Abstract
Ethereum is a public, open-source, decentralized, and peer-to-peer blockchain-based computing network which is involving to the usefulness of smart contract. It gives a distributed Turing-complete virtual machine in which some codes can be executed by utilizing a worldwide and public network of nodes. The compelled certificate creation and Man-In-The-Middle (MITM) attacks are two major attacks on End-to-End Encryption (EEE) and SSL/TLS. A portion of the real attacks on end-to-end encryption and SSL/TLS is IP/ARP poisoning and the phishing attack. MITM attack makes the client difficult to understand, whether they are associated with a unique verified and secured connection or not. Since the certificate and public-key that is being passed during the connection setup is unreliable and insecure, the attacker can undoubtedly change the data in the certificate and leaves the endorsement of the certificate and public-key to the client. The purpose of this paper is to present a solution of providing the legitimacy and authenticity of freely shared and published online digital data, e.g., digital certificates, cryptographic keys, and common reference strings such as shared passwords using a mix of recently developed innovations which primary include blockchain, smart contract, InterPlanetary File System (IPFS), and quantum-resistant Password-based Authenticated Key Exchange (PAKE) protocol over rings and ideal lattices. Ethereum smart contract is utilized to manage, surveil, and give detectability and visibility into the history of digital data from its beginning to the most recent variant, in a way that it is decentralized and internationally accessed with high integrity, resiliency, and transparency, that we should thank to the immutability and irreversibility of the blockchain. The full code of our smart contract is given, with a discourse on the execution and testing of its key functionalities.
Similar content being viewed by others
References
Zimmermann PR (1995) The official PGP User’s Guide., MIT Press, Cambridge
OpenSSL. http://www.openssl.org
Karbasi AH, Atani RE, Atani SE (2019) A new ring-based SPHF and PAKE protocol on ideal lattices. ISC Int J Inf Secur (ISeCure) 11(1):75–86
Gentry C (2009) Fully homomorphic encryption using ideal lattices. In: 41st ACM STOC. ACM Press, Bethesda, pp 169–178
Lyubashevsky V, Peikert C, Regev O (2013) On ideal lattices and learning with errors over rings. J ACM 60(6):43:1–43:35
Lyubashevsky V, Peikert C, Regev O (2013) A toolkit for ring-LWE cryptography. In: Johansson T, Nguyen PQ (eds) Eurocrypt 2013, Vol. 7881 of LNCS. Springer, pp 35–54
Cramer R, Shoup V (2002) Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Eurocrypt. Springer Press, Amsterdam, pp 45–64
Gennaro R, Lindell Y (2003) A framework for password-based authenticated key exchange. In: Eurocrypt. Springer Press, Warsaw, pp 524–543
Abdalla M, Chevalier C, Pointcheval D (2009) Smooth projective hashing for conditionally extractable commitments. In: CRYPTO. Springer Press, Santa Barbara, pp 671–689
Blazy O, Pointcheval D, Vergnaud D (2012) Round-optimal privacy-preserving protocols with smooth projective hash functions. In: TCC. Springer Press, Taormina, pp 94–111
Katz J, Ostrovsky R, Yung M (2001) Efficient password-authenticated key exchange using human-memorable passwords. In: Eurocrypt. Springer Press, Innsbruck, pp 475–494
Bellare M, Pointcheval D, Rogaway P (2000) Authenticated key exchange secure against dictionary attacks. In: Eurocrypt. Springer press, Bruges, pp 139–155
SPEKE: RFC5931, RFC6617, IEEE P1363.2, U.S. Patent 6,226,383
J-PAKE Implemented in OpenSSL, NSS, used by FIREFOX-SYNC. https://wiki.mozilla.org/Services/KeyExchange
Gong L, Lomas TMA, Needham RM, Saltzer JH (1993) Protecting poorly chosen secrets from guessing attacks. IEEE J Sel Area Comm 11(5):648–656
Halevi S, cryptography H. Krawczyk. (1999) Public-key cryptography and password protocols. ACM Trans Inf Syst Secur 2(3):230–268
Bellovin SM, Merritt M (1992) Encrypted key exchange: Password-based protocols secure against dictionary attacks. In: IEEE Symposium on security and privacy. IEEE Press, pp 72–84
MacKenzie PD, Patel S, Swaminathan R (2000) Password-authenticated key exchange based on RSA. In: Asiacrypt. Springer Press, pp 599–613
Goldreich O, Lindell Y (2006) Session-key generation using human passwords only. J Cryptol 19(3):241–340
Boyko V, MacKenzie PD, Patel S (2000) Provably secure password-authenticated key exchange using Diffie-Hellman. In: Eurocrypt. Springer Press, pp 156–171
Nguyen MH, Vadhan S (2008) Simpler session-key generation from short random passwords. J Cryptol 21 (1):52–96
Benhamouda F, Blazy O, Chevalier C, Pointcheval D, Vergnaud D (2013) New techniques for SPHFs and efficient one-round PAKE protocols. In: Crypto. Springer Press, Santa Barbara, pp 449–475
Gennaro R (2008) Faster and shorter passwordauthenticated key exchange. In: TCC. Springer Press, pp 589–606
Katz J, MacKenzie PD, Taban G, Gligor VD (2005) Two-server password-only authenticated key exchange. In: 3Rd international conference on applied cryptography and network security (ACNS). Springer Press, pp 1–16
Canetti R, Halevi S, Katz J, Lindell Y, MacKenzie PD (2005) Universally composable password-based key exchange. In: Eurocrypt. Springer Press, pp 404–421
Gennaro R (2006) Y. Lindell. A framework for password-based authenticated key exchange. ACM Trans Inf Syst Secur 9(2):181–234
Jiang S, Gong G (2004) Password based key exchange with mutual authentication. In: 11Th annual international workshop on selected areas in cryptography (SAC). Springer Press, pp 267– 279
Katz J, Vaikuntanathan V (2009) Smooth projective hashing and password-based authenticated key exchange from lattices. In: Asiacrypt. Springer Press, Tokyo, pp 636–652
Rivest RL, Shamir A, Adleman LM (1978) A method for obtaining digital signatures and public-key cryptosystems. Commun ACM 21(2):120–126
Diffie W, Hellman ME (1976) New directions in cryptography. IEEE Trans Inf Theory, IT- 22(6):644–654
Zhang J, Zhang Z, Ding J, Snook M, Dagdelen O (2015) Authenticated key exchange from ideal lattices. In: Oswald E., Fischlin M (eds) Eurocrypt 2015. LNCS, vol 9057. Springer, Berlin, pp 719–751
Ding J, Alsayigh S, Lancrenon J (2017) Provably secure password authenticated key exchange based on RLWE for the Post-Quantum world. CT-RSA, pp 183–204
Benhamouda F, Blazy O, Ducas L, Quach W (2018) Hash proof systems over lattices revisited. Public-Key Cryptography (PKC), pp 644–674
Travers J, Milgram S (1967) The small world problem. In: Phychology today 1, pp 61–67
Penning HP Analysis of the strong set in the PGP web of trust. https://pgp.cs.uu.nl/plot/ (visited on 02/16/2019)
Pors M Understanding the IPFS White Paper part 2. url=https://decentralized.blog/ understanding-the-ipfs-white-paper-part-2.html. (visited on 02/16/2019)
Nakamoto S Bitcoin: a peer-to-peer electronic cash system. White paper
Opara EU, Soluade OA (2015) Straddling the next cyber frontier: the empirical analysis on network security, exploits, and vulnerabilities. Int J Electron Inf Eng 3(1):10–18
Singh J (2014) Cyber-attacks in cloud computing: a case study. Int J Electron Inf Eng 1(2):78–87
Garay J, Kiayias A, Leonardos N (2015) The bitcoin backbone protocol: analysis and applications. Springer, Berlin, pp 281–310
Gervais A, Karame GO, Capkun V, Capkun S (2014) Is bitcoin a decentralized currency? IEEE Secur Privacy 12:54–60
Buterin V, et al. (2013) Ethereum white paper
Wood G (2014) Ethereum: a secure decentralised generalised transaction ledger. In: Ethereum project yellow paper 151
Solidity Language. https://solidity.readthedocs.io/en/develop/ (visited on 02/18/2019)
Remix-Solidity IDE. https://remix.readthedocs.io/en/latest/(visitedon02/18/2019)
Serpent Language. https://github.com/ethereum/wiki/wiki/ Serpent (visited on 02/18/2019)
Schneier B (2007) Applied cryptography: protocols, algorithms, and source code in C. Wiley, New York
McKinley HL (2003) SSL And TLS: a beginners guide SANS institute
Huawei Z, Ruixia L (2009) A scheme to improve security of SSL. In: Proceedings of the Pacific-Asia Conference on Circuits, Communications and System, (PACCS’ 09)
Stevens M, Sotirov A, Appelbaum J, Lenstra A, Molnar D, Osvik DA, Weger B (2009) Short chosen-prefix collisions for MD5 and the creation of a rogue CA certificate. In: Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology. Springer, Berlin, pp 55–69
Kaminsky D, Patterson ML, Sassaman L (2010) PKI Layer cake: new collision attacks against the global x.509 infrastructure. In: Proceedings of Financial Cryptography and Data Security - 14th International Conference (FC 2010)
Sotirov A, Zusman M. Breaking the Security Myths of Extended Validation SSL Certificates. BlackHat USA, 2009. www.blackhat.com/presentations/bhusa-09/SOTIROV/BHUSA09-SotirovAttackExtSSL-SLIDES.pdf (visited on 02/23/2019)
Marlinspike M. More Tricks for Defeating SSL in Practice. BlackHat USA, 2009. www.blackhat.com/presentations/bh-usa-09/MARLINSPIKE/BHUSA09-MarlinspikeDefeatSSL-SLIDES.pdf (visited on 02/23/2019)
Ray M, Dispensa S. Renegotiating TLS. 2009. https://kryptera.se/Renegotiating%20TLS.pdf (visited on 02/23/2019).
Schechter SE, Dhamija R, Ozment A, Fischer I (2007) The emperor’s new security indicators. In: SP ’07: Proceedings of the 2007 IEEE Symposium on Security and Privacy, pp 51–65, Washington, DC, USA
Marlinspike M. sslsniff, 2009. https://moxie.org/software/sslsniff/ (visited on 02/23/2019)
Marlinspike M. sslsniff, 2009. https://moxie.org/software/sslstrip/ (visited on 02/23/2019)
Lee Y, Hur S, Won D, Kim S (2009) Cipher suite setting problem of SSL protocol and it’s solutions. In: Proceedings of the International Conference on Advanced Information Networking and Applications Workshops, (WAINA ’09)
Christopher S, Stamm S (2011) Certified lies: Detecting and defeating government interception attacks against SSL (short paper). International Conference on Financial Cryptography and Data Security. Springer, Berlin
Wagner R, Bryner J (2006) Address resolution protocol spoofing and MITM attacks SANS institute
Joshi Y, Das D, Saha S (2009) Mitigating man in the middle attack over secure sockets layer. In: Proceedings of the International Conference on Internet Multimedia Services Architecture and Applications, (IMSAA ’09)
Cheng K, Gao M, Guo R (2010) Analysis and research on HTTPS hijacking attacks. In: Proceedings of the Second International Conference Networks Security Wireless Communications and Trusted Computing, (NSWCTC ’10)
Jiang D, Xinghui L, Hua H. (2011) A Study of Man-in-the-Middle Attack Based on SSL Certificate Interaction. In: Proceedings of the 2011 First International Conference on Instrumentation, Measurement, Computer, Communication and Control, (IMCCC ’11)
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Karbasi, A.H., Shahpasand, S. A post-quantum end-to-end encryption over smart contract-based blockchain for defeating man-in-the-middle and interception attacks. Peer-to-Peer Netw. Appl. 13, 1423–1441 (2020). https://doi.org/10.1007/s12083-020-00901-w
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-020-00901-w