Commentary

A Realization Of Neal Stephenson's "Secret-Sharing" Security System

By Marc Waldman

During his April 5th CFP talk, author Neal Stephenson pointed out that it is now possible to monitor your home from just about anywhere in the world via the Internet. Of course one needs a persistent connection to the Internet, Webcams and perhaps other Internet enabled devices, but these are all minor details. The main concern is privacy. While it is great to be able to monitor your home over the Internet you want to prevent others from monitoring your home as well. Secret key mechanisms can be used but Neal Stephenson pointed out another alternative. Instead of simply storing the Webcam images on your own PC why not store them on several web servers, perhaps one owned by law enforcement or a security service. This brings us back to the privacy problem. While we want law enforcement to be able to view a picture of someone committing an illegal act, we may not want law enforcement to view all our Webcam pictures. Stephenson's solution is to use a technique called secret sharing to store so called shadows on each of the Web servers rather than storing the Webcam image itself. Secret sharing is a technique that is used to split a password (or any collection of bits), into n pieces called shadows or shares such that only k of them are necessary to reconstruct the original item - the password in this case. The value k can be less than or equal to the value of n. For example a password can be split up into 10 shares such that only 5 of them are needed to reconstruct the password. Combining less than k shares does not reveal the password. Instead of the password, Stephenson suggests we secret-split the Webcam image itself. In this scenario, only one share is stored on the law enforcement Web server instead of the whole Webcam image. This can safely be done because the solitary share is useless by itself. However if we want law enforcement to view a particular image we just send them the other k-1 shares.

Although Stephenson suggested this as a possible project, a system named Publius, already does something similar and incorporates several unique WWW publishing mechanisms. Publius is a censorship resistant, tamper evident, WWW-based publishing system. It was designed by Lorrie Cranor (AT&T Research), Avi Rubin (AT&T Research), and Marc Waldman (NYU Computer Science Dept.). Publius allows an individual to publish static WWW-based content (HTML, PDF, GIF, JPG, etc) on several servers at once such that each server cannot tell the type of content it is hosting and any modification to the stored content can be detected. Publius utilizes a secret sharing mechanism but not in the way described by Stephenson, however the net effect is the same. Publius is written in Perl and will soon be freely available for download at the following URL - www.cs.nyu.edu/~waldman/publius.html. A paper describing Publius is also available at the previously stated URL. Please send any questions concerning Publius to Marc Waldman (waldman@cs.nyu.edu)