Browse > Article
http://dx.doi.org/10.3837/tiis.2016.03.015

Lightweight and adaptable solution for security agility  

Vasic, Valter (Faculty of Electrical Engineering and Computing)
Mikuc, Miljenko (Faculty of Electrical Engineering and Computing)
Vukovic, Marin (Faculty of Electrical Engineering and Computing)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.10, no.3, 2016 , pp. 1212-1228 More about this Journal
Abstract
Secure communication is an important aspect of today's interconnected environments and it can be achieved by the use of cryptographic algorithms and protocols. However, many existing cryptographic mechanisms are tightly integrated into communication protocols. Issues emerge when security vulnerabilities are discovered in cryptographic mechanisms because their replacement would eventually require replacing deployed protocols. The concept of cryptographic agility is the solution to these issues because it allows dynamic switching of cryptographic algorithms and keys prior to and during the communication. Most of today's secure protocols implement cryptographic agility (IPsec, SSL/TLS, SSH), but cryptographic agility mechanisms cannot be used in a standalone manner. In order to deal with the aforementioned limitations, we propose a lightweight cryptographically agile agreement model, which is formally verified. We also present a solution in the Agile Cryptographic Agreement Protocol (ACAP) that can be adapted on various network layers, architectures and devices. The proposed solution is able to provide existing and new communication protocols with secure communication prerequisites in a straightforward way without adding substantial communication overhead. Furthermore, it can be used between previously unknown parties in an opportunistic environment. The proposed model is formally verified, followed by a comprehensive discussion about security considerations. A prototype implementation of the proposed model is demonstrated and evaluated.
Keywords
cryptographic agility; key exchange; algorithm agreement; communication model; model verification;
Citations & Related Records
연도 인용수 순위
  • Reference
1 E. Rescorla and N. Modadugu, "Datagram Transport Layer Security Version 1.2.," RFC 6347 (Proposed Standard), Jan. 2012.
2 A. Bittau, M. Hamburg, M. Handley, D. Mazieres, and D. Boneh, "The case for ubiquitous transport-level encryption.," USENIX Security Symposium, pp. 403-418, Aug. 2010.
3 J. Roskind, QUIC (Quick UDP Internet Connections): Multiplexed Stream Transport Over UDP, Dec. 2013.
4 C. Kaufman, P. Hoffman, Y. Nir, P. Eronen, and T. Kivinen, "Internet Key Exchange Protocol Version 2 (IKEv2).," RFC 7296 (INTERNET STANDARD), Oct. 2014.
5 T. Duong and J. Rizzo, "Here come the XOR Ninjas," White paper, Netifera, 2011.
6 T. Be'ery and A. Shulman, "A perfect crime? only time will tell," Black Hat Europe 2013, Mar. 2013.
7 N. J. A. Fardan and K. Paterson, "Lucky Thirteen: Breaking the TLS and DTLS Record Protocols," Security and Privacy (SP), 2013 IEEE Symposium on, pp. 526-540, IEEE, May 2013. Article (CrossRef Link)
8 N. J. AlFardan, D. J. Bernstein, K. G. Paterson, B. Poettering, and J. Schuldt, "On the Security of RC4 in TLS," USENIX Security Symposium, pp. 305-320, Aug. 2013.
9 Z. Durumeric, J. Kasten, D. Adrian, J. A. Halderman, M. Bailey, F. Li, N. Weaver, J. Amann, J. Beekman, M. Payer et al., "The Matter of Heartbleed," in Proc. of the 2014 Conference on Internet Measurement Conference, pp. 475-488, ACM, May 2014. Article (CrossRef Link)
10 M. Bland, “Finding More Than One Worm in the Apple,” ACM Queue vol. 12, pp. 10:10–10:21, May 2014.   DOI
11 A. K. Yau, K. G. Paterson, and C. J. Mitchell, “Padding oracle attacks on CBC-mode encryption with secret and random IVs,” Fast Software Encryption, pp. 299–319, Springer, Feb. 2005. Article (CrossRef Link)
12 T. Jager, K. G. Paterson, and J. Somorovsky, "One bad apple: Backwards compatibility attacks on state-of-the-art cryptography," Network & Distributed System Security Symposium, Feb. 2013.
13 M. Lamberger and F. Mendel, "Higher-Order Differential Attack on Reduced SHA-256," IACR Cryptology ePrint Archive, vol. 2011, p. 37, 2011.
14 X. Wang, Y. Yin, and H. Yu, "Finding Collisions in the Full SHA-1," Advances in Cryptology-CRYPTO 2005, pp. 17-36, Aug. 2005.
15 M. Stevens, A. Lenstra, and B. Weger, "Chosen-Prefix Collisions for MD5 and Colliding X.509 Certificates for Different Identities," Advances in Cryptology-EUROCRYPT 2007, pp. 1-22, May 2007. Article (CrossRef Link)
16 P. Sepehrdad, S. Vaudenay, and M. Vuagnoux, "Discovery and Exploitation of New Biases in RC4," Selected Areas in Cryptography, pp. 74-91, Springer, Aug 2010. Article (CrossRef Link)
17 K. Hu, T. Wolf, T. Teixeira and R. Tessier, "System-level security for network processors with hardware monitors," Design Automation Conference (DAC), 2014 51st ACM/EDAC/IEEE, Jun. 2014.
18 E. S. Freire, D. Hofheinz, E. Kiltz, and K. G. Paterson, "Non-Interactive Key Exchange," Public-Key Cryptography-PKC 2013, pp. 254-271, Springer, 2013. Article (CrossRef Link)
19 H. Krawczyk, "HMQV: A High-Performance Secure Diffie-Hellman Protocol," in Proc. of the 25th Annual International Conference on Advances in Cryptology, CRYPTO'05, pp. 546-566, Springer-Verlag, 2005. Article (CrossRef Link)
20 A. C.-C. Yao and Y. Zhao, "OAKE: a new family of implicitly authenticated diffie-hellman protocols," in Proc. of the 2013 ACM SIGSAC conference on Computer & communications security, CCS '13, pp. 1113-1128, ACM, Apr. 2013. Article (CrossRef Link)
21 A. Freier, P. Karlton, and P. Kocher, "The Secure Sockets Layer (SSL) Protocol Version 3.0," RFC 6101 (Historic), Aug. 2011.
22 B. Sullivan, “Cryptographic Agility: Defending Against the Sneakers Scenario,” MSDN Magazine, Aug. 2009.
23 M. Howard and S. Lipner, The security development lifecycle, O'Reilly Media, Incorporated, 2009.
24 S. Kent and K. Seo, "Security Architecture for the Internet Protocol," RFC 4301 (Proposed Standard), Dec. 2005.
25 T. Dierks and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2," RFC 5246 (Proposed Standard), Aug. 2008.
26 T. Ylonen and C. Lonvick, "The Secure Shell (SSH) Protocol Architecture," RFC 4251 (Proposed Standard), Jan. 2006.
27 W. M. Petullo, X. Zhang, J. A. Solworth, D. J. Bernstein, and T. Lange, "MinimaLT: minimal-latency networking through better security," in Proc. of the 2013 ACM SIGSAC conference on Computer & communications security, pp. 425-438, ACM, 2013. Article (CrossRef Link)
28 I. Lasc, R. Dojen, and T. Coffey, “On the detection of desynchronisation attacks against security protocols that use dynamic shared secrets,” Computers & Security, vol. 32, pp. 115–129, Nov. 2012. Article (CrossRef Link)   DOI
29 A. D. Jurcut, T. Coffey, and R. Dojen, “Design guidelines for security protocols to prevent replay and parallel session attacks,” Computers and Security, vol. 45, pp. 255–273, Jun. 2014. Article (CrossRef Link)   DOI
30 V. Vasic, A. Kukec, and M. Mikuc, "Deploying new hash algorithms in secure neighbor discovery," in Proc. of 2011 19th International Conference on Software Telecommunications and Computer Networks (SoftCOM), Sept. 2011.
31 W. Aiello, S. Bellovin, M. Blaze, R. Canetti, J. Ioannidis, A. Keromytis, and O. Reingold, “Just fast keying: Key agreement in a hostile internet,” ACM Transactions on Information and System Security (TISSEC), vol. 7, no. 2, pp. 242–273, May 2004. Article (CrossRef Link)   DOI
32 H. Krawczyk, “Perfect forward secrecy,” Encyclopedia of Cryptography and Security, pp. 921–922, Springer Science & Business Media, 2012.
33 H. Krawczyk, "Sigma: The 'SIGn-and-MAc' Approach to Authenticated Diffie-Hellman and Its Use in the IKE Protocols," Advances in Cryptology-CRYPTO 2003, pp. 400-425, Springer, Aug. 2003. Article (CrossRef Link)
34 J. Arkko, J. Kempf, B. Zill, and P. Nikander, "SEcure Neighbor Discovery (SEND)," RFC 3971 (Proposed Standard), Mar. 2005.
35 V. Vasic and M. Mikuc, "Security agility solution independent of the underlaying protocol architecture," in Proc. of the First International Conference on Agreement Technologies, Oct. 2012.
36 W. Diffie and M. Hellman, “New directions in cryptography,” Information Theory, IEEE Transactions on, vol. 22, pp. 644–654, Nov 1976. Article (CrossRef Link)   DOI
37 M. Bellare, R. Canetti, and H. Krawczyk, "Keying hash functions for message authentication," Advances in Cryptology — CRYPTO '96, pp. 1-15, Springer Berlin Heidelberg, 1996. Article (CrossRef Link)
38 H. Krawczyk, M. Bellare, and R. Canetti, "HMAC: Keyed-Hashing for Message Authentication," RFC 2104 (Informational), Feb. 1997.
39 T. Ylonen and C. Lonvick, "The Secure Shell (SSH) Transport Layer Protocol.," RFC 4253 (Proposed Standard), Jan. 2006.
40 R. Canetti and H. Krawczyk, "Security Analysis of IKE's Signature-Based Key-Exchange Protocol," Advances in Cryptology—CRYPTO 2002, pp. 143-161, Springer, Aug. 2002. Article (CrossRef Link)
41 C. J. F. Cremers, Scyther: Unbounded Verification of Security Protocols, ETH, Department of Computer Science, 2007.
42 C. J. F. Cremers, Scyther user manual, 2014.
43 C. J. F. Cremers, Scyther: Semantics and verification of security protocols, Eindhoven University of Technology, 2006.
44 G. Lowe, "A hierarchy of authentication specifications," in Proc. of 10th Computer Security Foundations Workshop, pp. 31-43, IEEE, 1997. Article (CrossRef Link)