out of band authentication in group messaging
play

Out-of-Band Authentication in Group Messaging: Computational, - PowerPoint PPT Presentation

Aug 13, 2023 •242 likes •577 views

Out-of-Band Authentication in Group Messaging: Computational, Statistical, Optimal Computational, Statistical, Optimal Lior Rotem Gil Segev Hebrew University Major Effort: E2E-Encrypted Messaging Government surveillance and/or coercion

  1. Out-of-Band Authentication in Group Messaging: Computational, Statistical, Optimal Computational, Statistical, Optimal Lior Rotem Gil Segev Hebrew University

  2. Major Effort: E2E-Encrypted Messaging • Government surveillance and/or coercion • Untrusted or corrupted messaging servers Key challenge: Detecting man-in-the-middle attacks when setting up E2E-encrypted channels 2

  3. Man-in-the-Middle Attacks Alice’s phone Bob’s phone 3

  4. Man-in-the-Middle Attacks • Impossible to detect without any setup Bob’s phone Alice’s phone Impractical to assume a trusted PKI in messaging platforms… 4

  5. Out-of-Band Authentication Practical to assume: Users can “out-of-band” authenticate one short value Alice’s phone Bob’s phone Bob • Users can compare a short string displayed on their devices • Assuming that they recognize each other’s voice, this is a low-bandwidth authenticated channel 5

  6. Out-of-Band Authentication Facebook Telegram Allo Signal WhatsApp Wire 6

  7. Out-of-Band Authentication Bounded Bounded vs. unbounded adversaries Within the cryptography community: • Considered by Rivest and Shamir in ’84 (“Interlock” protocol) • Formalized by Vaudenay ’05 (computational security) and by Naor, Segev and Smith ’06 (statistical security) 7

  8. The User-to-User Setting • An equivalent problem: Detecting MitM attacks in message authentication Alice’s phone Bob’s phone 8

  9. The User-to-User Setting Alice’s phone Bob’s phone … … Out-of-band channel … … The image part with relationship ID rId9 was not found in the file. The image part with relationship ID rId5 was not found in the file. The image part with relationship ID rId10 was not found in the file. 9

  10. The User-to-User Setting Alice’s phone Bob’s phone … … Out-of-band channel The image part with relationship ID rId11 was not found in the file. The image part with relationship ID rId5 was not found in the file. The image part with relationship ID rId12 was not found in the file. Minimize Maximize user effort security 10

  11. User-to-User Bounds Protocols Lower Bounds Computational Security Security [Vau05, PV06] Statistical Security [NSS06] 11

  12. This Talk: The Group Setting User-to-User Setting Group Setting ? ? ✓ ✓ Tightly characterized Not yet studied x ✓ Practical protocols deployed Impractical protocols deployed 12

  13. Our Contributions A framework modeling out-of-band authentication in the group setting … … … … Out-of-band channel • Users communicate over an insecure channel • Group administrator can out-of-band authenticate one short value to all users • Consistent with and supported by existing messaging platforms 13

  14. Our Contributions A framework modeling out-of-band authentication in the group setting Tight bounds for out-of-band authentication in the group setting Protocols Lower Bounds Computational Computational Security Statistical Security Our computationally-secure protocol is practically relevant, and substantially improves the currently-deployed protocols : 14

  15. Talk Outline • Communication model & notions of security • The naïve protocol • Our protocols & lower bounds Protocols Lower Bounds Computational Security Statistical Security 15

  16. Talk Outline • Communication model & notions of security • The naïve protocol • Our protocols & lower bounds Protocols Lower Bounds Computational Security Statistical Security 16

  17. Communication Model … … … Out-of-band channel • Insecure channel: Adversary can read, remove and insert messages • Out-of-band channel: Adversary can read, remove and delay messages, for all or for some of the users Adversary cannot modify messages/insert new ones in an undetectable manner 17

  18. Correctness & Security … … … Out-of-band channel • Computational vs. statistical security 18

  19. Talk Outline • Communication model & notions of security • The naïve protocol • Our protocols & lower bounds Protocols Lower Bounds Computational Security Statistical Security 19

  20. The Naïve Protocol … … Seems impractical… 20

  21. Talk Outline • Communication model & notions of security • The naïve protocol • Our protocols & lower bounds Protocols Lower Bounds Computational Security Statistical Security 21

  22. Our Computationally-Secure Protocol Out-of-band channel 22

  23. Our Computationally-Secure Protocol 23

  24. Example: One Possible Attack 24

  25. Concurrent Non-Malleable Commitments • Infeasible to “non-trivially correlate” concurrent executions … … 25

  26. Talk Outline • Communication model & notions of security • The naïve protocol • Our protocols & lower bounds Protocols Lower Bounds Computational Security Statistical Security 26

  27. Our Statistical Lower Bound … … … Out-of-band channel 27

  28. Protocol Structure 28

  29. 29

  30. Lemma 1: There exists a man-in-the-middle attacker that succeeds with probability 30

  31. • The security of the protocol guarantees that • The security of the protocol guarantees that 31

  32. Summary A framework modeling out-of-band authentication in the group setting Tight bounds for out-of-band authentication in the group setting Protocols Lower Bounds Computational Computational Security Statistical Security Thank You! https://eprint.iacr.org/2018/493 32

Recommend

in Group Messaging: Computational, Statistical, Optimal Lior Rotem Gil Segev Hebrew University

in Group Messaging: Computational, Statistical, Optimal Lior Rotem Gil Segev Hebrew University

Out-of-Band Authentication in Group Messaging: Computational, Statistical, Optimal Lior Rotem Gil Segev Hebrew University Messaging is Popular 2 Major Effort: E2E-Encrypted Messaging Government surveillance and/or coercion

585 views • 40 slides
NBEMS Narrow Band Emergency Messaging System Setup of these programs Fldigi Flamp Flmsg In

NBEMS Narrow Band Emergency Messaging System Setup of these programs Fldigi Flamp Flmsg In

NBEMS Narrow Band Emergency Messaging System Setup of these programs Fldigi Flamp Flmsg In the beginning... A little help can go a long way in setting up a new program. In most cases you can simple duplicate my settings and later after

589 views • 32 slides
I MPROVED S TRONGLY D ENIABLE A UTHENTICATED K EY E XCHANGES F OR S ECURE M ESSAGING Nik Unger

I MPROVED S TRONGLY D ENIABLE A UTHENTICATED K EY E XCHANGES F OR S ECURE M ESSAGING Nik Unger

I MPROVED S TRONGLY D ENIABLE A UTHENTICATED K EY E XCHANGES F OR S ECURE M ESSAGING Nik Unger and Ian Goldberg Secure Messaging 2 Secure Messaging All-Verifier Deniable Anonymous Authentication End-to Authentication End Zone

776 views • 48 slides
BETTER MESSAGING, FTF Conference BETTER MARKETING 2014 Julia Wilber Dr. Anupama Pasricha

BETTER MESSAGING, FTF Conference BETTER MARKETING 2014 Julia Wilber Dr. Anupama Pasricha

BETTER MESSAGING, FTF Conference BETTER MARKETING 2014 Julia Wilber Dr. Anupama Pasricha Introduction Messaging Matters OUTLINE Research Observations Recommendations Small Group Discussion Large Group Q&A Introduction Messaging

580 views • 25 slides
Inside Virtual Synchrony Prepared by: Steven Dake 7/12/05 Definitions Group Messaging

Inside Virtual Synchrony Prepared by: Steven Dake 7/12/05 Definitions Group Messaging

Inside Virtual Synchrony Prepared by: Steven Dake 7/12/05 Definitions Group Messaging Sending messages from 1 sender to many receivers. Processor The entity responsible for executing group messaging and membership

299 views • 17 slides
Welcome Marching Band is about so much more than music! We hope this group will become a second

Welcome Marching Band is about so much more than music! We hope this group will become a second

Welcome Marching Band is about so much more than music! We hope this group will become a second family to you and your child. Freshmen marching band students will arrive for their first day of high school, as a part of a well-respected

529 views • 28 slides
AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

SECURITY TOPICS PART 2 AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources: getting entrance to a computer lab

833 views • 44 slides
Secure Messaging Lecture 23 Messaging Alice Bob Secure Messaging Corruption model

Secure Messaging Lecture 23 Messaging Alice Bob Secure Messaging Corruption model

Secure Messaging Lecture 23 Messaging Alice Bob Secure Messaging Corruption model Server/network is adversarial (but trusted identity registration needed) Windows of compromise when a party is under adversarial control (or readable

933 views • 14 slides
HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication

288 views • 10 slides
Radio/microwave band The electromagnetic spectrum Infra red band Optical band UV band X-ray

Radio/microwave band The electromagnetic spectrum Infra red band Optical band UV band X-ray

The he mul ulti ti-wavele elength ngth mul ulti ti-tempor temporal al sk sky Radio/microwave band The electromagnetic spectrum Infra red band Optical band UV band X-ray band -ray band TeV band Radio/microwave band Infra red

692 views • 42 slides
Welcome to the Washington Warrior Band Program DARIEN M. ORR BAND DIRECTOR Phone: (217) 525-

Welcome to the Washington Warrior Band Program DARIEN M. ORR BAND DIRECTOR Phone: (217) 525-

Welcome to the Washington Warrior Band Program DARIEN M. ORR BAND DIRECTOR Phone: (217) 525- 3182 Ext. 160 Email: darienorr@sps186.org Benefits of Band Band provides the opportunity to create. Band builds a sense of community,

286 views • 9 slides
Band Presentation: By Leigh Maisey Initial Band The Scene and Herd Band Change Red Sky Was

Band Presentation: By Leigh Maisey Initial Band The Scene and Herd Band Change Red Sky Was

Band Presentation: By Leigh Maisey Initial Band The Scene and Herd Band Change Red Sky Was approached by Red Sky wanting some graphic design work done for the band. Band Briefing Logo Business Card Letterhead T Shirt Poster Logo

810 views • 23 slides
Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a precondition How to authenticate: Something you know Password, Secrets Something you have Smart Card, Token Something you are Biometrie

607 views • 4 slides
NMCHS CONDOR Band Marching Band, DrumLine, Color Guard, Jazz Band Performances Band Reviews:

NMCHS CONDOR Band Marching Band, DrumLine, Color Guard, Jazz Band Performances Band Reviews:

NMCHS CONDOR Band Marching Band, DrumLine, Color Guard, Jazz Band Performances Band Reviews: Oct 12th: Cupertino Oct 19th: Santa Cruz Boardwalk Nov 2nd: Pismo Beach Nov 9th : Merced Uniforms Checks are important: Shoes, black socks,

550 views • 9 slides
Authentication Frequency (and Continuous Authentication) Mike Just Interactive and Trustworthy

Authentication Frequency (and Continuous Authentication) Mike Just Interactive and Trustworthy

Authentication Frequency (and Continuous Authentication) Mike Just Interactive and Trustworthy Technologies Group Glasgow Caledonian University SOUPS 2014 WAY Workshop 9 July 2014 Outline Authentication frequency Continuous

502 views • 12 slides
Dissent: Accountable Anonymous Group Messaging Henry

Dissent: Accountable Anonymous Group Messaging Henry

Dissent: Accountable Anonymous Group Messaging Henry Corrigan-Gibbs and Bryan Ford Department of Computer Science Yale University 17 th ACM Conference on

879 views • 65 slides
YOUR MESSAGING ISNT ABOUT YOU 7 Steps to Messaging that Connects Who am I? Why am I

YOUR MESSAGING ISNT ABOUT YOU 7 Steps to Messaging that Connects Who am I? Why am I

YOUR MESSAGING ISNT ABOUT YOU 7 Steps to Messaging that Connects Who am I? Why am I here? Hundreds of product launches. Dozens of corporate launches. One top-funded Kickstarter campaign The Tool: The Message Map

655 views • 22 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

1.66k views • 27 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

613 views • 27 slides
Band Orientation 2019 What is the SMS Band? The Shelburne band is a place where students have fun

Band Orientation 2019 What is the SMS Band? The Shelburne band is a place where students have fun

Band Orientation 2019 What is the SMS Band? The Shelburne band is a place where students have fun learning how to perform music for the community. Its a place where students learn teamwork , responsibility, work ethic, and discipline that

736 views • 45 slides
min ( ). ( , , ). ( , ) l i a i j k V j k i j k Where ( i )

min ( ). ( , , ). ( , ) l i a i j k V j k i j k Where ( i )

CE -751, SLD, Class Notes, Fall 2006, IIT Bombay m a x = 1 =1- x n a x = 1 x x=any time band. m=Time band into which zone j falls a x =The destination opportunities available in time band x n= The last time band as measured

245 views • 23 slides
The Franklin Band The Franklin Band Overview Lets be clear on this: CONCERT BAND IS THE MOST

The Franklin Band The Franklin Band Overview Lets be clear on this: CONCERT BAND IS THE MOST

The Franklin Band The Franklin Band Overview Lets be clear on this: CONCERT BAND IS THE MOST IMPORTANT THING WE DO . W e are a concert band program that does marching band, not the other way around. Marching Band may be the most visible

423 views • 20 slides
WELCOME BAND PARENTS! Friday, May 19, 2017 CTJ Band Hall Our Kids Are Amazing!!! Upcoming

WELCOME BAND PARENTS! Friday, May 19, 2017 CTJ Band Hall Our Kids Are Amazing!!! Upcoming

WELCOME BAND PARENTS! Friday, May 19, 2017 CTJ Band Hall Our Kids Are Amazing!!! Upcoming Events May 19 th 2017-2018 Marching Band Kickoff Rehearsal May 26 th Spring Jazz Band Concert May 27 th 29 th UIL State Solo & Ensemble Contest

392 views • 18 slides
A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization, Sessions Authentication Determining user identity Multiple ways What you know (password) What you have (phone, RSA SecureID, Yubikey)

1.57k views • 28 slides

More recommend