Universally Composable Firewall Architectures using Trusted Hardware 16.10.2014 Dirk Achenbach, Jörn Müller-Quade, Jochen Rill

Similar documents
Universally Composable Firewall Architectures using Trusted Hardware

Non-Black-Box Techniques In Crytpography. Thesis for the Ph.D degree Boaz Barak

Trading Static for Adaptive Security in Universally Composable Zero-Knowledge

Secure APIs and Simulationbased. Exposé thésard

Simulation-Based Security with Inexhaustible Interactive Turing Machines

On Combining Privacy with Guaranteed Output Delivery in Secure Multiparty Computation

An Overview of Common Adversary Models

Secure Computation Without Authentication

Lecture 9 - Message Authentication Codes

Diploma (5-year degree), School of Applied Mathematics and Physics, NTUA (Greece) Major: Computer Science and Applied Mathematics.

Moonv6 Test Suite. IPv6 Firewall Network Level Interoperability Test Suite. Technical Document. Revision 1.0

A Method for Making Password-Based Key Exchange Resilient to Server Compromise

CCN. CCNx 1.0 Internet of Things Architectural Overview. Computer Science Laboratory Networking & Distributed Systems March 2014

The methodology. Interne. 1 Introduction

Cryptography: Authentication, Blind Signatures, and Digital Cash

Application Security: Threats and Architecture

Lecture 15 - Digital Signatures

Client Server Registration Protocol

Threat modeling of the security architectures of various wireless technologies

Breaking Generalized Diffie-Hellman Modulo a Composite is no Easier than Factoring

Enhanced Security Models for Network Protocols

MANAGING OF AUTHENTICATING PASSWORD BY MEANS OF NUMEROUS SERVERS

Assumption Busters Workshop - Cloud Computing

Analysis of Privacy-Preserving Element Reduction of Multiset

The Role of Cryptography in Database Security

A Draft Framework for Designing Cryptographic Key Management Systems

Lecture VII : Public Key Infrastructure (PKI)

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch

Moonv6 Test Suite DRAFT

Overview. Firewall Security. Perimeter Security Devices. Routers

Security Analysis of DRBG Using HMAC in NIST SP

Two Factor Zero Knowledge Proof Authentication System

Sync Security and Privacy Brief

Content Teaching Academy at James Madison University

Access Control. 1 Overview of Access Control. Lecture Notes (Syracuse University) Access Control: 1. What is Access Control?

PERFORMANCE ANALYSIS OF PaaS CLOUD COMPUTING SYSTEM

A Secure Protocol for the Oblivious Transfer (Extended Abstract) M. J. Fischer. Yale University. S. Micali Massachusetts Institute of Technology

Intro to Firewalls. Summary

On the Limits of Anonymous Password Authentication

Certified Security Proofs of Cryptographic Protocols in the Computational Model : an Application to Intrusion Resilience

Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG

Firewalls Overview and Best Practices. White Paper

A Study of Network Security Systems

Introduction to computer science

Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels

Corporate PC Backup - Best Practices

Session Initiation Protocol Attacks and Challenges

Public Key Infrastructure (PKI)

Voucher Web Metering Using Identity Management Systems

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

Limits of Computational Differential Privacy in the Client/Server Setting

packet retransmitting based on dynamic route table technology, as shown in fig. 2 and 3.

Applying General Access Structure to Metering Schemes

SE 4C03 Winter 2005 An Introduction of Firewall Architectures and Functions. Kevin Law 26 th March,

Running the scientific data archive

Web DNS Peer-to-peer systems (file sharing, CDNs, cycle sharing)

Middleboxes. Firewalls. Internet Ideal: Simple Network Model. Internet Reality. Middleboxes. Firewalls. Globally unique idenpfiers

Privacy and Identity Management for Europe

Table 1. User Instructions

Implementation of Role Based Access Control on Encrypted Data in Hybrid Cloud

An Overview of Challenges of Component Based Software Engineering

Integrating a web application with Siebel CRM system

Stateful Inspection Firewall Session Table Processing

DIGITAL RIGHTS MANAGEMENT SYSTEM FOR MULTIMEDIA FILES

A Secure and Efficient Conference Key Distribution System

Quantum Q-Cloud Backup-as-a-Service Reference Architecture

Performance metrics for parallel systems

Formal Methods in Security Protocols Analysis

The Exact Security of Digital Signatures How to Sign with RSA and Rabin

Compter Networks Chapter 9: Network Security

Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment

Embedded System Design. Disclaimer

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

2 Protocol Analysis, Composability and Computation

Subtitle? Subtitle? Subtitle? Subtitle? Privacy Preserving Protocols. Subtitle? Subtitle? Subtitle? Subtitle? and Security Proof Techniques

The Halting Problem is Undecidable

Netfilter Failover. Connection Tracking State Replication. Krisztián Kovács

Packet Sampling and Network Monitoring

International Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013

Modular Security Proofs for Key Agreement Protocols

Practical Yet Universally Composable Two-Server Password-Authenticated Secret Sharing

Formal Modelling of Network Security Properties (Extended Abstract)

International Journal of Scientific & Engineering Research, Volume 4, Issue 8, August ISSN

Protocols for Secure Cloud Computing

Reconciling multiple IPsec and firewall policies

Strengthen RFID Tags Security Using New Data Structure

SECURE WEB GATEWAY DEPLOYMENT METHODOLOGIES

THE UNIVERSITY OF TRINIDAD & TOBAGO

Disable Redundant Windows XP Services which are Hogging Your RAM

1 Digital Signatures. 1.1 The RSA Function: The eth Power Map on Z n. Crypto: Primitives and Protocols Lecture 6.

Selecting a Firewall Gilbert Held

Preview of a Novel Architecture for Large Scale Storage

Factoring & Primality

Wireless Sensor Networks Chapter 14: Security in WSNs

Authentication Applications

A PRACTICAL APPROACH TO INCLUDE SECURITY IN SOFTWARE DEVELOPMENT

Data Storage Security in Cloud Computing for Ensuring Effective and Flexible Distributed System

Project 2: Penetration Testing (Phase II)

A secure login system using virtual password

A Secure Model for Medical Data Sharing

Transcription:

Universally Composable Firewall Architectures usg Trusted Hardware 16.10.2014 Dirk Achenbach, Jörn Müller-Quade, Jochen Rill KARLSRUHE INSTITUTE OF TECHNOLOGY KIT University of the State of Baden-Wuerttemberg and National Laboratory of the Helmholtz Association www.kit.edu

Outle 1 Concatenation of Packet Filters Actively Trusted Hardware Quorum Decisions 2 The Universal Composability Framework Provg the Security of Our Approach Universally Composable Firewall Architectures usg Trusted Hardware 2/23

Firewalls Universally Composable Firewall Architectures usg Trusted Hardware 3/23

Are Firewalls Really Secure? Universally Composable Firewall Architectures usg Trusted Hardware 4/23

Just Use Two! Universally Composable Firewall Architectures usg Trusted Hardware 5/23

This Doesn t Work Universally Composable Firewall Architectures usg Trusted Hardware 6/23

Trusted Hardware Our idea: Use a piece of trusted hardware Very simple functionality Not programmable, maybe even sealed Checks if what goes also comes H 1 H 2 hw put cmp put Universally Composable Firewall Architectures usg Trusted Hardware 7/23

Trusted Hardware This doesn t work either: The compromised firewall could send evil packets with clever timg: H 1 H 2 hw put cmp put Universally Composable Firewall Architectures usg Trusted Hardware 8/23

Data What ab this approach? H 1 hw put H 2 2 1 put Research Challenge Rigorously analyse the security of this approach. Universally Composable Firewall Architectures usg Trusted Hardware 9/23

Data What ab this approach? H 1 hw put H 2 2 1 put Research Challenge Rigorously analyse the security of this approach. Universally Composable Firewall Architectures usg Trusted Hardware 9/23

The Universal Composability Framework Formal framework for the security of cryptographic protocols. Compare the concrete protocol with an idealised version. Simulation-based approach. F 1 D A 2 S D 3 D Z Z Universally Composable Firewall Architectures usg Trusted Hardware 10/23

The Universal Composability Framework A protocol π securely realises an ideal functionality F if A S Z : REAL π,a,z IDEAL F,S,Z F 1 D A 2 S D 3 D Z Z Universally Composable Firewall Architectures usg Trusted Hardware 11/23

The Universal Composability Framework With this approach we need not specify what a (uncompromised) firewall actually does! H1 hw H2 put H2 2 1 put put put Security Intuition As if the compromised firewall was not there. Universally Composable Firewall Architectures usg Trusted Hardware 12/23

The Universal Composability Framework With this approach we need not specify what a (uncompromised) firewall actually does! H1 hw H2 put H2 2 1 put put put Security Intuition As if the compromised firewall was not there. Universally Composable Firewall Architectures usg Trusted Hardware 12/23

Caveat Emptor The Composition Theorem makes it possible to construct secure networks from smaller components: Theorem (Composition Theorem [1]) Let ρ, φ, π be protocols such that ρ uses φ as subre and π UC-emulates φ. Then protocol ρ φ π UC-emulates ρ. Setup Assumptions No non-trivial protocols can be proven secure the bare model [2]. Setup assumptions alleviate this problem: Common Reference Strgs [1], Public-Key Infrastructures [3], Tamper-Proof Hardware [4] Universally Composable Firewall Architectures usg Trusted Hardware 13/23

Caveat Emptor The Composition Theorem makes it possible to construct secure networks from smaller components: Theorem (Composition Theorem [1]) Let ρ, φ, π be protocols such that ρ uses φ as subre and π UC-emulates φ. Then protocol ρ φ π UC-emulates ρ. Setup Assumptions No non-trivial protocols can be proven secure the bare model [2]. Setup assumptions alleviate this problem: Common Reference Strgs [1], Public-Key Infrastructures [3], Tamper-Proof Hardware [4] Universally Composable Firewall Architectures usg Trusted Hardware 13/23

Our Setup Assumption: A Trusted Packet Comparator An idealised description of trusted hardware hw Keep a local cache realised as an unordered list. Upon receivg packet p on terface i: If there is another put terface j i, and a correspondg entry (j, q) with p q the cache: Remove (j, q) from the cache, put p. Otherwise, store (i, p) the cache. This is a much simpler functionality than that of a firewall! Universally Composable Firewall Architectures usg Trusted Hardware 14/23

Our Setup Assumption: A Trusted Packet Comparator An idealised description of trusted hardware hw Keep a local cache realised as an unordered list. Upon receivg packet p on terface i: If there is another put terface j i, and a correspondg entry (j, q) with p q the cache: Remove (j, q) from the cache, put p. Otherwise, store (i, p) the cache. This is a much simpler functionality than that of a firewall! Universally Composable Firewall Architectures usg Trusted Hardware 14/23

Security of Two Firewalls The ideal functionality of two firewalls F ideal Upon receivg (put, p): Ask the adversary if p should be delivered. If yes, let fw k be the non-corrupted party; calculate F fwk (p,, s) = (p, i, s ). Write p to the put tape of hw, if p and i. Else, do nothg. Save the new ternal state s. This is not an absolute guarantee! We state what the adversary s capabilities ideally should be. Universally Composable Firewall Architectures usg Trusted Hardware 15/23

Security of Two Firewalls The ideal functionality of two firewalls F ideal Upon receivg (put, p): Ask the adversary if p should be delivered. If yes, let fw k be the non-corrupted party; calculate F fwk (p,, s) = (p, i, s ). Write p to the put tape of hw, if p and i. Else, do nothg. Save the new ternal state s. This is not an absolute guarantee! We state what the adversary s capabilities ideally should be. Universally Composable Firewall Architectures usg Trusted Hardware 15/23

No! H 1 hw put H 2 1 2 put No! The adversary can re-order packets at will! Universally Composable Firewall Architectures usg Trusted Hardware 16/23

No! H 1 hw put H 2 1 2 put No! The adversary can re-order packets at will! Universally Composable Firewall Architectures usg Trusted Hardware 16/23

No! H 1 hw put H 2 1 2 put No! The adversary can re-order packets at will! Universally Composable Firewall Architectures usg Trusted Hardware 16/23

No! H 1 put H 2 hw 1 2 put No! The adversary can re-order packets at will! Universally Composable Firewall Architectures usg Trusted Hardware 16/23

No! H 1 put H 2 hw 1 2 put No! The adversary can re-order packets at will! Universally Composable Firewall Architectures usg Trusted Hardware 16/23

The ideal functionality of the two-firewall approach The ideal functionality of two firewalls with packet reorderg F ideal2 Upon receivg (put, p): Let w.l.o.g fw 1 be the non-corrupted party; calculate F fw1 (p,, s) = (p, i, s ). If p and i, save p an dexed memory structure m at the next free dex. Save new ternal state s. Give p to the adversary. Upon receivg (deliver, j) from the adversary: If m[j] contas a valid packet, write (, m[j]) to the put tape of hw and clear m[j]; else do nothg. This explicitly models the adversary s ability to schedule packets! Universally Composable Firewall Architectures usg Trusted Hardware 17/23

The ideal functionality of the two-firewall approach The ideal functionality of two firewalls with packet reorderg F ideal2 Upon receivg (put, p): Let w.l.o.g fw 1 be the non-corrupted party; calculate F fw1 (p,, s) = (p, i, s ). If p and i, save p an dexed memory structure m at the next free dex. Save new ternal state s. Give p to the adversary. Upon receivg (deliver, j) from the adversary: If m[j] contas a valid packet, write (, m[j]) to the put tape of hw and clear m[j]; else do nothg. This explicitly models the adversary s ability to schedule packets! Universally Composable Firewall Architectures usg Trusted Hardware 17/23

What Ab Availability? H 1 i 1 i 2 hw 1 H 2 hw 2 / i 1 env 1 i 2 i 3 i 1 i 2 i 1 i 2 env 2 i 3 / H 3 i 1 i 2 Is this as secure as the 2-firewall approach? Universally Composable Firewall Architectures usg Trusted Hardware 18/23

Packet Duplication Attack H 1 i 1 i 2 hw 1 H 2 hw 2 / i 1 env 1 i 2 i 3 i 1 i 2 i 1 i 2 env 2 i 3 / H 3 i 1 i 2 Universally Composable Firewall Architectures usg Trusted Hardware 19/23

Packet Duplication Attack H 1 i 1 i 2 hw 1 H 2 hw 2 / i 1 env 1 i 2 i 3 i 1 i 2 H 3 i 1 i 2 env 2 i 3 / i 1 i 2 Universally Composable Firewall Architectures usg Trusted Hardware 19/23

Packet Duplication Attack H 1 i 1 i 2 hw 1 H 2 hw 2 / i 1 env 1 i 2 i 3 i 1 i 2 H 3 i 1 i 2 env 2 i 3 / i 1 i 2 Universally Composable Firewall Architectures usg Trusted Hardware 19/23

Packet Duplication Attack H 1 i 1 i 2 hw 1 H 2 hw 2 / i 1 env 1 i 2 i 3 i 1 i 2 H 3 i 1 i 2 env 2 i 3 / i 1 i 2 Universally Composable Firewall Architectures usg Trusted Hardware 19/23

Fix: Packet Accountg Keep a local cache for each comg terface realised as an unordered list. Upon receivg packet p on terface i: Check if the cache of terface i contas an entry q with p q. If so, delete q and halt. Check if there exists an terface j i with an entry q with p q the cache of that terface: Remove q from the cache, put p, add an entry p to the cache of all other terfaces k with k i and k j. Otherwise, store p the cache of terface i. Universally Composable Firewall Architectures usg Trusted Hardware 20/23

Conclusion We vestigated the idea of actively compromised firewalls. Goal: Combe several candidate implementations to one secure firewall. Serial concatenation does not work, even with trusted hardware. The quorum does work. Future Work: Model availability UC, Bounded Queues. Universally Composable Firewall Architectures usg Trusted Hardware 21/23

References R. Canetti, Universally composable security: a new paradigm for cryptographic protocols, Foundations of Computer Science, 2001. Proceedgs. 42nd IEEE Symposium on, oct. 2001. R. Canetti and M. Fischl, Universally composable commitments, Advances Cryptology Crypto 2001. Sprger, 2001, pp. 19 40. B. Barak, R. Canetti, J. B. Nielsen, and R. Pass, Universally composable protocols with relaxed set-up assumptions, Foundations of Computer Science, 2004. Proceedgs. 45th Annual IEEE Symposium on. IEEE, 2004, pp. 186 195. J. Katz, Universally composable multi-party computation usg tamper-proof hardware, Advances Cryptology EUROCRYPT 2007, ser. Lecture Notes Computer Science, M. Naor, Ed. Sprger Berl Heidelberg, 2007, vol. 4515, pp. 115 128. [Onle]. Available: http://dx.doi.org/10.1007/978-3-540-72540-4 7 Universally Composable Firewall Architectures usg Trusted Hardware 22/23

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information