intermaclib beyond confidentiality and integrity in
play

InterMAClib: Beyond Confidentiality and Integrity in Practice - PowerPoint PPT Presentation

Jan 14, 2023 •107 likes •302 views

InterMAClib: Beyond Confidentiality and Integrity in Practice Torben B. Hansen @n_tbh Joint work with Martin R. Albrecht @martinralbrecht Kenneth G. Paterson @kennyog Information Security Group Centre

  1. InterMAClib: ¡Beyond ¡Confidentiality ¡ and ¡Integrity ¡in ¡Practice Torben ¡B. ¡Hansen ¡@n_tbh Joint ¡work ¡with ¡ Martin ¡R. ¡Albrecht ¡@martinralbrecht Kenneth ¡G. ¡Paterson ¡@kennyog Information ¡Security ¡Group Centre ¡for ¡Doctoral ¡Training ¡in ¡Cyber ¡Security Real ¡World ¡Crypto ¡2018 ¡January ¡12 th

  2. The ¡next ¡~25 ¡mins OpenSSH InterMAC cipher ¡modes Motivation Performance We ¡are ¡here InterMAC(lib)

  3. Symmetric ¡encryption ¡ Modelling ¡security AE C C ¡ ← Enc k (M) M ¡ ← Dec k (C) Good ¡approximation? [BKN02] [APW09] SSH ¡CBC-­‑mode ¡is ¡secure! SSH ¡CBC-­‑mode ¡is ¡ not secure!

  4. C 1 C M 1 ← Dec k (C 1 ) C 2 C ¡ ← Enc k (M) M 2 ← Dec k (C 2 ) M ¡= ¡M 1 || ¡M 2 [BDPS12] SSH ¡packets ¡contains ¡a ¡length ¡field

  5. Security ¡notions C 1 C M 1 ← Dec k (C 1 ) C 2 C ¡ ← Enc k (M) M 2 ← Dec k (C 2 ) M ¡= ¡M 1 || ¡M 2 IND-­‑CCA IND-­‑sfCFA IND-­‑sfCTF IND-­‑CTXT

  6. Security ¡notions C ¡= C 1 DJ@)%&6h C 2 C’ ¡= *s&FQOm”F C 3 DJ@)%&6h*s&FQOm”F C’ C SSH: IND-­‑CCA IND-­‑sfCFA -­‑ Length ¡field ¡encrypted BH-­‑sfCFA -­‑ Random ¡amount ¡of ¡ IND-­‑sfCTF IND-­‑CTXT padding

  7. Security ¡notions (Open)SSH ¡EtM cryptographic ¡processing Sequence Packet Pad Payload Padding ≥4 Number Length Len 1 4 4 Enc Packet MAC ¡tag Ciphertext Length Mac [BDPS12] ¡/ ¡ [BDPS12] [AD H P16 ¡] IND-­‑CCA IND-­‑sfCFA BH-­‑sfCFA n-­‑DOS-­‑sfCFA [AD H P16] IND-­‑sfCTF IND-­‑CTXT

  8. InterMAC [BDPS12] Achieve ¡all ¡4 security ¡ notions N ¡-­‑ 1 N ¡-­‑ 1 N ¡-­‑ 1 0 0 1 IND$-­‑CPA Enc Enc Enc Chunk ¡counter: 0 1 2 Mac Mac Mac c c c Message ¡counter: PRF

  9. InterMAC in ¡practice … 1 0 1 N ¡-­‑ 1 N ¡-­‑ 1 N ¡-­‑ 1 t=1 : no padding 0 0 1 1 t t=2 : padding Enc Enc Enc Chunk ¡counter: 0 1 2 Mac Mac Mac c c c Message ¡counter:

  10. InterMAC in ¡practice … 1 0 1 N ¡-­‑ 1 N ¡-­‑ 1 N ¡-­‑ 1 t=1 : no padding 0 0 t t=2 : padding Chunk ¡counter: 2 0 1 Enc Enc Enc c c c Message ¡counter: Nonce-­‑based AE

  11. InterMAClib C-­‑implementation Aims ¡to ¡be ¡”safe” ¡to ¡use Small ¡API User-­‑oblivious ¡nonce-­‑management Algorithm ¡agility AES-­‑GCM Chacha20-­‑Poly1305

  12. Nonce ¡management chunk ¡counter ¡= ¡0 im_init (… ¡, ¡ae_cipher) ¡: message ¡counter ¡= ¡0 32 64 nonce ¡= ¡ InterMAC with ¡ChaCha20-­‑Poly1305 K mac <-­‑ ChaCha20( 0 , ¡K, ¡nonce, ¡block_counter = ¡0) C <-­‑ ChaCha20(M, ¡K, ¡nonce, ¡block_counter = ¡1) Tag ¡<-­‑ Poly1305(K mac , ¡C) InterMAC with ¡AES-­‑GCM Initialise aes-­‑gcm with ¡nonce ¡for ¡each ¡chunk

  13. Want ¡cipher ¡modes ¡with ¡all ¡4 ¡security ¡ We ¡implemented ¡InterMAC-­‑based ¡ properties cipher ¡modes ¡in ¡OpenSSH (v7.4) No ¡current ¡cipher ¡mode ¡satisfy ¡that… [AD H P16] im-­‑aes128-­‑gcm-­‑N im-­‑chacha-­‑poly-­‑N Packet Pad Payload Padding Length Len 1 4 ≥4 OpenSSH packet ¡ Standalone ¡code-­‑path ¡ [APW09] [AD H P16] processing ¡code: in ¡the ¡OpenSSH packet ¡ [PW10] complex ¡and ¡buggy processing ¡code Throughput Total ¡bytes ¡transmitted Performance ¡of ¡InterMAC-­‑based ¡ cipher ¡modes ¡compared ¡to ¡existing ¡ Behavior ¡relating ¡to ¡chunk ¡ cipher ¡modes length ¡N

  14. SCP AWS AWS London US-­‑Oregon [AD H P16]

  15. SCP AWS AWS London US-­‑Oregon

  16. N ¡-­‑ 1 N ¡-­‑ 1 N ¡-­‑ 1

  17. Finish ¡line ¡is ¡in ¡sight… Implementations ¡must ¡cater ¡for ¡ ciphertext fragmentation [BDPS12] ¡provides ¡a ¡security ¡ model ¡for ¡studying ¡symmetric ¡ We ¡believe ¡this ¡feature ¡should ¡be ¡ reflected ¡in ¡the ¡security ¡models encryption ¡schemes ¡supporting ¡ ciphertext fragmentation We ¡modify ¡InterMAC to ¡make ¡it ¡ InterMAC satisfies ¡all ¡security ¡ usable ¡in ¡practice ¡and ¡create ¡ notions ¡from ¡[BDPS12] InterMAClib OpenSSH want ¡cipher ¡modes ¡ We ¡implement ¡InterMAC-­‑based ¡ that ¡meets ¡all ¡security ¡notions ¡ cipher ¡modes ¡in ¡OpenSSH using ¡ from ¡[BDPS12] InterMAClib We ¡measured ¡performance; ¡ InterMAC: ¡SSH ¡binary ¡packet ¡ indicates ¡that ¡greater ¡security ¡can ¡ protocol ¡done ¡right, ¡using ¡ be ¡traded ¡for ¡only ¡a ¡minor ¡ modern ¡primitives performance ¡hit

  18. Hi ¡Bob, ¡ I ¡believe ¡we ¡ can ¡beat ¡Eve! RealWorld Class ¡Alice! Torben ¡Hansen ¡@n_tbh Martin ¡Albrecht ¡@martinralbrecht Kenny ¡Paterson ¡@kennyog

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Mobile Systems Availability Mobile Systems Availability Integrity and Confidentiality Integrity

Mobile Systems Availability Mobile Systems Availability Integrity and Confidentiality Integrity

Mobile Systems Availability Mobile Systems Availability Integrity and Confidentiality Integrity and Confidentiality MoSAIC MoSAIC M.O.Killijian, D.Powell, M.Bantre, P.Couderc, Y.Roudier LAAS-CNRS - IRISA- Eurcom Context Context 3

159 views • 14 slides
Integrity and Confidentiality in Web Applications Jeff Johnson 1 Where We're At We have been

Integrity and Confidentiality in Web Applications Jeff Johnson 1 Where We're At We have been

Integrity and Confidentiality in Web Applications Jeff Johnson 1 Where We're At We have been mostly focusing on Fixing vulnerabilities inherent to languages Finding/protecting against programmer follies Today we will look at

682 views • 42 slides
Other threats Threat model (beyond TLS) TLS = confidentiality, integrity, authenticity

Other threats Threat model (beyond TLS) TLS = confidentiality, integrity, authenticity

Other threats Threat model (beyond TLS) TLS = confidentiality, integrity, authenticity Metadata leaks Resource starvation Topic Virtual Private Networks (VPNs) Run as closed networks on Internet Use IPSEC to secure messages

736 views • 30 slides
Other defenses Threat model (beyond TLS) TLS = confidentiality, integrity, authenticity

Other defenses Threat model (beyond TLS) TLS = confidentiality, integrity, authenticity

Other defenses Threat model (beyond TLS) TLS = confidentiality, integrity, authenticity Metadata leaks Resource starvation Topic Virtual Private Networks (VPNs) Run as closed networks on Internet Use IPSEC to secure

605 views • 38 slides
Introduction to Cryptology: confidentiality, integrity, authenticity 2015/12 Yaound,

Introduction to Cryptology: confidentiality, integrity, authenticity 2015/12 Yaound,

Introduction to Cryptology: confidentiality, integrity, authenticity 2015/12 Yaound, Cameroun Damien Robert quipe LFANT, Inria Bordeaux Sud-Ouest Institut de Mathmatiques de Bordeaux quipe MACISA, Laboratoire International de

753 views • 53 slides
CS/COE 1520 pitt.edu/~ach54/cs1520 Web security Security basics: CIA Confidentiality

CS/COE 1520 pitt.edu/~ach54/cs1520 Web security Security basics: CIA Confidentiality

CS/COE 1520 pitt.edu/~ach54/cs1520 Web security Security basics: CIA Confidentiality Keeping information secret from those who should not be able to see it Integrity Two portions: Data integrity: has the content of

680 views • 19 slides
On Protecting Integrity and Confidentiality of Cryptographic File System for Outsourced Storage

On Protecting Integrity and Confidentiality of Cryptographic File System for Outsourced Storage

On Protecting Integrity and Confidentiality of Cryptographic File System for Outsourced Storage Aaram Yun , Chunhui Shi, Yongdae Kim University of Minnesota CCSW 2009, 13 Nov 2009 Cryptographic network file system How to achieve a

348 views • 16 slides
CREDENTIALS PRESENTATION Corporate Advisory Solutions INTEGRITY, CONFIDENTIALITY, EXPERIENCE

CREDENTIALS PRESENTATION Corporate Advisory Solutions INTEGRITY, CONFIDENTIALITY, EXPERIENCE

CREDENTIALS PRESENTATION Corporate Advisory Solutions INTEGRITY, CONFIDENTIALITY, EXPERIENCE ABOUT CORPORATE ADVISORY SOLUTIONS CAS is a merchant bank based in Philadelphia and Washington, D.C., specializing in M&amp;A, and strategic advisory

338 views • 13 slides
KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR

KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR

KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR INTEGRITY INTEGRITY INTEGRITY INTEGRITY INTEGRITY INTEGRITY Blockchain &amp; Security Ruth Crowell, Chief Executive Asia Pacific Precious Metals

460 views • 10 slides
MODERN MEMORY DEFENSES GRAD SEC SEP 14 2017 TODAYS PAPERS CONTROL FLOW INTEGRITY

MODERN MEMORY DEFENSES GRAD SEC SEP 14 2017 TODAYS PAPERS CONTROL FLOW INTEGRITY

MODERN MEMORY DEFENSES GRAD SEC SEP 14 2017 TODAYS PAPERS CONTROL FLOW INTEGRITY Fundamentally, code injection attacks altered the target programs control flow Recall: Confidentiality, Integrity, Availability Most integrity

937 views • 30 slides
Alice and Bob want to communicate securely Achieve confidentiality and

Alice and Bob want to communicate securely Achieve confidentiality and

Alice and Bob want to communicate securely Achieve confidentiality and integrity/authenticity Both know each others public key Example: A-&gt;B: E Bob (M), S Alice (M) Works, but expensive Recall hybrid encryption

488 views • 16 slides
Information security has relied upon the following pillars: Confidentiality only allow

Information security has relied upon the following pillars: Confidentiality only allow

Security &amp; Knowledge Management a.a. 2019/20 Information security has relied upon the following pillars: Confidentiality only allow access to data for which the user is permitted Integrity ensure data is not tampered or

657 views • 52 slides
Confidentiality &amp; Disclaimer Confidentiality The recipient of the information contained in

Confidentiality &amp; Disclaimer Confidentiality The recipient of the information contained in

Confidentiality &amp; Disclaimer Confidentiality The recipient of the information contained in this presentation, in receiving it, agrees not to copy or disclose any of its contents to third parties without the written consent of Kendeil

952 views • 33 slides
Confidentiality &amp; Disclaimer Confidentiality The recipient of the information contained in

Confidentiality &amp; Disclaimer Confidentiality The recipient of the information contained in

Confidentiality &amp; Disclaimer Confidentiality The recipient of the information contained in this presentation, in receiving it, agrees not to copy or disclose any of its contents to third parties without the written consent of Kendeil

790 views • 34 slides
May 1: Integrity Models Biba Clark-Wilson Comparison Trust models May 1, 2017 ECS

May 1: Integrity Models Biba Clark-Wilson Comparison Trust models May 1, 2017 ECS

May 1: Integrity Models Biba Clark-Wilson Comparison Trust models May 1, 2017 ECS 235B Spring Quarter 2017 Slide #1 Integrity Overview Requirements Very different than confidentiality policies Biba s models

514 views • 33 slides
Le Lecture 15 15 Access Control 1 Recall: Secu curity Service ces Confidentiality: to

Le Lecture 15 15 Access Control 1 Recall: Secu curity Service ces Confidentiality: to

Le Lecture 15 15 Access Control 1 Recall: Secu curity Service ces Confidentiality: to assure information privacy and secrecy Authentication: to assert who created or sent data Integrity: to show that data has not been altered

656 views • 32 slides
Risk-Informed Regulation Industry Perspective US Nuclear Regulatory Commission February 4, 2009

Risk-Informed Regulation Industry Perspective US Nuclear Regulatory Commission February 4, 2009

Risk-Informed Regulation Industry Perspective US Nuclear Regulatory Commission February 4, 2009 Bill Levis, PSEG Nuclear, LLC Tony Pietrangelo, NEI Overview Risk-Informed Regulation Perspective Successes Challenges Industry

496 views • 12 slides
0114 marketing MARKETING POWER HOUR WEEK 7 RACE FOR MARKETING WIN! | Learn What Am I

0114 marketing MARKETING POWER HOUR WEEK 7 RACE FOR MARKETING WIN! | Learn What Am I

0114 marketing MARKETING POWER HOUR WEEK 7 RACE FOR MARKETING WIN! | Learn What Am I Talking About? | Apply How Does This Apply To My Business? | Implement How Can I Implement This? Who, When, Why? | Marketing is business. | Can

541 views • 23 slides
Graph cut, convex relaxation and continuous max-flow problem Xue-Cheng Tai, Christian Michelsen

Graph cut, convex relaxation and continuous max-flow problem Xue-Cheng Tai, Christian Michelsen

Graph cut, convex relaxation and continuous max-flow problem Xue-Cheng Tai, Christian Michelsen Research AS, Bergen, Norway. and University of Bergen, Norway Collaborations with: Egil Bae, Yuri Boykov, Jun Liu, Jing Yuan and others February

1.27k views • 115 slides
Recap Alife 2008 Walter de Back Collegium Budapest Institute for Advanced Study Prebiology:

Recap Alife 2008 Walter de Back Collegium Budapest Institute for Advanced Study Prebiology:

Recap Alife 2008 Walter de Back Collegium Budapest Institute for Advanced Study Prebiology: Error threshold Eigen, 1971 Hypercycles on a surface Boerlijst, Hogeweg 1991 Metabolic model Czaran, Szathmary 2000 Hypercycles vs. Metabolic model

309 views • 18 slides
Lecture 11/Review Chapter 8 Normal Practice Exercises symmetric Strategies to Solve 2 Types

Lecture 11/Review Chapter 8 Normal Practice Exercises symmetric Strategies to Solve 2 Types

Properties of Normal Curve (Review) bulges in the middle Lecture 11/Review Chapter 8 Normal Practice Exercises symmetric Strategies to Solve 2 Types of Problem about mean Examples Total Area=1 or 100% mean tapers at the ends Using

194 views • 5 slides
Childhood Framework for Quality (EFQ)? 1 8/5/2019 The Early Childhood Framework for Quality

Childhood Framework for Quality (EFQ)? 1 8/5/2019 The Early Childhood Framework for Quality

8/5/2019 The Early Childhood Framework for Quality (EFQ) DECEs vision for high -quality early childhood programs If you could describe quality in early childhood education, what word would you use? What is the Early Childhood

259 views • 10 slides
Certificate Translation in Abstract Interpretation Gilles Barthe and C esar Kunz Inria April

Certificate Translation in Abstract Interpretation Gilles Barthe and C esar Kunz Inria April

Certificate Translation in Abstract Interpretation Gilles Barthe and C esar Kunz Inria April 2, 2008 Gilles Barthe and C esar Kunz (Inria) Certificate Translation in A. I. April 2, 2008 1 / 25 Motivation: source code verification

1.05k views • 49 slides
Extending an Isabelle Formalisation of CDCL to Optimising CDCL Mathias Fleury joint work

Extending an Isabelle Formalisation of CDCL to Optimising CDCL Mathias Fleury joint work

Extending an Isabelle Formalisation of CDCL to Optimising CDCL Mathias Fleury joint work with Christoph Weidenbach Matryoshka+Veridis 2019 Lets find a model with minimal weight 10 4 20 13 Optimal partial model: Optimal

593 views • 27 slides

More recommend