LT - Least Authority File System - Zooko

is it go hi I'm Zuko and I'm going to talk for up to 20 minutes about spying and the least authority cloud system so many years ago now that caves ago I started worrying that the far future everyone would be using the internet and once I've been was using the internet then large centralized powers would gain the ability to spy on whatever I was doing all the time and I thought that would inevitably happen I could try to interview in this is this future history by inventing cryptography tools for people to use to protect themselves from that kind of surveillance and it turns out I was right that day is now come as we've all learned by public revelations

recently almost everything that almost everyone does is being collected and processed by the computers of either spies or criminals or somebody so let me tell you about the thing that I've been working on for a few years much of other open-source hackers it's called the least Authority file system I don't have slides but if you look up that string on the internet you can find the open source project and I have a company that's commercializing if I'm not really going to talk about that because nobody likes to listen to sales pitches but you should totally go to my company's website give me money and so obviously what we decided to do we said how it was make it possible for people's

data to be encrypted on the client side before it gets transmitted over the internet or stored remotely remember and so the least authority file system is a storage tool and it's called file system in its name because it has directories and files so you can organize your files into sub directories and drunk like that but the way you use it is more like it's like BitTorrent you can upload as well as download rather than using it like a local file system and you like mount operating system so it's a user space tool that people run and then they yeah they use it like the torrent but for both read and write or bittorrent is just for don't money really and you

already understand enough about photography that you can imagine how you could design such a thing so that all of the data gets encrypted before it gets uploaded and then gets automatically decrypted whenever someone downloads is to look at it but we did some interesting things that I wanted to explain some of the unusual parts of the design the well before you that will be telling you it about the social context is this open source project there's you know like a dozen or an uncounted number of people who contribute patches and documentation and junk food all around the globe it's being there made public releases of this source code for about seven years now and it's been a pretty widely studied

for a you know cryptography project it's it's been used by like anonymous activists and people who won't confirm or deny that they use it when I asked though I spoken to three different people who won't deny that they work for the NSA and say that they're interested in a specific uses of this file system one of them who was working for the NSA left NSA and started working at booz allen hamilton and shortly after that a few months after that contributed a patch to the lease authority file system to integrated what they do so that you could perform big you know MapReduce queries across your Lisa 30 vowel systems store to decrypted data this software is included in debian in abu

too so if you use those systems than an easy way to get it is apt-get install it so the interesting part of the design that I want to talk about today is that instead of the obvious thing of having sort of one encryption key per user and encrypting all of the data when it goes up in the decrypting at all when it comes down we made one in Christian keeper file and also / directory so every file in every directory has its own unique key and separately independent from all the other keys and the reason we do that is so that you can do file sharing so the least authority in least authority file system refers to

this concept called the principle of least authority which is that you should you should have an exercise only the minimal amount of authority that you need to to get your job done and so the fact that the storage servers that are holding everyone's data in the system don't have access to the encryption keys that's an example of the principle of least authority which is that in order to do their job of storing data they don't need the ability to view content and so the system deprives them of that ability because of the principal police authority and it's that same principle that made us use that do this unusual design decision of making up a different

in divinity for every file because now you can give someone access to one file without giving them access to any other button so any any frame you want to share with or any person you want to share with you can give them the access keys to some subset of your files and doing so doesn't does it imply anything about all the other files and that's an example the principal beast authority you're you're granting to those people the authority to read those files and no more so that sounds like a really problematic design decision because the problem with all of cryptography is key man and that's why rural people don't use cryptography if they can help it right anybody who sees

two tools available one of them says this is the secure tool and the other one says this is to get your job done two old everyone knows to avoid the secure tool at all costs because it will impose hassle it'll slow you down and Sarah was talking about earlier how people see where people realize that they have to deal with security the reins turn off like oh god not this again so and the problem with the problem with cryptography in particular is key management so at first blush it would be a terrible idea to multiply the key management problem by a million times by making a million keys instead of one and so then there's the other

weird combined with that which is that this is a Vista file system with files and directories and you can have directories within directors and support and in any file system unix windows if you treat like the world wide web as a file system because there are like links that you follow if all the links you come to new data they are into the link all that stuff there any such system there has to be a filehandle there has to be a link that your computer is using to to load to reach the document here you're asking for your request okay and the track is the the most interesting in important concept in waste authority file system is we took all of those

millions of cush entities and we put the key for each file in the handle of references that file so like if you're familiar with a UNIX file system there are items right and the inode is not file but you're pretty lecture ever look at a UNIX file without going through its inode on the way to it okay so what we did at least for the 40,000 was put the decryption key for that file and the the handle or the equivalent of the I know and the effect of that is is you're navigating your file system link if you're in sensual link it says hey look at this and you may click on it or if

you are seeing in your direction like CDE / in t three CDs best space you know grab whatever every time you navigating through the file system your computer is acquiring the decryption keys necessary for the for any next step that you would take and the button system okay so that is the big idea at least authority file system and I think it's potentially a big idea because it hides the whole key management problem it makes it it makes it go away because in a normal in a normal encrypted storage system you basically have to do two things every time you have to acquire the data and you have to get the key or the access

permission to access the right so if you have some data in your Krypton it has a day in that normal encryption system and you want to share it with some including like yourself on a different device then you send a reference to the person you want to share with you say hey look at this here's a link or I copied this to you or whatever however it is you share and in a typical secure file system you double the hassle factor any time you want to share something with someone you have to send them the data you also have to simply keep and what we hope is valuable at least 30,000 of design is to reunify those two

actions again so in that design when you put a sim data to someone you just send them this thing which is the file animal and that thing contains both you gives them the ability to require the data and it gives them a diversion and one act so there are a lot work sort of interesting parts of the architecture of phillies 4 30 file system which I don't have time to go into you now that you can read about on our website and I'm going to go back to the topic of spine I started with stock fair question when you know a generation ago like when we were kids police work and espionage or something to require manual effort

and manual effort is expensive so if you are going on a typical person would be justified in thinking that nobody was spying on them because they weren't worth the effort in the expense of being spied upon and sometime between now and then that's reversed and now spying is done automatically by computer programs that use you know automated data collection and machine learning and in that situation it would require expensive manual effort for anyone to to choose to not sweat to program the computer to exclude you from being part of the of the machine learning algorithm would be a complicated expensive operation so is reversed and now everyone is spied on it and you should assume that the information that you

admit about yourself as the internet it's beyond that we collect process so this tool about this tool was invented and is currently being worked on as a in large part as a political act like the theory is that it's a dangerous situation to have automated surveillance of everyone by computer programs and it's going to become more dangerous in the near future with those computer programs gained the ability to act on people as well as to surveil them the example that I think of is the way your credit card company might call you if you make a purchase from like relocation we're kind of purchased there's no human involved in that process there's a computer program

running a credit card company that evaluates the pattern as being unusual and it can stop the transaction from happening without any human knowing that it did that as a fraud prevention ticket and that kind of automated intervention is likely to come in the near future as a follow up to today's automated surveillance so especially unless free societies then here you can easily imagine that a near future those computer programs will intervene for example to prevent people from communicating with one another if they're machine learning algorithm is concluded for those communications are banned political speech so this least authority file system is intended to make it infeasible to surveil and sensor people's communications indiscriminately on a

mass scale to do that everyone wants but it's not intended or believed that if you use this that prevents you from being personally targeted if you're a spy or if you are being targeted by criminals who have chosen you to to attack or if you're traveling in a war zone and you are being attacked by cyber soldiers or something like that then you shouldn't expect that this sort of technique of running encryption software on your client insulated would be sufficient to protect you from that that's not the goal of this project it's too allow people to be free of automating indiscriminate surveillance that is my whole talk it's good about like 15 minutes so now I can answer

questions for chance okay I have to okay um one is are the keys for the encryption static stored in an hour for the length of that bottles lifetime it's a really good question into it you can rotate them is their way to rotate it in a mass way to go through basically just rip the entire hard drive in movies or can it be done one at a time yeah so the questions are from the keys static for the lifespan of the five we're thinking and what is it like to rotate the answer is this is a weak spot in the architecture well it's also kind of a fundamentally hard problem for the distributed case I didn't really

emphasize this but this is not like just one hard drive with an encrypted file system on it it's like a peer-to-peer network like BitTorrent in which many sort of ad hoc servers could be holding pieces of the ciphertext and so in that context is you you can't necessarily rely on the servers to forget the old ciphertext right once once you've encrypted some data with a given the key and you've uploaded servers you could later asked you could say oh you know that thing not encrypt nearly a week to meet that psycho text and if your severe cipher text instead but you can't know if they're really delete it fair enough right so it's kind of fun ugly hard and

we our current solution is is pretty weak which is just kind of the obvious thing with the keys are static for the life span that I'm object and if you really want to so if I if I make a fun and I share with several people and then I changed my mind and I think oh I want to stop letting hers what I right in here right then the only thing you can do is the least till early file system right now is make anyone that just copy your diary or whatever from the old until and share the new one with three people and exclude the fourth person from learning one and that's too bad because that's

that's you know I complicated and inconvenient and inconvenience is like the death of security right so it's a concern for me but also in the distributed case is almost impossible to do better to really intriguing problem present the question thanks okay you only make more questions I want to tell you something else because I have like 3 1 yeah there's a cool hat that we did which is sort of like what you see in get the distribution control system which is that some of the things in the telephoto system are immutable by construction which means that the handle the place to those things contains the secure hash of the contents of the thing right you know

how this works in get how there is a tree or a chain of files and commits so you add new convince to the get revision control system each one has a secure hash of the previous one and by the nature of a secure hash you can't come up with a different file that will have the same ID so in the least 30 houses to have both the kids style immutable files and more traditional normal and beautiful files and [Music] that is that turns out to be useful to people in practice because because the principal least authority again sometimes I want to sometimes you want to get information from someone and you want to know that even though people who

gave it to you can't subject them to change it so it's kind of like just sending the contents of the file but it doesn't require polka data transfer instead of the syntha thing and you can have a directory tree if it's a beautiful and all the sub directories files with a vendor likewise so that's another way of the principal beast authorities if you don't need the person to be able to update it and you can deny them how is that any different than read-only effectively yeah that's a good question the question was how is a few to bility different than me only and they're related bit different so in the police authority file system there's either

immutable things and mutable and the amiable thing can't be updated by anyone on even the Creator like no one world can ever update it the beautiful things you can have it or read write access or read-only access to right so you know sometimes you want to give someone read only access to a thing that you can continually update other times you want something to give someone access to a thing to nobody can update it just really useful especially for for like tracking down what the hell happened ex post facto is really useful to say you know this set of files cannot have changed at many points as they were created so that we did exclude those

have been tampered with or accidentally changed from trying to figure out what the hood okay thank you all for this both numbers yay are you talking about that and are the keys of the sub trees and some files and directories anyway derived from previous ones are the keys of the subjects are so very first arrived for the parent directory it's a really good question we actually are trying to work on this crypto idea that would let the keys we derive from the parent as an optimization by currently we use the simpler idea of the the keys of the children getting embedded inside the parent so that when you're navigating through you can find them one

consequence of that is that you can't give someone a parent directory while denying them access to all of its children so there's no way which is cut it I like it it means that there's no like access denied error and the least of the results if you go into it you see me into a directory and there's a list of subjects you already have either you're conceding to anyone and there cannot be an access tonight or at that point so whoever gave you that parent directory if they didn't want you to have access to those child directories they needed to give you a different pair they're good with fewer children yeah and so far no users have complained

about that notation so seems to work is it you apply it to directory

change some right good question and the answer is that a the a beaut ability and the read-only is are both deep properties that apply to all children transitively so if I give you an immutable directory I know that you can only ever access you and I both know that you can only ever access the immutable things no matter how do you navigate within it and if i give you read only access to internet you can only get read access to anything within it it's also i also like that properly are you more wishes okay thank you all for listening to my god [Applause]