*********************************
There is now a CONTENT FREEZE for Mercury while we switch to a new platform. It began on Friday, March 10 at 6pm and will end on Wednesday, March 15 at noon. No new content can be created during this time, but all material in the system as of the beginning of the freeze will be migrated to the new platform, including users and groups. Functionally the new site is identical to the old one. webteam@gatech.edu
*********************************
Title: Towards Secure Communication and Authentication: Provable Security Analysis and New Constructions
Shan Chen
School of Computer Science
College of Computing
Georgia Institute of Technology
Date: Wednesday, January 8th, 2020
Time: 12:00 - 2:00 PM (EST)
Location: Coda C1008 Bolton
Committee:
Dr. Alexandra Boldyreva (Advisor), School of Computer Science, Georgia Institute of Technology
Dr. Mustaque Ahamad, School of Computer Science, Georgia Institute of Technology
Dr. Vladimir Kolesnikov, School of Computer Science, Georgia Institute of Technology
Dr. Paul Pearce, School of Computer Science, Georgia Institute of Technology
Dr. Gaven Watson, Advanced Cryptography, Visa Research
Abstract:
-----------------------
Secure communication and authentication are some of the most important and practical problems studied in modern cryptography. Plenty of cryptographic protocols have been proposed to accommodate all sorts of requirements in different settings and some of those are widely deployed and utilized in our daily lives. For instance, over half of web traffic is now protected by the Transport Layer Security (TLS) protocol to encrypt the communication between web servers and clients. Not surprisingly, these real-world protocols are hot targets of malicious attacks, which could lead to disastrous confidential information leakage and significant financial loss. It is therefore a crucial goal to provide formal security guarantees of such protocols.
In this thesis, we apply the provable security approach, a standard method used in cryptography to formally analyze the security of cryptographic protocols, to three topics related to secure communication and authentication. We first focus on the case where a user and a server share a secret and try to establish a session key for secure communication, for which we construct the first user authentication and key exchange protocols that can tolerate strong corruptions on the client-side. We next consider the setting where a public-key infrastructure (PKI) is available and propose a model to formally compare the security of the most important low-latency secure channel establishment protocols: TLS 1.3 over TCP Fast Open (TFO), QUIC over UDP, and QUIC[TLS] (a new design for QUIC that uses TLS 1.3 key exchange) over UDP. Finally, we perform the first provable security analysis of the new FIDO2 protocols, the promising proposed standard for passwordless user authentication from the Fast IDentity Online (FIDO) Alliance to replace the world's over-reliance on passwords to authenticate users, and design new constructions to achieve better security.
