Protocols
Contents
Authentication
Basics
- Cryptographic Protocol - Wikipedia
- Authentication - Wikipedia - can be considered to be of three types:
- Accepting proof of identity given by a credible person who has first-hand evidence that the identity is genuine. This can be organised centralised or decentralised.
- Comparing the attributes of the object itself to what is known about objects of that origin (e.g. a painting).
- Relying on documentation or other external affirmations. In criminal courts, the rules of evidence often require establishing the chain of custody of evidence presented.
- Authentication Protocol - Wikipedia
Password based
- PACE Password Authenticated Connection Establishment
- Developed by the German Bundesamt für Sicherheit in der Informationstechnik (BSI), free of patents
- Establishes a shared session key between a contactless smartcard and terminal using the DH key agreement protocol
- As DH key agreement does not support authentication it is vulnerable to man-in-the-middle at-tacks. To prevent this and to ensure user consent, PACE uses a password-based protocol to protect the wireless communication interface between the terminal and the card before the card is accessed. In the most common scenario a PIN, permanently stored in the card and entered into the terminal by the user.
- As the password is used during the calculation of the session key, entering a wrong password leads to different session keys on both sides which causes the connection establishment to fail.
- OPAQUE
TLS
IPSEC
IPSEC is a network protocol suite that authenticates and encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs).
SSH
SSH basics
SSH is a network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution.
SSH operates as a layered protocol suite comprising three principal hierarchical components:
- the transport layer provides server authentication, confidentiality, and integrity
- the user authentication protocol validates the user to the server
- the connection protocol multiplexes the encrypted tunnel into multiple logical communication channels
SSH may be used in several ways. In the simplest manner, both ends of a communication channel use automatically generated public-private key pairs to encrypt a connection, and then use a password to authenticate the user.
Command: 'ssh -V' gives version (OpenSSH), 'man ssh' gives info.
'ssh -Q cipher' queries symmetrical ciphers, e.g.
- 3des-cbc
- aes128-cbc
- aes192-cbc
- aes256-cbc
- rijndael-cbc@lysator.liu.se
- aes128-ctr
- aes192-ctr
- aes256-ctr
- aes128-gcm@openssh.com
- aes256-gcm@openssh.com
- chacha20-poly1305@openssh.com
'ssh -Q cipher-auth' queries symmetric ciphers that support authenticated encryption), e.g.
- aes128-gcm@openssh.com
- aes256-gcm@openssh.com
- chacha20-poly1305@openssh.com
'ssh -Q mac' queries macs, e.g.
- hmac-sha1
- hmac-sha1-96
- hmac-sha2-256
- hmac-sha2-512
- hmac-md5
- hmac-md5-96
- umac-64@openssh.com
- umac-128@openssh.com
- hmac-sha1-etm@openssh.com
- hmac-sha1-96-etm@openssh.com
- hmac-sha2-256-etm@openssh.com
- hmac-sha2-512-etm@openssh.com
- hmac-md5-etm@openssh.com
- hmac-md5-96-etm@openssh.com
- umac-64-etm@openssh.com
- umac-128-etm@openssh.com
'ssh -Q key', 'ssh -Q key-cert' and 'ssh -Q key-plain' query key types.
'ssh -Q kex' queries key exchange algorithms, e.g.
- diffie-hellman-group1-sha1
- diffie-hellman-group14-sha1
- diffie-hellman-group14-sha256
- diffie-hellman-group16-sha512
- diffie-hellman-group18-sha512
- diffie-hellman-group-exchange-sha1
- diffie-hellman-group-exchange-sha256
- ecdh-sha2-nistp256
- ecdh-sha2-nistp384
- ecdh-sha2-nistp521
- curve25519-sha256
- curve25519-sha256@libssh.org
'ssh -Q sig' queries signature algorithms, e.g.
- ssh-ed25519
- ssh-rsa
- rsa-sha2-256
- rsa-sha2-512
- ssh-dss
- ecdsa-sha2-nistp256
- ecdsa-sha2-nistp384
- ecdsa-sha2-nistp521
SSH other
Quantum Key Distribution
A secure communication method which implements a cryptographic protocol involving components of quantum mechanics. It enables two parties to produce a shared random secret key known only to them, which can then be used to encrypt and decrypt messages.
Other selective protocols
- Wultra Powerauth
- Wultra Powerauth developer doc
- A protocol for a key exchange and for subsequent request signing
- Based on a used cryptography, a security scheme and standard RESTful API end-points
- OPAQUE
- A secure asymmetric password-authenticated key exchange (aPAKE) that supports mutual authentication in a client-server setting without reliance on PKI and with security against pre-computation attacks upon server compromise
Intro PETs
Fiat-Shamir (creating a signature on a proof of knowledge)
The Fiat–Shamir heuristic is a technique for taking an interactive proof of knowledge and creating a digital signature based on it. This way, some fact (for example, knowledge of a certain secret number) can be publicly proven without revealing underlying information. The technique is due to Amos Fiat and Adi Shamir (1986). For the method to work, the original interactive proof must have the property of being public-coin, i.e. verifier's random coins are made public throughout the proof protocol.
Direct Anonymous Attestation
A protocol that enables remote authentication of a trusted computer whilst preserving privacy of the platform's user. It has been adopted by the Trusted Computing Group (TCG). See also ISO/IEC 20008.
Zero Knowledge
ZK introduction
- 'A Graduate Course in Applied Cryptography' - Dan Boneh and Victor Shoup, part III protocols (proving properties in zero-knowledge)
- ZK proof - Wikipedia
ZK basics
Consider a client owning a public input x, a server owns a private input w, and the client wishes to learn z := F (x, w) for a program F known to both parties.
For instance, x may be a query, w a confidential database, and F the program that executes the query on the database.
- Security.
- The client is concerned about integrity of computation: how can he ascertain that the server reports the correct output z?
- In contrast, the server is concerned about confidentiality of his own input: how can he prevent the client from learning information about w?
- The server, acting as the prover, attempts to convince the client, acting as the verifier, that the following NP statement is true: “there exists w such that z = F (x, w)”. Indeed:
- The soundness property of the proof system guarantees that, if the NP statement is false, the prover cannot convince the verifier (with high probability). Thus, soundness addresses the client’s integrity concern.
- The zero-knowledge property of the proof system guarantees that, if the NP statement is true, the prover can convince the verifier without leaking any information about w (beyond was is leaked by the output z). Thus, zero knowledge addresses the server’s confidentiality concern.
- Moreover, the client sometimes not only seeks soundness but also proof of knowledge which guarantees that, whenever he is convinced, not only can he deduce that a witness w exists, but also
that the server knows one such witness. This stronger property is often necessary to security if F encodes cryptographic computations, and is satisfied by most zero-knowledge proof systems.
zk SNARKS (Succinct Non-Interactive Zero Knowledge)
Many works have obtained zk-SNARK constructions.
Other
Selective Disclosure
SD basics
Camenisch and IDEMIX
Brands and Microsoft U-Prove
BBS and BBS+
The BBS+ signature scheme, described by Ho Au et al. as an extension of the BBS group signature scheme by Boneh et al. , is a signature scheme often adapted to support a feature called selective
disclosure.
- Dan Boneh, Xavier Boyen, and Hovav Shacham. "Short group signatures." Annual international cryptology conference. Springer, Berlin, Heidelberg, 2004.
http://crypto.stanford.edu/~dabo/pubs/papers/groupsigs.pdf
- Man Ho Au, Willy Susilo, and Yi Mu, Constant-Size Dynamick-TAA, International conference on security and cryptography for networks. Springer, Berlin, Heidelberg, 2006.
https://eprint.iacr.org/2008/136.pdf
SD-JWT
Signal
The Signal protocol is a cryptographic messaging protocol that provides end-to-end encryption for instant messaging in WhatsApp, Wire, and Facebook Messenger among many others,
serving well over 1 billion active users.
It requires servers so it's not P2P.
It includes several uncommon security properties (such as "future secrecy" or "post-compromise security"), enabled by a technique called *ratcheting* in which session keys are updated with every message sent.
The protocol combines the Double Ratchet algorithm, prekeys, and a triple Elliptic-curve Diffie–Hellman (3-DH) handshake,
and uses Curve25519, AES-256, and HMAC-SHA256 as primitives.
Peer2peer
I2P
I2P is a scalable, self organizing, resilient packet switched anonymous network layer, upon which any number of different
anonymity or security conscious applications can operate. Each of these applications may make their own anonymity, latency,
and throughput tradeoffs without worrying about the proper implementation of a free route mixnet, allowing them to blend
their activity with the larger anonymity set of users already running on top of I2P.
- I2P doc
- I2P ntcp
- I2P ntcp2
- NTCP2 is an authenticated key agreement protocol that improves the resistance of NTCP to various forms of automated identification and attacks
Noise
- NoiseProtocol - WhatsApp, I2P, ...
- Noise is a framework for crypto protocols based on Diffie-Hellman key agreement.
Nebula
Nebula is a scalable overlay networking tool with a focus on performance, simplicity and security. It lets you seamlessly connect computers anywhere in the world. Nebula is portable, and runs on Linux, OSX, Windows, iOS, and Android. It can be used to connect a small number of computers, but is also able to connect tens of thousands of computers.