ICDCS‘08 WebIBC
-
Upload
zhi-guan -
Category
Technology
-
view
923 -
download
1
Transcript of ICDCS‘08 WebIBC
![Page 1: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/1.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
WebIBCIdentity Based Cryptography for Client Side
Security in Web Applications
Zhi Guan, Zhen Cao, Xuan Zhao, Ruichuan Chen, Zhong Chen, and Xianghao Nan
![Page 2: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/2.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Once upon a time ...
![Page 3: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/3.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Once upon a time ...
![Page 4: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/4.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Once upon a time ...
![Page 5: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/5.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Once upon a time ...
![Page 6: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/6.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Once upon a time ...
![Page 7: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/7.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Once upon a time ...
Strong Cryptography
![Page 8: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/8.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Now
![Page 9: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/9.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Now
![Page 10: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/10.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Now
![Page 11: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/11.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Now
![Page 12: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/12.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Now
![Page 13: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/13.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Now
![Page 14: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/14.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Now
![Page 15: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/15.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Now
![Page 16: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/16.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Web App Security & Privacy?
• User authentication
• SSL/TLS link encryption
![Page 17: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/17.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Web App Security & Privacy?
• User authentication
• SSL/TLS link encryption
What if servers do evil ?
![Page 18: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/18.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Web App Security & Privacy?
• User authentication
• SSL/TLS link encryption
What if servers do evil ?
No Security!
![Page 19: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/19.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Web App Security & Privacy?
• User authentication
• SSL/TLS link encryption
What if servers do evil ?
No Security!
No Privacy!
![Page 20: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/20.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Web App Security & Privacy?
• User authentication
• SSL/TLS link encryption
What if servers do evil ?
No Security!
No Privacy!
![Page 21: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/21.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Operating System
Web Browser
HTML &JavaScript
WebApp
![Page 22: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/22.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Operating System
Web Browser
HTML &JavaScript
WebApp
EFS, PGP
![Page 23: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/23.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Operating System
Web Browser
HTML &JavaScript
WebApp
EFS, PGP
Browser Plug-in
![Page 24: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/24.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Operating System
Web Browser
HTML &JavaScript
WebApp
EFS, PGP
Browser Plug-in
Here we are
![Page 25: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/25.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Challenges
• Private key: JavaScript can not read keys in local file system.
• Public key: acquire other’s public key or certificate is not easy for JavaScript programs in Web browser.
Private Key? Public Key?
![Page 26: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/26.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Limited Browser Capability
• HTML, CSS
• JavaScript
• AJAX
![Page 27: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/27.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Limited Browser Capability
• HTML, CSS
• JavaScript
• AJAX
Browser Plug-ins?
![Page 28: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/28.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Limited Browser Capability
• HTML, CSS
• JavaScript
• AJAX
Browser Plug-ins?
No!
![Page 29: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/29.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Our Goal
Strengthen Web Browser Security and PrivacyWithout Changing the Browser.
![Page 30: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/30.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Target
• Our solution: bring public key cryptography to Web browsers, include public key encryption and signature generation.
• All the cryptography operations and key usage are inside the browser and implemented in JavaScript and HTML only, require no plug-ins and provide “open source” guarantee.
![Page 31: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/31.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
The first Challenge
Public Key:
![Page 32: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/32.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
The first Challenge
Public Key:
Identity-Based Cryptography
![Page 33: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/33.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
PKG (Private Key Generator)
![Page 34: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/34.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
PKG (Private Key Generator)
Setup: generate master secret and public params
![Page 35: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/35.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
PKG (Private Key Generator)
Public Params
Setup: generate master secret and public params
![Page 36: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/36.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
PKG (Private Key Generator)
Public Params
Setup: generate master secret and public params
![Page 37: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/37.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
PKG (Private Key Generator)
Public Params
Setup: generate master secret and public params
![Page 38: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/38.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
PKG (Private Key Generator)
Public Params
Setup: generate master secret and public params
![Page 39: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/39.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
PKG (Private Key Generator)
Public Params
Setup: generate master secret and public params
![Page 40: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/40.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
PKG (Private Key Generator)
Public Params
Setup: generate master secret and public params
![Page 41: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/41.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
PKG (Private Key Generator)
Public Params
Setup: generate master secret and public params
![Page 42: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/42.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
PKG (Private Key Generator)
Public Params
Setup: generate master secret and public params
Decrypt
![Page 43: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/43.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Timeline
2001
20041986
![Page 44: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/44.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Timeline
2001
2004
Identity BasedCryptography,the first idea
Shamir
1986
![Page 45: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/45.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Timeline
2001
First PracticalIBE scheme
from Weil Pairing
Boneh, Franklin
2004
Identity BasedCryptography,the first idea
Shamir
1986
![Page 46: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/46.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Timeline
2001
First PracticalIBE scheme
from Weil Pairing
Boneh, Franklin
CocksIBE,
not bandwidth efficient
2004
Identity BasedCryptography,the first idea
Shamir
1986
![Page 47: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/47.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Timeline
2001
First PracticalIBE scheme
from Weil Pairing
Boneh, Franklin
CocksIBE,
not bandwidth efficient
CPKkey
management, IBE, IBS
Nan, Chen
2004
Identity BasedCryptography,the first idea
Shamir
1986
![Page 48: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/48.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
CPK Cryptosystem
CPK (Combined Public Key)
Based on generalized Discrete Log Group
![Page 49: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/49.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Elliptic Curve Cryptography
y2 = x3 + ax + b (mod p)
G is a point on elliptic curve, n is the order of cyclic group <G>Private key d is random selected integer in [1, n-1]Corresponding public key Q = dG.
![Page 50: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/50.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Elliptic Curve Cryptography
y2 = x3 + ax + b (mod p)
G is a point on elliptic curve, n is the order of cyclic group <G>Private key d is random selected integer in [1, n-1]Corresponding public key Q = dG.
(d1, Q1 = d1G), (d2, Q2 = d2G)
![Page 51: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/51.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Elliptic Curve Cryptography
y2 = x3 + ax + b (mod p)
G is a point on elliptic curve, n is the order of cyclic group <G>Private key d is random selected integer in [1, n-1]Corresponding public key Q = dG.
(d1, Q1 = d1G), (d2, Q2 = d2G)
d = d1 + d2
![Page 52: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/52.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Elliptic Curve Cryptography
y2 = x3 + ax + b (mod p)
G is a point on elliptic curve, n is the order of cyclic group <G>Private key d is random selected integer in [1, n-1]Corresponding public key Q = dG.
(d1, Q1 = d1G), (d2, Q2 = d2G)
d = d1 + d2
Q = Q1 + Q2 = d1G + d2G = (d1+d2)G
![Page 53: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/53.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Elliptic Curve Cryptography
y2 = x3 + ax + b (mod p)
G is a point on elliptic curve, n is the order of cyclic group <G>Private key d is random selected integer in [1, n-1]Corresponding public key Q = dG.
(d1, Q1 = d1G), (d2, Q2 = d2G)
d = d1 + d2
Q = Q1 + Q2 = d1G + d2G = (d1+d2)G(d,Q)
![Page 54: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/54.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Private Matrix Generation
The trusted authority PKG (Private Key Generator) generates a m×n matrix in which elements are randomly generated ECC private keys (integers in [1, n-1]). The private matrix should be kept secretly in PKG.
RNG
In PKG
![Page 55: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/55.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Private Matrix Generation
The trusted authority PKG (Private Key Generator) generates a m×n matrix in which elements are randomly generated ECC private keys (integers in [1, n-1]). The private matrix should be kept secretly in PKG.
RNGsij !R [1, n" 1]
!
"""#
s11 s12 · · · s1n
s21 s22 · · · s2n...
.... . .
...sm1 sm2 · · · smn
$
%%%&
private matrix
Rand integers
In PKG
![Page 56: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/56.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Public Matrix GenerationIn PKG
![Page 57: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/57.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Public Matrix Generation
!
"""#
s11 s12 · · · s1n
s21 s22 · · · s2n...
.... . .
...sm1 sm2 · · · smn
$
%%%&
private matrix
In PKG
![Page 58: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/58.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Public Matrix Generation
!
"""#
s11 s12 · · · s1n
s21 s22 · · · s2n...
.... . .
...sm1 sm2 · · · smn
$
%%%&
private matrix
In PKG
![Page 59: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/59.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Public Matrix Generation
!
"""#
s11 s12 · · · s1n
s21 s22 · · · s2n...
.... . .
...sm1 sm2 · · · smn
$
%%%&
private matrix
In PKG
![Page 60: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/60.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Public Matrix Generation
!
"""#
s11 s12 · · · s1n
s21 s22 · · · s2n...
.... . .
...sm1 sm2 · · · smn
$
%%%&
private matrix
In PKG
![Page 61: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/61.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Public Matrix Generation
!
"""#
s11G s12G · · · s1nGs21G s22G · · · s2nG
......
. . ....
sm1G sm2G · · · smnG
$
%%%&
public matrix!
"""#
s11 s12 · · · s1n
s21 s22 · · · s2n...
.... . .
...sm1 sm2 · · · smn
$
%%%&
private matrix
In PKG
![Page 62: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/62.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Public Matrix Generation
!
"""#
s11G s12G · · · s1nGs21G s22G · · · s2nG
......
. . ....
sm1G sm2G · · · smnG
$
%%%&
public matrix!
"""#
s11 s12 · · · s1n
s21 s22 · · · s2n...
.... . .
...sm1 sm2 · · · smn
$
%%%&
private matrix
key pair
In PKG
![Page 63: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/63.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Public Matrix Generation
!
"""#
s11G s12G · · · s1nGs21G s22G · · · s2nG
......
. . ....
sm1G sm2G · · · smnG
$
%%%&
public matrix!
"""#
s11 s12 · · · s1n
s21 s22 · · · s2n...
.... . .
...sm1 sm2 · · · smn
$
%%%&
private matrix
key pair
Public Matrix is generated by PKG from the Private Matrix, elements in Public Matrix is the public key of corresponding private key in Private Matrix. The public matrix is publicly available for all users.
In PKG
![Page 64: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/64.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Map Algorithm
!h1, h2, . . . , hn" # H(ID)
Map algorithm H(ID) is a cryptographic hash algorithm, maps an arbitrary string ID to column indexes of private matrix and public matrix.
hi is the index of i-th column of public/private matrix.
![Page 65: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/65.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Private Key Extraction
Input user’s identity ID
Map identity to indexes of matrix
Select one element through each column of the private matrix by the index
Add selected private keys,the result is user’s private key corresponding to his identity ID.
!
"""#
s11 s12 · · · s1n
s21 s22 · · · s2n...
.... . .
...sm1 sm2 · · · smn
$
%%%&
dID =n!1!
i=0
shi,i (mod p)
!h1, h2, . . . , hn" # H(ID)
IDIn PKG
![Page 66: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/66.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Public Key Extraction
!
"""#
s11G s12G · · · s1nGs21G s22G · · · s2nG
......
. . ....
sm1G sm2G · · · smnG
$
%%%&
QID =n!1!
i=0
shiiG
!h1, h2, . . . , hn" # H(ID)
ID
Input user’s identity ID
Map identity to indexes of matrix
Select one element through each column of the Public matrix by the index
Add (elliptic curve point add) selected private keys, the result is user’s public key corresponding to his identity ID.
In User
![Page 67: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/67.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Identity Based Signature
CPK-Sign (Message, PrivateKey) {ECDSA-Sign (Message, PrivateKey) -> Signature}
CPK-Verify (Message, PublicMatrix, SignerID, Signature) {CPK-ExtractPublicKey(PublicMatrix, SignerID) -> PublicKeyECDSA-Verify(Message, Signature, PublicKey);}
ECDSA: Elliptic Curve Digital Signature Algorithm
![Page 68: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/68.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Big Picture
!h1, h2, . . . , hn" # H(ID)
!
"""#
s11G s12G · · · s1nGs21G s22G · · · s2nG
......
. . ....
sm1G sm2G · · · smnG
$
%%%&QID =
n!1!
i=0
shiiG
!
"""#
s11 s12 · · · s1n
s21 s22 · · · s2n...
.... . .
...sm1 sm2 · · · smn
$
%%%&dID =
n!1!
i=0
shi,i (mod p)H(ID)
H(ID)
![Page 69: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/69.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
The second Challenge: Private Key
• The private key can be access by the javascript program
• The private key should never leave the browser
![Page 70: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/70.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
URI Fragment Identifier
http://www.domain.com/#skey=72bc845b9592b79...
fragment identifier starts from a # (number sign)
fragment identifier
![Page 71: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/71.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Fragment Identifier
![Page 72: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/72.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Fragment Identifier
<div id="menu"> <a href="#section1">section 1</a> <a href="#section2">section 2</a> <a href="#section3">section 3</a> <a href="#ref">reference</a> </div>
<h1>Section1</h1><a name=”#section1” id=”section1”>
![Page 73: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/73.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Fragment Identifier as Key Store
• Utilize fragment identifier in bookmark URL as the private key storage. The fragment identifier in URL will never be transfered through the Internet.
![Page 74: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/74.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Retrieve Private Key From URL
<script type=”text/javascript>var URL = window.location;var fragid_start = URL.substring(URL.indexOf(‘#’));
![Page 75: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/75.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
![Page 76: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/76.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
![Page 77: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/77.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Workflow
Browser
PKG
WebApp
! ID
" skey
# m
pk.js
$ URL
% setup
& save
' message
( webibc.js, mpk.js
) do
* forward
Secure Channel
Public Channel
![Page 78: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/78.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
WebApp
Browser
PKG
![Page 79: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/79.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
❶ setup
WebApp
Browser
PKG
![Page 80: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/80.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008❷
mp
k.js
❶ setup
WebApp
Browser
PKG
![Page 81: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/81.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
❸ ID
❷ m
pk.
js
❶ setup
WebApp
Browser
PKG
![Page 82: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/82.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
❸ ID
❹ skey
❷ m
pk.
js
❶ setup
WebApp
Browser
PKG
![Page 83: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/83.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
❸ ID
❹ skey
❷ m
pk.
js
❶ setup
❺ save
WebApp
Browser
PKG
![Page 84: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/84.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
❸ ID
❹ skey
❷ m
pk.
js
❻ URL
❶ setup
❺ save
WebApp
Browser
PKG
![Page 85: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/85.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
❸ ID
❹ skey
❷ m
pk.
js
❻ URL
❶ setup
❺ save
❼ webibc.js, mpk.js
WebApp
Browser
PKG
![Page 86: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/86.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
❸ ID
❹ skey
❷ m
pk.
js
❻ URL
❶ setup
❺ save
❽ do❼ webibc.js, mpk.js
WebApp
Browser
PKG
![Page 87: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/87.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
❸ ID
❹ skey
❷ m
pk.
js
❻ URL
❶ setup
❺ save
❾ message
❽ do❼ webibc.js, mpk.js
WebApp
Browser
PKG
![Page 88: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/88.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
❸ ID
❹ skey
❷ m
pk.
js
❻ URL
❶ setup
❺ save
❾ message
❽ do
❿ forward
❼ webibc.js, mpk.js
WebApp
Browser
PKG
![Page 89: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/89.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Workflow
1. The authority trusted by Alice and Bob establishes a PKG, which will generate the system parameters including the public matrix.
2. Web application embeds WebIBC into these systems together with the public system parameters released by the PKG.
3. Alice registers to the PKG with her ID.
4. PKG returns Alice’s private key.
![Page 90: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/90.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Workflow
5. Alice can append the private key as an fragment identifier to the Web application’s URL, then save it as a bookmark into the browser.
6. Now Alice can use this bookmark to log into the web application. It should be noted that the browser will send the URL without the fragment identifier, so the private key is secure.
![Page 91: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/91.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Workflow
7. The WebIBC JavaScript files will also be downloaded from the server, including the public matrix of system.
8. Alice uses this web application as normal, entering Bob’s email address and message content into the form. When Alice presses the send button, WebIBC JavaScript programs will get the email address from the form as public key and get private key from URL, encrypt and sign the message.
![Page 92: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/92.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Workflow
9. Then message will be sent to the server.
10. Because the message has been protected, the Web application can do no evil to the message but only forward it to Bob. Bob can also login into his web application and decrypt the message by his private key in the fragment identifier and verify the message through the public matrix, similar to Alice.
![Page 93: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/93.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Performance0.5KB 2KB 10KB
Safari
Firefox
IE
Opera
1383.7 1,492 2,071
1,523 1,661 2,401
1,459 1,698 2,791
2,110 2,349 3,628
0
1000
2000
3000
4000
Safari Firefox IE Opera
0.5 KB2 KB10 KB
ms
ms
ms
ms
![Page 94: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/94.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Future Work
• Web based PRNG
• Other Identity based cryptography
• Local storage in HTML5
![Page 95: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/95.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Thank you!
![Page 96: ICDCS‘08 WebIBC](https://reader036.fdocuments.net/reader036/viewer/2022081403/5561325ad8b42a92358b4689/html5/thumbnails/96.jpg)
ICDCS 2008Network and Information Security Lab, Peking UniversityJun. 19, 2008
Questions?