forward secrecy on pop
play

Forward-secrecy on POP Arthur Villard School of Computer and - PowerPoint PPT Presentation

Nov 14, 2022 •171 likes •487 views

Forward-secrecy on POP Arthur Villard School of Computer and Communication Sciences Decentralized and Distributed Systems lab Master Thesis September 2017 Responsible Supervisor Prof. Bryan Ford Prof. Ewa Syta Linus Gasser EPFL / DEDIS

  1. Forward-secrecy on POP Arthur Villard School of Computer and Communication Sciences Decentralized and Distributed Systems lab Master Thesis – September 2017 Responsible Supervisor Prof. Bryan Ford Prof. Ewa Syta Linus Gasser EPFL / DEDIS Trinity College EPFL / DEDIS

  2. Context ● O n l i n e c o l l a b o r a t i v e s e r v i c e ( e . g . W i k i p e d i a ) ● Authenticate users anonymously against a list ● Link authentication attempts ● Other example: e-voting 2 Arthur Villard - Master Thesis DEDIS 12/02/2018

  3. Overview ● Introduction ● PoP and DAGA interaction ● Implementing DAGA ● Improving DAGA ● Conclusion & Future work 3 Arthur Villard - Master Thesis DEDIS 12/02/2018

  4. Overview ● Introduction ● PoP and DAGA interaction ● Implementing DAGA ● Improving DAGA ● Conclusion & Future work 4 Arthur Villard - Master Thesis DEDIS 12/02/2018

  5. Introduction | PoP and DAGA interaction | Implementing DAGA | Improving DAGA | Conclusion Frameworks ● PoP: P r o o f o f P e r s o n h o o d – DEDIS ➔ C r e a t i o n o f t h e u s e r l i s t ➔ Authentication protocol ➔ Anonymity within the group ➔ No forward-secrecy ● DAGA: Deniable Anonymous Group Authentication – Ewa Syta ➔ Authentication protocol ➔ Forward-secrecy 5 Arthur Villard - Master Thesis DEDIS 12/02/2018

  6. Introduction | PoP and DAGA interaction | Implementing DAGA | Improving DAGA | Conclusion Goals ● Using DAGA as PoP’s authentication protocol ● Implementing DAGA in Go ● Improving DAGA 6 Arthur Villard - Master Thesis DEDIS 12/02/2018

  7. Introduction | PoP and DAGA interaction | Implementing DAGA | Improving DAGA | Conclusion Key concepts ● Anonymity ➔ No information about the user is known ● Accountability ➔ The sender can be held responsible for his action ● Linkability ➔ Two messages come from the same user ● F o r w a r d - s e c r e c y ➔ Breaking a session does not break the previous ones 7 Arthur Villard - Master Thesis DEDIS 12/02/2018

  8. Overview ● Introduction ● PoP and DAGA interaction ● Implementing DAGA ● Improving DAGA ● Conclusion & Future work 8 Arthur Villard - Master Thesis DEDIS 12/02/2018

  9. Introduction | PoP and DAGA interaction | Implementing DAGA | Improving DAGA | Conclusion Integration 9 Arthur Villard - Master Thesis DEDIS 12/02/2018

  10. Introduction | PoP and DAGA interaction | Implementing DAGA | Improving DAGA | Conclusion PoP: How it works 10 Arthur Villard - Master Thesis DEDIS 12/02/2018

  11. Introduction | PoP and DAGA interaction | Implementing DAGA | Improving DAGA | Conclusion PoP: Weaknesses ● No forward-secrecy ➔ Tag derived from private key ➔ Leakage allows to identify the user in previous sessions ● Cross-service de-anonymisation ➔ Tags independent from the service ➔ Users can be tracked between different services  Loss of anonymity 11 Arthur Villard - Master Thesis DEDIS 12/02/2018

  12. Introduction | PoP and DAGA interaction | Implementing DAGA | Improving DAGA | Conclusion DAGA: How it works Request generation Compute Proof generation initial tag User s f R o e o q r P e u R e g + s n e t e q g c l a u l a h e t a h s e C l t g l e a n Context k g n e i L DAGA servers Distributed randomness 12 Arthur Villard - Master Thesis DEDIS 12/02/2018

  13. Introduction | PoP and DAGA interaction | Implementing DAGA | Improving DAGA | Conclusion DAGA solutions ● Forward-secrecy ➔ Tags derived from context elements only ➔ Private key used in client proof ➔ Proof does not leak information ● Cross-service de-anonymisation ➔ Different services  Different contexts  Different tags for the same user 13 Arthur Villard - Master Thesis DEDIS 12/02/2018

  14. Introduction | PoP and DAGA interaction | Implementing DAGA | Improving DAGA | Conclusion Conclusion ● DAGA can solve PoP weaknesses ● DAGA and PoP can be interfaced ● E-voting 14 Arthur Villard - Master Thesis DEDIS 12/02/2018

  15. Overview ● Introduction ● PoP and DAGA interaction ● Implementing DAGA ● Improving DAGA ● Conclusion & Future work 15 Arthur Villard - Master Thesis DEDIS 12/02/2018

  16. Introduction | PoP and DAGA interaction | Implementing DAGA | Improving DAGA | Conclusion Implementation ● Go m ( ∏ m s k ) ● RSA  Elliptic Curves i =( ∏ i = h i T 0 s k )∗ H i T 0  k = 1 k = 1 ● Distributed randomness 16 Arthur Villard - Master Thesis DEDIS 12/02/2018

  17. Introduction | PoP and DAGA interaction | Implementing DAGA | Improving DAGA | Conclusion Code results ● Library: Complete implementation ● Test coverage 88% ● Example scenario ● Benchmark package 17 Arthur Villard - Master Thesis DEDIS 12/02/2018

  18. Introduction | PoP and DAGA interaction | Implementing DAGA | Improving DAGA | Conclusion Benchmarks: Communication Setup: Setup: Windows 10 ● Ubuntu 12.04 ● x86-64 ● x86-64 ● 1 thread ● 1 thread ● @4,5GHz ● No improvement ● No explanation yet 18 Arthur Villard - Master Thesis DEDIS 12/02/2018

  19. Introduction | PoP and DAGA interaction | Implementing DAGA | Improving DAGA | Conclusion Benchmarks: Time Setup: Setup: Windows 10 ● Ubuntu 12.04 ● x86-64 ● x86-64 ● 1 thread ● 1 thread ● @4,5GHz 15 000 s 1 000 s 32768 members / 32 servers /15 ● Moore’s law 2012  2018: ~ /8 from hardware ● Elliptic Curves 19 Arthur Villard - Master Thesis DEDIS 12/02/2018

  20. Introduction | PoP and DAGA interaction | Implementing DAGA | Improving DAGA | Conclusion Conclusion ● Complete implementation ● Time improvement ● Next step: Integrate it with PoP 20 Arthur Villard - Master Thesis DEDIS 12/02/2018

  21. Overview ● I n t r o d u c t i o n ● PoP and DAGA interaction ● Implementing DAGA ● Improving DAGA ● Conclusion & Future work 21 Arthur Villard - Master Thesis DEDIS 12/02/2018

  22. Introduction | PoP and DAGA interaction | Implementing DAGA | Improving DAGA | Conclusion Proof problem Request generation Compute Proof generation initial tag User s f R o e o q r P e u R e g + s n e t e q g c l a u l a h e t a h s e C l t g l e a n Context k g n e i L DAGA servers Distributed randomness 22 Arthur Villard - Master Thesis DEDIS 12/02/2018

  23. Introduction | PoP and DAGA interaction | Implementing DAGA | Improving DAGA | Conclusion Proof problem ● Anonymity through a client OR proof: ➔ I know (private key 1 OR private key 2 OR … ) ● Growth , n = #members O ( 6 ∗ n ) ➔ 32768 members / 32 servers ● Proof ~6,3 MB, total cost ~200 MB  ~20% of total 23 Arthur Villard - Master Thesis DEDIS 12/02/2018

  24. Introduction | PoP and DAGA interaction | Implementing DAGA | Improving DAGA | Conclusion Improving the proof ● Work with Kasra Edalatnejadkhamene, PhD student ● Survey of the field ● Split the proof ➔ Proof of membership: Accumulator ➔ Proof of knowledge: Signature of knowledge ● No concrete scheme 24 Arthur Villard - Master Thesis DEDIS 12/02/2018

  25. Overview ● Introduction ● PoP and DAGA interaction ● Implementing DAGA ● Improving DAGA ● Conclusion & Future work 25 Arthur Villard - Master Thesis DEDIS 12/02/2018

  26. Introduction | PoP and DAGA interaction | Implementing DAGA | Improving DAGA | Conclusion Conclusion & Future work ● DAGA and PoP can work together ● Complete Go implementation of DAGA ● Improvement guidelines for the proof ● Next steps ➔ Integrate DAGA and PoP ➔ Optimize network consumption ➔ Continue the work on the proof ➔ Improve implementation resistance (secure memory management, constant-time, … ) 26 Arthur Villard - Master Thesis DEDIS 12/02/2018

  27. Distributed randomness 27 Arthur Villard - Master Thesis DEDIS 12/02/2018

  28. Context ● User public keys (#members) ● Server public keys (#servers) ● Server random commitments (#servers) ● Client random generators (#members) 28 Arthur Villard - Master Thesis DEDIS 12/02/2018

  29. Accumulator ● Accumulators from Bilinear Pairings and Applications L. Nguyen, 2005 ● Adjustments: ➔ Trusted setup ➔ Bounded ➔ Efficiency based on trusted authority 29 Arthur Villard - Master Thesis DEDIS 12/02/2018

  30. Ring signature ● How to Leak a Secret , R. Rivest, A. Shamir and Y. Tauman 30 Arthur Villard - Master Thesis DEDIS 12/02/2018

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Onetime Encryption Perfect Secrecy Perfect secrecy : m, m M K 0 1 2 3 M

Onetime Encryption Perfect Secrecy Perfect secrecy : m, m M K 0 1 2 3 M

Defining Encryption (ctd.) Lecture 3 SIM & IND security Beyond One-Time: CPA security Computational Indistinguishability Recall Onetime Encryption Perfect Secrecy Perfect secrecy : m, m M K 0 1 2 3 M {Enc(m,K)} K KeyGen

1.45k views • 98 slides
Onetime Encryption Perfect Secrecy Perfect secrecy : m, m M K 0 1 2 3 M

Onetime Encryption Perfect Secrecy Perfect secrecy : m, m M K 0 1 2 3 M

Defining Encryption (ctd.) Lecture 3 SIM & IND security Beyond One-Time: CPA security Computational Indistinguishability Recall Onetime Encryption Perfect Secrecy Perfect secrecy : m, m M K 0 1 2 3 M {Enc(m,K)} K KeyGen

619 views • 20 slides
Shannons Theory of Secrecy Systems See: C. E. Shannon, Communication Theory of Secrecy Systems

Shannons Theory of Secrecy Systems See: C. E. Shannon, Communication Theory of Secrecy Systems

Shannons Theory of Secrecy Systems See: C. E. Shannon, Communication Theory of Secrecy Systems , Bell Systems Technical Journal, Vol. 28, pp. 656715, 1948. Eli Biham - May 3, 2005 c 54 Shannons Theory of Secrecy Systems (2)

584 views • 14 slides
Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice David Adrian, Karthikeyan

Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice David Adrian, Karthikeyan

Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thom e, Luke Valenta, Benjamin

1.01k views • 34 slides
The LOGJAM attack Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice David Adrian,

The LOGJAM attack Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice David Adrian,

The LOGJAM attack Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thom e, Luke

674 views • 45 slides
Session 13 Secrecy, Power, and Anthropology Lecture Points: Anthropology as a Science of

Session 13 Secrecy, Power, and Anthropology Lecture Points: Anthropology as a Science of

Session 13 Secrecy, Power, and Anthropology Lecture Points: Anthropology as a Science of Secrecy Paradigms of Secrecy Max Weber: The Official (Office) Secret Michael Taussig: The Public Secret Franz Boas: The Secret is

296 views • 15 slides
Uses of Cryptography What can we use cryptography for? Lots of things Secrecy

Uses of Cryptography What can we use cryptography for? Lots of things Secrecy

Uses of Cryptography What can we use cryptography for? Lots of things Secrecy Authentication Prevention of alteration Lecture 4 Page 1 CS 236 Online Cryptography and Secrecy Pretty obvious Only those knowing the

303 views • 15 slides
0-RTT Key Establishment with Full Forward Secrecy Felix Gnther 1 Britta Hale 2 Tibor Jager 3

0-RTT Key Establishment with Full Forward Secrecy Felix Gnther 1 Britta Hale 2 Tibor Jager 3

0-RTT Key Establishment with Full Forward Secrecy Felix Gnther 1 Britta Hale 2 Tibor Jager 3 Sebastian Lauer 4 1 Technischen Universitt Darmstadt 2 NTNU Norwegian University of Science and Technology 3 Paderborn University 4 Ruhr-Universitt

702 views • 51 slides
Applied Cryptography Lecture 1 Applied Cryptography Lecture 1 Our first encounter with secrecy:

Applied Cryptography Lecture 1 Applied Cryptography Lecture 1 Our first encounter with secrecy:

Applied Cryptography Lecture 1 Applied Cryptography Lecture 1 Our first encounter with secrecy: Secret-Sharing Secrecy Secrecy Cryptography is all about controlling access to information Access to learning and/or influencing

2.01k views • 171 slides
Introduction to the Bank Secrecy Act (BSA 101) Presented by Lynn English Lafayette Federal

Introduction to the Bank Secrecy Act (BSA 101) Presented by Lynn English Lafayette Federal

Introduction to the Bank Secrecy Act (BSA 101) Presented by Lynn English Lafayette Federal Credit Union Key Takeaways After this webinar, participants should be able to understand why the Bank Secrecy Act exists Identify the

1.11k views • 51 slides
Timed Spi-Calculus with Types for Secrecy and Authenticity Christian Haack Alan Jeffrey CTI,

Timed Spi-Calculus with Types for Secrecy and Authenticity Christian Haack Alan Jeffrey CTI,

Timed Spi-Calculus with Types for Secrecy and Authenticity Christian Haack Alan Jeffrey CTI, DePaul University Bell Labs, Lucent Technology fpl.cs.depaul.edu/chaack fpl.cs.depaul.edu/ajeffrey Timed Spi-Calculus with Types for Secrecy and

722 views • 45 slides
Cryptography Mohammad Mahmoody Last time Secrecy based on (unproven) computational

Cryptography Mohammad Mahmoody Last time Secrecy based on (unproven) computational

Special Topics in Cryptography Mohammad Mahmoody Last time Secrecy based on (unproven) computational assumptions Pseudorandom generators How to encrypt longer messages in an ind-secure way using a PRG Today How to make PRGs

501 views • 16 slides
Merkles Puzzles See: Merkle, Secrecy, Authentication, and Public Key Systems , UMI Research

Merkles Puzzles See: Merkle, Secrecy, Authentication, and Public Key Systems , UMI Research

Merkles Puzzles See: Merkle, Secrecy, Authentication, and Public Key Systems , UMI Research press, 1982 Merkle, Secure Communications Over Insecure Channels , CACM, Vol. 21, No. 4, pp. 294-299, April 1978 Eli Biham - May 3, 2005 c 206

372 views • 14 slides
What happens after patient harm? Why one family from Kansas is fighting to stop the secrecy and

What happens after patient harm? Why one family from Kansas is fighting to stop the secrecy and

What happens after patient harm? Why one family from Kansas is fighting to stop the secrecy and start conversations. Melissa Clarkson clarkson_melissa@yahoo.com What happens after patient harm? 1. My familys story 2. Responding to

608 views • 48 slides
Introduction to DB Security Secrecy: Users should not be able to see things they are not

Introduction to DB Security Secrecy: Users should not be able to see things they are not

Introduction to DB Security Secrecy: Users should not be able to see things they are not supposed to. Security E.g., A student cant see other students grades. Integrity: Users should not be able to modify things they are not

424 views • 3 slides
MOVING FROM SECRECY TO OPEN GOVERNANCE The Center to Combat Corruption and Cronyism clean

MOVING FROM SECRECY TO OPEN GOVERNANCE The Center to Combat Corruption and Cronyism clean

POSITION PAPER ON THE OFFICIAL SECRETS ACT REPEAL, REVIEW OR STAY? MOVING FROM SECRECY TO OPEN GOVERNANCE The Center to Combat Corruption and Cronyism clean conscious competent credible CONTENT BREAKING DOWN THE OSA THE OSA AND FREEDOM

352 views • 11 slides
Creating Your Problem of Practice Presentation A Guide for SPFPFS Subrecipients Matt

Creating Your Problem of Practice Presentation A Guide for SPFPFS Subrecipients Matt

3/15/2017 Creating Your Problem of Practice Presentation A Guide for SPFPFS Subrecipients Matt Courser and Lezlee Ware March 2017 Your Presenters Matt Courser Lezlee Ware 1 3/15/2017 Introduction and Purpose This webinar

370 views • 9 slides
PRESENTATION BY PROFESSOR TREVOR MUNROE, CD, DPhil (Oxon) TO THE STAFF OF THE DEPARTMENT OF

PRESENTATION BY PROFESSOR TREVOR MUNROE, CD, DPhil (Oxon) TO THE STAFF OF THE DEPARTMENT OF

PRESENTATION BY PROFESSOR TREVOR MUNROE, CD, DPhil (Oxon) TO THE STAFF OF THE DEPARTMENT OF CORRECTIONAL SERVICES ON THURSDAY, OCTOBER 17, 2019 OFFICE OF THE POLICE COMMISSIONER, 101-103 OLD HOPE ROAD ( Please check against delivery ) May I

320 views • 15 slides
Brazilian Crisis: Minsky Meets Brazil Felipe Rezende Associate Professor Department of

Brazilian Crisis: Minsky Meets Brazil Felipe Rezende Associate Professor Department of

Financial Fragility, Instability and the Brazilian Crisis: Minsky Meets Brazil Felipe Rezende Associate Professor Department of Economics Hobart and William Smith Colleges Research Fellow, MINDS 1st New Developmentalisms Workshop: Theory

1.03k views • 84 slides
Changing Obligations and Increased Risks around Financial Statement Approval 14 July 2020 S P E

Changing Obligations and Increased Risks around Financial Statement Approval 14 July 2020 S P E

Directors Duties: Changing Obligations and Increased Risks around Financial Statement Approval 14 July 2020 S P E A K E R S T oby Duthie Carol Der Garry Simon Osborn-King Peter Burrell Matthew Rees Founding Partner Partner Partner

467 views • 31 slides
syn ynAthina Op Open Mondays & po pop-up up sp space St Stegi Op Open Mondays a

syn ynAthina Op Open Mondays & po pop-up up sp space St Stegi Op Open Mondays a

syn ynAthina Op Open Mondays & po pop-up up sp space St Stegi Op Open Mondays a community engagement tool Once a week, the synAthina team are offering Open Mondays to civil society organizations (established and new) as well as

498 views • 20 slides
Business Tax Reform Task Force Final Report ~ - ~ -~ Chart A Business Activity Measured by

Business Tax Reform Task Force Final Report ~ - ~ -~ Chart A Business Activity Measured by

City of Alexandl'ia Business Tax Reform Task Force Final Report ~ - ~ -~ Chart A Business Activity Measured by Total Private Wages for Alexandria, Arlington and theWashington Metropolitan Area 95% t- 90% 85% +-,-,-,-,-,-,-,-,-,-,-,-~

209 views • 8 slides
What is this initiative? The Orchard Road Business Association (ORBA) will take over the

What is this initiative? The Orchard Road Business Association (ORBA) will take over the

O RCHARD R OAD B USINESS A SSOCIATION NRTOL Management Scheme What is this initiative? The Orchard Road Business Association (ORBA) will take over the curation and management of Urban Green Rooms (UGRs) (pop-up spaces) along Orchard Road

517 views • 18 slides
The New HR POP Awards Process: What it Means for Your IC DEMO June 23, 2020 June 24, 2020

The New HR POP Awards Process: What it Means for Your IC DEMO June 23, 2020 June 24, 2020

The New HR POP Awards Process: What it Means for Your IC DEMO June 23, 2020 June 24, 2020 June 30, 2020 July 07, 2020 Training crew: Presenters- Kim Rivera & Amber Pappas House Rules: Please remain on mute Submit all

403 views • 22 slides

More recommend