Paper 2024/1086
Obfuscated Key Exchange
Abstract
Censorship circumvention tools enable clients to access endpoints in a network despite the presence of a censor. Censors use a variety of techniques to identify content they wish to block, including filtering traffic patterns that are characteristic of proxy or circumvention protocols and actively probing potential proxy servers. Circumvention practitioners have developed fully encrypted protocols (FEPs), intended to have traffic that appears indistinguishable from random. A FEP is typically composed of a key exchange protocol to establish shared secret keys, and then a secure channel protocol to encrypt application data; both must avoid revealing to observers that an obfuscated protocol is in use. We formalize the notion of obfuscated key exchange, capturing the requirement that a key exchange protocol's traffic "looks random" and that it resists active probing attacks, in addition to ensuring secure session keys and authentication. We show that the Tor network's obfs4 protocol satisfies this definition. We then show how to extend the obfs4 design to defend against stronger censorship attacks and present a quantum-safe obfuscated key exchange protocol. To instantiate our quantum-safe protocol using the ML-KEM (Kyber) standard, we present Kemeleon, a new mapping between ML-KEM public keys/ciphertexts and uniform byte strings.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. Major revision. ACM CCS 2024
- DOI
- 10.1145/3658644.3690220
- Keywords
- fully encrypted protocolsobfuscationkey exchangeobfs4ML-KEMquantum-safe
- Contact author(s)
-
mail @ felixguenther info
dstebila @ uwaterloo ca
shannon veitch @ inf ethz ch - History
- 2024-10-31: last of 2 revisions
- 2024-07-03: received
- See all versions
- Short URL
- https://ia.cr/2024/1086
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/1086, author = {Felix Günther and Douglas Stebila and Shannon Veitch}, title = {Obfuscated Key Exchange}, howpublished = {Cryptology {ePrint} Archive, Paper 2024/1086}, year = {2024}, doi = {10.1145/3658644.3690220}, url = {https://eprint.iacr.org/2024/1086} }