Pr Protocol Design Challeng l Design Challenge Zebranet Z2Z DATA - PowerPoint PPT Presentation

Pr Protocol Design Challeng l Design Challenge

Zebranet Z2Z DATA DATA DATA Z2R

8 teams working hard

1 jury working harder • We le% dinner at 22h • Finished this presenta1on at 01h30

Weird assump?ons • A7ackers can kill zebra and take zebra’s skin • We assume DJB is not conspiring with the hunters to backdoor his crypto

Encryp?ng data Majority: using ranger’s public key However, only one ranger or trusted group of rangers Notable excep1on: one team assumed a group of rangers that threshold share a key J

Encryp?ng data: AE A lot of groups seem to derive a new key for every AE(AD) encryp1on à Why ?? Sloppy AE usage: IV o%en missing or not made explicit

WTF??? • Beacons to ini1ate Z2Z • Computed bounds on zebra range • Weird, slightly incoherent stuff

SEcure Roaming Interconnec?on Of Undefended Zebras • Mutual authen1ca1on Z2Z and Z2R (but not quite) • Detec1on of compromised zebras • Possibly signature abuse, a7ack • Z2Z: signature on all transmi7ed data (at the end) • Way too long and complex

We love zebras • Hybrid encryp1on • Short descrip1on J • Z2R: no authen1ca1on • Onion structure ??? • Threatened the jury

Fully symmetric key J • However, needs tamperproof and side-channel resistant HW • Basically has 1 key in the en1re system, which is shared by all zebras and ranger è Nice try mister sand and misses ocean

SECBRA • Zebra pa7ern recogni1on and lifeness detec1on • Data storage: sign inside encrypt (?) • Z2Z: no authen1ca1on, no protec1on against flooding

No bonus for fancy words • Unlinked DH ? à seem to get away with 1mestamps • Public key pair Ranger for encryp1on never used, no data confendiality?

Runners up • Threshold rangers • Z2Z: shared keys • Z2R: key transfer protocol

Winning protocol Z2R: symmetric Z2Z: signatures on messages Wipe: ranger signs dele1ons on last known tags for each zebra No authen1ca1on prior to data transfer: possible DoS (energy!)

How we would do it Z2R : symmetric key Z2Z: • public key, or • symmetric key with addi1onal storage

And the winners are … As we value par1cipa1ng over winning, the two arbitrary winners of the IoT starter kits are assigned among par1cipants in the protocol design challenge that fulfil the following condi1on: either their protocols were not badly broken by Jens and Roel overnight, either they showed some interes1ng ideas towards the challenge or towards the bonuses, either they have a really nicely drawn zebra. The list of par1cipants sa1sfying this condi1on is decided upon solely by Jens and Roel. The two winners are, of those on the list, whoever single person (whenever two or more persons are equally close, we remove that number from the list and move on to the next number in the list) is closest to picking the number 834321, 294820, 128304, 387231. In case of any dispute, Roel and Jens take home the kits themselves..