Erinn
Atwater,
PhD
candidate
David
R.
Cheriton
School
of
Computer
Science
The average computer user is no longer restricted to one device. They may have several devices and expect their applications to work on all of them. A challenge arises when these applications need the cryptographic private key of the devices' owner. Here the device owner typically has to manage keys manually with a "keychain" app, which leads to private keys being transferred insecurely between devices — or even to other people. Even with intuitive synchronization mechanisms, theft and malware still pose a major risk to keys. Phones and watches are frequently removed or set down, and a single compromised device leads to the loss of the owner's private key, a catastrophic failure that can be quite difficult to recover from.
In a previous seminar, we introduced Shatter, an open-source framework that performs key distribution on a user's behalf. Shatter uses threshold cryptography to turn the security weakness of having multiple devices into a strength. This seminar will present Shatter 2, which incorporates years of lessons learned with Shatter to address a wide variety of implementation concerns with threshold cryptography and a series of new usability and security mechanisms we have since incorporated to create a sophisticated key protection system. We will also explore the complexity such a system introduces, and how we might reduce the cognitive and physical burdens placed on everyday users through the use and evaluation of an automated configuration recommendation engine.