CryptoDB
Verifiable Verification in Cryptographic Protocols
| Authors: | |
|---|---|
| Download: | |
| Presentation: | Slides |
| Abstract: | Common verification steps in cryptographic protocols, such as signature or message authentication code checks or the validation of elliptic curve points, are crucial for the overall security of the protocol. Yet implementation errors omitting these steps easily remain unnoticed, as often the protocol will function perfectly anyways. One of the most prominent examples is Apple's goto fail bug where the erroneous certificate verification skipped over several of the required steps, marking invalid certificates as correctly verified. This vulnerability went undetected for at least 17 months. In this talk, we ask whether cryptographic implementations have to be so brittle. What if we could make crypto bugs surface through noticeable errors in a program's functionality? We introduce a mechanism which supports such detection of implementation errors on a cryptographic level. Instead of merely returning a binary acceptance decision, we let verification procedures return more fine-grained information in form of what we call a confirmation code. We then show how to escalate verification errors affecting these confirmation codes to functional errors on the overall protocol level. Concretely, we show that when confirmation codes satisfy a carefully defined unpredictability property, we can provably integrate them into secure connection establishment via key exchange and tie security to basic functionality: if verification steps in the key exchange are faulty, the connection establishment will fail, making an implementation error like goto fail detectable through a simple connection test. We present intuitive (and provably secure) confirmation codes for RSA-PSS signatures, HMAC, and the validation of elliptic curve points and discuss what is needed for their practical deployment. |
| Video: | https://youtu.be/1YIr1vu5Ovg |
BibTeX
@misc{rwc-2024-35376,
title={Verifiable Verification in Cryptographic Protocols},
note={Video at \url{https://youtu.be/1YIr1vu5Ovg}},
howpublished={Talk given at RWC 2024},
author={Marc Fischlin and Felix Günther},
year=2024
}