coniks key transparency
play

CONIKS (KEY TRANSPARENCY) Slides adapted from Marcela Melara Any - PowerPoint PPT Presentation

Nov 26, 2023 •721 likes •1.5k views

CONIKS (KEY TRANSPARENCY) Slides adapted from Marcela Melara Any scriber for today? Sign up for presentations or scribers The problem of the PKI (Public key infrastructure) A long standing problem has been to distribute public keys

  1. CONIKS (KEY TRANSPARENCY) Slides adapted from Marcela Melara

  2. Any scriber for today? • Sign up for presentations or scribers

  3. The problem of the PKI (Public key infrastructure) • A long standing problem has been to distribute public keys securely in the presence of attackers • Use cases: • Secure messaging: Alice needs to send an encrypted message to Bob and needs Bob’s public key to encrypt the message • Web surfing and https: when Alice’s browser contacts amazon.com over https, we need Amazon’s PK • Man in the middle attacker can intercept PK and return incorrect PK

  4. “Secure” Communication Today SSL/TLS Certificate: ( foo.com , PK f ) Certificate Email Provider foo.com Authority HTTP HTTP + + SSL/TLS SSL/TLS User User Alice Bob

  5. Attack: Hackers SSL/TLS Certificate: ( foo.com , PK f ) Certificate Email Provider foo.com Authority HTTP HTTP + + SSL/TLS SSL/TLS User User Alice Bob

  6. Attack: Disgruntled Employees SSL/TLS Certificate: ( foo.com , PK f ) Certificate Email Provider foo.com Authority HTTP HTTP + + SSL/TLS SSL/TLS User User Alice Bob

  7. Attack: Provider Coercion SSL/TLS Certificate: ( foo.com , PK f ) Certificate Email Provider foo.com Authority HTTP HTTP + + SSL/TLS SSL/TLS User User Alice Bob

  8. CAs are Vulnerable SSL/TLS Certificate: ( foo.com , PK f ) Certificate Email Provider foo.com Authority HTTP HTTP + + SSL/TLS SSL/TLS User User Alice Bob

  9. CAs are Vulnerable SSL/TLS Certificate: ( foo.com , PK f ) Certificate Email Provider foo.com Authority HTTP HTTP “hey, I’m + + foo.com ” SSL/TLS SSL/TLS Hacker foo.com User User Alice Bob

  10. CAs are Vulnerable SSL/TLS Certificate: ( foo.com , PK f ) Certificate Email Provider foo.com Authority HTTP HTTP Certificate: + + ( foo.com , PK evil ) SSL/TLS SSL/TLS Hacker foo.com User User Alice Bob

  11. Attack: Fraudulent Certificates SSL/TLS Certificate: ( foo.com , PK f ) Certificate Email Provider foo.com Authority HTTP HTTP + + SSL/TLS SSL/TLS User User Alice Bob

  12. Attack: Fraudulent Certificates SSL/TLS Certificate: ( foo.com , PK f ) Certificate Email Provider foo.com Authority Certificate: ( foo.com , PK evil ) Hacker HTTP foo.com + SSL/TLS HTTP User User + Alice Bob SSL/TLS

  13. Need End-to- End Encryption… Email Provider foo.com E2E Encryption E2E Encryption User User Alice Bob … But Key Management is Hard

  14. Decentralized Key Management PK Alice : DEF456 PK Bob : 123ABC User User Alice Bob Manual key exchange

  15. Decentralized Key Management Alice trusts PK Bob User User Alice Bob Bob trusts PK Alice Mutual Endorsement

  16. Decentralized KM: Pitfalls PK Alice : DEF456 PK Bob : 123ABC User User Alice Bob Lost keys

  17. Decentralized KM: Pitfalls Should be PK Alice : DEF456 AB PK Bob : 123BAC User User Alice Bob Mistakes transferring keys

  18. PGP Key Servers Email Provider foo.com E2E Encryption E2E Encryption User User Alice Bob PGP Key PK Bob PK Alice Server X

  19. PGP Key Servers

  20. Key Signing Parties

  21. Trusting the Web of Trust XKCD, Responsible Behavior

  22. Crux of WoT Issues • Decentralized model: people reason about encryption. • Studies: • Unintuitive and error-prone. • Users don’t understand encryption. • Leak private information. [1] A. Whitten and J. D. Tygar. Why Johnny can’t encrypt : a usability evaluation of PGP 5.0. USENIX Security, Aug. 1999 [2] S. Gaw, E. W. Felten, and P. Fernandez-Kelly. Secrecy, flagging, and paranoia: Adoption criteria in encrypted email . CHI, Apr 2006.

  23. Better: Centralized Key Management Email + Key Provider foo.com Register Register 1 1 (alice → PK A ) (bob → PK B ) User User Alice Bob

  24. Better: Centralized Key Management Email + Key Provider foo.com Register Look up Alice’s 1 2 3 3 (alice → PK A ) public key: PK A Send message encrypted to PK A , signed by SK B User User Alice Bob

  25. Insider Attacks, still. Email + Key This isn’t Alice’s Provider real key! foo.com Register Look up Alice’s 1 2 (alice → PK A ) public key: PK’ A User User Alice Bob

  26. Insider Attacks, still. Email + Key Provider Read message foo.com 4 encrypted to PK’ A Send message encrypted to PK’ A , 3 signed by SK B User User Alice Bob

  27. Old Approach: Correct Identities Bob’s real-world friend Alice? Certificate Name: alice@foo.com PK A : 456DEF Alice Owner: Alice Signed by: CA alice@foo.com

  28. New Approach: Consistent Identities • Users expect consistency of online identities. • Separate real-world identity from online identity. • Certificates make no statement about correctness.

  29. Consistency No unexpected key changes Non-Equivocation Alice’s key today = Alice’s key yesterday Key seen by Alice = Key seen by Bob

  30. Solution: a promising new generation • CONIKS • An alternative Public Key Infrastructure (PKI) • Embedded in Google’s project called Key Transparency or Trillian • The key data structure is the Log-backed Verified Map • Certificate Transparency • Similar technology to Key Transparency but aimed at certificates • Currently mandated by Chrome, other browser support coming up

  31. CONIKS [Melara et al. 2014] • End-User Key Management Service. • Consistent name-to-key bindings. • Verifiable key directories → Untrusted identity providers. • Clients verify consistency in-band. → automated key management

  32. CONIKS Overview Untrusted Identity Provider foo.com Register Register 1 1 (alice → PK A ) (bob → PK Bs ) Client Client A B User User Alice Bob

  33. CONIKS Overview Untrusted Identity Provider foo.com Look up the public key 4 Look up public key for bob: 2 for alice: PK A PK B , verify signature, decrypt using SK A Client Client A B User User 3 Alice Bob Send message encrypted to PK A , signed by SK B

  34. Strawman Design Untrusted Identity Provider foo.com Validity Checks O(N) storage per client N = 4 Client Client Client Client A C B D Non-equivocation Checks O(N 2 ) downloads per client

  35. CONIKS Design • Divide time into epochs. • Providers generate snapshots of directory. → Clients do not check individual bindings. • Providers distribute snapshots to other providers. → Build publicly verifiable history • Non-repudiation: Snapshots are digitally signed.

  36. Efficient Snapshots root foo.com H(sub L ) H(sub R ) H(sub L ) H(sub R ) H(sub L ) H(sub R ) i george : i charlie : i emily : i alice : PK George PK Charlie PK Emily PK Alice

  37. Efficient Snapshots root foo.com H(sub L ) H(sub R ) 0 1 H(sub L ) H(sub R ) H(sub L ) H(sub R ) 0 1 0 1 i george : i charlie : i emily : i alice : PK George PK Charlie PK Emily PK Alice

  38. Checking Consistency • Use snapshots to check for consistency. • Clients need to ensure bindings are included in snapshots. • Lookups: prove inclusion of bindings in directory. • Clients check validity, non-equivocation. • Providers cross-verify each other for non-equivocation.

  39. Proving Inclusion: Authentication Paths root foo.com H(sub L ) H(sub R ) 0 1 H(sub L ) H(sub R ) H(sub L ) H(sub R ) 0 1 i charlie : i alice : PK Charlie PK Alice

  40. Proving Inclusion: Authentication Paths root foo.com H(sub L ) H(sub R ) 0 H(sub L ) H(sub R ) 0 i alice : PK Alice

  41. Checking Non-Equivocation: Snapshot History Snapshot 0 Snapshot prev Snapshot t 0 -1 t prev t prev-1 t t prev … H(seed) root 0 H(root prev-1 ) root prev H(root prev ) root t Trillian calls this: Log-backed Verified Map

  42. Checking Non-Equivocation: Snapshot History Snapshot prev Snapshot t t prev t prev-1 t t prev Snapshot 0 H(root prev-1 ) root prev H(root prev ) root t 0 -1 … H(seed) root 0 Snapshot’ prev Snapshot’ t t prev t prev-1 t t prev H (root’ prev-1 ) r oot’ prev H( root’ prev ) r oot’ t The server can try a fork attack, but after fork the provider must maintain these forked hash chains for the rest of time, and not allow clients seeing one branch of the hash chain to communicate with anyone seeing the other branch.

  43. CONIKS Protocols • Registration: New bindings/updated keys. • Lookups: Clients check bindings are included in directory. • Monitoring: Clients check for validity of bindings. • Auditing: Clients & providers check for non-equivocation.

  44. CONIKS Protocols • Registration: New bindings/updated keys. • Lookups: Clients check bindings are included in directory. • Monitoring: Clients check for validity of bindings. • Auditing: Clients & providers check for non-equivocation.

  45. Registration Protocol Untrusted Identity Provider foo.com Temporary binding = Register 2 3 (alice → PK A ) [(alice → PK A ) + next epoch], Sig(TB) Client Client A B 1 User User Generate key pair Alice (PK A , SK A ) Bob

  46. CONIKS Protocols • Registration: new bindings/updated keys. • Lookups: Clients check bindings are included in directory. • Monitoring: Clients check for validity of bindings. • Auditing: Clients & providers check for non-equivocation.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CONIKS (KEY TRANSPARENCY) Slides adapted from Marcela Melara The problem of the PKI (Public key

CONIKS (KEY TRANSPARENCY) Slides adapted from Marcela Melara The problem of the PKI (Public key

[USENIX Security 15, Marcela S. Melara, Aaron Blankstein, Joseph Bonneau, Edward W. Felten, Michael J. Freedman] CONIKS (KEY TRANSPARENCY) Slides adapted from Marcela Melara The problem of the PKI (Public key infrastructure) A long

918 views • 59 slides
CONIKS BRINGING KEY TRANSPARENCY TO END USERS Marcela Melara Aaron Blankstein, Joseph Bonneau*,

CONIKS BRINGING KEY TRANSPARENCY TO END USERS Marcela Melara Aaron Blankstein, Joseph Bonneau*,

CONIKS BRINGING KEY TRANSPARENCY TO END USERS Marcela Melara Aaron Blankstein, Joseph Bonneau*, Edward W. Felten, Michael J. Freedman Princeton University, *Stanford University/EFF E2E Encrypted Communication Today Users growing demand

516 views • 26 slides
1. Why transparency? Results 1 - 100 of about 2,430,000 for transparency democracy No

1. Why transparency? Results 1 - 100 of about 2,430,000 for transparency democracy No

Politics and Information: Discussion Notes 1. Why transparency? Results 1 - 100 of about 2,430,000 for transparency democracy No democratic society worthy of the name can govern itself without transparency and information. Onthecommons.org

461 views • 5 slides
Transparency initiatives and the TGA Dr Peter Papathanasiou Transparency & Advisory

Transparency initiatives and the TGA Dr Peter Papathanasiou Transparency & Advisory

Transparency initiatives and the TGA Dr Peter Papathanasiou Transparency & Advisory Management Section Prescription Medicines Authorisation Branch Market Authorisation Division, TGA ARCS Scientific Congress Canberra 2016 Two transparency

652 views • 36 slides
www.transparencyindia.org Transparency International India Transparency International-India

www.transparencyindia.org Transparency International India Transparency International-India

www.transparencyindia.org Transparency International India Transparency International-India is the accredited Indian National Chapter of Transparency International. It was established in 1997. Transparency International India endeavors

603 views • 45 slides
Transparency GEF Secretariat Background Paris Agreement, Transparency, and CBIT Paris Agreement

Transparency GEF Secretariat Background Paris Agreement, Transparency, and CBIT Paris Agreement

Capacity-building Initiative for Transparency GEF Secretariat Background Paris Agreement, Transparency, and CBIT Paris Agreement Article 13: Transparency To build mutual trust and confidence and to promote effective implementation

643 views • 15 slides
Fiscal Transparency and Accountability Overview Importance of Institutional Transparency

Fiscal Transparency and Accountability Overview Importance of Institutional Transparency

September 28, 2017 Alex Hathaway Center for State and Local Finance Fiscal Transparency and Accountability Overview Importance of Institutional Transparency Review of the Literature Methodology Volcker Alliance questions

343 views • 16 slides
NUCLEAR TRANSPARENCY WATCH Prevent and anticipate through transparency and participation

NUCLEAR TRANSPARENCY WATCH Prevent and anticipate through transparency and participation

NUCLEAR TRANSPARENCY WATCH Prevent and anticipate through transparency and participation Activities of NTW Workshop on Environmental Mapping: Mobilising Trust in Measurements and Engaging Scientific Citizenry Nadja Zeleznik nzeleznik@rec.org

338 views • 30 slides
Breaking down data silos for improved insight a data transparency perspective Transparency

Breaking down data silos for improved insight a data transparency perspective Transparency

Breaking down data silos for improved insight a data transparency perspective Transparency an organisational view Transparency is all about the release of information by institutions or companies that is relevant for the evaluation of

883 views • 32 slides
transparency: Opportunities of the Fisheries Transparency Initiative (FiTI) 16 Session COFI

transparency: Opportunities of the Fisheries Transparency Initiative (FiTI) 16 Session COFI

Driving change in fisheries trade through transparency: Opportunities of the Fisheries Transparency Initiative (FiTI) 16 Session COFI Sub-Committee on Fish trade / Busan, 6 September 2017 The necessity of transparency in fisheries International

346 views • 15 slides
www.transparency.org.nz Policy Implications of Transparency International Integrity Plus 2013

www.transparency.org.nz Policy Implications of Transparency International Integrity Plus 2013

1 www.transparency.org.nz Policy Implications of Transparency International Integrity Plus 2013 NZ's National Integrity System Assessment The Treasury Friday 14 th March 2014 1:30pm- 3:00pm liz.brown@paradise.net.nz mpetrie@esg.co.nz

947 views • 45 slides
The Pay Transparency Challenge Deciding Where to Fall on the Salary Transparency Spectrum

The Pay Transparency Challenge Deciding Where to Fall on the Salary Transparency Spectrum

The Pay Transparency Challenge Deciding Where to Fall on the Salary Transparency Spectrum Mykkah Herner, MA, CCP Director of Professional Services Paige Hanley, CCP Sr. Compensation Professional 14,000 Positions 3000 Customers 11 Countries

371 views • 35 slides
LONGITUDINAL DATA AND FISCAL IMPACT TRANSPARENCY Transparency is telling all of the people all of

LONGITUDINAL DATA AND FISCAL IMPACT TRANSPARENCY Transparency is telling all of the people all of

TIF FINANCING: Allan-Charles Chipman LONGITUDINAL DATA AND FISCAL IMPACT TRANSPARENCY Transparency is telling all of the people all of the truth Transparency can be violated in two ways: 1. Telling some of the people all of the truth 2.

518 views • 35 slides
Transparency-Enhancing Tools PETs PhD Course at Chalmers Tobias Pulls Karlstad University,

Transparency-Enhancing Tools PETs PhD Course at Chalmers Tobias Pulls Karlstad University,

Transparency TETs Transparency Logging A4Cloud Summary Transparency-Enhancing Tools PETs PhD Course at Chalmers Tobias Pulls Karlstad University, Sweden tobias.pulls@kau.se October 29, 2012 Transparency TETs Transparency Logging

1.05k views • 59 slides
Driving Success Driving Success Through Transparency Through Transparency 2013-14 IAE Industry

Driving Success Driving Success Through Transparency Through Transparency 2013-14 IAE Industry

Driving Success Driving Success Through Transparency Through Transparency 2013-14 IAE Industry Outreach Meeting 3 May 13, 2014 Welcome! We look forward to a dialog today. You will have the opportunity to post questions throughout the

410 views • 37 slides
EMEA Transparency Policy Current transparency level Overall acceptable Increase

EMEA Transparency Policy Current transparency level Overall acceptable Increase

EMEA Transparency Policy Current transparency level Overall acceptable Increase information on working parties/scientific committees Further improve management of EMEA website Product related issues Current

337 views • 7 slides
1 Expected learning outcomes After the course students will be able to: exemplify how the

1 Expected learning outcomes After the course students will be able to: exemplify how the

Ume University Department of Computing Science Emergent systems Spring-15 Jonny Pettersson http://www.cs.umu.se/kurser/5DV017/VT15 19/1 - 15 Emergent Systems, Jonny Pettersson, UmU Course Description Element 1, theory, 4,5

528 views • 11 slides
Introduction to Logic David Pattillo University of Notre Dame Fall, 2015 David Pattillo

Introduction to Logic David Pattillo University of Notre Dame Fall, 2015 David Pattillo

What is Logic? Important Forms Making Arguments Explicit Introduction to Logic David Pattillo University of Notre Dame Fall, 2015 David Pattillo Introduction to Logic What is Logic? Important Forms Making Arguments Explicit Arguments

526 views • 28 slides
IT350 Web and Internet Programming SlideSet #18: HTTP Authentication

IT350 Web and Internet Programming SlideSet #18: HTTP Authentication

IT350 Web and Internet Programming SlideSet #18: HTTP Authentication http://www.httpwatch.com/httpgallery/authentication/ http://httpd.apache.org/docs/2.2/howto/auth.html Outline HTTP Basic Authentication HTTP Digest Authentication 1

349 views • 8 slides
Tulane's Hogan Jazz Archive Photography Collection CONTENTdm repository of digitized

Tulane's Hogan Jazz Archive Photography Collection CONTENTdm repository of digitized

Tulane's Hogan Jazz Archive Photography Collection CONTENTdm repository of digitized photos 581 digital images 530 unique individuals roughly 1,160 depictions, i.e., people depicted in photos Linking the Tulane Data

457 views • 16 slides
CSCI 104 C++ STL; Iterators, Maps, Sets Mark Redekopp David Kempe 2 Container Classes

CSCI 104 C++ STL; Iterators, Maps, Sets Mark Redekopp David Kempe 2 Container Classes

1 CSCI 104 C++ STL; Iterators, Maps, Sets Mark Redekopp David Kempe 2 Container Classes ArrayLists, LinkedList, Deques, etc. are classes used simply for storing (or contain) other items C++ Standard Template Library provides

660 views • 27 slides
Wednesday, ay, J July 2 y 29 th th 10:3 :30 a a.m. . 11:1 :15 a a.m. ( . (MST) Pane

Wednesday, ay, J July 2 y 29 th th 10:3 :30 a a.m. . 11:1 :15 a a.m. ( . (MST) Pane

Wednesday, ay, J July 2 y 29 th th 10:3 :30 a a.m. . 11:1 :15 a a.m. ( . (MST) Pane Pa nel Johnny DeLoach is a Client Jerry Gray is the founder and David Jonas is a Haynes project Services Advisor for Haynes president of

367 views • 10 slides
A Bayesian Multi-armed Bandit Approa ci for Identifying Human Vulnerabilities Erik Miehling,

A Bayesian Multi-armed Bandit Approa ci for Identifying Human Vulnerabilities Erik Miehling,

A Bayesian Multi-armed Bandit Approa ci for Identifying Human Vulnerabilities Erik Miehling, Baicen Xiao, Radha Poovendran, and Tamer Ba ar October 31, 2018 GameSec 2018 Sea tu le, WA Social Engineering Atta cl s Social engineering a tu

339 views • 18 slides
World Building In A Nutshell World building is the process of constructing an imaginary

World Building In A Nutshell World building is the process of constructing an imaginary

World Building In A Nutshell World building is the process of constructing an imaginary world. World building produces a rich setting that appeals to certain types of players. In addition to Aesthetics , we can use GNS Theory and

796 views • 40 slides

More recommend