Graduate Thesis Or Dissertation
 

Characterizing Server Compromise: Resilience Models, Instantiations, and Impossibilities

Public Deposited

Downloadable Content

Download PDF
https://ir.library.oregonstate.edu/concern/graduate_thesis_or_dissertations/c534fx789

Descriptions

Attribute NameValues
Creator
Abstract
  • One of the pervasive problems arising in our modern, digital world surrounds data breaches where an adversary, through zero-day exploitations, phishing, or old-fashioned social engineering attacks, gains access to a service’s data stores. Our society increasingly relies on these cloud-based services for everything from our taxes to personal communication. As many of these services, including those run by the government, often store biometric data such as fingerprints and other personally identifiable information, data breaches can cause immeasurable harm to a service’s userbase. Even when a service doesn’t store immediately harmful data on a user, the majority of authentication is mediated by passwords which are commonly recycled between different platforms. In these cases, one service’s breach can lead to breaches across many different services. It may not be immediately clear that we can even protect the server as, first glance, it may seem as if compromising a server’s data stores immediately leaks everything to the attacker. Even if some measure of post-breach security can be afforded, password-based authentication is doubly at risk as passwords come from some human memorable distribution and are considered to be of low complexity. This low complexity implies an inescapable attack where an adversary, who steals a server’s storage, can exhaustively run through a list of password guesses testing each one until it finds which one corresponds to a specific user. Since these so-called post-compromise dictionary attacks exist for all password-based authentication protocols we consider, it is incumbent on us to show that such exhaustive attacks are the best possible attack an adversary has. In this document, we undertake a characterization of party compromise, in the universal composability (UC) framework, in both the specific case of PAKE as well as the case of general secure two-party computation. To this end, we augment known results showing that we can restrict attackers to exhaustive attacks in the PAKE setting and extend these results to consider other PAKE modes such as typo-correcting password authentication. Along the way, we show that our notion of post-compromise security for authentication implies virtual black-box obfuscation. We then show that our strong notion of security is achievable for interactive evaluation of this class of functions; namely, those functions which already have virtual black-box obfuscations in idealized models. In pursuit of this result, we additionally construct a protocol for oblivious evaluation of a keyed group analogous to previous results for oblivious pseudorandom functions. We then show the applicability of our results by constructing efficient protocols achieving our strong notion of post-compromise security and show that previous protocols from the literature can be proven to achieve our definitions. This includes constructing the first pre-computation-resilient PAKE protocol from post-quantum assumptions and the first pre-computation-resilient PAKE protocol for fuzzy matching in the UC framework. As a secondary contribution, we provide the first (as far as we are aware) localized treatment of all UC models for post-compromise security in the PAKE setting, enumerating where previous models diverge and constructing explicit differentiators between them.
Contributor
License
Resource Type
Date Issued
Degree Level
Degree Name
Degree Field
Degree Grantor
Commencement Year
Advisor
Committee Member
Academic Affiliation
Rights Statement
Publisher
Peer Reviewed
Language

Relationships

Parents:

This work has no parents.

In Collection:

Items

Thumbnail Title Date Uploaded Visibility Actions
file details McQuoidIanM2023.pdf 2023-09-06 Public Download