out of band authentication in group messaging
play

Out-of-Band Authentication in Group Messaging: Computational, - PowerPoint PPT Presentation

Aug 13, 2023 •242 likes •577 views

Out-of-Band Authentication in Group Messaging: Computational, Statistical, Optimal Computational, Statistical, Optimal Lior Rotem Gil Segev Hebrew University Major Effort: E2E-Encrypted Messaging Government surveillance and/or coercion

  1. Out-of-Band Authentication in Group Messaging: Computational, Statistical, Optimal Computational, Statistical, Optimal Lior Rotem Gil Segev Hebrew University

  2. Major Effort: E2E-Encrypted Messaging • Government surveillance and/or coercion • Untrusted or corrupted messaging servers Key challenge: Detecting man-in-the-middle attacks when setting up E2E-encrypted channels 2

  3. Man-in-the-Middle Attacks Alice’s phone Bob’s phone 3

  4. Man-in-the-Middle Attacks • Impossible to detect without any setup Bob’s phone Alice’s phone Impractical to assume a trusted PKI in messaging platforms… 4

  5. Out-of-Band Authentication Practical to assume: Users can “out-of-band” authenticate one short value Alice’s phone Bob’s phone Bob • Users can compare a short string displayed on their devices • Assuming that they recognize each other’s voice, this is a low-bandwidth authenticated channel 5

  6. Out-of-Band Authentication Facebook Telegram Allo Signal WhatsApp Wire 6

  7. Out-of-Band Authentication Bounded Bounded vs. unbounded adversaries Within the cryptography community: • Considered by Rivest and Shamir in ’84 (“Interlock” protocol) • Formalized by Vaudenay ’05 (computational security) and by Naor, Segev and Smith ’06 (statistical security) 7

  8. The User-to-User Setting • An equivalent problem: Detecting MitM attacks in message authentication Alice’s phone Bob’s phone 8

  9. The User-to-User Setting Alice’s phone Bob’s phone … … Out-of-band channel … … The image part with relationship ID rId9 was not found in the file. The image part with relationship ID rId5 was not found in the file. The image part with relationship ID rId10 was not found in the file. 9

  10. The User-to-User Setting Alice’s phone Bob’s phone … … Out-of-band channel The image part with relationship ID rId11 was not found in the file. The image part with relationship ID rId5 was not found in the file. The image part with relationship ID rId12 was not found in the file. Minimize Maximize user effort security 10

  11. User-to-User Bounds Protocols Lower Bounds Computational Security Security [Vau05, PV06] Statistical Security [NSS06] 11

  12. This Talk: The Group Setting User-to-User Setting Group Setting ? ? ✓ ✓ Tightly characterized Not yet studied x ✓ Practical protocols deployed Impractical protocols deployed 12

  13. Our Contributions A framework modeling out-of-band authentication in the group setting … … … … Out-of-band channel • Users communicate over an insecure channel • Group administrator can out-of-band authenticate one short value to all users • Consistent with and supported by existing messaging platforms 13

  14. Our Contributions A framework modeling out-of-band authentication in the group setting Tight bounds for out-of-band authentication in the group setting Protocols Lower Bounds Computational Computational Security Statistical Security Our computationally-secure protocol is practically relevant, and substantially improves the currently-deployed protocols : 14

  15. Talk Outline • Communication model & notions of security • The naïve protocol • Our protocols & lower bounds Protocols Lower Bounds Computational Security Statistical Security 15

  16. Talk Outline • Communication model & notions of security • The naïve protocol • Our protocols & lower bounds Protocols Lower Bounds Computational Security Statistical Security 16

  17. Communication Model … … … Out-of-band channel • Insecure channel: Adversary can read, remove and insert messages • Out-of-band channel: Adversary can read, remove and delay messages, for all or for some of the users Adversary cannot modify messages/insert new ones in an undetectable manner 17

  18. Correctness & Security … … … Out-of-band channel • Computational vs. statistical security 18

  19. Talk Outline • Communication model & notions of security • The naïve protocol • Our protocols & lower bounds Protocols Lower Bounds Computational Security Statistical Security 19

  20. The Naïve Protocol … … Seems impractical… 20

  21. Talk Outline • Communication model & notions of security • The naïve protocol • Our protocols & lower bounds Protocols Lower Bounds Computational Security Statistical Security 21

  22. Our Computationally-Secure Protocol Out-of-band channel 22

  23. Our Computationally-Secure Protocol 23

  24. Example: One Possible Attack 24

  25. Concurrent Non-Malleable Commitments • Infeasible to “non-trivially correlate” concurrent executions … … 25

  26. Talk Outline • Communication model & notions of security • The naïve protocol • Our protocols & lower bounds Protocols Lower Bounds Computational Security Statistical Security 26

  27. Our Statistical Lower Bound … … … Out-of-band channel 27

  28. Protocol Structure 28

  29. 29

  30. Lemma 1: There exists a man-in-the-middle attacker that succeeds with probability 30

  31. • The security of the protocol guarantees that • The security of the protocol guarantees that 31

  32. Summary A framework modeling out-of-band authentication in the group setting Tight bounds for out-of-band authentication in the group setting Protocols Lower Bounds Computational Computational Security Statistical Security Thank You! https://eprint.iacr.org/2018/493 32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

in Group Messaging: Computational, Statistical, Optimal Lior Rotem Gil Segev Hebrew University

in Group Messaging: Computational, Statistical, Optimal Lior Rotem Gil Segev Hebrew University

Out-of-Band Authentication in Group Messaging: Computational, Statistical, Optimal Lior Rotem Gil Segev Hebrew University Messaging is Popular 2 Major Effort: E2E-Encrypted Messaging Government surveillance and/or coercion

585 views • 40 slides
NBEMS Narrow Band Emergency Messaging System Setup of these programs Fldigi Flamp Flmsg In

NBEMS Narrow Band Emergency Messaging System Setup of these programs Fldigi Flamp Flmsg In

NBEMS Narrow Band Emergency Messaging System Setup of these programs Fldigi Flamp Flmsg In the beginning... A little help can go a long way in setting up a new program. In most cases you can simple duplicate my settings and later after

589 views • 32 slides
I MPROVED S TRONGLY D ENIABLE A UTHENTICATED K EY E XCHANGES F OR S ECURE M ESSAGING Nik Unger

I MPROVED S TRONGLY D ENIABLE A UTHENTICATED K EY E XCHANGES F OR S ECURE M ESSAGING Nik Unger

I MPROVED S TRONGLY D ENIABLE A UTHENTICATED K EY E XCHANGES F OR S ECURE M ESSAGING Nik Unger and Ian Goldberg Secure Messaging 2 Secure Messaging All-Verifier Deniable Anonymous Authentication End-to Authentication End Zone

776 views • 48 slides
BETTER MESSAGING, FTF Conference BETTER MARKETING 2014 Julia Wilber Dr. Anupama Pasricha

BETTER MESSAGING, FTF Conference BETTER MARKETING 2014 Julia Wilber Dr. Anupama Pasricha

BETTER MESSAGING, FTF Conference BETTER MARKETING 2014 Julia Wilber Dr. Anupama Pasricha Introduction Messaging Matters OUTLINE Research Observations Recommendations Small Group Discussion Large Group Q&A Introduction Messaging

580 views • 25 slides
Inside Virtual Synchrony Prepared by: Steven Dake 7/12/05 Definitions Group Messaging

Inside Virtual Synchrony Prepared by: Steven Dake 7/12/05 Definitions Group Messaging

Inside Virtual Synchrony Prepared by: Steven Dake 7/12/05 Definitions Group Messaging Sending messages from 1 sender to many receivers. Processor The entity responsible for executing group messaging and membership

299 views • 17 slides
Welcome Marching Band is about so much more than music! We hope this group will become a second

Welcome Marching Band is about so much more than music! We hope this group will become a second

Welcome Marching Band is about so much more than music! We hope this group will become a second family to you and your child. Freshmen marching band students will arrive for their first day of high school, as a part of a well-respected

529 views • 28 slides
AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

SECURITY TOPICS PART 2 AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources: getting entrance to a computer lab

833 views • 44 slides
Secure Messaging Lecture 23 Messaging Alice Bob Secure Messaging Corruption model

Secure Messaging Lecture 23 Messaging Alice Bob Secure Messaging Corruption model

Secure Messaging Lecture 23 Messaging Alice Bob Secure Messaging Corruption model Server/network is adversarial (but trusted identity registration needed) Windows of compromise when a party is under adversarial control (or readable

933 views • 14 slides
HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication

288 views • 10 slides
Radio/microwave band The electromagnetic spectrum Infra red band Optical band UV band X-ray

Radio/microwave band The electromagnetic spectrum Infra red band Optical band UV band X-ray

The he mul ulti ti-wavele elength ngth mul ulti ti-tempor temporal al sk sky Radio/microwave band The electromagnetic spectrum Infra red band Optical band UV band X-ray band -ray band TeV band Radio/microwave band Infra red

692 views • 42 slides
Welcome to the Washington Warrior Band Program DARIEN M. ORR BAND DIRECTOR Phone: (217) 525-

Welcome to the Washington Warrior Band Program DARIEN M. ORR BAND DIRECTOR Phone: (217) 525-

Welcome to the Washington Warrior Band Program DARIEN M. ORR BAND DIRECTOR Phone: (217) 525- 3182 Ext. 160 Email: darienorr@sps186.org Benefits of Band Band provides the opportunity to create. Band builds a sense of community,

286 views • 9 slides
Band Presentation: By Leigh Maisey Initial Band The Scene and Herd Band Change Red Sky Was

Band Presentation: By Leigh Maisey Initial Band The Scene and Herd Band Change Red Sky Was

Band Presentation: By Leigh Maisey Initial Band The Scene and Herd Band Change Red Sky Was approached by Red Sky wanting some graphic design work done for the band. Band Briefing Logo Business Card Letterhead T Shirt Poster Logo

810 views • 23 slides
Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a precondition How to authenticate: Something you know Password, Secrets Something you have Smart Card, Token Something you are Biometrie

607 views • 4 slides
NMCHS CONDOR Band Marching Band, DrumLine, Color Guard, Jazz Band Performances Band Reviews:

NMCHS CONDOR Band Marching Band, DrumLine, Color Guard, Jazz Band Performances Band Reviews:

NMCHS CONDOR Band Marching Band, DrumLine, Color Guard, Jazz Band Performances Band Reviews: Oct 12th: Cupertino Oct 19th: Santa Cruz Boardwalk Nov 2nd: Pismo Beach Nov 9th : Merced Uniforms Checks are important: Shoes, black socks,

550 views • 9 slides
Authentication Frequency (and Continuous Authentication) Mike Just Interactive and Trustworthy

Authentication Frequency (and Continuous Authentication) Mike Just Interactive and Trustworthy

Authentication Frequency (and Continuous Authentication) Mike Just Interactive and Trustworthy Technologies Group Glasgow Caledonian University SOUPS 2014 WAY Workshop 9 July 2014 Outline Authentication frequency Continuous

502 views • 12 slides
Dissent: Accountable Anonymous Group Messaging Henry

Dissent: Accountable Anonymous Group Messaging Henry

Dissent: Accountable Anonymous Group Messaging Henry Corrigan-Gibbs and Bryan Ford Department of Computer Science Yale University 17 th ACM Conference on

879 views • 65 slides
Th eorie algorithmique des nombres et applications ` a la cryptanalyse de primitives

Th eorie algorithmique des nombres et applications ` a la cryptanalyse de primitives

Th eorie algorithmique des nombres et applications ` a la cryptanalyse de primitives cryptographiques Emmanuel Thom e 13 d ec. 2012 HDR E. Thom e 1/34 Algorithmic Number Theory and Applications to the Cryptanalysis of

620 views • 51 slides
Compilers and computer architecture: The RISC-V architecture Martin Berger 1 November 2019 1

Compilers and computer architecture: The RISC-V architecture Martin Berger 1 November 2019 1

Compilers and computer architecture: The RISC-V architecture Martin Berger 1 November 2019 1 Email: M.F.Berger@sussex.ac.uk , Office hours: Wed 12-13 in Chi-2R312 1 / 1 Recall the function of compilers 2 / 1 Introduction In previous

1.63k views • 58 slides
Transactions in India Nandkumar Saravade Friday, March 1, 13 1 Views expressed are personal

Transactions in India Nandkumar Saravade Friday, March 1, 13 1 Views expressed are personal

The People Problem in Security of Financial Transactions in India Nandkumar Saravade Friday, March 1, 13 1 Views expressed are personal and not necessarily of the employer organisation. Friday, March 1, 13 2 Changing Face of Banking

420 views • 23 slides
A middleware for parallel processing of large graphs Tiago Alves Macambira and Dorgival Olavo

A middleware for parallel processing of large graphs Tiago Alves Macambira and Dorgival Olavo

Outline Introduction The API Implementation Evaluation Conclusions A middleware for parallel processing of large graphs Tiago Alves Macambira and Dorgival Olavo Guedes Neto {tmacam,dorgival}@dcc.ufmg.br National Institute for Web Research

735 views • 34 slides
Usability and Security of Out-Of-Band Channels in Secure Device Pairing Protocols Ronald Kainda,

Usability and Security of Out-Of-Band Channels in Secure Device Pairing Protocols Ronald Kainda,

Outline Introduction HISPs Proposed OOB Methods Experimental Design Results Analysis and Discussion Conclusion Usability and Security of Out-Of-Band Channels in Secure Device Pairing Protocols Ronald Kainda, Ivan Flechais, and A.W.

670 views • 41 slides
Web Annotations Building the Experience Annotation An annotation is something added. It is not

Web Annotations Building the Experience Annotation An annotation is something added. It is not

Web Annotations Building the Experience Annotation An annotation is something added. It is not the primary content, or even the secondary content. It is the association. Annotation (cont.) Annotations exist already - Links - Block quotes

452 views • 14 slides
Exploiting Latent I/O Asynchrony in Petascale Science Applications Patrick Widener, Mary Payne,

Exploiting Latent I/O Asynchrony in Petascale Science Applications Patrick Widener, Mary Payne,

Exploiting Latent I/O Asynchrony in Petascale Science Applications Patrick Widener, Mary Payne, Patrick Bridges University of New Mexico Matthew Wolf, Hasan Abbasi, Scott McManus, Karsten Schwan Georgia Institute of Technology The research

560 views • 17 slides
Decentralized Deduplication in SAN Cluster File Systems Austin T. Clements Irfan Ahmad

Decentralized Deduplication in SAN Cluster File Systems Austin T. Clements Irfan Ahmad

Decentralized Deduplication in SAN Cluster File Systems Austin T. Clements Irfan Ahmad Murali Vilayannur Jinyuan Li VMware, Inc. MIT CSAIL Decentralized Deduplication in SAN Cluster File Systems Storage Area Networks Decentralized

1.28k views • 117 slides

More recommend