Develop America's Airmen Today... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force Integrity - Service - Excellence.

Slides:



Advertisements
Similar presentations
Kasumi Block Cipher Data Encryptors Darshan Gandhi Rushabh Pasad.
Advertisements

Quantum Money from Hidden Subspaces Scott Aaronson and Paul Christiano.
Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern.
Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.
White-Box Cryptography
Sheng Xiao, Weibo Gong and Don Towsley,2010 Infocom.
By Claudia Fiorini, Enrico Martinelli, Fabio Massacci
© Janice Regan, CMPT 102, Sept CMPT 102 Introduction to Scientific Computer Programming The software development method algorithms.
Cryptography and Network Security, resuming some notes Dr. M. Sakalli.
First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.
Chapter 5 Cryptography Protecting principals communication in systems.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
Describing Syntax and Semantics
Automatic Application of Power Analysis Countermeasures Ali Galip Bayrak Francesco Regazzoni David Novo Philip Brisk François-Xavier Standaert Paolo Ienne.
File System Security Jason Eick and Evan Nelson. What does a file system do? A file system is a method for storing and organizing computer files and the.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
© Neeraj Suri EU-NSF ICT March 2006 DEWSNet Dependable Embedded Wired/Wireless Networks MUET Jamshoro Computer Security: Principles and Practice Slides.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.
System/Software Testing
Quiz # 2 Chapters 4, 5, & 6.
Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.
A Few Simple Applications to Cryptography Louis Salvail BRICS, Aarhus University.
Database Design - Lecture 2
Secure Cloud Database using Multiparty Computation.
Intro to Architecture – Page 1 of 22CSCI 4717 – Computer Architecture CSCI 4717/5717 Computer Architecture Topic: Introduction Reading: Chapter 1.
Combinational Logic Design BIL- 223 Logic Circuit Design Ege University Department of Computer Engineering.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
1 Architectural Support for Copy and Tamper Resistant Software David Lie, Chandu Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell and.
Ch6: Software Verification. 1 Decision table based testing  Applicability:  Spec. is described by a decision table.  Tables describe:  How combinations.
Information Security Lab. Dept. of Computer Engineering 182/203 PART I Symmetric Ciphers CHAPTER 7 Confidentiality Using Symmetric Encryption 7.1 Placement.
Chapter 21 Public-Key Cryptography and Message Authentication.
Applying White-Box Cryptography SoBeNet user group meeting October 8, 2004 Brecht Wyseur.
CS555Spring 2012/Topic 111 Cryptography CS 555 Topic 11: Encryption Modes and CCA Security.
Black-box Testing.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.
11.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 11 Message Integrity and Message Authentication.
Description of a New Variable-Length Key, 64-Bit Block Cipher (BLOWFISH) Bruce Schneier BY Sunitha Thodupunuri.
Chapter 8 Object Design Reuse and Patterns. Object Design Object design is the process of adding details to the requirements analysis and making implementation.
Chapter 7 – Confidentiality Using Symmetric Encryption.
Attacks on PRNGs - By Nupura Neurgaonkar CS-265 (Prof. Mark Stamp)
1 Information Security – Theory vs. Reality , Winter Lecture 10: Garbled circuits and obfuscation Eran Tromer Slides credit: Boaz.
Alternative Wide Block Encryption For Discussion Only.
14.1/21 Part 5: protection and security Protection mechanisms control access to a system by limiting the types of file access permitted to users. In addition,
Chapter 11 Message Authentication and Hash Functions.
Electrical and Computer Engineering University of Cyprus LAB 1: VHDL.
Lecture 23 Symmetric Encryption
Cryptography and Network Security (CS435) Part Nine (Message Authentication)
Deck 10 Accounting Information Systems Romney and Steinbart Linda Batch March 2012.
DES Analysis and Attacks CSCI 5857: Encoding and Encryption.
TRUSTED FLOW: Why, How and Where??? Moti Yung Columbia University.
Onlinedeeneislam.blogspot.com1 Design and Analysis of Algorithms Slide # 1 Download From
Wired Equivalent Privacy (WEP) Chris Overcash. Contents What is WEP? What is WEP? How is it implemented? How is it implemented? Why is it insecure? Why.
Reverse Engineering Dept. of I&CT, MIT, Manipal. Aspects To Be Covered Introduction to reverse engineering. Comparison between reverse and forward engineering.
Secure Execution of Computations in Untrusted Hosts S. H. K. Narayanan 1, M.T. Kandemir 1, R.R. Brooks 2 and I. Kolcu 3 1 Embedded Mobile Computing Center.
Testing Overview Software Reliability Techniques Testing Concepts CEN 4010 Class 24 – 11/17.
LOGIC CIRCUITLOGIC CIRCUIT. Goal To understand how digital a computer can work, at the lowest level. To understand what is possible and the limitations.
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Triple DES.
Logic Gates Benchmark Companies Inc PO Box Aurora CO
Software Development Cycle
HOLLA: DIGITAL LOGIC and the Program encryption toolkit
Provably Secure Program Protection
Cryptography and Network Security Chapter 7
Air Force Institute of Technology
Investigating Provably Secure and Practical Software Protection
Presentation transcript:

Develop America's Airmen Today... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force Integrity - Service - Excellence 1 Air Force Institute of Technology Analyzing Functional Entropy of Software Intent Protection Schemes J. Todd McDonald Eric Trias Alan Lin Center for Cyberspace Research Department of Electrical and Computer Engineering Air Force Institute of Technology Wright Patterson AFB, OH

Develop America's Airmen Today... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force Integrity - Service - Excellence 2 Why Do We Try to Protect Software? Because Programs are Attacked…. Protect Integrity Decomposing/reusing code Adding new functionalities Protect Intent Alter existing functionality Prevent “gaming” functionality Prevent countermeasures Protect Ownership/Intellectual Property Protect Troops/Mission We are concerned primarily with software-only means of protection

Develop America's Airmen Today... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force Integrity - Service - Excellence 3 Underlying Goals Given the hardware/physical environment: make it hard for an adversary to reliably or predictably recover an intermediate or original form (Netlist, source level program code) Given recovery of some or all of the intermediate / original description of a circuit or program: make it hard for an adversary to recover, predict, subvert, or copy functionality

Develop America's Airmen Today... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force Integrity - Service - Excellence 4 Ideal Software Protection… Program Source Code (Java/C++/C) Circuit Netlist (VHDL/Verilog/BENCH) Program Source Code (Java/C++/C) Circuit Netlist (VHDL/Verilog/BENCH) Assembly Realized Circuit/FPGA Assembly Realized Circuit/FPGA INPUT OUTPUT Is a “Virtual” Black Box possible??

Develop America's Airmen Today... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force Integrity - Service - Excellence 5 Real-world Software Protection… Program Source Code (Java/C++/C) Circuit Netlist (VHDL/Verilog/BENCH) Program Source Code (Java/C++/C) Circuit Netlist (VHDL/Verilog/BENCH) Assembly Realized Circuit/FPGA Assembly Realized Circuit/FPGA INPUT OUTPUT

Develop America's Airmen Today... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force Integrity - Service - Excellence 6 “The How” Semantic Behavior The ONLY true “Virtual Black Box” General Intuition and Hardness of Obfuscation

Develop America's Airmen Today... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force Integrity - Service - Excellence 7 Program Understanding Adversary’s ability to anticipate a program’s operational manifestation(s) Adversary’s ability to gain intent indications by comparing the obfuscated code, or segments, to known code libraries Adversary’s knowledge gained relative to the theoretical Virtual Black Box Adversary’s ability to extract the information content as manifested in the black box and white box aspects of program code This is not the same as VBB or hiding all information…

Develop America's Airmen Today... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force Integrity - Service - Excellence 8 Program Understanding Our Context: Prevent program understanding by limiting the amount of information gained by an adversary from either the blackbox or whitebox characteristics of a program/circuit Programs are no more than a special information class with well- defined syntax and semantics Scrambling techniques are limited because final form of program must adhere to rigid syntax and semantics Program code information content is otherwise equivalent to information content in any other type of bit stream Our Premise: Program code that is statistically indistinguishable from a random bit stream has negligible information content

Develop America's Airmen Today... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force Integrity - Service - Excellence 9 Defining Intent Protection Adversarial Observation: Black Box Analysis White Box Analysis If the adversary cannot determine the function/intent of the device by input/ output analysis, we say it is black-box protected If the adversary cannot determine the function/intent of the device by analyzing the structure of the code, we say it is white-box protected Intent Protected: Combined black-box and white-box protection does not reveal the function/intent of the program Is there an alternate (or better) way to measure security or protection?

Develop America's Airmen Today... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force Integrity - Service - Excellence 10 Random Programs/Circuits Instead of measuring security based on leakage of information from the obfuscated program, can we appeal to entropy or randomness as a measure for confusion in the obfuscated program? Goals: Can we make input/output look random? Can we make structure look random?

Develop America's Airmen Today... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force Integrity - Service - Excellence 11 RPM: Random Program Model Program family [Inputs/Outputs/Size/  ] P P O PRPR Indistinguishable(?) P  P    P  PP  P P  PP  P PR  PR   P  P   O

Develop America's Airmen Today... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force Integrity - Service - Excellence 12 Combined Experimental Framework Black-boxRefinementSemanticTransformationWhite-boxRandomization Black-Box I/O Black-Box I/O White-Box Structure Goals: Can we make input/output look random? Can we make structure look random?

Develop America's Airmen Today... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force Integrity - Service - Excellence 13 Protecting Black-Box Intent Program p Input x Output y OUTPUT DESIRED INPUT NEEDED

Develop America's Airmen Today... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force Integrity - Service - Excellence 14 Protecting Black-Box Intent Semantic Transformation Semantically secure data encryption algorithms are black-box intent protected (BBIP) Compositions of programs with semantically strong algorithms are likewise BBIP

Develop America's Airmen Today... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force Integrity - Service - Excellence 15 Protecting Black-Box Intent Black Box Refinement

Develop America's Airmen Today... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force Integrity - Service - Excellence 16 Circuit P’ Protecting White-Box Intent Ideal for AT applications where we shield hardware internals with some (reasonably) trusted AT method

Develop America's Airmen Today... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force Integrity - Service - Excellence 17 Protecting White-Box Intent

Develop America's Airmen Today... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force Integrity - Service - Excellence 18 Conjecture when using Semantic Transformation: If the output bits are predictable, then the output may be predictable Treat each output position as a bit string generator Run statistical randomness tests on each bit Questions of Interest to the Random Program Model: Does structural randomness produce functional randomness? Frequency of signature collisions (identical output patterns) Approximate entropy of output bits How random are the output bits? Randomness values for specific statistical test Characterizing Intent Protection

Develop America's Airmen Today... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force Integrity - Service - Excellence 19 Unable to evaluate structure with agreed security metrics 1 Random Oracle used in absence of a defined security model Sanity check for implementation Goal O(P) structurally and functionally looks like P R Methodology 1 National Institute of Standards and Technology

Develop America's Airmen Today... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force Integrity - Service - Excellence 20 Required components 1.Design control /benchmark programs (deterministic) 2.Generate P R 3.Black-box protect P Analysis Compare P, black-box protected P, and P R Experimental Design

Develop America's Airmen Today... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force Integrity - Service - Excellence 21 Emulate deterministic functions w/combinational circuits Abstracts high-level structure (ISCAS-85) Build random circuits to analyze random circuit properties Parameters (from benchmarks) Input size (in bits) Output size (in bits) Number of intermediate nodes (represents structure) Gate basis: AND, OR, XOR, NAND, NOR, NXOR Experimental Design

Develop America's Airmen Today... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force Integrity - Service - Excellence 22 Goal O(P) produces random functionality Add black-box protection to P Weaken VBB function preservation Strengthen overall security Accounts for clean-room reverse engineering 1 Black-box w/ symmetric key cryptography Produces blocks of pseudo-random bits Pseudo-randomness measures exist 2 Experimental Design Statistical tests Frequency Frequency Within a Block Longest Runs of 1’s in a Block Runs of 0’s and 1’s Cumulative Sum Random Excursions Random Excursions Variant Approximate Entropy 1 Schwartz “Reverse Engineering” 2 National Institute of Standards and Technology

Develop America's Airmen Today... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force Integrity - Service - Excellence 23 Experimental Design Configurations Trusted-host output recovery Secure execution on malicious host Full structure; no functionality Output recovery for malicious user Partial execution on malicious host Partial structure; full functionality Loss of generality in function type (y = a * b + c) Full ownership by malicious user/host Secure structural components Full structure; full functionality Software Watermark Common design Two-level structural configurations Function Table (FT) Boolean Equation Sets (BES) xy = e(x, k) 066E94BD…89E0 158E2FCC…455A 2F795AAA…C1E DAC…FE78 48ADE7D8… B84D1B…89E0 6C94DA219…88F2 …… xnxn ynyn x y = f(x + x) y = f(2x) y = f(x << 1) …… xmxm ymym

Develop America's Airmen Today... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force Integrity - Service - Excellence 24 Complexity based brute-force attack on I/O size Compute all function tables of size m-inputs, n-outputs Super-exponential process, O(m n ) Pair combinations of generated function tables in m,n Factorial process, O(n!) All operations of a lookup are the same Index search, O(1) [or O(n) for BES] No side-channel (performance/cost) leakage Memory size Function tables are at least (n-input) * (m-output) bits Boolean equation sets are at least (m-output) * p terms m equations stored in text form of p terms Exponential size increase n pm Experimental Design

Develop America's Airmen Today... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force Integrity - Service - Excellence 25 Results and Analysis

Develop America's Airmen Today... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force Integrity - Service - Excellence 26 Results and Analysis

Develop America's Airmen Today... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force Integrity - Service - Excellence 27 Possible signatures is (2 output_bits ) ^ (2 input_bits ) Collisions occur at ↑ frequency with ↓ intermediate node size Collisions occur at ↑ concentration with ↑ intermediate node size Results and Analysis

Develop America's Airmen Today... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force Integrity - Service - Excellence 28 Conclusions Black-box metrics indicate bits where structural entropy is most needed if we keep function preservation property Structural entropy may be insufficient depending on output pattern Smaller circuits are better choices for random selection Enumeration is required—larger n requires greater resources upon generation, not execution Advantage to developers with large computational resources Reuse encryption function tables Brute-force attack limited to adversaries with sufficient resources Input/output size is easier to determine than function family

Develop America's Airmen Today... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force Integrity - Service - Excellence 29 Sponsor Research sponsorship by: Air Force Office of Scientific Research (AFOSR) Information Operations

Develop America's Airmen Today... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force Integrity - Service - Excellence 30 Questions ?????

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.