Back

Security Standardisation Research 2018

Tanja Lange: The Standardization Ecosystem: A Fertile Ground for Bad Ideas and Backdoors

(invited talk) On the example of the Dual-EC DRBG Tanja talked about the potential for backdoors in standardisation processes.

hacspec

See hacspec post for details on my hacspec talk.

Formal Verification of Ephemeral Diffie-Hellman Over COSE (EDHOC)

EDHOC is a light-weight key-exchange protocol for IoT devices. Think TLS in light. The authors formally verified that the protocol is secure (forward secrecy, ???). Unfortunately the protocol has many pitfalls (data used earl without authentication, etc.)

Andreas Hülsing: (To be) Standardized Hash-Based Signature Schemes

  • It’s likeyl that at some point pq will be real -> risk
  • hash based signatures (merkle): no new hardness, easy construction, stateful
  • LMS vs XMSS currently in standardisation (mostly the same, but slightly different security assumptions, LMS is faster)
  • Look at tweakable functions more
  • SPHINCS: get rid of state
  • XMSSMT + HORST
  • HORS (few time signature scheme)
  • also SPHINCS, Gravity-SPHINCS, (PICNIC)

Experimental Evaluation of Attacks on TESLA-secured Time Synchronization Protocols

  • PTB has to distribute secure time
  • IEEE 1588/IETF/Galileo all use TESLA
  • TESLA: one-way sync
  • small-step/big-step attack (always possible, not specific to TESLA)
  • countermeasures: make it take longer; reset via two-way sync

Co-ordinating Developers and High-Risk Users of Privacy-Enhanced Secure Messaging Protocols

  • security as a social problems: understand threat model of real users
    1. Developer-User disconnect 2) High-risk user problem (could die)
  • first study on high-risk users to compare with “normal” users

Building Blocks in Standards: Improving Consistency in Standardization with Ontology and Reasoning

  • Using ontology to model standards
  • make it easier to write/combine standards

Day2

Bertram Poettering: Recent Results on the Cryptanalysis of OCB2

  • Recently attacks on AUTH and IND-CCA of OCB2
  • Combining XE and XEX is pitfall
  • Full decryption of OCB2 possible (if more than 2 blocks)

Karthik Bhargavan: Verified Cryptography for Verified Protocols

  • Implementations of specs suck (specs at fault)
  • get clear security definitions and assumptions in specs
  • make clear APIs between layers

Defeating the Downgrade Attack on Identity Privacy in 5G

  • Pseudonyms or PK to prevent IMSI catching
  • New solution for preventing downgrade attacks to 2/3/4G etc. using pseudonyms

Identity Confidentiality in 5G Mobile Telephony Systems

  • ECIES-based soltuion for privacy (send encrypted SUPI.MSIN)
  • PK scheme has security issues and vulnerable to qunatum computers
  • Propose symmetric solution
  • Proven secure in a BPR-like security model

Thyla van der Merwe: On the Evolution of Standards Development

Great Expectations: A Critique of Current Statistical Testing & Certification of Random Number Generators

Building a Beacon Format Standard: An Exercise in Limiting the Power of a TTP

© 2013 - 2022 Dr Franziskus Kiefer
Built with Hugo
Theme Stack designed by Jimmy