intermaclib beyond confidentiality and integrity in
play

InterMAClib: Beyond Confidentiality and Integrity in Practice - PowerPoint PPT Presentation

Jan 14, 2023 •107 likes •302 views

InterMAClib: Beyond Confidentiality and Integrity in Practice Torben B. Hansen @n_tbh Joint work with Martin R. Albrecht @martinralbrecht Kenneth G. Paterson @kennyog Information Security Group Centre

  1. InterMAClib: ¡Beyond ¡Confidentiality ¡ and ¡Integrity ¡in ¡Practice Torben ¡B. ¡Hansen ¡@n_tbh Joint ¡work ¡with ¡ Martin ¡R. ¡Albrecht ¡@martinralbrecht Kenneth ¡G. ¡Paterson ¡@kennyog Information ¡Security ¡Group Centre ¡for ¡Doctoral ¡Training ¡in ¡Cyber ¡Security Real ¡World ¡Crypto ¡2018 ¡January ¡12 th

  2. The ¡next ¡~25 ¡mins OpenSSH InterMAC cipher ¡modes Motivation Performance We ¡are ¡here InterMAC(lib)

  3. Symmetric ¡encryption ¡ Modelling ¡security AE C C ¡ ← Enc k (M) M ¡ ← Dec k (C) Good ¡approximation? [BKN02] [APW09] SSH ¡CBC-­‑mode ¡is ¡secure! SSH ¡CBC-­‑mode ¡is ¡ not secure!

  4. C 1 C M 1 ← Dec k (C 1 ) C 2 C ¡ ← Enc k (M) M 2 ← Dec k (C 2 ) M ¡= ¡M 1 || ¡M 2 [BDPS12] SSH ¡packets ¡contains ¡a ¡length ¡field

  5. Security ¡notions C 1 C M 1 ← Dec k (C 1 ) C 2 C ¡ ← Enc k (M) M 2 ← Dec k (C 2 ) M ¡= ¡M 1 || ¡M 2 IND-­‑CCA IND-­‑sfCFA IND-­‑sfCTF IND-­‑CTXT

  6. Security ¡notions C ¡= C 1 DJ@)%&6h C 2 C’ ¡= *s&FQOm”F C 3 DJ@)%&6h*s&FQOm”F C’ C SSH: IND-­‑CCA IND-­‑sfCFA -­‑ Length ¡field ¡encrypted BH-­‑sfCFA -­‑ Random ¡amount ¡of ¡ IND-­‑sfCTF IND-­‑CTXT padding

  7. Security ¡notions (Open)SSH ¡EtM cryptographic ¡processing Sequence Packet Pad Payload Padding ≥4 Number Length Len 1 4 4 Enc Packet MAC ¡tag Ciphertext Length Mac [BDPS12] ¡/ ¡ [BDPS12] [AD H P16 ¡] IND-­‑CCA IND-­‑sfCFA BH-­‑sfCFA n-­‑DOS-­‑sfCFA [AD H P16] IND-­‑sfCTF IND-­‑CTXT

  8. InterMAC [BDPS12] Achieve ¡all ¡4 security ¡ notions N ¡-­‑ 1 N ¡-­‑ 1 N ¡-­‑ 1 0 0 1 IND$-­‑CPA Enc Enc Enc Chunk ¡counter: 0 1 2 Mac Mac Mac c c c Message ¡counter: PRF

  9. InterMAC in ¡practice … 1 0 1 N ¡-­‑ 1 N ¡-­‑ 1 N ¡-­‑ 1 t=1 : no padding 0 0 1 1 t t=2 : padding Enc Enc Enc Chunk ¡counter: 0 1 2 Mac Mac Mac c c c Message ¡counter:

  10. InterMAC in ¡practice … 1 0 1 N ¡-­‑ 1 N ¡-­‑ 1 N ¡-­‑ 1 t=1 : no padding 0 0 t t=2 : padding Chunk ¡counter: 2 0 1 Enc Enc Enc c c c Message ¡counter: Nonce-­‑based AE

  11. InterMAClib C-­‑implementation Aims ¡to ¡be ¡”safe” ¡to ¡use Small ¡API User-­‑oblivious ¡nonce-­‑management Algorithm ¡agility AES-­‑GCM Chacha20-­‑Poly1305

  12. Nonce ¡management chunk ¡counter ¡= ¡0 im_init (… ¡, ¡ae_cipher) ¡: message ¡counter ¡= ¡0 32 64 nonce ¡= ¡ InterMAC with ¡ChaCha20-­‑Poly1305 K mac <-­‑ ChaCha20( 0 , ¡K, ¡nonce, ¡block_counter = ¡0) C <-­‑ ChaCha20(M, ¡K, ¡nonce, ¡block_counter = ¡1) Tag ¡<-­‑ Poly1305(K mac , ¡C) InterMAC with ¡AES-­‑GCM Initialise aes-­‑gcm with ¡nonce ¡for ¡each ¡chunk

  13. Want ¡cipher ¡modes ¡with ¡all ¡4 ¡security ¡ We ¡implemented ¡InterMAC-­‑based ¡ properties cipher ¡modes ¡in ¡OpenSSH (v7.4) No ¡current ¡cipher ¡mode ¡satisfy ¡that… [AD H P16] im-­‑aes128-­‑gcm-­‑N im-­‑chacha-­‑poly-­‑N Packet Pad Payload Padding Length Len 1 4 ≥4 OpenSSH packet ¡ Standalone ¡code-­‑path ¡ [APW09] [AD H P16] processing ¡code: in ¡the ¡OpenSSH packet ¡ [PW10] complex ¡and ¡buggy processing ¡code Throughput Total ¡bytes ¡transmitted Performance ¡of ¡InterMAC-­‑based ¡ cipher ¡modes ¡compared ¡to ¡existing ¡ Behavior ¡relating ¡to ¡chunk ¡ cipher ¡modes length ¡N

  14. SCP AWS AWS London US-­‑Oregon [AD H P16]

  15. SCP AWS AWS London US-­‑Oregon

  16. N ¡-­‑ 1 N ¡-­‑ 1 N ¡-­‑ 1

  17. Finish ¡line ¡is ¡in ¡sight… Implementations ¡must ¡cater ¡for ¡ ciphertext fragmentation [BDPS12] ¡provides ¡a ¡security ¡ model ¡for ¡studying ¡symmetric ¡ We ¡believe ¡this ¡feature ¡should ¡be ¡ reflected ¡in ¡the ¡security ¡models encryption ¡schemes ¡supporting ¡ ciphertext fragmentation We ¡modify ¡InterMAC to ¡make ¡it ¡ InterMAC satisfies ¡all ¡security ¡ usable ¡in ¡practice ¡and ¡create ¡ notions ¡from ¡[BDPS12] InterMAClib OpenSSH want ¡cipher ¡modes ¡ We ¡implement ¡InterMAC-­‑based ¡ that ¡meets ¡all ¡security ¡notions ¡ cipher ¡modes ¡in ¡OpenSSH using ¡ from ¡[BDPS12] InterMAClib We ¡measured ¡performance; ¡ InterMAC: ¡SSH ¡binary ¡packet ¡ indicates ¡that ¡greater ¡security ¡can ¡ protocol ¡done ¡right, ¡using ¡ be ¡traded ¡for ¡only ¡a ¡minor ¡ modern ¡primitives performance ¡hit

  18. Hi ¡Bob, ¡ I ¡believe ¡we ¡ can ¡beat ¡Eve! RealWorld Class ¡Alice! Torben ¡Hansen ¡@n_tbh Martin ¡Albrecht ¡@martinralbrecht Kenny ¡Paterson ¡@kennyog

Recommend

Mobile Systems Availability Mobile Systems Availability Integrity and Confidentiality Integrity

Mobile Systems Availability Mobile Systems Availability Integrity and Confidentiality Integrity

Mobile Systems Availability Mobile Systems Availability Integrity and Confidentiality Integrity and Confidentiality MoSAIC MoSAIC M.O.Killijian, D.Powell, M.Bantre, P.Couderc, Y.Roudier LAAS-CNRS - IRISA- Eurcom Context Context 3

159 views • 14 slides
Integrity and Confidentiality in Web Applications Jeff Johnson 1 Where We're At We have been

Integrity and Confidentiality in Web Applications Jeff Johnson 1 Where We're At We have been

Integrity and Confidentiality in Web Applications Jeff Johnson 1 Where We're At We have been mostly focusing on Fixing vulnerabilities inherent to languages Finding/protecting against programmer follies Today we will look at

682 views • 42 slides
Other threats Threat model (beyond TLS) TLS = confidentiality, integrity, authenticity

Other threats Threat model (beyond TLS) TLS = confidentiality, integrity, authenticity

Other threats Threat model (beyond TLS) TLS = confidentiality, integrity, authenticity Metadata leaks Resource starvation Topic Virtual Private Networks (VPNs) Run as closed networks on Internet Use IPSEC to secure messages

736 views • 30 slides
Other defenses Threat model (beyond TLS) TLS = confidentiality, integrity, authenticity

Other defenses Threat model (beyond TLS) TLS = confidentiality, integrity, authenticity

Other defenses Threat model (beyond TLS) TLS = confidentiality, integrity, authenticity Metadata leaks Resource starvation Topic Virtual Private Networks (VPNs) Run as closed networks on Internet Use IPSEC to secure

605 views • 38 slides
Introduction to Cryptology: confidentiality, integrity, authenticity 2015/12 Yaound,

Introduction to Cryptology: confidentiality, integrity, authenticity 2015/12 Yaound,

Introduction to Cryptology: confidentiality, integrity, authenticity 2015/12 Yaound, Cameroun Damien Robert quipe LFANT, Inria Bordeaux Sud-Ouest Institut de Mathmatiques de Bordeaux quipe MACISA, Laboratoire International de

753 views • 53 slides
CS/COE 1520 pitt.edu/~ach54/cs1520 Web security Security basics: CIA Confidentiality

CS/COE 1520 pitt.edu/~ach54/cs1520 Web security Security basics: CIA Confidentiality

CS/COE 1520 pitt.edu/~ach54/cs1520 Web security Security basics: CIA Confidentiality Keeping information secret from those who should not be able to see it Integrity Two portions: Data integrity: has the content of

680 views • 19 slides
On Protecting Integrity and Confidentiality of Cryptographic File System for Outsourced Storage

On Protecting Integrity and Confidentiality of Cryptographic File System for Outsourced Storage

On Protecting Integrity and Confidentiality of Cryptographic File System for Outsourced Storage Aaram Yun , Chunhui Shi, Yongdae Kim University of Minnesota CCSW 2009, 13 Nov 2009 Cryptographic network file system How to achieve a

348 views • 16 slides
CREDENTIALS PRESENTATION Corporate Advisory Solutions INTEGRITY, CONFIDENTIALITY, EXPERIENCE

CREDENTIALS PRESENTATION Corporate Advisory Solutions INTEGRITY, CONFIDENTIALITY, EXPERIENCE

CREDENTIALS PRESENTATION Corporate Advisory Solutions INTEGRITY, CONFIDENTIALITY, EXPERIENCE ABOUT CORPORATE ADVISORY SOLUTIONS CAS is a merchant bank based in Philadelphia and Washington, D.C., specializing in M&amp;A, and strategic advisory

338 views • 13 slides
KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR

KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR

KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR INTEGRITY INTEGRITY INTEGRITY INTEGRITY INTEGRITY INTEGRITY Blockchain &amp; Security Ruth Crowell, Chief Executive Asia Pacific Precious Metals

460 views • 10 slides
MODERN MEMORY DEFENSES GRAD SEC SEP 14 2017 TODAYS PAPERS CONTROL FLOW INTEGRITY

MODERN MEMORY DEFENSES GRAD SEC SEP 14 2017 TODAYS PAPERS CONTROL FLOW INTEGRITY

MODERN MEMORY DEFENSES GRAD SEC SEP 14 2017 TODAYS PAPERS CONTROL FLOW INTEGRITY Fundamentally, code injection attacks altered the target programs control flow Recall: Confidentiality, Integrity, Availability Most integrity

937 views • 30 slides
Alice and Bob want to communicate securely Achieve confidentiality and

Alice and Bob want to communicate securely Achieve confidentiality and

Alice and Bob want to communicate securely Achieve confidentiality and integrity/authenticity Both know each others public key Example: A-&gt;B: E Bob (M), S Alice (M) Works, but expensive Recall hybrid encryption

488 views • 16 slides
Information security has relied upon the following pillars: Confidentiality only allow

Information security has relied upon the following pillars: Confidentiality only allow

Security &amp; Knowledge Management a.a. 2019/20 Information security has relied upon the following pillars: Confidentiality only allow access to data for which the user is permitted Integrity ensure data is not tampered or

657 views • 52 slides
Confidentiality &amp; Disclaimer Confidentiality The recipient of the information contained in

Confidentiality &amp; Disclaimer Confidentiality The recipient of the information contained in

Confidentiality &amp; Disclaimer Confidentiality The recipient of the information contained in this presentation, in receiving it, agrees not to copy or disclose any of its contents to third parties without the written consent of Kendeil

952 views • 33 slides
Confidentiality &amp; Disclaimer Confidentiality The recipient of the information contained in

Confidentiality &amp; Disclaimer Confidentiality The recipient of the information contained in

Confidentiality &amp; Disclaimer Confidentiality The recipient of the information contained in this presentation, in receiving it, agrees not to copy or disclose any of its contents to third parties without the written consent of Kendeil

790 views • 34 slides
May 1: Integrity Models Biba Clark-Wilson Comparison Trust models May 1, 2017 ECS

May 1: Integrity Models Biba Clark-Wilson Comparison Trust models May 1, 2017 ECS

May 1: Integrity Models Biba Clark-Wilson Comparison Trust models May 1, 2017 ECS 235B Spring Quarter 2017 Slide #1 Integrity Overview Requirements Very different than confidentiality policies Biba s models

514 views • 33 slides
Le Lecture 15 15 Access Control 1 Recall: Secu curity Service ces Confidentiality: to

Le Lecture 15 15 Access Control 1 Recall: Secu curity Service ces Confidentiality: to

Le Lecture 15 15 Access Control 1 Recall: Secu curity Service ces Confidentiality: to assure information privacy and secrecy Authentication: to assert who created or sent data Integrity: to show that data has not been altered

656 views • 32 slides
will be posted on the LBAB website soon! Confidentiality Reminder of Confidentiality: Board

will be posted on the LBAB website soon! Confidentiality Reminder of Confidentiality: Board

This presentation will be posted on the LBAB website soon! Confidentiality Reminder of Confidentiality: Board members and staff are not at liberty to discuss application files, criminal background checks, or other matters that occur in

961 views • 51 slides
Io IoT T Security In Informatio ion sec securit ity Confidentiality Data accessed

Io IoT T Security In Informatio ion sec securit ity Confidentiality Data accessed

Security &amp; Knowledge Management a.a. 2019/20 Io IoT T Security In Informatio ion sec securit ity Confidentiality Data accessed just by permitted users Integrity Not tampered by not permitted users Availability

558 views • 21 slides
Wireless Security Why This Works Integrity Attacks Availability Black Holes Battery Exhaustion

Wireless Security Why This Works Integrity Attacks Availability Black Holes Battery Exhaustion

Wireless Security Wireless Security Confidentiality Integrity Wireless Architecture Access Points Which AP? The Evil Twin Attack Wireless Security Why This Works Integrity Attacks Availability Black Holes Battery Exhaustion Battery

785 views • 41 slides
Yasser F. O. Mohammad REMIDER 1: IPSec Uses REMINDER 2: IPSec Services Access control

Yasser F. O. Mohammad REMIDER 1: IPSec Uses REMINDER 2: IPSec Services Access control

Yasser F. O. Mohammad REMIDER 1: IPSec Uses REMINDER 2: IPSec Services Access control Connectionless integrity Data origin authentication Rejection of replayed packets a form of partial sequence integrity Confidentiality

818 views • 37 slides
Data Confidentiality in Data Confidentiality in Collaborative Computing Collaborative Computing

Data Confidentiality in Data Confidentiality in Collaborative Computing Collaborative Computing

Data Confidentiality in Data Confidentiality in Collaborative Computing Collaborative Computing Mikhail Atallah Department of Computer Science Purdue University Collaborators Collaborators Ph.D. students: Marina Blanton (exp grad

1.36k views • 29 slides
Domain Name System (DNS) Learning Goal Foundations of DNS Security in DNS: Integrity

Domain Name System (DNS) Learning Goal Foundations of DNS Security in DNS: Integrity

IN3210 Network Security Domain Name System (DNS) Learning Goal Foundations of DNS Security in DNS: Integrity and Authenticity Confidentiality 2 Foundations of DNS 3 Domain Name System Directory services for name

727 views • 51 slides
Professional Integrity to Testing &amp; Certification Practitioners Integrity Training for PCSTP

Professional Integrity to Testing &amp; Certification Practitioners Integrity Training for PCSTP

Professional Integrity to Testing &amp; Certification Practitioners Integrity Training for PCSTP Applicants Hong Kong Ethics Development Centre Independent Commission Against Corruption Competence Requirement Integrity Management

574 views • 23 slides
LESSONS LEARNED Research Integrity Some Thoughts Integrity is doing the right thing when

LESSONS LEARNED Research Integrity Some Thoughts Integrity is doing the right thing when

Mr. Gianfranco Scipione, M.Sc., J.D./M.B.A. Manager, Research Integrity UHN Research Ms. Katie Roposa, BScN, MEd, RN, CMQ/OE Director, Research Quality Integration UHN Research LESSONS LEARNED Research Integrity Some Thoughts Integrity

623 views • 21 slides

More recommend