Cryptology ePrint Archive: Report 2017/1256

A Universally Composable Treatment of Network Time

Ran Canetti and Kyle Hogan and Aanchal Malhotra and Mayank Varia

Abstract: The security of almost any real-world distributed system today depends on the participants having some "reasonably accurate" sense of current real time. Indeed, to name one example, the very authenticity of practically any communication on the Internet today hinges on the ability of the parties to accurately detect revocation of certificates, or expiration of passwords or shared keys.

However, as recent attacks show, the standard protocols for determining time are subvertible, resulting in wide-spread security loss. Worse yet, we do not have security notions for network time protocols that (a) can be rigorously asserted and (b) rigorously guarantee security of applications that require a sense of real time.

We propose such notions, within the universally composable (UC) security framework. That is, we formulate ideal functionalities that capture a number of prevalent forms of time measurement within existing systems. We show how they can be realized by real-world protocols, and how they can be used to assert security of time-reliant applications --- specifically, certificates with revocation and expiration times. This allows for relatively clear and modular treatment of the use of time in security-sensitive systems.

Our modeling and analysis are done within the existing UC framework, in spite of its asynchronous, event-driven nature. This allows incorporating the use of real time within the existing body of analytical work done in this framework. In particular it allows for rigorous incorporation of real time within cryptographic tools and primitives.

Category / Keywords: cryptographic protocols /

Original Publication (with major differences): Computer Security Foundations (CSF) 2017
DOI:
10.1109/CSF.2017.38

Date: received 29 Dec 2017

Contact author: varia at bu edu

Available format(s): PDF | BibTeX Citation

Version: 20171230:183935 (All versions of this report)

Short URL: ia.cr/2017/1256

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]