Optimal Transport Layer for Secure Computation

We explore two main issues in the performance of Secure Two- Party Computation (2PC): (1) interaction of 2PC with the transport layer and (2) evaluation of 2PC implementations. Transport layer: Although significantly improved, the performance of 2PC is still prohibitive for practical systems. Contrary to the common belief that bandwidth is the remaining bottleneck for 2PC implementation, we show that the network is under-utilised due to the use of standard TCP sockets. Nevertheless, using other sockets is a nontrivial task: the developers of secure computation need to integrate them into the operating systems, which is challenging even for systems experts. To resolve this issue, and break the efficiency barrier of 2PC, we design and develop a framework, we call Transputation, which automates the integration of transport layer sockets into 2PC implementations. The goal of Transputation is to enable developers of 2PC protocols to easily identify and use the optimal transport layer protocol for the given computation task and network conditions and hence to improve performance of secure computation. We integrated selected transport layer protocols into Transputation and evaluated the performance for a number of computational tasks. As a highlight, even a general purpose transport layer protocol, such as SABUL, improves the run-time of 2PC over TCP on EU-Australia connection for circuits with $> 10^6$ Boolean gates by a factor of $8$. Evaluations of 2PC: Evaluations of 2PC implementations do not reflect performance in real networks since they are typically done on simulated environments and even more often on a single host. To address this issue, we provide a testbed platform for evaluation of 2PC implementations in real life settings on the Internet

Securing DNSSEC Keys via Threshold ECDSA From Generic MPC

Deployment of DNSSEC, although increasing, still suffers from many practical issues that results in a false sense of security. While many domains outsource zone management, they also have to outsource DNSSEC key management to the DNS operator, making the operator an attractive target for attackers. Moreover, DNSSEC does not provide any sort of protection in the case the operator itself decides to serve false information, for example, if it gets compromised. In this work, we show how to use techniques from threshold ECDSA: (1) to protect keys such that domains do not reveal their signing keys to a DNS operator, and (2) to protect the operational integrity of DNS operator. As a result of being highly specialized, prior work on threshold ECDSA has focused on a limited set of threat models, and none have so far considered techniques to amortize signature generation.creation. Our work takes a different approach and presents a generic technique for obtaining a threshold ECDSA protocol from any secure multiparty computation protocol that works over an appropriate finite field. We show how this technique lends itself to very efficient threshold signing protocols by comparing it against state-of-the-art protocols from both academia and industry. For similar threat models, our protocols are as fast as the previous best protocol in terms of signing, and up to an order of magnitude faster for key generation on a fast network. Finally, we show how to integrate our application into a widely used DNS management software and demonstrate through experiments the overhead compared to traditional DNSSECs

Practical Secure Computation for Internet Infrastructure

The Internet has been a boon in the lives of many in the world, opening up opportunities that may have been unknown or inaccessible to them. The growth in the availability of computational resources has made it possible to collect, compile, store, process and interpret data at a scale that was not imaginable in the past. The combination of the Internet and computing resources has resulted in a world that creates more data every year than ever in the past, where data can be harvested for the benefit of society. However, when the surface seems too shiny, the dangers lurk nearby. One such danger is privacy violation that can take several forms including nosy corporate employees, hacked databases as well as government coercion of centralised authorities that manage the Internet infrastructure. Secure multi-party computation (MPC) is a cryptographic tool for privacy-preserving computation. MPC allows multiple entities to perform joint computation over their private inputs, revealing only the output. Although the theoretical foundations for the two-party variant, secure two-party computation (2PC), were introduced in the 1980s, MPC has not yet seen widespread deployment in spite of its benefits. Not only is MPC useful when data needs to be processed, but it is also useful when cryptographic data such as signing keys are to be kept securely. In this thesis, we make MPC practical to secure Internet infrastructure. While MPC has been applied to many applications, it has not yet been used to secure Internet infrastructure. In the process of making MPC practical, we address several challenges in this thesis. First, we observe that the practical performance of 2PC can be improved by the use of different transport layer protocols. On the basis of this observation, we develop a framework that automates the integration of transport layer protocols into 2PC implementations. We show through extensive evaluations that the efficiency gained by using better transport layer protocols is sometimes much greater than that can be achieved by using stronger security assumptions. Second, we observe a practical security issue where mechanisms to secure fundamental protocols of the Internet infrastructure, such as routing and domain name system, rely on centralised authorities. In particular, signing keys that should be held by domain owners and Internet number resource owners in security mechanisms for Internet infrastructure are instead outsourced to centralised authorities. Nevertheless, vulnerabilities as well as conflict of interests often make the requirement for trust unsuitable for practical purposes. We replace trust in centralised authorities by designing systems that use MPC and distribute trust. Finally, we design and implement efficient threshold signature protocols, a specific instance of MPC, that we use to improve the security of Internet infrastructure. Our design uses a generic transformation to turn essentially any MPC protocol into an equally secure and efficient protocol that computes signatures in a threshold setting. Our design is the first to support preprocessing (independent of the message being signed as well as the key being used to sign), which is crucial for practical efficiency as it adds minimal overhead compared to the approach of centralised authorities being in charge of the keys

Incorporating Leveled Homomorphic Encryption-based Private Information Retrieval in Federated eID Schemes to Enhance User Privacy

Numerous services are being offered over the Internet and require identification of users as in face-to-face interactions. To simplify the authentication procedure and reduce the need to manage multiple credentials to access services, Electronic Identification (eID) schemes have been introduced. eID schemes commonly involve many service providers (SPs) which provide services, such as online shopping, social networks, etc. to users and identity providers (IDPs) which verify the identity of users and facilitate the users to authenticate him/herself to SPs. In federated eID schemes, IDPs store identifiable user information (attributes), often with a unique ID, and attest on these attributes to SPs. In this work we address the privacy concerns of storing user attributes at the IDP which allows the IDP to profile the behaviour and activities of users. We propose to store the attributes in a privacy friendly manner so that they cannot be directly linked to a particular user even if the data is leaked. Then we include an additional step incorporating private information retrieval (PIR) in the usual authentication flow of federated eID scheme so that the IDP can perform its role of authenticating and managing the user’s identity without turning into a privacy hotspot. The privacy enhancement offered by our work needs to be accompanied by privacy-friendly authentication, which does not reveal the identity of the user, to be effective. Finally, through a proof-of-concept implementation we show a practical variant of our scheme in which the IDP, with millions of users, partitions its database.Electrical Engineering, Mathematics and Computer ScienceIntelligent System

Privacy Preserving and Resilient RPKI

Resource Public Key Infrastructure (RPKI) is vital to the security of inter-domain routing. However, RPKI enables Regional Internet Registries (RIRs) to unilaterally takedown IP prefixes - indeed, such attacks have been launched by nation-state adversaries. The threat of IP prefix takedowns is one of the factors hindering RPKI adoption. In this work, we propose the first distributed RPKI system, based on threshold signatures, that requires the coordination of a number of RIRs to make changes to RPKI objects; hence, preventing unilateral prefix takedown. We perform extensive evaluations using our implementation demonstrating the practicality of our solution. Furthermore, we show that our system is scalable and remains efficient even when RPKI is widely deployed

Optimal Transport Layer for Secure Computation

We explore two main issues in the performance of Secure Two- Party Computation (2PC): (1) interaction of 2PC with the transport layer and (2) evaluation of 2PC implementations. Transport layer: Although significantly improved, the performance of 2PC is still prohibitive for practical systems. Contrary to the common belief that bandwidth is the remaining bottleneck for 2PC implementation, we show that the network is under-utilised due to the use of standard TCP sockets. Nevertheless, using other sockets is a nontrivial task: the developers of secure computation need to integrate them into the operating systems, which is challenging even for systems experts. To resolve this issue, and break the efficiency barrier of 2PC, we design and develop a framework, we call Transputation, which automates the integration of transport layer sockets into 2PC implementations. The goal of Transputation is to enable developers of 2PC protocols to easily identify and use the optimal transport layer protocol for the given computation task and network conditions and hence to improve performance of secure computation. We integrated selected transport layer protocols into Transputation and evaluated the performance for a number of computational tasks. As a highlight, even a general purpose transport layer protocol, such as SABUL, improves the run-time of 2PC over TCP on EU-Australia connection for circuits with $> 10^6$ Boolean gates by a factor of $8$. Evaluations of 2PC: Evaluations of 2PC implementations do not reflect performance in real networks since they are typically done on simulated environments and even more often on a single host. To address this issue, we provide a testbed platform for evaluation of 2PC implementations in real life settings on the Internet