HomeIssuesDeniable group communications in the presence of global unlimited adversary

Deniable group communications in the presence of global unlimited adversary | Prikladnaya Diskretnaya Matematika - Applied Discrete Mathematics. 2018. № 40. DOI: 10.17223/20710410/40/6

With this paper, we provide our research into the problem of secure communications in the presence of a global unlimited adversary. As a solution, we propose to use decentralised deniable communications. We have made use of our existing multi-party Off-the-Record protocol's modification which is able to function over decentralised transport. Its Perfect Forward Secrecy (PFS) features were improved by adding Key Ratcheting procedure to the protocol's flow. As a result, we propose a fully decentralised cryptosystem which has deniability and transcript consistency features, improved PFS and ability to resist the Sybil attack. We also give a detailed overview of the protocol model implementation in JavaScript designed to function in conditions of centralized server's absence.
Download file
Counter downloads: 236
  • Title Deniable group communications in the presence of global unlimited adversary
  • Headline Deniable group communications in the presence of global unlimited adversary
  • Publesher Tomask State UniversityTomsk State University
  • Issue Prikladnaya Diskretnaya Matematika - Applied Discrete Mathematics 40
  • Date:
  • DOI 10.17223/20710410/40/6
Keywords
deniability, decentralised communications, secure communications, отказуемость, децентрализованные коммуникации, безопасность коммуникаций
Authors
References
Oren Y. et al. The spy in the sandbox: Practical cache attacks in javascript and their implications // Proc. 22nd SIGSAC Conf. Computer and Communications Security. ACM, 2015. P. 1406-1418.
http://webrtc-security.github.io-A Study of WebRTC Security.
Hornby T. Side-Channel Attacks on Everyday Applications: Distinguishing Inputs with FLUSH+RELOAD. https : //www. semanticscholar. org/paper/Side-Channel-Attacks-on-Everyday-Applications-Dist-Hornby/a5ea83ad9abffe6c44b93617728e5f06f73bb9be ?tab=citations. 2016.
http: //caniuse. com/#search=webrtc - Can I Use? WebRTC Peer-to-peer connections.
https : //www. w3. org/TR/WebCryptoAPI/#security-considerations - Web Cryptography API, W3C Recommendation.
Stark Е., Hamburg М., and BonehD. Symmetric cryptography in javascript // Proc. Computer Security Applications Conf. (ACSAC'09). IEEE, 2009. P. 373-381.
http://blog.kotowicz.net/2014/07/js-crypto-goto-fail,html?m=l - JS crypto goto fail?
https://nadim.computer/2013/05/23/critique-javascript-cryptography.html. Kobeissi N. Thoughts on Critiques of JavaScript Cryptography.
https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/august/ javascript-cryptography-considered-harmful/ Ptacek T. Javascript Cryptography Considered Harmful.
http://peerjs. com- The PeerJS Library.
https://rdist.root.org/2010/11/29/final-post-on-javascript-cryptо/ Lawson N. Final post on Javascript crypto.
http://philzimmermann. com/docs/PGP_word_list.pdf - PGP word list.
Alexander C. and Goldberg I. Improved user authentication in off-the-record messaging // Proc. Workshop on Privacy in Electronic Society. ACM, 2007. P. 41-47.
https : //github. com/trevp/keyname - Keyname format for public-key fingerprints.
https://github.com/tomrittervg/crypto-usability-study/ Ritter T. et al. Crypto Usability Study.
https://tools.ietf.org/html/draft-miers-tls-sas-00-Short Authentication Strings for TLS, Internet Draft.
Loss D., Limmer Т., and von Gernler A. The Drunken Bishop: An Analysis of the OpenSSH Fingerprint Visualization Algorithm, http://dirk-loss.de/sshvis/drunken_bishop.pdf. 2009.
Danezis G. et al. Sybil-resistant DHT routing // Europ. Symp. Research in Computer Security. Berlin; Heidelberg: Springer, 2005. P. 305-318.
Lesniewski-Laas C. and Kaashoek M. F. Whanau: A sybil-proof distributed hash table // Proc. 7th USENIX Conf. on Networked Systems Design and Implementation (NSDI'10). 2010. P. 111-126.
Lesniewski-Laas C. A Sybil-proof one-hop DHT // Proc. 1st Workshop on Social Network Systems. ACM, 2008. P. 19-24.
Douceur J. R. The sybil attack // Intern. Workshop on Peer-to-Peer Systems. Berlin; Heidelberg: Springer, 2002. P. 251-260.
Burmester M. and Desmedt Y. A secure and scalable group key exchange system // Inform. Proc. Lett. 2005. V. 94. No.3. P. 137-143.
Van Gundy M. D. and Chen H. OldBlue: Causal Broadcast in a Mutually Suspicious Environment (Working Draft). http://matt.singlethink.net/projects/mpotr/ oldblue-draft.pdf. 2012.
Van Gundy M. Improved Deniable Signature Key Exchange for mpOTR. http://matt. singlethink.net/projects/mpotr/improved-dske.pdf. 2013.
Adrian D. et al. Imperfect forward secrecy: How Diffie - Hellman fails in practice j j Proc. 22nd SIGSAC Conf. Computer and Communications Security. ACM, 2015. P. 5-17.
https://retroshare.readthedocs.io/en/latest/concept/topology/ - Retro Share Docs. Topology.
Liu H., Vasserman E. Y., and Hopper N. Improved group off-the-record messaging j j Proc. 12th Workshop on Privacy in the Electronic Society. ACM, 2013. P. 249-254.
https ://whispersystems. org/blog/whatsapp-complete/ - WhatsApp's Signal Protocol integration is now complete.
https://whispersystems.org/blog/allo/-Open Whisper Systems partners with Google on end-to-end encryption for Alio.
https://whispersystems.org/blog/facebook-messenger/-Facebook Messenger deploys Signal Protocol for end-to-end encryption.
https ://whispersystems. org/blog/private-groups/ - Marlinspike M. Private Group Messaging.
https : //whispersystems. org/blog/advanced-ratcheting/ - Marlinspike M. Advanced Cryptographic Ratcheting.
https : //whispersystems. org/blog/simplifying-otr-deniability/ - Simplifying OTR deniability.
https : //whispersystems. org - Open Whisper Systems.
https : //bitbucket. org/Enrlg/p2p_mpotr. js - p2p_mpOTR.js.
https://github.com/maria-msu-seclab/mpotrDevelopment-Moscow State University Seclab mpOTR.
Goldberg I. et al. Multi-party off-the-record messaging // Proc. 16th Conf. Computer and Communications Security. ACM, 2009. P. 358-368.
Коростелева M. В., Гамаюнов Д. Ю. Обеспечение криптографически защищенных групповых коммуникаций с функцией отказуемости // Проблемы информационной безопасности. Компьютерные системы. 2014. №. 3. С. 74-79.
Unger N. and Goldberg I. Deniable key exchanges for secure messaging // Proc. 22nd SIGSAC Conf. Computer and Communications Security. ACM, 2015. P. 1211-1223.
linger N. et al. SoK: secure messaging j j Proc. IEEE Symp. Security and Privacy (SP). 2015. P. 232-249.
https://www.eff.org/secure-messaging-scorecard-Electronic Frontier Foundation. Secure Messaging Scorecard.
http: //www. global is sues. org/article/802/surveillance-state - Surveillance State: NSA Spying and more.
http://www.theguardian.com/media/2015/jul/02/wikileaks-us-spied-on-angela-merkels-ministers-too-says-german-newspaper - WikiLeaks: US spied on Angela Merkel's ministers too, says German newspaper, The Guardian.
http: //www.bbc. com/news/world-us-canada-22837100 - Profile: Edward Snowden, BBC News.
Borisov N., Goldberg I., and Brewer E. Off-the-record communication, or, why not to use PGP // Proc. Workshop on Privacy in the Electronic Society. ACM, 2004. P. 77-84.
Deniable group communications in the presence of global unlimited adversary | Prikladnaya Diskretnaya Matematika - Applied Discrete Mathematics. 2018. № 40. DOI: 10.17223/20710410/40/6
Deniable group communications in the presence of global unlimited adversary | Prikladnaya Diskretnaya Matematika - Applied Discrete Mathematics. 2018. № 40. DOI: 10.17223/20710410/40/6
Download full-text version
Counter downloads: 793