cryptographic reverse firewall via malleable smooth
play

Cryptographic Reverse Firewall via Malleable Smooth Projective Hash - PowerPoint PPT Presentation

May 16, 2023 β€’109 likes β€’639 views

Cryptographic Reverse Firewall via Malleable Smooth Projective Hash Functions Rongmao Chen, Yi Mu, Guomin Yang , Willy Susilo, Fuchun Guo and Mingwu Zhang Asiacrypt 2016, Hanoi Outline n Background n Cryptographic Reverse Firewall n Part

  1. Cryptographic Reverse Firewall via Malleable Smooth Projective Hash Functions Rongmao Chen, Yi Mu, Guomin Yang , Willy Susilo, Fuchun Guo and Mingwu Zhang Asiacrypt 2016, Hanoi

  2. Outline n Background n Cryptographic Reverse Firewall n Part I: Malleable Smooth Projective Hash Function n Part II: CRF Constructions Via Malleable SPHFs n Unkeyed Message Transmission Protocol n Oblivious Signature-Based Envelope Protocol n Oblivious Transfer Protocol n Conclusions and Future Work

  3. Outline n Background n Cryptographic Reverse Firewall n Part I: Malleable Smooth Projective Hash Function n Part II: CRF Constructions Via Malleable SPHFs n Unkeyed Message Transmission Protocol n Oblivious Signature-Based Envelope Protocol n Oblivious Transfer Protocol n Conclusions and Future Work

  4. Background q Edward Snowden Revelations q Massive surveillance by intelligence agencies q Undermining security mechanisms q subverting cryptographic protocols q deploying security weakness in implementations

  5. Background q Edward Snowden Revelations q Massive surveillance by intelligence agencies q Undermining security mechanisms q subverting cryptographic protocols q deploying security weakness in implementations q Post-Snowden Cryptography q How to achieve meaningful security for cryptographic protocols in the presence of an adversary that may arbitrarily tamper with the victim’s machine?

  6. IACR Statement On Mass Surveillance The membership of the IACR repudiates mass surveillance and the undermining of cryptographic solutions and standards , Population-wide surveillance threatens democracy and human dignity. We call for expediting research and deployment of effective techniques to protect personal privacy against governmental and corporate overreach. -- Copenhagen, Eurocrypt 2014

  7. Outline n Background n Cryptographic Reverse Firewall n Part I: Malleable Smooth Projective Hash Function n Part II: CRF Constructions Via Malleable SPHFs n Unkeyed Message Transmission Protocol n Oblivious Signature-Based Envelope Protocol n Oblivious Transfer Protocol n Conclusions and Future Work

  8. Cryptographic Reverse Firewall [MS15] p A stateful algorithm 𝒳 p Input: current state 𝜐 and message 𝑛 p Output: updated state πœΜƒ and message 𝑛 % p A β€œcomposed” party 𝒳 ∘ P 𝒳 is applied to the incoming and outgoing messages of p party P p the state of 𝒳 is initialized to the public parameters 𝒳 is called a reverse firewall for P p p β€œactive router” between P ’s private network and the outside 𝑛 1 𝑛 1 * … … 𝑛 π‘œ * 𝑛 π‘œ P 𝒳

  9. Cryptographic Reverse Firewall [MS15] p Stackable reverse firewalls p composition of multiple reverse firewalls 𝒳 ∘ 𝒳 ∘ β‹― ∘ 𝒳 ∘ P p Transparent to legitimate traffic p does not break functionality ( Functionality-maintaining ) p 𝒳 shares no secret with P p we do not trust the firewall ( Security-preserving ) p No corrupted implementation of P can leak information through 𝒳 ( Exfiltration-resistant ) 𝑛 1 𝑛 1 * … … 𝑛 π‘œ * 𝑛 π‘œ P 𝒳

  10. Property I: Functionality-Maintaining p Underlying protocol has some functionality 𝑛 1 … 𝑛 π‘œ y A y B p Protocol with 𝒳 has the same functionality 𝑛 1 𝑛 1 * … … 𝑛 π‘œ * 𝑛 π‘œ y A y B

  11. Property II: Security-Preserving p Underlying protocol satisfies some security notions 𝑛 1 … 𝑛 π‘œ p Protocol with 𝒳 satisfies the same security notions 𝑛 1 𝑛 1 * … … 𝑛 π‘œ * 𝑛 π‘œ

  12. Property II: Security-Preserving p Corrupted implementation may break the security 𝑛 1 … 𝑛 π‘œ p Corrupted protocol with 𝒳 remains secure 𝑛 1 𝑛 1 * … … 𝑛 π‘œ * 𝑛 π‘œ Strong vs Weak Security-Preserving Eavesdropper vs Peer Party

  13. Property III: Exfiltration-Resistant p Corrupted implementation of P cannot leak any information to an eavesdropping attacker 𝑛 1 𝑛 1 * … … 𝑛 π‘œ * 𝑛 π‘œ β‰ˆ 𝑫 𝑛 1 𝑛 1 * … … 𝑛 π‘œ * 𝑛 π‘œ Strong vs Weak Exfiltration-Resistance Eavesdropper vs Peer Party

  14. Research Goal The β€œholy grail” would be a full characterization of functionalities and security properties for which reverse firewall exists. -- By Mironov and Stephens-Davidowitz Eurocrypt 2015 This work: a general approach for designing CRFs for functionalities that are realizable by Smooth Projective Hash Functions

  15. Outline n Background n Cryptographic Reverse Firewall n Part I: Malleable Smooth Projective Hash Function n Part II: CRF Constructions Via Malleable SPHFs n Unkeyed Message Transmission Protocol n Oblivious Signature-Based Envelope Protocol n Oblivious Transfer Protocol n Conclusions and Future Work

  16. Smooth Projective Hash Function [CS02] SPHFSetup ( 1 π‘š )=pp; HashKG (pp)=hk ; ProjKG (pp,hk)=hp Hash (pp,hk, C ) L ( C, w ) ProjHash (pp,hp, C , w ) … X Y C’ V’ Hash (pp,hk, C’ ) X/L … … p Correctness : Hash (pp,hk, C ) = ProjHash (pp,hp, C , w ); $ Y ; p Smoothness : V’ β‰ˆ S R p Hard Subset Membership : L β‰ˆ 𝐷 X/L

  17. Our Extension: Malleable SPHF p Randomness Sampling p SampR (pp) ⟢ 𝑠 % SampW (pp) ⟢ w * p p Projection Key Updating 8 MaulK (pp,hp, 𝑠 % ) ⟢ hp p 8 MaulH (pp,hp, 𝑠 % , C ) ⟢ hv p p Element Re-randomization 8 ReranE (pp, C , π‘₯ * ) ⟢ 𝐷 p 8 ReranH (pp,hp, C , π‘₯ * ) ⟢ hv p

  18. Our Extension: Malleable SPHF p Property I: Projection Key Malleability hp if exists hk w C Hash ProjHash = hv’ hv

  19. Our Extension: Malleable SPHF p Property I: Projection Key Malleability hp hk C Hash hv

  20. Our Extension: Malleable SPHF p Property I: Projection Key Malleability 8 β‰ˆ 𝐷 hp 1 8 β‘  hp 0 8 hp hp MaulK 𝑠 % SampR hk C Hash hv 8 = h β‘‘ hv βˆ— hv

  21. Our Extension: Malleable SPHF p Property I: Projection Key Malleability 8 β‰ˆ 𝐷 hp 1 8 β‘  hp 0 8 hp hp MaulK 𝑠 % SampR hk 8 C hk Hash Hash hv hv’ 8 = h β‘‘ hv βˆ— hv

  22. Our Extension: Malleable SPHF p Property I: Projection Key Malleability 8 β‰ˆ 𝐷 hp 1 8 β‘  hp 0 8 hp hp MaulK 𝑠 % SampR hk 8 C hk Hash Hash MaulH 8 hv hv hv’ 8 = hv’ β‘‘ hv βˆ— hv

  23. Our Extension: Malleable SPHF p Property II: Element Re-randomizability C hk Hash hv

  24. Our Extension: Malleable SPHF p Property II: Element Re-randomizability 8 β‰ˆ 𝐷 𝐷 1 8 β‘  𝐷 0 > C ReranE 𝐷 π‘₯ % SampW hk Hash hv 8 = h β‘‘ hv βˆ— β„Žπ‘€

  25. Our Extension: Malleable SPHF p Property II: Element Re-randomizability 8 β‰ˆ 𝐷 𝐷 1 8 β‘  𝐷 0 > C ReranE 𝐷 π‘₯ % SampW hp hk hk Hash Hash hv hv’

  26. Our Extension: Malleable SPHF p Property II: Element Re-randomizability 8 β‰ˆ 𝐷 𝐷 1 8 β‘  𝐷 0 > C ReranE 𝐷 π‘₯ % SampW hp hk hk Hash Hash ReranH 8 hv hv hv’ 8 = hv’ β‘‘ hv βˆ— hv

  27. Our Extension: Malleable SPHF p Property II: Element Re-randomizability 8 β‰ˆ 𝐷 𝐷 1 8 β‘  𝐷 0 > C ReranE 𝐷 π‘₯ % SampW > ∈ L iff β‘’ 𝐷 C ∈ L hp hk hk Hash Hash ReranH 8 hv hv hv’ 8 = hv’ β‘‘ hv βˆ— hv

  28. A Generic Construction of Malleable SPHF p Graded Rings [BCC+13] p common formalization of cyclic groups, bilinear groups, and multilinear groups p βˆ€ 𝑏, 𝑐 ∈ 𝕬 π‘ž , 𝑏⨁𝑐 = 𝑏 + 𝑐, 𝑏⨀𝑐 = 𝑏 L 𝑐 PQ οΌ› βˆ€ 𝑑 ∈ 𝕬 π‘ž , p βˆ€ 𝑣 1 , 𝑀 1 ∈ 𝔿, 𝑣 1 ⨁𝑀 1 = 𝑣 1 L 𝑀 1 , 𝑣 1 βŠ– 𝑀 1 = 𝑣 1 L 𝑀 1 𝑑⨀𝑣 1 = 𝑣 1 𝑑 p βˆ€ 𝑣 1 , 𝑀 1 ∈ 𝔿, 𝑣 1 ⨀𝑀 1 = 𝑓 𝑣 1 , 𝑀 1 ∈ 𝔿 π‘ˆ (𝑓: 𝔿×𝔿 ⟢ 𝔿 π‘ˆ ) p Generic SPHF via Graded Rings [BCC+13] π›₯: 𝒴 ⟼ 𝔿 [Γ—\ , π›ͺ: 𝒴 ⟼ 𝔿 QΓ—\ p QΓ—[ s. t. , π›ͺ 𝐷 = 𝛍⨀π›₯ 𝐷 p 𝐷 ∈ β„’ ⟺ βˆƒπ› ∈ 𝕬 π‘ž hk : = 𝜷 = (𝛽 1 , … , 𝛽 π‘œ ) Ξ€ $ \ , hp ∢= 𝛿 𝐷 = π›₯ 𝐷 β¨€πœ· ∈ 𝔿 𝑙 p ← 𝕬 π‘ž p Hash (pp,hk, C ) ∢= π›ͺ 𝐷 β¨€πœ· , ProjHash (pp,hp, C ,w) ∢= 𝛍⨀ 𝛿 𝐷 π›ͺ 𝐷 β¨€πœ· = 𝛍⨀π›₯ 𝐷 β¨€πœ· = 𝛍⨀ 𝛿 𝐷

  29. A Generic Construction of Malleable SPHF p Generic Malleable SPHF via Graded Rings 8 = 𝛿 𝐷 ⨁π›₯ 𝐷 ⨀ 𝒔 p MaulK (pp,hp= 𝛿 𝐷 , 𝒔 * ) : hp * 8 = π›ͺ 𝐷 ⨀ 𝒔 p MaulH (pp,hp, 𝒔 * , C ) : hv * 8⨀π›₯ 𝐷 8 = π›ͺ 𝐷 ⨁ 𝛍 p ReranK (pp, C , π‘₯ * ) : 𝐷 8 = 𝛍 8 ⨀ 𝛿 𝐷 p ReranH (pp,hp, C , π‘₯ * ) : hv Theorem The above construction is a malleable SPHF if the follows hold: π›ͺ: 𝒴 ⟼ 𝔿 QΓ—\ is an identity function; β€’ π›₯: 𝒴 ⟼ 𝔿 [Γ—\ is a constant function; β€’ β€’ The hard subset membership holds. p Instantiation from the k -linear assumption

  30. Outline n Background n Cryptographic Reverse Firewall n Part I: Malleable Smooth Projective Hash Function n Part II: CRF Constructions Via Malleable SPHFs n Unkeyed Message Transmission Protocol n Oblivious Signature-Based Envelope Protocol n Oblivious Transfer Protocol n Conclusions and Future Work

  31. Message Transmission Protocol with CRFs p Message Transmission Protocol Input: pp, M Input: pp $ ← HashKG (pp) hk hp ← ProjKG (pp,hk) op $ ← SampYes (pp) ( C , w ) V = ProjHash (pp,hp, C,w ) CT = V ⨁ M q, qr M’ = CT ⊝ Hash (pp,hk, C ) M’ = M Hash (pp,hk, C ) = ProjHash (pp,hp, C,w )

Recommend

Cryptanalysis, Reverse-Engineering and Design of Symmetric Cryptographic Algorithms Lo Perrin

Cryptanalysis, Reverse-Engineering and Design of Symmetric Cryptographic Algorithms Lo Perrin

Cryptanalysis, Reverse-Engineering and Design of Symmetric Cryptographic Algorithms Lo Perrin SnT, University of Luxembourg April 25, 2017 PhD Defence Introduction On S-Box Reverse-Engineering On Lightweight Cryptography Conclusion

1.76k views β€’ 137 slides
Sophos XG Firewall IP Partners ICT Systems & Services www.ippartners.gr XG Firewall

Sophos XG Firewall IP Partners ICT Systems & Services www.ippartners.gr XG Firewall

Sophos XG Firewall IP Partners ICT Systems & Services www.ippartners.gr XG Firewall Overview Todays top firewall problems What IT managers say about their existing firewall Firewall Satisfaction Survey (Spiceworks 2017) Top

548 views β€’ 52 slides
Cryptanalysis, Reverse-Engineering and Design of Symmetric Cryptographic Algorithms Lo Perrin

Cryptanalysis, Reverse-Engineering and Design of Symmetric Cryptographic Algorithms Lo Perrin

Cryptanalysis, Reverse-Engineering and Design of Symmetric Cryptographic Algorithms Lo Perrin CSC & SnT, University of Luxembourg CryptoLUX Team ; supervised by Alex Biryukov July 5th 2018 Introduction What is cryptography?

1.14k views β€’ 71 slides
Firewall and IDS/IPS What is a firewall? firewall = wall to protect against fire propagation

Firewall and IDS/IPS What is a firewall? firewall = wall to protect against fire propagation

Firewall and IDS/IPS What is a firewall? firewall = wall to protect against fire propagation controlled connection between networks at different security levels = boundary protection ( L1 > L2 ) network at network at security

1.07k views β€’ 67 slides
CASTER ASSEMBLY SCALE 1 : 1 DRAWN 1/26/2010 swaters A A CHECKED TITLE QA CASTER ASSEMBLY

CASTER ASSEMBLY SCALE 1 : 1 DRAWN 1/26/2010 swaters A A CHECKED TITLE QA CASTER ASSEMBLY

4 3 2 1 PARTS LIST ITEM QTY PART NUMBER MATERIAL 1 1 TOP PLATE MALLEABLE IRON 2 2 AXLE SUPPORT MALLEABLE IRON 3 1 AXLE SAE 1020 4 2 BUSHING BRONZE 5 1 WHEEL MALLEABLE IRON B B CASTER ASSEMBLY SCALE 1 : 1 DRAWN

434 views β€’ 7 slides
Malleable Proof Systems and Applications Melissa Chase (MSR Redmond) Markulf Kohlweiss (MSR

Malleable Proof Systems and Applications Melissa Chase (MSR Redmond) Markulf Kohlweiss (MSR

Malleable Proof Systems and Applications Melissa Chase (MSR Redmond) Markulf Kohlweiss (MSR Cambridge) Anna Lysyanskaya (Brown University) Sarah Meiklejohn (UC San Diego) 1 Non-malleable cryptography Twenty years ago, saw a strong emphasis on

1.6k views β€’ 145 slides
Non-Malleable Codes for Partial Functions with Manipulation Detection Aggelos Kiayias Feng-Hao

Non-Malleable Codes for Partial Functions with Manipulation Detection Aggelos Kiayias Feng-Hao

Non-Malleable Codes for Partial Functions with Manipulation Detection Aggelos Kiayias Feng-Hao Liu Yiannis Tselekounis Edin. & FAU CRYPTO 2018 Outline Introduction to non-malleable codes Adversarial model, motivation Results,

772 views β€’ 55 slides
Firewalls in FreeBSD and OpenBSD What is firewall? firewall is a method of protecting hosts

Firewalls in FreeBSD and OpenBSD What is firewall? firewall is a method of protecting hosts

Firewalls in FreeBSD and OpenBSD What is firewall? firewall is a method of protecting hosts and networks connected to other hosts and networks against attacks from the outside and from the inside. a firewall is a network security system

440 views β€’ 30 slides
Lane ESD Technology Services Core Firewall Overview Districts Behind Firewall Blachly

Lane ESD Technology Services Core Firewall Overview Districts Behind Firewall Blachly

Lane ESD Technology Services Core Firewall Overview Districts Behind Firewall Blachly Creswell Crow-Applegate-Lorane Fern Ridge Junction City Lowell Mapleton Screened, but exempt from policies Marcola

539 views β€’ 15 slides
Firewall vs. Scrambling 2 1 Review of Firewall argument Review of Hayden-Preskill 4 3

Firewall vs. Scrambling 2 1 Review of Firewall argument Review of Hayden-Preskill 4 3

Firewall vs. Scrambling 2 1 Review of Firewall argument Review of Hayden-Preskill 4 3 State-independent interior operators Interior operator from HP recovery 6 5 Resolution of the puzzle Effect of infalling observer 7 Discussions Beni

1.61k views β€’ 106 slides
FIREMAN: A Toolkit for FIREwall Modeling and ANalysis Michael Lin All about firewalls A

FIREMAN: A Toolkit for FIREwall Modeling and ANalysis Michael Lin All about firewalls A

FIREMAN: A Toolkit for FIREwall Modeling and ANalysis Michael Lin All about firewalls A firewall is only as good as its configuration Big deal, it should be easy to configure a firewall, right? Basically... no. A Quantitative

507 views β€’ 14 slides
CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools Cryptographic Tools Cryptographic algorithms important element in security services Review various types of elements symmetric encryption secure

1.27k views β€’ 23 slides
Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction to cryptographic protocols communication (various security goals) Bruno Blanchet use cryptographic primitives (e.g. encryption, hash function,

451 views β€’ 14 slides
Firewalls 1 Outline What are firewalls? Types of Firewalls Building a simple

Firewalls 1 Outline What are firewalls? Types of Firewalls Building a simple

Firewalls 1 Outline What are firewalls? Types of Firewalls Building a simple firewall using Netfilter Iptables firewall in Linux Stateful Firewall Application Firewall Evading Firewalls 2 Firewalls

811 views β€’ 55 slides
Cryptographic Logical Relations What is the contextual equivalence for cryptographic

Cryptographic Logical Relations What is the contextual equivalence for cryptographic

Cryptographic Logical Relations What is the contextual equivalence for cryptographic protocols and how to prove it? Yu ZHANG Including joint work with J. Goubault-Larrecq, D. Nowak and S. Lasota EVEREST, INRIA Sophia-Antipolis February

487 views β€’ 37 slides
Overview Firewall Security Perimeter Security Devices H/W vs. S/W Packet Filtering vs.

Overview Firewall Security Perimeter Security Devices H/W vs. S/W Packet Filtering vs.

Overview Firewall Security Perimeter Security Devices H/W vs. S/W Packet Filtering vs. Stateful Inspection Firewall Topologies Chapter 8 Firewall Rulebases Lecturer: Pei-yih Ting 1 2 Perimeter Security Devices Routers

291 views β€’ 7 slides
Java Card Applet Firewall Java Card Applet Firewall Exploration and Exploitation Exploration and

Java Card Applet Firewall Java Card Applet Firewall Exploration and Exploitation Exploration and

Java Card Applet Firewall Java Card Applet Firewall Exploration and Exploitation Exploration and Exploitation Wojciech Mostowski and Erik Poll Digital Security Radboud University Nijmegen The Netherlands http://www.cs.ru.nl/~{woj,erikpoll}/

818 views β€’ 42 slides
Firewall What is it? Do we need one? Oxford Hills School District March 5, 2018 What is a

Firewall What is it? Do we need one? Oxford Hills School District March 5, 2018 What is a

Firewall What is it? Do we need one? Oxford Hills School District March 5, 2018 What is a firewall? Term first used in 1851 Henry Ford used them to protect passengers from engine fires, smoke and heat. Computer networks: a part of a

500 views β€’ 21 slides
Spreadsheets: an Introduction to utilized the notion of a malleable matrix to develop the

Spreadsheets: an Introduction to utilized the notion of a malleable matrix to develop the

From word munching to number crunching In 1978 Harvard grad student Dan Bricklin Spreadsheets: an Introduction to utilized the notion of a malleable matrix to develop the first computer spreadsheet program Excel Vastly expanded

185 views β€’ 7 slides
How to prevent cryptographic pitfalls by design February 3, 2019 How to prevent cryptographic

How to prevent cryptographic pitfalls by design February 3, 2019 How to prevent cryptographic

Department of Informatics Security and Privacy Maximilian Blochberger How to prevent cryptographic pitfalls by design February 3, 2019 How to prevent cryptographic pitfalls by design Goal Raise awareness of cryptographic misuse Disclaimer

910 views β€’ 29 slides
Firewalls Summary Brief History of Firewalls What is a Firewall? Why Firewalls?

Firewalls Summary Brief History of Firewalls What is a Firewall? Why Firewalls?

Firewalls Summary Brief History of Firewalls What is a Firewall? Why Firewalls? Network Address Translation Types of Firewalls Linux/Windows Firewalls pfSense Blue Team Activity Brief History Firewall

348 views β€’ 30 slides
Palo Alto Firewall What are next generation firewalls and how do they operate? Difference between

Palo Alto Firewall What are next generation firewalls and how do they operate? Difference between

Palo Alto Firewall What are next generation firewalls and how do they operate? Difference between NGFW and classic firewalls: Classic Firewall Next Generation Firewall Traffic filtering using Port, IP, and protocol Supported Supported VPN

1.23k views β€’ 26 slides
Palo Alto Firewall What are next generation firewalls and how do they operate? Difference between

Palo Alto Firewall What are next generation firewalls and how do they operate? Difference between

Palo Alto Firewall What are next generation firewalls and how do they operate? Difference between NGFW and classic firewalls: Classic Firewall Next Generation Firewall Traffic filtering using Port, IP, and protocol Supported Supported VPN

533 views β€’ 25 slides
Remanufacturing of Products Remanufacturing of Products and Reverse Logistics and Reverse

Remanufacturing of Products Remanufacturing of Products and Reverse Logistics and Reverse

Remanufacturing of Products Remanufacturing of Products and Reverse Logistics and Reverse Logistics Xochitl Aquiahuatl March 2007 Outline Outline Closed-loop Supply Chain Reverse Logistics Recovery Options Product

388 views β€’ 22 slides

More recommend