Shatter Secrets: Using Secret Sharing to Cross Borders with Encrypted Devices
Modern consumer electronic devices such as smartphones and laptops are laden with intimate personal data such as past conversations, photos and videos, medical information, and passwords for services that contain information on our entire lives. This makes the devices of particular interest to law enforcement officials during even routine searches. A particular threat to users is when crossing international borders, as we have repeatedly seen reports that the data on these devices is subject to search and seizure without warrants or even suspicion of wrongdoing. In some cases, travellers have even been compelled to provide PINs, passwords, encryption keys, and fingerprints to unlock their devices.
In this position paper, we argue for the use of threshold cryptography to distribute encryption keys into shares, which are then securely transmitted to friends residing at the traveller’s destination. When a traveller is subjected to scrutiny at the border, they are technically unable to comply with requests to decrypt their devices. Assuming the traveller is permitted to complete their journey, they must then physically interact with some (user-configurable) threshold number of their friends on that side of the border to recover their encryption keys. In our proposal, attackers must compromise both the traveller and a threshold number of the traveller’s friends in order to learn anything about the secret key; the friends are unable to collude without the traveller present. We also implement Shatter Secrets, an open-source prototype Android app aimed at realizing this goal.
This work was made possible with funding from the Natural Sciences and Engineering Research Council of Canada Discovery Grant RGPIN-03858.
- 1.Atwater, E., Hengartner, U.: Shatter: using threshold cryptography to protect single users with multiple devices. In: Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks, WiSec 2016, pp. 91–102. ACM, New York (2016)Google Scholar
- 2.Blakley, G.R.: Safeguarding cryptographic keys. In: Proceedings of the National Computer Conference, vol. 48, pp. 313–317 (1979)Google Scholar
- 3.Calder, S.: Security experts astonished by electronics ban on Middle East airlines. The Independent, March 2017Google Scholar
- 4.CBP Public Affairs: CBP releases statistics on electronic device searches. U.S. customs and border protection, April 2017Google Scholar
- 5.Connolly, A.: Text messages can be private once received, Supreme Court rules. Global News, December 2017Google Scholar
- 6.Cope, S., Kalia, A., Schoen, S., Schwartz, A.: Digital privacy at the U.S. border. The Electronic Frontier Foundation, March 2017Google Scholar
- 7.Fox-Brewster, T.: Feds walk into a building, demand everyone’s fingerprints to open phones. Forbes, October 2016Google Scholar
- 8.Johnson, G.: Justices: people have right to privacy in text messages. Komo News, February 2014Google Scholar
- 9.Kopan, T.: DHS issues new rules for searching electronic devices at the border. CNN, January 2018Google Scholar
- 10.Peeters, R.: Security architecture for things that think. Ph.D. thesis, KU Leuven (2012)Google Scholar
- 11.Savage, C., Nixon, R.: Privacy complaints mount over phone searches at U.S. border since 2011. The New York Times (2017)Google Scholar