the multi user security of
play

The Multi-User Security of Double Encryption Viet Tung Hoang - PowerPoint PPT Presentation

Feb 23, 2024 •733 likes •1.25k views

The Multi-User Security of Double Encryption Viet Tung Hoang Stefano Tessaro Florida State University UC Santa Barbara EUROCRYPT 2017 May 3, 2017 1 Double Encryption Single Encryption: trivial E J key-recovery in O(2 k ) time. Double

  1. The Multi-User Security of Double Encryption Viet Tung Hoang Stefano Tessaro Florida State University UC Santa Barbara EUROCRYPT 2017 May 3, 2017 1

  2. Double Encryption Single Encryption: trivial E J key-recovery in O(2 k ) time. Double Encryption: use meet-in-the-middle attack to E J 1 E J 2 recover keys in O(2 k ) time. 2

  3. Double Encryption Single Encryption: trivial E J key-recovery in O(2 k ) time. Double Encryption: use meet-in-the-middle attack to E J 1 E J 2 recover keys in O(2 k ) time. Conventional wisdom : Double Encryption adds no security 3

  4. Double Encryption Single Encryption: trivial E J key-recovery in O(2 k ) time. Double Encryption: use meet-in-the-middle attack to E J 1 E J 2 recover keys in O(2 k ) time. Conventional wisdom : Double Encryption adds no security Today : Double Encryption adds some security, if we look at a broader angle 4

  5. Conventional Security Definition $ $ Procedure Enc( x ) Procedure Enc( x ) $ Return Return Procedure Dec( x ) Procedure Dec( x ) Return Return Enc A Dec 5

  6. Conventional Security Definition $ $ Procedure Enc( x ) Procedure Enc( x ) $ Return Return Procedure Dec( x ) Procedure Dec( x ) Return Return Enc A Dec 6

  7. Multi-user (mu) Security - The conventional notion consider just single-user (su) security -In practice, adversary attacks multiple users, adaptively distributing its resources $ $ Procedure Enc( x , i ) Procedure Enc( x , i ) Return Return Procedure Dec( x , i ) Procedure Dec( x , i ) Return Return 7

  8. Multi-user (mu) Security - The conventional notion consider just single-user (su) security -In practice, adversary attacks multiple users, adaptively distributing its resources $ $ Procedure Enc( x , i ) Procedure Enc( x , i ) Return Return Procedure Dec( x , i ) Procedure Dec( x , i ) Return Return -Mu security can be implicitly obtained via hybrid arguments : 8

  9. Double Encryption Improves Mu Security Claim : Double Encryption improves mu security 9

  10. Double Encryption Improves Mu Security Claim : Double Encryption improves mu security -AES has only 64-bit security in mu setting due to key-collision attack. [Biham 02] Choose random keys A User # q User #1 User #2 Check for matching entries between two tables to recover some user’s key 10

  11. Double Encryption Improves Mu Security Claim : Double Encryption improves mu security -AES has only 64-bit security in mu setting due to key-collision attack. [Biham 02] Choose random keys A User # q User #1 User #2 Check for matching entries between two tables to recover some user’s key - Today : Mu security of DE(AES) ≈ Su security of AES 128-bit security 11

  12. History of Mu Analyses on SE/DE Adv vanishes k : key length, n : block length, q : # queries when q ≈ Construction Advantage Security level SE: matching attack of hybrid argument by [Biham 02] DE: hybrid argument on [ABDV98] bound DE: dream bound 12

  13. Goals and Results -Give a generic technique for bounding information-theoretic mu security. + Our method can handle any indistinguishability games (PRF, AE, blockcipher), and any ideal primitive (random oracle, ideal cipher, ideal permutation). 13

  14. Goals and Results -Give a generic technique for bounding information-theoretic mu security. + Our method can handle any indistinguishability games (PRF, AE, blockcipher), and any ideal primitive (random oracle, ideal cipher, ideal permutation). -Showcase the method via Double Encryption Advantage Security level if 14

  15. Results Visualization of the mu and su bounds of Single Encryption (SE) and Double Encryption (DE) on AES parameters Adv log 2 (#queries) Mu security of SE ( tight ) Mu security of DE (naïve analysis) Mu security of DE ( our result ) Su security of DE Su security of DE 15

  16. The Technique: Almost Proximity Almost proximity: very general, but can be overly complex in some setting 16

  17. The Technique: Almost Proximity Almost proximity: very general, but can be overly complex in some setting Simplified generic treatment : can handle many settings such as GCM, but not Double Encryption 17

  18. The Technique: Almost Proximity Almost proximity: very general, but can be overly complex in some setting A treatment for blockcipher: Simplified generic treatment : tailored to DE can handle many settings such as GCM, but not Double Encryption 18

  19. The Technique: Almost Proximity Almost proximity: very general, but can be overly complex in some setting A treatment for blockcipher: Simplified generic treatment : tailored to DE can handle many settings such as GCM, but not Double Encryption Generalize the pointwise proximity technique of [Hoang, Tessaro 2016] 19

  20. Simplified Almost Proximity - Bound the distinguishing advantage of two randomized systems S 0 and S 1 $ Cost metrics: q : # of construction queries S 0 S 1 p : # of primitive queries A : data complexity, e.g. the total length of queries X may encode (+, x ) or (-, y ), and Z may encode (+, K , z ) or (-, K , z ) Assume that q queries of data complexity invoke primitive queries 20

  21. Simplified Almost Proximity Transcript of the interaction S 0 S 1 A Probability that S i behaves according to Classify mu transcripts Classify su transcripts to A mu transcript is nice if for to “nice” and “not nice” “good” and “bad” any user, the induced su transcript is good Restriction : Involves only queries 21

  22. Simplified Almost Proximity - Classify mu transcripts by “nice” and “not nice” Random variable for transcript in S 0 Bound Mu analysis, but for the “ideal” system S 0 22

  23. Simplified Almost Proximity - Classify mu transcripts by “nice” and “not nice” Random variable for transcript in S 0 Bound Mu analysis, but for the “ideal” system S 0 23

  24. Simplified Almost Proximity - Classify mu transcripts by “nice” and “not nice” Random variable for transcript in S 0 Bound Mu analysis, but for the “ideal” system S 0 1 + Area + Area Area Area 24

  25. Giving Bound on Nice Mu Transcripts induced su transcripts are good Area + Area Goal : bound by analyses on su good transcripts Area 25

  26. Giving Bound on Nice Mu Transcripts induced su transcripts are good Area + Area Goal : bound by analyses on su good transcripts Area How : Establish a bound on any good su transcript of parameters Used in H-coefficient technique [Patarin 08] to establish su bound super-additive 26

  27. Giving Bound on Nice Mu Transcripts induced su transcripts are good Area + Area Goal : bound by analyses on su good transcripts Area How : Establish a bound on any good su transcript of parameters Used in H-coefficient technique [Patarin 08] to establish su bound super-additive Super-additivity : Example: is super-additive is not super-additive 27

  28. Simplified Almost Proximity: From Su to Mu Security Non-adaptive q 1 queries of A data complexity User 4 User 3 User 2 User 1 Totally, queries of data complexity and p queries Suppose that for any su adversary B of parameters Hybrid argument : 28

  29. Simplified Almost Proximity: From Su to Mu Security Non-adaptive q 1 queries of A data complexity User 4 User 3 User 2 User 1 Totally, queries of data complexity and p queries Accounting Suppose that for any su adversary B of parameters for simulated queries Hybrid argument : 29

  30. Simplified Almost Proximity: From Su to Mu Security Non-adaptive q 1 queries of A data complexity User 4 User 3 User 2 User 1 Totally, queries of data complexity and p queries Accounting Suppose that for any su adversary B of parameters for simulated queries Hybrid argument : Super-additivity 30

  31. Simplified Almost Proximity: From Su to Mu Security Main problem in mu security : Adversary can adaptively distribute the resources across multiple users 31

  32. Simplified Almost Proximity: From Su to Mu Security Main problem in mu security : Adversary can adaptively distribute the resources across multiple users To avoid adaptivity, do hybrid argument at the transcript level 32

  33. Simplified Almost Proximity: From Su to Mu Security Main problem in mu security : Adversary can adaptively distribute the resources across multiple users To avoid adaptivity, do hybrid argument at the transcript level 1 good su transcript + Area Area 33

  34. Simplified Almost Proximity: From Su to Mu Security Main problem in mu security : Adversary can adaptively distribute the resources across multiple users To avoid adaptivity, do hybrid argument at the transcript level 1 good su transcript + Area Area Area + 34

  35. Technique for mu-CCA Security of Blockcipher E Blockcipher $ Ideal cipher S 0 S 1 A call to makes t calls to A Accounting A ’s resources via p and q only Goal : Do only su analyses, but achieve mu results 35

  36. Technique for mu-CCA Security of Blockcipher E Blockcipher $ Ideal cipher S 0 S 1 A call to makes t calls to A Accounting A ’s resources via p and q only Goal : Do only su analyses, but achieve mu results Classify su transcripts into “good” and “bad” No restriction 36

Recommend

On the Multi-User Security of Short Schnorr Signatures Jeremiah Blocki and Seunghoon Lee

On the Multi-User Security of Short Schnorr Signatures Jeremiah Blocki and Seunghoon Lee

On the Multi-User Security of Short Schnorr Signatures Jeremiah Blocki and Seunghoon Lee Department of Computer Science, Purdue University October 10, 2019 Jeremiah Blocki and Seunghoon Lee On the Multi-User Security of Short Schnorr Signatures

1.23k views • 86 slides
MULTIMEDIA & MULTI-USER VR Simon Gunkel INTRO 2 | Multimedia & multi-user VR 11

MULTIMEDIA & MULTI-USER VR Simon Gunkel INTRO 2 | Multimedia & multi-user VR 11

MULTIMEDIA & MULTI-USER VR Simon Gunkel INTRO 2 | Multimedia & multi-user VR 11 October 2016 PEOPLE How to engage people while letting them interact in 360/3d space? How to position people? Interaction with environment and media

251 views • 6 slides
Revisiting Key-alternating Feistel Ciphers for Shorter Keys and Multi-user Security Chun Guo and

Revisiting Key-alternating Feistel Ciphers for Shorter Keys and Multi-user Security Chun Guo and

Revisiting Key-alternating Feistel Ciphers for Shorter Keys and Multi-user Security Chun Guo and Lei Wang ICTEAM/ELEN/Crypto Group, Universit e catholique de Louvain Shanghai Jiao Tong University Presented by Yaobin Shen, Shanghai Jiao Tong

653 views • 36 slides
Multi-objective, Multi-user Approach to Reservoir Optimization Damon Pellicori and Shane Mosier

Multi-objective, Multi-user Approach to Reservoir Optimization Damon Pellicori and Shane Mosier

BPAs HERMES Project: a Multi-objective, Multi-user Approach to Reservoir Optimization Damon Pellicori and Shane Mosier BPA RiverWare User Group Meeting Boulder, Colorado August 23-24, 2016 Presentation Outline Overview of Federal

476 views • 25 slides
Lecture 8 Multi-User MIMO I-Hsiang Wang ihwang@ntu.edu.tw 5/27, 2014

Lecture 8 Multi-User MIMO I-Hsiang Wang ihwang@ntu.edu.tw 5/27, 2014

Lecture 8 Multi-User MIMO I-Hsiang Wang ihwang@ntu.edu.tw 5/27, 2014 Multi-User MIMO System So far we discussed how multiple antennas increase the capacity and reliability in point-to-point channels Question:

673 views • 42 slides
Lecture 8 Multi-User MIMO I-Hsiang Wang ihwang@ntu.edu.tw 5/27, 2014

Lecture 8 Multi-User MIMO I-Hsiang Wang ihwang@ntu.edu.tw 5/27, 2014

Lecture 8 Multi-User MIMO I-Hsiang Wang ihwang@ntu.edu.tw 5/27, 2014 Multi-User MIMO System So far we discussed how multiple antennas increase the capacity and reliability in point-to-point channels Question:

536 views • 25 slides
Software Security Explorative Lecture A brief history of security problems attacks on

Software Security Explorative Lecture A brief history of security problems attacks on

1/30/2020 Software Security Explorative Lecture A brief history of security problems attacks on multi-user UNIX systems for fun viruses & worms attacking operating systems due to buffer overflow, format string attacks, integer

477 views • 37 slides
fly : Untethered Multi-user VR for Commodity Mobile Devices Xing Liu, Christina Vlachou, Feng

fly : Untethered Multi-user VR for Commodity Mobile Devices Xing Liu, Christina Vlachou, Feng

Fi Firefl fly : Untethered Multi-user VR for Commodity Mobile Devices Xing Liu, Christina Vlachou, Feng Qian, Chendong Wang, Kyu-Han Kim Motivation Performance User User scalability mobility Deployment Cost State-of-the-art

384 views • 27 slides
Informationally Efficient Multi user communication Yi Su Advisor: Professor Mihaela van der

Informationally Efficient Multi user communication Yi Su Advisor: Professor Mihaela van der

Informationally Efficient Multi user communication Yi Su Advisor: Professor Mihaela van der Schaar Electrical Engineering, UCLA 1 Outline Motivation and existing approaches Informationally efficient multi user communication

1.39k views • 111 slides
Chapter 9: Security Security The security environment Basics of cryptography User

Chapter 9: Security Security The security environment Basics of cryptography User

Chapter 9: Security Security The security environment Basics of cryptography User authentication Attacks from inside the system Attacks from outside the system Protection mechanisms Trusted systems Chapter 9: Security

801 views • 65 slides
Security requirements Term Secuirty requirement A need or restriction from a user, a

Security requirements Term Secuirty requirement A need or restriction from a user, a

Security requirements Term Secuirty requirement A need or restriction from a user, a stakeholder or the environment related to the goal to improve the system security. Holistic security requirement engineering, Computers & Security

216 views • 17 slides
Users and security Authentication Making sure a user is who they say they are ...on

Users and security Authentication Making sure a user is who they say they are ...on

Users and security Authentication Making sure a user is who they say they are ...on every request! Authorization Making sure a user can only get to information they are supposed to see Making sure a user can only perform

801 views • 30 slides
Security Overview Different aspects of security User authentication Protection mechanisms

Security Overview Different aspects of security User authentication Protection mechanisms

CS399 New Beginnings Jonathan Walpole Security Overview Different aspects of security User authentication Protection mechanisms Attacks: - trojan horses, spoofing, logic bombs, trap doors, buffer overflow attacks, viruses, worms, mobile

825 views • 59 slides
User Input Attacks CPSC 328 Spring 2009 Review Abstract lower level security Provide

User Input Attacks CPSC 328 Spring 2009 Review Abstract lower level security Provide

User Input Attacks CPSC 328 Spring 2009 Review Abstract lower level security Provide end-to-end security User security info to server WS Security XML Encryption XML Signature Tokens

221 views • 6 slides
YURY CHEMERKIN I have 10+ years of experience in information security. Im a multi-skilled

YURY CHEMERKIN I have 10+ years of experience in information security. Im a multi-skilled

S TILL S ECURE . W E E MPOWER W HAT W E H ARDEN B ECAUSE W E C AN C ONCEAL YURY CHEMERKIN MULTI-SKILLED SECURITY EXPERT CJSC ADVANCED MONITORING YURY CHEMERKIN I have 10+ years of experience in information security. Im a multi-skilled

1.43k views • 76 slides
Mindstorm - Specialised in multi-user experiences Global Installations MINDSTORM SPECIALISED IN

Mindstorm - Specialised in multi-user experiences Global Installations MINDSTORM SPECIALISED IN

Mindstorm Introduction Mindstorm - Specialised in multi-user experiences Global Installations MINDSTORM SPECIALISED IN MULTI-USER LEISURE EXPERIENCES Mindstorm application focus Mindstorm is focused on high-end leisure applications that

623 views • 47 slides
User Security Chapter 30 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide

User Security Chapter 30 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide

User Security Chapter 30 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 30-1 Outline Policy Access Files, devices Processes Electronic communications Computer Security: Art and Science , 2 nd Edition

945 views • 62 slides
On the Usability and Security of Password-Based User Authentication Maximilian Golla Thesis

On the Usability and Security of Password-Based User Authentication Maximilian Golla Thesis

On the Usability and Security of Password-Based User Authentication Maximilian Golla Thesis Defense, Bochum, Germany, May 29, 2019 User Authentication Competing requirements of security and usability . [1] Common Factors: Knowledge ( Password ,

619 views • 34 slides
Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds Marc Lacoste

Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds Marc Lacoste

Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds Marc Lacoste Orange Labs SEC2 ComPAS15 Workshop on Cloud Security Lille, June 30, 2015 Cloud Security Today Security = key concern in cloud adoption for the

2.73k views • 33 slides
Security and Privacy at Scale Geetanjali Sampemane geta@google.com Cloud All your stuff is

Security and Privacy at Scale Geetanjali Sampemane geta@google.com Cloud All your stuff is

Security and Privacy at Scale Geetanjali Sampemane geta@google.com Cloud All your stuff is online All your stuff The cloud, aka "online" You Cloud v0? Shared multi-user computing: Multics, Unix, VMS, ... Online user

463 views • 22 slides
Singapore Standard for Multi-Tiered Cloud Security - SS 584:2013 1. To provide an overview of

Singapore Standard for Multi-Tiered Cloud Security - SS 584:2013 1. To provide an overview of

Agenda Singapore Standard for Multi-Tiered Cloud Security - SS 584:2013 1. To provide an overview of Multi-Tier Cloud Security (MTCS SS584:2013) standard 2. To detail the deployment considerations and related initiatives Wong Onn Chee, Cloud

352 views • 6 slides
Outline A taxonomy of CR security threats Primary user emulation attacks Cognitive Radio

Outline A taxonomy of CR security threats Primary user emulation attacks Cognitive Radio

10/25/19 Outline A taxonomy of CR security threats Primary user emulation attacks Cognitive Radio Network Security Byzantine failures in distributed spectrum sensing Security vulnerabilities in IEEE 802.22 Yao Zheng 1 2

383 views • 7 slides
Browser Security Part 2 Recap XSS 3 different types Common aim/theme Steal user

Browser Security Part 2 Recap XSS 3 different types Common aim/theme Steal user

Browser Security Part 2 Recap XSS 3 different types Common aim/theme Steal user credentials (session ID, cookies, etc.) CSRF Cross-Site Request Forgery is an attack that forces an end user to execute unwanted actions on a

428 views • 23 slides
Who am I? Valentinas Bakaitis Security consultant at Aura Information Security

Who am I? Valentinas Bakaitis Security consultant at Aura Information Security

Who am I? Valentinas Bakaitis Security consultant at Aura Information Security @vbakaitis on twitter What is XSS? User Supplied Text: <script>alert(xss);</ script> Image with user supplied title <img

435 views • 18 slides

More recommend