Protecting Private Keys on Mobile Devices
dc.contributor.advisor | Safavi-Naeini, Reyhane | |
dc.contributor.advisor | Sanders, Barry | |
dc.contributor.author | Ngure, Joan Watiri | |
dc.contributor.committeemember | Yanushkevich, Svetlana | |
dc.contributor.committeemember | Walker, Robert J. | |
dc.date | 2022-11 | |
dc.date.accessioned | 2022-08-18T16:56:21Z | |
dc.date.available | 2022-08-18T16:56:21Z | |
dc.date.issued | 2022-08 | |
dc.description.abstract | A cryptocurrency wallet is a software stored in a user's device, such as a mobile phone or personal computer. This wallet software holds a public-private key pair that is used for digital cryptocurrency transactions, like Bitcoin. The private key is used to access, authorize and sign transactions, hence it should be secured. The public key on the other hand, serves as the user's public address. Mobile phones and personal computers are susceptible to device failure, external attacks, theft and loss. In the event of a user's device failure, the private key could become inaccessible. If the device is lost or stolen, the private key would fall into the wrong hands and the user will irrecoverably lose their funds. This thesis addresses the question of secure storage of the private key. More precisely, we study this problem such that the following conditions are satisfied: (i) The private key is broken into shares and stored on remote servers; (ii) A user can retrieve their private key by triggering a reconstruction protocol using only a human-memorable password, and the reconstruction is successful as long as at least some threshold number of servers are honest and available. We have designed and implemented a Password Protected Secret Sharing (PPSS) scheme, that can be used to construct a system that satisfies the above. Our PPSS uses two building blocks: (i) Threshold Password-Authenticated Key Exchange (TPAKE) protocol (for authentication); and (ii) A symmetric key encryption scheme (to emulate secure channels for sending the shares). The user divides the private key into shares, and stores each share on a different remote server. When the key is needed, the user enters their password to the device, and the device will reconstruct the secret key by contacting the servers and obtaining the stored shares. Our protocol is provably secure under Computational Diffie-Hellman (CDH) assumption, while providing state-of-the-art security guarantees. We give an implementation as an application for a mobile phone. Efficiency analysis shows that the proposed system is highly deployable. | en_US |
dc.identifier.citation | Ngure, J. W. (2022). Protecting private keys on mobile devices (Master's thesis, University of Calgary, Calgary, Canada). Retrieved from https://prism.ucalgary.ca. | en_US |
dc.identifier.uri | http://hdl.handle.net/1880/115109 | |
dc.identifier.uri | https://dx.doi.org/10.11575/PRISM/40150 | |
dc.language.iso | eng | en_US |
dc.publisher.faculty | Science | en_US |
dc.publisher.institution | University of Calgary | en |
dc.rights | University of Calgary graduate students retain copyright ownership and moral rights for their thesis. You may use this material in any way that is permitted by the Copyright Act or through licensing that has been assigned to the document. For uses that are not allowable under copyright legislation or licensing, you are required to seek permission. | en_US |
dc.subject | Password Protected Secret Sharing | en_US |
dc.subject | TPAKE | en_US |
dc.subject | Wallet | en_US |
dc.subject | Mobile Application Implementation | en_US |
dc.subject.classification | Computer Science | en_US |
dc.title | Protecting Private Keys on Mobile Devices | en_US |
dc.type | master thesis | en_US |
thesis.degree.discipline | Computer Science | en_US |
thesis.degree.grantor | University of Calgary | en_US |
thesis.degree.name | Master of Science (MSc) | en_US |
ucalgary.item.requestcopy | true | en_US |