Your SlideShare is downloading. ×
  • Like
ICDCS‘08 WebIBC
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

ICDCS‘08 WebIBC

  • 888 views
Published

 

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
888
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
40
Comments
0
Likes
2

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. WebIBC Identity Based Cryptography for Client Side Security in Web Applications Zhi Guan, Zhen Cao, Xuan Zhao, Ruichuan Chen, Zhong Chen, and Xianghao Nan Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 2. Once upon a time ... Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 3. Once upon a time ... Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 4. Once upon a time ... Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 5. Once upon a time ... Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 6. Once upon a time ... Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 7. Once upon a time ... Strong Cryptography Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 8. Now Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 9. Now Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 10. Now Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 11. Now Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 12. Now Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 13. Now Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 14. Now Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 15. Now Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 16. Web App Security & Privacy? • User authentication • SSL/TLS link encryption Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 17. Web App Security & Privacy? • User authentication • SSL/TLS link encryption What if servers do evil ? Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 18. Web App Security & Privacy? • User authentication • SSL/TLS link encryption What if servers do evil ? No Security! Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 19. Web App Security & Privacy? • User authentication • SSL/TLS link encryption What if servers do evil ? No Security! No Privacy! Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 20. Web App Security & Privacy? • User authentication • SSL/TLS link encryption What if servers do evil ? No Security! No Privacy! Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 21. Web App HTML & JavaScript Web Browser Operating System Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 22. Web App HTML & JavaScript Web Browser Operating System EFS, PGP Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 23. Web App HTML & JavaScript Browser Plug-in Web Browser Operating System EFS, PGP Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 24. Web App HTML & Here we are JavaScript Browser Plug-in Web Browser Operating System EFS, PGP Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 25. Challenges • Private key: JavaScript can not read keys in local file system. • Public key: acquire other’s public key or certificate is not easy for JavaScript programs in Web browser. Private Key? Public Key? Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 26. Limited Browser Capability • HTML, CSS • JavaScript • AJAX Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 27. Limited Browser Capability • HTML, CSS • JavaScript • AJAX Browser Plug-ins? Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 28. Limited Browser Capability • HTML, CSS • JavaScript • AJAX Browser Plug-ins? No! Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 29. Our Goal Strengthen Web Browser Security and Privacy Without Changing the Browser. Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 30. Target • Our solution: bring public key cryptography to Web browsers, include public key encryption and signature generation. • All the cryptography operations and key usage are inside the browser and implemented in JavaScript and HTML only, require no plug-ins and provide “open source” guarantee. Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 31. The first Challenge Public Key: Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 32. The first Challenge Public Key: Identity-Based Cryptography Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 33. PKG (Private Key Generator) Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 34. PKG (Private Key Generator) Setup: generate master secret and public params Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 35. PKG (Private Key Generator) Setup: generate master secret and public params s m ra Pa c bli Pu Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 36. PKG (Private Key Generator) Setup: generate master secret and public params s m ra Pa c bli Pu Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 37. PKG (Private Key Generator) Setup: generate master secret and public params s m ra Pa c bli Pu Alice@gmail.com Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 38. PKG (Private Key Generator) Setup: generate master secret and public params s m ra Pa c bli Pu Alice@gmail.com Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 39. PKG (Private Key Generator) Setup: generate master secret and public params s m ra Pa c bli Pu Alice@gmail.com Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 40. PKG (Private Key Generator) Setup: generate master secret and public params s m ra Pa c bli Pu Alice@gmail.com Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 41. PKG (Private Key Generator) Setup: generate master secret and public params s m ra Pa c bli Pu Alice@gmail.com Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 42. PKG (Private Key Generator) Setup: generate master secret and public params s m ra Pa c bli Pu Alice@gmail.com Decrypt Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 43. Timeline 2001 2004 1986 Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 44. Timeline Identity Based Cryptography, the first idea Shamir 2001 2004 1986 Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 45. Timeline First Practical Identity Based IBE scheme Cryptography, from Weil the first idea Pairing Shamir Boneh, Franklin 2001 2004 1986 Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 46. Timeline First Practical Identity Based IBE scheme Cryptography, from Weil the first idea Pairing Shamir Boneh, Franklin 2001 2004 1986 Cocks IBE, not bandwidth efficient Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 47. Timeline First Practical CPK Identity Based IBE scheme key Cryptography, from Weil management, the first idea Pairing IBE, IBS Shamir Boneh, Franklin Nan, Chen 2001 2004 1986 Cocks IBE, not bandwidth efficient Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 48. CPK Cryptosystem CPK (Combined Public Key) Based on generalized Discrete Log Group Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 49. Elliptic Curve Cryptography G is a point on elliptic curve, n is the order of cyclic group <G> Private key d is random selected integer in [1, n-1] Corresponding public key Q = dG. y 2 = x3 + ax + b (mod p) Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 50. Elliptic Curve Cryptography G is a point on elliptic curve, n is the order of cyclic group <G> Private key d is random selected integer in [1, n-1] Corresponding public key Q = dG. (d1, Q1 = d1G), (d2, Q2 = d2G) y 2 = x3 + ax + b (mod p) Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 51. Elliptic Curve Cryptography G is a point on elliptic curve, n is the order of cyclic group <G> Private key d is random selected integer in [1, n-1] Corresponding public key Q = dG. (d1, Q1 = d1G), (d2, Q2 = d2G) d = d1 + d2 y 2 = x3 + ax + b (mod p) Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 52. Elliptic Curve Cryptography G is a point on elliptic curve, n is the order of cyclic group <G> Private key d is random selected integer in [1, n-1] Corresponding public key Q = dG. (d1, Q1 = d1G), (d2, Q2 = d2G) d = d1 + d2 Q = Q1 + Q2 = d1G + d2G = (d1+d2)G y 2 = x3 + ax + b (mod p) Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 53. Elliptic Curve Cryptography G is a point on elliptic curve, n is the order of cyclic group <G> Private key d is random selected integer in [1, n-1] Corresponding public key Q = dG. (d1, Q1 = d1G), (d2, Q2 = d2G) d = d1 + d2 Q = Q1 + Q2 = d1G + d2G = (d1+d2)G (d,Q) y 2 = x3 + ax + b (mod p) Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 54. Private Matrix Generation In PKG RNG The trusted authority PKG (Private Key Generator) generates a m×n matrix in which elements are randomly generated ECC private keys (integers in [1, n-1]). The private matrix should be kept secretly in PKG. Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 55. Private Matrix Generation In PKG private matrix   ··· s11 s12 s1n Rand integers   RNG ··· s21 s22 s2n   sij ∈R [1, n − 1] . . . ..   . . . .   . . . ··· sm1 sm2 smn The trusted authority PKG (Private Key Generator) generates a m×n matrix in which elements are randomly generated ECC private keys (integers in [1, n-1]). The private matrix should be kept secretly in PKG. Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 56. Public Matrix Generation In PKG Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 57. Public Matrix Generation In PKG private matrix   ··· s11 s12 s1n   ··· s21 s22 s2n   . . . ..   . . . .   . . . ··· sm1 sm2 smn Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 58. Public Matrix Generation In PKG private matrix   ··· s11 s12 s1n   ··· s21 s22 s2n   . . . ..   . . . .   . . . ··· sm1 sm2 smn Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 59. Public Matrix Generation In PKG private matrix   ··· s11 s12 s1n   ··· s21 s22 s2n   . . . ..   . . . .   . . . ··· sm1 sm2 smn Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 60. Public Matrix Generation In PKG private matrix   ··· s11 s12 s1n   ··· s21 s22 s2n   . . . ..   . . . .   . . . ··· sm1 sm2 smn Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 61. Public Matrix Generation In PKG public matrix private matrix     ··· s11 G s12 G s1n G ··· s11 s12 s1n     ··· s21 G s22 G s2n G ··· s21 s22 s2n     . . . . . . ..   ..   . . . . . . . .     . . . . . . ··· sm1 G sm2 G smn G ··· sm1 sm2 smn Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 62. Public Matrix Generation In PKG public matrix private matrix     ··· s11 G s12 G s1n G ··· s11 s12 s1n     ··· s21 G s22 G s2n G ··· s21 s22 s2n     . . . . . . ..   ..   . . . . . . . .     . . . . . . ··· sm1 G sm2 G smn G ··· sm1 sm2 smn key pair Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 63. Public Matrix Generation In PKG public matrix private matrix     ··· s11 G s12 G s1n G ··· s11 s12 s1n     ··· s21 G s22 G s2n G ··· s21 s22 s2n     . . . . . . ..   ..   . . . . . . . .     . . . . . . ··· sm1 G sm2 G smn G ··· sm1 sm2 smn key pair Public Matrix is generated by PKG from the Private Matrix, elements in Public Matrix is the public key of corresponding private key in Private Matrix. The public matrix is publicly available for all users. Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 64. Map Algorithm h1 , h2 , . . . , hn ← H(ID) Map algorithm H(ID) is a cryptographic hash algorithm, maps an arbitrary string ID to column indexes of private matrix and public matrix. hi is the index of i-th column of public/private matrix. Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 65. Private Key Extraction ID In PKG Input user’s identity ID Map identity to indexes of matrix h1 , h2 , . . . , hn ← H(ID)   ··· s11 s12 s1n Select one element through   ··· s21 s22 s2n each column of the private   . . . ..   matrix by the index . . . .   . . . ··· sm1 sm2 smn Add selected private keys, the result is user’s private key n−1 corresponding to his identity dID = shi ,i (mod p) ID. i=0 Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 66. Public Key Extraction ID In User Input user’s identity ID Map identity to indexes of matrix h1 , h2 , . . . , hn ← H(ID)   ··· s11 G s12 G s1n G Select one element through   ··· each column of the Public s21 G s22 G s2n G   . . . ..   matrix by the index . . . .   . . . ··· sm1 G sm2 G smn G Add (elliptic curve point add) selected private keys, the n−1 result is user’s public key QID = shi i G corresponding to his identity i=0 ID. Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 67. Identity Based Signature CPK-Sign (Message, PrivateKey) { ECDSA-Sign (Message, PrivateKey) -> Signature } CPK-Verify (Message, PublicMatrix, SignerID, Signature) { CPK-ExtractPublicKey(PublicMatrix, SignerID) -> PublicKey ECDSA-Verify(Message, Signature, PublicKey); } ECDSA: Elliptic Curve Digital Signature Algorithm Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 68. Big Picture h1 , h2 , . . . , hn ← H(ID)   ··· s11 s12 s1n   n−1 H(ID) ··· s21 s22 s2n   dID = shi ,i (mod p) . . . ..   . . . .   . . . i=0 ··· sm1 sm2 smn   ··· s11 G s12 G s1n G   H(ID) n−1 ··· s21 G s22 G s2n G   QID = . . . shi i G ..   . . . .   . . . i=0 ··· sm1 G sm2 G smn G Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 69. The second Challenge: Private Key • The private key can be access by the javascript program • The private key should never leave the browser Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 70. URI Fragment Identifier http://www.domain.com/#skey=72bc845b9592b79... fragment identifier fragment identifier starts from a # (number sign) Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 71. Fragment Identifier Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 72. Fragment Identifier <div id=quot;menuquot;> <a href=quot;#section1quot;>section 1</a> <a href=quot;#section2quot;>section 2</a> <a href=quot;#section3quot;>section 3</a> <a href=quot;#refquot;>reference</a> </div> <h1>Section1</h1> <a name=”#section1” id=”section1”> Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 73. Fragment Identifier as Key Store • Utilize fragment identifier in bookmark URL as the private key storage. The fragment identifier in URL will never be transfered through the Internet. Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 74. Retrieve Private Key From URL <script type=”text/javascript> var URL = window.location; var fragid_start = URL.substring(URL.indexOf(‘#’)); Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 75. Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 76. Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 77. Workflow % setup PKG ID ! y ske quot; # mpk.js & save Browser ) do $U Secure ( RL we Channel bib c.js Public ,m 'm pk Channel .js ess age WebApp * forward Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 78. PKG Browser WebApp Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 79. PKG ❶ setup Browser WebApp Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 80. PKG ❶ setup ❷ mpk.js Browser WebApp Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 81. PKG ❶ setup ID ❸ ❷ mpk.js Browser WebApp Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 82. PKG ❶ setup ID ❸ ey ❷ mpk.js sk ❹ Browser WebApp Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 83. PKG ❶ setup ID ❸ ey ❷ mpk.js sk ❺ save ❹ Browser WebApp Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 84. PKG ❶ setup ID ❸ ey ❷ mpk.js sk ❺ save ❹ Browser ❻U RL WebApp Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 85. PKG ❶ setup ID ❸ ey ❷ mpk.js sk ❺ save ❹ Browser ❻U RL ❼w ebib c.js , mp k.js WebApp Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 86. PKG ❶ setup ID ❸ ey ❷ mpk.js sk ❺ save ❹ Browser ❻U RL ❼w ebib ❽ do c.js , mp k.js WebApp Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 87. PKG ❶ setup ID ❸ ey ❷ mpk.js sk ❺ save ❹ Browser ❻U RL ❼w ebib ❽ do c.js , mp k.js ❾m ess age WebApp Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 88. PKG ❶ setup ID ❸ ey ❷ mpk.js sk ❺ save ❹ Browser ❻U RL ❼w ebib ❽ do c.js , mp k.js ❿ forward ❾m ess age WebApp Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 89. Workflow 1. The authority trusted by Alice and Bob establishes a PKG, which will generate the system parameters including the public matrix. 2. Web application embeds WebIBC into these systems together with the public system parameters released by the PKG. 3. Alice registers to the PKG with her ID. 4. PKG returns Alice’s private key. Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 90. Workflow 5. Alice can append the private key as an fragment identifier to the Web application’s URL, then save it as a bookmark into the browser. 6. Now Alice can use this bookmark to log into the web application. It should be noted that the browser will send the URL without the fragment identifier, so the private key is secure. Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 91. Workflow 7. The WebIBC JavaScript files will also be downloaded from the server, including the public matrix of system. 8. Alice uses this web application as normal, entering Bob’s email address and message content into the form. When Alice presses the send button, WebIBC JavaScript programs will get the email address from the form as public key and get private key from URL, encrypt and sign the message. Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 92. Workflow 9. Then message will be sent to the server. 10. Because the message has been protected, the Web application can do no evil to the message but only forward it to Bob. Bob can also login into his web application and decrypt the message by his private key in the fragment identifier and verify the message through the public matrix, similar to Alice. Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 93. Performance 0.5KB 2KB 10KB Safari 1383.7 1,492 2,071 Firefox 1,523 1,661 2,401 IE 1,459 1,698 2,791 Opera 2,110 2,349 3,628 4000 ms 0.5 KB 2 KB 10 KB 3000 ms 2000 ms 1000 ms 0 Safari Firefox IE Opera Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 94. Future Work • Web based PRNG • Other Identity based cryptography • Local storage in HTML5 Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 95. Thank you! Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  • 96. Questions? Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008