CTRL-PACE : Controlled Randomness for e-Passport Password Authentication

Hanzlik, Lucjan; Kluczniak, Kamil; Kutyłowski, Mirosław

doi:10.3233/FI-2019-1849

Artykuł - szczegóły

Tytuł artykułu

CTRL-PACE : Controlled Randomness for e-Passport Password Authentication

Autorzy

Hanzlik Lucjan , Kluczniak Kamil , Kutyłowski Mirosław

Wybrane pełne teksty z tego czasopisma

https://fi.episciences.org/

Identyfikatory

DOI

10.3233/FI-2019-1849

Warianty tytułu

Języki publikacji

Abstrakty

Security of many cryptographic protocols is conditioned by the quality of the random elements generated in the course of the protocol execution. On the other hand, cryptographic devices implementing these protocols are designed given technical limitations, usability requirements and cost constraints. This frequently results in a black box solution. Unfortunately, black box random number generators may enable creating backdoors for stealing signing keys, breaking authentication protocols and encrypted communication. In this paper we deal with this problem and extend our approach proposed during MYCRYPT’2016. The solution discussed is generating random parameters so that: (a) the protocols are backwards compatible (a user gets additional data that can be simply ignored), (b) verification of randomness might be executed any time without notice, so a device is forced to behave honestly, (c) the solution makes almost no intrusion in the existing protocols and is easy to implement, (d) the owner of a cryptographic device becomes secured against its designer and manufacturer that may even predict the output of the generator. In this paper we focus on a case when Diffie-Hellman protocol is executed for a generator that itself is a secret – this case has not been solved in our paper from MYCRYPT’2016. On the other hand, exactly this case occurs for the PACE protocol from the ICAO standard specifying electronic travel documents. For the sake of the proof we develop a framework of nested security games that aims to enable security proofs of modified protocols without redoing the proofs designed for their original versions.

Słowa kluczowe

cryptographic device pseudorandom number generator backdoor provable security security game PACE Diffie-Hellman key exchange

Wydawca

IOS Press

Czasopismo

Fundamenta Informaticae

Rocznik

2019

Tom

Vol. 169, nr 4

Strony

295--330

Opis fizyczny

Bibliogr. 23 poz., rys., tab.

Twórcy

autor

Hanzlik Lucjan

lucjan.hanzlik@stanford.edu

Stanford University and CISPA Helmholtz Center for Information Security, 353 Serra Mall, Stanford, CA 94305, USA

autor

Kluczniak Kamil

kamil.kluczniak@cispa.saarland

CISPA Helmholtz Center for Information Security, Stuhlsatzenhaus 5, Saarland Informatics Campus, 66123 Saarbrucken, Germany

autor

Kutyłowski Mirosław

miroslaw.kutylowski@pwr.edu.pl

Wrocław University of Science and Technology, Department of Computer Science, Faculty of Fundamental Problems of Technology, Wybrzeże Wyspiańskiego 27, 50-370 Wrocław, Poland

Bibliografia

[1] Micali S, Rabin MO, Vadhan SP. Verifiable Random Functions. In: 40th Annual Symposium on Foundations of Computer Science, FOCS ’99, 17-18 October, 1999, New York, NY, USA. IEEE Computer Society. ISBN 0-7695-0409-4, 1999 pp. 120-130. doi:10.1109/SFFCS.1999.814584. URL https://doi.org/10.1109/SFFCS.1999.814584.
[2] Young AL, Yung M. Malicious cryptography-exposing cryptovirology. Wiley, 2004. ISBN 978-0-7645-4975-5.
[3] Shumow D, Ferguson N. On the Possibility of a Back Door in the NIST SP800-90 Dual Ec Prng. CRYPTO rump session presentation, 2007. URL http://rump2007.cr.yp.to/15-shumow.pdf.
[4] King C. Dual_EC_DRBG output using untrusted curve constants may be predictable. http://www.kb.cert.org/vuls/id/274923, 2013.
[5] Checkoway S, Fredrikson M, Niederhagen R, Green M, Lange T, Ristenpart T, Bernstein DJ, Maskiewicz J, Shacham H. On the Practical Exploitability of Dual EC DRBG in TLS Implementations. 2014. URL http://dualec.org/DualECTLS.pdf.
[6] Cohney SN, Green MD, Heninger N. Practical State Recovery Attacks against Legacy RNG Implementations. In: Lie D, Mannan M, Backes M, Wang X (eds.), Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, Toronto, ON, Canada, October 15-19, 2018. ACM. ISBN 978-1-4503-5693-0, 2018 pp. 265-280. doi:10.1145/3243734.3243756. URL http://doi.acm.org/10.1145/3243734.3243756.
[7] Ruhault S. SoK: Security Models for Pseudo-Random Number Generators. IACR Trans. Symmetric Cryptol., 2017. 2017(1):506-544. doi:10.13154/tosc.v2017.i1.506-544. URL https://doi.org/10.13154/tosc.v2017.i1.506-544.
[8] Dodis Y, Ganesh C, Golovnev A, Juels A, Ristenpart T. A Formal Treatment of Backdoored Pseudorandom Generators. In: Oswald E, Fischlin M (eds.), Advances in Cryptology - EUROCRYPT 2015 - 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26-30, 2015, Proceedings, Part I, volume 9056 of Lecture Notes in Computer Science. Springer. ISBN 978-3-662-46799-2, 2015 pp. 101-126. doi:10.1007/978-3-662-46800-5n\_5. URL https://doi.org/10.1007/978-3-662-46800-5\_5.
[9] Degabriele JP, Paterson KG, Schuldt JCN, Woodage J. Backdoors in Pseudorandom Number Generators: Possibility and Impossibility Results. In: Robshaw M, Katz J (eds.), Advances in Cryptology – CRYPTO 2016 - 36th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 14-18, 2016, Proceedings, Part I, volume 9814 of Lecture Notes in Computer Science. Springer. ISBN 978-3-662-53017-7, 2016 pp. 403-432. doi:10.1007/978-3-662-53018-4n\_15. URL https://doi.org/10.1007/978-3-662-53018-4\_15.
[10] Hanzlik L, Kluczniak K, Kutyłowski M. Controlled Randomness - A Defense Against Backdoors in Cryptographic Devices. In: Phan RC, Yung M (eds.), Paradigms in Cryptology - Mycrypt 2016. Malicious and Exploratory Cryptology - Second International Conference, Mycrypt 2016, Kuala Lumpur, Malaysia, December 1-2, 2016, Revised Selected Papers, volume 10311 of Lecture Notes in Computer Science. Springer. ISBN 978-3-319-61272-0, 2016 pp. 215-232. doi:10.1007/978-3-319-61273-7_11. URL https://doi.org/10.1007/978-3-319-61273-7_11.
[11] BSI. Advanced Security Mechanisms for Machine Readable Travel Documents and eIDAS Token 2.20. Technical Guideline TR-03110-2, 2015. URL https://www.bsi.bund.de/EN/Publications/TechnicalGuidelines/TR03110/BSITR03110-eIDAS_Token_Specification.html.
[12] Bender J, Fischlin M, Kügler D. Security Analysis of the PACE Key-Agreement Protocol. In: Samarati P, Yung M, Martinelli F, Ardagna CA (eds.), ISC, volume 5735 of Lecture Notes in Computer Science. Springer. ISBN 978-3-642-04473-1, 2009 pp. 33-48.
[13] ISO/IEC JTC1 SC17 WG3/TF5 for the International Civil Aviation Organization. Supplemental Access Control for Machine Readable Travel Documents v1.1. Technical Report, 2014.
[14] Durgin N, Lincoln P, Mitchell J, Scedrov A. Multiset Rewriting and the Complexity of Bounded Security Protocols. J. Comput. Secur., 2004. 12(2):247-311. URL http://dl.acm.org/citation.cfm?id=1017273.1017276.
[15] Blanchet B, Pointcheval D. Automated Security Proofs with Sequences of Games. In: Dwork C (ed.), Advances in Cryptology - CRYPTO 2006, 26th Annual International Cryptology Conference, Santa Barbara, California, USA, August 20-24, 2006, Proceedings, volume 4117 of Lecture Notes in Computer Science. Springer. ISBN 3-540-37432-9, 2006 pp. 537-554. doi:10.1007/11818175\_32. URL https://doi.org/10.1007/11818175\_32.
[16] Shoup V. Sequences of games: a tool for taming complexity in security proofs. IACR Cryptology ePrint Archive, 2004. 332.
[17] Abdalla M, Fouque P, Pointcheval D. Password-Based Authenticated Key Exchange in the Three-Party Setting. In: Vaudenay S (ed.), Public Key Cryptography - PKC 2005, 8th International Workshop on Theory and Practice in Public Key Cryptography, Les Diablerets, Switzerland, January 23-26, 2005, Proceedings, volume 3386 of Lecture Notes in Computer Science. Springer. ISBN 3-540-24454-9, 2005 pp. 65-84. doi:10.1007/978-3-540-30580-4\_6. URL https://doi.org/10.1007/978-3-540-30580-4\_6.
[18] Blanchet B. CryptoVerif: Cryptographic protocol verifier in the computational model. white paper, 2017. URL http://prosecco.gforge.inria.fr/personal/bblanche/cryptoverif/.
[19] Hanzlik L, Krzywiecki Ł, Kutyłowski M. Simplified PACE|AA Protocol. In: Deng RH, Feng T (eds.), ISPEC, volume 7863 of Lecture Notes in Computer Science. Springer. ISBN 978-3-642-38032-7, 2013 pp. 218-232.
[20] ICAO. Machine Readable Travel Documents - Part 11: Security Mechanism for MRTDs. Doc 9303, 2015.
[21] Bender J, Fischlin M, Kügler D. Security Analysis of the PACE Key-Agreement Protocol. IACR Cryptology ePrint Archive, 2009. 2009:624. URL http://eprint.iacr.org/2009/624.
[22] Goyal V, O’Neill A, Rao V. Correlated-Input Secure Hash Functions. In: Ishai Y (ed.), TCC, volume 6597 of Lecture Notes in Computer Science. Springer. ISBN 978-3-642-19570-9, 2011 pp. 182-200. doi:10.1007/978-3-642-19571-6. URL http://dx.doi.org/10.1007/978-3-642-19571-6.
[23] Hanzlik L, Kubiak P, Kutyłowski M. Stand-by Attacks on e-ID Password Authentication. In: Lin D, Yung M, Zhou J (eds.), Information Security and Cryptology - 10th International Conference, Inscrypt 2014, Beijing, China, December 13-15, 2014, Revised Selected Papers, volume 8957 of Lecture Notes in Computer Science. Springer. ISBN 978-3-319-16744-2, 2014 pp. 475-495. doi:10.1007/978-3-319-16745-9_26. URL https://doi.org/10.1007/978-3-319-16745-9_26.

Uwagi

Opracowanie rekordu w ramach umowy 509/P-DUN/2018 ze środków MNiSW przeznaczonych na działalność upowszechniającą naukę (2019).

Typ dokumentu

Bibliografia

Identyfikator YADDA

bwmeta1.element.baztech-da69be2c-9f77-4dc8-9f13-b8ddedad745d