cryptographic reverse firewall via malleable smooth
play

Cryptographic Reverse Firewall via Malleable Smooth Projective Hash - PowerPoint PPT Presentation

May 16, 2023 β€’109 likes β€’639 views

Cryptographic Reverse Firewall via Malleable Smooth Projective Hash Functions Rongmao Chen, Yi Mu, Guomin Yang , Willy Susilo, Fuchun Guo and Mingwu Zhang Asiacrypt 2016, Hanoi Outline n Background n Cryptographic Reverse Firewall n Part

  1. Cryptographic Reverse Firewall via Malleable Smooth Projective Hash Functions Rongmao Chen, Yi Mu, Guomin Yang , Willy Susilo, Fuchun Guo and Mingwu Zhang Asiacrypt 2016, Hanoi

  2. Outline n Background n Cryptographic Reverse Firewall n Part I: Malleable Smooth Projective Hash Function n Part II: CRF Constructions Via Malleable SPHFs n Unkeyed Message Transmission Protocol n Oblivious Signature-Based Envelope Protocol n Oblivious Transfer Protocol n Conclusions and Future Work

  3. Outline n Background n Cryptographic Reverse Firewall n Part I: Malleable Smooth Projective Hash Function n Part II: CRF Constructions Via Malleable SPHFs n Unkeyed Message Transmission Protocol n Oblivious Signature-Based Envelope Protocol n Oblivious Transfer Protocol n Conclusions and Future Work

  4. Background q Edward Snowden Revelations q Massive surveillance by intelligence agencies q Undermining security mechanisms q subverting cryptographic protocols q deploying security weakness in implementations

  5. Background q Edward Snowden Revelations q Massive surveillance by intelligence agencies q Undermining security mechanisms q subverting cryptographic protocols q deploying security weakness in implementations q Post-Snowden Cryptography q How to achieve meaningful security for cryptographic protocols in the presence of an adversary that may arbitrarily tamper with the victim’s machine?

  6. IACR Statement On Mass Surveillance The membership of the IACR repudiates mass surveillance and the undermining of cryptographic solutions and standards , Population-wide surveillance threatens democracy and human dignity. We call for expediting research and deployment of effective techniques to protect personal privacy against governmental and corporate overreach. -- Copenhagen, Eurocrypt 2014

  7. Outline n Background n Cryptographic Reverse Firewall n Part I: Malleable Smooth Projective Hash Function n Part II: CRF Constructions Via Malleable SPHFs n Unkeyed Message Transmission Protocol n Oblivious Signature-Based Envelope Protocol n Oblivious Transfer Protocol n Conclusions and Future Work

  8. Cryptographic Reverse Firewall [MS15] p A stateful algorithm 𝒳 p Input: current state 𝜐 and message 𝑛 p Output: updated state πœΜƒ and message 𝑛 % p A β€œcomposed” party 𝒳 ∘ P 𝒳 is applied to the incoming and outgoing messages of p party P p the state of 𝒳 is initialized to the public parameters 𝒳 is called a reverse firewall for P p p β€œactive router” between P ’s private network and the outside 𝑛 1 𝑛 1 * … … 𝑛 π‘œ * 𝑛 π‘œ P 𝒳

  9. Cryptographic Reverse Firewall [MS15] p Stackable reverse firewalls p composition of multiple reverse firewalls 𝒳 ∘ 𝒳 ∘ β‹― ∘ 𝒳 ∘ P p Transparent to legitimate traffic p does not break functionality ( Functionality-maintaining ) p 𝒳 shares no secret with P p we do not trust the firewall ( Security-preserving ) p No corrupted implementation of P can leak information through 𝒳 ( Exfiltration-resistant ) 𝑛 1 𝑛 1 * … … 𝑛 π‘œ * 𝑛 π‘œ P 𝒳

  10. Property I: Functionality-Maintaining p Underlying protocol has some functionality 𝑛 1 … 𝑛 π‘œ y A y B p Protocol with 𝒳 has the same functionality 𝑛 1 𝑛 1 * … … 𝑛 π‘œ * 𝑛 π‘œ y A y B

  11. Property II: Security-Preserving p Underlying protocol satisfies some security notions 𝑛 1 … 𝑛 π‘œ p Protocol with 𝒳 satisfies the same security notions 𝑛 1 𝑛 1 * … … 𝑛 π‘œ * 𝑛 π‘œ

  12. Property II: Security-Preserving p Corrupted implementation may break the security 𝑛 1 … 𝑛 π‘œ p Corrupted protocol with 𝒳 remains secure 𝑛 1 𝑛 1 * … … 𝑛 π‘œ * 𝑛 π‘œ Strong vs Weak Security-Preserving Eavesdropper vs Peer Party

  13. Property III: Exfiltration-Resistant p Corrupted implementation of P cannot leak any information to an eavesdropping attacker 𝑛 1 𝑛 1 * … … 𝑛 π‘œ * 𝑛 π‘œ β‰ˆ 𝑫 𝑛 1 𝑛 1 * … … 𝑛 π‘œ * 𝑛 π‘œ Strong vs Weak Exfiltration-Resistance Eavesdropper vs Peer Party

  14. Research Goal The β€œholy grail” would be a full characterization of functionalities and security properties for which reverse firewall exists. -- By Mironov and Stephens-Davidowitz Eurocrypt 2015 This work: a general approach for designing CRFs for functionalities that are realizable by Smooth Projective Hash Functions

  15. Outline n Background n Cryptographic Reverse Firewall n Part I: Malleable Smooth Projective Hash Function n Part II: CRF Constructions Via Malleable SPHFs n Unkeyed Message Transmission Protocol n Oblivious Signature-Based Envelope Protocol n Oblivious Transfer Protocol n Conclusions and Future Work

  16. Smooth Projective Hash Function [CS02] SPHFSetup ( 1 π‘š )=pp; HashKG (pp)=hk ; ProjKG (pp,hk)=hp Hash (pp,hk, C ) L ( C, w ) ProjHash (pp,hp, C , w ) … X Y C’ V’ Hash (pp,hk, C’ ) X/L … … p Correctness : Hash (pp,hk, C ) = ProjHash (pp,hp, C , w ); $ Y ; p Smoothness : V’ β‰ˆ S R p Hard Subset Membership : L β‰ˆ 𝐷 X/L

  17. Our Extension: Malleable SPHF p Randomness Sampling p SampR (pp) ⟢ 𝑠 % SampW (pp) ⟢ w * p p Projection Key Updating 8 MaulK (pp,hp, 𝑠 % ) ⟢ hp p 8 MaulH (pp,hp, 𝑠 % , C ) ⟢ hv p p Element Re-randomization 8 ReranE (pp, C , π‘₯ * ) ⟢ 𝐷 p 8 ReranH (pp,hp, C , π‘₯ * ) ⟢ hv p

  18. Our Extension: Malleable SPHF p Property I: Projection Key Malleability hp if exists hk w C Hash ProjHash = hv’ hv

  19. Our Extension: Malleable SPHF p Property I: Projection Key Malleability hp hk C Hash hv

  20. Our Extension: Malleable SPHF p Property I: Projection Key Malleability 8 β‰ˆ 𝐷 hp 1 8 β‘  hp 0 8 hp hp MaulK 𝑠 % SampR hk C Hash hv 8 = h β‘‘ hv βˆ— hv

  21. Our Extension: Malleable SPHF p Property I: Projection Key Malleability 8 β‰ˆ 𝐷 hp 1 8 β‘  hp 0 8 hp hp MaulK 𝑠 % SampR hk 8 C hk Hash Hash hv hv’ 8 = h β‘‘ hv βˆ— hv

  22. Our Extension: Malleable SPHF p Property I: Projection Key Malleability 8 β‰ˆ 𝐷 hp 1 8 β‘  hp 0 8 hp hp MaulK 𝑠 % SampR hk 8 C hk Hash Hash MaulH 8 hv hv hv’ 8 = hv’ β‘‘ hv βˆ— hv

  23. Our Extension: Malleable SPHF p Property II: Element Re-randomizability C hk Hash hv

  24. Our Extension: Malleable SPHF p Property II: Element Re-randomizability 8 β‰ˆ 𝐷 𝐷 1 8 β‘  𝐷 0 > C ReranE 𝐷 π‘₯ % SampW hk Hash hv 8 = h β‘‘ hv βˆ— β„Žπ‘€

  25. Our Extension: Malleable SPHF p Property II: Element Re-randomizability 8 β‰ˆ 𝐷 𝐷 1 8 β‘  𝐷 0 > C ReranE 𝐷 π‘₯ % SampW hp hk hk Hash Hash hv hv’

  26. Our Extension: Malleable SPHF p Property II: Element Re-randomizability 8 β‰ˆ 𝐷 𝐷 1 8 β‘  𝐷 0 > C ReranE 𝐷 π‘₯ % SampW hp hk hk Hash Hash ReranH 8 hv hv hv’ 8 = hv’ β‘‘ hv βˆ— hv

  27. Our Extension: Malleable SPHF p Property II: Element Re-randomizability 8 β‰ˆ 𝐷 𝐷 1 8 β‘  𝐷 0 > C ReranE 𝐷 π‘₯ % SampW > ∈ L iff β‘’ 𝐷 C ∈ L hp hk hk Hash Hash ReranH 8 hv hv hv’ 8 = hv’ β‘‘ hv βˆ— hv

  28. A Generic Construction of Malleable SPHF p Graded Rings [BCC+13] p common formalization of cyclic groups, bilinear groups, and multilinear groups p βˆ€ 𝑏, 𝑐 ∈ 𝕬 π‘ž , 𝑏⨁𝑐 = 𝑏 + 𝑐, 𝑏⨀𝑐 = 𝑏 L 𝑐 PQ οΌ› βˆ€ 𝑑 ∈ 𝕬 π‘ž , p βˆ€ 𝑣 1 , 𝑀 1 ∈ 𝔿, 𝑣 1 ⨁𝑀 1 = 𝑣 1 L 𝑀 1 , 𝑣 1 βŠ– 𝑀 1 = 𝑣 1 L 𝑀 1 𝑑⨀𝑣 1 = 𝑣 1 𝑑 p βˆ€ 𝑣 1 , 𝑀 1 ∈ 𝔿, 𝑣 1 ⨀𝑀 1 = 𝑓 𝑣 1 , 𝑀 1 ∈ 𝔿 π‘ˆ (𝑓: 𝔿×𝔿 ⟢ 𝔿 π‘ˆ ) p Generic SPHF via Graded Rings [BCC+13] π›₯: 𝒴 ⟼ 𝔿 [Γ—\ , π›ͺ: 𝒴 ⟼ 𝔿 QΓ—\ p QΓ—[ s. t. , π›ͺ 𝐷 = 𝛍⨀π›₯ 𝐷 p 𝐷 ∈ β„’ ⟺ βˆƒπ› ∈ 𝕬 π‘ž hk : = 𝜷 = (𝛽 1 , … , 𝛽 π‘œ ) Ξ€ $ \ , hp ∢= 𝛿 𝐷 = π›₯ 𝐷 β¨€πœ· ∈ 𝔿 𝑙 p ← 𝕬 π‘ž p Hash (pp,hk, C ) ∢= π›ͺ 𝐷 β¨€πœ· , ProjHash (pp,hp, C ,w) ∢= 𝛍⨀ 𝛿 𝐷 π›ͺ 𝐷 β¨€πœ· = 𝛍⨀π›₯ 𝐷 β¨€πœ· = 𝛍⨀ 𝛿 𝐷

  29. A Generic Construction of Malleable SPHF p Generic Malleable SPHF via Graded Rings 8 = 𝛿 𝐷 ⨁π›₯ 𝐷 ⨀ 𝒔 p MaulK (pp,hp= 𝛿 𝐷 , 𝒔 * ) : hp * 8 = π›ͺ 𝐷 ⨀ 𝒔 p MaulH (pp,hp, 𝒔 * , C ) : hv * 8⨀π›₯ 𝐷 8 = π›ͺ 𝐷 ⨁ 𝛍 p ReranK (pp, C , π‘₯ * ) : 𝐷 8 = 𝛍 8 ⨀ 𝛿 𝐷 p ReranH (pp,hp, C , π‘₯ * ) : hv Theorem The above construction is a malleable SPHF if the follows hold: π›ͺ: 𝒴 ⟼ 𝔿 QΓ—\ is an identity function; β€’ π›₯: 𝒴 ⟼ 𝔿 [Γ—\ is a constant function; β€’ β€’ The hard subset membership holds. p Instantiation from the k -linear assumption

  30. Outline n Background n Cryptographic Reverse Firewall n Part I: Malleable Smooth Projective Hash Function n Part II: CRF Constructions Via Malleable SPHFs n Unkeyed Message Transmission Protocol n Oblivious Signature-Based Envelope Protocol n Oblivious Transfer Protocol n Conclusions and Future Work

  31. Message Transmission Protocol with CRFs p Message Transmission Protocol Input: pp, M Input: pp $ ← HashKG (pp) hk hp ← ProjKG (pp,hk) op $ ← SampYes (pp) ( C , w ) V = ProjHash (pp,hp, C,w ) CT = V ⨁ M q, qr M’ = CT ⊝ Hash (pp,hk, C ) M’ = M Hash (pp,hk, C ) = ProjHash (pp,hp, C,w )

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cryptanalysis, Reverse-Engineering and Design of Symmetric Cryptographic Algorithms Lo Perrin

Cryptanalysis, Reverse-Engineering and Design of Symmetric Cryptographic Algorithms Lo Perrin

Cryptanalysis, Reverse-Engineering and Design of Symmetric Cryptographic Algorithms Lo Perrin SnT, University of Luxembourg April 25, 2017 PhD Defence Introduction On S-Box Reverse-Engineering On Lightweight Cryptography Conclusion

1.76k views β€’ 137 slides
Sophos XG Firewall IP Partners ICT Systems & Services www.ippartners.gr XG Firewall

Sophos XG Firewall IP Partners ICT Systems & Services www.ippartners.gr XG Firewall

Sophos XG Firewall IP Partners ICT Systems & Services www.ippartners.gr XG Firewall Overview Todays top firewall problems What IT managers say about their existing firewall Firewall Satisfaction Survey (Spiceworks 2017) Top

548 views β€’ 52 slides
Cryptanalysis, Reverse-Engineering and Design of Symmetric Cryptographic Algorithms Lo Perrin

Cryptanalysis, Reverse-Engineering and Design of Symmetric Cryptographic Algorithms Lo Perrin

Cryptanalysis, Reverse-Engineering and Design of Symmetric Cryptographic Algorithms Lo Perrin CSC & SnT, University of Luxembourg CryptoLUX Team ; supervised by Alex Biryukov July 5th 2018 Introduction What is cryptography?

1.14k views β€’ 71 slides
Firewall and IDS/IPS What is a firewall? firewall = wall to protect against fire propagation

Firewall and IDS/IPS What is a firewall? firewall = wall to protect against fire propagation

Firewall and IDS/IPS What is a firewall? firewall = wall to protect against fire propagation controlled connection between networks at different security levels = boundary protection ( L1 > L2 ) network at network at security

1.07k views β€’ 67 slides
CASTER ASSEMBLY SCALE 1 : 1 DRAWN 1/26/2010 swaters A A CHECKED TITLE QA CASTER ASSEMBLY

CASTER ASSEMBLY SCALE 1 : 1 DRAWN 1/26/2010 swaters A A CHECKED TITLE QA CASTER ASSEMBLY

4 3 2 1 PARTS LIST ITEM QTY PART NUMBER MATERIAL 1 1 TOP PLATE MALLEABLE IRON 2 2 AXLE SUPPORT MALLEABLE IRON 3 1 AXLE SAE 1020 4 2 BUSHING BRONZE 5 1 WHEEL MALLEABLE IRON B B CASTER ASSEMBLY SCALE 1 : 1 DRAWN

434 views β€’ 7 slides
Malleable Proof Systems and Applications Melissa Chase (MSR Redmond) Markulf Kohlweiss (MSR

Malleable Proof Systems and Applications Melissa Chase (MSR Redmond) Markulf Kohlweiss (MSR

Malleable Proof Systems and Applications Melissa Chase (MSR Redmond) Markulf Kohlweiss (MSR Cambridge) Anna Lysyanskaya (Brown University) Sarah Meiklejohn (UC San Diego) 1 Non-malleable cryptography Twenty years ago, saw a strong emphasis on

1.6k views β€’ 145 slides
Non-Malleable Codes for Partial Functions with Manipulation Detection Aggelos Kiayias Feng-Hao

Non-Malleable Codes for Partial Functions with Manipulation Detection Aggelos Kiayias Feng-Hao

Non-Malleable Codes for Partial Functions with Manipulation Detection Aggelos Kiayias Feng-Hao Liu Yiannis Tselekounis Edin. & FAU CRYPTO 2018 Outline Introduction to non-malleable codes Adversarial model, motivation Results,

772 views β€’ 55 slides
Firewalls in FreeBSD and OpenBSD What is firewall? firewall is a method of protecting hosts

Firewalls in FreeBSD and OpenBSD What is firewall? firewall is a method of protecting hosts

Firewalls in FreeBSD and OpenBSD What is firewall? firewall is a method of protecting hosts and networks connected to other hosts and networks against attacks from the outside and from the inside. a firewall is a network security system

440 views β€’ 30 slides
Lane ESD Technology Services Core Firewall Overview Districts Behind Firewall Blachly

Lane ESD Technology Services Core Firewall Overview Districts Behind Firewall Blachly

Lane ESD Technology Services Core Firewall Overview Districts Behind Firewall Blachly Creswell Crow-Applegate-Lorane Fern Ridge Junction City Lowell Mapleton Screened, but exempt from policies Marcola

539 views β€’ 15 slides
Firewall vs. Scrambling 2 1 Review of Firewall argument Review of Hayden-Preskill 4 3

Firewall vs. Scrambling 2 1 Review of Firewall argument Review of Hayden-Preskill 4 3

Firewall vs. Scrambling 2 1 Review of Firewall argument Review of Hayden-Preskill 4 3 State-independent interior operators Interior operator from HP recovery 6 5 Resolution of the puzzle Effect of infalling observer 7 Discussions Beni

1.61k views β€’ 106 slides
FIREMAN: A Toolkit for FIREwall Modeling and ANalysis Michael Lin All about firewalls A

FIREMAN: A Toolkit for FIREwall Modeling and ANalysis Michael Lin All about firewalls A

FIREMAN: A Toolkit for FIREwall Modeling and ANalysis Michael Lin All about firewalls A firewall is only as good as its configuration Big deal, it should be easy to configure a firewall, right? Basically... no. A Quantitative

507 views β€’ 14 slides
CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools Cryptographic Tools Cryptographic algorithms important element in security services Review various types of elements symmetric encryption secure

1.27k views β€’ 23 slides
Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction to cryptographic protocols communication (various security goals) Bruno Blanchet use cryptographic primitives (e.g. encryption, hash function,

451 views β€’ 14 slides
Firewalls 1 Outline What are firewalls? Types of Firewalls Building a simple

Firewalls 1 Outline What are firewalls? Types of Firewalls Building a simple

Firewalls 1 Outline What are firewalls? Types of Firewalls Building a simple firewall using Netfilter Iptables firewall in Linux Stateful Firewall Application Firewall Evading Firewalls 2 Firewalls

811 views β€’ 55 slides
Cryptographic Logical Relations What is the contextual equivalence for cryptographic

Cryptographic Logical Relations What is the contextual equivalence for cryptographic

Cryptographic Logical Relations What is the contextual equivalence for cryptographic protocols and how to prove it? Yu ZHANG Including joint work with J. Goubault-Larrecq, D. Nowak and S. Lasota EVEREST, INRIA Sophia-Antipolis February

487 views β€’ 37 slides
Overview Firewall Security Perimeter Security Devices H/W vs. S/W Packet Filtering vs.

Overview Firewall Security Perimeter Security Devices H/W vs. S/W Packet Filtering vs.

Overview Firewall Security Perimeter Security Devices H/W vs. S/W Packet Filtering vs. Stateful Inspection Firewall Topologies Chapter 8 Firewall Rulebases Lecturer: Pei-yih Ting 1 2 Perimeter Security Devices Routers

291 views β€’ 7 slides
PIKA WARP VoIP F ir e wall Safe g uarding Yo ur Ne two rk www.voipon.co.uk

PIKA WARP VoIP F ir e wall Safe g uarding Yo ur Ne two rk www.voipon.co.uk

da te PIKA WARP VoIP F ir e wall Safe g uarding Yo ur Ne two rk www.voipon.co.uk sales@voipon.co.uk Tel: +44 (0)1245 808195 Fax: +44 (0)1245 808299 PIKA WARP VoIP F ir e wall Challe nge Pro viding e ffe c tive a nd a ffo rda b

351 views β€’ 7 slides
Tailored 685 Third Avenue Technologies LLC New York, NY 10017 Tel: (212) 503-6300 Date:

Tailored 685 Third Avenue Technologies LLC New York, NY 10017 Tel: (212) 503-6300 Date:

Tailored 685 Third Avenue Technologies LLC New York, NY 10017 Tel: (212) 503-6300 Date: December 18, 2018 To: The File of the Hugh L. Carey Battery Park City Authority From: Tailored Technologies, LLC Technology Observations and

291 views β€’ 6 slides
CSI F IREWALL S HIELD Complete protection for your VSE systems Only for TCP/IP FOR VSE from

CSI F IREWALL S HIELD Complete protection for your VSE systems Only for TCP/IP FOR VSE from

CSI F IREWALL S HIELD Complete protection for your VSE systems Only for TCP/IP FOR VSE from CSI International S Ken McMahon, Director Worldwide Sales Don Stoever, z/VSE Product Developer, CSI F IREWALL S HIELD October 15, 2014 New

332 views β€’ 11 slides
Transforming Security Policy Management April 11, 2019 1 Disclaimer This presentation contains

Transforming Security Policy Management April 11, 2019 1 Disclaimer This presentation contains

Transforming Security Policy Management April 11, 2019 1 Disclaimer This presentation contains forward-looking statements. All statements other than statements of historical fact contained in this presentation are forward-looking statements. In

324 views β€’ 28 slides
life cycle challenges Standards Certification Education & Training Publishing Conferences

life cycle challenges Standards Certification Education & Training Publishing Conferences

Managing your process control firewalls real world life cycle challenges Standards Certification Education & Training Publishing Conferences & Exhibits Presenter Tom Good BS Chemical Engineering Lehigh University 32

329 views β€’ 19 slides
DEVELOPMENT OF A COMPOSITE FIREWALL FOR MASS TRANSIT APPLICATIONS A. Komus 1 , S. Potter 2 *, Z.

DEVELOPMENT OF A COMPOSITE FIREWALL FOR MASS TRANSIT APPLICATIONS A. Komus 1 , S. Potter 2 *, Z.

18 TH INTERNATIONAL CONFERENCE ON COMPOSITE MATERIALS DEVELOPMENT OF A COMPOSITE FIREWALL FOR MASS TRANSIT APPLICATIONS A. Komus 1 , S. Potter 2 *, Z. Yu 1 , M. Townsley 1 1 Ground Transportation and Design Department, Composites Innovation

287 views β€’ 5 slides
H.323 NAT/firewall traversal A chance for APAN? 19 th APAN Meeting BoF on H.323 networking in

H.323 NAT/firewall traversal A chance for APAN? 19 th APAN Meeting BoF on H.323 networking in

H.323 NAT/firewall traversal A chance for APAN? 19 th APAN Meeting BoF on H.323 networking in APAN Bangkok, Thailand January 2005 K. Stoeckigt, kewin@acm.org Outline A brief intro to GnuGK What is it? What it does? some

690 views β€’ 23 slides
Getting Behind the Firewall: Accessing Restricted Public Data Bryan Beecher Director,

Getting Behind the Firewall: Accessing Restricted Public Data Bryan Beecher Director,

Getting Behind the Firewall: Accessing Restricted Public Data Bryan Beecher Director, Computing & Network Services Interuniversity Consortium for Political and Social Research Our World: Navigate, Search, and Download Or: Online

419 views β€’ 14 slides

More recommend