04/20/23

1

The Eternity Service

• Threat model• Service characteristic• Design highlights• Overall Service structure• Protocols used• Servers• Implementation

http://www.mail.kolej.mff.cuni.cz/~eternity/index.html

04/20/23

2

Threat model

• Blunt influences - natural disasters, vandals, thieves

• Amateur opponent - moderate to good knowledge, restricted resources

• Professional opponent - excellent knowledge, high motivation, skilled stuff, sufficient resources

• Authorities - law enforcement, global influence

04/20/23

3

Service characteristics

• Services: store data for agreed period, retrieve specified information

• World-wide system

• High reliability and availability

• Anonymity

• Fully distributed design

• No autentization, no privacy

04/20/23

4

Design goals

• Unlimited availability• High resistance• Extendibility• Fully distributed

design• Portability and

reusability

• In service upgrade• Terseness and

simplicity• Separation of

cryptography• Good habits

04/20/23

5

Design guidelines

• Flat structure• High ES protection• Auxiliary servers• Passive behaviour

• Randomness, concealing

• Two-layered implementation

• Freedom principle

04/20/23

6

Overall Service structure

M ix

M ixM ix

M ix

M ix

M ix

E SE S

E S

E P X

C M

A C S

w w w

C lien tsA d ve rtisedse rve rs

C o ncea ledse rve rs

04/20/23

7

Server types - Eternity Server

• Each ES represents an entry point

• Provides data storage capacity

• Assures information retrieval

• Automatically discards expired data

• Time synchronization

• Communication with banks

04/20/23

8

Server types - Mix server

• Padding traffic generation

• Supports erm message transfer

• Represents simple and cheap way to grow the system size

04/20/23

9

Server types - AC server

• Assures first contact with Service

• Collects certificates of servers

• Provides ES access certificates and Mix certificates to all subjects

04/20/23

10

Server types - EPX server

• Simple easy to use interface for amateur users without the need of a top quality protection

• Additional functions - secret splitting, privacy enhancement,

• Local cache for quicker access to frequently requested data

04/20/23

11

Access certificate

SignMiscTmaxTexp ||||

|}}|{||{|||2/2

011212/2/1

Kpbl

ASASASn

KpblKpbln

…

04/20/23

12

Eternity Routing Mechanism

…

…

……

……

04/20/23

13

ES internal structure

T C BE S G MC o n so le

T im e r

S to rag eIn co m .

m sgS leep .

tranO u tg .m sg

M ix in te rface

04/20/23

14

ES data storage

S lo t 1 S lo t 2 S lo t nn o n c e

S lo t 1 S lo t 2 S lo t nn o n c e

S lo t 1 S lo t 2 S lo t nn o n c e

F ileC lu s te rs

04/20/23

15

Implementation

Platform:• Posix• FreeBSD Unix• RSAref + Blowfish• gcc

Current state:• ES with sw-based

TCB• MX, ACS• Client module

(alpha versions)