Designing Reverse Firewalls for the Real World - SYSTÈMES LARGE ÉCHELLE Accéder directement au contenu
Communication Dans Un Congrès Année : 2020

Designing Reverse Firewalls for the Real World

Résumé

Reverse firewalls (RFs) were introduced by Mironov and Stephens-Davidowitz to address algorithm-substitution attacks (ASAs) in which an adversary subverts the implementation of a provably-secure cryptographic primitive to make it insecure. This concept was applied by Dodis et al. in the context of secure key exchange (handshake phase), where the adversary wants to exfiltrate sensitive information by using a subverted client implementation. RFs are used as a means of "sanitizing" the client-side protocol in order to prevent this exfiltration. In this paper, we propose a new security model for both the handshake and record layers, a.k.a. secure channel. We present a signed, Diffie-Hellman based secure channel protocol, and show how to design a provably-secure reverse firewall for it. Our model is stronger since the adversary has a larger surface of attacks, which makes the construction challenging. Our construction uses classical and off-the-shelf cryptography.
Fichier principal
Vignette du fichier
2020-854.pdf (758.22 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)

Dates et versions

hal-03225846 , version 1 (13-05-2021)

Identifiants

Citer

Angèle Bossuat, Xavier Bultel, Pierre-Alain Fouque, Cristina Onete, Thyla van Der Merwe. Designing Reverse Firewalls for the Real World. ESORICS 2020, Sep 2020, Guildford, United Kingdom. pp.193-213, ⟨10.1007/978-3-030-58951-6_10⟩. ⟨hal-03225846⟩
108 Consultations
375 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More