Bringing Kleptography to Real-World TLS - Information Security Theory and Practice
Conference Papers Year : 2019

Bringing Kleptography to Real-World TLS

Adam Janovsky
  • Function : Author
  • PersonId : 1054596
Jan Krhovjak
  • Function : Author

Abstract

Kleptography is a study of stealing information securely and subliminally from black-box cryptographic devices. The stolen information is exfiltrated from the device via a backdoored algorithm inside an asymmetricaly encrypted subliminal channel. In this paper, the kleptography setting for the TLS protocol is addressed. While earlier proposals of asymmetric backdoors for TLS lacked the desired properties or were impractical, this work shows that a feasible asymmetric backdoor can be derived for TLS. First, the paper revisits the existing proposals of kleptographic backdoors for TLS of version 1.2 and lower. Next, advances of the proposal by Gołębiewski et al. are presented to achieve better security and indistinguishability. Then, the enhanced backdoor is translated both to TLS 1.2 and 1.3, achieving first practical solution. Properties of the backdoor are proven and its feasibility is demonstrated by implementing it as a proof-of-concept into the OpenSSL library. Finally, performance of the backdoor is evaluated and studied as a tool for side-channel detection.
Fichier principal
Vignette du fichier
484602_1_En_3_Chapter.pdf (385.3 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-02294600 , version 1 (23-09-2019)

Licence

Identifiers

Cite

Adam Janovsky, Jan Krhovjak, Vashek Matyas. Bringing Kleptography to Real-World TLS. 12th IFIP International Conference on Information Security Theory and Practice (WISTP), Dec 2018, Brussels, Belgium. pp.15-27, ⟨10.1007/978-3-030-20074-9_3⟩. ⟨hal-02294600⟩
194 View
179 Download

Altmetric

Share

More