Identity based Encryption Utilizing Revocable Capacity of Distributed Computi...
Ryan_Holt_MS_Thesis_Project_Presentation
1. A SECURE MOBILE
MESSAGING APPLICATION
USING IDENTITY-BASED
ENCRYPTION
Master’s Thesis Presentation
by
Ryan Holt
Metropolitan State University
April 24, 2015
2. OUTLINE
Introduction
Background Concepts (IBE, ECC, and the PBC library)
Project Design and Implementation
User Experience and Application Performance
Conclusion
4/27/2015
2
5. INTRODUCTION (CONT.)
National Security Agency (NSA)
Collect-it-all policy on electronic communications
Legal interpretation of the Patriot Act
Use information collected without a warrant
Bulk collection of domestic call records
Internet communication
Retain data for up to five years
Discretion on surveillance lies directly with its own analysts
Power to compel telecoms to turn over communications on any individual identified by the
NSA
4/27/2015
5
6. INTRODUCTION (CONT.)
Google
Automated systems analyze your data
Email, device and location information, local storage
Customized search results and targeted advertising
Share aggregated, non-personally identifiable information publicly and with publishers,
advertisers and other websites
Give up your personal information upon governmental request, leaving you vulnerable to law
enforcement requests or civil subpoenas
May not immediately delete residual data from servers
May not ever remove information from their backup systems
4/27/2015
6
7. INTRODUCTION (CONT.)
Social apps and cloud technologies
provide unprecedented levels of
collaboration, information sharing and
data analytics.
Problem: Personal data collected can
be exploited by corporations,
government, and hackers
Major Culprit: Popular yet insecure
messaging applications
Solution: Advanced encryption
techniques with simple
implementations
4/27/2015
7
9. STATE OF THE ART
Security vs Usability
Most popular instant messaging apps
are easy to use but communication is
generally sent over insecure channels
Complexities with installation and
configuration of secure applications,
and setting up accounts. Difficulty
verifying users’ authenticity, or using
the applications correctly
$600 billion
est. value of mobile payments in 2015
Electronic Frontier Foundation |
eff.org/secure-messaging-scorecard
4/27/2015
9
10. PROJECT GOALS
This project has three main goals:
1. Show, via a proof-of-concept, that Elliptic Curve Cryptography
(ECC) is a viable security mechanism on modern mobile devices
2. Implement this security mechanism in a way that is user friendly
Intuitive application user interface
Transparent security
3. Design a system that is modular and extensible
Easy to create, extend, and maintain
Can be added as a security layer atop an existing system
4/27/2015
10
12. HISTORY OF IBE
Identity-Based Encryption (IBE) was first proposed by Adi Shamir in 1984
Simplify public key and certificate management in a Public Key Infrastructure (PKI)
Boneh and Franklin introduced the first functional Identity-Based Encryption
scheme in 2001
Using groups with efficiently computable bilinear maps
Secure in the random oracle model
Became Stanford Pairing Based Cryptography (PBC) library
Boldyreva, Goyal, and Kumar came up with an efficient revocation scheme
for IBE in 2008
Brent Waters came up with the first Hierarchical IBE (HIBE) scheme and an IBE
system with short parameters in 2009
De Caro, Iovino, Persiano realized the first Anonymous HIBE protocol in 2010
4/27/2015
12
13. ELLIPTIC CURVES
Elliptic Curve: Formed by an equation of the form
y2 = x3 + ax + b over a finite field of prime order q
(x, y ∈ q)
Elliptic Curve Cryptography (ECC) is dependent
on the Bilinear Diffie-Hellman (BDH) problem being
hard to solve
Hard to sove = mathematical operations are fast to
compute, but hard to reverse
For the BDH problem, this means finding gxy given g
and the values of gx and gy
As of 2006, the most efficient solutions involve
solving the discrete logarithm problem (DLP)
Find x given g and gx
4/27/2015
13
14. ELLIPTIC CURVES (CONT.)
Maps are also central to ECC
One-way functions, meaning it is easy to
calculate their result given a pair of operands
but hard to calculate the inverse
Bilinearity, non-degeneracy, and computability
Bilinear pairing
Weil (pronounced vay) or Tate pairings.
Of these two, Tate pairing is typically faster
Pair(a ∙ X, b ∙ Y) = Pair(b ∙ X, a ∙ Y)
Calculating a ∙ X is easy, and finding a given X
and a ∙ X, is hard
4/27/2015
14
15. IDENTITY-BASED ENCRYPTION
In an Identity-Based Encryption (IBE)
scheme, the public key of a user may
be an arbitrary string like an email
address or other identifier
Messages are encrypted using a
combination of the system master key
and the id of the recipient
Users must go to a trusted party, Key
Generation Server (KGS), and prove their
identity in order to obtain a private key
which will allow them to decrypt messages
4/27/2015
15
16. REVIEW OF ALGORITHMS AND THEIR
CLASSIFICATIONS
The security strength of an IBE system is determined by the underlying
algorithm, which, in turn, is determined by the bit-length of the
parameters
Depending on system requirements, different curves and initialization
parameters might be chosen.
Type Base Field Size
(bits)
k Dlog security
(bits)
a 512 2 1024
dn n 6 6n
e 1024 1 1024
f 160 12 1920
gn n 10 10n
a1 1024 2 2048
Curves available in the PBC library
4/27/2015
16
17. REVIEW OF ALGORITHMS AND THEIR
CLASSIFICATIONS (CONT.)
Supersingular curves
Of the form y2 = x3 + x
As of 2007 there are no known weaknesses for (carefully selected)
supersingular curves
Identity-Based Encryption is referenced in several Internet
Engineering Task Force (IETF) draft standards
RFC 5091 - Identity-Based Cryptography Standard (IBCS) #1:
Supersingular Curve Implementations of the BF and BB1 Cryptosystems
RFC 5408 - Identity-Based Encryption Architecture and Supporting Data
Structures
Among others
4/27/2015
17
18. OTHER INTERESTING THINGS ABOUT IBE
Secure machine to machine (M2M) scheme in
an Internet-of-Things (IoT)
Proxy Re-Encryption (PRE)
Email forwarding
Distributed file systems
Digital Rights Management (DRM)
Attribute-Based Encryption (ABE) is a
generalization of Fuzzy IBE
4/27/2015
18
19. NOTABLE IMPLEMENTATIONS
Stanford Pairing Based Cryptography (PBC) Library
MIRACL
HP Healthcare
Voltage security
Secure plugins for MS Office
“HP acquires Voltage Security in Big Data encryption push”
siliconangle.com February 2015
HP Security Voltage
4/27/2015
19
20. PROS AND CONS
Pros
• Certificate-less
•No complex key
management
infrastructure
• Light-weight
•Small cryptographic
parameters
• Efficient
Cons
• Key Escrow
•Key Generating Server
has access to all private
keys
• Key Revocation
•efficient revocation
difficult
4/27/2015
20
21. WHY WAS IBE CHOSEN?
Few known
mobile ECC
impls.
No known
IBE-based
instant
messaging
application
Leakage-
resilient
ModularLight-weight
Small crypto
params
Efficient
4/27/2015
21
22. WHY WAS JPBC CHOSEN?
The Java Pairing-Based Cryptography (JPBC) library was chosen as
the IBE library because it is a Java implementation of the popular
and reputable Stanford PBC library
4/27/2015
22
23. WHY WAS ANDROID CHOSEN?
Android ranked the top mobile platform on the market in 2014
76.6% of smartphones sold globally
#1 target for malicious hackers
Threats common to all mobile platforms
Free
Open-source
Java-based
Many quality development tools and frameworks available
4/27/2015
23
25. PROJECT OVERVIEW
A secure mobile messaging app that is exceptionally secure yet
simple and intuitive to use
Provides:
Encryption
Authentication
Deniability
Forward secrecy
Information protected in transit as well as at rest
Useful to anyone who would like to share their personal,
financial, business, and health information with the assurance
that it is secure
4/27/2015
25
26. PROJECT
ARCHITECTURE
Amazon Web Services
Elastic Compute Cloud (EC2)
Route 53
Servers:
Ubuntu Server 14
Apache Tomcat Application
Server
Apache Web Server
Prosody (XMPP)
Mobile Clients:
Android
4/27/2015
26
31. IMPLEMENTATION
DETAILS (CONT.)
JPBC ‘Type a’ pairing
y2 = x3 + x over the finite field 𝔽q for some prime q = 3 mod 4
r = 160, q = 512, and k = 2
𝐸: elliptic curve over finite field over prime 𝔽q
q: field size of base-point 𝑃 ∈ 𝐸(𝔽q)
r: prime order of base-point 𝑃 ∈ 𝐸(𝔽q) – r does not divide q
k: embedding degree (multiplicative order of q mod r)
Security Level (in bits) 80 112 128
r 160 224 256
q 512 1024 1536
RSA Key Size 1024 2048 3072
4/27/2015
31
40. CONCLUSION
A mobile user’s privacy is under constant threat of attack from
numerous sources at any given time. Protecting personal and
professional information in such a hostile environment is a
continuous task and one of utmost importance. Taking on such a
challenge requires having the right tools and empowering users to
use them. Along with projects like Off-the-Record, TextSecure, and
Crypto-Book, the secure messaging application developed here is
one of those tools.
4/27/2015
40
41. FUTURE WORK
User interface improvements
Scalability
Group messaging
Picture/video messaging
Conversation history
Secure file transfer
Business documents
Financial records
Medical records
4/27/2015
41