Paper 2020/854

Designing Reverse Firewalls for the Real World

Angèle Bossuat, Xavier Bultel, Pierre-Alain Fouque, Cristina Onete, and Thyla van der Merwe

Abstract

Reverse Firewalls (RFs) were introduced by Mironov and Stephens-Davidowitz to address algorithm-substitution attacks (ASAs) in which an adversary subverts the implementation of a provably-secure cryptographic primitive to make it insecure. This concept was applied by Dodis et al. in the context of secure key exchange (handshake phase), where the adversary wants to exfiltrate sensitive information by using a subverted client implementation. RFs are used as a means of "sanitizing" the client-side protocol in order to prevent this exfiltration. In this paper, we propose a new security model for both the handshake and record layers, a.k.a. secure channel. We present a signed, Diffie-Hellman based secure channel protocol, and show how to design a provably-secure reverse firewall for it. Our model is stronger since the adversary has a larger surface of attacks, which makes the construction challenging. Our construction uses classical and off-the-shelf cryptography.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Minor revision. ESORICS 2020
Keywords
reverse firewallsprovable security
Contact author(s)
angele bossuat @ irisa fr
xavier bultel @ insa-cvl fr
History
2020-07-12: received
Short URL
https://ia.cr/2020/854
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2020/854,
      author = {Angèle Bossuat and Xavier Bultel and Pierre-Alain Fouque and Cristina Onete and Thyla van der Merwe},
      title = {Designing Reverse Firewalls for the Real World},
      howpublished = {Cryptology {ePrint} Archive, Paper 2020/854},
      year = {2020},
      url = {https://eprint.iacr.org/2020/854}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.