Stanford Security Lunch
Winter 2019

Get announcements: Mail Ical

January 09, 2019 No meeting due to Real World Crypto Symposium

January 16, 2019 Client-side Encrypted Cloud Backups for Android

Speaker:  Shabsi Walfish

Abstract:  In the latest release of the Android OS, there is a new feature that enables users to encrypt their device's backup data at the client-side so that the Cloud provider cannot read it. When the user wants to restore their backup to a new device, they are now prompted to enter the lock screen knowledge factor (PIN, pattern, or password) that was used on their old device before their old backup data can be decrypted. While this might sound trivial to implement by using the lock screen to derive an encryption key, that approach doesn't work since lock screen knowledge factors are very low entropy (as little as 10 bits). A simple brute-force exploration of the input space would not only quickly crack the encryption, but would also reveal the user's lock screen knowledge factor to the attacker. To prevent such brute-force attacks, we make use of specialized secure hardware on the Cloud server-side that only allows for a small number of failed attempts to recover the backup before permanently disabling it. In this talk, I'll give a simplified overview of the protocol as well as discuss some of the unique challenges involved in implementing the new feature with custom secure hardware in Google's data centers.

January 23, 2019 TBA

January 30, 2019 TBA

February 06, 2019 TBA

February 13, 2019 TBA

February 20, 2019 TBA

February 27, 2019 TBA

March 06, 2019 TBA

March 13, 2019 TBA