Cryptography Against Physical Attacks Dana Dachman-Soled University of Maryland

Slides:

Advertisements

Similar presentations

PROOFS OF RETRIEVABILITY VIA HARDNESS AMPLIFICATION Yevgeniy Dodis, Salil Vadhan and Daniel Wichs.

Advertisements

Efficient Non-Malleable Codes and Key-derivations against Poly-size Tampering Circuits PRATYAY MUKHERJEE (Aarhus University) Joint work with Sebastian.

PRATYAY MUKHERJEE Aarhus University Joint work with

Circuits Resilient to Additive Manipulation with Applications to Secure Computation Yuval Ishai Technion Daniel Genkin Manoj Prabhakaran Amit Sahai Eran.

Private Circuits Protecting Circuits Against Side-Channel Attacks Yuval Ishai Technion & UCLA Based on joint works with Manoj Prabhakaran, Amit Sahai,

Secure Evaluation of Multivariate Polynomials

Henry C. H. Chen and Patrick P. C. Lee

HAIL (High-Availability and Integrity Layer) for Cloud Storage

LEAKAGE and TAMPER Resilient Random Access Machine (LTRAM) Pratyay Mukherjee Aarhus University Joint work with Sebastian Faust, Jesper Buus Nielsen and.

NON-MALLEABLE CODES AND TAMPER-RESILIENT SECURITY ( ICS 2010 ) Joint work with: Stefan Dziembowski, Krzysztof Pietrzak Speaker: Daniel Wichs.

CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.

Digital Signatures and Hash Functions. Digital Signatures.

Protecting Circuits from Leakage the computationally bounded and noisy cases Sebastian Faust Eurocrypt 2010, Nice Joint work with KU Leuven Tal Rabin Leo.

PRATYAY MUKHERJEE AARHUS UNIVERSITY AARHUS UNIVERSITY PRATYAY MUKHERJEE 28. MARCH 2014 NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH 2014.

Rennes, 23/10/2014 Cristina Onete Putting it all together: using multiple primitives together.

TAMPER DETECTION AND NON-MALLEABLE CODES Daniel Wichs (Northeastern U)

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

1 Adaptive Witness Encryption and Asymmetric Password-based Cryptography PKC 2015 March 31, 2015 Mihir Bellare UC San Diego Viet Tung Hoang University.

Strong Error Detection for Control Units Against Advanced Attackers Kahraman Daglar Akdemir Advisor: Berk Sunar Electrical and Computer Engineering MOTIVATION.

The Physically Observable Security of Signature Schemes Alexander W. Dent Joint work with John Malone-Lee University of Bristol.

Cryptography in The Presence of Continuous Side-Channel Attacks Ali Juma University of Toronto Yevgeniy Vahlis Columbia University.

Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from

Overview of Cryptography Anupam Datta CMU Fall A: Foundations of Security and Privacy.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

Black-Box Garbled RAM Sanjam Garg UC Berkeley Based on join works with

Leakage-Resilient Storage Francesco Davì Stefan Dziembowski Daniele Venturi SCN /09/2010 Sapienza University of Rome.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Lecture 3: Cryptographic Tools modified from slides of Lawrie Brown.

Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks Peng Ning, An Liu North Carolina State University and Wenliang Du Syracuse.

Efficient and Robust Private Set Intersection and multiparty multivariate polynomials Dana Dachman-Soled 1, Tal Malkin 1, Mariana Raykova 1, Moti Yung.

A Novel Cache Architecture with Enhanced Performance and Security Zhenghong Wang and Ruby B. Lee.

Protecting Cryptographic Keys from Memory Disclosure Attacks Presented by John Shu Shouhuai Xu and Keith Harrison UTSA, Dept. Computer Science.

ON CONTINUAL LEAKAGE OF DISCRETE LOG REPRESENTATIONS Shweta Agrawal IIT, Delhi Joint work with Yevgeniy Dodis, Vinod Vaikuntanathan and Daniel Wichs Several.

Introduction to Stream Cipher Sayed Mahdi Mohammad Hasanzadeh Spring 2004.

1 UCR Hardware Security Primitives with focus on PUFs Slide credit: Srini Devedas and others.

© 2005, it - instituto de telecomunicações. Todos os direitos reservados. J.Almeida, J.Barros Instituto de Telecomunicações Universidade do Porto Joint.

CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.

Smart card security Nora Dabbous Security Technologies Department.

1 Number Theory and Advanced Cryptography 6. Digital Signature Chih-Hung Wang Sept Part I: Introduction to Number Theory Part II: Advanced Cryptography.

1 Diversifying Sensors to Improve Network Resilience Wenliang (Kevin) Du Electrical Engineering & Computer Science Syracuse University.

1 Information Security – Theory vs. Reality , Winter Lecture 10: Garbled circuits and obfuscation Eran Tromer Slides credit: Boaz.

Secure Computation (Lecture 2) Arpita Patra. Vishwaroop of MPC.

PROTECTING CIRCUITS from LEAKAGE IBM T. J. Watson Vinod Vaikuntanathan the computationally bounded and noisy cases Joint with S. Faust (KU Leuven), L.

1 Information Security – Theory vs. Reality , Winter Lecture 13: Cryptographic leakage resilience (cont.) Eran Tromer Slides credit:

Protecting Cryptographic Memory against Tampering Attack PRATYAY MUKHERJEE PhD Dissertation Seminar Supervised by Jesper Buus Nielsen October 8, 2015.

CRYPTOGRAPHY PRESENTED BY : NILAY JAYSWAL BRANCH : COMPUTER SCIENCE & ENGINEERING ENTRY NO. : 14BCS033 1.

TAMPER DETECTION AND NON-MALLEABLE CODES Daniel Wichs (Northeastern U)

Cryptographic Hash Functions

1 Information Security – Theory vs. Reality , Winter Lecture 9: Leakage resilience (continued) Lecturer: Eran Tromer.

Cryptography Lecture 3 Arpita Patra © Arpita Patra.

Information Systems Design and Development Security Precautions Computing Science.

Cryptographic methods. Outline  Preliminary Assumptions Public-key encryption  Oblivious Transfer (OT)  Random share based methods  Homomorphic Encryption.

Non-malleable Reductions and Applications Divesh Aggarwal * Yevgeniy Dodis * Tomasz Kazana ** Maciej Obremski ** Non-Malleable Codes from Two-Source Extractors.

Cryptography Resilient to Continual Memory Leakage Zvika Brakerski Weizmann Institute Yael Tauman Kalai Microsoft Jonathan Katz University of Maryland.

1 CIS 5371 Cryptography 1.Introduction. 2 Prerequisites for this course  Basic Mathematics, in particular Number Theory  Basic Probability Theory 

Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.

Efficient Leakage Resilient Circuit Compilers

Overview on Hardware Security

Cryptographic Hash Functions

Cryptographic Hash Functions

Topic 14: Random Oracle Model, Hashing Applications

Cryptographic Hash Functions Part I

Verifiable Oblivious Storage

A Tamper and Leakage Resilient von Neumann Architecture

CMSC 414 Computer and Network Security Lecture 3

Provable Security at Implementation-level

Hashing Hash are the auxiliary values that are used in cryptography.

How to Use Charm Crypto Lib

Presentation transcript:

Cryptography Against Physical Attacks Dana Dachman-Soled University of Maryland

Cryptography Public Key Encryption Digital Signatures Secure Multiparty Computation

Attacks Even on “provably secure” schemes such as RSA Problem: Attacks were not captured by the theoretical threat model. Focus today: Secure Computation in the presence of Physical Attacks.

Physical Attacks Can run implementation specific attacks Attacks that compromise the security of a system by exploiting physical properties of implementations.

Leakage attacks—passively leak some function of the honest party’s secret state: – Timing attacks [Kocher96,…] – Power attacks [Kocher-Jaffe-Jun99,…] – Acoustic attacks [Shamir-Tromer04] Examples of Physical Attacks

Tampering attacks—actively disrupt honest party’s computation while observing input/output behavior. – Fault attacks [Boneh-DeMillo-Lipton97, Biham-Shamir98,..] – Radiation attacks Examples of Physical Attacks

Roadmap Protection against tampering and leakage on Random Access Memory (RAM). Protection against tampering on circuit wires (fault induction).

Roadmap Protection against tampering and leakage on Random Access Memory (RAM). Protection against tampering on circuit wires (fault induction).

Non-Malleable Codes Standard way of protecting secret key stored in memory against tampering. A coding scheme has two algorithms: (Encode, Decode) Non-malleable codes: by tampering with the codeword, the underlying message is either the same or unrelated. Message m Codeword c=Encode(m) c - unchanged Encode(m’) - Unrelated m’ Encode

Leakage Resilient Codes Getting partial information about the codeword does not reveal the underlying message Codeword c=Encode(m) The underlying message ??? Partial codeword

Problem

Locally Decodable and Updatable Codes m1m1 m2m2 …mnmn Message C1C1 C2C2 C3C3 …C N-1 CNCN Codeword Encode Decode(i): Take input an index i, read a few blocks of the codeword and output m i Decode(i): Take input an index i, read a few blocks of the codeword and output m i Update(j, m’): Take inputs an index j and a new message m’, update a few blocks of the codeword Update(j, m’): Take inputs an index j and a new message m’, update a few blocks of the codeword

Achieve all three properties! Leakage resilience, non-malleability, locality Non-malleability in our setting: Tampering function either: 1.Destroy several blocks (keeps others unchanged), or 2.Change everything to unrelated messages Putting It Together C1C1 C2C2 C3C3 …C N-1 CNCN Decode(i) outputs “Error” while others unchanged C’ 1 C’ 2 C’ 3 …C’ N-1 C’ N Decodes of all positions become unrelated

Tamper and Leakage Resilience For RAM Computation CPU Random Access Memory (RAM) Our new code, together with an ORAM scheme, protects against physical attacks on random access memory. Store an encoding of Data in RAM-- Encode(ORAM(Data)) Write(j,m’): Use Update(j,m’) Read(i): Use Decode(i)

Our Results [D, Liu, Shi, Zhou, TCC ‘15] Concepts: propose a new notion that captures all three properties Constructions: two efficient new constructions, achieving different levels of security Applications: using our new tool to protect RAM computation against memory attacks. Analogous to using regular non-malleable codes to protect circuit computation Encode(Data) Our code protects data against physical attacks!

Future/Ongoing Work Beyond hardware tampering, Locally Decodable and Updatable Non-Malleable Codes seem to be useful in server-client settings as well. Server is infected with a virus which both downloads sensitive data but also modifies data. Assume the virus is limited in how much data it can download at once. Construct locally decodable and updatable non-malleable codes against a class of leakage and tampering functions that correspond to capabilities of virus (bounded retrieval).

Roadmap Protection against tampering and leakage on Random Access Memory (RAM). Protection against tampering on circuit wires (fault induction).

Public input Example: Circuit computes a signature using: Secret key stored in memory Public message submitted by adversary

Public input Choose tampering function Tamper with constant (1/k) fraction of total number of wires

Public input Receive output of tampered circuit Security: Learn nothing beyond input/output behavior of untampered circuit. Attacker can run the circuit and tamper over and over. Tampering with memory is persistent.

Our Results [D, Kalai, CRYPTO ’12 & TCC ‘14]

Memory: S = ECC(s) Encoding of Input Circuit Computation PCPP Computation PCPP Verification Error CascadeOutput Input: x X = ECC(x) b

Future/Ongoing Work Protect against simultaneous leakage and tampering. Protect against larger classes of tampering – Tampering on some subset of wires depends on the values of another subset of wires.

Thank you! Dana Dachman-Soled