Zero Knowledge Architecture, is it possible?

How to protect users privacy?

@m4d_z
alwaysdata logo
Let's talk about a Digital Health Notebook
Is it that good?

Share the data:
What, Who, How?

The Data is sensitive

Where is the data stored?

Where does the data go?

We build complex stacks

Take the power back

  • Choose which data to share
  • Give permissions to access it
  • Set expiry date

ZKA is a development pattern which provides a way to give access to users data for third-party apps, with the guarantee that untrusted services can’t access those plain data without any permission.

Designing a Zero-Knowledge app

Data
piece of information produced by the user
Client
user’s application
Service
third-party app that need to access the data
Key-pair
Cryptographic asymmetric keys (RSA / EC)
Certificate
Client/Service Virtual ID card
Server
Distributes the data/identities

Core Concepts

  • Zero Knowledge Proof Authentication
  • End to End Encryption
  • Encrypted data only
  • Non-naive approach

Meld them!

The Crypto Part

  1. Password
  2. Intermediate Certificate, signed with the app CER available on the server
  3. Two pairs : authentication (signature), data (encryption)
  4. Public Keys and Private Keys Hashes are uploaded to the server
  5. Private Keys are stored in the Client with the Intermediate Certificate

Zero Knowledge Proof Auth

The Cave




Registering a Service

  • One Intermediate Certificate per Service
  • Two Keys-pairs per Service
  • The signature keys-pair is used for auth

Zero Knowledge Proof

  1. Service: Ask the Server for a new Client token
  2. Server: Pass the Token to the Service and the Client
  3. Service: Sign the Token and send it to the Client
  4. Client: Both check the signature and the Token

Security Concerns

  • No password exchanges
  • Keys can be revoked using the Intermediate Certificates

End 2 End Encryption

Encrypt

  • Client side only
  • Using the recipient Service Public Key
  • With a unique symmetric Key wrapping

Decrypt

  • Service side
  • With the Service Private Key

Security Concerns

  • Each symmetric key is unique per
    Blob/Service/Client
  • The symmetric key is a datetime token

Non-naive approach

Document: a Tree Structure

Security Concerns

  • Never share all the doc
  • Smallest amount of Data possible
  • Forbidden resources stay safe

Frameworks, Tools, Use-cases

It's not that easy

Frameworks

Backend

Standard File

Mobile / Desktop

  • Binaries
  • Store the Keys in the Filesystem
  • Controlled environment
  • Protected against malware

Web Browser/PWA

Even YP!
Even YP!

CORS

  • Prevent requests from unknows
  • Prevent unauthorized access
  • → Sandbox network exchanges

CSP

  • Forbid unwanted document write
  • Explicitely allow resources
  • Prevent XSS injection / Data leak
  • → Protect application integrity

SRI

  • Verify assets checksum
  • Prevent MITM attack
  • → Guarantees external resources integrity

Referrer-Policy

  • Prevent the leak of internal URIs
  • Sandbox app URLs
  • → Protect from malicious tracking

Keys Storage

  • WebCrypto to manage Keys
  • File-API to store Keys
  • Export encrypted contents

How to protect the Encryption Layer ?

WebAssembly

  • Prevent the data access on-the-fly
  • Make Extracting/Sniffing data significantly harder

Minimize the Mayhem

  • Data leak → Encrypted
  • Priviledge escalation → Encrypted
  • ID theft → ZKP (Encryption)
  • → Limit the attack bias

Thanks @vixentael for the recap

7 questions on ZKA

1/ Migrating from an existing codebase

2/ Applying ZKA to the Big Data

3/ Losing The Keys

4/ Storing metadata on the server

5/ Server security failure

6/ Exporting the keys

7/ Recovery

Initialization

Client

  • Recovery Certificate
  • Recovery Keys-pair
  • TOTP Token
  • Random Recovery Password

Recovery Server

  • Client Private Key account
  • Recovery material

Recovery

Recovery Server

  • Identify the user’s Private Key
  • Serves the payload
  • Delete the material

(new) Client

  • Extracts the payload
  • Restores the contents

Who we gonna trust ?

  • Constructors?
  • Operating Systems?
  • Apps Editors?
  • Users?

We need reviews

Open source, public reviews, public authorities, independent reports…

ZKA

  • Allowed on the Web
  • It’s just a pattern
  • Complex, w/ a Cost
  • Trust issue
m4dz's avatar
m4dz

Paranoïd Web Dino · Tech Evangelist

alwaysdata logo
https://www.alwaysdata.com

Questions?

Thank You!


Available under licence CC BY-SA 4.0

Illustrations

m4dz, CC BY-SA 4.0

Interleaf images

Courtesy of Unsplash and Pexels contributors

Icons

  • Layout icons are from Entypo+
  • Content icons are from FontAwesome

Fonts

  • Cover Title: Sinzano
  • Titles: Argentoratum
  • Body: Mohave
  • Code: Fire Code

Tools

Powered by Reveal.js

Source code available at
https://git.madslab.net/talks