterns and Challenges............................ 95 7.1.1 SSaaS Metadata Storage.............................. 95 7.1.2 Data Granularity.................................. 98 7.2 Use of SSaaS Libraries and Utility Programs...................... 99 7.3 Storage........................................... 100 7.3.1 Cloud File Sync/Storage.............................. 101 7.3.2 Server Data Encryption.............................. 102 7.3.3 Mobile Device Encryption............................. 103 7.3.4 Personal Data Repository............................. 105 7.4 Communication....................................... 106 7.5 Authentication....................................... 107 xii 7.5.1 SSH Agent Key Management........................... 108 7.5.2 SSH Server Key Management........................... 110 7.6 Dedicated Crypto-Processor................................ 112 8 Custos: A First-Generation SSaaS Prototype 115 8.1 Architecture......................................... 115 8.1.1 Access Control................................... 116 8.1.2 Protocol....................................... 122 8.2 Implementation....................................... 123 8.2.1 SSP Server..................................... 123 8.2.2 EncFS........................................ 124 9 Tutamen: Next-Generation Secret Storage 125 9.1 A New Approach...................................... 125 9.1.1 Flaws in Custos..................................