blind certificate authorities
play

Blind Certificate Authorities Liang Wang 1 , Gilad Asharov 2 , - PowerPoint PPT Presentation

Nov 20, 2022 •153 likes •454 views

Blind Certificate Authorities Liang Wang 1 , Gilad Asharov 2 , Rafael Pass 2 , Thomas Ristenpart 2 , abhi shelat 3 1 Princeton University 2 Cornell Tech 3 Northeastern University Motivation Certificate Authorities (CA) issue certificates

  1. Blind Certificate Authorities Liang Wang 1 , Gilad Asharov 2 , Rafael Pass 2 , Thomas Ristenpart 2 , abhi shelat 3 1 Princeton University 2 Cornell Tech 3 Northeastern University

  2. Motivation Certificate Authorities (CA) issue certificates

  3. Certificates bind public keys to identities CA (identity provider) Request cert User • Email Validate identity • Website login • Anonymous credential Identity systems + • … . The user must reveal true identity to the CA during identity validation

  4. Identity is sensitive Whistleblower Journalist I am working at University ABC... Professor X took bribes! (A friend of OK. First, prove you are working at ABC… Professor X?) ? CA Third-party or from University ABC

  5. CA: single point of privacy failure CA (identity provider) Request cert User • PGP Validate identity • Website login • Anonymous credential Identity systems + • … . alice@domain.com: cert1 bob@gmail.com: cert2 … ..

  6. Can we make CA “blind”? Main challenge: Validate an identity while not learning it YES!!!

  7. Contributions • Secure Channel Injection (SCI): o A primitive allows a party to inject a small amount of information into a secure connection between two parties o (SCI-TLS) An efficient, special-purpose MPC protocol for two parties to compute a TLS record • Anonymous Proof of Account Ownership (PAO): o Validate one owns some email accounts from a given organization without knowing which account • BlindCA: o Validate ownership of an account alice@domain.com and issue a X.509 certificate binding “alice” to a public key, without learning the account and the key

  8. Email is the most common identity

  9. Conventional email verification CA My email is: To: alice@domain.com alice@domain.com Username: alice Password: ??? Email provider User Prove account ownership by showing the ability to READ an email from an account

  10. Secure Channel Injection (SCI) Carol M* Alice Bob M1 M2 …… Mn

  11. Secure Channel Injection (SCI) Carol M* MPC Alice Bob M1 M2 …… Mn

  12. Secure Channel Injection (SCI) Carol Alice Bob M1 M* …… …… Mn Alice : Learns nothing about M* Bob : Doesn’t know M* is from Carol Carol : Learns nothing about other messages from Alice

  13. Conventional email verification CA My email is: To: alice@domain.com alice@domain.com Username: alice Password: ??? Email provider User Prove account ownership by showing the ability to READ an email from an account

  14. Anonymous proof of account ownership (PAO) Goal: Validate Alice owns some email accounts from domain.com Send an email from: alice@domain.com SMTP server CA To: alice1 User @ domain.com SCI alice1 Prove account ownership by showing the ability to SEND an email from an account

  15. PAO use cases Whistleblower Journalist I can send an email from ABC’s smtp server Employee

  16. Anonymous PAO needs to use MPC to compute TLS records For a 512-byte email and 16-byte challenge • Generic MPC: 32 AES and 8 SHA256 operations à 0.94M+ AND gates M SQN + M HDR HMAC IV M HMAC tag Padding AES-CBC HDR Ciphertext TLS AES-CBC with SHA256

  17. Merkle–Damgård Construction M Padding Block1 Bock2 BlockN f f f IV

  18. Two-party SHA: “Outsource” SHA computation User + CA M* K blocks Block Block Block X X+1 to X+K X+K+1 f f f Send output of f to CA Send output of f to User User User CA

  19. Two-party AES CBC User + CA M* K blocks Block Block Block X+1 to X + K X X+K+1 AES AES AES Send Send to User to CA Cipher Cipher X+1 to X+ K X User User MPC --- Alice: key CA: blocks

  20. Anonymous PAO needs to use MPC to compute TLS records For a 512-byte email and 16-byte challenge • Generic MPC: 32 AES and 8 SHA-256 operations à 0.94M+ AND gates • Our protocol: 4 AES operations à 27K+ AND gates; NO MPC for HMAC M SQN + M HDR HMAC IV M HMAC tag Padding AES-CBC HDR Ciphertext TLS AES-CBC mode

  21. A simplified SMTP session SMTP server SMTP client STARTTLS EHLO Step 1: Setup TLS and prepare for auth AUTH Step 2: Authentication MAIL DATA RCPT Step 3: Prepare for email EMAIL Step 4: Send email

  22. BlindCA: TLS record as commitment CA SMTP server SMTP client (user) STARTTLS EHLO Step 1: Setup TLS and prepare for auth AUTH Step 2: Authentication MAIL DATA RCPT Step 3: Prepare for email EMAIL Step 4: Send email The SMTP AUTH message contains email account (user identity)

  23. BlindCA: Anonymous PAO CA SMTP server SMTP client (user) STARTTLS EHLO Step 1: Setup TLS and prepare for auth AUTH Step 2: Authentication MAIL DATA RCPT Step 3: Prepare for email EMAIL Step 4: Send email

  24. BlindCA: Anonymous PAO CA SMTP server SMTP client (user) STARTTLS EHLO Step 1: Setup TLS and prepare for auth AUTH Step 2: Authentication MAIL DATA RCPT Step 3: Prepare for email Challenge Commitment … abc eee… … EMAIL Step 4: Send email 123 fff… … ... ... …

  25. Prover produces a ZKBoo proof Issuer : BlindCA CA : Shares a certificate template with the user Subject : ?@abc Public key : ? o All fields are known except for subject and public key Version: … User : Fills in missing info, produces the hash of the cert; Generates a zkboo proof to show the knowledge of: • The email account (e1) and public key for forming the certificate • The opening of the TLS commitment: o secret keys, email account (e2) and password • e1 = e2 Single Boolean circuit! Giacomelli, Irene, Jesper Madsen, and Claudio Orlandi. "Zkboo: Faster zero-knowledge for boolean circuits." USENIX Security 2016.

  26. CA verifies proofs and signs Challenge: 123 Hash of cert: h User CA ZKboo proof Sign(h) Challenge Commitment … abc eee… … 123 fff… … ... ... …

  27. BlindCA overhead Loc 1 (No Tor) Loc2 (No Tor) Loc1 (With Tor) 2P-HMAC 0.01 0.03 0.31 2P-CBC 0.20 0.35 0.36 PAO 0.76 1.68 4.31 SMTP Baseline 0.31 0.77 3.33 The median time (seconds) to complete the 2P-HMAC, 2P-CBC (without offline), PAO (without offline) and normal SMTP-TLS • PAO Test with Gmail, UW-Madison, and Cornell SMTP servers: o PAO (without offline): 1.01s, 1.64s, 1.53s o Without PAO: 0.44s, 0.94s, 0.79s • BlindCA proof (136 ZKBoo proofs): o Size: 85M+ o Generation: 2.9s o Verification: 2.3s

  28. Session duration is not a good detector 15% > 10s! The distribution of the SMTP durations is long-tailed (based on 8K+ SMTP-TLS sessions).

  29. Summary • We design the first “blind” CA: a CA that can validate identities and issue certificates without learning the identity o SCI for TLS AES-CBC and AES-GCM (see paper) • Participation privacy: does not disclose to any party the identities of users • Please see our paper for more details (security proofs, security analysis, etc.)! Thank you!

  30. Title

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Certificate Transparency with Privacy Saba Eskandarian, Eran Messeri, Joe Bonneau, Dan Boneh

Certificate Transparency with Privacy Saba Eskandarian, Eran Messeri, Joe Bonneau, Dan Boneh

Certificate Transparency with Privacy Saba Eskandarian, Eran Messeri, Joe Bonneau, Dan Boneh Stanford Google NYU Stanford Certificate Authorities Public Key Certificate Authorities Public Key Certificate CA Certificate apo-CA-lypse

1.17k views • 63 slides
Some tales about TLS Hanno B ock https://hboeck.de/ 1 / 60 Introduction Certificate

Some tales about TLS Hanno B ock https://hboeck.de/ 1 / 60 Introduction Certificate

Introduction Certificate Authorities Algorithms Attacks HTTPS by default Future Final remarks Some tales about TLS Hanno B ock https://hboeck.de/ 1 / 60 Introduction Certificate Authorities Algorithms How broken is TLS? Attacks

1.23k views • 60 slides
Certificate Authorities and SSL/TLS/HTTPS Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu

Certificate Authorities and SSL/TLS/HTTPS Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu

CSE 484 / CSE M 584: Computer Security and Privacy Certificate Authorities and SSL/TLS/HTTPS Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John

622 views • 44 slides
Bamboozling Certificate Authorities with BGP Henry Birge-Lee, Yixin Sun, Anne Edmundson,

Bamboozling Certificate Authorities with BGP Henry Birge-Lee, Yixin Sun, Anne Edmundson,

Bamboozling Certificate Authorities with BGP Henry Birge-Lee, Yixin Sun, Anne Edmundson, Jennifer Rexford, Prateek Mittal Autonomous System (AS) NTT 2914 Internet at the highest level Routing within an AS is completely autonomous

713 views • 29 slides
http://detector.io kaie@kuix.de Most Certificate Authorities (CA) have the power to issue

http://detector.io kaie@kuix.de Most Certificate Authorities (CA) have the power to issue

http://detector.io kaie@kuix.de Most Certificate Authorities (CA) have the power to issue certificates for any domain This means, most CAs are single point of failures, they might get hacked, or their power could get abused (by creating

534 views • 26 slides
Certificate Transparency with Privacy Saba Eskandarian, Eran Messeri, Joe Bonneau, Dan Boneh

Certificate Transparency with Privacy Saba Eskandarian, Eran Messeri, Joe Bonneau, Dan Boneh

Certificate Transparency with Privacy Saba Eskandarian, Eran Messeri, Joe Bonneau, Dan Boneh Stanford Google NYU Stanford Certificate Authorities Public Key Certificate CA Certificate apo-CA-lypse apo-CA-lypse Certificate Transparency

722 views • 30 slides
Operation Black tulip: Certificate authorities loose authority 24th Annual FIRST Conference 19

Operation Black tulip: Certificate authorities loose authority 24th Annual FIRST Conference 19

Operation Black tulip: Certificate authorities loose authority 24th Annual FIRST Conference 19 June 2012, Malta Dr. Marnix Dekker, CISA Security expert Information security officer ENISA www.enisa.europa.eu About ENISA o The European

461 views • 30 slides
N. Healing two blind men and a deaf mute Matthew 9:27 34 1. Matthew 9:27 These blind

N. Healing two blind men and a deaf mute Matthew 9:27 34 1. Matthew 9:27 These blind

N. Healing two blind men and a deaf mute Matthew 9:27 34 1. Matthew 9:27 These blind men called to Jesus using the Messianic title Son of David . Matthew implied that these blind men saw more than the Pharisees and other national leaders

639 views • 27 slides
Fintech Certificate Fintech Certificate Fintech Certificate 2 Investment Case The AtonR

Fintech Certificate Fintech Certificate Fintech Certificate 2 Investment Case The AtonR

Fintech Certificate Fintech Certificate Fintech Certificate 2 Investment Case The AtonR Fintech Index is a long-only, USD-based, actively managed total return index. The pace of innovation in financial technology (Fintech) has been

616 views • 26 slides
A1 (Part 3): Injection Blind SQL Injection Blind SQL Injection SQL injectio ion that tricks ks

A1 (Part 3): Injection Blind SQL Injection Blind SQL Injection SQL injectio ion that tricks ks

A1 (Part 3): Injection Blind SQL Injection Blind SQL Injection SQL injectio ion that tricks ks databases into reveal l information by way of the success or failure of injected querie ies Analogous example le: Login prompt that stops ps

602 views • 14 slides
NEO PA/VA system EN 54 -16 Certificate No. 2426-CPR-105 PA/VA System EN 54 -16 Certificate No.

NEO PA/VA system EN 54 -16 Certificate No. 2426-CPR-105 PA/VA System EN 54 -16 Certificate No.

NEO PA/VA system EN 54 -16 Certificate No. 2426-CPR-105 PA/VA System EN 54 -16 Certificate No. 2426-CPR-105 NEO is an innovative Public Address and Voice Alarm system that allows an easy audio installation with just one piece of equipment.

326 views • 7 slides
CANADIANS WHO ARE BLIND, DEAF-BLIND, AND PARTIALLY- SIGHTED Keith D Gordon Ph.D. Senior

CANADIANS WHO ARE BLIND, DEAF-BLIND, AND PARTIALLY- SIGHTED Keith D Gordon Ph.D. Senior

THE IMPACT OF THE COVID-19 PANDEMIC ON CANADIANS WHO ARE BLIND, DEAF-BLIND, AND PARTIALLY- SIGHTED Keith D Gordon Ph.D. Senior Research Officer Canadian Council of the Blind COVID-19 Impact Survey Objective To determine the impact that

822 views • 36 slides
Blind/Visually Impaired Silvia Ludena Veronica Sarabia Katie Stoddard Huong Vo Blind/Visually

Blind/Visually Impaired Silvia Ludena Veronica Sarabia Katie Stoddard Huong Vo Blind/Visually

Blind/Visually Impaired Silvia Ludena Veronica Sarabia Katie Stoddard Huong Vo Blind/Visually Impaired Any loss of ability to gather information by seeing might be considered a visual impairment Total Blindness - vision Legally blind - is the

1.19k views • 42 slides
1 4/3/2015 AMEs In Your Area If You Decide to Renew Your Medical So Whats This Light Sport

1 4/3/2015 AMEs In Your Area If You Decide to Renew Your Medical So Whats This Light Sport

4/3/2015 New Plastic Pilot Certificate So, Where Do I Start? What we will cover today Your old paper certificate is no longer valid. What it takes to be PIC again Google Search: Replacement of Airmen Certificate What has

485 views • 35 slides
Certificate of Recognition Certificate of Recognition - Defined COR is a health and safety

Certificate of Recognition Certificate of Recognition - Defined COR is a health and safety

Certificate of Recognition Certificate of Recognition - Defined COR is a health and safety certification program National standard supported by the Canadian Federation of Construction Safety Association (CFCSA) Aimed at driving

320 views • 10 slides
Visual disability Low vision 2015 Estimated blind people 2020 Visually impaired 285 M Blind

Visual disability Low vision 2015 Estimated blind people 2020 Visually impaired 285 M Blind

Visual disability Low vision 2015 Estimated blind people 2020 Visually impaired 285 M Blind 54 M Blind 39 M Global data souce: WHO, IBU See the world through the eyes of a visually impaired person Normal vision Cataract Glaucoma

562 views • 28 slides
Transaction Processing on Confidential Data using Cipherbase Arvind Arasu, Ken Eguro, Manas

Transaction Processing on Confidential Data using Cipherbase Arvind Arasu, Ken Eguro, Manas

Transaction Processing on Confidential Data using Cipherbase Arvind Arasu, Ken Eguro, Manas Joglekar* Raghav Kaushik, Donald Kossmann, Ravi Ramamurthy Microsoft Research Stanford University* Cloud Data Security Concerns Data in the cloud

658 views • 36 slides
Message Integrity CBC-MAC and NMAC Dan Boneh MACs and

Message Integrity CBC-MAC and NMAC Dan Boneh MACs and

Online Cryptography Course

158 views • 13 slides
Block Cipher Operation CBC CFB OFB CSS441: Security and Cryptography CTR Feedback Sirindhorn

Block Cipher Operation CBC CFB OFB CSS441: Security and Cryptography CTR Feedback Sirindhorn

CSS441 Block Cipher Operation Modes ECB Block Cipher Operation CBC CFB OFB CSS441: Security and Cryptography CTR Feedback Sirindhorn International Institute of Technology XTS-AES Thammasat University Prepared by Steven Gordon on 20

871 views • 32 slides
Toward Never-Ending Learning of Semantic Knowledge Justin Betteridge, Andrew Carlson, Estevam R.

Toward Never-Ending Learning of Semantic Knowledge Justin Betteridge, Andrew Carlson, Estevam R.

Toward Never-Ending Learning of Semantic Knowledge Justin Betteridge, Andrew Carlson, Estevam R. Hruschka Jr., Tom M. Mitchell (with help from Sue Ann Hong, Sophie Wang, Richard Wang) Carnegie Mellon University March 2009 Our Goal:

645 views • 23 slides
CSCE 790 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2020

CSCE 790 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2020

CSCE 790 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2020 Previous Class Classical Cryptography Frequency analysis Never use home-made cryptography Goals of Cryptography

527 views • 26 slides
Derandomised lattice rules for high dimensional integration Ian Sloan i.sloan@unsw.edu.au

Derandomised lattice rules for high dimensional integration Ian Sloan i.sloan@unsw.edu.au

Derandomised lattice rules for high dimensional integration Ian Sloan i.sloan@unsw.edu.au University of New South Wales, Sydney, Australia RICAM, December, 2018 Joint with Yoshihito Kazashi (EPFL) and Frances Kuo (UNSW) We want to approximate

822 views • 45 slides
Space-Efficient Block Storage Integrity Alina Oprea, Michael Reiter, and Ke Yang NDSS 05

Space-Efficient Block Storage Integrity Alina Oprea, Michael Reiter, and Ke Yang NDSS 05

Space-Efficient Block Storage Integrity Alina Oprea, Michael Reiter, and Ke Yang NDSS 05 Presented by Lucas Ballard and Josh Mason Outline Description of the problem Related Work Background Material Proposed Schemes /

718 views • 71 slides
Lecture 19 Randomness, Pseudo Randomness, and Confidentiality Stephen Checkoway University

Lecture 19 Randomness, Pseudo Randomness, and Confidentiality Stephen Checkoway University

Lecture 19 Randomness, Pseudo Randomness, and Confidentiality Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides from Miller and Baileys ECE 422 Randomness and Pseudorandomness Review Problem:

1.69k views • 33 slides

More recommend