cothority framework and using it to build a login serviceDEDIS EPFL 201819 Lucas PiresResponsible Prof Bryan Ford Dr EwaSytaSupervisorLinus Gasser1Integrating DAGA into the cothority framework and u ID: 871883
Download Pdf The PPT/PDF document "Integrating DAGA into the" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
1 Integrating DAGA into the cothority fra
Integrating DAGA into the cothority framework and using it to build a login service DEDIS, EPFL 2018/19 - Lucas Pires Responsible: Prof. Bryan Ford, Dr. E
2 wa Syta Supervisor: Linus Gasser 1 Integ
wa Syta Supervisor: Linus Gasser 1 Integrating DAGA into the cothority framework and using it to build a login service D eniable A nonymous G roup A uthen
3 tication ⢠Decentralized Authenticatio
tication ⢠Decentralized Authentication Protocol ⢠Forward - security, etc. more later 2 Motivation / Intro ⢠Authentication Identification and Privacy
4 ⢠â where possible, get rid of ident
⢠â where possible, get rid of identification ⢠â DAGA ⢠GOAL: offer easy way to use DAGA, Login Service 3 Overview ⢠Background / DAGA ⢠Cothori
5 ty implementation ⢠Authentication de
ty implementation ⢠Authentication delegation ⢠PoC & demo ⢠Conclusion 4 Background / DAGA 5 Properties Description Big picture Background / DAGA â
6 6 DAGA Background / DAGA â 6 DAGA Ent
6 DAGA Background / DAGA â 6 DAGA Entity / user Background / DAGA â 6 DAGA Anytrust servers Entity / user Background / DAGA â 6 DAGA Anytrust servers
7 Entity / user Group Auth. request Decisi
Entity / user Group Auth. request Decision Background / DAGA â 7 DAGA Anytrust servers Entity / user ⢠Completeness ⢠Soundness Group Auth. request Deci
8 sion Background / DAGA â 7 DAGA Anytr
sion Background / DAGA â 7 DAGA Anytrust servers Entity / user ⢠Completeness ⢠Soundness ⢠Anonymity Group Auth. request Decision Background / DAGA
9 â 8 DAGA Entity / user ⢠Anonymity â
â 8 DAGA Entity / user ⢠Anonymity ⢠Proportionality Group Auth. request Decision Anytrust servers + Linkage Tag Background / DAGA â 9 DAGA ⢠Anonym
10 ity ⢠Proportionality ⢠Deniability
ity ⢠Proportionality ⢠Deniability Group Auth. request Decision Entity / user Anytrust servers + Linkage Tag Background / DAGA â 10 DAGA ⢠Anonymity
11 ⢠Proportionality ⢠Deniability â¢
⢠Proportionality ⢠Deniability ⢠Forward security Group Auth. request Decision Anytrust servers Entity / user + Linkage Tag Background / DAGA â 11 Ve
12 rifiers Prover Context Build request / c
rifiers Prover Context Build request / clientâs protocol Adapted / redrawn from https://github.com/dedis/student_17/blob/master/pfs_pop/presentation_pfs_pop
13 .pdf Background / DAGA â 11 Verifiers
.pdf Background / DAGA â 11 Verifiers Prover Context Build request / clientâs protocol Initial tag Adapted / redrawn from https://github.com/dedis/studen
14 t_17/blob/master/pfs_pop/presentation_pf
t_17/blob/master/pfs_pop/presentation_pfs_pop.pdf Background / DAGA â 11 Verifiers Prover Context Build request / clientâs protocol Initial tag Proof gene
15 ration Adapted / redrawn from https://g
ration Adapted / redrawn from https://github.com/dedis/student_17/blob/master/pfs_pop/presentation_pfs_pop.pdf Distributed randomness / challenge generation
16 â Challenge â commitments Backgroun
â Challenge â commitments Background / DAGA â 11 Verifiers Prover Context Build request / clientâs protocol Initial tag Proof generation Adapted / r
17 edrawn from https://github.com/dedis/stu
edrawn from https://github.com/dedis/student_17/blob/master/pfs_pop/presentation_pfs_pop.pdf Distributed randomness / challenge generation â Challenge â
18 commitments Request (with â response
commitments Request (with â responses) Serversâ protocol Collective proof verification, decision and Tag building Linkage tag Overview ⢠Background /
19 DAGA ⢠Cothority implementation â¢
DAGA ⢠Cothority implementation ⢠Authentication delegation ⢠PoC demo ⢠Conclusion &? Future 12 Cothority Implementation 13 ⢠DAGA Library (contin
20 uation of A. Villardâs work) ⢠New S
uation of A. Villardâs work) ⢠New Service & Protocols (context generation / challenge generation / DAGA serversâ protocol) ⢠Can run simulations loca
21 lly and on DETERLab ⢠80% code cove
lly and on DETERLab ⢠80% code coverage ⢠Possible to generate proto files ⢠CLI client Cothority Implementation 14 ⢠DAGA Library (continuation of
22 A. Villardâs work) ⢠New Service & P
A. Villardâs work) ⢠New Service & Protocols (context generation / challenge generation / DAGA serversâ protocol) ⢠Can run simulations locally and on
23 DETERLab ⢠80% code coverage ⢠Pos
DETERLab ⢠80% code coverage ⢠Possible to generate proto files ⢠CLI client 15 DAGA Cothority 16 Client / 3 rd party service admin 1) Collect public
24 keys of subscribers 2) Build a roster
keys of subscribers 2) Build a roster of willing conodes (partnerships or open access nodes) Administrative phase 16 Client / 3 rd party service admin Con
25 text generation protocol Random node 1)
text generation protocol Random node 1) Collect public keys of subscribers 2) Build a roster of willing conodes (partnerships or open access nodes) 3) Ca
26 ll CreateContext ( keys , roster ) Adm
ll CreateContext ( keys , roster ) Administrative phase Other nodes 16 Client / 3 rd party service admin Context Context generation protocol Random node 1) C
27 ollect public keys of subscribers 2) B
ollect public keys of subscribers 2) Build a roster of willing conodes (partnerships or open access nodes) 3) Call CreateContext ( keys , roster ) Admi
28 nistrative phase Other nodes New Cothori
nistrative phase Other nodes New Cothority For the new context Entity Build auth. Message M Initial tag Proof generation challenge generation protocol â C
29 hallenge Call Auth(M, ) Ser
hallenge Call Auth(M, ) Serversâ protocol Linkage tag DAGA cothority Call PKClient ( â commitments, ) DAGA context Need to keep
30 state across endpoint calls â avoid b
state across endpoint calls â avoid by storing it in clients Cothority Implementation 18 ⢠DAGA Library (continuation of A. Villardâs work) ⢠New Serv
31 ice & Protocols (context generation / c
ice & Protocols (context generation / challenge generation / DAGA serversâ protocol) ⢠Can run simulations locally and on DETERLab ⢠80% code coverage
32 ⢠Possible to generate proto files â¢
⢠Possible to generate proto files ⢠CLI client Simulation results â total authentication time 19 2) Local Setup: ⢠Debian 9, AMD64 ⢠CPU: 8 @ 2.50
33 GHz ⢠RAM: 16 GiB 1) DETERLab Setup:
GHz ⢠RAM: 16 GiB 1) DETERLab Setup: ⢠pc2133 nodes: ⢠Ubuntu 14.04, AMD64 ⢠CPU: 4 @ 2,13 GHz ⢠RAM: 4 GiB ⢠LAN with 100 ms delay Local DETE
34 RLab Wall time [s] Number of group membe
RLab Wall time [s] Number of group members Number of group members Original results and previous studentâs results 20 Taken from https://github.com/dedis/stu
35 dent_17/blob/master/pfs_pop/presentation
dent_17/blob/master/pfs_pop/presentation_pfs_pop.pdf Original paper (2014) Previous student Simulation results â total authentication time 21 Wall time [s]
36 Local 4 servers Local 16 servers Number
Local 4 servers Local 16 servers Number of group members Number of group members Simulation results â total server traffic 22 Traffic [KiB] ~ Previous stu
37 dentâs results Cothority Implementatio
dentâs results Cothority Implementation 23 ⢠DAGA Library (continuation of A. Villardâs work) ⢠New Service & Protocols (context generation / challeng
38 e generation / DAGA serversâ protocol)
e generation / DAGA serversâ protocol) ⢠Can run simulations locally and on DETERLab ⢠80% code coverage ⢠Possible to generate proto files ⢠CLI cl
39 ient Overview ⢠Background / DAGA â¢
ient Overview ⢠Background / DAGA ⢠Cothority implementation ⢠Authentication delegation ⢠PoC demo ⢠Conclusion &? Future 24 Authentication delegat
40 ion 25 DAGA cothority Entity / user Auth
ion 25 DAGA cothority Entity / user Authentication delegation 25 DAGA cothority Entity / user Service Provider Authentication delegation 25 DAGA cothority Ent
41 ity / user Service Provider Authenticat
ity / user Service Provider Authentication delegation 25 DAGA cothority Entity / user Service Provider Authentication Delegation Protocol 26 RP IdP OpenID c
42 onnect authentication - âcode flowâ
onnect authentication - âcode flowâ 26 RP GET rp /login IdP OpenID connect authentication - âcode flowâ 26 RP GET IdP / daga_auth REDIRECT IdP / d
43 aga_auth GET rp /login IdP OpenID conne
aga_auth GET rp /login IdP OpenID connect authentication - âcode flowâ 26 RP IdP authenticates user - agent GET IdP / daga_auth REDIRECT IdP / daga_aut
44 h 200 authentication page GET rp /login
h 200 authentication page GET rp /login GET rp /callback with code REDIRECT rp /callback with code IdP OpenID connect authentication - âcode flowâ 26
45 RP IdP authenticates user - agent GET
RP IdP authenticates user - agent GET IdP / daga_auth REDIRECT IdP / daga_auth 200 authentication page GET rp /login GET rp /callback with code POST IdP
46 / token_endpoint with code 200 token
/ token_endpoint with code 200 token REDIRECT rp /callback with code IdP OpenID connect authentication - âcode flowâ 27 RP IdP GET IdP / daga_auth R
47 EDIRECT IdP / daga_auth 200 authenticat
EDIRECT IdP / daga_auth 200 authentication page GET rp /login 27 RP IdP GET IdP / daga_auth REDIRECT IdP / daga_auth 200 authentication page GET rp /login
48 27 RP IdP DAGA client daemon Browser /
27 RP IdP DAGA client daemon Browser / WEB UI REDIRECT IdP / daga_auth 200 authentication page GET rp /login GET IdP / daga_auth 28 RP IdP DAGA client d
49 aemon Browser / WEB UI 28 RP IdP DAGA c
aemon Browser / WEB UI 28 RP IdP DAGA client daemon Browser / WEB UI Arguments, context + key 28 RP IdP DAGA client daemon Browser / WEB UI Arguments, co
50 ntext + key Call PKClient (commitments
ntext + key Call PKClient (commitments) Challenge 28 RP IdP DAGA client daemon Browser / WEB UI Arguments, context + key Call PKClient (commitments) Chal
51 lenge Auth. Msg 28 RP IdP DAGA client d
lenge Auth. Msg 28 RP IdP DAGA client daemon Browser / WEB UI Arguments, context + key Call PKClient (commitments) Challenge Auth. Msg POST back with Auth.
52 msg 28 RP IdP DAGA client daemon Brows
msg 28 RP IdP DAGA client daemon Browser / WEB UI Arguments, context + key Call PKClient (commitments) Challenge Auth. Msg POST back with Auth. msg Call
53 Auth (Auth. msg) Linkage Tag 28 RP IdP D
Auth (Auth. msg) Linkage Tag 28 RP IdP DAGA client daemon Browser / WEB UI Arguments, context + key Call PKClient (commitments) Challenge Auth. Msg POST ba
54 ck with Auth. msg Call Auth (Auth. msg)
ck with Auth. msg Call Auth (Auth. msg) Linkage Tag GET rp /callback with code REDIRECT rp /callback with code 28 RP IdP DAGA client daemon Browser / WE
55 B UI Arguments, context + key Call PKC
B UI Arguments, context + key Call PKClient (commitments) Challenge Auth. Msg POST back with Auth. msg Call Auth (Auth. msg) Linkage Tag GET rp /callback w
56 ith code POST IdP / token_endpoint wit
ith code POST IdP / token_endpoint with code 200 token REDIRECT rp /callback with code Demo 29 Conclusion 30 ⢠Democratization of DAGA as anonymous au
57 thentication is feasible ⢠Future work
thentication is feasible ⢠Future works: Conclusion 30 ⢠Democratization of DAGA as anonymous authentication is feasible ⢠Future works: ⢠Need ways t
58 o manage partnerships and evolve context
o manage partnerships and evolve contexts Conclusion 30 ⢠Democratization of DAGA as anonymous authentication is feasible ⢠Future works: ⢠Need ways to
59 manage partnerships and evolve contexts
manage partnerships and evolve contexts ⢠Need ways to scale (random sub - groups) Conclusion 30 ⢠Democratization of DAGA as anonymous authentication is
60 feasible ⢠Future works: ⢠Need way
feasible ⢠Future works: ⢠Need ways to manage partnerships and evolve contexts ⢠Need ways to scale (random sub - groups) ⢠Need to armor everything
61 (memory protection,â¦) 31 Taken from ht
(memory protection,â¦) 31 Taken from https://github.com/dedis/student_17/blob/master/pfs_pop/report_pfs_pop.pdf 32 Local 8 servers, linear Local 8 servers, li