Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.

Similar presentations


Presentation on theme: "Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel."— Presentation transcript:

1 Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel Wincor Nixdorf International

2 Unattended systems 2 An unattended systems (USys) is an IT-based system that runs (mostly) autonomously. Examples  control systems  self service terminals  automated teller machines (ATM) A Usys consists of components that communicate via standard protocols, e.g. USB.

3 Communication in ATMs 3 card reader EPP encrypted pin pad cash dispenser

4 Unattended systems 4  Large numbers of Usys form networks, e.g. ATM networks.  Remote monitoring is possible, e.g. updating software.  Permanent technical maintenance has to be avoided.  Human interaction only in exceptional circumstances.

5 Security threats 5 Component substitution attacks  prepare malicious substitute component  exchange component by substitute  activate malicious mechanisms to execute unauthorized actions Message manipulation attacks  get access to communication links  manipulate and induce messages  execute unauthorized actions

6 Requirements 6 Component authenticity USys consists of authentic components. Data origin authenticity communication between components is authenticated Local verifiability detection and reaction to security breaches relies on internal components only No single point of failure failure of individual components can be tolerated Efficiency

7 Two step approach 7 1.Each component verifies the authenticity of every other component within the same Usys. 2.After successfully verifying the authenticity of another component an authenticated (and confidential) communication channel is established between components.

8 Outline 8 … ATM protocol key exchange/ agreement encryption scheme hash functions signatures identification protocol identity based cryptography … pairingselliptic curves block ciphers arithmetic in finite fields … Everything implemented on security token, e.g. smart card!

9 Public key cryptography 9 Certification Authority (CA)

10 Certificates and certification authorities 10  require significant organizational and technical overhead  require complex data management  their complexity can become a threat to security

11 Public key vs. identity-based encryption 11  PKE requires special pairs of keys, not all bit strings can be public keys  in IBE every bit string or identity can be a public key  identities can already be certified, e.g. passport numbers  may simplify necessary infrastructure  IBE introduced in 1984 by A. Shamir  first fully functional realization in 2001 by Boneh, Franklin  everything that can be realized with public key crypto can also be realized with identity based crypto

12 Identity-based enryption 12 Private Key Generator

13 Identity-based enryption 13

14 Identity based encryption 14 Private Key Generator

15 Identities and personalization 15 Identities can be  addresses  passport numbers  serial numbers In many cases these are personalized by processes outside security mechanisms!

16 Identities and personalization in USys 16  USys personalized with unique identity id during production  private key belonging to id is generated with PKG of identity based crypto system  remove additional personalization step for public key from classical public key crypto systems

17 IBC security – requirements 17  adversaries known complete specifications of encryption schemes (Kerckhoff’s principle)  adversaries should learn nothing about plaintexts from ciphertexts  adversary should not be able to forge signatures  adversary may know many plaintext/ciphertext pairs and message/signature pairs  adversary may know private keys to many identities  corrupting one Usys does not compromise the whole network Challenge Exponentially (in n) many private keys depend on master secret msk of polynomial (in n) length.

18 From signatures to identification 18 … ATM protocol key exchange/ agreement encryption scheme hash functions signatures identification protocol identity based cryptography … pairingselliptic curves block ciphers arithmetic in finite fields … Everything implemented on security token, e.g. smart card!

19 IBC based protocols 19  can use standard identification protocols based on public key crypto techniques  replace public key techniques by identity based crypto techniques AB r c challenge response

20 IBC on smart cards 20  everything needed to be implemented on smart cards  modern smart card offer no specific support for IBC  they support elliptic curve cryptography  implemented identity based encryption, signature and identification protocols  security level comparable to RSA with key length 1024  generating and verifying signatures takes few hundred milliseconds  IBC requires one additional primitive, i.e. bilinear pairings  Weil pairing  Tate pairing

21 Pairings 21 Needs to satisfy cryptographic / complexity theoretic hardness assumptions!

22 Lessons learned 22  complete system implemented for ATMs  initial effort high  but it pays off complexity of backend reduced, no CA security processes easier to handle, e.g. maintenance ratio between security and efficiency better


Download ppt "Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel."

Similar presentations


Ads by Google