Building Security Protocols Against Powerful Adversaries THÈSE NO 7079 (2016) PRÉSENTÉE LE 7 OCTOBRE 2016 À LA FACULTÉ INFORMATIQUE ET COMMUNICATIONS LABORATOIRE D'ARCHITECTURE DES RÉSEAUX PROGRAMME DOCTORAL EN INFORMATIQUE ET COMMUNICATIONS ÉCOLE POLYTECHNIQUE FÉDÉRALE DE LAUSANNE POUR L'OBTENTION DU GRADE DE DOCTEUR ÈS SCIENCES PAR Iris SAFAKA acceptée sur proposition du jury: Dr O. Lévêque, président du jury Prof. A. Argyraki, Prof. C. Fragouli, directrices de thèse Prof. P. Papadimitratos, rapporteur Prof. S. Diggavi, rapporteur Prof. B. Ford, rapporteur Suisse 2016 Whatmattersmostishow wellyouwalkthroughfire. —CharlesBukowski Tomyfamily, Afroditi&Thanasis,Alexandros,andLorenzo Acknowledgments First and foremost, I would like to express my gratitude and respect to my advisor Prof. ChristinaFragouli.IamgratefultoChristinaforgivingmetheopportunitytoworkonexciting research topics, for her exceptional technical guidance and for her ever-positive attitude, motivatingapproachandsupportthathavebeenofsignificantimportanceduringmyPhD. I truly believe Christina is an example of a brilliant advisor and of the kind of professors academianowadaysneeds.Shehashelpedmetodevelopbothprofessionallyandpersonally andIfeelhonoredtohavehadherasmyadvisor. Second,Iwouldliketothankmyco-advisorProf. KaterinaArgyrakiforherguidanceand supportduringmyPhD.WhilecollaboratingwithKaterina,Ihadtheuniqueopportunityto acquirevaluableknowledgebyobservingherconductingoutstandingresearchwhilealso deliveringtopqualityacademicteaching.Shehasinspiredmeinvariouswaysandshehas motivated me to always aim for excellence. Her genuine advise, help and support were fundamentaltowardcompletionofthisthesisandIamtrulygratefultoher. Iwouldalsoliketothankthemembersofmythesiscommittee,Dr. OlivierLévêque,Prof. SuhasDiggavi,Prof.PanosPapadimitratosandProf.BryanFord,foracceptingtoevaluatemy workandforprovidingusefulfeedback. I am very grateful to our secretary Françoise Behn and our system administrator Damir Laurenzi,the“invisible”supportteamofmythesis–andofmanyothers’aswell.Fromthe firstdayIarrivedinLausanne,thesepeopleensuredthatIfeltwelcomedandthattherewas alwayssomeonetowhomIcouldturntoforsupport.Theirhelpfulattitudeandeffectiveness inprovidingsolutionshavecreatedafunctionallabenvironmentthatallowedustofocus undistractedonourresearch. InEPFLIhadtheopportunitytomeet, collaborateandbefriendwithexceptionalpeople. First,IwouldliketothankmycolleaguesandfriendsinARNI,EmreAtsan,AyanSengupta, LászlóCzapandSiddharthaBrahma,andinNAL,MihaiDobrescuandPavlosNikolopoulos, fortheirfriendshipandsupportduringthegoodandthebadmomentsofthePhD.Second,a bigthankstomyfriendsandfellowPhDstudentsChristinaVlachouandSofiaKarygiannifor beingasecondfamilytome,andtoDorina,Manos,Yiannis,Tassos,Matt,IraklisandVassilis forsharingunforgettablemomentsthroughtheseyears. Finally,aspecialthanktoMarina andGeorge,whosesupportwascrucialduringmyfirstmonthsinLausanne,andalsotomy friendsKaterina,Yiannis,Antonis,Thomas,AthinaandSissyforalwaysbeingthereforme. i Acknowledgments Finally,Iwouldliketothankmyparents,AfroditiandThanasis,andmybrotherAlexandros. Theirunconditionalloveandsupport,notonlyduringmyPhDbutineverystepofmylife sofar,hasalwaysbeenmyreferencepointandhasgivenmethestrengthandmotivation toovercomedifficulties. Lastbutnotleast,aheartfeltthankstoLorenzo–Icannotindeed thankhimenoughforthelove,care,supportandmotivationhehasgivenmefromthevery beginning. Lausanne,20June2016 IrisSafaka ii Abstract AsoursensitivedataisincreasinglycarriedovertheInternetandstoredremotely,security incommunicationsbecomesafundamentalrequirement.Yet,today’ssecuritypracticesare designedaroundassumptionsthevalidityofwhichisbeingchallenged. Inthisthesiswe designnewsecuritymechanismsforcertainscenarioswheretraditionalsecurityassumptions donothold. First,wedesignsecret-agreementprotocolsforwirelessnetworks,wherethesecurityofthe secretsdoesnotdependonassumptionsaboutthecomputationallimitationsofadversaries. Ourprotocolsleverageintrinsiccharacteristicsofthewirelesstoenablenodestoagreeon commonpairwisesecretsthataresecureagainstcomputationallyunconstrainedadversaries. Throughtestbedandsimulationexperimentation,weshowthatitisfeasibleinpracticeto createthousandsofsecretbitspersecond. Second, we propose a traffic anonymization scheme for wireless networks. Our protocol aimsinprovidinganonymityinafashionsimilartoTor–yetbeingresilienttocomputation- allyunboundedadversaries–byexploitingthesecuritypropertiesofoursecret-agreement. Ouranalysisandsimulationresultsindicatethatourschemecanofferalevelofanonymity comparabletothelevelofanonymitythatTordoes. Third,wedesignalightweightdataencryptionprotocolforprotectingagainstcomputationally powerfuladversariesinwirelesssensornetworks.Ourprotocolaimsinincreasingtheinherent weaksecuritythatnetworkcodingnaturallyoffers,atalowextraoverhead. Ourextensive simulationresultsdemonstratetheadditionalsecuritybenefitsofourapproach. Finally,wepresentasteganographicmechanismforsecretmessageexchangeoveruntrust- worthymessagingserviceproviders.Ourschememaskssecretmessagesintoinnocuoustexts, aiminginhidingthefactthatsecretmessageexchangeistakingplace. Ourresultsindicate thatourschemessucceedsincommunicatinghiddeninformationatnon-negligiblerates. Keywords:security,secretkeygeneration,anonymizingnetworks,linguisticsteganography iii Riassunto PoichéunasempremaggiorequantitàdidatisensibilivieneinviataviaInternetedimmagaz- zinatanellarete,lasicurezzadellecomunicazionidiventauntemasemprepiùimportante. Allostessotempolavaliditàdialcunedelleipotesi,sullequalilepratichedisicurezzainuso sonostatepensate,èmessaindiscussione.Inquestatesiproponiamonuovimeccanismidi sicurezza,ilcuifunzionamentoègarantitoanchesealcunediquesteipotesinonsonovalide. Nellaprimaparteproponiamounprotocollodigenerazionedichiaviperretisenzafili,lacui sicurezzanondipendedallatradizionaleipotesichevuolelacapacitàdicalcolodegliavversari limitata.Ilprotocollopropostosfruttalecaratteristicheintrinsechedellacomunicazionesenza filiperpermettereadognicoppiadinodidellaretediaccordarsisudellechiavichesono sicuredaunavversarioconcapacitàdicalcoloillimitate.Grazieadunbancodiprovaead esperimentisimulatimostriamocheconquestoprotocolloèpossibilecrearemigliaiadibit segretipersecondo. Nellasecondaparteproponiamounschemachepermettedicomunicareinformaanonima inretisenzafili.Ilnostroprotocollomiraadoffrireun’anonimiasimileaquellaoffertadal protocollo Tor – ma, a differenza di quest’ultimo, è in grado di resistere ad attacchi d’un avversario con capacità di calcolo illimitate – grazie all’uso del protocollo di generazione dichiavipropostonellaprimaparte.Lanostraanalisieirisultatidellenostresimulazioni indicanochequestoschemaoffreunlivellod’anonimiasimileaquelloraggiuntodaTor. Nellaterzaparteprogettiamounprotocollodicriptazioneperproteggerelecomunicazioni nelleretidisensorisenzafilidaavversariconcapacitàdicalcoloillimitate.Ilnostroprotocollo miraamigliorarelasicurezzachenaturalmentelacodificadiretegarantisce,usandolescarse risorsedisponibilisusensoriabassoconsumoenergetico.Irisultatidellenostresimulazioni mostranocheilnostroprotocolloportaadunmiglioramentodellasicurezza. Perfinirepresentiamounmeccanismodisteganografiachepermettediscambiaremessaggi attraversounfornitorediservizidimessaggisticadicuinonsihacompletafiducia.Ilnostro schemanascondeimessaggisegretiintestodalcontenutoapparentementeinnocuo,alfinedi nascondereilfattocheilmessaggiosegretoèstatoinviato.Inostriesperimentimostranoche loschemariesceacomunicarel’informazionenascostaavelocitàditrasmissionesignificative. v Acknowledgments Keywords:sicurezza,generazionedichiavi,retianonime,steganografialinguistica vi
Description: