CYBORG Cryptographic Security: Bluetooth, Signal, and Beyond
Presented as part of the 2021 HCSS conference.
ABSTRACT
Cryptographic analyses frequently focus on the device-to-device channel – a perspective often sufficient for network security protocols. However, in many cases the end user is an active participant in the protocol. In Bluetooth Passkey Entry, Signal Authentication, WhatsApp Authentication, and some ISO protocols, the user acts as a trusted third party that interacts directly with the cryptographic protocol. Common analysis techniques ignore such interaction as out-of-scope. In this presentation, we will outline the CYBORG compositional approach to cryptographic modeling, namely the capturing of user-to-device channels, as well as the typical device-to-device channels. The CYBORG model enables realistic real-world security analysis in light of published attacks on user-mediated protocols such as Bluetooth that leverage malware and device displays. We highlight how such attacks have been overlooked by ignoring user interaction in protocol analysis. Moreover, we will present analysis results on Bluetooth Passkey Entry that point to improved design approaches for user-mediated protocols.
This talk addresses the conference theme of compositional security, in that it looks beyond a simple device -to-device analysis approach and extends to the user interface, pointing to security risks associated with that and the interlocking effects of the two. Moreover, this presentation has particular future-looking relevancy to the theme of Continuous Development: interface interaction with cryptographic protocols have wide implications, and this talk points to integration and expansion of analysis techniques for a wholistic system view.
Dr. Britta Hale is a cryptographer and Assistant Professor in Computer Science at the Naval Postgraduate School in Computer Science. Dr. Hale has a PhD from the Norwegian University of Science and Technology (NTNU), and a Master’s of Science in the Mathematics of Cryptography and Communications from Royal Holloway University of London (RHUL). Her focus areas include cryptographic key exchange and authentication protocols, protocol self-healing, post-quantum hybrids, unmanned vehicle security, and secure channels within constrained settings. Dr. Hale is currently a member of the Message Layer Security (MLS) working group of the Internet Engineering Task Force (IETF) and International Association for Cryptologic Research (IACR).