Upload
ryan-holt
View
28
Download
0
Tags:
Embed Size (px)
Citation preview
A SECURE MOBILE MESSAGING APPLICATION USING IDENTITY-BASED ENCRYPTIONMaster’s Thesis Presentationby
Ryan Holt
Metropolitan State UniversityApril 24, 2015
04/15/2023
2
OUTLINE
Introduction
Background Concepts (IBE, ECC, and the PBC library)
Project Design and Implementation
User Experience and Application Performance
Conclusion
04/15/2023
5
INTRODUCTION (CONT.)
National Security Agency (NSA) Collect-it-all policy on electronic communications
Legal interpretation of the Patriot Act
Use information collected without a warrant
Bulk collection of domestic call records
Internet communication
Retain data for up to five years
Discretion on surveillance lies directly with its own analysts
Power to compel telecoms to turn over communications on any individual identified by the NSA
04/15/2023
6
INTRODUCTION (CONT.)
Google Automated systems analyze your data
Email, device and location information, local storage
Customized search results and targeted advertising
Share aggregated, non-personally identifiable information publicly and with publishers, advertisers and other websites
Give up your personal information upon governmental request, leaving you vulnerable to law enforcement requests or civil subpoenas
May not immediately delete residual data from servers
May not ever remove information from their backup systems
04/15/2023
7
INTRODUCTION (CONT.)
Social apps and cloud technologies provide unprecedented levels of collaboration, information sharing and data analytics.
Problem: Personal data collected can be exploited by corporations, government, and hackers
Major Culprit: Popular yet insecure messaging applications
Solution: Advanced encryption techniques with simple implementations
04/15/2023
8
SECURITY ISSUES IN MOBILE NETWORKS
Eavesdropping
Denial-of-Service (DoS)
Flow disruption
Signaling attacks
Resource exhaustion
NORSE |map.ipviking.com
04/15/2023
9
STATE OF THE ART
Security vs Usability
Most popular instant messaging apps are easy to use but communication is generally sent over insecure channels
Complexities with installation and configuration of secure applications, and setting up accounts. Difficulty verifying users’ authenticity, or using the applications correctly
$600 billion est. value of mobile payments in
2015Electronic Frontier Foundation | eff.org/secure-messaging-scorecard
04/15/2023
10
PROJECT GOALS
This project has three main goals:
1. Show, via a proof-of-concept, that Elliptic Curve Cryptography (ECC) is a viable security mechanism on modern mobile devices
2. Implement this security mechanism in a way that is user friendly Intuitive application user interface
Transparent security
3. Design a system that is modular and extensible Easy to create, extend, and maintain
Can be added as a security layer atop an existing system
04/15/2023
12
HISTORY OF IBE
Identity-Based Encryption (IBE) was first proposed by Adi Shamir in 1984 Simplify public key and certificate management in a Public Key Infrastructure (PKI)
Boneh and Franklin introduced the first functional Identity-Based Encryption scheme in 2001
Using groups with efficiently computable bilinear maps
Secure in the random oracle model
Became Stanford Pairing Based Cryptography (PBC) library
Boldyreva, Goyal, and Kumar came up with an efficient revocation scheme for IBE in 2008
Brent Waters came up with the first Hierarchical IBE (HIBE) scheme and an IBE system with short parameters in 2009
De Caro, Iovino, Persiano realized the first Anonymous HIBE protocol in 2010
04/15/2023
13
ELLIPTIC CURVES
Elliptic Curve: Formed by an equation of the form y2 = x3 + ax + b over a finite field of prime order q (x, y ∈ q)
Elliptic Curve Cryptography (ECC) is dependent on the Bilinear Diffie-Hellman (BDH) problem being hard to solve
Hard to sove = mathematical operations are fast to compute, but hard to reverse
For the BDH problem, this means finding gxy given g and the values of gx and gy
As of 2006, the most efficient solutions involve solving the discrete logarithm problem (DLP)
Find x given g and gx
04/15/2023
14
ELLIPTIC CURVES (CONT.)
Maps are also central to ECC One-way functions, meaning it is easy to
calculate their result given a pair of operands but hard to calculate the inverse
Bilinearity, non-degeneracy, and computability
Bilinear pairing Weil (pronounced vay) or Tate pairings.
Of these two, Tate pairing is typically faster
Pair(a ∙ X, b ∙ Y) = Pair(b ∙ X, a ∙ Y) Calculating a ∙ X is easy, and finding a given X
and a ∙ X, is hard
04/15/2023
15
IDENTITY-BASED ENCRYPTION
In an Identity-Based Encryption (IBE) scheme, the public key of a user may be an arbitrary string like an email address or other identifier
Messages are encrypted using a combination of the system master key and the id of the recipient
Users must go to a trusted party, Key Generation Server (KGS), and prove their identity in order to obtain a private key which will allow them to decrypt messages
04/15/2023
16
REVIEW OF ALGORITHMS AND THEIR CLASSIFICATIONS
The security strength of an IBE system is determined by the underlying algorithm, which, in turn, is determined by the bit-length of the parameters
Depending on system requirements, different curves and initialization parameters might be chosen.
Type Base Field Size (bits)
k Dlog security (bits) a 512 2 1024 dn n 6 6n e 1024 1 1024 f 160 12 1920 gn n 10 10n a1 1024 2 2048
Curves available in the PBC library
04/15/2023
17
REVIEW OF ALGORITHMS AND THEIR CLASSIFICATIONS (CONT.)
Supersingular curves Of the form y2 = x3 + x
As of 2007 there are no known weaknesses for (carefully selected) supersingular curves
Identity-Based Encryption is referenced in several Internet Engineering Task Force (IETF) draft standards
RFC 5091 - Identity-Based Cryptography Standard (IBCS) #1: Supersingular Curve Implementations of the BF and BB1 Cryptosystems
RFC 5408 - Identity-Based Encryption Architecture and Supporting Data Structures
Among others
04/15/2023
18
OTHER INTERESTING THINGS ABOUT IBE
Secure machine to machine (M2M) scheme in an Internet-of-Things (IoT)
Proxy Re-Encryption (PRE) Email forwarding
Distributed file systems
Digital Rights Management (DRM)
Attribute-Based Encryption (ABE) is a generalization of Fuzzy IBE
04/15/2023
19
NOTABLE IMPLEMENTATIONS
Stanford Pairing Based Cryptography (PBC) Library
MIRACL
HP Healthcare
Voltage security Secure plugins for MS Office
“HP acquires Voltage Security in Big Data encryption push” siliconangle.com February 2015
HP Security Voltage
04/15/2023
20
PROS AND CONS
Pros• Certificate-less
• No complex key management infrastructure
• Light-weight• Small cryptographic
parameters• Efficient
Cons• Key Escrow
• Key Generating Server has access to all private keys
• Key Revocation• efficient revocation
difficult
04/15/2023
21
WHY WAS IBE CHOSEN?
Few known mobile ECC
impls.No known IBE-based
instant messaging application
Leakage-resilient
ModularLight-weight
Small crypto params
Efficient
04/15/2023
22
WHY WAS JPBC CHOSEN?
The Java Pairing-Based Cryptography (JPBC) library was chosen as the IBE library because it is a Java implementation of the popular and reputable Stanford PBC library
04/15/2023
23
WHY WAS ANDROID CHOSEN?
Android ranked the top mobile platform on the market in 2014 76.6% of smartphones sold globally
#1 target for malicious hackers
Threats common to all mobile platforms
Free
Open-source
Java-based
Many quality development tools and frameworks available
04/15/2023
25
PROJECT OVERVIEW
A secure mobile messaging app that is exceptionally secure yet simple and intuitive to use
Provides: Encryption
Authentication
Deniability
Forward secrecy
Information protected in transit as well as at rest
Useful to anyone who would like to share their personal, financial, business, and health information with the assurance that it is secure
04/15/2023
26
PROJECT ARCHITECTURE
Amazon Web Services Elastic Compute Cloud (EC2)
Route 53
Servers: Ubuntu Server 14
Apache Tomcat Application Server
Apache Web Server
Prosody (XMPP)
Mobile Clients: Android
04/15/2023
28
DESIGN(CONT.)
{ "key":291933989, "ibeParams":{ "paramsString":"type a\nq 3027378209922339717047636864523197030585489211533016262964916585439053694462154817206416003461993685371839546061336658289802856950735628675952248692458219\nr 730751167114595186142829002853739519958614802431\nh 4142830482058732431415919191924235082116610057338942961450320218799606055344492881034903447809458196921620\nexp1 138\nexp2 159\nsign0 -1\nsign1 1\n",
https://auth.sageburner.com/service/getIBEParams?key=291933989
"pByteString":"Nth04o664fvLZK+jxLVE5atrhWMJTMx9l8Lq1xPBCS3LdK0rpbspAZxKQg9/yQMgy/68hA9dTnwkH1HQdYYn8zMXySawO+PzY2cPtpLVlcyHOUg1cgHue7xkQZfmhkrHl2O8Nh1344enuUckQx2YW5ICHq7UN+Psqny235ZR3rw=", "sByteString":"J6MDMS1QOOwkw+jPtqVIZEkwHQM=" }}
04/15/2023
31
IMPLEMENTATIONDETAILS (CONT.)
JPBC ‘Type a’ pairing
y2 = x3 + x over the finite field 𝔽q for some prime q = 3 mod 4
r = 160, q = 512, and k = 2
𝐸: elliptic curve over finite field over prime 𝔽q
q: field size of base-point ∈ (𝔽q)𝑃 𝐸 r: prime order of base-point ∈ (𝔽q) – r does not divide q𝑃 𝐸 k: embedding degree (multiplicative order of q mod r)
Security Level (in bits)
80 112 128
r 160 224 256q 512 1024 1536
RSA Key Size 1024 2048 3072
04/15/2023
40
CONCLUSION
A mobile user’s privacy is under constant threat of attack from numerous sources at any given time. Protecting personal and professional information in such a hostile environment is a continuous task and one of utmost importance. Taking on such a challenge requires having the right tools and empowering users to use them. Along with projects like Off-the-Record, TextSecure, and Crypto-Book, the secure messaging application developed here is one of those tools.