forward secrecy on pop
play

Forward-secrecy on POP Arthur Villard School of Computer and - PowerPoint PPT Presentation

Forward-secrecy on POP Arthur Villard School of Computer and Communication Sciences Decentralized and Distributed Systems lab Master Thesis September 2017 Responsible Supervisor Prof. Bryan Ford Prof. Ewa Syta Linus Gasser EPFL / DEDIS


  1. Forward-secrecy on POP Arthur Villard School of Computer and Communication Sciences Decentralized and Distributed Systems lab Master Thesis – September 2017 Responsible Supervisor Prof. Bryan Ford Prof. Ewa Syta Linus Gasser EPFL / DEDIS Trinity College EPFL / DEDIS

  2. Context ● O n l i n e c o l l a b o r a t i v e s e r v i c e ( e . g . W i k i p e d i a ) ● Authenticate users anonymously against a list ● Link authentication attempts ● Other example: e-voting 2 Arthur Villard - Master Thesis DEDIS 12/02/2018

  3. Overview ● Introduction ● PoP and DAGA interaction ● Implementing DAGA ● Improving DAGA ● Conclusion & Future work 3 Arthur Villard - Master Thesis DEDIS 12/02/2018

  4. Overview ● Introduction ● PoP and DAGA interaction ● Implementing DAGA ● Improving DAGA ● Conclusion & Future work 4 Arthur Villard - Master Thesis DEDIS 12/02/2018

  5. Introduction | PoP and DAGA interaction | Implementing DAGA | Improving DAGA | Conclusion Frameworks ● PoP: P r o o f o f P e r s o n h o o d – DEDIS ➔ C r e a t i o n o f t h e u s e r l i s t ➔ Authentication protocol ➔ Anonymity within the group ➔ No forward-secrecy ● DAGA: Deniable Anonymous Group Authentication – Ewa Syta ➔ Authentication protocol ➔ Forward-secrecy 5 Arthur Villard - Master Thesis DEDIS 12/02/2018

  6. Introduction | PoP and DAGA interaction | Implementing DAGA | Improving DAGA | Conclusion Goals ● Using DAGA as PoP’s authentication protocol ● Implementing DAGA in Go ● Improving DAGA 6 Arthur Villard - Master Thesis DEDIS 12/02/2018

  7. Introduction | PoP and DAGA interaction | Implementing DAGA | Improving DAGA | Conclusion Key concepts ● Anonymity ➔ No information about the user is known ● Accountability ➔ The sender can be held responsible for his action ● Linkability ➔ Two messages come from the same user ● F o r w a r d - s e c r e c y ➔ Breaking a session does not break the previous ones 7 Arthur Villard - Master Thesis DEDIS 12/02/2018

  8. Overview ● Introduction ● PoP and DAGA interaction ● Implementing DAGA ● Improving DAGA ● Conclusion & Future work 8 Arthur Villard - Master Thesis DEDIS 12/02/2018

  9. Introduction | PoP and DAGA interaction | Implementing DAGA | Improving DAGA | Conclusion Integration 9 Arthur Villard - Master Thesis DEDIS 12/02/2018

  10. Introduction | PoP and DAGA interaction | Implementing DAGA | Improving DAGA | Conclusion PoP: How it works 10 Arthur Villard - Master Thesis DEDIS 12/02/2018

  11. Introduction | PoP and DAGA interaction | Implementing DAGA | Improving DAGA | Conclusion PoP: Weaknesses ● No forward-secrecy ➔ Tag derived from private key ➔ Leakage allows to identify the user in previous sessions ● Cross-service de-anonymisation ➔ Tags independent from the service ➔ Users can be tracked between different services  Loss of anonymity 11 Arthur Villard - Master Thesis DEDIS 12/02/2018

  12. Introduction | PoP and DAGA interaction | Implementing DAGA | Improving DAGA | Conclusion DAGA: How it works Request generation Compute Proof generation initial tag User s f R o e o q r P e u R e g + s n e t e q g c l a u l a h e t a h s e C l t g l e a n Context k g n e i L DAGA servers Distributed randomness 12 Arthur Villard - Master Thesis DEDIS 12/02/2018

  13. Introduction | PoP and DAGA interaction | Implementing DAGA | Improving DAGA | Conclusion DAGA solutions ● Forward-secrecy ➔ Tags derived from context elements only ➔ Private key used in client proof ➔ Proof does not leak information ● Cross-service de-anonymisation ➔ Different services  Different contexts  Different tags for the same user 13 Arthur Villard - Master Thesis DEDIS 12/02/2018

  14. Introduction | PoP and DAGA interaction | Implementing DAGA | Improving DAGA | Conclusion Conclusion ● DAGA can solve PoP weaknesses ● DAGA and PoP can be interfaced ● E-voting 14 Arthur Villard - Master Thesis DEDIS 12/02/2018

  15. Overview ● Introduction ● PoP and DAGA interaction ● Implementing DAGA ● Improving DAGA ● Conclusion & Future work 15 Arthur Villard - Master Thesis DEDIS 12/02/2018

  16. Introduction | PoP and DAGA interaction | Implementing DAGA | Improving DAGA | Conclusion Implementation ● Go m ( ∏ m s k ) ● RSA  Elliptic Curves i =( ∏ i = h i T 0 s k )∗ H i T 0  k = 1 k = 1 ● Distributed randomness 16 Arthur Villard - Master Thesis DEDIS 12/02/2018

  17. Introduction | PoP and DAGA interaction | Implementing DAGA | Improving DAGA | Conclusion Code results ● Library: Complete implementation ● Test coverage 88% ● Example scenario ● Benchmark package 17 Arthur Villard - Master Thesis DEDIS 12/02/2018

  18. Introduction | PoP and DAGA interaction | Implementing DAGA | Improving DAGA | Conclusion Benchmarks: Communication Setup: Setup: Windows 10 ● Ubuntu 12.04 ● x86-64 ● x86-64 ● 1 thread ● 1 thread ● @4,5GHz ● No improvement ● No explanation yet 18 Arthur Villard - Master Thesis DEDIS 12/02/2018

  19. Introduction | PoP and DAGA interaction | Implementing DAGA | Improving DAGA | Conclusion Benchmarks: Time Setup: Setup: Windows 10 ● Ubuntu 12.04 ● x86-64 ● x86-64 ● 1 thread ● 1 thread ● @4,5GHz 15 000 s 1 000 s 32768 members / 32 servers /15 ● Moore’s law 2012  2018: ~ /8 from hardware ● Elliptic Curves 19 Arthur Villard - Master Thesis DEDIS 12/02/2018

  20. Introduction | PoP and DAGA interaction | Implementing DAGA | Improving DAGA | Conclusion Conclusion ● Complete implementation ● Time improvement ● Next step: Integrate it with PoP 20 Arthur Villard - Master Thesis DEDIS 12/02/2018

  21. Overview ● I n t r o d u c t i o n ● PoP and DAGA interaction ● Implementing DAGA ● Improving DAGA ● Conclusion & Future work 21 Arthur Villard - Master Thesis DEDIS 12/02/2018

  22. Introduction | PoP and DAGA interaction | Implementing DAGA | Improving DAGA | Conclusion Proof problem Request generation Compute Proof generation initial tag User s f R o e o q r P e u R e g + s n e t e q g c l a u l a h e t a h s e C l t g l e a n Context k g n e i L DAGA servers Distributed randomness 22 Arthur Villard - Master Thesis DEDIS 12/02/2018

  23. Introduction | PoP and DAGA interaction | Implementing DAGA | Improving DAGA | Conclusion Proof problem ● Anonymity through a client OR proof: ➔ I know (private key 1 OR private key 2 OR … ) ● Growth , n = #members O ( 6 ∗ n ) ➔ 32768 members / 32 servers ● Proof ~6,3 MB, total cost ~200 MB  ~20% of total 23 Arthur Villard - Master Thesis DEDIS 12/02/2018

  24. Introduction | PoP and DAGA interaction | Implementing DAGA | Improving DAGA | Conclusion Improving the proof ● Work with Kasra Edalatnejadkhamene, PhD student ● Survey of the field ● Split the proof ➔ Proof of membership: Accumulator ➔ Proof of knowledge: Signature of knowledge ● No concrete scheme 24 Arthur Villard - Master Thesis DEDIS 12/02/2018

  25. Overview ● Introduction ● PoP and DAGA interaction ● Implementing DAGA ● Improving DAGA ● Conclusion & Future work 25 Arthur Villard - Master Thesis DEDIS 12/02/2018

  26. Introduction | PoP and DAGA interaction | Implementing DAGA | Improving DAGA | Conclusion Conclusion & Future work ● DAGA and PoP can work together ● Complete Go implementation of DAGA ● Improvement guidelines for the proof ● Next steps ➔ Integrate DAGA and PoP ➔ Optimize network consumption ➔ Continue the work on the proof ➔ Improve implementation resistance (secure memory management, constant-time, … ) 26 Arthur Villard - Master Thesis DEDIS 12/02/2018

  27. Distributed randomness 27 Arthur Villard - Master Thesis DEDIS 12/02/2018

  28. Context ● User public keys (#members) ● Server public keys (#servers) ● Server random commitments (#servers) ● Client random generators (#members) 28 Arthur Villard - Master Thesis DEDIS 12/02/2018

  29. Accumulator ● Accumulators from Bilinear Pairings and Applications L. Nguyen, 2005 ● Adjustments: ➔ Trusted setup ➔ Bounded ➔ Efficiency based on trusted authority 29 Arthur Villard - Master Thesis DEDIS 12/02/2018

  30. Ring signature ● How to Leak a Secret , R. Rivest, A. Shamir and Y. Tauman 30 Arthur Villard - Master Thesis DEDIS 12/02/2018

Recommend


More recommend