A Universally Composable Treatment of Network Time

R. Canetti, Kyle Hogan, Aanchal Malhotra, Mayank Varia
{"title":"A Universally Composable Treatment of Network Time","authors":"R. Canetti, Kyle Hogan, Aanchal Malhotra, Mayank Varia","doi":"10.1109/CSF.2017.38","DOIUrl":null,"url":null,"abstract":"The security of almost any real-world distributed system today depends on the participants having some \"reasonably accurate\" sense of current real time. Indeed, to name one example, the very authenticity of practically any communication on the Internet today hinges on the ability of the parties to accurately detect revocation of certificates, or expiration of passwords or shared keys.,,However, as recent attacks show, the standard protocols for determining time are subvertible, resulting in wide-spread security loss. Worse yet, we do not have security notions for network time protocols that (a) can be rigorously asserted, and (b) rigorously guarantee security of applications that require a sense of real time.,,We propose such notions, within the universally composable (UC) security framework. That is, we formulate ideal functionalities that capture a number of prevalent forms of time measurement within existing systems. We show how they can be realized by real-world protocols, and how they can be used to assert security of time-reliant applications — specifically, certificates with revocation and expiration times. This allows for relatively clear and modular treatment of the use of time consensus in security-sensitive systems.,,Our modeling and analysis are done within the existing UC framework, in spite of its asynchronous, event-driven nature. This allows incorporating the use of real time within the existing body of analytical work done in this framework. In particular it allows for rigorous incorporation of real time within cryptographic tools and primitives.","PeriodicalId":269696,"journal":{"name":"2017 IEEE 30th Computer Security Foundations Symposium (CSF)","volume":"78 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"20","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE 30th Computer Security Foundations Symposium (CSF)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSF.2017.38","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 20

Abstract

The security of almost any real-world distributed system today depends on the participants having some "reasonably accurate" sense of current real time. Indeed, to name one example, the very authenticity of practically any communication on the Internet today hinges on the ability of the parties to accurately detect revocation of certificates, or expiration of passwords or shared keys.,,However, as recent attacks show, the standard protocols for determining time are subvertible, resulting in wide-spread security loss. Worse yet, we do not have security notions for network time protocols that (a) can be rigorously asserted, and (b) rigorously guarantee security of applications that require a sense of real time.,,We propose such notions, within the universally composable (UC) security framework. That is, we formulate ideal functionalities that capture a number of prevalent forms of time measurement within existing systems. We show how they can be realized by real-world protocols, and how they can be used to assert security of time-reliant applications — specifically, certificates with revocation and expiration times. This allows for relatively clear and modular treatment of the use of time consensus in security-sensitive systems.,,Our modeling and analysis are done within the existing UC framework, in spite of its asynchronous, event-driven nature. This allows incorporating the use of real time within the existing body of analytical work done in this framework. In particular it allows for rigorous incorporation of real time within cryptographic tools and primitives.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
网络时间的普遍可组合处理
如今,几乎任何真实世界分布式系统的安全性都依赖于参与者对当前实时的某种“相当准确”的感知。事实上,仅举一个例子,当今互联网上几乎任何通信的真实性都取决于各方准确检测证书吊销、密码或共享密钥过期的能力。然而,正如最近的攻击所表明的那样,用于确定时间的标准协议是可颠覆的,导致了广泛的安全损失。更糟糕的是,我们没有网络时间协议的安全概念(a)可以严格断言,以及(b)严格保证需要实时感的应用程序的安全性。我们在普遍可组合(UC)安全框架内提出这些概念。也就是说,我们制定了在现有系统中捕获许多流行形式的时间度量的理想功能。我们将展示如何通过现实世界的协议来实现它们,以及如何使用它们来断言依赖时间的应用程序的安全性——特别是具有撤销和过期时间的证书。这允许在安全敏感系统中相对清晰和模块化地处理时间共识的使用。我们的建模和分析是在现有的UC框架内完成的,尽管它是异步的,事件驱动的性质。这允许在此框架中完成的现有分析工作中合并实时的使用。特别是,它允许在加密工具和原语中严格地结合实时性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Secure Composition of PKIs with Public Key Protocols Formal Verification of Protocols Based on Short Authenticated Strings Symbolic Verification of Privacy-Type Properties for Security Protocols with XOR Verified Translation Validation of Static Analyses Tight Bounds on Information Leakage from Repeated Independent Runs
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1