DIDO: Data Provenance from Restricted TLS 1.3 Websites

Kwan Yin Chan; Handong Cui; Tsz Hon Yuen

doi:10.1007/978-981-99-7032-2_10

DIDO: Data Provenance from Restricted TLS 1.3 Websites

Kwan Yin Chan
, Handong Cui
, Tsz Hon Yuen

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

Abstract

Public data can be authenticated by obtaining from a trustworthy website with TLS. Private data, such as user profile, are usually restricted from public access. If a user wants to authenticate his private data (e.g., address) provided by a restricted website (e.g., user profile page of a utility company website) to a verifier, he cannot simply give his username and password to the verifier. DECO (CCS 2020) provides a solution for liberating these data without introducing undesirable trust assumption, nor requiring server-side modification for TLS 1.2.

In this paper, we propose an optimized solution for TLS 1.3 websites. We tackle a number of open problems, including the support of X25519 key exchange in TLS 1.3, the design of round-optimal three-party key exchange, the architecture of two-party computation of TLS 1.3 key scheduling, and circuit design optimized for two-party computation. We test our implementation with real world website and show that our optimization is necessary to avoid timeout in TLS handshake.

Original language	English
Title of host publication	Information Security Practice and Experience - 18th International Conference, ISPEC 2023 Copenhagen, Denmark, August 24–25, 2023 Proceedings
Editors	Weizhi Meng, Zheng Yan, Vincenzo Piuri
Place of Publication	Singapore Singapore
Publisher	Springer
Pages	154-169
Number of pages	16
ISBN (Electronic)	9789819970322
ISBN (Print)	9789819970315
DOIs	https://doi.org/10.1007/978-981-99-7032-2_10
Publication status	Published - 2023
Externally published	Yes
Event	Information Security Practice and Experience Conference 2023 - Copenhagen, Denmark Duration: 24 Aug 2023 → 25 Aug 2024 Conference number: 18th https://link.springer.com/book/10.1007/978-981-99-7032-2 (Proceedings) https://ispec2023.compute.dtu.dk/ (Website)

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	14341

Conference

Conference	Information Security Practice and Experience Conference 2023
Abbreviated title	ISPEC 2023
Country/Territory	Denmark
City	Copenhagen
Period	24/08/23 → 25/08/24
Internet address	https://link.springer.com/book/10.1007/978-981-99-7032-2 (Proceedings) https://ispec2023.compute.dtu.dk/ (Website)

Access to Document

10.1007/978-981-99-7032-2_10

Cite this

Chan, K. Y., Cui, H., & Yuen, T. H. (2023). DIDO: Data Provenance from Restricted TLS 1.3 Websites. In W. Meng, Z. Yan, & V. Piuri (Eds.), Information Security Practice and Experience - 18th International Conference, ISPEC 2023 Copenhagen, Denmark, August 24–25, 2023 Proceedings (pp. 154-169). (Lecture Notes in Computer Science; Vol. 14341). Springer. https://doi.org/10.1007/978-981-99-7032-2_10

Chan, Kwan Yin ; Cui, Handong ; Yuen, Tsz Hon. / DIDO: Data Provenance from Restricted TLS 1.3 Websites. Information Security Practice and Experience - 18th International Conference, ISPEC 2023 Copenhagen, Denmark, August 24–25, 2023 Proceedings. editor / Weizhi Meng ; Zheng Yan ; Vincenzo Piuri. Singapore Singapore : Springer, 2023. pp. 154-169 (Lecture Notes in Computer Science).

@inproceedings{0c533e24a3d44aada86ae20087f69c47,

title = "DIDO: Data Provenance from Restricted TLS 1.3 Websites",

abstract = "Public data can be authenticated by obtaining from a trustworthy website with TLS. Private data, such as user profile, are usually restricted from public access. If a user wants to authenticate his private data (e.g., address) provided by a restricted website (e.g., user profile page of a utility company website) to a verifier, he cannot simply give his username and password to the verifier. DECO (CCS 2020) provides a solution for liberating these data without introducing undesirable trust assumption, nor requiring server-side modification for TLS 1.2. In this paper, we propose an optimized solution for TLS 1.3 websites. We tackle a number of open problems, including the support of X25519 key exchange in TLS 1.3, the design of round-optimal three-party key exchange, the architecture of two-party computation of TLS 1.3 key scheduling, and circuit design optimized for two-party computation. We test our implementation with real world website and show that our optimization is necessary to avoid timeout in TLS handshake.",

author = "Chan, \{Kwan Yin\} and Handong Cui and Yuen, \{Tsz Hon\}",

year = "2023",

doi = "10.1007/978-981-99-7032-2\_10",

language = "English",

isbn = "9789819970315",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "154--169",

editor = "Weizhi Meng and Zheng Yan and Vincenzo Piuri",

booktitle = "Information Security Practice and Experience - 18th International Conference, ISPEC 2023 Copenhagen, Denmark, August 24–25, 2023 Proceedings",

address = "Switzerland",

note = "Information Security Practice and Experience Conference 2023, ISPEC 2023 ; Conference date: 24-08-2023 Through 25-08-2024",

url = "https://link.springer.com/book/10.1007/978-981-99-7032-2, https://ispec2023.compute.dtu.dk/",

}

Chan, KY, Cui, H & Yuen, TH 2023, DIDO: Data Provenance from Restricted TLS 1.3 Websites. in W Meng, Z Yan & V Piuri (eds), Information Security Practice and Experience - 18th International Conference, ISPEC 2023 Copenhagen, Denmark, August 24–25, 2023 Proceedings. Lecture Notes in Computer Science, vol. 14341, Springer, Singapore Singapore , pp. 154-169, Information Security Practice and Experience Conference 2023, Copenhagen, Denmark, 24/08/23. https://doi.org/10.1007/978-981-99-7032-2_10

DIDO: Data Provenance from Restricted TLS 1.3 Websites. / Chan, Kwan Yin; Cui, Handong; Yuen, Tsz Hon.
Information Security Practice and Experience - 18th International Conference, ISPEC 2023 Copenhagen, Denmark, August 24–25, 2023 Proceedings. ed. / Weizhi Meng; Zheng Yan; Vincenzo Piuri. Singapore Singapore : Springer, 2023. p. 154-169 (Lecture Notes in Computer Science; Vol. 14341).

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

TY - GEN

T1 - DIDO: Data Provenance from Restricted TLS 1.3 Websites

AU - Chan, Kwan Yin

AU - Cui, Handong

AU - Yuen, Tsz Hon

N1 - Conference code: 18th

PY - 2023

Y1 - 2023

N2 - Public data can be authenticated by obtaining from a trustworthy website with TLS. Private data, such as user profile, are usually restricted from public access. If a user wants to authenticate his private data (e.g., address) provided by a restricted website (e.g., user profile page of a utility company website) to a verifier, he cannot simply give his username and password to the verifier. DECO (CCS 2020) provides a solution for liberating these data without introducing undesirable trust assumption, nor requiring server-side modification for TLS 1.2. In this paper, we propose an optimized solution for TLS 1.3 websites. We tackle a number of open problems, including the support of X25519 key exchange in TLS 1.3, the design of round-optimal three-party key exchange, the architecture of two-party computation of TLS 1.3 key scheduling, and circuit design optimized for two-party computation. We test our implementation with real world website and show that our optimization is necessary to avoid timeout in TLS handshake.

AB - Public data can be authenticated by obtaining from a trustworthy website with TLS. Private data, such as user profile, are usually restricted from public access. If a user wants to authenticate his private data (e.g., address) provided by a restricted website (e.g., user profile page of a utility company website) to a verifier, he cannot simply give his username and password to the verifier. DECO (CCS 2020) provides a solution for liberating these data without introducing undesirable trust assumption, nor requiring server-side modification for TLS 1.2. In this paper, we propose an optimized solution for TLS 1.3 websites. We tackle a number of open problems, including the support of X25519 key exchange in TLS 1.3, the design of round-optimal three-party key exchange, the architecture of two-party computation of TLS 1.3 key scheduling, and circuit design optimized for two-party computation. We test our implementation with real world website and show that our optimization is necessary to avoid timeout in TLS handshake.

U2 - 10.1007/978-981-99-7032-2_10

DO - 10.1007/978-981-99-7032-2_10

M3 - Conference Paper

SN - 9789819970315

T3 - Lecture Notes in Computer Science

SP - 154

EP - 169

BT - Information Security Practice and Experience - 18th International Conference, ISPEC 2023 Copenhagen, Denmark, August 24–25, 2023 Proceedings

A2 - Meng, Weizhi

A2 - Yan, Zheng

A2 - Piuri, Vincenzo

PB - Springer

CY - Singapore Singapore

T2 - Information Security Practice and Experience Conference 2023

Y2 - 24 August 2023 through 25 August 2024

ER -

Chan KY, Cui H, Yuen TH. DIDO: Data Provenance from Restricted TLS 1.3 Websites. In Meng W, Yan Z, Piuri V, editors, Information Security Practice and Experience - 18th International Conference, ISPEC 2023 Copenhagen, Denmark, August 24–25, 2023 Proceedings. Singapore Singapore : Springer. 2023. p. 154-169. (Lecture Notes in Computer Science). doi: 10.1007/978-981-99-7032-2_10