The Internet of Broken Protocols: Showcase #9

(Joint work with Sophie Schmieg, but mistakes are mine alone)

Nobody remembers why, but poor Bob was arrested and is in jail. He wants to send Alice a secret message. Wilson cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 warden, however, wants to read and censor messages he doesn't like.

To compromise, everybody agrees to use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following hybrid encryption protocol:

1/ Bob obtains Alice's public key and Wilson's public key.

2/ Bob symmetrically encrypts his message with a randomly generated message key K.

3/ Bob wraps K under Alice's public key.

4/ Bob wraps K under Wilson's public key.

5/ The final message is a concatenation of 2/, 3/ and 4/.

Wilson can decrypt, and drop cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 message if he doesn't like it. Ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rwise he forwards cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 encrypted message to Alice. Bob doesn't have any privacy w.r.t Wilson, but he still can maintain his privacy w.r.t cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 rest of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 world.

There are two implementations of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 protocol:

1/ DJB-certified
- symmetric key encryption in step 2/ is ChaCha20Poly1305 with a randomly generated nonce.
- key wrapping in step 3/ and 4/ is libsodium's seal boxes.

2/ FIPS-certified
- symmetric key encryption is AESGCM with a randomly generated nonce.
- key wrapping in step 3/ and 4/ is Tink's ECIES with NIST P-256, HKDF, and AESGCM.

Your challenge, if you accept it, is to help Bob bypass cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 censorship!

Bonus: does your attack work if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 protocol is Saltpack, JWE, AWS envelope encryption (i.e., Wilson and Alice allow Bob to access cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir master key in AWS KMS), or AGE?

Please email thaidn@gmail.com with your writeup.

Update: let's assume nonces are honestly generated and keys are wrapped correctly. Ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rwise cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y can be used as trivial covert channels. I have to admit that this challenge is way less cool now :-(. H/T to Manoj Kasichainula for pointing this out.

Past challenges: https://www.hyundaihatinh3s.com/search/label/The%20Internet%20of%20Broken%20Protocols.

Comments

Peta Vietnam said…
This comment has been removed by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 author.