practical cryptography for a peer-to-peer web browsing system project present… · diffie-hellman...
TRANSCRIPT
Introduction Cryptography in P2P Systems A P2P Web Browsing System Comparison of Implementations in C Summary
Practical Cryptography for a Peer-to-PeerWeb Browsing System
A. Pokluda
Cheriton School of Computer ScienceUniversity of Waterloo
CS758 Cryptography and Network Security Project
Introduction Cryptography in P2P Systems A P2P Web Browsing System Comparison of Implementations in C Summary
Outline
1 Introduction
2 Cryptography in P2P SystemsCryptography in Real-World Peer-to-Peer SystemsMessage Stream Encryption
3 A P2P Web Browsing SystemIdentify Security RequirementsSatisfy Security Requirements
A Brief Introduction to Elliptic Curve Cryptography
4 Comparison of Implementations in C
Introduction Cryptography in P2P Systems A P2P Web Browsing System Comparison of Implementations in C Summary
Overview of Project Objectives
1 Perform a brief survey of the protocols and schemes usedin real-world peer-to-peer systems
2 1 Identify the general security related requirements for a newpeer-to-peer web browsing system and identify thecryptographic protocols that meet those securityrequirements.
2 Identify one or two schemes to solve each problem thatmeet the security requirements. These may be the sameschemes that are used in current peer-to-peer systems orare new schemes obtained from the literature.
3 Compare production-level implementations in C andevaluate them on a number of criteria: level of security;CPU time and memory requirements; and performanceover limited bandwidth network connection.
Introduction Cryptography in P2P Systems A P2P Web Browsing System Comparison of Implementations in C Summary
Overview of Project Objectives
1 Perform a brief survey of the protocols and schemes usedin real-world peer-to-peer systems
2 1 Identify the general security related requirements for a newpeer-to-peer web browsing system and identify thecryptographic protocols that meet those securityrequirements.
2 Identify one or two schemes to solve each problem thatmeet the security requirements. These may be the sameschemes that are used in current peer-to-peer systems orare new schemes obtained from the literature.
3 Compare production-level implementations in C andevaluate them on a number of criteria: level of security;CPU time and memory requirements; and performanceover limited bandwidth network connection.
Introduction Cryptography in P2P Systems A P2P Web Browsing System Comparison of Implementations in C Summary
Overview of Project Objectives
1 Perform a brief survey of the protocols and schemes usedin real-world peer-to-peer systems
2 1 Identify the general security related requirements for a newpeer-to-peer web browsing system and identify thecryptographic protocols that meet those securityrequirements.
2 Identify one or two schemes to solve each problem thatmeet the security requirements. These may be the sameschemes that are used in current peer-to-peer systems orare new schemes obtained from the literature.
3 Compare production-level implementations in C andevaluate them on a number of criteria: level of security;CPU time and memory requirements; and performanceover limited bandwidth network connection.
Introduction Cryptography in P2P Systems A P2P Web Browsing System Comparison of Implementations in C Summary
Cryptography in Real-World Peer-to-Peer Systems
Skype
Key Agreement RSA with 1536- to 2048-bit key lengthsBlock Cipher 256-bit AESPublic-Key Infrastructure The Skype “login server” performs
the role of TA and certifies user public keys
Skype is proprietary, closed-source software and all networktraffic is encrypted. There have been some efforts to documentthe Skype peer-to-peer architecture, but not much is knownabout the inner-workings of Skype software.
Introduction Cryptography in P2P Systems A P2P Web Browsing System Comparison of Implementations in C Summary
Cryptography in Real-World Peer-to-Peer Systems
BitTorrent
Most current BitTorrent clients use a custom encryption schemeknown as “Message Stream Encryption” (MSE)Key Agreement Diffie-Hellman with 768-bit key lengthsBlock Cipher RC4Public-Key Infrastructure None; New public keys are generated
for each sessionHash Functions Content is located using .torrent metainfo
files containing an index of data chucks needed toreconstruct a file or set of files and their SHA-1hash values; A metainfo file itself is identified bythe SHA-1 hash of the index (known as an infohash)
Introduction Cryptography in P2P Systems A P2P Web Browsing System Comparison of Implementations in C Summary
Message Stream Encryption
Context
Diffie-Hellman Parametersp is a published, 768-bit safe prime, 0xFF...63Generator G is 2rA and rB are random ints between 128- and 180-bits longPublic key of A is YA = GrA mod pPublic key of B is YB = GrB mod pThe shared secret is S = Y rB
A mod p = Y rAB mod p
Constants/VariablesPadA and PadB are random data with length 0-512 bytesTinfo hash is the info hash of the torrentVC is a verification constant defined to be 8 bytes set to 0
Introduction Cryptography in P2P Systems A P2P Web Browsing System Comparison of Implementations in C Summary
Message Stream Encryption
Operation
Alice BobYA = GrA mod p
YB = GrB mod p
S = Y rAB mod p
KA = H(‘keyA’,S,Tinfo hash)KB = H(‘keyB’,S,Tinfo hash)
S = Y rBA mod p
KA = H(‘keyA’,S,Tinfo hash)KB = H(‘keyB’,S,Tinfo hash)
YA,PadA
YB,PadB
H(‘req1’,S),H(‘req2’,Tinfo hash)⊕ H(‘req3’,S),eKA(VC)
eKB(VC)
Introduction Cryptography in P2P Systems A P2P Web Browsing System Comparison of Implementations in C Summary
Basic Architecture
At the outer levelusers will use their webbrowsers tocommunicate with thepeer-to-peer Websoftware
At the inner levelinstances of thepeer-to-peer Websoftware willcommunicate with eachother using apeer-to-peer networkoverlay
S
SS
S
S S
c
c
c
c
cc
c
c c
Introduction Cryptography in P2P Systems A P2P Web Browsing System Comparison of Implementations in C Summary
Identify Security Requirements
New Challenges
We are designing a new system from scratchWe can learn from existing systems, such as BitTorrentHowever, there are several fundamental differencesbetween a web browsing system and BitTorrent from asecurity perspective:
BitTorrent provides no way to verify the identity of thesource of a contentBitTorrent provides no way to update content once it hasbeen released
Introduction Cryptography in P2P Systems A P2P Web Browsing System Comparison of Implementations in C Summary
Identify Security Requirements
What Protocols Are Needed?
Like BitTorrent,We can secure peer to peer communications fromeavesdropping by using a key agreement scheme andblock cipherWe can locate content using a hash function
Unlike BitTorrent,We can bind the identity of an author to content using asignature schemeWe need a public key infrastructure to support theverification of signatures
Side NoteIn a distributed system such as this, a Web of Trust ispreferable to a TA.
Introduction Cryptography in P2P Systems A P2P Web Browsing System Comparison of Implementations in C Summary
Identify Security Requirements
What Protocols Are Needed?
Like BitTorrent,We can secure peer to peer communications fromeavesdropping by using a key agreement scheme andblock cipherWe can locate content using a hash function
Unlike BitTorrent,We can bind the identity of an author to content using asignature schemeWe need a public key infrastructure to support theverification of signatures
Side NoteIn a distributed system such as this, a Web of Trust ispreferable to a TA.
Introduction Cryptography in P2P Systems A P2P Web Browsing System Comparison of Implementations in C Summary
Identify Security Requirements
What Protocols Are Needed?
Like BitTorrent,We can secure peer to peer communications fromeavesdropping by using a key agreement scheme andblock cipherWe can locate content using a hash function
Unlike BitTorrent,We can bind the identity of an author to content using asignature schemeWe need a public key infrastructure to support theverification of signatures
Side NoteIn a distributed system such as this, a Web of Trust ispreferable to a TA.
Introduction Cryptography in P2P Systems A P2P Web Browsing System Comparison of Implementations in C Summary
Satisfy Security Requirements
Schemes Implementing the Protocols
Key Agreement Diffie-HellmanBlock Cipher AESHash Function SHA-256, MD6Signature Scheme ElGamal, DSAPublic Key Infrastructure custom based on DHT
The Diffie-Hellman, ElGamal, and DSA schemes can beimplemented in a Finite Multiplicative Group or on an EllipticCurve over a Finite Field.
Introduction Cryptography in P2P Systems A P2P Web Browsing System Comparison of Implementations in C Summary
Satisfy Security Requirements
A Brief Introduction to Elliptic Curve Cryptography
DefinitionAn Elliptic Curve is the set E ofsolutions (x , y) ∈ R2 to theequation y2 = x3 + ax + btogether with a special pointcalled the point at infinity.
An Elliptic Curve Over R2
Introduction Cryptography in P2P Systems A P2P Web Browsing System Comparison of Implementations in C Summary
Satisfy Security Requirements
A Brief Introduction to Elliptic Curve Cryptography
Point ArithmeticWe define a binary operation over E which makes E into anabelian group, denoted by +. The point at infinity O is theidentity element, thus O+ P = P + O = P for all P ∈ E .
If x1 6= x2 then P + Q = (x1, y1) + (x2, y2) = (x3, y3), where
x3 = λ2 − x1 − x2
y3 = λ(x1 − x3)− y1
λ =y2 − y1
x2 − x1
Introduction Cryptography in P2P Systems A P2P Web Browsing System Comparison of Implementations in C Summary
Satisfy Security Requirements
Elliptic Curve vs Finite Multiplicative Group
The primary benefit of elliptic curve cryptography is smallerkey size for level of security comparable to an RSA-basedsystem with large modulus and large key size. Forexample, a 256-bit ECC public key should providecomparable security to a 3072-bit RSA public key.The reduced key size also results in reduced storage,transmission and computational requirements. Thesefeatures will likely be beneficial to our Peer-to-Peer WebBrowsing System.
Introduction Cryptography in P2P Systems A P2P Web Browsing System Comparison of Implementations in C Summary
Work in Progress
I am currently evaluating implementations in the Cprogramming language of the schemes mentioned previously.
Criteria: level of security; computation, storage andtransmission requirements
Implementation Sources:Diffie-Hellman, ElGamal, DSA: I am coding these myself inFMG and ECAES: OpenSSL’s implementation that uses hardwareaccelerationSHA-256: Crypto++ library; MD6: Rivest et al. havepublished C source for a reference implementation
Introduction Cryptography in P2P Systems A P2P Web Browsing System Comparison of Implementations in C Summary
Summary
We briefly looked at the protocols and schemes used byreal-world peer-to-peer systemsWe identified the general security requirements for a newpeer-to-peer system and the cryptographic protocols thatmeet those security requirementsWe identified several schemes to implement the protocolsProduction-level implementation of the schemes in C arebeing evaluated on a number of criteria
Appendix
Discussion Questions
1 What other considerations may have influenced the designof the BitTorrent encryption scheme?
2 Are there other schemes that would be more suitable for apeer-to-peer system?