privacy preserving authenticated key exchange and the
play

Privacy-Preserving Authenticated Key Exchange and the Case of IKEv2 - PowerPoint PPT Presentation

Sep 03, 2023 •5 likes •185 views

Privacy-Preserving Authenticated Key Exchange and the Case of IKEv2 Sven Schge, Jrg Schwenk, Sebastian Lauer Ruhr-University Bochum Classical Key Exchange Setting m1 Bob Alice m2 skA skB pkB pkA mq-1 mq derive K derive K 2

  1. Privacy-Preserving Authenticated Key Exchange and the Case of IKEv2 Sven Schäge, Jörg Schwenk, Sebastian Lauer Ruhr-University Bochum

  2. Classical Key Exchange Setting m1 Bob Alice m2 skA skB pkB pkA mq-1 mq derive K derive K 2 PPAKE - PKC 2020

  3. Multi-Homed Servers m1 Bob Alice m2 skA sk B0 pk B0 sk B1 mq-1 pk B1 pkA mq derive K derive K 3 PPAKE - PKC 2020

  4. General Case m1 Bob Alice m2 sk A0 sk B0 sk A1 sk B1 mq-1 pk B0 pk A0 mq pk B1 pk A1 derive K derive K 4 PPAKE - PKC 2020

  5. Motivation for PPAKE • Privacy • Censorship Circumvention • PPAKE is not a substitution for TOR! PPAKE does not hide the endpoint but only the virtual identity on/behind that endpoint. 5 PPAKE - PKC 2020

  6. Contribution • New security model for PPAKE • Besides key indistinguishability, additionally captures indistinguishability of used identities • General and strong security notion that requires that privacy is cryptographically independent of key indistinguishability • Proper extension of classical AKE • Introduced changes extendable to unilateral authentication, ACCE, explicit authentication • New conceptual feature: Modes • Modes model protocol options • Formulate expectations of parties on who is responsible for choosing identities • Security proof of IPsec with signature-based authentication 6 PPAKE - PKC 2020

  7. Overview Security Model Public modes: IM A,1 |PM A,1 Public modes: IM B,1 |PM B,1 Selector bits: ISB A,1 |PSB A,1 Selector bits: ISB B,1 |PSB B,1 O A,1 O B,1 k B,1 k A,1 B A Public modes: IM A,2 |PM A,2 Public modes: IM B,2 |PM B,2 O A,2 O B,2 Selector bits: ISB A,2 |PSB A,2 Selector bits: ISB B,2 |PSB B,2 k A,2 k B,2 … … … sk A0 sk B0 sk A1 O A,q Public modes: IM A,q |PM A,q Public modes: IM B,q |PM B,q sk B1 O B,q pk B0 Selector bits: ISB A,q |PSB A,q Selector bits: ISB B,q |PSB B,q pk A0 k A,q k B,q pk B1 pk A1 7 PPAKE - PKC 2020

  8. Overview Security Model Identity Mode (IM) ∈ {me,partner} Partner Mode (PM) ∈ {me,partner} Identity Selector Bit (ISB) ∈ {0,1} Partner Selector Bit (PSB) ∈ {0,1} Public modes: IM A,1 |PM A,1 Public modes: IM B,1 |PM B,1 Selector bits: ISB A,1 |PSB A,1 Selector bits: ISB B,1 |PSB B,1 O A,1 O B,1 k B,1 k A,1 B A Public modes: IM A,2 |PM A,2 Public modes: IM B,2 |PM B,2 O A,2 O B,2 Selector bits: ISB A,2 |PSB A,2 Selector bits: ISB B,2 |PSB B,2 k A,2 k B,2 … … … sk A0 sk B0 sk A1 O A,q Public modes: IM A,q |PM A,q Public modes: IM B,q |PM B,q sk B1 O B,q pk B0 Selector bits: ISB A,q |PSB A,q Selector bits: ISB B,q |PSB B,q pk A0 k A,q k B,q pk B1 pk A1 8 PPAKE - PKC 2020

  9. PPAKE Security Model: Attack Capabilities • New Attack Queries to Sessions: • Unmask(own/partner) • Test(ID,own/partner)->0/1 • Other (Classical) Attack Queries: • Send • RevealKey • Corrupt • Test(Key) 9 PPAKE - PKC 2020

  10. PPAKE Security Experiment • Each party is equipped with two key pairs • If mode requires so, each session chooses random identity for itself or communication partner • Attacker always has access to all attack capabilities • Adding a new security proof for identity indistinguishability to existing security analyses is not enough! • Old proof may become invalidated when also given access to Unmask query! 10 PPAKE - PKC 2020

  11. PPAKE Security Guarantees • Key indistinguishability for session key of test session - even if identity is revealed • Pre-requisite to show that new PPAKE model is proper extension of classical AKE model • Indistinguishability of identities of test session - even if session key is revealed 11 PPAKE - PKC 2020

  12. Applicability to other Security Models • Selector bits, modes, Unmask queries and Test(ID) may be used to extend other security models • AKE with explicit authentication • Unilateral authentication • ACCE->PPACCE 12 PPAKE - PKC 2020

  13. IPsec with Signature-based Authentication • Phase 1: Anonymous DH Key exchange with fresh nonces. Result: symmetric keys • Phase 2: Use symmetric keys to encrypt all data including authentication step with signatures 13 PPAKE - PKC 2020

  14. Phase 1 14 PPAKE - PKC 2020

  15. Phase 2 Option 1: Initiator may specify Responder’s identity Option 2: Responder may specify Responder’s identity 15 PPAKE - PKC 2020

  16. PPAKE Security Proof • Protocol is PPAKE secure assuming security of • PRF-ODH assumption • Pseudo-Random Functions (PRF) • Digital Signature Scheme (SIG) • Authenticated Encryption (AE) Scheme • Length-hiding to hide identities • Signatures should be length-preserving or • Use length-hiding authenticated encryption 16 PPAKE - PKC 2020

  17. Conclusion • Model for Privacy-Preserving AKE • Emphasizes cryptographic independence of identity indistinguishability and key indistinguishability • Captures options for distinct ways to decide on used identities • A set of ingredients to extend existing models to become privacy-preserving • Supports comparability of models since new models are proper extensions • Proof of IPsec with Signature-based Authentication • Take Home Message: Data that depends on the identity should have same length for all identities 17 PPAKE - PKC 2020

  18. • Thank you very much for your attention! 18 PPAKE - PKC 2020

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Privacy-preserving and Authenticated Data Cleaning on Outsourced Databases Thesis Defense

Privacy-preserving and Authenticated Data Cleaning on Outsourced Databases Thesis Defense

Privacy-preserving and Authenticated Data Cleaning on Outsourced Databases Thesis Defense Boxiang Dong THESIS COMMITTEE: Advisor: Prof. Wendy Hui Wang Prof. Yingying Chen Prof. David Naumann Prof. Antonio Nicolosi Department of Computer

1.11k views • 61 slides
Real-World Authenticated Key Exchange Tibor Jager Paderborn University Summer School on

Real-World Authenticated Key Exchange Tibor Jager Paderborn University Summer School on

Real-World Authenticated Key Exchange Tibor Jager Paderborn University Summer School on Real-World Crypto and Privacy ibenik, Croatia June 17 th , 2019 Outline Security of the Diffie-Hellman Key Exchange Man-in-the-Middle attacks

1.09k views • 85 slides
Outline Password-based Authenticated Key Exchange Password-based Authenticated Key Exchange 1

Outline Password-based Authenticated Key Exchange Password-based Authenticated Key Exchange 1

PAKE Game-based Security Universal Composability LAKE Outline Password-based Authenticated Key Exchange Password-based Authenticated Key Exchange 1 David Pointcheval Ecole Normale Sup erieure Game-based Security 2 Universal

927 views • 10 slides
Privacy Preserving Protocols Workshop on Cryptography for the Internet of Things Jens Hermans KU

Privacy Preserving Protocols Workshop on Cryptography for the Internet of Things Jens Hermans KU

Privacy Preserving Protocols Privacy Preserving Protocols Workshop on Cryptography for the Internet of Things Jens Hermans KU Leuven - COSIC 20 November 2012 Privacy Preserving Protocols Introduction Cryptography in Daily Life RFID Privacy

1.04k views • 60 slides
PINFER: PRIVACY-PRESERVING INFERENCE DPM 2019 Luxembourg Sep. 26, 2019 Marc Joye Fabien

PINFER: PRIVACY-PRESERVING INFERENCE DPM 2019 Luxembourg Sep. 26, 2019 Marc Joye Fabien

Innovation Centre PINFER: PRIVACY-PRESERVING INFERENCE DPM 2019 Luxembourg Sep. 26, 2019 Marc Joye Fabien Petitcolas MACHINE LEARNING AS A SERVICE GENERIC MODEL result Client Cloud (Server) 1 exchange of messages c 2019 OneSpan

588 views • 16 slides
EEXCESS or the challenge of privacy-preserving quality recommendations Benjamin Habegger, Nadia

EEXCESS or the challenge of privacy-preserving quality recommendations Benjamin Habegger, Nadia

EEXCESS or the challenge of privacy-preserving quality recommendations Benjamin Habegger, Nadia Bennani, Eld Egyed-Szigmond, Omar Hassan Lyon University, CNRS, INSA-Lyon, LIRIS, UMR5205 EEXCESS Project Enhancing Europes eXchange in

612 views • 36 slides
Privacy-preserving Information Sharing: Crypto Tools and Applications Emiliano De Cristofaro

Privacy-preserving Information Sharing: Crypto Tools and Applications Emiliano De Cristofaro

Privacy-preserving Information Sharing: Crypto Tools and Applications Emiliano De Cristofaro University College London (UCL) https://emilianodc.com Privacy-preserving what ? Parties with limited mutual trust willing or required to share

1.1k views • 66 slides
Preserving Privacy at IXPs + Xiaohe Hu * Arpit Gupta , Nick Feamster , Aurojit Panda , Scott

Preserving Privacy at IXPs + Xiaohe Hu * Arpit Gupta , Nick Feamster , Aurojit Panda , Scott

Preserving Privacy at IXPs + Xiaohe Hu * Arpit Gupta , Nick Feamster , Aurojit Panda , Scott Shenker + * Internet Exchange Points Global Transit / Hyper Giants National Large Content, Consumer, Hosting CDN

729 views • 20 slides
So Far ... AUTHENTICATED ENCRYPTION We have looked at methods to provide privacy and authenticity

So Far ... AUTHENTICATED ENCRYPTION We have looked at methods to provide privacy and authenticity

So Far ... AUTHENTICATED ENCRYPTION We have looked at methods to provide privacy and authenticity separately: Goal Primitive Security notion Data privacy symmetric encryption IND-CPA Data authenticity MAC UF-CMA Mihir Bellare UCSD 1

105 views • 9 slides
New Directions in Privacy- preserving Machine Learning Kamalika Chaudhuri University of

New Directions in Privacy- preserving Machine Learning Kamalika Chaudhuri University of

New Directions in Privacy- preserving Machine Learning Kamalika Chaudhuri University of California, San Diego Sensitive Data Medical Records Genetic Data Search Logs AOL Violates Privacy AOL Violates Privacy Netflix Violates Privacy [NS08]

957 views • 92 slides
Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute Hung Dang, Anh

Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute Hung Dang, Anh

Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute Hung Dang, Anh Dinh, Ee-Chien Chang, Beng Chin Ooi School of Computing National University of Singapore PETS 2017 Privacy-Preserving Computation with Trusted

477 views • 34 slides
CS 4803 Computer and Network Security Alexandra (Sasha) Boldyreva Authenticated key exchange 1

CS 4803 Computer and Network Security Alexandra (Sasha) Boldyreva Authenticated key exchange 1

Diffie-Hellman key exchange Secure against passive eavesdropping but insecure against a man-in-the-middle attack CS 4803 Computer and Network Security Alexandra (Sasha) Boldyreva Authenticated key exchange 1 2 Adding key

492 views • 5 slides
Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No

Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No

Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No privacy breaches! Public Data Anonymization Data representation? Privacy breach? Value of data? Data publisher Privacy Analyst Work by: Elena

80 views • 3 slides
Authenticated Key Exchange from Ring Learning with Errors Jiang Zhang Zhenfeng Zhang Jintai

Authenticated Key Exchange from Ring Learning with Errors Jiang Zhang Zhenfeng Zhang Jintai

Learning with Errors Classic Key Exchange Lattice-based Key Exchange Authenticated Key Exchange from Ring Learning with Errors Jiang Zhang Zhenfeng Zhang Jintai Ding Michael Snook zgr Dagdelen DIMACS Workshop on the Mathematics of

339 views • 33 slides
AUTHENTICATED ENCRYPTION 1 / 1 So Far ... We have looked at methods to provide privacy and

AUTHENTICATED ENCRYPTION 1 / 1 So Far ... We have looked at methods to provide privacy and

AUTHENTICATED ENCRYPTION 1 / 1 So Far ... We have looked at methods to provide privacy and integrity/authenticity separately: Goal Primitive Security notions Data privacy symmetric encryption IND-CPA, IND-CCA Data integrity/authenticity

922 views • 73 slides
Collaborative Privacy Preserving Data Mining in Vertically Partitioned Databases Ehud Gudes

Collaborative Privacy Preserving Data Mining in Vertically Partitioned Databases Ehud Gudes

Collaborative Privacy Preserving Data Mining in Vertically Partitioned Databases Ehud Gudes Ben-Gurion University, Israel This talk presents joint work with Boris Rozenberg Talk Outline Motivation for Privacy-Preserving Distributed Data

1.48k views • 68 slides
WebRTC Automating Performance with PageSpeed network, compute, and render... Ilya Grigorik

WebRTC Automating Performance with PageSpeed network, compute, and render... Ilya Grigorik

Video @ bit.ly/io-pagespeed WebRTC Automating Performance with PageSpeed network, compute, and render... Ilya Grigorik igrigorik@google.com Web applications are becoming more powerful Web applications are becoming more complex Web

1.06k views • 39 slides
Inference in First-Order Logic Philipp Koehn 12 March 2019 Philipp Koehn Artificial

Inference in First-Order Logic Philipp Koehn 12 March 2019 Philipp Koehn Artificial

Inference in First-Order Logic Philipp Koehn 12 March 2019 Philipp Koehn Artificial Intelligence: Inference in First-Order Logic 12 March 2019 A Brief History of Reasoning 1 450 B . C . Stoics propositional logic, inference (maybe) 322 B .

519 views • 51 slides
Affinity Group 3 May 8, 2018 The University of Wisconsin Service Center will Serve the

Affinity Group 3 May 8, 2018 The University of Wisconsin Service Center will Serve the

Affinity Group 3 May 8, 2018 The University of Wisconsin Service Center will Serve the people of the University of Wisconsin System Collaborate by being supportive and constructive Act with Integrity always and in all

792 views • 33 slides
Update on RMCAT Video Traffic Model: Trace Analysis and Model Update

Update on RMCAT Video Traffic Model: Trace Analysis and Model Update

Update on RMCAT Video Traffic Model: Trace Analysis and Model Update draft-ietf-rmcat-video-traffic-model-02 Xiaoqing Zhu, Sergio Mena, and Zahed Sarker April 2017 | IETF RMCAT Virtual Interim 1 Outline Setup for trace collection from

486 views • 21 slides
Virtual Ghost: Protecting Applications from Hostile Operating Systems John Criswell, Nathan

Virtual Ghost: Protecting Applications from Hostile Operating Systems John Criswell, Nathan

Virtual Ghost: Protecting Applications from Hostile Operating Systems John Criswell, Nathan Dautenhahn, and Vikram Adve 1 New Job New Job Do You Trust Your Operating System? 3 Online Shopping! Do You Trust Your Operating System? 3 F i

562 views • 43 slides
Riptide: Jump Starting Back-Office Connections in Cloud Systems Marcel Flores - Northwestern

Riptide: Jump Starting Back-Office Connections in Cloud Systems Marcel Flores - Northwestern

Riptide: Jump Starting Back-Office Connections in Cloud Systems Marcel Flores - Northwestern University Amir R. Khakpour - Verizon Digital Media Services Harkeerat Bedi - Verizon Digital Media Services 1 Cloud systems Large scale global

632 views • 47 slides
Automate PMM Deployment with Ansible Max Bubenick Platform Lead @ Percona Who am I?

Automate PMM Deployment with Ansible Max Bubenick Platform Lead @ Percona Who am I?

Automate PMM Deployment with Ansible Max Bubenick Platform Lead @ Percona Who am I? Working @ Percona since 2013 Sr Remote DBA Manager Platform Lead Past Work Experience Developer SysAdmin Data Architect /

712 views • 29 slides
Description Logics Foundations of Propositional Logic Enrico Franconi franconi@cs.man.ac.uk

Description Logics Foundations of Propositional Logic Enrico Franconi franconi@cs.man.ac.uk

Description Logics Foundations of Propositional Logic Enrico Franconi franconi@cs.man.ac.uk http://www.cs.man.ac.uk/franconi Department of Computer Science, University of Manchester (1/27) Knowledge bases domain-independent

502 views • 31 slides

More recommend