The low-call diet: Authenticated Encryption for call counting HSM...
Transcript of The low-call diet: Authenticated Encryption for call counting HSM...
The low-call diet:
Authenticated Encryption for call counting HSM users
Gaven J. Watson – University of Bristol
Joint work with:Mike Bond (Cryptomathic), George French (Barclays Bank Plc) and Nigel P. Smart (UoB)
Real World Cryptography Workshop, Stanford – January 10th 2012
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 1 / 40
1 Background
2 Motivation
3 Encryption with redundancy
4 Managed Encryption Format
5 Analysis
6 Summary
7 Something different...
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 2 / 40
Background
1 Background
2 Motivation
3 Encryption with redundancy
4 Managed Encryption Format
5 Analysis
6 Summary
7 Something different...
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 3 / 40
Background
The story of this work
Designed by Mike Bond and George French.
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 4 / 40
Background
The story of this work
Designed by Mike Bond and George French.
Scheme presented by Mike Bond at:
“Is Cryptographic Theory Practically Relevant?” – Workshop,Cambridge, UK, Feb 2012.
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 4 / 40
Background
The story of this work
Designed by Mike Bond and George French.
Scheme presented by Mike Bond at:
“Is Cryptographic Theory Practically Relevant?” – Workshop,Cambridge, UK, Feb 2012.
Security analysis.
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 4 / 40
Background
The story of this work
Designed by Mike Bond and George French.
Scheme presented by Mike Bond at:
“Is Cryptographic Theory Practically Relevant?” – Workshop,Cambridge, UK, Feb 2012.
Security analysis.
Presented today at:
Real World Crypto Workshop,Stanford, Jan 2013.
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 4 / 40
Background
The story of this work
Designed by Mike Bond and George French.
Scheme presented by Mike Bond at:
“Is Cryptographic Theory Practically Relevant?” – Workshop,Cambridge, UK, Feb 2012.
Security analysis.
Presented today at:
Real World Crypto Workshop,Stanford, Jan 2013.
Paper to appear at CT-RSA 2013 (February).
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 4 / 40
Motivation
1 Background
2 Motivation
3 Encryption with redundancy
4 Managed Encryption Format
5 Analysis
6 Summary
7 Something different...
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 5 / 40
Motivation
Setting
Industry commonly manages keys with special purpose hardware:
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 6 / 40
Motivation
Setting
Industry commonly manages keys with special purpose hardware:
Hardware Security Module (HSM).
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 6 / 40
Motivation
Setting
Industry commonly manages keys with special purpose hardware:
Hardware Security Module (HSM).
HSMs store keys which should not be exposed outside the module.
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 6 / 40
Motivation
Setting
Industry commonly manages keys with special purpose hardware:
Hardware Security Module (HSM).
HSMs store keys which should not be exposed outside the module.
Keys used via an API call to the HSM.
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 6 / 40
Motivation
Setting
Industry commonly manages keys with special purpose hardware:
Hardware Security Module (HSM).
HSMs store keys which should not be exposed outside the module.
Keys used via an API call to the HSM.
e.g. Provides an API call for CBC Mode.Input: plaintext and the name of a key.HSM recovers key and applies CBC-Mode.
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 6 / 40
Motivation
Setting
Industry commonly manages keys with special purpose hardware:
Hardware Security Module (HSM).
HSMs store keys which should not be exposed outside the module.
Keys used via an API call to the HSM.
e.g. Provides an API call for CBC Mode.Input: plaintext and the name of a key.HSM recovers key and applies CBC-Mode.
Whole process is expensive.
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 6 / 40
Motivation
Setting
Industry commonly manages keys with special purpose hardware:
Hardware Security Module (HSM).
HSMs store keys which should not be exposed outside the module.
Keys used via an API call to the HSM.
e.g. Provides an API call for CBC Mode.Input: plaintext and the name of a key.HSM recovers key and applies CBC-Mode.
Whole process is expensive.
Minimizing calls to the HSM is important.
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 6 / 40
Motivation
What are our options?
Constructions which provide authenticated encryption:
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 7 / 40
Motivation
What are our options?
Constructions which provide authenticated encryption:
Encrypt-then-MAC
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 7 / 40
Motivation
What are our options?
Constructions which provide authenticated encryption:
Encrypt-then-MAC
Dedicated AE scheme: OCB, EAX, CCM etc.
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 7 / 40
Motivation
What are our options?
Constructions which provide authenticated encryption:
Encrypt-then-MAC
Dedicated AE scheme: OCB, EAX, CCM etc.
Why not use one of these well studied schemes?
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 7 / 40
Motivation
HSMs designed before need for AE was understood.
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 8 / 40
Motivation
HSMs designed before need for AE was understood.
More modern modes are not supported.
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 8 / 40
Motivation
HSMs designed before need for AE was understood.
More modern modes are not supported.
Solution:
Use a generic construction such as Encrypt-then-MAC.
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 8 / 40
Motivation
HSMs designed before need for AE was understood.
More modern modes are not supported.
Solution:
Use a generic construction such as Encrypt-then-MAC.
Solution Problem:
This uses two keys.
Meaning two HSM calls.
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 8 / 40
Motivation
Design criteria
Basic requirements:
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 9 / 40
Motivation
Design criteria
Basic requirements:
All secret keys should reside on the HSM.
Only one call to the HSM is allowed, i.e. single key.
Such a call should be to a CBC-Encrypt.
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 9 / 40
Encryption with redundancy
1 Background
2 Motivation
3 Encryption with redundancy
4 Managed Encryption Format
5 Analysis
6 Summary
7 Something different...
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 10 / 40
Encryption with redundancy
Encryption with redundancy
Studied formally by An and Bellare.
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 11 / 40
Encryption with redundancy
Encryption with redundancy
Studied formally by An and Bellare.
Two types of redundancy function; secret key and public key.
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 11 / 40
Encryption with redundancy
Encryption with redundancy
Studied formally by An and Bellare.
Two types of redundancy function; secret key and public key.
IND-CPA encryption scheme + secret/public redundancy function 6⇒ AE.
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 11 / 40
Encryption with redundancy
Encryption with redundancy
Studied formally by An and Bellare.
Two types of redundancy function; secret key and public key.
IND-CPA encryption scheme + secret/public redundancy function 6⇒ AE.
An and Bellare define a scheme with a secret key redundancy function,Nested CBC (NCBC).
NCBC uses a different key to encrypt the last block.
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 11 / 40
Encryption with redundancy
Relating to our scheme
Our scheme uses secret redundancy,
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 12 / 40
Encryption with redundancy
Relating to our scheme
Our scheme uses secret redundancy,where the redundancy function uses a different “key” each time.
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 12 / 40
Encryption with redundancy
Relating to our scheme
Our scheme uses secret redundancy,where the redundancy function uses a different “key” each time.
In general any IND-CPA scheme plus one time redundancy function 6⇒ AE.
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 12 / 40
Managed Encryption Format
1 Background
2 Motivation
3 Encryption with redundancy
4 Managed Encryption Format
5 Analysis
6 Summary
7 Something different...
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 13 / 40
Managed Encryption Format
API call
The API call is CBC-mode
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 14 / 40
Managed Encryption Format
API call
The API call is CBC-mode with all-zero IV.
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 14 / 40
Managed Encryption Format
API call
The API call is CBC-mode with all-zero IV.
Need randomness for security.
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 14 / 40
Managed Encryption Format
API call
The API call is CBC-mode with all-zero IV.
Need randomness for security.
Use HSMs ability to generate random numbers.
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 14 / 40
Managed Encryption Format
API call
The API call is CBC-mode with all-zero IV.
Need randomness for security.
Use HSMs ability to generate random numbers.
Implementation note – to avoid making an extra HSM call for everyencryption, we maintain a cache of randomness.
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 14 / 40
Managed Encryption Format
API call
The API call is CBC-mode with all-zero IV.
Need randomness for security.
Use HSMs ability to generate random numbers.
Implementation note – to avoid making an extra HSM call for everyencryption, we maintain a cache of randomness.
We assume this cache to be secure.
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 14 / 40
Managed Encryption Format
Managed Encryption Format
R
C[0] = FK(R)
FK FK FK
hash(R,A,M)
hash
M [1]
C[1] C[2]
A
FK
M [2]
C[3]
FK
M [n]
C[n+ 1]
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 15 / 40
Managed Encryption Format
Encrypt(K ,A,M)
Rr← {0, 1}l
H ← hash(R ,A,M)C ← E-CBC[F ](K ,R‖H‖pad(M))return C
Decrypt(K ,A,C )
R‖H‖M ′ ← D-CBC[F ](K ,C )M ← dpad(M ′)if M 6=⊥ thenh← hash(R ,A,M)
if h 6= h then M =⊥return M
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 16 / 40
Managed Encryption Format
Encrypt(K ,A,M)
Rr← {0, 1}l
H ← hash(R ,A,M)C ← E-CBC[F ](K ,R‖H‖pad(M))return C
Decrypt(K ,A,C )
R‖H‖M ′ ← D-CBC[F ](K ,C )M ← dpad(M ′)if M 6=⊥ thenh← hash(R ,A,M)
if h 6= h then M =⊥return M
Points to note:
Padding (uniform error reporting)
“MAC-then-encrypt”
IV
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 16 / 40
Analysis
1 Background
2 Motivation
3 Encryption with redundancy
4 Managed Encryption Format
5 Analysis
6 Summary
7 Something different...
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 17 / 40
Analysis
Security model – Privacy
Let Π = (KeyGen,Encrypt,Decrypt) be a symmetric encryption scheme.
Enc(A,M0,M1)C0 ← Encrypt(K ,A,M0)C1 ← Encrypt(K ,A,M1)
C∪← Cb
return Cb
PRIVA(Π)
K ← KeyGen; br← {0, 1}
b′ ← AEnc
return (b′ = b)
AdvprivΠ (A) = 2Pr[PRIVA(Π)⇒ true]− 1,
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 18 / 40
Analysis
PRIV
This can be proved by relating to the security of CBC mode proved by Bellare etal. [BDJR].
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 19 / 40
Analysis
PRIV
This can be proved by relating to the security of CBC mode proved by Bellare etal. [BDJR].
hash(R,A,M) M [1]R
C[0] = FK(R)
FK FK FK
C[1] C[2]
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 19 / 40
Analysis
Privacy
Let F = {FK : K ∈ {0, 1}k} be a permutation family.
Let Π[F ] be the managed encryption format using permutation family F .
Let A be an adversary against Privacy which runs in time t; making qeencryption queries totalling at most µe bits.
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 20 / 40
Analysis
Privacy
Let F = {FK : K ∈ {0, 1}k} be a permutation family.
Let Π[F ] be the managed encryption format using permutation family F .
Let A be an adversary against Privacy which runs in time t; making qeencryption queries totalling at most µe bits.
Then there exists adversary B such that:
AdvPRIVΠ[F ] (A) ≤ 2Adv
prpF (B) +
q2f2l
+1
2l
(
(µe
l+ 2qe
)2
−(µe
l+ 2qe
)
)
where B runs in time t + O(µe) asking at most qf =µe
l+ 2qe queries.
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 20 / 40
Analysis
Security model – AUTH
Let Π = (KeyGen,Encrypt,Decrypt) be a symmetric encryption scheme.
Enc(A,M)C ← Encrypt(K ,A,M)
C∪← (A,C )
return C
Test(A∗,C∗)M∗ ← Decrypt(K ,A∗,C∗)if M∗ 6=⊥ and (A∗,C∗) 6∈ C then
win← truereturn (M∗ 6=⊥)
AUTHA(Π)K ← KeyGenwin← false(A∗,C∗)← AEnc,Test
return win
AdvauthΠ (A) = Pr[AUTHA(Π)⇒ true]
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 21 / 40
Analysis
AUTH
R
C[0] = FK(R)
FK FK FK
hash(R,A,M)
hash
M [1]
C[1] C[2]
A
FK
M [2]
C[3]
FK
M [n]
C[n+ 1]
To forge a ciphertext the adversary must forge the hash.
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 22 / 40
Analysis
Case 1: Hash not queried
Pr[(hash(R∗,A∗,M∗) = h∗) ∧ ((R∗,A∗,M∗, h∗) /∈ H)|πr← Perm] ≤
qt
2l
Not previously queried.
Random chance on verification.
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 23 / 40
Analysis
Case 2: Hash already queried
Pr[(hash(R∗,A∗,M∗) = h∗) ∧ ((R∗,A∗,M∗, h∗) ∈ H)|πr← Perm] ≤
qhµe
l2l.
Previous call to random oracle.
If call made by encryption query then invalid forgery.
So independent call to hash.
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 24 / 40
Analysis
Case 2: Hash already queried
Pr[(hash(R∗,A∗,M∗) = h∗) ∧ ((R∗,A∗,M∗, h∗) ∈ H)|πr← Perm] ≤
qhµe
l2l.
Previous call to random oracle.
If call made by encryption query then invalid forgery.
So independent call to hash.
Analysis is then based on the collision event that for some i , j ,
Ci [j ]⊕Mi [j ] = h∗ ⊕ π(R∗).
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 24 / 40
Analysis
AUTH
Let F = {FK : K ∈ {0, 1}k} be a permutation family.
Let Π[F ] be the managed encryption format using permutation family F .
Let A be an adversary against the AUTH security which runs in time t;making qe encryption queries totalling at most µe bits, qt test queriestotalling at must µt bits and qh random oracle queries.
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 25 / 40
Analysis
AUTH
Let F = {FK : K ∈ {0, 1}k} be a permutation family.
Let Π[F ] be the managed encryption format using permutation family F .
Let A be an adversary against the AUTH security which runs in time t;making qe encryption queries totalling at most µe bits, qt test queriestotalling at must µt bits and qh random oracle queries.
Then there exists adversary B such that:
AdvAUTHΠ[F ] (A) ≤ Adv
sprpF (B) +
qt
2l+
qhµe
l2l
where B makes qf =µe
l+ 2qe +
µt
lqueries and runs in time t + O(µe + µt).
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 25 / 40
Summary
1 Background
2 Motivation
3 Encryption with redundancy
4 Managed Encryption Format
5 Analysis
6 Summary
7 Something different...
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 26 / 40
Summary
Summary
We have discussed the Managed Encryption Format
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 27 / 40
Summary
Summary
We have discussed the Managed Encryption Format
Despite its limitation we were still able to prove it secure.
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 27 / 40
Summary
Summary
We have discussed the Managed Encryption Format
Despite its limitation we were still able to prove it secure.
With several important implementation caveats.
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 27 / 40
Summary
Summary
We have discussed the Managed Encryption Format
Despite its limitation we were still able to prove it secure.
With several important implementation caveats.
Care needs to be taken with implementation to ensure security.
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 27 / 40
Something different...
1 Background
2 Motivation
3 Encryption with redundancy
4 Managed Encryption Format
5 Analysis
6 Summary
7 Something different...
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 28 / 40
Something different...
And now for something completely different....
M. Bond, G. French, N.P. Smart, G.J. Watson Low-call diet: AE for call counting HSM users Stanford – January 10th 2012 29 / 40
Something different...
Analysis of the new EMV key agreement protocol
Christina Brzuska1 Nigel P. Smart2 Bogdan Warinschi2
Gaven J. Watson2
1School of Computer Science,Tel Aviv University, Israel.
2Dept. Computer Science,University of Bristol, UK.
Real World Cryptography Workshop, Stanford – January 10th 2012
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 30 / 40
Something different...
Scheme
Card (C) Terminal (T)secret key: d ∈ Fq
“public” key: QC = dP
certC = (sigsk(QC ),QC )
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 31 / 40
Something different...
Scheme
Card (C) Terminal (T)secret key: d ∈ Fq
“public” key: QC = dP
certC = (sigsk(QC ),QC )
ar← {0, 1}l
A=aQC
−−−−−−−−−−−−−−−→E=eP
←−−−−−−−−−−−−−−− er← Fq
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 31 / 40
Something different...
Scheme
Card (C) Terminal (T)secret key: d ∈ Fq
“public” key: QC = dP
certC = (sigsk(QC ),QC )
ar← {0, 1}l
A=aQC
−−−−−−−−−−−−−−−→E=eP
←−−−−−−−−−−−−−−− er← Fq
(κ1, κ2) = H(daE ) (κ1, κ2) = H(eA)
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 31 / 40
Something different...
Scheme
Card (C) Terminal (T)secret key: d ∈ Fq
“public” key: QC = dP
certC = (sigsk(QC ),QC )
ar← {0, 1}l
A=aQC
−−−−−−−−−−−−−−−→E=eP
←−−−−−−−−−−−−−−− er← Fq
(κ1, κ2) = H(daE ) (κ1, κ2) = H(eA)ct=encκ1
(certC ,QC ,a)
−−−−−−−−−−−−−−−→ (certC ,QC , a) = decκ1(ct)
Check: aQC?= A
verpk(certC ,QC )?= true
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 31 / 40
Something different...
Scheme
Card (C) Terminal (T)secret key: d ∈ Fq
“public” key: QC = dP
certC = (sigsk(QC ),QC )
ar← {0, 1}l
A=aQC
−−−−−−−−−−−−−−−→E=eP
←−−−−−−−−−−−−−−− er← Fq
(κ1, κ2) = H(daE ) (κ1, κ2) = H(eA)ct=encκ1
(certC ,QC ,a)
−−−−−−−−−−−−−−−→ (certC ,QC , a) = decκ1(ct)
Check: aQC?= A
verpk(certC ,QC )?= true
cti=encκ1(mi )
−−−−−−−−−−−−−−−→ctj=encκ2
(mj )
←−−−−−−−−−−−−−−−
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 31 / 40
Something different...
What is the correct security model?
Authenticated key exchange security model – Bellare and Rogaway 1993.
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 32 / 40
Something different...
What is the correct security model?
Authenticated key exchange security model – Bellare and Rogaway 1993.
Model in a nutshell:
A is permitted NewSession, Send, Reveal and Corrupt queries.
At some point A makes Test query which returns either real or randomsession key.
A must distinguish cases.
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 32 / 40
Something different...
What is the correct security model?
Authenticated key exchange security model – Bellare and Rogaway 1993.
Model in a nutshell:
A is permitted NewSession, Send, Reveal and Corrupt queries.
At some point A makes Test query which returns either real or randomsession key.
A must distinguish cases.
Schemes with a key confirmation step cannot be secure.
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 32 / 40
Something different...
What is the correct security model?
Authenticated key exchange security model – Bellare and Rogaway 1993.
Model in a nutshell:
A is permitted NewSession, Send, Reveal and Corrupt queries.
At some point A makes Test query which returns either real or randomsession key.
A must distinguish cases.
Schemes with a key confirmation step cannot be secure.(Decrypt the last message and check.)
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 32 / 40
Something different...
ACCE
Jager et al. propose Authenticated and Confidential Channel Establishment(ACCE).
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 33 / 40
Something different...
ACCE
Jager et al. propose Authenticated and Confidential Channel Establishment(ACCE).
ACCE = AKE + sLHAE.
Queries permitted – NewSession, Send, Encrypt, Decrypt, Reveal and Corrupt
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 33 / 40
Something different...
ACCE
Jager et al. propose Authenticated and Confidential Channel Establishment(ACCE).
ACCE = AKE + sLHAE.
Queries permitted – NewSession, Send, Encrypt, Decrypt, Reveal and Corrupt
Challenge –
For each session the challenger chooses a random bit b.
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 33 / 40
Something different...
ACCE
Jager et al. propose Authenticated and Confidential Channel Establishment(ACCE).
ACCE = AKE + sLHAE.
Queries permitted – NewSession, Send, Encrypt, Decrypt, Reveal and Corrupt
Challenge –
For each session the challenger chooses a random bit b.Encrypt takes as input two messages m0,m1 and returns encryption of mb.
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 33 / 40
Something different...
ACCE
Jager et al. propose Authenticated and Confidential Channel Establishment(ACCE).
ACCE = AKE + sLHAE.
Queries permitted – NewSession, Send, Encrypt, Decrypt, Reveal and Corrupt
Challenge –
For each session the challenger chooses a random bit b.Encrypt takes as input two messages m0,m1 and returns encryption of mb.A must guess b for one particular session.
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 33 / 40
Something different...
ACCE issues
Permitted Decryptions:
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 34 / 40
Something different...
ACCE issues
Permitted Decryptions: Consider partners i and j .
Different keys for each direction.j encrypts messages for i to decrypt.
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 34 / 40
Something different...
ACCE issues
Permitted Decryptions: Consider partners i and j .
Different keys for each direction.j encrypts messages for i to decrypt.A should not see decryption by i of encryption output by j .
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 34 / 40
Something different...
ACCE issues
Permitted Decryptions: Consider partners i and j .
Different keys for each direction.j encrypts messages for i to decrypt.A should not see decryption by i of encryption output by j .As stated model checks i does not returned decrypt messages encrypted byitself.
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 34 / 40
Something different...
ACCE issues
Permitted Decryptions: Consider partners i and j .
Different keys for each direction.j encrypts messages for i to decrypt.A should not see decryption by i of encryption output by j .As stated model checks i does not returned decrypt messages encrypted byitself.
Reveal Queries:
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 34 / 40
Something different...
ACCE issues
Permitted Decryptions: Consider partners i and j .
Different keys for each direction.j encrypts messages for i to decrypt.A should not see decryption by i of encryption output by j .As stated model checks i does not returned decrypt messages encrypted byitself.
Reveal Queries: Consider both EMV and TLS.
Last operation by card is to send an encrypted message.
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 34 / 40
Something different...
ACCE issues
Permitted Decryptions: Consider partners i and j .
Different keys for each direction.j encrypts messages for i to decrypt.A should not see decryption by i of encryption output by j .As stated model checks i does not returned decrypt messages encrypted byitself.
Reveal Queries: Consider both EMV and TLS.
Last operation by card is to send an encrypted message.Immediately after message is sent A can reveal the key and re-encryptmessage with new randomness.
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 34 / 40
Something different...
ACCE issues
Permitted Decryptions: Consider partners i and j .
Different keys for each direction.j encrypts messages for i to decrypt.A should not see decryption by i of encryption output by j .As stated model checks i does not returned decrypt messages encrypted byitself.
Reveal Queries: Consider both EMV and TLS.
Last operation by card is to send an encrypted message.Immediately after message is sent A can reveal the key and re-encryptmessage with new randomness.The other participant will accept but matching conversations will not hold.
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 34 / 40
Something different...
Our model
EAMAP Model:
A permitted queries NewSession, Send, Reveal and Corrupt.
Send controls all key-exchange, encrypt and decrypt operations.
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 35 / 40
Something different...
Our model
EAMAP Model:
A permitted queries NewSession, Send, Reveal and Corrupt.
Send controls all key-exchange, encrypt and decrypt operations.
Security in three parts: Entity Authentication, Message Authentication andMessage Privacy.
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 35 / 40
Something different...
Our model
EAMAP Model:
A permitted queries NewSession, Send, Reveal and Corrupt.
Send controls all key-exchange, encrypt and decrypt operations.
Security in three parts: Entity Authentication, Message Authentication andMessage Privacy.
Fixing reveal query issue – entity authentication w.r.t. matchingconversations on the plaintext.
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 35 / 40
Something different...
Our model
EAMAP Model:
A permitted queries NewSession, Send, Reveal and Corrupt.
Send controls all key-exchange, encrypt and decrypt operations.
Security in three parts: Entity Authentication, Message Authentication andMessage Privacy.
Fixing reveal query issue – entity authentication w.r.t. matchingconversations on the plaintext.
One-sided authentication.
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 35 / 40
Something different...
Security
Entity Authentication – Matching plaintext conversations – Forge certificates.
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 36 / 40
Something different...
Security
Entity Authentication – Matching plaintext conversations – Forge certificates.
Message Authentication –
Gap-DHMatching plaintext conversations – certificate forgeryAUTH of encryption scheme (stateful)
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 36 / 40
Something different...
Security
Entity Authentication – Matching plaintext conversations – Forge certificates.
Message Authentication –
Gap-DHMatching plaintext conversations – certificate forgeryAUTH of encryption scheme (stateful)
Message Privacy –
Gap-DHMatching plaintext conversations – certificate forgeryPRIV of encryption scheme (stateful)
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 36 / 40
Something different...
Unlinkability – Model
We have the additional requirement of unlinkability of card session.
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 37 / 40
Something different...
Unlinkability – Model
We have the additional requirement of unlinkability of card session.
Model in a nutshell:
A permitted NewSession, Send, Reveal and Corrupt queries.
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 37 / 40
Something different...
Unlinkability – Model
We have the additional requirement of unlinkability of card session.
Model in a nutshell:
A permitted NewSession, Send, Reveal and Corrupt queries.
A outputs two identities i0 and i1.
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 37 / 40
Something different...
Unlinkability – Model
We have the additional requirement of unlinkability of card session.
Model in a nutshell:
A permitted NewSession, Send, Reveal and Corrupt queries.
A outputs two identities i0 and i1.
Challenger chooses random bit b and creates a session based on ib.
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 37 / 40
Something different...
Unlinkability – Model
We have the additional requirement of unlinkability of card session.
Model in a nutshell:
A permitted NewSession, Send, Reveal and Corrupt queries.
A outputs two identities i0 and i1.
Challenger chooses random bit b and creates a session based on ib.
A makes further queries,
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 37 / 40
Something different...
Unlinkability – Model
We have the additional requirement of unlinkability of card session.
Model in a nutshell:
A permitted NewSession, Send, Reveal and Corrupt queries.
A outputs two identities i0 and i1.
Challenger chooses random bit b and creates a session based on ib.
A makes further queries, including Send queries to challenge session.
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 37 / 40
Something different...
Unlinkability – Model
We have the additional requirement of unlinkability of card session.
Model in a nutshell:
A permitted NewSession, Send, Reveal and Corrupt queries.
A outputs two identities i0 and i1.
Challenger chooses random bit b and creates a session based on ib.
A makes further queries, including Send queries to challenge session.
A must determine b.
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 37 / 40
Something different...
Unlinkability – Security
Security then depends on the following problem:
Definition (Small Decisional Discrete Log (SDDL))
Given P ,X0,X1, rXi ∈ G , where |r | ≤ 2l < |G | determine i .
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 38 / 40
Something different...
Wrapping up
Presented two formal security analyses:
Managed Encryption Format – Retrospective analysis.
EMV – Analysis as part of the design process.
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 39 / 40
Something different...
Questions
C. Brzuska, N.P. Smart, B. Warinschi, G.J. Watson EMV Analysis Stanford – January 10th 2012 40 / 40