Recovery Contact Safety with iCloud's Advanced Data Protection

Apple’s “Advanced Data Protection” feature for iCloud allows users to keep most data stored in iCloud end-to-end encrypted such that even Apple cannot access it. This is a great feature, but naturally a user has to opt-in because it pushes the burden of data loss onto the user themselves — if Apple cannot decrypt your iCloud photos, and you lose your device which has access to the encryption keys for that data, all of a sudden there is no way to get your photos back without some serious breakthroughs in mathematics and computing. Bummer.

Fortunately, there are 2 recovery options that you can set up in case you lose your device. One option is to generate a backup code, which is essentially a complex password that will allow you to decrypt your iCloud storage (presumably this code is used to encrypt a key that you then give to Apple for safe keeping), and the other involves setting up a “Recovery Contact” who will be able to help you recover your account in case of disaster… But how does the recovery contact feature actually work, and how safe is it to use?

Read more »

Connecting to School WiFi With iwd

I’ve recently been going to campus more, which involved setting up WiFi again. Alas, since I have been on campus I have switched from wpa_supplicant to iwd and I believe the campus WiFi changed how authentication works as well. It’s often a little less obvious how to configure these enterprise WiFi networks on Linux, so hopefully this post will help point you in the right direction if you’re in a similar situation.

AirPennNet

At the University of Pennsylvania the WiFi network for students is called “AirPennNet”. To connect we’ll need to create a /var/lib/iwd/AirPennNet.8021x file. This file should only be readable by root, as we’re going to put a password in it. The contents of this file are as follows:

[Security]
EAP-Method=TTLS
EAP-Identity=anonymous@upenn.edu
EAP-TTLS-Phase2-Method=Tunneled-PAP
EAP-TTLS-Phase2-Identity=<username>
EAP-TTLS-Phase2-Password=<password>
EAP-TTLS-CACert=/var/lib/iwd/airpennnet.cer

[Settings]
AutoConnect=true

We will use TTLS with tunneled PAP to authenticate, which basically sends the username and password over TLS to authenticate your connection to the network. In my case the username was simply the unique part of my e-mail address, and the password was my usual Penn password. You will likely have to change the EAP-Identity field to the one matching your institution.

Additionally we will need to add the /var/lib/iwd/airpennnet.cer file, which is the certificate used to verify that we are actually sending our username and password to the correct access point, and not just any router pretending to be AirPennNet.

I got the institution specific information and certificate from here:

And in particular this eventually led me to some general information about connecting to AirPennNet:

Hopefully this helps any weary Linux users at Penn get connected to the network.

References

Read more »

What I Learned This Week: Subset types, real numbers, and more Coq

WILTW #4

This has been a productive week with my Coqplexity project really starting to get off of the ground. Coqplexity is at the point now where it can automatically prove pretty much any polynomial Big O relation (as long as it’s true).

Some more work needs to be done in Coqplexity in order to make it more useful, but the foundation is there, and it’s been a good bit of experience in writing tactics and dealing with real numbers.

So, more stuff about subset types, tactics, and more!

Read more »

What I Learned This Week: Progress Sensitive Security, Erasure

WILTW #2

Let’s keep this going! The goal of this is again, to write down some of my thoughts and what I did. This is not necessarily going to be accurate, but maybe it will be useful! Contact me if you find mistakes :).

The past week I have managed to get through another chunk of papers on the following topics:

  • Removing information leaks through the progress covert channel
  • Ensuring data erasure in programs which use untrusted data stores

Additionally, I have started to research real number libraries in Coq for use in a project…

Read more »

What I Learned This Week: Coinduction, Dependent Pattern Matching, and Langsec

Introduction

I’m starting a small series. The gist of it? What I learned in the past week.

Each post will be a brief summary of some things which I studied in the past week. Not necessarily an in depth exploration of the topics, but you may find useful insight, or at least useful references if something is a topic of interest.

If you find a mistake in my understanding, or have a question, feel free to contact me!

With that out of the way, let’s talk about some of the things I read about this week. Coinduction in Coq, dependent pattern matching in Coq, and some papers in langsec.

Read more »

Absolutely Optimal

Program optimization is strange.

We naturally want our programs to run as quickly and efficiently as possible, but in some sense I have no idea what that actually means. Or, rather, I have no idea what “computation” actually entails.

Read more »

First Post!

Hello!

I now apparently have a blog. I don’t know if this will ever see an update, or if this will ever be read by anybody, but the intention is to put some ramblings up here.

Read more »