chosen ciphertext secure public key encryption …fais.jsiam.org/doc/20110916-yoneyama.pdf2011/09/16...
TRANSCRIPT
![Page 1: Chosen Ciphertext Secure Public Key Encryption …fais.jsiam.org/doc/20110916-yoneyama.pdf2011/09/16 · Unfortunately, we have no (DH-type) protocol which is secure in the seCK model](https://reader033.vdocuments.net/reader033/viewer/2022050310/5f72545c6e3465024918266c/html5/thumbnails/1.jpg)
途中計算情報の漏洩に対する 認証鍵交換プロトコルの安全性考察
2011/9/16 米山 一樹
NTT Information Sharing Platform Laboratories
![Page 2: Chosen Ciphertext Secure Public Key Encryption …fais.jsiam.org/doc/20110916-yoneyama.pdf2011/09/16 · Unfortunately, we have no (DH-type) protocol which is secure in the seCK model](https://reader033.vdocuments.net/reader033/viewer/2022050310/5f72545c6e3465024918266c/html5/thumbnails/2.jpg)
Aim of this work
2
Security classification of previous (Diffie-Hellman type) AKE schemes in the seCK model Security reconsideration of SMQV protocol – SMQV was proved to be secure in the seCK model.
seCK model : security against leakage of intermediate computation results
![Page 3: Chosen Ciphertext Secure Public Key Encryption …fais.jsiam.org/doc/20110916-yoneyama.pdf2011/09/16 · Unfortunately, we have no (DH-type) protocol which is secure in the seCK model](https://reader033.vdocuments.net/reader033/viewer/2022050310/5f72545c6e3465024918266c/html5/thumbnails/3.jpg)
Outline
Introduction – DH-type AKE – Security models – SMQV protocol
SMQV revisited – Original proof strategy for ICR reveal – Proof error
Classification
3
![Page 4: Chosen Ciphertext Secure Public Key Encryption …fais.jsiam.org/doc/20110916-yoneyama.pdf2011/09/16 · Unfortunately, we have no (DH-type) protocol which is secure in the seCK model](https://reader033.vdocuments.net/reader033/viewer/2022050310/5f72545c6e3465024918266c/html5/thumbnails/4.jpg)
(DH-type) authenticated key exchange
4
Static secret key
(SSK)
Ephemeral secret key
(ESK)
a X = gx
x y Y = gy
b
SK = F(a,b,x,y)
ga gb Static public key
(SPK)
Ephemeral public key
(EPK)
Session key
![Page 5: Chosen Ciphertext Secure Public Key Encryption …fais.jsiam.org/doc/20110916-yoneyama.pdf2011/09/16 · Unfortunately, we have no (DH-type) protocol which is secure in the seCK model](https://reader033.vdocuments.net/reader033/viewer/2022050310/5f72545c6e3465024918266c/html5/thumbnails/5.jpg)
Security models for AKE
5
BR model
CK model eCK model
seCK model
basic semantic security
leakage of session state
(no explicit def.)
leakage of ephemeral secret
leakage of intermediate computation result + ephemeral secret
incomparable
![Page 6: Chosen Ciphertext Secure Public Key Encryption …fais.jsiam.org/doc/20110916-yoneyama.pdf2011/09/16 · Unfortunately, we have no (DH-type) protocol which is secure in the seCK model](https://reader033.vdocuments.net/reader033/viewer/2022050310/5f72545c6e3465024918266c/html5/thumbnails/6.jpg)
HMQV protocol
6
a
x A
X = gx
Y
KA=ga KB
D=H1(X,B), E=H1(Y,A)
ExpA=x+Da
SigA=(YKBE)ExpA
SK=H2(SigA)
Inter. comp. results (ICR)
![Page 7: Chosen Ciphertext Secure Public Key Encryption …fais.jsiam.org/doc/20110916-yoneyama.pdf2011/09/16 · Unfortunately, we have no (DH-type) protocol which is secure in the seCK model](https://reader033.vdocuments.net/reader033/viewer/2022050310/5f72545c6e3465024918266c/html5/thumbnails/7.jpg)
Attack (atk 1) to HMQV with ICR [SEVB10]
7
A X = gx
[1st session]
Y = gy B ExpA=x+Da, SigA
Adv
[2nd session] ICR reveal
X = gx
B Y’ = gy’
SigA’=(Y’KBE)ExpA
Adv successfully impersonates A to B
![Page 8: Chosen Ciphertext Secure Public Key Encryption …fais.jsiam.org/doc/20110916-yoneyama.pdf2011/09/16 · Unfortunately, we have no (DH-type) protocol which is secure in the seCK model](https://reader033.vdocuments.net/reader033/viewer/2022050310/5f72545c6e3465024918266c/html5/thumbnails/8.jpg)
SMQV protocol (resilient to atk 1)
8
a
x A
X = gx
Y
D=H1(X,Y,A,B), E=H1(Y,X,A,B)
ExpA=Dx+a
SigA=(YEKB)ExpA
D=H1(X,B), E=H1(Y,A) HMQV SMQV
ExpA=x+Da
SigA=(YKBE)ExpA
binding D and E by EPK of peer
ExpA is not reusable since D is unique for a session.
binding D and E by EPK of peer
![Page 9: Chosen Ciphertext Secure Public Key Encryption …fais.jsiam.org/doc/20110916-yoneyama.pdf2011/09/16 · Unfortunately, we have no (DH-type) protocol which is secure in the seCK model](https://reader033.vdocuments.net/reader033/viewer/2022050310/5f72545c6e3465024918266c/html5/thumbnails/9.jpg)
Our motivation
seCK model is considerably strong model. – But, only SMQV is proved to be secure.
9
Is there seCK secure protocol other than SMQV?
Are there explicit vulnerabilities in
‘insecure’ schemes?
![Page 10: Chosen Ciphertext Secure Public Key Encryption …fais.jsiam.org/doc/20110916-yoneyama.pdf2011/09/16 · Unfortunately, we have no (DH-type) protocol which is secure in the seCK model](https://reader033.vdocuments.net/reader033/viewer/2022050310/5f72545c6e3465024918266c/html5/thumbnails/10.jpg)
This work
10
Security classification of previous (Diffie-Hellman type) AKE in the seCK model. – SMQV was stated to be secure... but, proof is flawed! – There is no known secure scheme!
Secure Hard to prove Insecure Total break
none SMQV
FHMQV NAXOS
MQV HMQV
Kim-Fujioka-Ustaoglu KEA+
CMQV UP
Fujioka-Suzuki Okamoto
Moriyama-Okamoto
![Page 11: Chosen Ciphertext Secure Public Key Encryption …fais.jsiam.org/doc/20110916-yoneyama.pdf2011/09/16 · Unfortunately, we have no (DH-type) protocol which is secure in the seCK model](https://reader033.vdocuments.net/reader033/viewer/2022050310/5f72545c6e3465024918266c/html5/thumbnails/11.jpg)
Outline
Introduction – DH-type AKE – Security models
SMQV revisited – Original proof strategy for ICR reveal – Proof error
Classification
11
![Page 12: Chosen Ciphertext Secure Public Key Encryption …fais.jsiam.org/doc/20110916-yoneyama.pdf2011/09/16 · Unfortunately, we have no (DH-type) protocol which is secure in the seCK model](https://reader033.vdocuments.net/reader033/viewer/2022050310/5f72545c6e3465024918266c/html5/thumbnails/12.jpg)
Strategy of original proof
Giving reduction to the gap DH assumption in the random oracle model. Most subtle point is to simulate the case (event E) that U and V are embedded to X and KB.
12
gap DH problem
Sim (g, U=gu, V=gv)
guv
DDH
![Page 13: Chosen Ciphertext Secure Public Key Encryption …fais.jsiam.org/doc/20110916-yoneyama.pdf2011/09/16 · Unfortunately, we have no (DH-type) protocol which is secure in the seCK model](https://reader033.vdocuments.net/reader033/viewer/2022050310/5f72545c6e3465024918266c/html5/thumbnails/13.jpg)
Simulation of event E
Sim must simulate ICR of B without knowing b.
13
Sim
X’
X’=(grU-1)D-1 r,D ∈R Zp
Z
KB=U KP P
ExpB (=Dx’+b) = r
SigB=(ZEKP)ExpB=(ZEKP)r
set D = H1(X’, ∗, B, P)
Seemingly it works correctly
Adv
(X’, Z, B, P) to H1
D
![Page 14: Chosen Ciphertext Secure Public Key Encryption …fais.jsiam.org/doc/20110916-yoneyama.pdf2011/09/16 · Unfortunately, we have no (DH-type) protocol which is secure in the seCK model](https://reader033.vdocuments.net/reader033/viewer/2022050310/5f72545c6e3465024918266c/html5/thumbnails/14.jpg)
An attack scenario (atk 2)
14
Sim
X1’ P1
Adv {(X’, Zij, B, P)} to H1
{Dij}
PN
XN’
Z10, Z11, ... , ZN0, ZN1 ∈R G
Z1j1
Z1j1
j1, ..., jN ∈R {0,1}
Znjn
ZNjN ICR reveal
1)
2) 3)
4)
5)
![Page 15: Chosen Ciphertext Secure Public Key Encryption …fais.jsiam.org/doc/20110916-yoneyama.pdf2011/09/16 · Unfortunately, we have no (DH-type) protocol which is secure in the seCK model](https://reader033.vdocuments.net/reader033/viewer/2022050310/5f72545c6e3465024918266c/html5/thumbnails/15.jpg)
Possible strategy to atk 2
Sim must fix Di for Xi = (griU-1)Di-1 before knowing Ziji. – But, Sim cannot know whether Di should be set as H1(X’,
Zi0, B, P) or H1(X’, Zi1, B, P). – So, Sim must guess ji for all i.
If one of N guesses is failed, the simulation is failed. – Pr[Sim succeeds] ≤ 1/2N
15
negligible!
SMQV is not proved to be secure in the seCK model
![Page 16: Chosen Ciphertext Secure Public Key Encryption …fais.jsiam.org/doc/20110916-yoneyama.pdf2011/09/16 · Unfortunately, we have no (DH-type) protocol which is secure in the seCK model](https://reader033.vdocuments.net/reader033/viewer/2022050310/5f72545c6e3465024918266c/html5/thumbnails/16.jpg)
Outline
Introduction – DH-type AKE – Security models – SMQV protocol
SMQV revisited – Original proof strategy for ICR reveal – Proof error
Classification
16
![Page 17: Chosen Ciphertext Secure Public Key Encryption …fais.jsiam.org/doc/20110916-yoneyama.pdf2011/09/16 · Unfortunately, we have no (DH-type) protocol which is secure in the seCK model](https://reader033.vdocuments.net/reader033/viewer/2022050310/5f72545c6e3465024918266c/html5/thumbnails/17.jpg)
Classifying security levels
‘Secure’: provable in the seCK model ‘Hard to prove’: way to prove is unknown as SMQV (no explicit attack) ‘Insecure’: existence of explicit attack to break session key security ‘Total break’: existence of explicit attack to reveal SSK
17
![Page 18: Chosen Ciphertext Secure Public Key Encryption …fais.jsiam.org/doc/20110916-yoneyama.pdf2011/09/16 · Unfortunately, we have no (DH-type) protocol which is secure in the seCK model](https://reader033.vdocuments.net/reader033/viewer/2022050310/5f72545c6e3465024918266c/html5/thumbnails/18.jpg)
Classification result
There is no ‘secure’ scheme. Some schemes fall into ‘total break’.
18
Secure Hard to prove Insecure Total break
none SMQV
FHMQV NAXOS
MQV HMQV
Kim-Fujioka-Ustaoglu KEA+
CMQV UP
Fujioka-Suzuki Okamoto
Moriyama-Okamoto
![Page 19: Chosen Ciphertext Secure Public Key Encryption …fais.jsiam.org/doc/20110916-yoneyama.pdf2011/09/16 · Unfortunately, we have no (DH-type) protocol which is secure in the seCK model](https://reader033.vdocuments.net/reader033/viewer/2022050310/5f72545c6e3465024918266c/html5/thumbnails/19.jpg)
Revealing SSK of UP with ICR
19
A X = gx
Y = gy
ExpA1 = x+a, ExpA2 = x+Da SigA1 = (YKB
E)ExpA1, SigA2 = (YKBE)ExpA2
Adv ICR reveal
(ExpA2 – ExpA1)D-1 = a
D=H1(X), E=H1(Y)
UP
SSK of A
![Page 20: Chosen Ciphertext Secure Public Key Encryption …fais.jsiam.org/doc/20110916-yoneyama.pdf2011/09/16 · Unfortunately, we have no (DH-type) protocol which is secure in the seCK model](https://reader033.vdocuments.net/reader033/viewer/2022050310/5f72545c6e3465024918266c/html5/thumbnails/20.jpg)
Conclusion
Unfortunately, we have no (DH-type) protocol which is secure in the seCK model. – We guess that two-move and implicitly authenticated
protocol is hard or impossible to prove. – Explicit authenticated or three-move protocol may be
possible. Be careful with multiple sessions. – Frequently, adversaries can do complex attack
scenarios with information of multiple sessions.
20
![Page 21: Chosen Ciphertext Secure Public Key Encryption …fais.jsiam.org/doc/20110916-yoneyama.pdf2011/09/16 · Unfortunately, we have no (DH-type) protocol which is secure in the seCK model](https://reader033.vdocuments.net/reader033/viewer/2022050310/5f72545c6e3465024918266c/html5/thumbnails/21.jpg)
フォーマルメソッドの導入に向けて
今回は人力で証明ミスと攻撃を発見した. – 自動化できたら嬉しい(FAIS研究会的には)
1つの方向性:Scytherの利用 – Cas Cremers作成の解析フレームワーク・ツール – ICRやESKの漏洩をモデル化可能 – ∃記号モデルでの攻撃 ⇒ ∃計算論モデルでの攻撃
21
![Page 22: Chosen Ciphertext Secure Public Key Encryption …fais.jsiam.org/doc/20110916-yoneyama.pdf2011/09/16 · Unfortunately, we have no (DH-type) protocol which is secure in the seCK model](https://reader033.vdocuments.net/reader033/viewer/2022050310/5f72545c6e3465024918266c/html5/thumbnails/22.jpg)
Thank you!
22
![Page 23: Chosen Ciphertext Secure Public Key Encryption …fais.jsiam.org/doc/20110916-yoneyama.pdf2011/09/16 · Unfortunately, we have no (DH-type) protocol which is secure in the seCK model](https://reader033.vdocuments.net/reader033/viewer/2022050310/5f72545c6e3465024918266c/html5/thumbnails/23.jpg)
Ephemeral Key Leakage
Ephemeral secret key (ESK) – Temporary and session-specific randomness
Reveal of ephemeral secret key
23
e.g.) Diffie-Hellman (DH) key exchange
x ←R Zp gx
poor pseudo-random generator
physical attacks (e.g., cold boot
attacks)
![Page 24: Chosen Ciphertext Secure Public Key Encryption …fais.jsiam.org/doc/20110916-yoneyama.pdf2011/09/16 · Unfortunately, we have no (DH-type) protocol which is secure in the seCK model](https://reader033.vdocuments.net/reader033/viewer/2022050310/5f72545c6e3465024918266c/html5/thumbnails/24.jpg)
Two implementation modes
24
Host machine Tamper-proof
module I/F ESK SSK
EPK
SPK
EPK’ EPK’
ESK
SK SK
Host machine Tamper-proof
module I/F SSK
EPK
SPK
EPK’ EPK’
ESK
EPK
Mode I Mode II
EPK
Exp
Sig
Exp
SK
Exp
Sig