DECO: Liberating Web Data Using Decentralized Oracles for TLS

Thanks to the widespread deployment of TLS, users can access private data over channels with end-to-end confidentiality and integrity. What they cannot do, however, is prove to third parties the provenance of such data, i.e., that it genuinely came from a particular website. Existing approaches either introduce undesirable trust assumptions or require server-side modifications. Users' private data is thus locked up at its point of origin. Users cannot export data in an integrity-protected way to other applications without help and permission from the current data holder. We propose DECO (short for decentralized oracle) to address the above problems. DECO allows users to prove that a piece of data accessed via TLS came from a particular website and optionally prove statements about such data in zero-knowledge, keeping the data itself secret. DECO is the first such system that works without trusted hardware or server-side modifications. DECO can liberate private data from centralized web-service silos, making it accessible to a rich spectrum of applications. To demonstrate the power of DECO, we implement three applications that are hard to achieve without it: a private financial instrument using smart contracts, converting legacy credentials to anonymous credentials, and verifiable claims against price discrimination.

[1]  Abhijit Choudhury,et al.  AES Galois Counter Mode (GCM) Cipher Suites for TLS , 2008, RFC.

[2]  Srdjan Capkun,et al.  DelegaTEE: Brokered Delegation Using Trusted Execution Environments , 2018, IACR Cryptol. ePrint Arch..

[3]  Hubert Ritzdorf,et al.  TLS-N: Non-repudiation over TLS Enablign Ubiquitous Content Signing , 2018, NDSS.

[4]  Dan Boneh,et al.  Bulletproofs: Short Proofs for Confidential Transactions and More , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[5]  Elaine Shi,et al.  xJsnark: A Framework for Efficient Verifiable Computation , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[6]  Benjamin Livshits,et al.  SCRIPTGARD: automatic context-sensitive sanitization for large-scale legacy web applications , 2011, CCS '11.

[7]  Gene Tsudik,et al.  Sanitizable Signatures , 2005, ESORICS.

[8]  Christopher Krügel,et al.  Topology-Based Detection of Anomalous BGP Messages , 2003, RAID.

[9]  Florian Volk,et al.  Security of Sanitizable Signatures Revisited , 2009, Public Key Cryptography.

[10]  Fan Zhang,et al.  CanDID: Can-Do Decentralized Identity with Legacy Compatibility, Sybil-Resistance, and Accountability , 2021, 2021 IEEE Symposium on Security and Privacy (SP).

[11]  Prateek Mittal,et al.  RAPTOR: Routing Attacks on Privacy in Tor , 2015, USENIX Security Symposium.

[12]  Joan Feigenbaum,et al.  Learning-based anomaly detection in BGP updates , 2005, MineNet '05.

[13]  Marina Thottan,et al.  An Online Mechanism for BGP Instability Detection and Analysis , 2009, IEEE Transactions on Computers.

[14]  Thomas F. Wenisch,et al.  Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution , 2018, USENIX Security Symposium.

[15]  Judit Bar-Ilan,et al.  Non-cryptographic fault-tolerant computing in constant number of rounds of interaction , 1989, PODC '89.

[16]  Stefan Roth,et al.  A special price just for you: effects of personalized dynamic pricing on consumer fairness perceptions , 2020, Journal of Revenue and Pricing Management.

[17]  Thomas Ristenpart,et al.  Message Franking via Committing Authenticated Encryption , 2017, CRYPTO.

[18]  Jonathan Katz,et al.  Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation , 2017, CCS.

[19]  Yehuda Lindell,et al.  Secure Multiparty Computation for Privacy-Preserving Data Mining , 2009, IACR Cryptol. ePrint Arch..

[20]  Ron Steinfeld,et al.  Content Extraction Signatures , 2001, ICISC.

[21]  Engin Kirda,et al.  Quo Vadis? A Study of the Evolution of Input Validation Vulnerabilities in Web Applications , 2011, Financial Cryptography.

[22]  李念祖,et al.  American Bar Association , 1988, Journal of International Arbitration.

[23]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[24]  John Kelly Right to Data Portability , 2018 .

[25]  Yehuda Lindell,et al.  A Note on Zero-Knowledge Proofs of Knowledge and the ZKPOK Ideal Functionality , 2010, IACR Cryptol. ePrint Arch..

[26]  Andrew M. Odlyzko,et al.  Privacy, economics, and price discrimination on the Internet , 2003, ICEC '03.

[27]  Hideki Imai,et al.  Digitally Signed Document Sanitizing Scheme with Disclosure Condition Control , 2005, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[28]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.3 , 2018, RFC.

[29]  Jack Peterson,et al.  Augur: a decentralized, open-source platform for prediction markets , 2015, ArXiv.

[30]  Mark Brown,et al.  Transport Layer Security (TLS) Evidence Extensions , 2006 .

[31]  Manu Sporny,et al.  Signing HTTP Messages , 2019 .

[32]  Morris J. Dworkin,et al.  SP 800-38D. Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC , 2007 .

[33]  Patrick D. McDaniel,et al.  A Survey of BGP Security Issues and Solutions , 2010, Proceedings of the IEEE.

[34]  Marc Fischlin,et al.  A Cryptographic Analysis of the TLS 1.3 Handshake Protocol Candidates , 2015, IACR Cryptol. ePrint Arch..

[35]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[36]  Jan Camenisch,et al.  Efficient group signature schemes for large groups , 1997 .

[37]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[38]  Vitalik Buterin A NEXT GENERATION SMART CONTRACT & DECENTRALIZED APPLICATION PLATFORM , 2015 .

[39]  Helen Nissenbaum,et al.  Privacy in Context - Technology, Policy, and the Integrity of Social Life , 2009 .

[40]  Bodo Möller,et al.  Network Working Group Elliptic Curve Cryptography (ecc) Cipher Suites for Transport Layer Security (tls) , 2006 .

[41]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[42]  Daniel Massey,et al.  On Detection of Anomalous Routing Dynamics in BGP , 2004, NETWORKING.

[43]  Fan Zhang,et al.  Town Crier: An Authenticated Data Feed for Smart Contracts , 2016, CCS.

[44]  Carlisle M. Adams,et al.  X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[45]  Rafail Ostrovsky,et al.  Zero-knowledge from secure multiparty computation , 2007, STOC '07.

[46]  Ceriel J. H. Jacobs,et al.  Parsing Techniques: A Practical Guide, 2nd edition , 2008 .

[47]  Jeffrey Yasskin Signed HTTP Exchanges , 2019 .

[48]  Andreas G. Veneris,et al.  Astraea: A Decentralized Blockchain Oracle , 2018, 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).

[49]  Rosario Gennaro,et al.  Fast Multiparty Threshold ECDSA with Fast Trustless Setup , 2018, CCS.

[50]  Ceriel J. H. Jacobs,et al.  Parsing Techniques - A Practical Guide , 2007, Monographs in Computer Science.

[51]  Carlisle M. Adams,et al.  X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[52]  Robert Biddle,et al.  Browser interfaces and extended validation SSL certificates: an empirical study , 2009, CCSW '09.

[53]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[54]  Joost Poort,et al.  Online Price Discrimination and EU Data Privacy Law , 2017, Journal of Consumer Policy.

[55]  Abhi Shelat,et al.  Blind Certificate Authorities , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[56]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[57]  A. Sellars,et al.  Twenty Years of Web Scraping and the Computer Fraud and Abuse Act , 2018 .

[58]  Jan Camenisch,et al.  Efficient Group Signature Schemes for Large Groups (Extended Abstract) , 1997, CRYPTO.

[59]  Rosario Gennaro,et al.  Zero-Knowledge Contingent Payments Revisited: Attacks and Payments for Services , 2017, IACR Cryptol. ePrint Arch..

[60]  Eli Ben-Sasson,et al.  Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture , 2014, USENIX Security Symposium.

[61]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.

[62]  Ahmad-Reza Sadeghi,et al.  Automated Synthesis of Optimized Circuits for Secure Computation , 2015, CCS.

[63]  Cédric Fournet,et al.  Cinderella: Turning Shabby X.509 Certificates into Elegant Anonymous Credentials with the Magic of Verifiable Computation , 2016, 2016 IEEE Symposium on Security and Privacy (SP).