WebIBC
            Identity Based Cryptography for Client Side
                    Security in Web Applications

         ...
Once upon a time ...




Jun. 19, 2008   Network and Information Security Lab, Peking University   ICDCS 2008
Once upon a time ...




Jun. 19, 2008   Network and Information Security Lab, Peking University   ICDCS 2008
Once upon a time ...




Jun. 19, 2008   Network and Information Security Lab, Peking University   ICDCS 2008
Once upon a time ...




Jun. 19, 2008   Network and Information Security Lab, Peking University   ICDCS 2008
Once upon a time ...




Jun. 19, 2008   Network and Information Security Lab, Peking University   ICDCS 2008
Once upon a time ...



                                              Strong Cryptography




Jun. 19, 2008   Network and ...
Now




Jun. 19, 2008   Network and Information Security Lab, Peking University   ICDCS 2008
Now




Jun. 19, 2008   Network and Information Security Lab, Peking University   ICDCS 2008
Now




Jun. 19, 2008   Network and Information Security Lab, Peking University   ICDCS 2008
Now




Jun. 19, 2008   Network and Information Security Lab, Peking University   ICDCS 2008
Now




Jun. 19, 2008   Network and Information Security Lab, Peking University   ICDCS 2008
Now




Jun. 19, 2008   Network and Information Security Lab, Peking University   ICDCS 2008
Now




Jun. 19, 2008   Network and Information Security Lab, Peking University   ICDCS 2008
Now




Jun. 19, 2008   Network and Information Security Lab, Peking University   ICDCS 2008
Web App Security & Privacy?

   •      User authentication

   •      SSL/TLS link encryption




Jun. 19, 2008    Network...
Web App Security & Privacy?

   •      User authentication

   •      SSL/TLS link encryption


        What if servers do...
Web App Security & Privacy?

   •      User authentication

   •      SSL/TLS link encryption


        What if servers do...
Web App Security & Privacy?

   •      User authentication

   •      SSL/TLS link encryption


        What if servers do...
Web App Security & Privacy?

   •      User authentication

   •      SSL/TLS link encryption


        What if servers do...
Web
                         App


                    HTML &
                   JavaScript


                  Web Browse...
Web
                         App


                    HTML &
                   JavaScript


                  Web Browse...
Web
                         App


                    HTML &
                   JavaScript


                            ...
Web
                         App


                    HTML &                                      Here we are
           ...
Challenges
   •      Private key: JavaScript can not read keys in
          local file system.

   •      Public key: acqui...
Limited Browser Capability
   •      HTML, CSS

   •      JavaScript

   •      AJAX




Jun. 19, 2008    Network and Info...
Limited Browser Capability
   •      HTML, CSS

   •      JavaScript

   •      AJAX


                 Browser Plug-ins?
...
Limited Browser Capability
   •      HTML, CSS

   •      JavaScript

   •      AJAX


                 Browser Plug-ins?
...
Our Goal


  Strengthen Web Browser Security and Privacy
         Without Changing the Browser.




Jun. 19, 2008   Networ...
Target
   •      Our solution: bring public key cryptography to
          Web browsers, include public key encryption
    ...
The first Challenge


    Public Key:




Jun. 19, 2008   Network and Information Security Lab, Peking University   ICDCS 2...
The first Challenge


    Public Key:

                Identity-Based Cryptography




Jun. 19, 2008    Network and Informa...
PKG (Private Key Generator)




Jun. 19, 2008   Network and Information Security Lab, Peking University   ICDCS 2008
PKG (Private Key Generator)
                                  Setup: generate master secret and public params




Jun. 19,...
PKG (Private Key Generator)
                                           Setup: generate master secret and public params



...
PKG (Private Key Generator)
                                           Setup: generate master secret and public params



...
PKG (Private Key Generator)
                                           Setup: generate master secret and public params



...
PKG (Private Key Generator)
                                           Setup: generate master secret and public params



...
PKG (Private Key Generator)
                                           Setup: generate master secret and public params



...
PKG (Private Key Generator)
                                           Setup: generate master secret and public params



...
PKG (Private Key Generator)
                                           Setup: generate master secret and public params



...
PKG (Private Key Generator)
                                           Setup: generate master secret and public params



...
Timeline




                                2001
                                                    2004
       1986



...
Timeline
Identity Based
Cryptography,
 the first idea
    Shamir




                                 2001
                ...
Timeline
                   First Practical
Identity Based      IBE scheme
Cryptography,         from Weil
 the first idea ...
Timeline
                   First Practical
Identity Based      IBE scheme
Cryptography,         from Weil
 the first idea ...
Timeline
                   First Practical                  CPK
Identity Based      IBE scheme                      key
C...
CPK Cryptosystem


          CPK (Combined Public Key)

          Based on generalized Discrete Log Group




Jun. 19, 200...
Elliptic Curve Cryptography
                                                    G is a point on elliptic curve,
          ...
Elliptic Curve Cryptography
                                                    G is a point on elliptic curve,
          ...
Elliptic Curve Cryptography
                                                    G is a point on elliptic curve,
          ...
Elliptic Curve Cryptography
                                                    G is a point on elliptic curve,
          ...
Elliptic Curve Cryptography
                                                    G is a point on elliptic curve,
          ...
Private Matrix Generation
        In PKG



          RNG




          The trusted authority PKG (Private Key Generator) ...
Private Matrix Generation
        In PKG
                                               private matrix
                   ...
Public Matrix Generation
        In PKG




Jun. 19, 2008    Network and Information Security Lab, Peking University   ICD...
Public Matrix Generation
        In PKG
    private matrix
                                    
                       ·...
Public Matrix Generation
        In PKG
    private matrix
                                    
                       ·...
Public Matrix Generation
        In PKG
    private matrix
                                    
                       ·...
Public Matrix Generation
        In PKG
    private matrix
                                    
                       ·...
Public Matrix Generation
        In PKG
                                              public matrix
    private matrix
   ...
Public Matrix Generation
        In PKG
                                              public matrix
    private matrix
   ...
Public Matrix Generation
        In PKG
                                              public matrix
    private matrix
   ...
Map Algorithm


                h1 , h2 , . . . , hn ← H(ID)



         Map algorithm H(ID) is a cryptographic hash algor...
Private Key Extraction
                              ID
        In PKG
                                                   ...
Public Key Extraction
                            ID
          In User
                                                   ...
Identity Based Signature

  CPK-Sign (Message, PrivateKey) {
    ECDSA-Sign (Message, PrivateKey) -> Signature
    }

  CP...
Big Picture
                                                 h1 , h2 , . . . , hn ← H(ID)


                             ...
The second Challenge:
  Private Key
   •      The private key can be access by the
          javascript program

   •     ...
URI Fragment Identifier


  http://www.domain.com/#skey=72bc845b9592b79...
                                                ...
Fragment Identifier




Jun. 19, 2008   Network and Information Security Lab, Peking University   ICDCS 2008
Fragment Identifier
         <div id=quot;menuquot;>
         
 <a href=quot;#section1quot;>section 1</a>
         
 <a hre...
Fragment Identifier as
  Key Store

   •      Utilize fragment identifier in bookmark URL as
          the private key stora...
Retrieve Private Key From URL


         <script type=”text/javascript>
           var URL = window.location;
           v...
Jun. 19, 2008   Network and Information Security Lab, Peking University   ICDCS 2008
Jun. 19, 2008   Network and Information Security Lab, Peking University   ICDCS 2008
Workflow
                                                                             % setup
                             ...
PKG




       Browser




                                                               WebApp


Jun. 19, 2008    Networ...
PKG
                                                                           ❶ setup




       Browser




            ...
PKG
                                                                                ❶ setup




                          ...
PKG
                                                                                ❶ setup
                              ...
PKG
                                                                                ❶ setup
                              ...
PKG
                                                                                 ❶ setup
                             ...
PKG
                                                                                 ❶ setup
                             ...
PKG
                                                                                 ❶ setup
                             ...
PKG
                                                                                 ❶ setup
                             ...
PKG
                                                                                 ❶ setup
                             ...
PKG
                                                                                 ❶ setup
                             ...
Workflow
   1. The authority trusted by Alice and Bob
      establishes a PKG, which will generate the
      system paramet...
Workflow
   5. Alice can append the private key as an
      fragment identifier to the Web application’s
      URL, then sav...
Workflow
   7. The WebIBC JavaScript files will also be
      downloaded from the server, including the
      public matrix ...
Workflow
   9. Then message will be sent to the server.
   10. Because the message has been protected, the
       Web appli...
Performance
                                      0.5KB        2KB          10KB
                  Safari                 ...
Future Work
   •      Web based PRNG

   •      Other Identity based cryptography

   •      Local storage in HTML5




Ju...
Thank you!




Jun. 19, 2008   Network and Information Security Lab, Peking University   ICDCS 2008
Questions?




Jun. 19, 2008   Network and Information Security Lab, Peking University   ICDCS 2008
Upcoming SlideShare
Loading in …5
×

ICDCS‘08 WebIBC

1,159 views

Published on

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,159
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
43
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

ICDCS‘08 WebIBC

  1. 1. WebIBC Identity Based Cryptography for Client Side Security in Web Applications Zhi Guan, Zhen Cao, Xuan Zhao, Ruichuan Chen, Zhong Chen, and Xianghao Nan Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  2. 2. Once upon a time ... Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  3. 3. Once upon a time ... Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  4. 4. Once upon a time ... Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  5. 5. Once upon a time ... Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  6. 6. Once upon a time ... Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  7. 7. Once upon a time ... Strong Cryptography Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  8. 8. Now Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  9. 9. Now Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  10. 10. Now Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  11. 11. Now Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  12. 12. Now Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  13. 13. Now Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  14. 14. Now Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  15. 15. Now Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  16. 16. Web App Security & Privacy? • User authentication • SSL/TLS link encryption Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  17. 17. Web App Security & Privacy? • User authentication • SSL/TLS link encryption What if servers do evil ? Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  18. 18. Web App Security & Privacy? • User authentication • SSL/TLS link encryption What if servers do evil ? No Security! Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  19. 19. Web App Security & Privacy? • User authentication • SSL/TLS link encryption What if servers do evil ? No Security! No Privacy! Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  20. 20. Web App Security & Privacy? • User authentication • SSL/TLS link encryption What if servers do evil ? No Security! No Privacy! Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  21. 21. Web App HTML & JavaScript Web Browser Operating System Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  22. 22. Web App HTML & JavaScript Web Browser Operating System EFS, PGP Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  23. 23. Web App HTML & JavaScript Browser Plug-in Web Browser Operating System EFS, PGP Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  24. 24. Web App HTML & Here we are JavaScript Browser Plug-in Web Browser Operating System EFS, PGP Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  25. 25. Challenges • Private key: JavaScript can not read keys in local file system. • Public key: acquire other’s public key or certificate is not easy for JavaScript programs in Web browser. Private Key? Public Key? Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  26. 26. Limited Browser Capability • HTML, CSS • JavaScript • AJAX Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  27. 27. Limited Browser Capability • HTML, CSS • JavaScript • AJAX Browser Plug-ins? Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  28. 28. Limited Browser Capability • HTML, CSS • JavaScript • AJAX Browser Plug-ins? No! Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  29. 29. Our Goal Strengthen Web Browser Security and Privacy Without Changing the Browser. Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  30. 30. Target • Our solution: bring public key cryptography to Web browsers, include public key encryption and signature generation. • All the cryptography operations and key usage are inside the browser and implemented in JavaScript and HTML only, require no plug-ins and provide “open source” guarantee. Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  31. 31. The first Challenge Public Key: Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  32. 32. The first Challenge Public Key: Identity-Based Cryptography Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  33. 33. PKG (Private Key Generator) Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  34. 34. PKG (Private Key Generator) Setup: generate master secret and public params Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  35. 35. PKG (Private Key Generator) Setup: generate master secret and public params s m ra Pa c bli Pu Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  36. 36. PKG (Private Key Generator) Setup: generate master secret and public params s m ra Pa c bli Pu Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  37. 37. PKG (Private Key Generator) Setup: generate master secret and public params s m ra Pa c bli Pu Alice@gmail.com Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  38. 38. PKG (Private Key Generator) Setup: generate master secret and public params s m ra Pa c bli Pu Alice@gmail.com Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  39. 39. PKG (Private Key Generator) Setup: generate master secret and public params s m ra Pa c bli Pu Alice@gmail.com Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  40. 40. PKG (Private Key Generator) Setup: generate master secret and public params s m ra Pa c bli Pu Alice@gmail.com Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  41. 41. PKG (Private Key Generator) Setup: generate master secret and public params s m ra Pa c bli Pu Alice@gmail.com Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  42. 42. PKG (Private Key Generator) Setup: generate master secret and public params s m ra Pa c bli Pu Alice@gmail.com Decrypt Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  43. 43. Timeline 2001 2004 1986 Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  44. 44. Timeline Identity Based Cryptography, the first idea Shamir 2001 2004 1986 Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  45. 45. Timeline First Practical Identity Based IBE scheme Cryptography, from Weil the first idea Pairing Shamir Boneh, Franklin 2001 2004 1986 Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  46. 46. Timeline First Practical Identity Based IBE scheme Cryptography, from Weil the first idea Pairing Shamir Boneh, Franklin 2001 2004 1986 Cocks IBE, not bandwidth efficient Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  47. 47. Timeline First Practical CPK Identity Based IBE scheme key Cryptography, from Weil management, the first idea Pairing IBE, IBS Shamir Boneh, Franklin Nan, Chen 2001 2004 1986 Cocks IBE, not bandwidth efficient Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  48. 48. CPK Cryptosystem CPK (Combined Public Key) Based on generalized Discrete Log Group Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  49. 49. Elliptic Curve Cryptography G is a point on elliptic curve, n is the order of cyclic group <G> Private key d is random selected integer in [1, n-1] Corresponding public key Q = dG. y 2 = x3 + ax + b (mod p) Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  50. 50. Elliptic Curve Cryptography G is a point on elliptic curve, n is the order of cyclic group <G> Private key d is random selected integer in [1, n-1] Corresponding public key Q = dG. (d1, Q1 = d1G), (d2, Q2 = d2G) y 2 = x3 + ax + b (mod p) Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  51. 51. Elliptic Curve Cryptography G is a point on elliptic curve, n is the order of cyclic group <G> Private key d is random selected integer in [1, n-1] Corresponding public key Q = dG. (d1, Q1 = d1G), (d2, Q2 = d2G) d = d1 + d2 y 2 = x3 + ax + b (mod p) Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  52. 52. Elliptic Curve Cryptography G is a point on elliptic curve, n is the order of cyclic group <G> Private key d is random selected integer in [1, n-1] Corresponding public key Q = dG. (d1, Q1 = d1G), (d2, Q2 = d2G) d = d1 + d2 Q = Q1 + Q2 = d1G + d2G = (d1+d2)G y 2 = x3 + ax + b (mod p) Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  53. 53. Elliptic Curve Cryptography G is a point on elliptic curve, n is the order of cyclic group <G> Private key d is random selected integer in [1, n-1] Corresponding public key Q = dG. (d1, Q1 = d1G), (d2, Q2 = d2G) d = d1 + d2 Q = Q1 + Q2 = d1G + d2G = (d1+d2)G (d,Q) y 2 = x3 + ax + b (mod p) Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  54. 54. Private Matrix Generation In PKG RNG The trusted authority PKG (Private Key Generator) generates a m×n matrix in which elements are randomly generated ECC private keys (integers in [1, n-1]). The private matrix should be kept secretly in PKG. Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  55. 55. Private Matrix Generation In PKG private matrix   ··· s11 s12 s1n Rand integers   RNG ··· s21 s22 s2n   sij ∈R [1, n − 1] . . . ..   . . . .   . . . ··· sm1 sm2 smn The trusted authority PKG (Private Key Generator) generates a m×n matrix in which elements are randomly generated ECC private keys (integers in [1, n-1]). The private matrix should be kept secretly in PKG. Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  56. 56. Public Matrix Generation In PKG Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  57. 57. Public Matrix Generation In PKG private matrix   ··· s11 s12 s1n   ··· s21 s22 s2n   . . . ..   . . . .   . . . ··· sm1 sm2 smn Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  58. 58. Public Matrix Generation In PKG private matrix   ··· s11 s12 s1n   ··· s21 s22 s2n   . . . ..   . . . .   . . . ··· sm1 sm2 smn Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  59. 59. Public Matrix Generation In PKG private matrix   ··· s11 s12 s1n   ··· s21 s22 s2n   . . . ..   . . . .   . . . ··· sm1 sm2 smn Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  60. 60. Public Matrix Generation In PKG private matrix   ··· s11 s12 s1n   ··· s21 s22 s2n   . . . ..   . . . .   . . . ··· sm1 sm2 smn Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  61. 61. Public Matrix Generation In PKG public matrix private matrix     ··· s11 G s12 G s1n G ··· s11 s12 s1n     ··· s21 G s22 G s2n G ··· s21 s22 s2n     . . . . . . ..   ..   . . . . . . . .     . . . . . . ··· sm1 G sm2 G smn G ··· sm1 sm2 smn Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  62. 62. Public Matrix Generation In PKG public matrix private matrix     ··· s11 G s12 G s1n G ··· s11 s12 s1n     ··· s21 G s22 G s2n G ··· s21 s22 s2n     . . . . . . ..   ..   . . . . . . . .     . . . . . . ··· sm1 G sm2 G smn G ··· sm1 sm2 smn key pair Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  63. 63. Public Matrix Generation In PKG public matrix private matrix     ··· s11 G s12 G s1n G ··· s11 s12 s1n     ··· s21 G s22 G s2n G ··· s21 s22 s2n     . . . . . . ..   ..   . . . . . . . .     . . . . . . ··· sm1 G sm2 G smn G ··· sm1 sm2 smn key pair Public Matrix is generated by PKG from the Private Matrix, elements in Public Matrix is the public key of corresponding private key in Private Matrix. The public matrix is publicly available for all users. Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  64. 64. Map Algorithm h1 , h2 , . . . , hn ← H(ID) Map algorithm H(ID) is a cryptographic hash algorithm, maps an arbitrary string ID to column indexes of private matrix and public matrix. hi is the index of i-th column of public/private matrix. Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  65. 65. Private Key Extraction ID In PKG Input user’s identity ID Map identity to indexes of matrix h1 , h2 , . . . , hn ← H(ID)   ··· s11 s12 s1n Select one element through   ··· s21 s22 s2n each column of the private   . . . ..   matrix by the index . . . .   . . . ··· sm1 sm2 smn Add selected private keys, the result is user’s private key n−1 corresponding to his identity dID = shi ,i (mod p) ID. i=0 Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  66. 66. Public Key Extraction ID In User Input user’s identity ID Map identity to indexes of matrix h1 , h2 , . . . , hn ← H(ID)   ··· s11 G s12 G s1n G Select one element through   ··· each column of the Public s21 G s22 G s2n G   . . . ..   matrix by the index . . . .   . . . ··· sm1 G sm2 G smn G Add (elliptic curve point add) selected private keys, the n−1 result is user’s public key QID = shi i G corresponding to his identity i=0 ID. Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  67. 67. Identity Based Signature CPK-Sign (Message, PrivateKey) { ECDSA-Sign (Message, PrivateKey) -> Signature } CPK-Verify (Message, PublicMatrix, SignerID, Signature) { CPK-ExtractPublicKey(PublicMatrix, SignerID) -> PublicKey ECDSA-Verify(Message, Signature, PublicKey); } ECDSA: Elliptic Curve Digital Signature Algorithm Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  68. 68. Big Picture h1 , h2 , . . . , hn ← H(ID)   ··· s11 s12 s1n   n−1 H(ID) ··· s21 s22 s2n   dID = shi ,i (mod p) . . . ..   . . . .   . . . i=0 ··· sm1 sm2 smn   ··· s11 G s12 G s1n G   H(ID) n−1 ··· s21 G s22 G s2n G   QID = . . . shi i G ..   . . . .   . . . i=0 ··· sm1 G sm2 G smn G Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  69. 69. The second Challenge: Private Key • The private key can be access by the javascript program • The private key should never leave the browser Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  70. 70. URI Fragment Identifier http://www.domain.com/#skey=72bc845b9592b79... fragment identifier fragment identifier starts from a # (number sign) Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  71. 71. Fragment Identifier Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  72. 72. Fragment Identifier <div id=quot;menuquot;> <a href=quot;#section1quot;>section 1</a> <a href=quot;#section2quot;>section 2</a> <a href=quot;#section3quot;>section 3</a> <a href=quot;#refquot;>reference</a> </div> <h1>Section1</h1> <a name=”#section1” id=”section1”> Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  73. 73. Fragment Identifier as Key Store • Utilize fragment identifier in bookmark URL as the private key storage. The fragment identifier in URL will never be transfered through the Internet. Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  74. 74. Retrieve Private Key From URL <script type=”text/javascript> var URL = window.location; var fragid_start = URL.substring(URL.indexOf(‘#’)); Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  75. 75. Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  76. 76. Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  77. 77. Workflow % setup PKG ID ! y ske quot; # mpk.js & save Browser ) do $U Secure ( RL we Channel bib c.js Public ,m 'm pk Channel .js ess age WebApp * forward Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  78. 78. PKG Browser WebApp Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  79. 79. PKG ❶ setup Browser WebApp Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  80. 80. PKG ❶ setup ❷ mpk.js Browser WebApp Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  81. 81. PKG ❶ setup ID ❸ ❷ mpk.js Browser WebApp Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  82. 82. PKG ❶ setup ID ❸ ey ❷ mpk.js sk ❹ Browser WebApp Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  83. 83. PKG ❶ setup ID ❸ ey ❷ mpk.js sk ❺ save ❹ Browser WebApp Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  84. 84. PKG ❶ setup ID ❸ ey ❷ mpk.js sk ❺ save ❹ Browser ❻U RL WebApp Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  85. 85. PKG ❶ setup ID ❸ ey ❷ mpk.js sk ❺ save ❹ Browser ❻U RL ❼w ebib c.js , mp k.js WebApp Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  86. 86. PKG ❶ setup ID ❸ ey ❷ mpk.js sk ❺ save ❹ Browser ❻U RL ❼w ebib ❽ do c.js , mp k.js WebApp Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  87. 87. PKG ❶ setup ID ❸ ey ❷ mpk.js sk ❺ save ❹ Browser ❻U RL ❼w ebib ❽ do c.js , mp k.js ❾m ess age WebApp Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  88. 88. PKG ❶ setup ID ❸ ey ❷ mpk.js sk ❺ save ❹ Browser ❻U RL ❼w ebib ❽ do c.js , mp k.js ❿ forward ❾m ess age WebApp Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  89. 89. Workflow 1. The authority trusted by Alice and Bob establishes a PKG, which will generate the system parameters including the public matrix. 2. Web application embeds WebIBC into these systems together with the public system parameters released by the PKG. 3. Alice registers to the PKG with her ID. 4. PKG returns Alice’s private key. Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  90. 90. Workflow 5. Alice can append the private key as an fragment identifier to the Web application’s URL, then save it as a bookmark into the browser. 6. Now Alice can use this bookmark to log into the web application. It should be noted that the browser will send the URL without the fragment identifier, so the private key is secure. Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  91. 91. Workflow 7. The WebIBC JavaScript files will also be downloaded from the server, including the public matrix of system. 8. Alice uses this web application as normal, entering Bob’s email address and message content into the form. When Alice presses the send button, WebIBC JavaScript programs will get the email address from the form as public key and get private key from URL, encrypt and sign the message. Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  92. 92. Workflow 9. Then message will be sent to the server. 10. Because the message has been protected, the Web application can do no evil to the message but only forward it to Bob. Bob can also login into his web application and decrypt the message by his private key in the fragment identifier and verify the message through the public matrix, similar to Alice. Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  93. 93. Performance 0.5KB 2KB 10KB Safari 1383.7 1,492 2,071 Firefox 1,523 1,661 2,401 IE 1,459 1,698 2,791 Opera 2,110 2,349 3,628 4000 ms 0.5 KB 2 KB 10 KB 3000 ms 2000 ms 1000 ms 0 Safari Firefox IE Opera Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  94. 94. Future Work • Web based PRNG • Other Identity based cryptography • Local storage in HTML5 Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  95. 95. Thank you! Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
  96. 96. Questions? Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008

×