Cryptology ePrint Archive: Report 2020/854

Designing Reverse Firewalls for the Real World

Angèle Bossuat and Xavier Bultel and Pierre-Alain Fouque and Cristina Onete and Thyla van der Merwe

Abstract: Reverse Firewalls (RFs) were introduced by Mironov and Stephens-Davidowitz to address algorithm-substitution attacks (ASAs) in which an adversary subverts the implementation of a provably-secure cryptographic primitive to make it insecure. This concept was applied by Dodis et al. in the context of secure key exchange (handshake phase), where the adversary wants to exfiltrate sensitive information by using a subverted client implementation. RFs are used as a means of "sanitizing" the client-side protocol in order to prevent this exfiltration. In this paper, we propose a new security model for both the handshake and record layers, a.k.a. secure channel. We present a signed, Diffie-Hellman based secure channel protocol, and show how to design a provably-secure reverse firewall for it. Our model is stronger since the adversary has a larger surface of attacks, which makes the construction challenging. Our construction uses classical and off-the-shelf cryptography.

Category / Keywords: cryptographic protocols / reverse firewalls, provable security

Original Publication (with minor differences): ESORICS 2020

Date: received 9 Jul 2020, last revised 9 Jul 2020

Contact author: angele bossuat at irisa fr, xavier bultel@insa-cvl fr

Available format(s): PDF | BibTeX Citation

Version: 20200712:124308 (All versions of this report)

Short URL: ia.cr/2020/854


[ Cryptology ePrint archive ]