41 research outputs found
An Internet-Wide Analysis of Diffie-Hellman Key Exchange and X.509 Certificates in TLS
Transport Layer Security (TLS) is a mature cryptographic protocol, but has flexibility during implementation which can introduce exploitable flaws. New vulnerabilities are routinely discovered that affect the security of TLS implementations.
We discovered that discrete logarithm implementations have poor parameter validation, and we mathematically constructed a deniable backdoor to exploit this flaw in the finite field Diffie-Hellman key exchange. We described attack vectors an attacker could use to position this backdoor, and outlined a man-in-the-middle attack that exploits the backdoor to force Diffie-Hellman use during the TLS connection.
We conducted an Internet-wide survey of ephemeral finite field Diffie-Hellman (DHE) across TLS and STARTTLS, finding hundreds of potentially backdoored DHE parameters and partially recovering the private DHE key in some cases. Disclosures were made to companies using these parameters, resulting in a public security advisory and discussions with the CTO of a billion-dollar company.
We conducted a second Internet-wide survey investigating X.509 certificate name mismatch errors, finding approximately 70 million websites invalidated by these errors and additionally discovering over 1000 websites made inaccessible due to a combination of forced HTTPS and mismatch errors. We determined that name mismatch errors occur largely due to certificate mismanagement by web hosting and content delivery network companies. Further research into TLS implementations is necessary to encourage the use of more secure parameters
Elliptic Curve Cryptography Services for Mobile Operating Systems
Mobile devices as smartphones, tablets and laptops, are nowadays considered indispensable objects
by most people in developed countries. A s personal and work assistant s , some of th e s e
devices store , process and transmit sensitive and private data. Naturally , the number of mobile
applications with integrated cryptographic mechanisms or offering security services has been
significantly increasing in the last few years. Unfortunately, not all of those applications are secure
by design, while other may not implement the cryptographic primitives correctly. Even the
ones that implement them correctly may suffer from longevity problems, since cryptographic
primitives that are considered secure nowadays may become obsolete in the next few years.
Rivest, Shamir and Adleman (RSA) is an example of an widely used cryptosystem that may become
depleted shorty . While the security issues in the mobile computing environment may be of
median severity for casual users, they may be critical for several professional classes, namely
lawyers, journalists and law enforcement agents. As such, it is important to approach these
problems in a structured manner.
This master’s program is focused on the engineering and implementation of a mobile application
offering a series of security services. The application was engineered to be secure by design
for the Windows Phone 8.1 Operating System (OS) which, at the time of writing this dissertation,
was the platform with the most discreet offer in terms of applications of this type. The
application provides services such as secure exchange of a cryptographic secret, encryption and
digital signature of messages and files, management of contacts and encryption keys and secure
password generation and storage. Part of the cryptographic primitives used in this work
are from the Elliptic Curve Cryptography (ECC) theory, for which the discrete logarithm problem
is believed to be harder and key handling is easier. The library defining a series of curves
and containing the procedures and operations supporting the ECC primitives was implemented
from scratch, since there was none available, comprising one of the contributions of this work.
The work evolved from the analysis of the state-of-the-art to the requirements analysis and
software engineering phase, thoroughly described herein, ending up with the development of a
prototype. The engineering of the application included the definition of a trust model for the
exchange of public keys and the modeling of the supporting database.
The most visible outcomes of this master’s program are the fully working prototype of a mobile
application offering the aforementioned security services, the implementation of an ECC
library for the .NET framework, and this dissertation. The source code for the ECC library was
made available online on GitHub with the name ECCryptoLib [Ana15]. Its development and
improvement was mostly dominated by unit testing. The library and the mobile application
were developed in C?. The level of security offered by the application is guaranteed via the
orchestration and combination of state-of-the-art symmetric key cryptography algorithms, as the Advanced Encryption Standard (AES) and Secure Hash Algorithm 256 (SHA256) with the ECC
primitives. The generation of passwords is done by using several sensors and inputs as entropy
sources, which are fed to a cryptographically secure hash function. The passwords are stored in
an encrypted database, whose encryption key changes every time it is opened, obtained using
a Password-Based Key Derivation Function 2 (PBKDF2) from a master password. The trust model
for the public keys designed in the scope of this work is inspired in Pretty Good Privacy (PGP),
but granularity of the trust levels is larger.Dispositivos móveis como computadores portáteis, smartphones ou tablets, são, nos dias de
hoje, considerados objectos indispensáveis pela grande maioria das pessoas residentes em paÃses
desenvolvidos. Por serem utilizados como assistentes pessoais ou de trabalho, alguns destes
dispositivos guardam, processam e transmitem dados sensÃveis ou privados. Naturalmente,
o número de aplicações móveis com mecanismos criptográficos integrados ou que oferecem
serviços de segurança, tem vindo a aumentar de forma significativa nos últimos anos. Infelizmente,
nem todas as aplicações são seguras por construção, e outras podem não implementar
as primitivas criptográficas corretamente. Mesmo aquelas que as implementam corretamente
podem sofrer de problemas de longevidade, já que primitivas criptográficas que são hoje em dia
consideradas seguras podem tornar-se obsoletas nos próximos anos. O Rivest, Shamir and Adleman
(RSA) constitui um exemplo de um sistema criptográfico muito popular que se pode tornar
obsoleto a curto prazo. Enquanto que os problemas de segurança em ambientes de computação
móvel podem ser de média severidade para utilizadores casuais, estes são normalmente crÃticos
para várias classes profissionais, nomeadamente advogados, jornalistas e oficiais da justiça. É,
por isso, importante, abordar estes problemas de uma forma estruturada.
Este programa de mestrado foca-se na engenharia e implementação de uma aplicação móvel
que oferece uma série de serviços de segurança. A aplicação foi desenhada para ser segura por
construção para o sistema operativo Windows Phone 8.1 que, altura em que esta dissertação foi
escrita, era a plataforma com a oferta mais discreta em termos de aplicações deste tipo. A aplicação
fornece funcionalidades como trocar um segredo criptográfico entre duas entidades de
forma segura, cifra, decifra e assinatura digital de mensagens e ficheiros, gestão de contactos
e chaves de cifra, e geração e armazenamento seguro de palavras-passe. Parte das primitivas
criptográficas utilizadas neste trabalho fazem parte da teoria da criptografia em curvas elÃpticas,
para a qual se acredita que o problema do logaritmo discreto é de mais difÃcil resolução
e para o qual a manipulação de chaves é mais simples. A biblioteca que define uma série de
curvas, e contendo os procedimentos e operações que suportam as primitivas criptográficas, foi
totalmente implementada no âmbito deste trabalho, dado ainda não existir nenhuma disponÃvel
no seu inÃcio, compreendendo assim uma das suas contribuições. O trabalho evoluiu da análise
do estado da arte para o levantamento dos requisitos e para a fase de engenharia de software,
aqui descrita detalhadamente, culminando no desenvolvimento de um protótipo. A engenharia
da aplicação incluiu a definição de um sistema de confiança para troca de chaves públicas e
também modelação da base de dados de suporte.
Os resultados mais visÃveis deste programa de mestrado são o protótipo da aplicação móvel, completamente
funcional e disponibilizando as funcionalidades de segurança acima mencionadas,
a implementação de uma biblioteca Elliptic Curve Cryptography (ECC) para framework .NET, e esta dissertação. O código fonte com a implementação da biblioteca foi publicada online.
O seu desenvolvimento e melhoramento foi sobretudo dominado por testes unitários. A biblioteca
e a aplicação móvel foram desenvolvidas em C?. O nÃvel de segurança oferecido pela
aplicação é garantido através da orquestração e combinação de algoritmos da criptografia de
chave simétrica atuais, como o Advanced Encryption Standard (AES) e o Secure Hash Algorithm
256 (SHA256), com as primitivas ECC. A geração de palavras-passe é feita recorrendo utilizando
vários sensores e dispoitivos de entrada como fontes de entropia, que posteriormente são alimentadas
a uma função de hash criptográfica. As palavras-passe são guardadas numa base de
dados cifrada, cuja chave de cifra muda sempre que a base de dados é aberta, sendo obtida
através da aplicação de um Password-Based Key Derivation Function 2 (PBKDF2) a uma palavrapasse
mestre. O modelo de confiança para chaves públicas desenhado no âmbito deste trabalho
é inspirado no Pretty Good Privacy (PGP), mas a granularidade dos nÃveis de confiança é superior
Secure Chaotic Maps-based Group Key Agreement Scheme with Privacy Preserving
Abstract Nowadays chaos theory related to cryptography has been addressed widely, so there is an intuitive connection between group key agreement and chaotic maps. Such a connector may lead to a novel way to construct authenticated and efficient group key agreement protocols. Many chaotic maps based two-party/three-party password authenticated key agreement (2PAKA/3PAKA) schemes have been proposed. However, to the best of our knowledge, no chaotic maps based group (N-party) key agreement protocol without using a timestamp and password has been proposed yet. In this paper, we propose the first chaotic maps-based group authentication key agreement protocol. The proposed protocol is based on chaotic maps to create a kind of signcryption method to transmit authenticated information and make the calculated consumption and communicating round restrict to an acceptable bound. At the same time our proposed protocol can achieve members' revocation or join easily, which not only refrains from consuming modular exponential computing and scalar multiplication on an elliptic curve, but is also robust to resist various attacks and achieves perfect forward secrecy with privacy preserving
Authentication schemes for Smart Mobile Devices: Threat Models, Countermeasures, and Open Research Issues
The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.This paper presents a comprehensive investigation of authentication schemes for smart mobile devices. We start by providing an overview of existing survey articles published in the recent years that deal with security for mobile devices. Then, we give a classification of threat models in smart mobile devices in five categories, including, identity-based attacks, eavesdropping-based attacks, combined eavesdropping and identity-based attacks, manipulation-based attacks, and service-based attacks. This is followed by a description of multiple existing threat models. We also provide a classification of countermeasures into four types of categories, including, cryptographic functions, personal identification, classification algorithms, and channel characteristics. According to the characteristics of the countermeasure along with the authentication model iteself, we categorize the authentication schemes for smart mobile devices in four categories, namely, 1) biometric-based authentication schemes, 2) channel-based authentication schemes, 3) factors-based authentication schemes, and 4) ID-based authentication schemes. In addition, we provide a taxonomy and comparison of authentication schemes for smart mobile devices in form of tables. Finally, we identify open challenges and future research directions
An architecture for secure data management in medical research and aided diagnosis
Programa Oficial de Doutoramento en TecnoloxÃas da Información e as Comunicacións. 5032V01[Resumo] O Regulamento Xeral de Proteccion de Datos (GDPR) implantouse o 25 de maio de 2018 e considerase o desenvolvemento mais importante na regulacion da privacidade de datos dos ultimos 20 anos. As multas fortes definense por violar esas regras e non e algo que os centros sanitarios poidan permitirse ignorar. O obxectivo principal desta tese e estudar e proponer unha capa segura/integracion para os curadores de datos sanitarios, onde: a conectividade entre sistemas illados (localizacions), a unificacion de rexistros nunha vision centrada no paciente e a comparticion de datos coa aprobacion do consentimento sexan as pedras angulares de a arquitectura controlar a sua identidade, os perfis de privacidade e as subvencions de acceso. Ten como obxectivo minimizar o medo a responsabilidade legal ao compartir os rexistros medicos mediante o uso da anonimizacion e facendo que os pacientes sexan responsables de protexer os seus propios rexistros medicos, pero preservando a calidade do tratamento do paciente. A nosa hipotese principal e: os conceptos Distributed Ledger e Self-Sovereign Identity son unha simbiose natural para resolver os retos do GDPR no contexto da saude? Requirense solucions para que os medicos e investigadores poidan manter os seus fluxos de traballo de colaboracion sen comprometer as regulacions.
A arquitectura proposta logra eses obxectivos nun ambiente descentralizado adoptando perfis de privacidade de datos illados.[Resumen] El Reglamento General de Proteccion de Datos (GDPR) se implemento el 25 de mayo de 2018 y se considera el desarrollo mas importante en la regulacion de privacidad de datos en los ultimos 20 anos. Las fuertes multas estan definidas por violar esas reglas y no es algo que los centros de salud puedan darse el lujo de ignorar. El objetivo principal de esta tesis es estudiar y proponer una capa segura/de integración para curadores de datos de atencion medica, donde: la conectividad entre sistemas aislados (ubicaciones), la unificacion de registros en una vista centrada en el paciente y el intercambio de datos con la aprobacion del consentimiento son los pilares de la arquitectura propuesta. Esta propuesta otorga al titular de los datos un rol central, que le permite controlar su identidad, perfiles de privacidad y permisos de acceso. Su objetivo es minimizar el temor a la responsabilidad legal al compartir registros medicos utilizando el anonimato y haciendo que los pacientes sean responsables de proteger sus propios registros medicos, preservando al mismo tiempo la calidad del tratamiento del paciente. Nuestra hipotesis principal es: .son los conceptos de libro mayor distribuido e identidad autosuficiente una simbiosis natural para resolver los desafios del RGPD en el contexto de la atencion medica? Se requieren soluciones para que los medicos y los investigadores puedan mantener sus flujos de trabajo de colaboracion sin comprometer las regulaciones.
La arquitectura propuesta logra esos objetivos en un entorno descentralizado mediante la adopcion de perfiles de privacidad de datos aislados.[Abstract] The General Data Protection Regulation (GDPR) was implemented on 25 May 2018 and is considered the most important development in data privacy regulation in the last 20 years. Heavy fines are defined for violating those rules and is not something that healthcare centers can afford to ignore. The main goal of this thesis is to study and propose a secure/integration layer for healthcare data curators, where: connectivity between isolated systems (locations), unification of records in a patientcentric view and data sharing with consent approval are the cornerstones of the proposed architecture. This proposal empowers the data subject with a central role, which allows to control their identity, privacy profiles and access grants. It aims to minimize the fear of legal liability when sharing medical records by using anonymisation and making patients responsible for securing their own medical records, yet preserving the patient’s quality of treatment. Our main hypothesis is: are the Distributed Ledger and Self-Sovereign Identity concepts a natural symbiosis to solve the GDPR challenges in the context of healthcare? Solutions are required so that clinicians and researchers can maintain their collaboration workflows without compromising regulations. The proposed architecture accomplishes those objectives in a decentralized environment by adopting isolated data privacy profiles
End-to-End Encrypted Group Messaging with Insider Security
Our society has become heavily dependent on electronic communication, and preserving the integrity of this communication has never been more important. Cryptography is a tool that can help to protect the security and privacy of these communications. Secure messaging protocols like OTR and Signal typically employ end-to-end encryption technology to mitigate some of the most egregious adversarial attacks, such as mass surveillance. However, the secure messaging protocols deployed today suffer from two major omissions: they do not natively support group conversations with three or more participants, and they do not fully defend against participants that behave maliciously. Secure messaging tools typically implement group conversations by establishing pairwise instances of a two-party secure messaging protocol, which limits their scalability and makes them vulnerable to insider attacks by malicious members of the group. Insiders can often perform attacks such as rendering the group permanently unusable, causing the state of the group to diverge for the other participants, or covertly remaining in the group after appearing to leave. It is increasingly important to prevent these insider attacks as group conversations become larger, because there are more potentially malicious participants. This dissertation introduces several new protocols that can be used to build modern communication tools with strong security and privacy properties, including resistance to insider attacks.
Firstly, the dissertation addresses a weakness in current two-party secure messaging tools: malicious participants can leak portions of a conversation alongside cryptographic proof of authorship, undermining confidentiality. The dissertation introduces two new authenticated key exchange protocols, DAKEZ and XZDH, with deniability properties that can prevent this type of attack when integrated into a secure messaging protocol. DAKEZ provides strong deniability in interactive settings such as instant messaging, while XZDH provides deniability for non-interactive settings such as mobile messaging. These protocols are accompanied by composable security proofs.
Secondly, the dissertation introduces Safehouse, a new protocol that can be used to implement secure group messaging tools for a wide range of applications. Safehouse solves the difficult cryptographic problems at the core of secure group messaging protocol design: it securely establishes and manages a shared encryption key for the group and ephemeral signing keys for the participants. These keys can be used to build chat rooms, team communication servers, video conferencing tools, and more. Safehouse enables a server to detect and reject protocol deviations, while still providing end-to-end encryption. This allows an honest server to completely prevent insider attacks launched by malicious participants. A malicious server can still perform a denial-of-service attack that renders the group unavailable or "forks" the group into subgroups that can never communicate again, but other attacks are prevented, even if the server colludes with a malicious participant. In particular, an adversary controlling the server and one or more participants cannot cause honest participants' group states to diverge (even in subtle ways) without also permanently preventing them from communicating, nor can the adversary arrange to covertly remain in the group after all of the malicious participants under its control are removed from the group. Safehouse supports non-interactive communication, dynamic group membership, mass membership changes, an invitation system, and secure property storage, while offering a variety of configurable security properties including forward secrecy, post-compromise security, long-term identity authentication, strong deniability, and anonymity preservation. The dissertation includes a complete proof-of-concept implementation of Safehouse and a sample application with a graphical client. Two sub-protocols of independent interest are also introduced: a new cryptographic primitive that can encrypt multiple private keys to several sets of recipients in a publicly verifiable and repeatable manner, and a round-efficient interactive group key exchange protocol that can instantiate multiple shared key pairs with a configurable knowledge relationship