Integrating DAGA into the cothority framework and using it to build - - PowerPoint PPT Presentation

integrating daga into the cothority framework and using it
SMART_READER_LITE
LIVE PREVIEW

Integrating DAGA into the cothority framework and using it to build - - PowerPoint PPT Presentation

Jan 19, 2024 305 likes •933 views

Integrating DAGA into the cothority framework and using it to build a login service DEDIS, EPFL 2018/19 - Lucas Pires Responsible: Prof. Bryan Ford, Dr. Ewa Syta Supervisor: Linus Gasser 1 Integrating DAGA into the cothority framework and

slide-1
SLIDE 1

Integrating DAGA into the cothority framework and using it to build a login service

DEDIS, EPFL 2018/19 - Lucas Pires Responsible: Prof. Bryan Ford, Dr. Ewa Syta Supervisor: Linus Gasser

1

slide-2
SLIDE 2

Integrating DAGA into the cothority framework and using it to build a login service

Deniable Anonymous Group Authentication

  • Decentralized Authentication Protocol
  • Forward-security, etc. more later

2

slide-3
SLIDE 3

Motivation / Intro

  • Authentication Identification and Privacy
  • ➔ where possible, get rid of identification
  • ➔ DAGA
  • GOAL: offer easy way to use DAGA, Login Service

3

slide-4
SLIDE 4

Overview

  • Background / DAGA
  • Cothority implementation
  • Authentication delegation
  • PoC & demo
  • Conclusion

4

slide-5
SLIDE 5

Background / DAGA

5 Properties Description Big picture

slide-6
SLIDE 6

Background / DAGA –

6

DAGA

slide-7
SLIDE 7

Background / DAGA –

6

DAGA

Entity / user

slide-8
SLIDE 8

Background / DAGA –

6

DAGA

Anytrust servers Entity / user

slide-9
SLIDE 9

Background / DAGA –

6

DAGA

Anytrust servers Entity / user Group

  • Auth. request

Decision

slide-10
SLIDE 10

Background / DAGA –

7

DAGA

Anytrust servers Entity / user

  • Completeness
  • Soundness

Group

  • Auth. request

Decision

slide-11
SLIDE 11

Background / DAGA –

7

DAGA

Anytrust servers Entity / user

  • Completeness
  • Soundness
  • Anonymity

Group

  • Auth. request

Decision

slide-12
SLIDE 12

Background / DAGA –

8

DAGA

Entity / user

  • Anonymity
  • Proportionality

Group

  • Auth. request

Decision Anytrust servers

+ Linkage Tag

slide-13
SLIDE 13

Background / DAGA –

9

DAGA

  • Anonymity
  • Proportionality
  • Deniability

Group

  • Auth. request

Decision Entity / user Anytrust servers

+ Linkage Tag

slide-14
SLIDE 14

Background / DAGA –

10

DAGA

  • Anonymity
  • Proportionality
  • Deniability
  • Forward security

Group

  • Auth. request

Decision Anytrust servers Entity / user

+ Linkage Tag

slide-15
SLIDE 15

Background / DAGA –

11

Verifiers Prover Context

Build request / client’s protocol

Adapted / redrawn from https://github.com/dedis/student_17/blob/master/pfs_pop/presentation_pfs_pop.pdf

slide-16
SLIDE 16

Background / DAGA –

11

Verifiers Prover Context

Build request / client’s protocol Initial tag

Adapted / redrawn from https://github.com/dedis/student_17/blob/master/pfs_pop/presentation_pfs_pop.pdf

slide-17
SLIDE 17

Background / DAGA –

11

Verifiers Prover Context

Build request / client’s protocol Initial tag Proof generation

Adapted / redrawn from https://github.com/dedis/student_17/blob/master/pfs_pop/presentation_pfs_pop.pdf

Distributed randomness / challenge generation ∑ Challenge ∑ commitments

slide-18
SLIDE 18

Background / DAGA –

11

Verifiers Prover Context

Build request / client’s protocol Initial tag Proof generation

Adapted / redrawn from https://github.com/dedis/student_17/blob/master/pfs_pop/presentation_pfs_pop.pdf

Distributed randomness / challenge generation ∑ Challenge ∑ commitments Request (with ∑ responses) Servers’ protocol Collective proof verification, decision and Tag building Linkage tag

slide-19
SLIDE 19

Overview

  • Background / DAGA
  • Cothority implementation
  • Authentication delegation
  • PoC demo
  • Conclusion &? Future

12

slide-20
SLIDE 20

Cothority Implementation

13

  • DAGA Library (continuation of A. Villard’s work)
  • New Service & Protocols

(context generation / challenge generation / DAGA servers’ protocol)

  • Can run simulations locally and on DETERLab
  • 80% code coverage
  • Possible to generate proto files
  • CLI client
slide-21
SLIDE 21

Cothority Implementation

14

  • DAGA Library (continuation of A. Villard’s work)
  • New Service & Protocols

(context generation / challenge generation / DAGA servers’ protocol)

  • Can run simulations locally and on DETERLab
  • 80% code coverage
  • Possible to generate proto files
  • CLI client
slide-22
SLIDE 22

15 DAGA Cothority

slide-23
SLIDE 23

16

Client / 3rd party service admin 1) Collect public keys of subscribers 2) Build a roster of willing conodes (partnerships or open access nodes)

Administrative phase

slide-24
SLIDE 24

16

Client / 3rd party service admin

Context generation protocol Random node

1) Collect public keys of subscribers 2) Build a roster of willing conodes (partnerships or open access nodes) 3) Call CreateContext(keys, roster)

Administrative phase Other nodes

slide-25
SLIDE 25

16

Client / 3rd party service admin Context

Context generation protocol Random node

1) Collect public keys of subscribers 2) Build a roster of willing conodes (partnerships or open access nodes) 3) Call CreateContext(keys, roster)

Administrative phase Other nodes New Cothority For the new context

slide-26
SLIDE 26

Entity

Build auth. Message M Initial tag Proof generation challenge generation protocol ∑ Challenge Call Auth(M, ) Servers’ protocol Linkage tag

DAGA cothority

Call PKClient(∑ commitments, )

DAGA context Need to keep state across endpoint calls ➔ avoid by storing it in clients

slide-27
SLIDE 27

Cothority Implementation

18

  • DAGA Library (continuation of A. Villard’s work)
  • New Service & Protocols

(context generation / challenge generation / DAGA servers’ protocol)

  • Can run simulations locally and on DETERLab
  • 80% code coverage
  • Possible to generate proto files
  • CLI client
slide-28
SLIDE 28

Simulation results – total authentication time

19

2) Local Setup:

  • Debian 9, AMD64
  • CPU: 8 @ 2.50GHz
  • RAM: 16 GiB

1) DETERLab Setup:

  • pc2133 nodes:
  • Ubuntu 14.04, AMD64
  • CPU: 4 @ 2,13 GHz
  • RAM: 4 GiB
  • LAN with 100 ms delay

Local DETERLab Wall time [s] Number of group members Number of group members

slide-29
SLIDE 29

Original results and previous student’s results

20

Taken from https://github.com/dedis/student_17/blob/master/pfs_pop/presentation_pfs_pop.pdf

Original paper (2014) Previous student

slide-30
SLIDE 30

Simulation results – total authentication time

21

Wall time [s] Local 4 servers Local 16 servers Number of group members Number of group members

slide-31
SLIDE 31

Simulation results – total server traffic

22

Traffic [KiB]

~

Previous student’s results

slide-32
SLIDE 32

Cothority Implementation

23

  • DAGA Library (continuation of A. Villard’s work)
  • New Service & Protocols

(context generation / challenge generation / DAGA servers’ protocol)

  • Can run simulations locally and on DETERLab
  • 80% code coverage
  • Possible to generate proto files
  • CLI client
slide-33
SLIDE 33

Overview

  • Background / DAGA
  • Cothority implementation
  • Authentication delegation
  • PoC demo
  • Conclusion &? Future

24

slide-34
SLIDE 34

Authentication delegation

25

DAGA cothority Entity / user

slide-35
SLIDE 35

Authentication delegation

25

DAGA cothority Entity / user Service Provider

slide-36
SLIDE 36

Authentication delegation

25

DAGA cothority Entity / user Service Provider

slide-37
SLIDE 37

Authentication delegation

25

DAGA cothority Entity / user Service Provider

Authentication Delegation Protocol

slide-38
SLIDE 38

26

RP IdP

OpenID connect authentication

  • “code flow”
slide-39
SLIDE 39

26

RP

GET rp/login

IdP

OpenID connect authentication

  • “code flow”
slide-40
SLIDE 40

26

RP

GET IdP/daga_auth REDIRECT IdP/daga_auth GET rp/login

IdP

OpenID connect authentication

  • “code flow”
slide-41
SLIDE 41

26

RP

IdP authenticates user-agent GET IdP/daga_auth REDIRECT IdP/daga_auth 200 authentication page GET rp/login GET rp/callback with code REDIRECT rp/callback with code

IdP

OpenID connect authentication

  • “code flow”
slide-42
SLIDE 42

26

RP

IdP authenticates user-agent GET IdP/daga_auth REDIRECT IdP/daga_auth 200 authentication page GET rp/login GET rp/callback with code POST IdP/token_endpoint with code 200 token REDIRECT rp/callback with code

IdP

OpenID connect authentication

  • “code flow”
slide-43
SLIDE 43

27

RP IdP

GET IdP/daga_auth REDIRECT IdP/daga_auth 200 authentication page GET rp/login

slide-44
SLIDE 44

27

RP IdP

GET IdP/daga_auth REDIRECT IdP/daga_auth 200 authentication page GET rp/login

slide-45
SLIDE 45

27

RP IdP

DAGA client daemon Browser / WEB UI REDIRECT IdP/daga_auth 200 authentication page GET rp/login GET IdP/daga_auth

slide-46
SLIDE 46

28

RP IdP

DAGA client daemon Browser / WEB UI

slide-47
SLIDE 47

28

RP IdP

DAGA client daemon Browser / WEB UI Arguments, context + key

slide-48
SLIDE 48

28

RP IdP

DAGA client daemon Browser / WEB UI Arguments, context + key Call PKClient(commitments) Challenge

slide-49
SLIDE 49

28

RP IdP

DAGA client daemon Browser / WEB UI Arguments, context + key Call PKClient(commitments) Challenge Auth. Msg

slide-50
SLIDE 50

28

RP IdP

DAGA client daemon Browser / WEB UI Arguments, context + key Call PKClient(commitments) Challenge Auth. Msg POST back with Auth. msg

slide-51
SLIDE 51

28

RP IdP

DAGA client daemon Browser / WEB UI Arguments, context + key Call PKClient(commitments) Challenge Auth. Msg POST back with Auth. msg Call Auth(Auth. msg) Linkage Tag

slide-52
SLIDE 52

28

RP IdP

DAGA client daemon Browser / WEB UI Arguments, context + key Call PKClient(commitments) Challenge Auth. Msg POST back with Auth. msg Call Auth(Auth. msg) Linkage Tag GET rp/callback with code REDIRECT rp/callback with code

slide-53
SLIDE 53

28

RP IdP

DAGA client daemon Browser / WEB UI Arguments, context + key Call PKClient(commitments) Challenge Auth. Msg POST back with Auth. msg Call Auth(Auth. msg) Linkage Tag GET rp/callback with code POST IdP/token_endpoint with code 200 token REDIRECT rp/callback with code

slide-54
SLIDE 54

Demo

29

slide-55
SLIDE 55

Conclusion

30

  • Democratization of DAGA as anonymous

authentication is feasible

  • Future works:
slide-56
SLIDE 56

Conclusion

30

  • Democratization of DAGA as anonymous

authentication is feasible

  • Future works:
  • Need ways to manage partnerships and evolve contexts
slide-57
SLIDE 57

Conclusion

30

  • Democratization of DAGA as anonymous

authentication is feasible

  • Future works:
  • Need ways to manage partnerships and evolve contexts
  • Need ways to scale (random sub-groups)
slide-58
SLIDE 58

Conclusion

30

  • Democratization of DAGA as anonymous

authentication is feasible

  • Future works:
  • Need ways to manage partnerships and evolve contexts
  • Need ways to scale (random sub-groups)
  • Need to armor everything (memory protection,…)
slide-59
SLIDE 59

31

Taken from https://github.com/dedis/student_17/blob/master/pfs_pop/report_pfs_pop.pdf

slide-60
SLIDE 60

32

Local 8 servers, linear Local 8 servers, linear

slide-61
SLIDE 61

33

Core Hubs:
All Converters PDF Hub Video Hub Audio Hub Image Hub File Compressor