SafetyPin: Encrypted Backups with Human-Memorable Secrets
Emma Dauterman, Henry Corrigan-Gibbs, and David Mazières
Materials
- Proceedings version: PDF (1.5 MB)
- Full version: arXiv
- Code: GitHub
- Slides:
PDF (16.0 MB)
Abstract
We present the design and implementation of
SafetyPin, a system for encrypted mobile-device
backups. Like existing cloud-based mobile-backup
systems, including those of Apple and Google,
SafetyPin requires users to remember only a short
PIN and defends against brute-force PIN-guessing
attacks using hardware security protections.
Unlike today’s systems, SafetyPin splits trust
over a cluster of hardware security modules
(HSMs) in order to provide security guarantees
that scale with the number of HSMs. In this way,
SafetyPin protects backed-up user data even
against an attacker that can adaptively compromise
many of the system’s constituent HSMs. SafetyPin
provides this protection without sacrificing
scalability or fault tolerance. Decentralizing
trust while respecting the resource limits of
today’s HSMs requires a synthesis of
systems-design principles and cryptographic tools.
We evaluate SafetyPin on a cluster of 100 low-cost
HSMs and show that a SafetyPin-protected recovery
takes 1.01 seconds. To process 1B recoveries
a year, we estimate that a SafetyPin deployment
would need 3,100 low-cost HSMs.