format tra ransform
play

Format - Tra ransform rming Encryption (more than meets the DPI) - PowerPoint PPT Presentation

Aug 14, 2022 •286 likes •805 views

Format - Tra ransform rming Encryption (more than meets the DPI) Tom om S Shrimpton on Florida Institute for Cybersecurity Research University of Florida Monday In-place encryption of CC database Encrypt 4417 1234 5678 9112 1234 5678

  1. Format - Tra ransform rming Encryption (more than meets the DPI) Tom om S Shrimpton on Florida Institute for Cybersecurity Research University of Florida

  2. Monday In-place encryption of CC database Encrypt 4417 1234 5678 9112 1234 5678 9876 5432 Today Circumvention of nation-state internet censorship “HTTP: … free+speech+democracy …” “Looks benign, let it pass”. ciphertext payload TCP/IP Encrypt Deep-packet inspection (DPI)

  3. Traditional encryption is ill-suited for these tasks key plaintext Encrypt ciphertext Natively, plaintexts are bit strings Traditional security goal: (not 16-digit decimal strings) make ciphertexts indistinguishable from random bit strings (not well-formatted HTTP messages or CC #s) 3

  4. ming Encryption Format- Transformi (inspired by Bellare et al. “Format-Preserving Encryption”) key plaintext FTE ciphertext (“helper info”) plaintext format in the specified ciphertext format format (“target”) A format is a set. FTE is like traditional encryption, with the extra operational requirement that ciphertexts abide by the ciphertext format 4

  5. Flexibility is “baked in” to the syntax key plaintext FTE ciphertext (“helper info”) plaintext format ciphertext format (“target”) To change the “look” of ciphertexts, just change the ciphertext format . The system doesn’t (necessarily) need to change. 5

  6. Let’s consider the censorship-circumvention setting DPI TCP/IP FTE ciphertext payload FTE 6

  7. In this setting, shouldn’t assume anything about plaintext formats… key plaintext FTE ciphertext (“helper info”) {0,1}* ciphertext format (“target”) TCP/IP ciphertext payload FTE 7

  8. … so let’s focus on this simpler API key plaintext FTE ciphertext ciphertext format (“target”) TCP/IP ciphertext payload FTE 8

  9. Our goal: to cause real DPI systems to reliably misclassify plaintext traffic for example, HTTP misclassified as FTP “This is an FTP message.” TCP/IP ciphertext payload FTE “FTP” ciphertext format 9

  10. Our goal: to cause real DPI systems to reliably misclassify our (plaintext) traffic as whatever protocol we want TCP/IP ciphertext payload FTE arbitrary ciphertext format (while still having good throughput, low latency…)

  11. “This is an _____ message.” We wondered: How do real DPI devices determine to what protocol a message belongs? System Classification Tool Price appid free l7-filter free YAF free bro free nProbe ~300 Euros DPI-X ~$10K Enterprise grade DPI, well-known company 11

  12. “This is an _____ message.” We wondered: How do real DPI devices determine to what protocol a message belongs? System Classification Tool Price appid Regular expressions free l7-filter Regular expressions free Regular expressions YAF free (sometimes hierarchical) Simple regular expression triage, bro free then additional parsing and heuristics nProbe Parsing and heuristics (many of them “ regular ”) ~300 Euros DPI-X ??? ~$10K Regular langauges/expressions figure heavily in state-of-the-art DPI classification tools 12

  13. Regular-expression-based FTE key plaintext FTE ciphertext in L(R) regex R Regex defines the ciphertext format L(R) How should we realize regex-based FTE? Cryptographic protection for the plaintext We want: Ciphertexts in L(R) 13

  14. Realizing regex-based FTE key encryption plaintext ciphertext in L(R) regex R How should we realize regex-based FTE? Cryptographic protection for the plaintext We want: Ciphertexts in L(R) 14

  15. Ranking a Regular Language [Goldberg, Sipser ’85] [Bellare et al. ’09] rank(x i )=i x i Let L(R) be lexicographically ordered x 0 < x 1 < … < x i < … < x |L(R)-1| L(R) unrank(2)=x 2 x 2 0 1 2 i |L(R)|-1 Given a DFA for L(R), there are efficient algorithms rank: L(R) {0,1,…,|L(R)|-1} With precomputed tables, unrank: {0,1,…,|L(R)|-1} L(R) rank, unrank are O (n) such that rank( unrank(i) ) = i and unrank( rank(x i ) ) = x i 15

  16. Realizing regex-based FTE Intermediate ciphertext, interpreted as an integer n… …outputs n th string in lexicographic ordering of L(R) key encryption plaintext ciphertext in L(R) unrank regex R regex-to-DFA 16

  17. Now all we need are good regular expressions key regex-based plaintext a string in L(R) FTE regex R We considered three options : 1. If the DPI is open source (appid, l7-filter, YAF), try to extract them , directly! 2. Build them manually , using RFCs and (when possible) DPI source code. 3. Learn them from traffic that was allowed by the DPI. 17

  18. Use case: Browsing the web through an FTE tunnel FTE “wins” if the DPI classifies the stream it sees as the target protocol Internet FTE proxy FTE client R target R target FTE ciphertexts regular expressions for HTTP, SSH, SMB, … messages Using each “target” format, we visited each of the Top 50 websites five times. 18

  19. Punchline: regex-based FTE can make real DPI say whatever we want it to ~100% of the time. “Help!” input protocol input protocol stream stream FTE proxy FTE client R target R target 19

  20. Browser experience Browser experience through FTE tunnel ≈ through SSH tunnel FTE library is open-source, runs on multiple platforms/OS, and is fully integrated with major circumvention efforts Eric Schmidt gave us a sizable unsolicited research gift

  21. A field test… Without FTE tunnel , we tried Facebook, YouTube, Tor website, banned search queries… With FTE tunnel , we tried Facebook, YouTube, Tor website, banned search queries… FTE client Internet FTE proxy Used FTE to download Tor bundle: Tor without FTE : “active blacklisting” attack on proxy Tor through FTE : no problems Ran various tests every 5 minutes for one month, no sign of detection in logs. (We shut it down after that.) 21

  22. What about in-place encryption of CC database? key regex-based 1234 5678 9876 5432 4417 1234 5678 9112 FTE regex for language of 16-decimal digit CC #s 22

  23. Not quite handled by “simpler” FTE construction key encryption 4417 1234 5678 9112 1234 5678 9876 5432 unrank CC# regex regex-to-DFA 1) valid 16-digit number in, valid 16-digit number out |plaintext language| = |ciphertext language| 2) conventional encryption takes bit strings as input encoding of valid 16-digit strings into bitstrings expands the effective plaintext space 3) conventional encryption has ciphertext stretch can have exponential number of AE ciphertexts that cannot be unranked!

  24. Recall the full FTE API… key plaintext FTE ciphertext (“helper info”) plaintext format ciphertext format 24

  25. “rank-encrypt-unrank” FTE construction (generalization of Bellare et al. SAC’09) key ptxt encrypt in L(R1) rank ctxt unrank in L(R2) ptxt regex regex-to-DFA R1 ctxt regex regex-to-DFA R2 ranking provides optimal compression of L(R) 25

  26. “rank-encrypt-unrank” FTE construction key ptxt encrypt in L(R1) rank ctxt unrank in L(R2) ptxt regex regex-to-DFA R1 ctxt regex regex-to-DFA R2 Great potential… but developers face many hard questions: -- Can I even use R1 and R2 together? (Requires |L(R1)| ≤ |L(R2)|) -- Should “encrypt” be deterministic (i.e. a cipher) or can I use traditional encryption? -- Will both R1 and R2 admit time/space efficient implementations of (un)ranking? -- … 26

  27. The space/memory issue key ptxt encrypt rank ctxt unrank regex regex-to-DFA R1 regex regex-to-DFA R2 unranking requires space linear in the size of the DFA , For some regular expressions, this works out just fine… regex NFA DFA 27

  28. The space/memory issue key ptxt encrypt rank ctxt unrank regex regex-to-DFA R1 regex regex-to-DFA R2 unranking requires space linear in the size of the DFA , NFA DFA …for others, you can have an exponential space blow-up regex 28

  29. The space/memory issue key ptxt encrypt rank ctxt unrank regex regex-to- NFA R1 regex regex-to- NFA R2 Wanted : efficient (un)ranking methods that work directly from the NFA representation regex NFA DFA Problem : (un)ranking from NFAs (or directly from a regex) is PSPACE-complete 29

  30. relaxed rank-encrypt-unrank FTE construction key ptxt relaxed encrypt relaxed rank ctxt unrank regex regex-to- NFA R1 regex regex-to- NFA R2 Wanted : efficient (un)ranking methods that work directly from the NFA representation regex NFA DFA Problem : (un)ranking from NFAs (or directly from a regex) is PSPACE-complete We side-step this by developing a new “relaxed ranking” algorithm 30

  31. Ranking of a language from a DFA L(R) I 1-1 correspondence between strings and accepting paths + efficient alg. for 1-1 mapping between paths and integers x i rank(x i )=i and unrank(i)=x i p original intermediate representation representation (strings) (accepting DFA paths) | I |-1 =|L(R)|-1 0 1 2 i 31

  32. deterministic “Rank” rank encrypt unrank R regex-to-DFA R regex-to-DFA L(R) I x i p original intermediate Enc K (i) representation representation (strings) (accepting DFA paths) c | I |-1 =|L(R)|-1 0 1 2 i encrypt and decrypt are done over this set 32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Trans ransform forming B ng Bus usines ness Proces rocesses s in H n Higher gher Educa

Trans ransform forming B ng Bus usines ness Proces rocesses s in H n Higher gher Educa

ULEAD N D Nov ovember 2 2018 Trans ransform forming B ng Bus usines ness Proces rocesses s in H n Higher gher Educa Educati tion on Kauline Cipriani, PhD Assistant Dean for Inclusive Excellence Associate Professor Public Health

616 views • 20 slides
T RANSFORM THE F UTURE : A DVANCING H EALTH E QUITY FOR THE N EW M AJORITY Brian D. Smedley, Ph.D.

T RANSFORM THE F UTURE : A DVANCING H EALTH E QUITY FOR THE N EW M AJORITY Brian D. Smedley, Ph.D.

D ISRUPTING THE C ONVERSATION TO T RANSFORM THE F UTURE : A DVANCING H EALTH E QUITY FOR THE N EW M AJORITY Brian D. Smedley, Ph.D. National Collaborative for Health Equity www.nationalcollaborative.org Health Inequalities and Their Causes

356 views • 23 slides
SMART S tony-brook M illstone: A dvocate, R epair, T ransform Carolyn Wagner, Anna Pimenta, Kate

SMART S tony-brook M illstone: A dvocate, R epair, T ransform Carolyn Wagner, Anna Pimenta, Kate

SMART S tony-brook M illstone: A dvocate, R epair, T ransform Carolyn Wagner, Anna Pimenta, Kate Norris Mission Statement The Stony Brook Millstone Watershed is an important watershed in central New Jersey. The goal of SMART is to improve the

579 views • 12 slides
, f m . . F , f = .

, f m . . F , f = .

Lesson 4 F AST F OURIER T RANSFORM We want to reinvestigate to the computation of , f m . . F , f = . , f m The DFT is an O algorithm, we instead want an

412 views • 40 slides
Strategic Issues for Binary/File Format ILDG4 May 21 2004, T.Yoshie CCS,Tsukuna Definition

Strategic Issues for Binary/File Format ILDG4 May 21 2004, T.Yoshie CCS,Tsukuna Definition

Strategic Issues for Binary/File Format ILDG4 May 21 2004, T.Yoshie CCS,Tsukuna Definition binary format: array format of config. U(3,3,X,,,) numerical format (precision,IEEE,byte-order) file format: format of a file

88 views • 8 slides
f k k = k , f k f ( ) k = k

f k k = k , f k f ( ) k = k

Lesson 4 D ISCRETE F OURIER T RANSFORM We saw last lecture that Fourier series can be thought of as a projection onto the complex exponentials, using the continuous 2 inner product: f k k = k ,

437 views • 31 slides
How AR and VR are changing the way we build cities Format The format will be 4-5 Blog that will

How AR and VR are changing the way we build cities Format The format will be 4-5 Blog that will

How AR and VR are changing the way we build cities Format The format will be 4-5 Blog that will also be supplemented with interviews that will be highlighting the questions asked below. The posts will be the reactions to interview and will also

334 views • 6 slides
THE ELF OBJECT FILE FORMAT PROGRAM EXECUTION gcc/cc output an executable in the ELF format

THE ELF OBJECT FILE FORMAT PROGRAM EXECUTION gcc/cc output an executable in the ELF format

THE ELF OBJECT FILE FORMAT PROGRAM EXECUTION gcc/cc output an executable in the ELF format (Linux) Executable and Linkable Format Standard unified binary format for: Relocatable object files (.o), Shared object files (.so)

421 views • 16 slides
Alternative Work and click on the Picture Tools Format tab. In the Format ribbon,

Alternative Work and click on the Picture Tools Format tab. In the Format ribbon,

Disability Risk and Alternative Work and click on the Picture Tools Format tab. In the Format ribbon, select Change Picture. Arrangements Nicholas Broten Michael Dworsky David Powell August 1, 2018 C ENTER for D ISABILITY R

851 views • 28 slides
RTP Payload Format for DV (IEC 61834) Video draft-kobayashi-avt-rfc3189-bis-00.txt Kazuhiro

RTP Payload Format for DV (IEC 61834) Video draft-kobayashi-avt-rfc3189-bis-00.txt Kazuhiro

RTP Payload Format for DV (IEC 61834) Video draft-kobayashi-avt-rfc3189-bis-00.txt Kazuhiro Mishima Keio University &lt;three@wide.ad.jp&gt; Background New SMPTE 370M format HD professional encoding format DVCPRO HD 100Mbps

299 views • 5 slides
Ieee Paper Format For Paper Presentation 1 / 4 2 / 4 Ieee Paper Format For Paper Presentation 3

Ieee Paper Format For Paper Presentation 1 / 4 2 / 4 Ieee Paper Format For Paper Presentation 3

Ieee Paper Format For Paper Presentation 1 / 4 2 / 4 Ieee Paper Format For Paper Presentation 3 / 4 Get FREE study materials and notes shared by the faculty and students of aamec-anjalai ammal mahalingam engineering college. Download for

201 views • 4 slides
CS4405 JPEG File Format JPEG Lifecycle Container format required JFIF JPEG File

CS4405 JPEG File Format JPEG Lifecycle Container format required JFIF JPEG File

CS4405 JPEG File Format JPEG Lifecycle Container format required JFIF JPEG File Interchange Format is a minimal file format which enables JPEG bitstreams to be exchanged

344 views • 6 slides
History of Format String Attacks Format String Attacks

History of Format String Attacks Format String Attacks

History of Format String Attacks Format String Attacks First noted in 1990 as a result of fuzz testing on csh First used as an attack

488 views • 28 slides
Materials Testing Materials Testing 3 rd December 2004 FORMAT FORMAT 1. Introduction GH 2.

Materials Testing Materials Testing 3 rd December 2004 FORMAT FORMAT 1. Introduction GH 2.

Materials Testing Materials Testing 3 rd December 2004 FORMAT FORMAT 1. Introduction GH 2. Business Model GH 3. Financial/ KPIs GH 4. Services/ Markets/ Competition a) Materials TDS b) Health Sciences DC c) Engineering &amp;

825 views • 65 slides
Geno2pheno[coreceptor] 3 Geno2pheno[454] Geno2pheno[454] fasta-format sff-, or fasta-format

Geno2pheno[coreceptor] 3 Geno2pheno[454] Geno2pheno[454] fasta-format sff-, or fasta-format

geno2pheno [454] Coreceptor usage prediction with massively parallel sequencing Alexander Thielen 2 Geno2pheno[coreceptor] 3 Geno2pheno[454] Geno2pheno[454] fasta-format sff-, or fasta-format .g2p-file 4 454 website

623 views • 11 slides
Format String Vulnerabilities Most slides courtesy Wenliang Du @ Syracuse Univ. (with

Format String Vulnerabilities Most slides courtesy Wenliang Du @ Syracuse Univ. (with

Format String Vulnerabilities Most slides courtesy Wenliang Du @ Syracuse Univ. (with modifications) Outline Format String Access optional arguments How printf() works Format string attack How to exploit the

798 views • 35 slides
Exposing and Evading Middlebox Policies DAVID CHOFFNES Middleboxes are pervasive In-network

Exposing and Evading Middlebox Policies DAVID CHOFFNES Middleboxes are pervasive In-network

Exposing and Evading Middlebox Policies DAVID CHOFFNES Middleboxes are pervasive In-network functionality can be really helpful Security (IPS) Performance (proxies) Fairness (traffic management) 2 Middleboxes are pervasive

617 views • 37 slides
T h e PY T H I A E ve n t G e n e r a to r P e t e r S k a n d s ( C E R N ) LHC is a QCD

T h e PY T H I A E ve n t G e n e r a to r P e t e r S k a n d s ( C E R N ) LHC is a QCD

TO O L S 2 0 1 2 , S t o c k h o l m , J u n e 2 0 1 2 T h e PY T H I A E ve n t G e n e r a to r P e t e r S k a n d s ( C E R N ) LHC is a QCD Machine Hard processes initiated by partons (quarks &amp; gluons) Associated with

1.04k views • 83 slides
Verifying That Web Pages Have Accessible Layout Pavel Panchekha , Adam T. Geller, Michael D.

Verifying That Web Pages Have Accessible Layout Pavel Panchekha , Adam T. Geller, Michael D.

Verifying That Web Pages Have Accessible Layout Pavel Panchekha , Adam T. Geller, Michael D. Ernst, Zachary Tatlock, Shoaib Kamil This Work: Automated Veri fi cation for Web Page Layout 3.6M lines 66% 17% 9% 7% Backend Layout Script

745 views • 41 slides
Improving Offset Assignment through Simultaneous Variable Coalescing Desiree Ottoni, Guido Araujo

Improving Offset Assignment through Simultaneous Variable Coalescing Desiree Ottoni, Guido Araujo

7th International Workshop on Software and Compilers for Embedded Systems - SCOPES 2003 Improving Offset Assignment through Simultaneous Variable Coalescing Desiree Ottoni, Guido Araujo {desiree.ottoni | guido}@ic.unicamp.br Guilherme Ottoni

270 views • 12 slides
Differential Pumping with an Insert of a Narrow Aperture in the PIP2IT MBET Alex Chen on behalf

Differential Pumping with an Insert of a Narrow Aperture in the PIP2IT MBET Alex Chen on behalf

Differential Pumping with an Insert of a Narrow Aperture in the PIP2IT MBET Alex Chen on behalf of the PIP2IT task force: Outline Motivation and Layout MEBT of Absorber to HWR(DP section) Function Requirement Design of DPI

714 views • 27 slides
New Encryp+on Primi+ves for Uncertain Times Thomas Ristenpart

New Encryp+on Primi+ves for Uncertain Times Thomas Ristenpart

New Encryp+on Primi+ves for Uncertain Times Thomas Ristenpart University of Wisconsin Covering joint work with: Sco@ Coull, Kevin Dyer, Ari Juels,

751 views • 54 slides
Stanford CS193p Developing Applications for iOS Fall 2017-18 CS193p Fall 2017-18 Today Drag and

Stanford CS193p Developing Applications for iOS Fall 2017-18 CS193p Fall 2017-18 Today Drag and

Stanford CS193p Developing Applications for iOS Fall 2017-18 CS193p Fall 2017-18 Today Drag and Drop Transferring information around within and between apps. EmojiArt Demo Drag and drop an image to get our EmojiArt masterpieces started.

959 views • 74 slides
http://www.ncas.ac.uk Questions Do we have a simple picture of urban canopy turbulence?

http://www.ncas.ac.uk Questions Do we have a simple picture of urban canopy turbulence?

Probing urban canopy dynamics using direct numerical simulations (DNS) O. Coceal 1a , T.G. Thomas 2 &amp; S.E. Belcher 1 1 Department of Meteorology, University of Reading, UK, 2 School of Engineering Sciences, University of Southampton, UK a Email:

167 views • 14 slides

More recommend