Practical and Provably Secure Onion Routing · 2012-07-16 · Practical and Provably Secure Onion...

Michael BackesSaarland University

MPI-SWS

Aniket KateMPI-SWS

Ian GoldbergUniversity of Waterloo

Esfandiar MohammadiSaarland University

Practical and Provably Secure Onion Routing[IEEE CSF '12]

Practical and Provably Secure OR - Esfandiar Mohammadi

Anonymous Web Browsing

GoogleAliceAIDS

Insurance

GoogleAliceAIDS

Insurance

We should talk.

What happened now?

GoogleAliceAIDS

Insurance

We should talk.

What happened now?

Next time I anonymize my search via Tor.

GoogleAliceAIDS

Insurance

We should talk.

anonymizing

• established system for anonymous web browsing• But: analyzing Tor is challenging

Anonymous Web Browsing: Tor

anonymizing

Tor: An Onion Routing Network

Anonymity against a malicious server

Phase 1: Establish Circuit

1cid3cid

Phase 2: Send message

E(k1,E(k2,E(k3,E(k4, m))))

1cid3cid

cid ||1

E(k1,E(k2,E(k3,E(k4, m))))

1cid3cid

cid ||1

E(k2,E(k3,E(k4, m)))

1cid3cid

cid ||2

E(k3,E(k4, m))

1cid3cid

cid ||3

E(k4, m)

1cid3cid

cid ||4

1cid3cid

• analyzing tor is difficult

• typical approach– abstract OR as a black-box

• analyzing tor is difficult

• typical approach– abstract OR as a black-box

But does such a black-box abstraction capture all attacks?

Our Contribution

• We introduce a comprehensive black-box for onion routing

– We bridge the gap between a known black-box abstraction and the onion routing (OR) protocol

• Our result even holds in the presence of universal composability (UC)

• We apply our result by introducing a definition for forward secrecy– We make a first step towards proving forward secrecy

Our Contribution

UC ➡ Timing attacks are not covered

Outline

• Recall UC

• Discussing our Black-Box

• Challenges with the current Tor protocol

• Main Result & Applications

Universal Composability

callingprotocol

protocol P

callingprotocol

Attacker models:• Compromised protocol parties• Compromised network links

callingprotocol

Trusted Party(black-box)

computing the result of Pmodelling honest parties

callingprotocol

protocol P

callingprotocol

Comparing two worlds

callingprotocol

protocol P

callingprotocol

∀ ∃

callingprotocol

protocol P

callingprotocol

protocol P

∀ ∃

protocol P

∃∀ ∀

protocol P

∃∀ ∀

b*b x := (U,S)(1-b)*b x := (-,S)b*(1-b) x := (U,-)(1-b)*(1-b) x := (-,-)

Suser with probability

xattacker

b : fraction of compromised nodes

An elegant black-box for OR

by Feigenbaum, Johnson, and Syverson (to appear in TISSec)

xattacker

b : fraction of compromised nodes Why is this not sufficient?

• abstraction is sound if no circuit is reused

xattacker

b : fraction of compromised nodes Why is this not sufficient?

How does the simulation work?

The simulator

Establish a fresh circuit CSend 0 to S over C

with probabilityb*b x := (U,S)(1-b)*b x := (-,S)b*(1-b) x := (U,-)(1-b)*(1-b) x := (-,-)

Reusing Circuits

This circuit has been reused.

Reusing Circuits

If h = - draw a fresh handle helse check whether h is valid

b*b x := (h,U,S,m)(1-b)*b x := (h,-,S,m)b*(1-b) x := (h,U,-)(1-b)*(1-b) x := (h,-,-)

Reusing Circuits (Overapproximation)

(S, m, h)user

with probabilityx

attacker

b : fraction of compromised nodesm 1m 2

This circuit has

been reused

The simulator

(h,-,S,m)

(S,m,h)

If h is not known establish a circuit Celse look up CSend m to S over C

with probability

The simulator

(h,-,S,m)

(S,m,h)

If h is not known establish a circuit Celse look up CSend m to S over C

with probability

Drawback: we leak the reusage of a circuit via h

draw a random circuitdraw a handle (h,P,Q) for every ciphertext between P,Qleak these handles

Reusing Circuits (tighter)

attacker

S m 1m 2

This circuit has

been reused

A different Corruption Scenario

This circuit has been reused

The simulator

(h,P1,P2,P3)

Black-box

E(k2,E(k3, 0l))

The simulator

(h,P1,P2,P3)

Black-box

E(k2,E(k3, 0l))

The simulator

(h,P1,P2,P3)

Black-box

E(k3, 0l)

The simulator

(h,P1,P2,P3)

Black-box

E(k3, 0l)

The simulator

(h,P1,P2,P3)

Black-box

The simulator

(h,P1,P2,P3)

Black-box

The simulator

(h,P1,P2,P3)

(m,P3,P4,S)

Black-box

E(k4, m))

The simulator

(h,P1,P2,P3)

(m,P3,P4,S)

Black-box

E(k4, m))

The simulator

(h,P1,P2,P3)

(m,P3,P4,S)

Black-box

The simulator

(h,P1,P2,P3)

(m,P3,P4,S)

Black-box

Our Black-Box

• Allows reusing circuits– Performs circuit construction– Maintains circuits

– Draws a fresh handle for every ciphertext

Are we done?

• How to prove circuit creation secure?– Goldberg, Stebila, and Ustaoglu introduced an efficient &

secure one-way AKE [DCC].– Perfectly suited for our proof.

Are we done?

• For non-malleable encryption schemes that's it.

Are we done?

• But Tor uses the malleable detCTR scheme:

Are we done?

• But Tor uses the malleable detCTR scheme:

Are we done?

E(k, m)⊕ c = E(k, m⊕ c)

E(k1,E(k2,E(k3,E(k4, m))))

A Problem with Malleability

E(k1,E(k2,E(k3,E(k4, m))))

E(k2,E(k3,E(k4, m)))

E(k2,E(k3,E(k4, m)))⊕ c

E(k2,E(k3,E(k4, m⊕ c)))

E(k3,E(k4, m⊕ c))

E(k4, m⊕ c)

m⊕ c

Recall what we have to prove

protocol P

∃∀ ∀

(h,P1,P2,P3)

Black-box

E(k2,E(k3, 0l))

(h,P1,P2,P3)

Black-box

E(k2,E(k3, 0l))

(h,P1,P2,P3)

Black-box

(h,P1,P2,P3)

Black-boxE(k2,E(k3, 0l))⊕ c

E(k2,E(k3, 0l ⊕ c))

(h,P1,P2,P3)

Black-box

E(k3, 0l ⊕ c)

(h,P1,P2,P3)

Black-box

E(k3, 0l ⊕ c)

(h,P1,P2,P3)

Black-box

(h,P1,P2,P3)

(m,P3,P4,S)

Black-box

E(k4, m))

(h,P1,P2,P3)

(m,P3,P4,S)

Black-box

E(k4, m))

(h,P1,P2,P3)

(m,P3,P4,S)

Black-box

m �=m⊕ c

(h,P1,P2,P3)

(m,P3,P4,S)

Black-box

Predictable Malleability

• It turns out:We can predict the changes in the plaintext.

• There is a poly-time S and T s.t.

S(w,w') = T and T(m) = D(k,w')

• Generalized: Predictable Malleabilityfor stateful encryption schemes (details in the paper)

➡ Remedy: black-box additionally allows the simulator to send a transformation T

(h,P1,P2,P3)

Black-box

E(k2,E(k3, 0l))

(h,P1,P2,P3)

Black-box

E(k2,E(k3, 0l))

(h,P1,P2,P3)

Black-box

(h,P1,P2,P3)

Black-boxE(k2,E(k3, 0l))⊕ c

E(k2,E(k3, 0l ⊕ c))

(h,P1,P2,P3)

Black-box

E(k3, 0l ⊕ c)

(h,P1,P2,P3)

Black-box

E(k3, 0l ⊕ c)

T(m) := m⊕ c

(h,P1,P2,P3)

Black-box

(h, T)

T(m) := m⊕ c

(h,P1,P2,P3)

(T(m),P3,P4,S)

Black-box

(h, T)

T(m) := m⊕ c

(h,P1,P2,P3)

(T(m),P3,P4,S)

Black-box

(h, T)

T(m) := m⊕ c

E(k4, m⊕ c)

(h,P1,P2,P3)

(T(m),P3,P4,S)

Black-box

(h, T)

T(m) := m⊕ c

(h,P1,P2,P3)

(T(m),P3,P4,S)

Black-box

(h, T)

m⊕ c

Our main result

• The Tor protocol – allowing to reuse circuits– with a strengthened integrity check

– with secure one-way AKE– against (partially) global active attackers

(details in the paper)

• realizes our black-box

Applications of this result

• For the OR anonymity analysis of Feigenbaum, Johnson, and Syverson– we show the exact conditions under which their result

applies.

• We did a first step towards proving forward secrecy

Future Work

• Incorporate timing attacks into the analysis

• Is a black-box leaking the reusage of a circuit useful?• Implications of removing the TLS link between routers

– the circuit ids are leaked to a network attacker

• Predictable malleability might be a useful notion for simulation-based proofs– e.g., for protocols that use efficient but malleable stream

ciphers

If h = - then draw a fresh handle h

Recall the elegant Overapproximation

(S, m, h)user

with probabilityx

attacker

m 1m 2

I know this routeb : fraction of compromised nodes

Future Work

• Incorporate timing attacks into the analysis

• Is a black-box leaking the reusage of a circuit useful?• Implications of removing the TLS link between routers

– the circuit ids are leaked to a network attacker

• Predictable malleability might be a useful notion for simulation-based proofs– e.g., for protocols that use efficient but malleable stream

ciphers

Thank you!

Questions?

Practical and Provably Secure Onion Routing · 2012-07-16 · Practical and Provably Secure Onion...

Documents

Transcript of Practical and Provably Secure Onion Routing · 2012-07-16 · Practical and Provably Secure Onion...

Strong and Provably Secure Database Access Control - arXiv · arXiv:1512.01479v2 [cs.CR] 18 Jan 2016 Strong and Provably Secure Database Access Control Marco Guarnieri Institute of

Provably Secure Cryptography: State of the Art and Industrial Applications · 2005-09-16 · Provably Secure Cryptography: State of the Art and Industrial Applications Outline Outline

Provably Secure Identity-Based Identification Schemes and Transitive Signatures

Snow White: Provably Secure Proofs of Stake · Snow White: Provably Secure Proofs of Stake Iddo Bentov Rafael Pass Elaine Shi Cornell, CornellTech, Initiative for Crypto-Currency

Provably Secure and Practical Quantum Key Distribution ... › pdf › 1407.7427v1.pdfProvably Secure and Practical Quantum Key Distribution over 307 km of Optical Fibre Boris Korzh,

Efﬁcient and Provably Secure Methods for Switching from ... · PDF fileEfﬁcient and Provably Secure Methods for Switching from Arithmetic to Boolean Masking Blandine Debraize Leuven,

Provably Secure Crossdomain Multifactor Authentication ...

Provably Secure ID-based Broadcast Signcryption (IBBSC) Scheme · Provably Secure ID-based Broadcast Signcryption (IBBSC) Scheme 5 1. Unique Unsigncryptability. Given a message m

Provably Secure Three-Party Authenticated Quantum Key Distribution Protocols

Provably Secure and Practical Onion Routing

Provably secure identity-based identification and ...

3C - A Provably Secure Pseudorandom Function and Message ...

Provably Secure Competitive Routing against …...Provably Secure Competitive Routing against Proactive Byzantine Adversaries via Reinforcement Learning Baruch Awerbuch, David Holmer,

Efficient and Provably Secure Certificateless Aggregate ... · Efficient and Provably Secure Certificateless Aggregate Signature Scheme from Bilinear Pairings N. B. Gayathri 1, P

A Practical and Provably Secure Coalition-Resistant Group …gts/paps/acjt00.pdf · 2000. 5. 31. · A Practical and Provably Secure Coalition-Resistant Group Signature Scheme Giuseppe

GHB#: A Provably Secure HB-like Lightweight Authentication Protocol

A provably secure secret handshake with dynamic controlled matching

Provably Secure Threshold Password-Authenticated …...Provably Secure Threshold Password-Authenticated Key Exchange Mario Di Raimondo⁄ Rosario Gennaroy April 12, 2003 Abstract We

Ouroboros: A Provably Secure Proof-of-Stake Blockchain ... · Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol Aggelos Kiayias1†, Alexander Russell2‡, Bernardo

Provably Secure Password Reset Protocol: Model, De nition ... · Provably Secure Password Reset Protocol: Model, De nition, and Generic Construction Satsuya Ohata1;2, Takahiro Matsuda2,