i mproved s trongly d eniable a uthenticated k ey e
play

I MPROVED S TRONGLY D ENIABLE A UTHENTICATED K EY E XCHANGES F OR S - PowerPoint PPT Presentation

Jan 24, 2023 •285 likes •776 views

I MPROVED S TRONGLY D ENIABLE A UTHENTICATED K EY E XCHANGES F OR S ECURE M ESSAGING Nik Unger and Ian Goldberg Secure Messaging 2 Secure Messaging All-Verifier Deniable Anonymous Authentication End-to Authentication End Zone

  1. I MPROVED S TRONGLY D ENIABLE A UTHENTICATED K EY E XCHANGES F OR S ECURE M ESSAGING Nik Unger and Ian Goldberg

  2. Secure Messaging 2

  3. Secure Messaging “All-Verifier” Deniable Anonymous Authentication End-to Authentication End Zone (OTR, Signal) Confidentiality TLS to Server Plaintext Authentication 3

  4. Why Deniability? 4

  5. Deniable Messaging Crypto B A Magic <B> there’s a protest about it tomorrow <B> want to go? <A> Yes! <B> ok, no phones 5

  6. Deniable Messaging <B> there’s a protest about it tomorrow <B> want to go? <A> Yes! <B> ok, no phones 6

  7. Deniable Messaging…? A B 7

  8. Offline vs. Online Deniability Offline Online Deniability Deniability Crypto A B Magic A B <B> there’s a protest about it tomorrow <B> want to go? <A> Yes! <B> ok, no phones 8

  9. Deniable Messaging…? ● See Appendix A – Attacks on OTRv3 and Signal ● Also see ia.cr/2018/424: 9

  10. Deniable Messaging A B 10

  11. Deniable Messaging A B 11

  12. In This Paper ● Two new efficient key exchange protocols Interactive Non-interactive 12

  13. Security Properties ● Confidentiality ● Mutual authentication ● Forward secrecy ● Contributiveness ● Offline and online deniability 13

  14. Crypto Toolbox Identity key (long-term asymmetric) Ephemeral key (short-term asymmetric) Shared session key (symmetric) Diffie-Hellman shared secret 14

  15. Crypto Toolbox Signature Create: need private ID Eph. Sym. Verify: need public key key key Diffie-Hellman MAC shared secret Create: need Verify: need Ring signature Create: need one private , , or Verify: need all public , , and 15

  16. Crypto Toolbox ID Eph. Sym. key key key Diffie-Hellman shared secret Signature MAC Ring signature 16

  17. Deniable Authenticated Key Exchanges A B DAKE Secure messaging protocol 17

  18. DAKEZ A B ID Eph. Sym. key key key Diffie-Hellman shared secret Signature MAC Ring signature Shared key ( ): 18

  19. DAKEZ: Authentication Nobody else A B knows or , ID Eph. Sym. so they know key key key Diffie-Hellman shared secret Signature MAC Ring signature Shared key ( ): 19

  20. DAKEZ: Authentication Nobody else A B knows or , ID Eph. Sym. key key key so they know Diffie-Hellman shared secret Signature MAC Ring signature Shared key ( ): 20

  21. DAKEZ: Offline Deniability F F ID Eph. Sym. key key key Diffie-Hellman shared secret Signature MAC Ring signature Shared key ( ): 21

  22. DAKEZ: Online Deniability B A A ID Eph. Sym. key key key Diffie-Hellman shared secret Signature MAC Ring signature Shared key ( ): 22

  23. Mobile? 23

  24. Mobile Use A B “Prekeys” Recipient ID Message Message 24

  25. ZDH A B ID Eph. Sym. key key key Diffie-Hellman shared secret Signature MAC Shared key ( ): Ring signature & 25

  26. ZDH: Authentication A B ID Eph. Sym. key key key Nobody else knows Diffie-Hellman shared secret so any reader must know Signature MAC Shared key ( ): Ring signature & 26

  27. Weak Forward Secrecy (Like Signal, originally) A B (Ciphertext for & ) (Time passes) Collect 27

  28. XZDH A B ID Eph. Sym. key key key Diffie-Hellman shared secret Signature MAC Shared key ( ): Ring signature & & 28

  29. Is This Secure? 29

  30. Is This Secure? “Yes.” 30

  31. OTRv4 Adoption ● External adoption: OTRv4 team 31

  32. Performance SIGMA-R DAKEZ X3DH XZDH 3DH ZDH (OTRv3) (OTRv4) (Signal) (OTRv4) Key Gen. 0.0240 0.0440 0.0228 0.0429 0.0240 0.0444 (ms) Key Exch. 0.3478 1.094 0.4229 0.778 0.5533 0.9217 (ms) ID Key 32 32 32 32 32 32 (bytes) Prekey - - 32 32 32 & 96 32 & 96 (bytes) Key Exch. 272 464 80 304 80 304 (bytes) 32

  33. Extras in the Paper 33

  34. Extras in the Paper A Quantum- Efficient resistant dual-receiver transitional encryption B security Defeating Implementation A “B” key-compromise details & advice impersonation 34

  35. Summary ● New key exchanges: DAKEZ, (X)ZDH ● Secure connection, eponymous, no all-verifier authentication required? Use these! ● Code & data: crysp.org/software/dakez_xzdh ● Come see OTRv4 at HotPETs ● Coming soon: group messaging Thank you! njunger@uwaterloo.ca 35

  36. You’ve Activated My Bonus Slides!!! 36

  37. Limited Online Deniability A B “Prekeys” Recipient ID Auth with , Auth, Msg , Auth, Msg 37

  38. RSDAKE and Spawn ● Standard model Random oracle model � – Obscure assumptions common assumptions � – Seconds milliseconds � – Improved security (contributiveness, forward secrecy) ● RSDAKE DAKEZ � ● Spawn ZDH � 38

  39. DAKE Comparison 39

  40. Signal Deniability 3DH X3DH IK A IK B IK A IK B 1 1 1 1 2 2 EK A EK B EK A SPK B 3 3 4 OTK B 40

  41. Lack of Contributiveness ● Problems with non-contributory: – Can coerce a client to use a known secret – Can use a secret known to a third-party, allowing them to decrypt without their consent ● Non-problems with non-contributory: – Contributiveness does not prevent desirable bits – Contributiveness does not defend against weak PRNGs 41

  42. ZDH A B ID Eph. Sym. key key key Diffie-Hellman shared secret Signature MAC Shared key ( ): Ring signature & 42

  43. ZDH: Authentication Nobody else knows A B or , so they know . ID Eph. Sym. key key key They also know Diffie-Hellman shared secret Signature MAC Shared key ( ): Ring signature & 43

  44. Mitigating KCI Attacks A B ID Eph. Sym. key key key Diffie-Hellman shared secret Signature MAC Ring signature Shared key ( ): 44

  45. Online Deniability Attack for Signal ● (Alice is coerced by Judson) ● Alice downloads Bob’s prekey: IK B , SPK B , Sig(IK B , Encode(SPK B )) ● Judson generates key pair with public EK A ● Alice provably reveals DH(IK A , SPK A ) ● Alice sends EK A to Bob ● Judson can compute the secret, Alice cannot 45

  46. Quantum Transitional Security ● Authenticate quantum KEM, like CECPK1 46

  47. DAKEZ 47

  48. ZDH & XZDH 48

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A G LOBAL 3D P-V ELOCITY M ODEL OF THE E ARTH S C RUST AND M ANTLE F OR I MPROVED S EISMIC E

A G LOBAL 3D P-V ELOCITY M ODEL OF THE E ARTH S C RUST AND M ANTLE F OR I MPROVED S EISMIC E

A G LOBAL 3D P-V ELOCITY M ODEL OF THE E ARTH S C RUST AND M ANTLE F OR I MPROVED S EISMIC E VENT L OCATION Sanford Ballard 1, Michael L. Begnaud 2 , Christopher J. Young 1 , James R. Hipp 1 , Andre V. Encarnacao 1 , W. Scott Phillips 2 1 Sandia

376 views • 18 slides
Imp mproved Par arall allel l Algorit ithms for r Densit ity-Base sed Ne Network rk

Imp mproved Par arall allel l Algorit ithms for r Densit ity-Base sed Ne Network rk

Imp mproved Par arall allel l Algorit ithms for r Densit ity-Base sed Ne Network rk Clusterin ing Mohsen Ghaffari Silvio Lattanzi Slobodan Mitrovi ETH Google MIT Why density-based network clustering? A wide range of

1.31k views • 85 slides
Creation of an International Exchange Leader S trongly Positioned for Growth 9 February 2011

Creation of an International Exchange Leader S trongly Positioned for Growth 9 February 2011

London S tock Exchange Group plc and TMX Group Inc. Join Forces in Merger of Equals Creation of an International Exchange Leader S trongly Positioned for Growth 9 February 2011 Creation of an International Exchange Leader Premier

489 views • 20 slides
I MPROVED D ECISION M AKING F OR M AINTENANCE U SING D ATA Arnab Majumdar, Khalid Nur, William

I MPROVED D ECISION M AKING F OR M AINTENANCE U SING D ATA Arnab Majumdar, Khalid Nur, William

I MPROVED D ECISION M AKING F OR M AINTENANCE U SING D ATA Arnab Majumdar, Khalid Nur, William Marsh Nicole Kudla Electronic Engineering and Centre for Transport Studies Computer Science Outline Project aims and outline Principles of

200 views • 9 slides
Quartz Sensors for I Sensors for Improved mproved Quartz Disaster Warning Systems Disaster

Quartz Sensors for I Sensors for Improved mproved Quartz Disaster Warning Systems Disaster

Quartz Sensors for I Sensors for Improved mproved Quartz Disaster Warning Systems Disaster Warning Systems and Geodetic Measurements and Geodetic Measurements Paroscientific and Quartz Seismic Sensors Quartz Crystal Resonators Convert

858 views • 36 slides
TO N OMINAL GDP Growth rate has only been moderated by recent recession. 3 TEMS, Inc.. T EXAS M

TO N OMINAL GDP Growth rate has only been moderated by recent recession. 3 TEMS, Inc.. T EXAS M

I MPACT OF THE P ANAMA C ANAL AND M ARKET O PPORTUNITY FOR T EXAS Presentation By: Dr. Alexander Metcalf Transportation Economics &amp; Management Systems, Inc. T EXAS IS G ROWING S TRONGLY FEASIBILITY Texas GDP has been growing by 7 percent

498 views • 23 slides
D. J. Bernstein University of Illinois at Chicago &amp; Technische Universiteit Eindhoven 1. New

D. J. Bernstein University of Illinois at Chicago &amp; Technische Universiteit Eindhoven 1. New

D. J. Bernstein University of Illinois at Chicago &amp; Technische Universiteit Eindhoven 1. New CAESAR project: C ompetition for A uthenticated E ncryption: S ecurity, A pplicability, R obustness http://competitions.cr.yp.to NIST has

546 views • 42 slides
Ex Exploring loring Heterogene terogeneity ty wi with thin in a a Core re for Imp

Ex Exploring loring Heterogene terogeneity ty wi with thin in a a Core re for Imp

Ex Exploring loring Heterogene terogeneity ty wi with thin in a a Core re for Imp mproved roved Po Power wer Ef Efficienc ciency Sudarshan Srinivasan, Nithesh Kurella Israel Koren, Sandip Kundu Outline Asymmetric Multicores

528 views • 36 slides
S TORAGE P RESENTATION T RANSCRIPT J ANUARY 21, 2016 This document was produced for review by the

S TORAGE P RESENTATION T RANSCRIPT J ANUARY 21, 2016 This document was produced for review by the

I NCREASING R ESILIENCE T HROUGH I MPROVED O N -F ARM S TORAGE P RESENTATION T RANSCRIPT J ANUARY 21, 2016 This document was produced for review by the United States Agency for International Development. It was prepared by the Feed the Future

423 views • 17 slides
S PECTRUM D ATA - II Nabeela Aijaz, Michael Hurley, Apolo Luis, Joel Rinsky, Chandrika Satyavolu,

S PECTRUM D ATA - II Nabeela Aijaz, Michael Hurley, Apolo Luis, Joel Rinsky, Chandrika Satyavolu,

O UTLINES T HE P ROBLEM D ETAILS ON SOLVING THE PROBLEM R ESULTS C ONCLUSION AND FUTURE RESULTS I MPROVED L INEAR A LGEBRA M ETHODS FOR R EDSHIFT C OMPUTATION FROM L IMITED S PECTRUM D ATA - II Nabeela Aijaz, Michael Hurley, Apolo Luis, Joel

674 views • 35 slides
load monitoring using load D ivision and C alibration Nipun Batra Haimonti Dutta CCL CLS

load monitoring using load D ivision and C alibration Nipun Batra Haimonti Dutta CCL CLS

INDiC: I mproved N on-Intrusive load monitoring using load D ivision and C alibration Nipun Batra Haimonti Dutta CCL CLS Amarjeet Singh 11/20/2013 Motivation Buildings contribute significantly to overall energy (electricity, gas, etc.)

735 views • 18 slides
Research in Macroeconomics after the Crisis James Bullard President and CEO Federal Reserve Bank

Research in Macroeconomics after the Crisis James Bullard President and CEO Federal Reserve Bank

I NTRODUCTION P OLICY C HOICE V ERSUS D ATA T HE BACK ROOM RESEARCH I MPROVED M ACROECONOMICS C ONCLUSIONS Research in Macroeconomics after the Crisis James Bullard President and CEO Federal Reserve Bank of St. Louis 19th Symposium of the

465 views • 20 slides
Panel discussion on Governance Build Buildin ing g rob obus ust Go Governance towar ards

Panel discussion on Governance Build Buildin ing g rob obus ust Go Governance towar ards

Panel discussion on Governance Build Buildin ing g rob obus ust Go Governance towar ards impr mproved effi ficie iency and and inno nnovatio ion Amaravati Development Corp | Andhra Pradesh Capital Region Development Authority

334 views • 17 slides
Options. I. Christopher G. Lamoureux January 9, 2013 Options. I. Organizing Themes

Options. I. Christopher G. Lamoureux January 9, 2013 Options. I. Organizing Themes

Options. I. Introduction What? Stochastic Integration Hedge Portfolio Options. I. Christopher G. Lamoureux January 9, 2013 Options. I. Organizing Themes Introduction What? Stochastic The Black-Scholes-Merton option pricing theory is

453 views • 14 slides
Electronic Commerce Technologies CSC 513, Spring 2008 Munindar P. Singh singh@ncsu.edu

Electronic Commerce Technologies CSC 513, Spring 2008 Munindar P. Singh singh@ncsu.edu

Electronic Commerce Technologies CSC 513, Spring 2008 Munindar P. Singh singh@ncsu.edu Department of Computer Science North Carolina State University Munindar P. Singh, CSC 513, Spring 2008 c p.1 Module 1: Introduction Scope Grading

1.59k views • 157 slides
NOTES ON THE VAPNIK-CHERVONENKIS THEOREM: BACKGROUND AND PROOF ROLAND WALKER 1. Introduction

NOTES ON THE VAPNIK-CHERVONENKIS THEOREM: BACKGROUND AND PROOF ROLAND WALKER 1. Introduction

NOTES ON THE VAPNIK-CHERVONENKIS THEOREM: BACKGROUND AND PROOF ROLAND WALKER 1. Introduction Vladimir Vapnik and Alexey Chervonenkis proved their eponymous theorem in 1968. The original Russian proof was published in 1971 and then translated to

278 views • 13 slides
CS388: Natural Language Processing Coreference Resolu8on Greg Durrett Road Map Text

CS388: Natural Language Processing Coreference Resolu8on Greg Durrett Road Map Text

CS388: Natural Language Processing Coreference Resolu8on Greg Durrett Road Map Text Applica/ons Annota/ons Text Analysis POS tagging Summarize Syntac8c parsing Extract informa8on NER Answer ques8ons Coreference resolu8on Iden8fy

817 views • 34 slides
Public Service Announcement Help nonprofits solve real world problems at Berkeley Builds! Join

Public Service Announcement Help nonprofits solve real world problems at Berkeley Builds! Join

Public Service Announcement Help nonprofits solve real world problems at Berkeley Builds! Join us on April 30 for two days of hacking and designing with industry professionals. Gain experience in design thinking and deliver a product that

346 views • 19 slides
interactive magazine an HTML5 app for children on moms and dads tablet! Pisa 31st May

interactive magazine an HTML5 app for children on moms and dads tablet! Pisa 31st May

La Pimpa becomes an interactive magazine an HTML5 app for children on moms and dads tablet! Pisa 31st May 2013 www.liberologico.com www.gruppometa.it Pimpa or La Pimpa is an Italian comic strip created by Francesco Tullio

394 views • 21 slides
Presented by: Avit Kumar Bhowmik Pedro Cabral Damage and post-cyclone regeneration assessment of

Presented by: Avit Kumar Bhowmik Pedro Cabral Damage and post-cyclone regeneration assessment of

Damage and post-cyclone regeneration assessment of the Sundarbans botanic biodiversity caused by the Cyclone Sidr Presented by: Avit Kumar Bhowmik Pedro Cabral Damage and post-cyclone regeneration assessment of the Sundarbans botanic

257 views • 23 slides
14.581 International Trade T Lecture 11: Heckscher-Ohlin Empirics (II) MIT

14.581 International Trade T Lecture 11: Heckscher-Ohlin Empirics (II) MIT

14.581 International Trade T Lecture 11: Heckscher-Ohlin Empirics (II) MIT 14.581 MIT 14.581 Spring 2013 Spring 2013 MIT 14.581 RV and HO Empirics (II) Spring 2013 1 / 72 Plan of Todays Lecture 1 Tests of the

1.19k views • 73 slides
1 AFFECTED STATEWIDE RULES SWR 5: Plat and Purpose of Filing SWR 37: Lease Line and

1 AFFECTED STATEWIDE RULES SWR 5: Plat and Purpose of Filing SWR 37: Lease Line and

Introduction to Drilling Permits and Online Filing David King July 2020 1 1 AFFECTED STATEWIDE RULES SWR 5: Plat and Purpose of Filing SWR 37: Lease Line and Between Well Spacing SWR 38: Density SWR 40: Double Assignment of

1.12k views • 101 slides
Informatics 1: Data &amp; Analysis Lecture 12: Corpora Ian Stark School of Informatics The

Informatics 1: Data &amp; Analysis Lecture 12: Corpora Ian Stark School of Informatics The

Informatics 1: Data &amp; Analysis Lecture 12: Corpora Ian Stark School of Informatics The University of Edinburgh Friday 28 February 2014 Semester 2 Week 6 http://www.inf.ed.ac.uk/teaching/courses/inf1/da Student Survey Final Day ! ESES:

519 views • 33 slides
Pappus Configurations in Finite Planes Lorinda Leshock (joint work with Felix Lazebnik)

Pappus Configurations in Finite Planes Lorinda Leshock (joint work with Felix Lazebnik)

Pappus Configurations in Finite Planes Lorinda Leshock (joint work with Felix Lazebnik) University of Delaware lleshock@udel.edu June 19, 2019 June 19, 2019 1 / 22 Overview Affine planes 1 Desargues and Pappus configurations 2

529 views • 31 slides

More recommend