Universally Composable Authentication and Key-exchange with Global PKI Ran Canetti (TAU and BU) Daniel Shahaf (TAU) Margarita Vald(TAU) PKC2016 Taipei,

Slides:



Advertisements
Similar presentations
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Advertisements

SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Key Exchange Using Passwords and Long Keys Vladimir Kolesnikov Charles Rackoff Comp. Sci. University of Toronto.
Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.
 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,
Symmetric Key Infrastructure Karel Masarik, Daniel Cvrcek Faculty of Information Technology Brno University of Technology
Modeling Insider Attacks on Group Key Exchange Protocols Jonathan Katz Ji Sun Shin University of Maryland.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
CMSC 456 Introduction to Cryptography
... Jesús Almansa and Marco Carbone 4th April 2002 { jfa,
Proactive Secure Mobile Digital Signatures Work in progress. Ivan Damgård and Gert Læssøe Mikkelsen University of Aarhus.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.
Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Universally Composable Symbolic Analysis of Key-Exchange Protocols Jonathan Herzog (Joint work with Ran Canetti) 21 September 2004 The author's affiliation.
Universally Composable Symbolic Analysis of Security Protocols Jonathan Herzog (Joint work with Ran Canetti) 7 June 2004 The author's affiliation with.
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
Network Security Chapter Computer Networks, Fifth Edition by Andrew Tanenbaum and David Wetherall, © Pearson Education-Prentice Hall, 2011.
1 Cross-Domain Secure Computation Chongwon Cho (HRL Laboratories) Sanjam Garg (IBM T.J. Watson) Rafail Ostrovsky (UCLA)
Computer Science Public Key Management Lecture 5.
Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)
Adaptively Secure Broadcast, Revisited
Chapter 5 Digital Signatures MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
Network Security – Part 2 (Continued) Lecture Notes for May 8, 2006 V.T. Raja, Ph.D., Oregon State University.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Module 9: Fundamentals of Securing Network Communication.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.
Cryptography and Network Security (CS435) Part Eight (Key Management)
Compliance Defects in Public- key Cryptography “ A public-key security system trusts its users to validate each others’s public keys rigorously and to.
NDSU Lunchbytes "Are They Really Who They Say They Are?" Digital or Electronic Signature Information Rick Johnson, Theresa Semmens, Lorna Olsen April 24,
Password Mistyping in Two-Factor Authenticated Key Exchange Vladimir KolesnikovCharles Rackoff Bell LabsU. Toronto ICALP 2008.
KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT DIFFIE-HELLMAN KEY.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Security, Accounting, and Assurance Mahdi N. Bojnordi 2004
Game-based composition for key exchange Cristina Brzuska, Marc Fischlin (University of Darmstadt) Nigel Smart, Bogdan Warinschi, Steve Williams (University.
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.
Network Protocols Network Systems Security Mort Anvari.
Computer and Network Security - Message Digests, Kerberos, PKI –
Feasibility and Completeness of Cryptographic Tasks in the Quantum World Hong-Sheng Zhou (U. Maryland) Joint work with Jonathan Katz (U. Maryland) Fang.
Module 7 – SET SET predecessors iKP, STT, SEPP. iKP Developed by IBM Three parties are involved - Customer, Merchant, and Acquirer Uses public key cryptography,
Key Management Network Systems Security Mort Anvari.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
Chapt. 10 – Key Management Dr. Wayne Summers Department of Computer Science Columbus State University
Fall 2006CS 395: Computer Security1 Key Management.
1 Chapter 3-3 Key Distribution. 2 Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution.
@Yuan Xue CS 285 Network Security Key Distribution and Management Yuan Xue Fall 2012.
Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007.
Information Security message M one-way hash fingerprint f = H(M)
TCC 2016-B Composable Security in the Tamper-Proof Hardware Model under Minimal Complexity Carmit Hazay Bar-Ilan University, Israel Antigoni Ourania.
Information Security message M one-way hash fingerprint f = H(M)
Information Security message M one-way hash fingerprint f = H(M)
Information Security message M one-way hash fingerprint f = H(M)
Presentation transcript:

Universally Composable Authentication and Key-exchange with Global PKI Ran Canetti (TAU and BU) Daniel Shahaf (TAU) Margarita Vald(TAU) PKC2016 Taipei, Taiwan

Goal: Analyze security of protocols in use. Need: Realistic security model Rigorous security definition Security proofs for systems in use

Modular Security Analysis 1.Split the system into smaller components 2.Separately analyze security of each component 3.Need secure composition to argue security of the system Advantages: Essential for analysis due to protocols complexity Security guarantee holds for any environment

Focus: security of key-exchange and authentication Our result: Modular analysis of commonly deployed key-exchange and authentication protocols.

Authentication Authentication can be based on: Pre-shared key Shared password Biometrics Public-key [Diffie-Hellman76] Authentication binds message to some long-term entity If R receives a message from S then S actually sent the message to R

Public-key Authentication Public-key infrastructure Commonly used: Chip-and-pin debit cards, authentication, TLS…

Analysis of Public-key Authentication Game based: [Canetti-Krawczyk01, Brzuska-Fischlin-Smart-Warinschi-Williams13] Limited composition Simulation based: Universal Composability and Abstract Cryptography [Canetti-Krawczyk02, Canetti04, Maurer-Tackmann-Coretti13, Kohlweiss-Maurer-Onete-Tackmann-Venturi14] Win/Lose Easy and natural definition Ideal auth. General composition

Model vs. Reality Discrepancy fresh key per session accessible only by the session participants Same key for all sessions globally accessible PKI Is this an issue?Yes! Observation: Analysis treats the PKI as local to the protocol In reality Long-lived PKI Joint State Universal Composability

Guarantees: Authentication Example: Transferability IDEAL Authentication Guarantees: Authentication Non-transferable How to overcome this gap? Public-key infrastructure Transferable! Non-transferable

Approach #1 Find new protocols : [Dodis-Katz-Smith-Walfish09] Realize non-transferable authentication with globally available setup Additional cost: assumptions, communication, rounds Is it insecure as a plain authentication protocol?

Framework for analysis of authentication and KE with globally accessible PKI This Work Avoid extra properties in definition of authentication: Analyze the existing protocols

Secure UC Authentication Certificate authority IDEAL Authentication Certificate authority GUC Eliminates non- transferability Still provides authentication

Secure GUC Authentication REAL*IDEAL Authentication Certificate authority REAL Public-key infrastructure New composition theorem

Conclusion Framework for analysis of authentication and key-exchange Realistic modeling of protocol execution Allows modular analysis Future directions: Analyze other authentication and KE protocols with globally available PKI e.g. PKI modes of TLS Realistic modeling of other tasks e.g. secure channels

Model PKI-based Ideal Authentication Authentication functionality coupled with certificate authority Signs authenticated messages allows anyone to see the signature and verify its validity Certificate authority Still provides authentication Eliminates non-transferability

Secure UC Authentication Certificate authority REAL IDEAL Certificate authority GUC Env Adv Sim

Further Refined Modeling Two layers of global availability: Cross parties globality: The PKI is available to all parties in all sessions Cross sessions globality: The signing module is per party; shared among all of its session Public-key infrastructure

Model PKI-based Ideal Authentication Authentication functionality coupled with certificate authority Signs authenticated messages allows anyone to see the signature and verify its validity Certificate authority Still provides authentication Eliminates non-transferability Sim

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.