A PoW-less Bitcoin with Certified Byzantine Consensus

Distributed Ledger Technologies (DLTs), when managed by a few trusted validators, require most but not all of the machinery available in public DLTs. In this work, we explore one possible way to profit from this state of affairs. We devise a combination of a modified Practical Byzantine Fault Tolerant (PBFT) protocol and a revised Flexible Round-Optimized Schnorr Threshold Signatures (FROST) scheme, and then we inject the resulting proof-of-authority consensus algorithm into Bitcoin (chosen for the reliability, openness, and liveliness it brings in), replacing its PoW machinery. The combined protocol may operate as a modern, safe foundation for digital payment systems and Central Bank Digital Currencies (CBDC)

End-to-End Encrypted Group Messaging with Insider Security

Our society has become heavily dependent on electronic communication, and preserving the integrity of this communication has never been more important. Cryptography is a tool that can help to protect the security and privacy of these communications. Secure messaging protocols like OTR and Signal typically employ end-to-end encryption technology to mitigate some of the most egregious adversarial attacks, such as mass surveillance. However, the secure messaging protocols deployed today suffer from two major omissions: they do not natively support group conversations with three or more participants, and they do not fully defend against participants that behave maliciously. Secure messaging tools typically implement group conversations by establishing pairwise instances of a two-party secure messaging protocol, which limits their scalability and makes them vulnerable to insider attacks by malicious members of the group. Insiders can often perform attacks such as rendering the group permanently unusable, causing the state of the group to diverge for the other participants, or covertly remaining in the group after appearing to leave. It is increasingly important to prevent these insider attacks as group conversations become larger, because there are more potentially malicious participants. This dissertation introduces several new protocols that can be used to build modern communication tools with strong security and privacy properties, including resistance to insider attacks. Firstly, the dissertation addresses a weakness in current two-party secure messaging tools: malicious participants can leak portions of a conversation alongside cryptographic proof of authorship, undermining confidentiality. The dissertation introduces two new authenticated key exchange protocols, DAKEZ and XZDH, with deniability properties that can prevent this type of attack when integrated into a secure messaging protocol. DAKEZ provides strong deniability in interactive settings such as instant messaging, while XZDH provides deniability for non-interactive settings such as mobile messaging. These protocols are accompanied by composable security proofs. Secondly, the dissertation introduces Safehouse, a new protocol that can be used to implement secure group messaging tools for a wide range of applications. Safehouse solves the difficult cryptographic problems at the core of secure group messaging protocol design: it securely establishes and manages a shared encryption key for the group and ephemeral signing keys for the participants. These keys can be used to build chat rooms, team communication servers, video conferencing tools, and more. Safehouse enables a server to detect and reject protocol deviations, while still providing end-to-end encryption. This allows an honest server to completely prevent insider attacks launched by malicious participants. A malicious server can still perform a denial-of-service attack that renders the group unavailable or "forks" the group into subgroups that can never communicate again, but other attacks are prevented, even if the server colludes with a malicious participant. In particular, an adversary controlling the server and one or more participants cannot cause honest participants' group states to diverge (even in subtle ways) without also permanently preventing them from communicating, nor can the adversary arrange to covertly remain in the group after all of the malicious participants under its control are removed from the group. Safehouse supports non-interactive communication, dynamic group membership, mass membership changes, an invitation system, and secure property storage, while offering a variety of configurable security properties including forward secrecy, post-compromise security, long-term identity authentication, strong deniability, and anonymity preservation. The dissertation includes a complete proof-of-concept implementation of Safehouse and a sample application with a graphical client. Two sub-protocols of independent interest are also introduced: a new cryptographic primitive that can encrypt multiple private keys to several sets of recipients in a publicly verifiable and repeatable manner, and a round-efficient interactive group key exchange protocol that can instantiate multiple shared key pairs with a configurable knowledge relationship

Physical Unclonability Framework for the Internet of Things

Ph. D. ThesisThe rise of the Internet of Things (IoT) creates a tendency to construct unified architectures with a great number of edge nodes and inherent security risks due to centralisation. At the same time, security and privacy defenders advocate for decentralised solutions which divide the control and the responsibility among the entirety of the network nodes. However, spreading secrets among several parties also expands the attack surface. This conflict is in part due to the difficulty in differentiating between instances of the same hardware, which leads to treating physically distinct devices as identical. Harnessing the uniqueness of each connected device and injecting it into security protocols can provide solutions to several common issues of the IoT. Secrets can be generated directly from this uniqueness without the need to manually embed them into devices, reducing both the risk of exposure and the cost of managing great numbers of devices. Uniqueness can then lead to the primitive of unclonability. Unclonability refers to ensuring the difficulty of producing an exact duplicate of an entity via observing and measuring the entity’s features and behaviour. Unclonability has been realised on a physical level via the use of Physical Unclonable Functions (PUFs). PUFs are constructions that extract the inherent unclonable features of objects and compound them into a usable form, often that of binary data. PUFs are also exceptionally useful in IoT applications since they are low-cost, easy to integrate into existing designs, and have the potential to replace expensive cryptographic operations. Thus, a great number of solutions have been developed to integrate PUFs in various security scenarios. However, methods to expand unclonability into a complete security framework have not been thoroughly studied. In this work, the foundations are set for the development of such a framework through the formulation of an unclonability stack, in the paradigm of the OSI reference model. The stack comprises layers propagating the primitive from the unclonable PUF ICs, to devices, network links and eventually unclonable systems. Those layers are introduced, and work towards the design of protocols and methods for several of the layers is presented. A collection of protocols based on one or more unclonable tokens or authority devices is proposed, to enable the secure introduction of network nodes into groups or neighbourhoods. The role of the authority devices is that of a consolidated, observable root of ownership, whose physical state can be verified. After their introduction, nodes are able to identify and interact with their peers, exchange keys and form relationships, without the need of continued interaction with the authority device. Building on this introduction scheme, methods for establishing and maintaining unclonable links between pairs of nodes are introduced. These pairwise links are essential for the construction of relationships among multiple network nodes, in a variety of topologies. Those topologies and the resulting relationships are formulated and discussed. While the framework does not depend on specific PUF hardware, SRAM PUFs are chosen as a case study since they are commonly used and based on components that are already present in the majority of IoT devices. In the context of SRAM PUFs and with a view to the proposed framework, practical issues affecting the adoption of PUFs in security protocols are discussed. Methods of improving the capabilities of SRAM PUFs are also proposed, based on experimental data.School of Engineering Newcastle Universit

Advanced Remote Attestation Protocols for Embedded Systems

Small integrated computers, so-called embedded systems, have become a ubiquitous and indispensable part of our lives. Every day, we interact with a multitude of embedded systems. They are, for instance, integrated in home appliances, cars, planes, medical devices, or industrial systems. In many of these applications, embedded systems process privacy-sensitive data or perform safety-critical operations. Therefore, it is of high importance to ensure their secure and safe operation. However, recent attacks and security evaluations have shown that embedded systems frequently lack security and can often be compromised and misused with little effort. A promising technique to face the increasing amount of attacks on embedded systems is remote attestation. It enables a third party to verify the integrity of a remote device. Using remote attestation, attacks can be effectively detected, which allows to quickly respond to them and thus minimize potential damage. Today, almost all servers, desktop PCs, and notebooks have the required hardware and software to perform remote attestation. By contrast, a secure and efficient attestation of embedded systems is considerably harder to achieve, as embedded systems have to encounter several additional challenges. In this thesis, we tackle three main challenges in the attestation of embedded systems. First, we address the issue that low-end embedded devices typically lack the required hardware to perform a secure remote attestation. We present an attestation protocol that requires only minimal secure hardware, which makes our protocol applicable to many existing low-end embedded devices while providing high security guarantees. We demonstrate the practicality of our protocol in two applications, namely, verifying code updates in mesh networks and ensuring the safety and security of embedded systems in road vehicles. Second, we target the efficient attestation of multiple embedded devices that are connected in challenging network conditions. Previous attestation protocols are inefficient or even inapplicable when devices are mobile or lack continuous connectivity. We propose an attestation protocol that particularly targets the efficient attestation of many devices in highly dynamic and disruptive networks. Third, we consider a more powerful adversary who is able to physically tamper with the hardware of embedded systems. Existing attestation protocols that address physical attacks suffer from limited scalability and robustness. We present two protocols that are capable of verifying the software integrity as well as the hardware integrity of embedded devices in an efficient and robust way. Whereas the first protocol is optimized towards scalability, the second protocol aims at robustness and is additionally suited to be applied in autonomous networks. In summary, this thesis contributes to enhancing the security, efficiency, robustness, and applicability of remote attestation for embedded systems

Sécurité collaborative pour l internet des objets

Cette thèse aborde des nouveaux défis de sécurité dans l'Internet des Objets (IdO). La transition actuelle de l'Internet classique vers l'Internet des Objets conduit à de nombreux changements dans les modèles de communications sous-jacents. La nature hétérogène des communications de l IdO et le déséquilibre entre les capacités des entités communicantes qui le constituent rendent difficile l'établissement de connexions sécurisées de bout en bout. Contrairement aux nœuds de l Internet traditionnel, la plupart des composants de l'Internet des Objets sont en effet caractérisés par de faibles capacités en termes d'énergie et de puissance calcul. Par conséquent, ils ne sont pas en mesure de supporter des systèmes de sécurité complexes. En particulier, la mise en place d'un canal de communication sécurisé de bout en bout nécessite l établissement d'une clé secrète commune entre les deux nœuds souhaitant communiquer, qui sera négociée en s'appuyant sur un protocole d'échange de clés tels que le Transport Layer Security (TLS) Handshake ou l Internet Key Exchange (IKE). Or, une utilisation directe de ces protocoles pour établir des connexions sécurisées entre deux entités de l IdO peut être difficile en raison de l'écart technologique entre celles-ci et des incohérences qui en résultent sur le plan des primitives cryptographiques supportées. Le sujet de l'adaptation des protocoles de sécurité existants pour répondre à ces nouveaux défis a récemment été soulevé dans la communauté scientifique. Cependant, les premières solutions proposées n'ont pas réussi à répondre aux besoins des nœuds à ressources limitées. Dans cette thèse, nous proposons de nouvelles approches collaboratives pour l'établissement de clés, dans le but de réduire les exigences des protocoles de sécurité existants, afin que ceux-ci puissent être mis en œuvre par des nœuds à ressources limitées. Nous avons particulièrement retenu les protocoles TLS Handshake, IKE et HIP BEX comme les meilleurs candidats correspondant aux exigences de sécurité de bout en bout pour l'IdO. Puis nous les avons modifiés de sorte que le nœud contraint en énergie puisse déléguer les opérations cryptographiques couteuses à un ensemble de nœuds au voisinage, tirant ainsi avantage de l'hétérogénéité spatiale qui caractérise l IdO. Nous avons entrepris des vérifications formelles de sécurité et des analyses de performance qui prouvent la sureté et l'efficacité énergétique des protocoles collaboratifs proposés. Dans une deuxième partie, nous avons porté notre attention sur une classe d attaques internes que la collaboration entre les nœuds peut induire et que les mécanismes cryptographiques classiques, tels que la signature et le chiffrement, s'avèrent impuissants à contrer. Cela nous a amené à introduire la notion de confiance au sein d'un groupe collaboratif. Le niveau de fiabilité d'un nœud est évalué par un mécanisme de sécurité dédié, connu sous le nom de système de gestion de confiance. Ce système est lui aussi instancié sur une base collaborative, dans laquelle plusieurs nœuds partagent leurs témoignages respectifs au sujet de la fiabilité des autres nœuds. En nous appuyant sur une analyse approfondie des systèmes de gestion de confiance existants et des contraintes de l IoD, nous avons conçu un système de gestion de confiance efficace pour nos protocoles collaboratifs. Cette efficacité a été évaluée en tenant compte de la façon dont le système de gestion de la confiance répond aux exigences spécifiques à nos approches proposées pour l'établissement de clés dans le contexte de l'IdO. Les résultats des analyses de performance que nous avons menées démontrent le bon fonctionnement du système proposé et une efficacité accrue par rapport à la littératureThis thesis addresses new security challenges in the Internet of Things (IoT). The current transition from legacy Internet to Internet of Things leads to multiple changes in its communication paradigms. Wireless sensor networks (WSNs) initiated this transition by introducing unattended wireless topologies, mostly made of resource constrained nodes, in which radio spectrum therefore ceased to be the only resource worthy of optimization. Today's Machine to Machine (M2M) and Internet of Things architectures further accentuated this trend, not only by involving wider architectures but also by adding heterogeneity, resource capabilities inconstancy and autonomy to once uniform and deterministic systems. The heterogeneous nature of IoT communications and imbalance in resources capabilities between IoT entities make it challenging to provide the required end-to-end secured connections. Unlike Internet servers, most of IoT components are characterized by low capabilities in terms of both energy and computing resources, and thus, are unable to support complex security schemes. The setup of a secure end-to-end communication channel requires the establishment of a common secret key between both peers, which would be negotiated relying on standard security key exchange protocols such as Transport Layer Security (TLS) Handshake or Internet Key Exchange (IKE). Nevertheless, a direct use of existing key establishment protocols to initiate connections between two IoT entities may be impractical because of the technological gap between them and the resulting inconsistencies in their cryptographic primitives. The issue of adapting existing security protocols to fulfil these new challenges has recently been raised in the international research community but the first proposed solutions failed to satisfy the needs of resource-constrained nodes. In this thesis, we propose novel collaborative approaches for key establishment designed to reduce the requirements of existing security protocols, in order to be supported by resource-constrained devices. We particularly retained TLS handshake, Internet key Exchange and HIP BEX protocols as the best keying candidates fitting the end-to-end security requirements of the IoT. Then we redesigned them so that the constrained peer may delegate its heavy cryptographic load to less constrained nodes in neighbourhood exploiting the spatial heterogeneity of IoT nodes. Formal security verifications and performance analyses were also conducted to ensure the security effectiveness and energy efficiency of our collaborative protocols. However, allowing collaboration between nodes may open the way to a new class of threats, known as internal attacks that conventional cryptographic mechanisms fail to deal with. This introduces the concept of trustworthiness within a collaborative group. The trustworthiness level of a node has to be assessed by a dedicated security mechanism known as a trust management system. This system aims to track nodes behaviours to detect untrustworthy elements and select reliable ones for collaborative services assistance. In turn, a trust management system is instantiated on a collaborative basis, wherein multiple nodes share their evidences about one another's trustworthiness. Based on an extensive analysis of prior trust management systems, we have identified a set of best practices that provided us guidance to design an effective trust management system for our collaborative keying protocols. This effectiveness was assessed by considering how the trust management system could fulfil specific requirements of our proposed approaches for key establishment in the context of the IoT. Performance analysis results show the proper functioning and effectiveness of the proposed system as compared with its counterparts that exist in the literatureEVRY-INT (912282302) / SudocSudocFranceF

Reusing Nonces in Schnorr Signatures: (and Keeping It Secure...)

International audienc

Secure Multi-Party Computation In Practice

Secure multi-party computation (MPC) is a cryptographic primitive for computing on private data. MPC provides strong privacy guarantees, but practical adoption requires high-quality application design, software development, and resource management. This dissertation aims to identify and reduce barriers to practical deployment of MPC applications. First, the dissertation evaluates the design, capabilities, and usability of eleven state-of-the-art MPC software frameworks. These frameworks are essential for prototyping MPC applications, but their qualities vary widely; the survey provides insight into their current abilities and limitations. A comprehensive online repository augments the survey, including complete build environments, sample programs, and additional documentation for each framework. Second, the dissertation applies these lessons in two practical applications of MPC. The first addresses algorithms for assessing stability in financial networks, traditionally designed in a full-information model with a central regulator or data aggregator. This case study describes principles to transform two such algorithms into data-oblivious versions and benchmark their execution under MPC using three frameworks. The second aims to enable unlinkability of payments made with blockchain-based cryptocurrencies. This study uses MPC in conjunction with other privacy techniques to achieve unlinkability in payment channels. Together, these studies illuminate the limitations of existing software, develop guidelines for transforming non-private algorithms into versions suitable for execution under MPC, and illustrate the current practical feasibility of MPC as a solution to a wide variety of applications