Presentation is loading. Please wait.

Presentation is loading. Please wait.

Universally Composable Authentication and Key-exchange with Global PKI Ran Canetti (TAU and BU) Daniel Shahaf (TAU) Margarita Vald(TAU) PKC2016 Taipei,

Published byMagnus Lester Ray Modified over 7 years ago

Similar presentations

Presentation on theme: "Universally Composable Authentication and Key-exchange with Global PKI Ran Canetti (TAU and BU) Daniel Shahaf (TAU) Margarita Vald(TAU) PKC2016 Taipei,"— Presentation transcript:

1 Universally Composable Authentication and Key-exchange with Global PKI Ran Canetti (TAU and BU) Daniel Shahaf (TAU) Margarita Vald(TAU) PKC2016 Taipei, Taiwan

2 Goal: Analyze security of protocols in use. Need: Realistic security model Rigorous security definition Security proofs for systems in use

3 Modular Security Analysis 1.Split the system into smaller components 2.Separately analyze security of each component 3.Need secure composition to argue security of the system Advantages: Essential for analysis due to protocols complexity Security guarantee holds for any environment

4 Focus: security of key-exchange and authentication Our result: Modular analysis of commonly deployed key-exchange and authentication protocols.

5 Authentication Authentication can be based on: Pre-shared key Shared password Biometrics Public-key [Diffie-Hellman76] Authentication binds message to some long-term entity If R receives a message from S then S actually sent the message to R

6 Public-key Authentication Public-key infrastructure Commonly used: Chip-and-pin debit cards, email authentication, TLS…

7 Analysis of Public-key Authentication Game based: [Canetti-Krawczyk01, Brzuska-Fischlin-Smart-Warinschi-Williams13] Limited composition Simulation based: Universal Composability and Abstract Cryptography [Canetti-Krawczyk02, Canetti04, Maurer-Tackmann-Coretti13, Kohlweiss-Maurer-Onete-Tackmann-Venturi14] Win/Lose Easy and natural definition Ideal auth. General composition

8 Model vs. Reality Discrepancy fresh key per session accessible only by the session participants Same key for all sessions globally accessible PKI Is this an issue?Yes! Observation: Analysis treats the PKI as local to the protocol In reality Long-lived PKI Joint State Universal Composability

9 Guarantees: Authentication Example: Transferability IDEAL Authentication Guarantees: Authentication Non-transferable How to overcome this gap? Public-key infrastructure Transferable! Non-transferable

10 Approach #1 Find new protocols : [Dodis-Katz-Smith-Walfish09] Realize non-transferable authentication with globally available setup Additional cost: assumptions, communication, rounds Is it insecure as a plain authentication protocol?

11 Framework for analysis of authentication and KE with globally accessible PKI This Work Avoid extra properties in definition of authentication: Analyze the existing protocols

12 Secure UC Authentication Certificate authority IDEAL Authentication Certificate authority GUC Eliminates non- transferability Still provides authentication

13 Secure GUC Authentication REAL*IDEAL Authentication Certificate authority REAL Public-key infrastructure New composition theorem

14 Conclusion Framework for analysis of authentication and key-exchange Realistic modeling of protocol execution Allows modular analysis Future directions: Analyze other authentication and KE protocols with globally available PKI e.g. PKI modes of TLS Realistic modeling of other tasks e.g. secure channels

15

16 Model PKI-based Ideal Authentication Authentication functionality coupled with certificate authority Signs authenticated messages allows anyone to see the signature and verify its validity Certificate authority Still provides authentication Eliminates non-transferability

17 Secure UC Authentication Certificate authority REAL IDEAL Certificate authority GUC Env Adv Sim

18 Further Refined Modeling Two layers of global availability: Cross parties globality: The PKI is available to all parties in all sessions Cross sessions globality: The signing module is per party; shared among all of its session Public-key infrastructure

19 Model PKI-based Ideal Authentication Authentication functionality coupled with certificate authority Signs authenticated messages allows anyone to see the signature and verify its validity Certificate authority Still provides authentication Eliminates non-transferability Sim

Download ppt "Universally Composable Authentication and Key-exchange with Global PKI Ran Canetti (TAU and BU) Daniel Shahaf (TAU) Margarita Vald(TAU) PKC2016 Taipei,"

Similar presentations

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.

SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Key Exchange Using Passwords and Long Keys Vladimir Kolesnikov Charles Rackoff Comp. Sci. University of Toronto.

Key Exchange Using Passwords and Long Keys Vladimir Kolesnikov Charles Rackoff Comp. Sci. University of Toronto.
Certificates Last Updated: Aug 29, 2013. A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.

Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.
 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,

 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,
Symmetric Key Infrastructure Karel Masarik, Daniel Cvrcek Faculty of Information Technology Brno University of Technology

Symmetric Key Infrastructure Karel Masarik, Daniel Cvrcek Faculty of Information Technology Brno University of Technology
Modeling Insider Attacks on Group Key Exchange Protocols Jonathan Katz Ji Sun Shin University of Maryland.

Modeling Insider Attacks on Group Key Exchange Protocols Jonathan Katz Ji Sun Shin University of Maryland.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.

Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
CMSC 456 Introduction to Cryptography

CMSC 456 Introduction to Cryptography
... Jesús Almansa and Marco Carbone 4th April 2002 { jfa,

... Jesús Almansa and Marco Carbone 4th April 2002 { jfa,
Proactive Secure Mobile Digital Signatures Work in progress. Ivan Damgård and Gert Læssøe Mikkelsen University of Aarhus.

Proactive Secure Mobile Digital Signatures Work in progress. Ivan Damgård and Gert Læssøe Mikkelsen University of Aarhus.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.

Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.

Similar presentations

Ads by Google