Skip to main content
Springer Nature Link
Log in

Secure Implementation of a Quantum-Future GAKE Protocol

  • Conference paper
  • First Online:
Security and Trust Management (STM 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 13075))

Included in the following conference series:

Abstract

Incorrect cryptographic protocol implementation and malware attacks targeting its runtime may lead to insecure execution even if the protocol design has been proven safe. This research focuses on adapting a runtime-verification-centric trusted execution environment (RV-TEE) solution to a quantum-future cryptographic protocol deployment. We aim to show that our approach is practical through an instantiation of a trusted execution environment supported by runtime verification and any hardware security module compatible with commodity hardware. In particular, we provide: (i) A group chat application case study which uses the quantum-future group key establishment protocol from González Vasco et al., (ii) An implementation of the protocol from González Vasco et al. employing a resource-constrained hardware security module, (iii) The runtime verification setup tailored for the protocol’s properties, (iv) An empirical evaluation of the setup focusing on the user experience of the chat application.

This work is supported by the NATO Science for Peace and Security Programme through project G5448 Secure Communication in the Quantum Era.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://www.secube.blu5group.com/products/usecube-bundle-including-5-usecube-tokens-and-1-devkit/.

  2. 2.

    https://www.secube.blu5group.com/resources/open-sources-sdk/.

  3. 3.

    https://www.st.com/content/st_com/en/ecosystems/stm32cube-ecosystem.html.

  4. 4.

    We describe the implementation of the GAKE protocol in more detail in Sect. 4.

  5. 5.

    Note that although the maximum number of participants in Fig. 4 is 60, this is not the limit of our implementation with the adjustment. The maximum number of participants for which we were able to successfully run our implementation was 789.

  6. 6.

    Strictly speaking, the chat app properties are not protocol properties and arguably not part of the RV-TEE. However, checking that the chat app works as expected, means that it is more likely that the underlying protocol is also being used in a correct manner.

  7. 7.

    This applies to the PC only implementation configuration. In the case of PC + HSM, the sensitive data never leaves the hardware security module.

  8. 8.

    https://frida.re/docs/frida-trace/.

  9. 9.

    Our analysis leaves out assertion checks such as non-null arguments. Our reasoning is that these checks could be implemented as simple assertions in the code and thus arguably not strictly part of RV.

References

  1. Alkim, E., Bilgin, Y.A., Cenk, M., Gérard, F.: Cortex-M4 optimizations for \(\{\)R, M\(\}\) LWE schemes. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020, 336–357 (2020)

    Article  Google Scholar 

  2. Aumasson, J.P.: Serious Cryptography: A Practical Introduction to Modern Encryption. No Starch Press, San Francisco (2017)

    MATH  Google Scholar 

  3. Avanzi, R., et al.: Kyber - public GitHub repository (2021). https://github.com/pq-crystals/kyber. Accessed 13 July 2021

  4. Barak, B.: The complexity of public-key cryptography. In: Tutorials on the Foundations of Cryptography. ISC, pp. 45–77. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-57048-8_2

    Chapter  Google Scholar 

  5. Barthe, G., Grégoire, B., Laporte, V.: Secure compilation of side-channel countermeasures: the case of cryptographic “constant-time”. In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF), pp. 328–343. IEEE (2018)

    Google Scholar 

  6. Bauer, A., Jürjens, J.: Runtime verification of cryptographic protocols. Comput. Secur. 29(3), 315–330 (2010)

    Article  Google Scholar 

  7. Bernstein, D.J.: Cache-timing attacks on AES (2005)

    Google Scholar 

  8. Bernstein, D.J.: Curve25519: new Diffie-Hellman speed records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 207–228. Springer, Heidelberg (2006). https://doi.org/10.1007/11745853_14

    Chapter  Google Scholar 

  9. Bindel, N., Herath, U., McKague, M., Stebila, D.: Transitioning to a quantum-resistant public key infrastructure. In: Lange, T., Takagi, T. (eds.) PQCrypto 2017. LNCS, vol. 10346, pp. 384–405. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59879-6_22

    Chapter  MATH  Google Scholar 

  10. Blu5 Labs: SEcube - open source projects (2021). https://www.secube.blu5group.com/resources/open-source-projects/. Accessed 13 July 2021

  11. Blu5 Labs: SEcube - reconfigurable silicon (2021). https://www.secube.eu/site/assets/files/1145/secube_datasheet_-_r7.pdf. Accessed 16 June 2021

  12. Bos, J., et al.: CRYSTALS-Kyber: a CCA-secure module-lattice-based KEM. In: 2018 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 353–367. IEEE (2018)

    Google Scholar 

  13. Clarkson, M.R., Schneider, F.B.: Hyperproperties. In: Proceedings of the 21st IEEE Computer Security Foundations Symposium, CSF 2008, Pittsburgh, Pennsylvania, USA, 23–25 June 2008, pp. 51–65. IEEE Computer Society (2008). https://doi.org/10.1109/CSF.2008.7

  14. Colin, S., Mariani, L.: 18 run-time verification. In: Broy, M., Jonsson, B., Katoen, J.-P., Leucker, M., Pretschner, A. (eds.) Model-Based Testing of Reactive Systems. LNCS, vol. 3472, pp. 525–555. Springer, Heidelberg (2005). https://doi.org/10.1007/11498490_24

    Chapter  Google Scholar 

  15. Colombo, C., Pace, G.J.: Industrial experiences with runtime verification of financial transaction systems: lessons learnt and standing challenges. In: Bartocci, E., Falcone, Y. (eds.) Lectures on Runtime Verification. LNCS, vol. 10457, pp. 211–232. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-75632-5_7

    Chapter  Google Scholar 

  16. Colombo, C., Pace, G.J., Schneider, G.: LARVA – safer monitoring of real-time java programs (tool paper). In: Seventh IEEE International Conference on Software Engineering and Formal Methods (SEFM), pp. 33–37. IEEE Computer Society, November 2009

    Google Scholar 

  17. Colombo, C., Vella, M.: Towards a comprehensive solution for secure cryptographic protocol execution based on runtime verification. In: Proceedings of the 6th International Conference on Information Systems Security and Privacy, ICISSP, pp. 765–774. SCITEPRESS (2020)

    Google Scholar 

  18. Curmi, A., Colombo, C., Vella, M.: Runtime verification for trustworthy secure shell deployment (2021)

    Google Scholar 

  19. Daemen, J., Rijmen, V.: The Design of Rijndael. Springer, Heidelberg (2002). https://doi.org/10.1007/978-3-662-04722-4

    Book  MATH  Google Scholar 

  20. Das, S., Russo, G., Dingman, A.C., Dev, J., Kenny, O., Camp, L.J.: A qualitative study on usability and acceptability of Yubico security key. In: Proceedings of the 7th Workshop on Socio-Technical Aspects in Security and Trust, pp. 28–39 (2018)

    Google Scholar 

  21. Dodis, Y., Kiltz, E., Pietrzak, K., Wichs, D.: Message authentication, revisited. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 355–374. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_22

    Chapter  Google Scholar 

  22. González Vasco, M.I., Pérez del Pozo, Á.L., Steinwandt, R.: Group key establishment in a quantum-future scenario. Informatica 31(4), 751–768 (2020)

    Google Scholar 

  23. Jager, T., Schwenk, J., Somorovsky, J.: Practical invalid curve attacks on TLS-ECDH. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9326, pp. 407–425. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24174-6_21

    Chapter  Google Scholar 

  24. Kannwischer, M.J., Rijneveld, J., Schwabe, P.: Faster multiplication in \(\mathbb{Z}_{2^m}[x]\) on Cortex-M4 to speed up NIST PQC candidates. In: Deng, R.H., Gauthier-Umaña, V., Ochoa, M., Yung, M. (eds.) ACNS 2019. LNCS, vol. 11464, pp. 281–301. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-21568-2_14

    Chapter  Google Scholar 

  25. Katz, J., Yung, M.: Scalable protocols for authenticated group key exchange. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 110–125. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45146-4_7

    Chapter  Google Scholar 

  26. Kocher, P., et al.: Spectre attacks: exploiting speculative execution. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 1–19. IEEE (2019)

    Google Scholar 

  27. Krawczyk, H., Bellare, M., Canetti, R.: HMAC: keyed-hashing for message authentication. IETF RFC 2104 (1997)

    Google Scholar 

  28. Leucker, M., Schallhart, C.: A brief account of runtime verification. J. Log. Algebraic Program. 78(5), 293–303 (2009)

    Article  Google Scholar 

  29. Libsodium (2021). https://libsodium.gitbook.io/doc/. Accessed 13 July 2021

  30. Marczak, B., Scott-Railton, J.: Move fast and roll your own crypto: a quick look at the confidentiality of zoom meetings. Technical report (2020). https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/. Accessed 15 June 2021

  31. McKeen, F., et al.: Intel® software guard extensions (intel® sgx) support for dynamic memory management inside an enclave. In: Proceedings of the Hardware and Architectural Support for Security and Privacy 2016, pp. 1–9 (2016)

    Google Scholar 

  32. Meier, S., Schmidt, B., Cremers, C., Basin, D.: The TAMARIN prover for the symbolic analysis of security protocols. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 696–701. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39799-8_48

    Chapter  Google Scholar 

  33. Morio, K., Jackson, D., Vassena, M., Künnemann, R.: Modular black-box runtime verification of security protocols (2020)

    Google Scholar 

  34. NIST: FIPS PUB 180–2, SHA256 Standard (2002)

    Google Scholar 

  35. Poulin, C.: What to do to protect against Heartbleed OpenSSL vulnerability (2014). https://www.yubico.com/. Accessed 13 July 2021

  36. Sabt, M., Achemlal, M., Bouabdallah, A.: Trusted execution environment: what it is, and what it is not. In: 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (2015)

    Google Scholar 

  37. Schwabe, P., Stoffelen, K.: All the AES you need on Cortex-M3 and M4. In: Avanzi, R., Heys, H. (eds.) SAC 2016. LNCS, vol. 10532, pp. 180–194. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-69453-5_10

    Chapter  Google Scholar 

  38. Somech, N., Kessem, L.: Breaking the ice: a deep dive into the IcedID banking trojan’s new major version release (2020). https://securityintelligence.com/posts/breaking-the-ice-a-deep-dive-into-the-icedid-banking-trojans-new-major-version-release/. Accessed 15 June 2021

  39. Thales: High assurance hardware security modules (2020). https://cpl.thalesgroup.com/encryption/hardware-security-modules/network-hsms. Accessed 13 July 2021

  40. Varriale, A., Prinetto, P., Carelli, A., Trotta, P.: SEcube (TM): data at rest and data in motion protection. In: Proceedings of the International Conference on Security and Management (SAM), p. 138 (2016)

    Google Scholar 

  41. Vella, M., Colombo, C., Abela, R., Špaček, P.: RV-TEE: secure cryptographic protocol execution based on runtime verification. J. Comput. Virol. Hack. Tech. 17(3), 229–248 (2021). https://doi.org/10.1007/s11416-021-00391-1

    Article  Google Scholar 

  42. Wang, Z., Yu, H., Zhang, Z., Piao, J., Liu, J.: ECDSA weak randomness in Bitcoin. Futur. Gener. Comput. Syst. 102, 507–513 (2020)

    Article  Google Scholar 

  43. Whiting, D., Housley, R., Ferguson, N.: Counter with CBC-MAC (CCM). IETF RFC 3610 (2003)

    Google Scholar 

  44. Wojtczuk, R., Rutkowska, J.: Attacking intel trusted execution technology. Black Hat DC 2009 (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Malta, Msida, Malta

    Robert Abela, Christian Colombo & Mark Vella

  2. Faculty of Electrical Engineering and Information Technology, Slovak University of Technology in Bratislava, Bratislava, Slovakia

    Peter Malo, Tomáš Fabšič, Ondrej Gallo & Viliam Hromada

  3. Mathematical Institute, Slovak Academy of Sciences, Bratislava, Slovakia

    Peter Sýs

Authors
  1. Robert Abela
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Christian Colombo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Peter Malo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Peter Sýs
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Tomáš Fabšič
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Ondrej Gallo
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Viliam Hromada
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Mark Vella
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Christian Colombo .

Editor information

Editors and Affiliations

  1. University of Málaga, Málaga, Spain

    Rodrigo Roman

  2. Singapore University of Technology and Design, Singapore, Singapore

    Jianying Zhou

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Abela, R. et al. (2021). Secure Implementation of a Quantum-Future GAKE Protocol. In: Roman, R., Zhou, J. (eds) Security and Trust Management. STM 2021. Lecture Notes in Computer Science(), vol 13075. Springer, Cham. https://doi.org/10.1007/978-3-030-91859-0_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-91859-0_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-91858-3

  • Online ISBN: 978-3-030-91859-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics