blind certificate authorities
play

Blind Certificate Authorities Liang Wang 1 , Gilad Asharov 2 , - PowerPoint PPT Presentation

Nov 20, 2022 •153 likes •454 views

Blind Certificate Authorities Liang Wang 1 , Gilad Asharov 2 , Rafael Pass 2 , Thomas Ristenpart 2 , abhi shelat 3 1 Princeton University 2 Cornell Tech 3 Northeastern University Motivation Certificate Authorities (CA) issue certificates

  1. Blind Certificate Authorities Liang Wang 1 , Gilad Asharov 2 , Rafael Pass 2 , Thomas Ristenpart 2 , abhi shelat 3 1 Princeton University 2 Cornell Tech 3 Northeastern University

  2. Motivation Certificate Authorities (CA) issue certificates

  3. Certificates bind public keys to identities CA (identity provider) Request cert User • Email Validate identity • Website login • Anonymous credential Identity systems + • … . The user must reveal true identity to the CA during identity validation

  4. Identity is sensitive Whistleblower Journalist I am working at University ABC... Professor X took bribes! (A friend of OK. First, prove you are working at ABC… Professor X?) ? CA Third-party or from University ABC

  5. CA: single point of privacy failure CA (identity provider) Request cert User • PGP Validate identity • Website login • Anonymous credential Identity systems + • … . alice@domain.com: cert1 bob@gmail.com: cert2 … ..

  6. Can we make CA “blind”? Main challenge: Validate an identity while not learning it YES!!!

  7. Contributions • Secure Channel Injection (SCI): o A primitive allows a party to inject a small amount of information into a secure connection between two parties o (SCI-TLS) An efficient, special-purpose MPC protocol for two parties to compute a TLS record • Anonymous Proof of Account Ownership (PAO): o Validate one owns some email accounts from a given organization without knowing which account • BlindCA: o Validate ownership of an account alice@domain.com and issue a X.509 certificate binding “alice” to a public key, without learning the account and the key

  8. Email is the most common identity

  9. Conventional email verification CA My email is: To: alice@domain.com alice@domain.com Username: alice Password: ??? Email provider User Prove account ownership by showing the ability to READ an email from an account

  10. Secure Channel Injection (SCI) Carol M* Alice Bob M1 M2 …… Mn

  11. Secure Channel Injection (SCI) Carol M* MPC Alice Bob M1 M2 …… Mn

  12. Secure Channel Injection (SCI) Carol Alice Bob M1 M* …… …… Mn Alice : Learns nothing about M* Bob : Doesn’t know M* is from Carol Carol : Learns nothing about other messages from Alice

  13. Conventional email verification CA My email is: To: alice@domain.com alice@domain.com Username: alice Password: ??? Email provider User Prove account ownership by showing the ability to READ an email from an account

  14. Anonymous proof of account ownership (PAO) Goal: Validate Alice owns some email accounts from domain.com Send an email from: alice@domain.com SMTP server CA To: alice1 User @ domain.com SCI alice1 Prove account ownership by showing the ability to SEND an email from an account

  15. PAO use cases Whistleblower Journalist I can send an email from ABC’s smtp server Employee

  16. Anonymous PAO needs to use MPC to compute TLS records For a 512-byte email and 16-byte challenge • Generic MPC: 32 AES and 8 SHA256 operations à 0.94M+ AND gates M SQN + M HDR HMAC IV M HMAC tag Padding AES-CBC HDR Ciphertext TLS AES-CBC with SHA256

  17. Merkle–Damgård Construction M Padding Block1 Bock2 BlockN f f f IV

  18. Two-party SHA: “Outsource” SHA computation User + CA M* K blocks Block Block Block X X+1 to X+K X+K+1 f f f Send output of f to CA Send output of f to User User User CA

  19. Two-party AES CBC User + CA M* K blocks Block Block Block X+1 to X + K X X+K+1 AES AES AES Send Send to User to CA Cipher Cipher X+1 to X+ K X User User MPC --- Alice: key CA: blocks

  20. Anonymous PAO needs to use MPC to compute TLS records For a 512-byte email and 16-byte challenge • Generic MPC: 32 AES and 8 SHA-256 operations à 0.94M+ AND gates • Our protocol: 4 AES operations à 27K+ AND gates; NO MPC for HMAC M SQN + M HDR HMAC IV M HMAC tag Padding AES-CBC HDR Ciphertext TLS AES-CBC mode

  21. A simplified SMTP session SMTP server SMTP client STARTTLS EHLO Step 1: Setup TLS and prepare for auth AUTH Step 2: Authentication MAIL DATA RCPT Step 3: Prepare for email EMAIL Step 4: Send email

  22. BlindCA: TLS record as commitment CA SMTP server SMTP client (user) STARTTLS EHLO Step 1: Setup TLS and prepare for auth AUTH Step 2: Authentication MAIL DATA RCPT Step 3: Prepare for email EMAIL Step 4: Send email The SMTP AUTH message contains email account (user identity)

  23. BlindCA: Anonymous PAO CA SMTP server SMTP client (user) STARTTLS EHLO Step 1: Setup TLS and prepare for auth AUTH Step 2: Authentication MAIL DATA RCPT Step 3: Prepare for email EMAIL Step 4: Send email

  24. BlindCA: Anonymous PAO CA SMTP server SMTP client (user) STARTTLS EHLO Step 1: Setup TLS and prepare for auth AUTH Step 2: Authentication MAIL DATA RCPT Step 3: Prepare for email Challenge Commitment … abc eee… … EMAIL Step 4: Send email 123 fff… … ... ... …

  25. Prover produces a ZKBoo proof Issuer : BlindCA CA : Shares a certificate template with the user Subject : ?@abc Public key : ? o All fields are known except for subject and public key Version: … User : Fills in missing info, produces the hash of the cert; Generates a zkboo proof to show the knowledge of: • The email account (e1) and public key for forming the certificate • The opening of the TLS commitment: o secret keys, email account (e2) and password • e1 = e2 Single Boolean circuit! Giacomelli, Irene, Jesper Madsen, and Claudio Orlandi. "Zkboo: Faster zero-knowledge for boolean circuits." USENIX Security 2016.

  26. CA verifies proofs and signs Challenge: 123 Hash of cert: h User CA ZKboo proof Sign(h) Challenge Commitment … abc eee… … 123 fff… … ... ... …

  27. BlindCA overhead Loc 1 (No Tor) Loc2 (No Tor) Loc1 (With Tor) 2P-HMAC 0.01 0.03 0.31 2P-CBC 0.20 0.35 0.36 PAO 0.76 1.68 4.31 SMTP Baseline 0.31 0.77 3.33 The median time (seconds) to complete the 2P-HMAC, 2P-CBC (without offline), PAO (without offline) and normal SMTP-TLS • PAO Test with Gmail, UW-Madison, and Cornell SMTP servers: o PAO (without offline): 1.01s, 1.64s, 1.53s o Without PAO: 0.44s, 0.94s, 0.79s • BlindCA proof (136 ZKBoo proofs): o Size: 85M+ o Generation: 2.9s o Verification: 2.3s

  28. Session duration is not a good detector 15% > 10s! The distribution of the SMTP durations is long-tailed (based on 8K+ SMTP-TLS sessions).

  29. Summary • We design the first “blind” CA: a CA that can validate identities and issue certificates without learning the identity o SCI for TLS AES-CBC and AES-GCM (see paper) • Participation privacy: does not disclose to any party the identities of users • Please see our paper for more details (security proofs, security analysis, etc.)! Thank you!

  30. Title

Recommend

Certificate Transparency with Privacy Saba Eskandarian, Eran Messeri, Joe Bonneau, Dan Boneh

Certificate Transparency with Privacy Saba Eskandarian, Eran Messeri, Joe Bonneau, Dan Boneh

Certificate Transparency with Privacy Saba Eskandarian, Eran Messeri, Joe Bonneau, Dan Boneh Stanford Google NYU Stanford Certificate Authorities Public Key Certificate Authorities Public Key Certificate CA Certificate apo-CA-lypse

1.17k views • 63 slides
Some tales about TLS Hanno B ock https://hboeck.de/ 1 / 60 Introduction Certificate

Some tales about TLS Hanno B ock https://hboeck.de/ 1 / 60 Introduction Certificate

Introduction Certificate Authorities Algorithms Attacks HTTPS by default Future Final remarks Some tales about TLS Hanno B ock https://hboeck.de/ 1 / 60 Introduction Certificate Authorities Algorithms How broken is TLS? Attacks

1.23k views • 60 slides
Certificate Authorities and SSL/TLS/HTTPS Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu

Certificate Authorities and SSL/TLS/HTTPS Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu

CSE 484 / CSE M 584: Computer Security and Privacy Certificate Authorities and SSL/TLS/HTTPS Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John

622 views • 44 slides
Bamboozling Certificate Authorities with BGP Henry Birge-Lee, Yixin Sun, Anne Edmundson,

Bamboozling Certificate Authorities with BGP Henry Birge-Lee, Yixin Sun, Anne Edmundson,

Bamboozling Certificate Authorities with BGP Henry Birge-Lee, Yixin Sun, Anne Edmundson, Jennifer Rexford, Prateek Mittal Autonomous System (AS) NTT 2914 Internet at the highest level Routing within an AS is completely autonomous

713 views • 29 slides
http://detector.io kaie@kuix.de Most Certificate Authorities (CA) have the power to issue

http://detector.io kaie@kuix.de Most Certificate Authorities (CA) have the power to issue

http://detector.io kaie@kuix.de Most Certificate Authorities (CA) have the power to issue certificates for any domain This means, most CAs are single point of failures, they might get hacked, or their power could get abused (by creating

534 views • 26 slides
Certificate Transparency with Privacy Saba Eskandarian, Eran Messeri, Joe Bonneau, Dan Boneh

Certificate Transparency with Privacy Saba Eskandarian, Eran Messeri, Joe Bonneau, Dan Boneh

Certificate Transparency with Privacy Saba Eskandarian, Eran Messeri, Joe Bonneau, Dan Boneh Stanford Google NYU Stanford Certificate Authorities Public Key Certificate CA Certificate apo-CA-lypse apo-CA-lypse Certificate Transparency

722 views • 30 slides
Operation Black tulip: Certificate authorities loose authority 24th Annual FIRST Conference 19

Operation Black tulip: Certificate authorities loose authority 24th Annual FIRST Conference 19

Operation Black tulip: Certificate authorities loose authority 24th Annual FIRST Conference 19 June 2012, Malta Dr. Marnix Dekker, CISA Security expert Information security officer ENISA www.enisa.europa.eu About ENISA o The European

461 views • 30 slides
N. Healing two blind men and a deaf mute Matthew 9:27 34 1. Matthew 9:27 These blind

N. Healing two blind men and a deaf mute Matthew 9:27 34 1. Matthew 9:27 These blind

N. Healing two blind men and a deaf mute Matthew 9:27 34 1. Matthew 9:27 These blind men called to Jesus using the Messianic title Son of David . Matthew implied that these blind men saw more than the Pharisees and other national leaders

639 views • 27 slides
Fintech Certificate Fintech Certificate Fintech Certificate 2 Investment Case The AtonR

Fintech Certificate Fintech Certificate Fintech Certificate 2 Investment Case The AtonR

Fintech Certificate Fintech Certificate Fintech Certificate 2 Investment Case The AtonR Fintech Index is a long-only, USD-based, actively managed total return index. The pace of innovation in financial technology (Fintech) has been

616 views • 26 slides
A1 (Part 3): Injection Blind SQL Injection Blind SQL Injection SQL injectio ion that tricks ks

A1 (Part 3): Injection Blind SQL Injection Blind SQL Injection SQL injectio ion that tricks ks

A1 (Part 3): Injection Blind SQL Injection Blind SQL Injection SQL injectio ion that tricks ks databases into reveal l information by way of the success or failure of injected querie ies Analogous example le: Login prompt that stops ps

602 views • 14 slides
NEO PA/VA system EN 54 -16 Certificate No. 2426-CPR-105 PA/VA System EN 54 -16 Certificate No.

NEO PA/VA system EN 54 -16 Certificate No. 2426-CPR-105 PA/VA System EN 54 -16 Certificate No.

NEO PA/VA system EN 54 -16 Certificate No. 2426-CPR-105 PA/VA System EN 54 -16 Certificate No. 2426-CPR-105 NEO is an innovative Public Address and Voice Alarm system that allows an easy audio installation with just one piece of equipment.

326 views • 7 slides
CANADIANS WHO ARE BLIND, DEAF-BLIND, AND PARTIALLY- SIGHTED Keith D Gordon Ph.D. Senior

CANADIANS WHO ARE BLIND, DEAF-BLIND, AND PARTIALLY- SIGHTED Keith D Gordon Ph.D. Senior

THE IMPACT OF THE COVID-19 PANDEMIC ON CANADIANS WHO ARE BLIND, DEAF-BLIND, AND PARTIALLY- SIGHTED Keith D Gordon Ph.D. Senior Research Officer Canadian Council of the Blind COVID-19 Impact Survey Objective To determine the impact that

822 views • 36 slides
Blind/Visually Impaired Silvia Ludena Veronica Sarabia Katie Stoddard Huong Vo Blind/Visually

Blind/Visually Impaired Silvia Ludena Veronica Sarabia Katie Stoddard Huong Vo Blind/Visually

Blind/Visually Impaired Silvia Ludena Veronica Sarabia Katie Stoddard Huong Vo Blind/Visually Impaired Any loss of ability to gather information by seeing might be considered a visual impairment Total Blindness - vision Legally blind - is the

1.19k views • 42 slides
1 4/3/2015 AMEs In Your Area If You Decide to Renew Your Medical So Whats This Light Sport

1 4/3/2015 AMEs In Your Area If You Decide to Renew Your Medical So Whats This Light Sport

4/3/2015 New Plastic Pilot Certificate So, Where Do I Start? What we will cover today Your old paper certificate is no longer valid. What it takes to be PIC again Google Search: Replacement of Airmen Certificate What has

485 views • 35 slides
Certificate of Recognition Certificate of Recognition - Defined COR is a health and safety

Certificate of Recognition Certificate of Recognition - Defined COR is a health and safety

Certificate of Recognition Certificate of Recognition - Defined COR is a health and safety certification program National standard supported by the Canadian Federation of Construction Safety Association (CFCSA) Aimed at driving

320 views • 10 slides
Visual disability Low vision 2015 Estimated blind people 2020 Visually impaired 285 M Blind

Visual disability Low vision 2015 Estimated blind people 2020 Visually impaired 285 M Blind

Visual disability Low vision 2015 Estimated blind people 2020 Visually impaired 285 M Blind 54 M Blind 39 M Global data souce: WHO, IBU See the world through the eyes of a visually impaired person Normal vision Cataract Glaucoma

562 views • 28 slides
Certificate of Public Advantage Presentation to the House Select Committee on the Certificate of

Certificate of Public Advantage Presentation to the House Select Committee on the Certificate of

Certificate of Public Advantage Presentation to the House Select Committee on the Certificate of Need Process and Related Hospital Issues Research Division Staff, September 14, 2011 What is a COPA? An agreement among two or more hospitals

201 views • 19 slides
Certificate of Recognition Update February 19, 2016 1 Certificate of Recognition- Defined

Certificate of Recognition Update February 19, 2016 1 Certificate of Recognition- Defined

Certificate of Recognition Update February 19, 2016 1 Certificate of Recognition- Defined COR is a workplace health and safety certification program All Legislative elements require 100% achievement National standard supported by

374 views • 9 slides
Certificate o Certi icate of Presentation Presentation This certificate is issued to Hong Guo,

Certificate o Certi icate of Presentation Presentation This certificate is issued to Hong Guo,

The 18 th International Conference on Electronic Business December 2-6, 2018, Guilin, China CERTIFICATE Certificate o Certi icate of Presentation Presentation This certificate is issued to Hong Guo, Anhui University, China Hong Guo, Anhui

1.04k views • 102 slides
A Distributed A Distributed Online Certificate Status Protocol Online Certificate Status

A Distributed A Distributed Online Certificate Status Protocol Online Certificate Status

A Distributed A Distributed Online Certificate Status Protocol Online Certificate Status Protocol Satoshi Koga, Kouichi Sakurai Satoshi Koga Kyushu University, Japan Background Background Certificate Revocation Problem Certificate

349 views • 10 slides
Blind Beamforming using Randomly Distributed Sensors Kung Yao UCLA DARPA CSP Workshop, Jan. 15,

Blind Beamforming using Randomly Distributed Sensors Kung Yao UCLA DARPA CSP Workshop, Jan. 15,

Blind Beamforming using Randomly Distributed Sensors Kung Yao UCLA DARPA CSP Workshop, Jan. 15, 2001 Outline Introduction to blind beamforming array Different usages of blind beamforming arrays Applications 1. Acoustic source

301 views • 19 slides
Mobile Payments Certificate 2 Mobile Payments Certificate Investment Case While the mobile

Mobile Payments Certificate 2 Mobile Payments Certificate Investment Case While the mobile

Mobile Payments Certificate 2 Mobile Payments Certificate Investment Case While the mobile payment infrastructure is now in place (NFC-enabled phones and POS terminals, various platforms such as Apple Pay), we are about to enter the second

467 views • 20 slides
One Statement Certificate Policies Milan Sova The problem Was this certificate issued to

One Statement Certificate Policies Milan Sova The problem Was this certificate issued to

One Statement Certificate Policies Milan Sova The problem Was this certificate issued to a host or to a person? Is the private key stored on a hardware token or in a software? Is the private key encrypted?

368 views • 7 slides
Network and Certificate System Security Requirements Network and Certificate System Security

Network and Certificate System Security Requirements Network and Certificate System Security

Network and Certificate System Security Requirements Network and Certificate System Security Requirements (NCSSR) Effective 1 January 2013 No amendments since passed Included in WebTrust Principles and Criteria for Certification

253 views • 7 slides

More recommend