SafetyPin: Encrypted Backups with Human-Memorable Secrets
Henry Corrigan-Gibbs presents the design and implementation of SafetyPin, a system for encrypted mobile-device backups.
This event takes place online.
See description for details.
SafetyPin: Encrypted Backups with Human-Memorable Secrets—Henry Corrigan-Gibbs (MIT CSAIL)
This talk will present the design and implementation of SafetyPin, a system for encrypted mobile-device backups. Like existing cloud-based mobile-backup systems, including those of Apple and Google, SafetyPin requires users to remember only a short PIN and defends against brute-force PIN-guessing attacks using hardware security protections. Unlike today’s systems, SafetyPin splits trust over a cluster of hardware security modules (HSMs) in order to provide security guarantees that scale with the number of HSMs. In this way, SafetyPin protects backed-up user data even against an attacker that can adaptively compromise many of the system’s constituent HSMs. SafetyPin provides this protection without sacrificing scalability or fault tolerance.
Decentralizing trust while respecting the resource limits of today’s HSMs requires a synthesis of systems-design principles and new cryptographic tools. Henry’s team evaluates SafetyPin on a cluster of 100 low-cost HSMs and shows that a SafetyPin-protected recovery takes 1.01 seconds. To process 1B recoveries a year, they estimate that a SafetyPin deployment would need 3,100 low-cost HSMs.
Join our online lecture via Zoom here.
About the Lecture Series
This year, the ViSP is launching the Distinguished Lecture Series with internationally renowned researchers from the field of Security & Privacy. They will be invited to give a lecture every month.
ViSP, the Vienna Cybersecurity and Privacy Research Center consists of researchers from IST Austria, TU Wien and Uni Wien. With these three institutes, Vienna offers an exceptional degree of excellence for research in the area of Security and Privacy. The mission of ViSP is to unlock the true potential of the location by fostering collaborations between different institutes in Vienna. This collaboration strives to do impactful research and advance state of the art, securing Vienna’s pioneer role in the research in Security and Privacy.