aucpace efficient verifier based pake protocol tailored
play

AuCPace: Efficient Verifier-Based PAKE protocol tailored for the IIoT - PowerPoint PPT Presentation

Aug 18, 2022 •382 likes •1.21k views

Products Solutions Services AuCPace: Efficient Verifier-Based PAKE protocol tailored for the IIoT Bjrn Haase, Benot Labrique Endress + Hauser Conducta GmbH & Co. KG. Slide 1 07/22/2019 B. Haase, B. Labrique AuCPace: Efficient

  1. Products Solutions Services AuCPace: Efficient Verifier-Based PAKE protocol tailored for the IIoT Björn Haase, Benoît Labrique Endress + Hauser Conducta GmbH & Co. KG. Slide 1 07/22/2019 B. Haase, B. Labrique

  2. AuCPace: Efficient Verifier-Based PAKE protocol tailored for the IIoT Highly relevant topic in today’s HMI authentication systems Slide 2 07/22/2019 B. Haase, B. Labrique

  3. AuCPace: Efficient Verifier-Based PAKE protocol tailored for the IIoT Highly relevant topic in today’s HMI authentication systems Passwords … Slide 3 07/22/2019 B. Haase, B. Labrique

  4. AuCPace: Efficient Verifier-Based PAKE protocol tailored for the IIoT Highly relevant topic in today’s HMI authentication systems Passwords … This Talk: … In case that we are forced to accept that we can’t avoid them: How could we at least make their use as secure as possible … even when facing tight resource constraints. Slide 4 07/22/2019 B. Haase, B. Labrique

  5. AuCPace: Efficient Verifier-Based PAKE protocol tailored for the IIoT Highly relevant topic in today’s HMI authentication systems Passwords … This Talk: … In case that we are forced to accept that we can’t avoid them: How could we at least make their use as secure as possible … even when facing tight resource constraints. System-level approach Slide 5 07/22/2019 B. Haase, B. Labrique

  6. AuCPace: Efficient Verifier-Based PAKE protocol tailored for the IIoT Examples for process industry installations and field devices Slide 6 07/22/2019 B. Haase, B. Labrique

  7. AuCPace: Efficient Verifier-Based PAKE protocol tailored for the IIoT Examples for process industry installations and field devices Many installations: critical infrastructure Security should be mandatorily considered ! Slide 7 07/22/2019 B. Haase, B. Labrique

  8. AuCPace: Efficient Verifier-Based PAKE protocol tailored for the IIoT Security for industrial control equipment • Security: A rather new topic for industrial control • First step for security: focus on machine-to-machine interfaces and protocols. • HMI interfaces often considered in a second step only. • E+H: Remote HMI service access mostly provides an even larger attack vector! • Most widespread authentication mechanism for HMI interfaces 2019: Passwords Slide 8 07/22/2019 B. Haase, B. Labrique

  9. AuCPace: Efficient Verifier-Based PAKE protocol tailored for the IIoT Requirements derived when planning the E+H BlueConnect App Architecture • In very important settings no PKI at the customer installation! => HMI security solution shall not rely on PKI. • Network access to central authentication servers is not always available (Subnetworks “air - gapped” for security reasons / Devices integrated to legacy fieldbuses) => Support required for “offline” authentication with local storage of credentials • Some devices have extremely tight resource constraints. (Intrinsically safe explosion protection by power and energy limits, See [HL17]) • Devices might become physically accessible for the adversary. • We shall prepare the architecture for two-factor authentication, but need to accept that our customers will often stick to the concept of “passwords” for HMI authentication only. Slide 9 07/22/2019 B. Haase, B. Labrique

  10. AuCPace: Efficient Verifier-Based PAKE protocol tailored for the IIoT Result of our assessment We are forced to work with passwords? Lets then do our very best to protect our customer’s installations! We need a combination of two elements: • Verifier-based password authenticated key exchange (V-PAKE) • State-of-the-art memory-hard password hashes Astonishingly there is no established industry standard solution! Slide 10 07/22/2019 B. Haase, B. Labrique

  11. AuCPace: Efficient Verifier-Based PAKE protocol tailored for the IIoT Our protocol proposals • “Augmented Composable Password - Authenticated Connection Establishment” AuCPace • “Composable Password - Authenticated Connection Establishment” CPace • Constructions were designed for allowing freely usable implementations avoiding patents in order to make it suitable for more widespread use and, possibly, standardization. • Motivation for this paper: Security proof will be pre-condition for more widespread use. • This talk also considers preliminary results from the second review round carried out in the context of the CFRG PAKE selection process. Slide 11 07/22/2019 B. Haase, B. Labrique

  12. AuCPace: Efficient Verifier-Based PAKE protocol tailored for the IIoT Outline of this talk • AuCPace and CPace protocols and their security analysis • Comparison with other V-PAKE nominations from current CFRG selection process • Implementation strategy and results on ARM Cortex-M4 and Cortex-M0 • Summary Slide 12 07/22/2019 B. Haase, B. Labrique

  13. Making Password Authenticated Key Exchange Suitable For Resource Constrained Industrial Control Devices CHES2017: Typical budget constraints for Ex-ia field devices • Ignition by hot surfaces  Limit peak supplied electrical power • Ignition by Sparks  Limit size of energy buffers (e.g. capacitors) Add- on feature “HMI interface and security” will be granted only a small fraction of the available power / transient buffer budget! 1.5 0,5 1 28 28 Slide 13 07/22/2019 Björn Haase, Benoît Labrique

  14. AuCPace: Efficient Verifier-Based PAKE protocol tailored for the IIoT Optimization strategy • Protocol level • Allow for fast curves: X25519 Diffie-Hellman • “x -coordinate- only” solution avoids need for point compression • Secure quadratic twist of Curve25519: AuCPace simplified point verification • No hash over full protocol transcripts required • Refer the password hash to the powerful client • Curve25519 group element operations • Optimization of Elligator2 in comparison to [HL17] by using method from [BDL+11] • Fe25519 field operations • Optimized assembly-level code using register-allocating code-generator tool Slide 14 07/22/2019 B. Haase, B. Labrique

  15. AuCPace: Efficient Verifier-Based PAKE protocol tailored for the IIoT The modular AuCPace protocol construction AuCPace is a two-party verifier-based Password-Authenticated Key Exchange (PAKE) protocol Slide 15 07/22/2019 B. Haase, B. Labrique

  16. AuCPace: Efficient Verifier-Based PAKE protocol tailored for the IIoT The modular AuCPace protocol construction AuCPace is a two-party verifier-based Password-Authenticated Key Exchange (PAKE) protocol • Client side (e.g. tablet PC): Clear- text password (“pw”) available Slide 16 07/22/2019 B. Haase, B. Labrique

  17. AuCPace: Efficient Verifier-Based PAKE protocol tailored for the IIoT The modular AuCPace protocol construction AuCPace is a two-party verifier-based Password-Authenticated Key Exchange (PAKE) protocol • Client side (e.g. tablet PC): Clear- text password (“pw”) available Typically large memory, powerful computation capabilities. (scrypt/Argon2) Slide 17 07/22/2019 B. Haase, B. Labrique

  18. AuCPace: Efficient Verifier-Based PAKE protocol tailored for the IIoT The modular AuCPace protocol construction AuCPace is a two-party verifier-based Password-Authenticated Key Exchange (PAKE) protocol • Client side (e.g. tablet PC): Clear- text password (“pw”) available • Server side (e.g. field device) Password verifier (“W”) Slide 18 07/22/2019 B. Haase, B. Labrique

  19. AuCPace: Efficient Verifier-Based PAKE protocol tailored for the IIoT The modular AuCPace protocol construction AuCPace is a two-party verifier-based Password-Authenticated Key Exchange (PAKE) protocol • Client side (e.g. tablet PC): Clear- text password (“pw”) available • Server side (e.g. field device) Password verifier (“W”) Strongly constrained device Slide 19 07/22/2019 B. Haase, B. Labrique

  20. AuCPace: Efficient Verifier-Based PAKE protocol tailored for the IIoT The modular AuCPace protocol construction AuCPace is a two-party verifier-based Password-Authenticated Key Exchange (PAKE) protocol • Client side (e.g. tablet PC): Clear- text password (“pw”) available • Server side (e.g. field device) Password verifier (“W”) V-PAKE: Knowledge of password verifier W does not allow for taking over the client role. Slide 20 07/22/2019 B. Haase, B. Labrique

  21. AuCPace: Efficient Verifier-Based PAKE protocol tailored for the IIoT The modular AuCPace protocol construction Three subcomponents within AuCPace • AuCPace augmentation layer • CPace balanced PAKE protocol • Optional explicit mutual authentication Slide 21 07/22/2019 B. Haase, B. Labrique

  22. AuCPace: Efficient Verifier-Based PAKE protocol tailored for the IIoT AuCPace in a nutshell 1. Password verifiers W 2. Session establishment Slide 22 07/22/2019 B. Haase, B. Labrique

  23. AuCPace: Efficient Verifier-Based PAKE protocol tailored for the IIoT AuCPace in a nutshell The password verifier W is calculated in two steps. Slide 23 07/22/2019 B. Haase, B. Labrique

  24. AuCPace: Efficient Verifier-Based PAKE protocol tailored for the IIoT AuCPace in a nutshell The password verifier W is calculated in two steps. • Memory hard password hash Slide 24 07/22/2019 B. Haase, B. Labrique

  25. AuCPace: Efficient Verifier-Based PAKE protocol tailored for the IIoT AuCPace in a nutshell The password verifier W is calculated in two steps as a combination of a • Memory hard password hash AuCPace25519: scrypt, s = (r = 8, N = 32768, p = 1) Slide 25 07/22/2019 B. Haase, B. Labrique

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim

Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim

Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim Lyubashevsky, Christof Paar, Krzysztof Pietrzak Authentication Protocols Prover Verifier HB-style authentication shared AES key K protocols

563 views • 22 slides
OPAQUE: A Strong Asymmetric PAKE Protocol Secure Against Pre-Computation Attacks Stanislaw

OPAQUE: A Strong Asymmetric PAKE Protocol Secure Against Pre-Computation Attacks Stanislaw

OPAQUE: A Strong Asymmetric PAKE Protocol Secure Against Pre-Computation Attacks Stanislaw Jarecki, Hugo Krawczyk, Jiayu Xu Motivation: Password Authentication Passwords are the prevalent tool for authentication Passwords are vulnerable

481 views • 22 slides
Efficient Designated-Verifier Non- Interactive Zero-Knowledge Proofs of Knowledge Pyrros Chaidos,

Efficient Designated-Verifier Non- Interactive Zero-Knowledge Proofs of Knowledge Pyrros Chaidos,

Efficient Designated-Verifier Non- Interactive Zero-Knowledge Proofs of Knowledge Pyrros Chaidos, Geoffroy Couteau 1 /11 Zero-Knowledge Proof prover verifier Complete: if P knows a solution, V accepts Sound: if there is no solution, P

1.25k views • 27 slides
Communication Complexity D 2 F : cost of the most efficient deterministic protocol R 2 F :

Communication Complexity D 2 F : cost of the most efficient deterministic protocol R 2 F :

June 20, 2016 Yassine Hamoudi Carnegie Mellon University Communication Complexity D 2 F : cost of the most efficient deterministic protocol R 2 F : cost of the most efficient randomized protocol with error 1 3 Alice Bob channel Number

1.15k views • 112 slides
An Efficient Multicast Protocol for Content-Based Publish-Subscribe Systems Joo Nogueira

An Efficient Multicast Protocol for Content-Based Publish-Subscribe Systems Joo Nogueira

An Efficient Multicast Protocol for Content-Based Publish-Subscribe Systems Joo Nogueira Tecnologias de Middleware DI - FCUL - Dez 2006 Agenda Motivation Key Issues The Matching Algorithm The Link Matching Algorithm

628 views • 48 slides
What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i

What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i

What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i -Key-Protocol, i = 1, 2, 3, Family of protocols Secure electronic payment Based on credit card payments Christopher Hsu Can be extended

407 views • 4 slides
Ouroboros: a simple, secure and efficient key exchange protocol based on coding theory

Ouroboros: a simple, secure and efficient key exchange protocol based on coding theory

Ouroboros: a simple, secure and efficient key exchange protocol based on coding theory Jean-Christophe Deneuville < jean-christophe.deneuville@xlim.fr > June the 26 th , 2017 PQCrypto 17 Utrecht Joint work with: P. Gaborit G. Z

1.54k views • 84 slides
Why Use Portfolios / Rubric Based Projects and Project Based Learning? Activities are tailored

Why Use Portfolios / Rubric Based Projects and Project Based Learning? Activities are tailored

Rachel Schles NCDB 7/18/2018 Handout 1 Page 1 of 6 Raschles@gmail.com Why Use Portfolios / Rubric Based Projects and Project Based Learning? Activities are tailored to student needs (based on data collected in EA/ECC Screening Tools,

185 views • 6 slides
Construction of Universal Designated-Verifier Signatures and Identity-Based Signatures from

Construction of Universal Designated-Verifier Signatures and Identity-Based Signatures from

Motivation Research Question Results Conclusion Notes Construction of Universal Designated-Verifier Signatures and Identity-Based Signatures from Standard Signatures Siamak Shahandashti 1 Rei Safavi-Naini 2 1 SCSSE & CCISR, Uni

465 views • 46 slides
Energy-Efficient Communication Protocol for Wireless Microsensor Networks Juhana Yrjl

Energy-Efficient Communication Protocol for Wireless Microsensor Networks Juhana Yrjl

Energy-Efficient Communication Protocol for Wireless Microsensor Networks Juhana Yrjl jayrjola@cc.hut.fi T-79.194 Seminar on theoretical computer science 2005 Algorithmics of sensor networks Energy-Efficient Communication Protocol for

387 views • 20 slides
Hash Proof Systems and Password Protocols III SPHF-based PAKE David Pointcheval CNRS, Ecole

Hash Proof Systems and Password Protocols III SPHF-based PAKE David Pointcheval CNRS, Ecole

Hash Proof Systems and Password Protocols III SPHF-based PAKE David Pointcheval CNRS, Ecole normale sup erieure/PSL & INRIA 8th BIU Winter School Key Exchange February 2018 CNRS/ENS/PSL/INRIA David Pointcheval 1/53 Intuition

475 views • 18 slides
Techniques for Efficient Secure Computation Based on Yaos Protocol Yehuda Lindell Bar-Ilan

Techniques for Efficient Secure Computation Based on Yaos Protocol Yehuda Lindell Bar-Ilan

Techniques for Efficient Secure Computation Based on Yaos Protocol Yehuda Lindell Bar-Ilan University, Israel PKC 2013 Yehuda Lindell Techniques for Efficient Secure Computation 28/2/2013 1 / 39 Secure Computation Background A set of

689 views • 39 slides
Is it too late for PAKE? John Engler (UC Berkeley) Chris Karlof Elaine Shi Dawn Song (Usable

Is it too late for PAKE? John Engler (UC Berkeley) Chris Karlof Elaine Shi Dawn Song (Usable

Is it too late for PAKE? John Engler (UC Berkeley) Chris Karlof Elaine Shi Dawn Song (Usable Security (PARC) (UC Berkeley) Systems) What is PAKE? Password Authenticated Key Exchange 1 Enter Password 2 Crypto

206 views • 9 slides
HSF(C): A Software Verifier based on Horn Clauses Corneliu Popeea Technical University Munich

HSF(C): A Software Verifier based on Horn Clauses Corneliu Popeea Technical University Munich

HSF(C): A Software Verifier based on Horn Clauses Corneliu Popeea Technical University Munich Joint work with Sergey Grebenshchikov, Ashutosh Gupta, Nuno P. Lopes and Andrey Rybalchenko Developing verifiers today Program Model transition

322 views • 9 slides
Efficient Implementation of the Orlandi Protocol . Jakobsen 1 , Marc X. Makkes 2 , and Janus Dam

Efficient Implementation of the Orlandi Protocol . Jakobsen 1 , Marc X. Makkes 2 , and Janus Dam

What (is it all about?) Why (is the Orlandi protocol interesting?) How (did we make it practical?) Summary Efficient Implementation of the Orlandi Protocol . Jakobsen 1 , Marc X. Makkes 2 , and Janus Dam Thomas P Nielsen 1 1 The Alexandra

434 views • 30 slides
diseases through an innovative and tailored web-based digital pathology program with Philips

diseases through an innovative and tailored web-based digital pathology program with Philips

Improving medical students understanding of pediatric diseases through an innovative and tailored web-based digital pathology program with Philips Pathology Tutor (formerly PathXL) Cathy Chen 1 , Bradley Clifford 2 , Matthew OLeary 2 ,

813 views • 17 slides
Text Processing Information Retrieval Inf 141 / CS 121 Tokenization Break the input into

Text Processing Information Retrieval Inf 141 / CS 121 Tokenization Break the input into

Text Processing Information Retrieval Inf 141 / CS 121 Tokenization Break the input into words Character stream -> token stream Called a tokenizer / lexer / scanner Compiler front-end Lexer hooks up to parser

497 views • 18 slides
Digital Object Memories for the Web of Things Dr.-Ing. Jens Haupert German Research Center for

Digital Object Memories for the Web of Things Dr.-Ing. Jens Haupert German Research Center for

Digital Object Memories for the Web of Things Dr.-Ing. Jens Haupert German Research Center for Artificial Intelligence (DFKI) Web of Things Workshop, June 25 th 2013 Sample Scenario Linking: Physical Object and Object Memory * Order *

880 views • 39 slides
Mainframes: The past will come back to haunt you By:

Mainframes: The past will come back to haunt you By:

Mainframes: The past will come back to haunt you By: Philip Soldier of Fortran Young Disclaimer Any views expressed in this talk are my own

1.21k views • 90 slides
Short Paper: WifiLeaks: Underestimated Privacy Implications of the ACCESS WIFI STATE Android

Short Paper: WifiLeaks: Underestimated Privacy Implications of the ACCESS WIFI STATE Android

Introduction User Survey Application Analysis Potential Solution and Conclusion Short Paper: WifiLeaks: Underestimated Privacy Implications of the ACCESS WIFI STATE Android Permission Jagdish Prasad Achara, Mathieu Cunche, Vincent Roca, and

714 views • 43 slides
Graphical user interfaces (G (GUI) Tkinter Python shell Accumulator: 0

Graphical user interfaces (G (GUI) Tkinter Python shell Accumulator: 0

Graphical user interfaces (G (GUI) Tkinter Python shell Accumulator: 0 primitive_calculator.py Select: 1: clear accumulator = 0 2: add 3: subtract while True: 4: multiply print("Accumulator:", accumulator) 5: quit Choice:

432 views • 19 slides
Evonne M. Silva | evonne@codeforamerica.org Government can work for the people by the people in

Evonne M. Silva | evonne@codeforamerica.org Government can work for the people by the people in

Evonne M. Silva | evonne@codeforamerica.org Government can work for the people by the people in the digital age. Evonne M. Silva | evonne@codeforamerica.org Services can be simple, accessible, and easy to use. Outcomes can be

589 views • 38 slides
World 2012 Web-based iOS Configuration Management Tim Bell Trinity College, University of

World 2012 Web-based iOS Configuration Management Tim Bell Trinity College, University of

World 2012 Web-based iOS Configuration Management Tim Bell Trinity College, University of Melbourne tbell@trinity.unimelb.edu.au @timb07 XW12 About me and why Im here Linux System Administrator Responsibility for Debian

418 views • 31 slides
How a MySQL DBA see Postgresql (and why their company should worry about) Marco Tusa Percona

How a MySQL DBA see Postgresql (and why their company should worry about) Marco Tusa Percona

How a MySQL DBA see Postgresql (and why their company should worry about) Marco Tusa Percona About me Marco The Grinch Former UN, MySQL AB, Pyt hian, Percona 2 kids, 1 wife History of Religions; Ski; Snowboard; Scuba

764 views • 25 slides

More recommend