TY - GEN
T1 - How to (Legally) Keep Secrets from Mobile Operators
AU - Arfaoui, Ghada
AU - Blazy, Olivier
AU - Bultel, Xavier
AU - Fouque, Pierre Alain
AU - Jacques, Thibaut
AU - Nedelcu, Adina
AU - Onete, Cristina
N1 - Publisher Copyright:
© 2021, Springer Nature Switzerland AG.
PY - 2021/1/1
Y1 - 2021/1/1
N2 - Secure-channel establishment allows two endpoints to communicate confidentially and authentically. Since they hide all data sent across them, good or bad, secure channels are often subject to mass surveillance in the name of (inter)national security. Some protocols are constructed to allow easy data interception. Others are designed to preserve data privacy and are either subverted or prohibited to use without trapdoors. We introduce LIKE, a primitive that provides secure-channel establishment with an exceptional, session-specific opening mechanism. Designed for mobile communications, where an operator forwards messages between the endpoints, it can also be used in other settings. LIKE allows Alice and Bob to establish a secure channel with respect to n authorities. If the authorities all agree on the need for interception, they can ensure that the session key is retrieved. As long as at least one honest authority prohibits interception, the key remains secure; moreover LIKE is versatile with respect to who learns the key. Furthermore, we guarantee non-frameability: nobody can falsely incriminate a user of taking part in a conversation; and honest-operator: if the operator accepts a transcript as valid, then the key retrieved by the authorities is the key that Alice and Bob should compute. Experimental results show that our protocol can be efficiently implemented.
AB - Secure-channel establishment allows two endpoints to communicate confidentially and authentically. Since they hide all data sent across them, good or bad, secure channels are often subject to mass surveillance in the name of (inter)national security. Some protocols are constructed to allow easy data interception. Others are designed to preserve data privacy and are either subverted or prohibited to use without trapdoors. We introduce LIKE, a primitive that provides secure-channel establishment with an exceptional, session-specific opening mechanism. Designed for mobile communications, where an operator forwards messages between the endpoints, it can also be used in other settings. LIKE allows Alice and Bob to establish a secure channel with respect to n authorities. If the authorities all agree on the need for interception, they can ensure that the session key is retrieved. As long as at least one honest authority prohibits interception, the key remains secure; moreover LIKE is versatile with respect to who learns the key. Furthermore, we guarantee non-frameability: nobody can falsely incriminate a user of taking part in a conversation; and honest-operator: if the operator accepts a transcript as valid, then the key retrieved by the authorities is the key that Alice and Bob should compute. Experimental results show that our protocol can be efficiently implemented.
U2 - 10.1007/978-3-030-88418-5_2
DO - 10.1007/978-3-030-88418-5_2
M3 - Conference contribution
AN - SCOPUS:85116898157
SN - 9783030884178
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 23
EP - 43
BT - Computer Security – ESORICS 2021 - 26th European Symposium on Research in Computer Security, Proceedings
A2 - Bertino, Elisa
A2 - Shulman, Haya
A2 - Waidner, Michael
PB - Springer Science and Business Media Deutschland GmbH
T2 - 26th European Symposium on Research in Computer Security, ESORICS 2021
Y2 - 4 October 2021 through 8 October 2021
ER -