Table Of ContentBuilding Security Protocols Against Powerful Adversaries
THÈSE NO 7079 (2016)
PRÉSENTÉE LE 7 OCTOBRE 2016
À LA FACULTÉ INFORMATIQUE ET COMMUNICATIONS
LABORATOIRE D'ARCHITECTURE DES RÉSEAUX
PROGRAMME DOCTORAL EN INFORMATIQUE ET COMMUNICATIONS
ÉCOLE POLYTECHNIQUE FÉDÉRALE DE LAUSANNE
POUR L'OBTENTION DU GRADE DE DOCTEUR ÈS SCIENCES
PAR
Iris SAFAKA
acceptée sur proposition du jury:
Dr O. Lévêque, président du jury
Prof. A. Argyraki, Prof. C. Fragouli, directrices de thèse
Prof. P. Papadimitratos, rapporteur
Prof. S. Diggavi, rapporteur
Prof. B. Ford, rapporteur
Suisse
2016
Whatmattersmostishow
wellyouwalkthroughfire.
—CharlesBukowski
Tomyfamily,
Afroditi&Thanasis,Alexandros,andLorenzo
Acknowledgments
First and foremost, I would like to express my gratitude and respect to my advisor Prof.
ChristinaFragouli.IamgratefultoChristinaforgivingmetheopportunitytoworkonexciting
research topics, for her exceptional technical guidance and for her ever-positive attitude,
motivatingapproachandsupportthathavebeenofsignificantimportanceduringmyPhD.
I truly believe Christina is an example of a brilliant advisor and of the kind of professors
academianowadaysneeds.Shehashelpedmetodevelopbothprofessionallyandpersonally
andIfeelhonoredtohavehadherasmyadvisor.
Second,Iwouldliketothankmyco-advisorProf. KaterinaArgyrakiforherguidanceand
supportduringmyPhD.WhilecollaboratingwithKaterina,Ihadtheuniqueopportunityto
acquirevaluableknowledgebyobservingherconductingoutstandingresearchwhilealso
deliveringtopqualityacademicteaching.Shehasinspiredmeinvariouswaysandshehas
motivated me to always aim for excellence. Her genuine advise, help and support were
fundamentaltowardcompletionofthisthesisandIamtrulygratefultoher.
Iwouldalsoliketothankthemembersofmythesiscommittee,Dr. OlivierLévêque,Prof.
SuhasDiggavi,Prof.PanosPapadimitratosandProf.BryanFord,foracceptingtoevaluatemy
workandforprovidingusefulfeedback.
I am very grateful to our secretary Françoise Behn and our system administrator Damir
Laurenzi,the“invisible”supportteamofmythesis–andofmanyothers’aswell.Fromthe
firstdayIarrivedinLausanne,thesepeopleensuredthatIfeltwelcomedandthattherewas
alwayssomeonetowhomIcouldturntoforsupport.Theirhelpfulattitudeandeffectiveness
inprovidingsolutionshavecreatedafunctionallabenvironmentthatallowedustofocus
undistractedonourresearch.
InEPFLIhadtheopportunitytomeet, collaborateandbefriendwithexceptionalpeople.
First,IwouldliketothankmycolleaguesandfriendsinARNI,EmreAtsan,AyanSengupta,
LászlóCzapandSiddharthaBrahma,andinNAL,MihaiDobrescuandPavlosNikolopoulos,
fortheirfriendshipandsupportduringthegoodandthebadmomentsofthePhD.Second,a
bigthankstomyfriendsandfellowPhDstudentsChristinaVlachouandSofiaKarygiannifor
beingasecondfamilytome,andtoDorina,Manos,Yiannis,Tassos,Matt,IraklisandVassilis
forsharingunforgettablemomentsthroughtheseyears. Finally,aspecialthanktoMarina
andGeorge,whosesupportwascrucialduringmyfirstmonthsinLausanne,andalsotomy
friendsKaterina,Yiannis,Antonis,Thomas,AthinaandSissyforalwaysbeingthereforme.
i
Acknowledgments
Finally,Iwouldliketothankmyparents,AfroditiandThanasis,andmybrotherAlexandros.
Theirunconditionalloveandsupport,notonlyduringmyPhDbutineverystepofmylife
sofar,hasalwaysbeenmyreferencepointandhasgivenmethestrengthandmotivation
toovercomedifficulties. Lastbutnotleast,aheartfeltthankstoLorenzo–Icannotindeed
thankhimenoughforthelove,care,supportandmotivationhehasgivenmefromthevery
beginning.
Lausanne,20June2016 IrisSafaka
ii
Abstract
AsoursensitivedataisincreasinglycarriedovertheInternetandstoredremotely,security
incommunicationsbecomesafundamentalrequirement.Yet,today’ssecuritypracticesare
designedaroundassumptionsthevalidityofwhichisbeingchallenged. Inthisthesiswe
designnewsecuritymechanismsforcertainscenarioswheretraditionalsecurityassumptions
donothold.
First,wedesignsecret-agreementprotocolsforwirelessnetworks,wherethesecurityofthe
secretsdoesnotdependonassumptionsaboutthecomputationallimitationsofadversaries.
Ourprotocolsleverageintrinsiccharacteristicsofthewirelesstoenablenodestoagreeon
commonpairwisesecretsthataresecureagainstcomputationallyunconstrainedadversaries.
Throughtestbedandsimulationexperimentation,weshowthatitisfeasibleinpracticeto
createthousandsofsecretbitspersecond.
Second, we propose a traffic anonymization scheme for wireless networks. Our protocol
aimsinprovidinganonymityinafashionsimilartoTor–yetbeingresilienttocomputation-
allyunboundedadversaries–byexploitingthesecuritypropertiesofoursecret-agreement.
Ouranalysisandsimulationresultsindicatethatourschemecanofferalevelofanonymity
comparabletothelevelofanonymitythatTordoes.
Third,wedesignalightweightdataencryptionprotocolforprotectingagainstcomputationally
powerfuladversariesinwirelesssensornetworks.Ourprotocolaimsinincreasingtheinherent
weaksecuritythatnetworkcodingnaturallyoffers,atalowextraoverhead. Ourextensive
simulationresultsdemonstratetheadditionalsecuritybenefitsofourapproach.
Finally,wepresentasteganographicmechanismforsecretmessageexchangeoveruntrust-
worthymessagingserviceproviders.Ourschememaskssecretmessagesintoinnocuoustexts,
aiminginhidingthefactthatsecretmessageexchangeistakingplace. Ourresultsindicate
thatourschemessucceedsincommunicatinghiddeninformationatnon-negligiblerates.
Keywords:security,secretkeygeneration,anonymizingnetworks,linguisticsteganography
iii
Riassunto
PoichéunasempremaggiorequantitàdidatisensibilivieneinviataviaInternetedimmagaz-
zinatanellarete,lasicurezzadellecomunicazionidiventauntemasemprepiùimportante.
Allostessotempolavaliditàdialcunedelleipotesi,sullequalilepratichedisicurezzainuso
sonostatepensate,èmessaindiscussione.Inquestatesiproponiamonuovimeccanismidi
sicurezza,ilcuifunzionamentoègarantitoanchesealcunediquesteipotesinonsonovalide.
Nellaprimaparteproponiamounprotocollodigenerazionedichiaviperretisenzafili,lacui
sicurezzanondipendedallatradizionaleipotesichevuolelacapacitàdicalcolodegliavversari
limitata.Ilprotocollopropostosfruttalecaratteristicheintrinsechedellacomunicazionesenza
filiperpermettereadognicoppiadinodidellaretediaccordarsisudellechiavichesono
sicuredaunavversarioconcapacitàdicalcoloillimitate.Grazieadunbancodiprovaead
esperimentisimulatimostriamocheconquestoprotocolloèpossibilecrearemigliaiadibit
segretipersecondo.
Nellasecondaparteproponiamounschemachepermettedicomunicareinformaanonima
inretisenzafili.Ilnostroprotocollomiraadoffrireun’anonimiasimileaquellaoffertadal
protocollo Tor – ma, a differenza di quest’ultimo, è in grado di resistere ad attacchi d’un
avversario con capacità di calcolo illimitate – grazie all’uso del protocollo di generazione
dichiavipropostonellaprimaparte.Lanostraanalisieirisultatidellenostresimulazioni
indicanochequestoschemaoffreunlivellod’anonimiasimileaquelloraggiuntodaTor.
Nellaterzaparteprogettiamounprotocollodicriptazioneperproteggerelecomunicazioni
nelleretidisensorisenzafilidaavversariconcapacitàdicalcoloillimitate.Ilnostroprotocollo
miraamigliorarelasicurezzachenaturalmentelacodificadiretegarantisce,usandolescarse
risorsedisponibilisusensoriabassoconsumoenergetico.Irisultatidellenostresimulazioni
mostranocheilnostroprotocolloportaadunmiglioramentodellasicurezza.
Perfinirepresentiamounmeccanismodisteganografiachepermettediscambiaremessaggi
attraversounfornitorediservizidimessaggisticadicuinonsihacompletafiducia.Ilnostro
schemanascondeimessaggisegretiintestodalcontenutoapparentementeinnocuo,alfinedi
nascondereilfattocheilmessaggiosegretoèstatoinviato.Inostriesperimentimostranoche
loschemariesceacomunicarel’informazionenascostaavelocitàditrasmissionesignificative.
v
Acknowledgments
Keywords:sicurezza,generazionedichiavi,retianonime,steganografialinguistica
vi
Description:in providing solutions have created a functional lab environment that allowed us to focus undistracted on our research. In EPFL I had the opportunity to . schema nasconde i messaggi segreti in testo dal contenuto apparentemente innocuo, al fine di nascondere il fatto che il messaggio segreto è sta
