Is a Secured (Web) App Possible?
Zero Knowledge Architecture
@m4d_zhttps://talks.m4dz.net/zka/en/short/As a…
MESSAGING APP USER
I want to…
SHARE NUDES WITH MY BUD
So that…
MY SERVICE HOSTER CAN ACCESS MY PICS TOO
Fact
it’s easier to build
a complex backend stack
rather than a secured client
Our Stacks Are Huge
Data Is Sensitive
Question is
Who Owns Your Nudes?
Do not exposes your
whole data to everyone
Only identified users and apps
are allowed to access data
Allow access for a limited
amount of time
ZKA is a development pattern which provides a way to give access to users data for third-party apps, with the guarantee that untrusted services can’t access those plain data without any permission.
Lexicon
Patterns
Setup
Registering a Service
The Mystery Cave
Zero Knowledge Proof
┌─────────────┐ ┌────────────┐ ┌────────────┐
│ Service │ │ Server │ │ Client │
└──────┬──────┘ └──────┬─────┘ └─────┬──────┘
│ Request new Client Token │ │
├───────────────────────────────►│ │
│ │ │
│ Return Client Token │ Register Token │
│◄───────────────────────────────┼─────────────────────────────►│
┌──────────┤ │ ├───────────┐
Sign Client Token │ │ │ │
└─────────►│ │ │ │
│ Send Signed Token │ │ │
├────────────────────────────────┼─────────────────────────────►│ │
│ │ ├───────────┤
│ │ │ Check Token and Sign
│ │ │◄──────────┘
│ │ Valid: Authorize Service │
│◄───────────────────────────────┼──────────────────────────────┤
│ │ │
│ │ Invalid: Reject Access │
│ │◄─────────────────────────────┤
Security Concerns
Encrypt
Decrypt
Security Concerns
Document Tree Structure
Security Concerns
So,
Who Protects Your Nudes?
We need reviews
Open source, public reviews, public authorities, independent reports…
ZKA
Paranoïd Web Dino · Tech Evangelist
https://talks.m4dz.net/zka/en/short/ Available under licence CC BY-SA 4.0
m4dz, CC BY-SA 4.0
Courtesy of Unsplash and Pexels contributors
Powered by Reveal.js
Source code available at
https://git.madslab.net/talks