608 research outputs found
Subverting Deniability
Deniable public-key encryption (DPKE) is a cryptographic primitive that allows the sender of an encrypted message to later claim that they sent a different message.
DPKE\u27s threat model assumes powerful adversaries who can coerce users to reveal plaintexts; it is thus reasonable to consider other advanced capabilities, such as the ability to subvert algorithms in a so-called Algorithm Substitution Attack (ASA). An ASA replaces a trusted algorithm with a subverted version that undermines security from the point of view of the adversary while remaining undetected by users. ASAs have been considered against a number of primitives including digital signatures, symmetric encryption and pseudo-random generators. However, public-key encryption has presented a less fruitful target, as the sender\u27s only secrets are plaintexts and ASA techniques generally do not provide sufficient bandwidth to leak these.
In this work, we show that subversion attacks against deniable encryption schemes present an attractive opportunity for an adversary. We note that whilst the notion is widely accepted, there are as yet no practical deniable PKE schemes; we demonstrate the feasibility of ASAs targeting deniable encryption using a representative scheme as a proof of concept. We also provide a formal model and discuss how to mitigate ASAs targeting deniable PKE schemes. Our results strengthen the security model for deniable encryption and highlight the necessity of considering subversion in the design of practical schemes
Revisiting Deniability in Quantum Key Exchange via Covert Communication and Entanglement Distillation
We revisit the notion of deniability in quantum key exchange (QKE), a topic
that remains largely unexplored. In the only work on this subject by Donald
Beaver, it is argued that QKE is not necessarily deniable due to an
eavesdropping attack that limits key equivocation. We provide more insight into
the nature of this attack and how it extends to other constructions such as QKE
obtained from uncloneable encryption. We then adopt the framework for quantum
authenticated key exchange, developed by Mosca et al., and extend it to
introduce the notion of coercer-deniable QKE, formalized in terms of the
indistinguishability of real and fake coercer views. Next, we apply results
from a recent work by Arrazola and Scarani on covert quantum communication to
establish a connection between covert QKE and deniability. We propose DC-QKE, a
simple deniable covert QKE protocol, and prove its deniability via a reduction
to the security of covert QKE. Finally, we consider how entanglement
distillation can be used to enable information-theoretically deniable protocols
for QKE and tasks beyond key exchange.Comment: 16 pages, published in the proceedings of NordSec 201
Deterministic, Stash-Free Write-Only ORAM
Write-Only Oblivious RAM (WoORAM) protocols provide privacy by encrypting the
contents of data and also hiding the pattern of write operations over that
data. WoORAMs provide better privacy than plain encryption and better
performance than more general ORAM schemes (which hide both writing and reading
access patterns), and the write-oblivious setting has been applied to important
applications of cloud storage synchronization and encrypted hidden volumes. In
this paper, we introduce an entirely new technique for Write-Only ORAM, called
DetWoORAM. Unlike previous solutions, DetWoORAM uses a deterministic,
sequential writing pattern without the need for any "stashing" of blocks in
local state when writes fail. Our protocol, while conceptually simple, provides
substantial improvement over prior solutions, both asymptotically and
experimentally. In particular, under typical settings the DetWoORAM writes only
2 blocks (sequentially) to backend memory for each block written to the device,
which is optimal. We have implemented our solution using the BUSE (block device
in user-space) module and tested DetWoORAM against both an encryption only
baseline of dm-crypt and prior, randomized WoORAM solutions, measuring only a
3x-14x slowdown compared to an encryption-only baseline and around 6x-19x
speedup compared to prior work
KeyForge: Mitigating Email Breaches with Forward-Forgeable Signatures
Email breaches are commonplace, and they expose a wealth of personal,
business, and political data that may have devastating consequences. The
current email system allows any attacker who gains access to your email to
prove the authenticity of the stolen messages to third parties -- a property
arising from a necessary anti-spam / anti-spoofing protocol called DKIM. This
exacerbates the problem of email breaches by greatly increasing the potential
for attackers to damage the users' reputation, blackmail them, or sell the
stolen information to third parties.
In this paper, we introduce "non-attributable email", which guarantees that a
wide class of adversaries are unable to convince any third party of the
authenticity of stolen emails. We formally define non-attributability, and
present two practical system proposals -- KeyForge and TimeForge -- that
provably achieve non-attributability while maintaining the important protection
against spam and spoofing that is currently provided by DKIM. Moreover, we
implement KeyForge and demonstrate that that scheme is practical, achieving
competitive verification and signing speed while also requiring 42% less
bandwidth per email than RSA2048
A Plausibly Deniable Encryption Scheme for Personal Data Storage
Even if an encryption algorithm is mathematically strong, humans inevitably make for a weak link in most security protocols. A sufficiently threatening adversary will typically be able to force people to reveal their encrypted data. Methods of deniable encryption seek to mend this vulnerability by allowing for decryption to alternate data which is plausible but not sensitive. Existing schemes which allow for deniable encryption are best suited for use by parties who wish to communicate with one another. They are not, however, ideal for personal data storage. This paper develops a plausibly-deniable encryption system for use with personal data storage, such as hard drive encryption. This is accomplished by narrowing the encryption algorithm’s message space, allowing different plausible plaintexts to correspond to one another under different encryption keys
- …