Bootstrapping Cryptography on the Internet

AuthorBrandt, Markus
AdvisorWaidner, Michael
AbstractThis thesis focuses on bootstrapping cryptography, taking it from a theoretical algorithm to something we can use on the Internet. We summarize the requirement and define five pillars that build the foundation of successfully deployed cryptographic algorithms: computational performance, usability, transport, key management, and randomness. While there is a lot of research around the computational performance and usability of cryptographic algorithms, we focus on the other pillars. For transport, we explore two obstacles that interfere with the development of practical, real-world secure computation applications. We show the importance of the selection of suitable transport layers. Our evaluations show how Transmission Control Protocol (TCP) does not fully utilize the bandwidth for Two Party Computation (2PC) implementations. We evaluate three transport layers protocols for different applications and show that no protocol is suited for every scenario. In our evaluations, we use various protocols and network conditions in multiple regions to highlight the effects on the performance of 2PC applications. We propose an extendable framework that integrates the (initially) three transport layer protocols: User Datagram Protocol (UDP), TCP, and UDP-based Data Transfer Protocol (UDT). The framework's task is to identify the most suitable transport layer protocol depending on the current TCP application and the network conditions. For key management, we show how to manipulate a domain validation mechanism. We developed a BGP simulator to evaluate BGP paths on the Internet. Our simulator is high performant and respects relationships between CAs. In combination with our simulator, we analyze the resilience of the domains ecosystem to attacks against domain validation. Our measurements show that the domains ecosystem is not resilient to prefix hijacks and reveal that only a few ASes own most domains. We discuss possible mitigations and propose the distributed domain validation as a drop-in replacement for the standard domain validation. It allows strong resistance against MitM attackers. Additionally, we show that many IPs are anycast which is beneficial for distributed domain validation. We also analyze the validations agents' placement on the Internet and demonstrate a method to determine good ASes for agent placement. For randomness, we propose an alternative approach for generating pseudorandom strings, using the distributed nature of the Internet for collecting randomness from public services on the Internet. We develop our Distributed Pseudorandom Generator (DPRG) and demonstrate how it guarantees security against strong practical attackers and how it addresses the main shortcomings in existing PRGs. It uses AES encryption in CBC mode and an HDKF to extract randomness and inputs for handshakes. We analyze the distribution of different randomness sources like HTTP, SMTPS, SSH, and TOR and present an implementation of DPRG using the TOR network. We analyze the quality of randomness and performance of our DPRG and show that we can achieve highly secure randomness only from user space.