privacy preserving authenticated key exchange and the
play

Privacy-Preserving Authenticated Key Exchange and the Case of IKEv2 - PowerPoint PPT Presentation

Sep 03, 2023 •5 likes •185 views

Privacy-Preserving Authenticated Key Exchange and the Case of IKEv2 Sven Schge, Jrg Schwenk, Sebastian Lauer Ruhr-University Bochum Classical Key Exchange Setting m1 Bob Alice m2 skA skB pkB pkA mq-1 mq derive K derive K 2

  1. Privacy-Preserving Authenticated Key Exchange and the Case of IKEv2 Sven Schäge, Jörg Schwenk, Sebastian Lauer Ruhr-University Bochum

  2. Classical Key Exchange Setting m1 Bob Alice m2 skA skB pkB pkA mq-1 mq derive K derive K 2 PPAKE - PKC 2020

  3. Multi-Homed Servers m1 Bob Alice m2 skA sk B0 pk B0 sk B1 mq-1 pk B1 pkA mq derive K derive K 3 PPAKE - PKC 2020

  4. General Case m1 Bob Alice m2 sk A0 sk B0 sk A1 sk B1 mq-1 pk B0 pk A0 mq pk B1 pk A1 derive K derive K 4 PPAKE - PKC 2020

  5. Motivation for PPAKE • Privacy • Censorship Circumvention • PPAKE is not a substitution for TOR! PPAKE does not hide the endpoint but only the virtual identity on/behind that endpoint. 5 PPAKE - PKC 2020

  6. Contribution • New security model for PPAKE • Besides key indistinguishability, additionally captures indistinguishability of used identities • General and strong security notion that requires that privacy is cryptographically independent of key indistinguishability • Proper extension of classical AKE • Introduced changes extendable to unilateral authentication, ACCE, explicit authentication • New conceptual feature: Modes • Modes model protocol options • Formulate expectations of parties on who is responsible for choosing identities • Security proof of IPsec with signature-based authentication 6 PPAKE - PKC 2020

  7. Overview Security Model Public modes: IM A,1 |PM A,1 Public modes: IM B,1 |PM B,1 Selector bits: ISB A,1 |PSB A,1 Selector bits: ISB B,1 |PSB B,1 O A,1 O B,1 k B,1 k A,1 B A Public modes: IM A,2 |PM A,2 Public modes: IM B,2 |PM B,2 O A,2 O B,2 Selector bits: ISB A,2 |PSB A,2 Selector bits: ISB B,2 |PSB B,2 k A,2 k B,2 … … … sk A0 sk B0 sk A1 O A,q Public modes: IM A,q |PM A,q Public modes: IM B,q |PM B,q sk B1 O B,q pk B0 Selector bits: ISB A,q |PSB A,q Selector bits: ISB B,q |PSB B,q pk A0 k A,q k B,q pk B1 pk A1 7 PPAKE - PKC 2020

  8. Overview Security Model Identity Mode (IM) ∈ {me,partner} Partner Mode (PM) ∈ {me,partner} Identity Selector Bit (ISB) ∈ {0,1} Partner Selector Bit (PSB) ∈ {0,1} Public modes: IM A,1 |PM A,1 Public modes: IM B,1 |PM B,1 Selector bits: ISB A,1 |PSB A,1 Selector bits: ISB B,1 |PSB B,1 O A,1 O B,1 k B,1 k A,1 B A Public modes: IM A,2 |PM A,2 Public modes: IM B,2 |PM B,2 O A,2 O B,2 Selector bits: ISB A,2 |PSB A,2 Selector bits: ISB B,2 |PSB B,2 k A,2 k B,2 … … … sk A0 sk B0 sk A1 O A,q Public modes: IM A,q |PM A,q Public modes: IM B,q |PM B,q sk B1 O B,q pk B0 Selector bits: ISB A,q |PSB A,q Selector bits: ISB B,q |PSB B,q pk A0 k A,q k B,q pk B1 pk A1 8 PPAKE - PKC 2020

  9. PPAKE Security Model: Attack Capabilities • New Attack Queries to Sessions: • Unmask(own/partner) • Test(ID,own/partner)->0/1 • Other (Classical) Attack Queries: • Send • RevealKey • Corrupt • Test(Key) 9 PPAKE - PKC 2020

  10. PPAKE Security Experiment • Each party is equipped with two key pairs • If mode requires so, each session chooses random identity for itself or communication partner • Attacker always has access to all attack capabilities • Adding a new security proof for identity indistinguishability to existing security analyses is not enough! • Old proof may become invalidated when also given access to Unmask query! 10 PPAKE - PKC 2020

  11. PPAKE Security Guarantees • Key indistinguishability for session key of test session - even if identity is revealed • Pre-requisite to show that new PPAKE model is proper extension of classical AKE model • Indistinguishability of identities of test session - even if session key is revealed 11 PPAKE - PKC 2020

  12. Applicability to other Security Models • Selector bits, modes, Unmask queries and Test(ID) may be used to extend other security models • AKE with explicit authentication • Unilateral authentication • ACCE->PPACCE 12 PPAKE - PKC 2020

  13. IPsec with Signature-based Authentication • Phase 1: Anonymous DH Key exchange with fresh nonces. Result: symmetric keys • Phase 2: Use symmetric keys to encrypt all data including authentication step with signatures 13 PPAKE - PKC 2020

  14. Phase 1 14 PPAKE - PKC 2020

  15. Phase 2 Option 1: Initiator may specify Responder’s identity Option 2: Responder may specify Responder’s identity 15 PPAKE - PKC 2020

  16. PPAKE Security Proof • Protocol is PPAKE secure assuming security of • PRF-ODH assumption • Pseudo-Random Functions (PRF) • Digital Signature Scheme (SIG) • Authenticated Encryption (AE) Scheme • Length-hiding to hide identities • Signatures should be length-preserving or • Use length-hiding authenticated encryption 16 PPAKE - PKC 2020

  17. Conclusion • Model for Privacy-Preserving AKE • Emphasizes cryptographic independence of identity indistinguishability and key indistinguishability • Captures options for distinct ways to decide on used identities • A set of ingredients to extend existing models to become privacy-preserving • Supports comparability of models since new models are proper extensions • Proof of IPsec with Signature-based Authentication • Take Home Message: Data that depends on the identity should have same length for all identities 17 PPAKE - PKC 2020

  18. • Thank you very much for your attention! 18 PPAKE - PKC 2020

Recommend

Privacy-preserving and Authenticated Data Cleaning on Outsourced Databases Thesis Defense

Privacy-preserving and Authenticated Data Cleaning on Outsourced Databases Thesis Defense

Privacy-preserving and Authenticated Data Cleaning on Outsourced Databases Thesis Defense Boxiang Dong THESIS COMMITTEE: Advisor: Prof. Wendy Hui Wang Prof. Yingying Chen Prof. David Naumann Prof. Antonio Nicolosi Department of Computer

1.11k views • 61 slides
Real-World Authenticated Key Exchange Tibor Jager Paderborn University Summer School on

Real-World Authenticated Key Exchange Tibor Jager Paderborn University Summer School on

Real-World Authenticated Key Exchange Tibor Jager Paderborn University Summer School on Real-World Crypto and Privacy ibenik, Croatia June 17 th , 2019 Outline Security of the Diffie-Hellman Key Exchange Man-in-the-Middle attacks

1.09k views • 85 slides
Outline Password-based Authenticated Key Exchange Password-based Authenticated Key Exchange 1

Outline Password-based Authenticated Key Exchange Password-based Authenticated Key Exchange 1

PAKE Game-based Security Universal Composability LAKE Outline Password-based Authenticated Key Exchange Password-based Authenticated Key Exchange 1 David Pointcheval Ecole Normale Sup erieure Game-based Security 2 Universal

927 views • 10 slides
Privacy Preserving Protocols Workshop on Cryptography for the Internet of Things Jens Hermans KU

Privacy Preserving Protocols Workshop on Cryptography for the Internet of Things Jens Hermans KU

Privacy Preserving Protocols Privacy Preserving Protocols Workshop on Cryptography for the Internet of Things Jens Hermans KU Leuven - COSIC 20 November 2012 Privacy Preserving Protocols Introduction Cryptography in Daily Life RFID Privacy

1.04k views • 60 slides
PINFER: PRIVACY-PRESERVING INFERENCE DPM 2019 Luxembourg Sep. 26, 2019 Marc Joye Fabien

PINFER: PRIVACY-PRESERVING INFERENCE DPM 2019 Luxembourg Sep. 26, 2019 Marc Joye Fabien

Innovation Centre PINFER: PRIVACY-PRESERVING INFERENCE DPM 2019 Luxembourg Sep. 26, 2019 Marc Joye Fabien Petitcolas MACHINE LEARNING AS A SERVICE GENERIC MODEL result Client Cloud (Server) 1 exchange of messages c 2019 OneSpan

588 views • 16 slides
EEXCESS or the challenge of privacy-preserving quality recommendations Benjamin Habegger, Nadia

EEXCESS or the challenge of privacy-preserving quality recommendations Benjamin Habegger, Nadia

EEXCESS or the challenge of privacy-preserving quality recommendations Benjamin Habegger, Nadia Bennani, Eld Egyed-Szigmond, Omar Hassan Lyon University, CNRS, INSA-Lyon, LIRIS, UMR5205 EEXCESS Project Enhancing Europes eXchange in

612 views • 36 slides
Privacy-preserving Information Sharing: Crypto Tools and Applications Emiliano De Cristofaro

Privacy-preserving Information Sharing: Crypto Tools and Applications Emiliano De Cristofaro

Privacy-preserving Information Sharing: Crypto Tools and Applications Emiliano De Cristofaro University College London (UCL) https://emilianodc.com Privacy-preserving what ? Parties with limited mutual trust willing or required to share

1.1k views • 66 slides
Preserving Privacy at IXPs + Xiaohe Hu * Arpit Gupta , Nick Feamster , Aurojit Panda , Scott

Preserving Privacy at IXPs + Xiaohe Hu * Arpit Gupta , Nick Feamster , Aurojit Panda , Scott

Preserving Privacy at IXPs + Xiaohe Hu * Arpit Gupta , Nick Feamster , Aurojit Panda , Scott Shenker + * Internet Exchange Points Global Transit / Hyper Giants National Large Content, Consumer, Hosting CDN

729 views • 20 slides
So Far ... AUTHENTICATED ENCRYPTION We have looked at methods to provide privacy and authenticity

So Far ... AUTHENTICATED ENCRYPTION We have looked at methods to provide privacy and authenticity

So Far ... AUTHENTICATED ENCRYPTION We have looked at methods to provide privacy and authenticity separately: Goal Primitive Security notion Data privacy symmetric encryption IND-CPA Data authenticity MAC UF-CMA Mihir Bellare UCSD 1

105 views • 9 slides
New Directions in Privacy- preserving Machine Learning Kamalika Chaudhuri University of

New Directions in Privacy- preserving Machine Learning Kamalika Chaudhuri University of

New Directions in Privacy- preserving Machine Learning Kamalika Chaudhuri University of California, San Diego Sensitive Data Medical Records Genetic Data Search Logs AOL Violates Privacy AOL Violates Privacy Netflix Violates Privacy [NS08]

957 views • 92 slides
Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute Hung Dang, Anh

Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute Hung Dang, Anh

Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute Hung Dang, Anh Dinh, Ee-Chien Chang, Beng Chin Ooi School of Computing National University of Singapore PETS 2017 Privacy-Preserving Computation with Trusted

477 views • 34 slides
CS 4803 Computer and Network Security Alexandra (Sasha) Boldyreva Authenticated key exchange 1

CS 4803 Computer and Network Security Alexandra (Sasha) Boldyreva Authenticated key exchange 1

Diffie-Hellman key exchange Secure against passive eavesdropping but insecure against a man-in-the-middle attack CS 4803 Computer and Network Security Alexandra (Sasha) Boldyreva Authenticated key exchange 1 2 Adding key

492 views • 5 slides
Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No

Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No

Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No privacy breaches! Public Data Anonymization Data representation? Privacy breach? Value of data? Data publisher Privacy Analyst Work by: Elena

80 views • 3 slides
Authenticated Key Exchange from Ring Learning with Errors Jiang Zhang Zhenfeng Zhang Jintai

Authenticated Key Exchange from Ring Learning with Errors Jiang Zhang Zhenfeng Zhang Jintai

Learning with Errors Classic Key Exchange Lattice-based Key Exchange Authenticated Key Exchange from Ring Learning with Errors Jiang Zhang Zhenfeng Zhang Jintai Ding Michael Snook zgr Dagdelen DIMACS Workshop on the Mathematics of

339 views • 33 slides
AUTHENTICATED ENCRYPTION 1 / 1 So Far ... We have looked at methods to provide privacy and

AUTHENTICATED ENCRYPTION 1 / 1 So Far ... We have looked at methods to provide privacy and

AUTHENTICATED ENCRYPTION 1 / 1 So Far ... We have looked at methods to provide privacy and integrity/authenticity separately: Goal Primitive Security notions Data privacy symmetric encryption IND-CPA, IND-CCA Data integrity/authenticity

922 views • 73 slides
Collaborative Privacy Preserving Data Mining in Vertically Partitioned Databases Ehud Gudes

Collaborative Privacy Preserving Data Mining in Vertically Partitioned Databases Ehud Gudes

Collaborative Privacy Preserving Data Mining in Vertically Partitioned Databases Ehud Gudes Ben-Gurion University, Israel This talk presents joint work with Boris Rozenberg Talk Outline Motivation for Privacy-Preserving Distributed Data

1.48k views • 68 slides
Privacy preserving data mining randomized response and association rule hiding Li Xiong

Privacy preserving data mining randomized response and association rule hiding Li Xiong

Privacy preserving data mining randomized response and association rule hiding Li Xiong CS573 Data Privacy and Anonymity Partial slides credit: W. Du, Syracuse University, Y. Gao, Peking University Privacy Preserving Data Mining

659 views • 39 slides
Privacy-preserving Biometrics in practice: diffjcult to sell Carmela Troncoso (Gradiant) My

Privacy-preserving Biometrics in practice: diffjcult to sell Carmela Troncoso (Gradiant) My

Privacy-preserving Biometrics in practice: diffjcult to sell Carmela Troncoso (Gradiant) My experience with biometrics and privacy Academic background on privacy Gradiants goal: transfer of knowledge to industry We bring state of

193 views • 6 slides
Network Privacy Mostly issues of preserving privacy of data flowing through network Start

Network Privacy Mostly issues of preserving privacy of data flowing through network Start

Network Privacy Mostly issues of preserving privacy of data flowing through network Start with encryption With good encryption, data values not readable So whats the problem? Lecture 17 Page 1 CS 236 Online Traffic Analysis

532 views • 21 slides
On the Theory and Practice of Privacy-Preserving Bayesian Data Analysis James Foulds,* Joseph

On the Theory and Practice of Privacy-Preserving Bayesian Data Analysis James Foulds,* Joseph

On the Theory and Practice of Privacy-Preserving Bayesian Data Analysis James Foulds,* Joseph Geumlek,* Max Welling, + Kamalika Chaudhuri* + University of Amsterdam *University of California, San Diego Overview Bayesian Privacy-preserving

878 views • 75 slides
Efficient UC-Secure Authenticated Key-Exchange for Algebraic Languages PKC 2013 , Fabrice Ben

Efficient UC-Secure Authenticated Key-Exchange for Algebraic Languages PKC 2013 , Fabrice Ben

Efficient UC-Secure Authenticated Key-Exchange for Algebraic Languages PKC 2013 , Fabrice Ben Hamouda Olivier Blazy Cline Chevalier David Pointcheval Damien Vergnaud Horst Grtz Institute for IT Security / Ruhr-University Bochum ENS /

914 views • 45 slides
Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security

Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security

Motivation Two-Cloud Setting PP k NN Classification Conclusion and Future Research Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security Yousef M. Elmehdwi Department of Mathematics and Computer

919 views • 19 slides
DIMACS/PORTIA Workshop on Privacy Preserving Data Mining Data Mining & Information Privacy:

DIMACS/PORTIA Workshop on Privacy Preserving Data Mining Data Mining & Information Privacy:

DIMACS/PORTIA Workshop on Privacy Preserving Data Mining Data Mining & Information Privacy: New Problems and the Search for Solutions March 15 th , 2004 Tal Zarsky The Information Society Project, Yale Law School Introduction: Various

273 views • 25 slides
Privacy-Preserving DNS Analysis of Broadcast, Range Queries and Mixes Hannes Federrath,

Privacy-Preserving DNS Analysis of Broadcast, Range Queries and Mixes Hannes Federrath,

Privacy-Preserving DNS Analysis of Broadcast, Range Queries and Mixes Hannes Federrath, Karl-Peter Fuchs, Dominik Herrmann , Christopher Piosecny University of Hamburg (Germany) 1 Agenda Missing Privacy in DNS Characteristics of DNS Traffic

559 views • 24 slides

More recommend