Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Tamper and Leakage Resilient von Neumann Architecture

Published byMarie-Claude Denis Modified over 6 years ago

Similar presentations

Presentation on theme: "A Tamper and Leakage Resilient von Neumann Architecture"— Presentation transcript:

1 A Tamper and Leakage Resilient von Neumann Architecture
Pratyay Mukherjee Aarhus University joint work with Sebastian Faust (EPFL), Jesper Buus Nielsen (Aarhus), Daniele Venturi (La Sapienza, Rome)

2 Physical Attack on implementations
Traditional Crypto: Blackbox Reality: Physical Attacks Main focus tampering Implement input leakage tampered output output

3 Why care about tampering?
BDL’01: Inject single (random) fault to the signing-key of some type of RSA-sig Factor RSA-modulus ! Anderson and Kuhn ’96 Skorobogatov et al. ’02 Coron et al. ’09 …………and many more……. More… Devastating attacks on Provably Secure Crypto-systems!

4 Theoretical Models of Tampering
This talk Memory only tampering (GLMMR ’04) Tamper with both memory and computation (IPSW ’06) F k F k Easier analysis. Lot of positive results In practice hard to guarantee.

5 Earlier approach: protect circuits against tampering
Approach: Model computation as circuits: build circuit compiler which transforms any C to C’ which is protected against tampering First initiative by IPSW06: protects against constant number of wire faults Current best: DK14: Protects against tampering of (1/poly)-fraction of all wires. Analysis complicated: involves tools like PCP. Our goal: simpler framework stronger tampering adversary

6 Our approach CPU P= (P[1],P[2],…) An alternative model of computation:
von Neumann Architecture (vNA)/ Random Access Machine (RAM) P= (P[1],P[2],…) P[1] P[2] CPU Bus Disk

7 Tamper and leakage resilient vNA
NO leak/tamper CPU Bus Disk CPU “small” and “universal” Does not store any secret. otherwise simple solution ! stores an untamperable special purpose bit.

8 DLSZ15: A concurrent and independent work
Our results A general framework to compute any keyed functionality in a tampering-leakage environment. Reducing the problem of shielding arbitrary complex computations to protecting a single, simple,universal component (CPU): Similar in spirit with leakage-resilient computations (GR10) We construct a compiler which turns program P for ideal vNA to a program P’ for vNA under tampering: using non-malleable codes (black-box) Locally Decodable and Updatable Non-Malleable Codes and Their Applications DLSZ15: A concurrent and independent work

9 The security notion P P’ compiler REAL IDEAL

10 Modular approach: Hybrid world
Q CPU P[4] No leakage Mild tampering: COPY within disk Overwrite

11 Our construction: Two steps
P= (P[1],P[2],…) Compiler Step-1 P P’ Ideal Hybrid I->H Compiler Step-2 P’ P” Hybrid Real H->R Compiler

12 Step-1: Ideal to Hybrid compiler
P= (P[1],P[2],…) P’= (P’[1],P’[2],…) Hybrid Recall : in hybrid model there is only limited tampering: 1. COPY 2. OVERWRITE Augment each P[i] by appending: A secret level L Binds the instructions and secrets Guarantees that if the adversary overwrites instructions, it has to overwrite secrets. Otherwise one can just overwrites instructions to output secrets.

13 Step-1: Ideal to Hybrid compiler
P= (P[1],P[2],…) P’= (P’[1],P’[2],…) Hybrid Recall : in hybrid model there is only limited tampering: 1. COPY 2. OVERWRITE Augment each P[i] by appending: A secret level L The position i Protect against copying from one location to another

14 Step-2: Hybrid to Real compiler
P”= (P”[1],P”[2],…) P’= (P’[1],P’[2],…) Hybrid Idea: Encode each P’[i] such that the adversary can only copy or overwrite Encode using Non-malleable codes Guarantees that if the adversary does not copy the encoding then only can overwrite Then is equal or unrelated to An encoding (ENC, DEC) is non-malleable w.r.t. a function family if the following holds Non-malleable Codes (DPW10)

15 A suitable instantiation of Non-malleable codes
Since the same encoding can be tampered multiple times we will need continuous non-malleable codes Continuous Non-malleable Codes: introduced by FMNV14 Construction works for split-state : codeword has two parts which are independently temperable Needs Common Random String Needs self-destruct

16 Implementing vNA via FMNV14 code
CPU Disk-1 Bus P”[1][1] P”[2][1] NO leak/tamper P”[1][2] P”[2][2] Disk-2 (P”[i][1],P”[i][2])<—ENC(P’[i]) P’[i] accessed bounded no. of times. CNMC protect against bounded leakage the self-destruct flag CPU CRS is part of description and hardwired. stores one untamperable special purpose bit.

17 Summarizing.. We propose a new framework of protecting computations against tampering (and leakage). Our architecture can withhold significantly stronger tampering: (split-state) than the circuit-oriented approach. Since our transformation from Hybrid to Real uses the CNMC in blackbox way, better construction will improve the overall construction. Future direction: CPU size depends linearly on sec-param since it has to execute DECODE of CNMC. Can we get constant?

18 Thank You !

Download ppt "A Tamper and Leakage Resilient von Neumann Architecture"

Similar presentations

PRATYAY MUKHERJEE AARHUS UNIVERSITY AARHUS UNIVERSITY PRATYAY MUKHERJEE 25. FEB 2014 CONTINUOUS NON-MALLEABLE CODES JOINT WORK WITH SEBASTIAN FAUST, JESPER.

PRATYAY MUKHERJEE AARHUS UNIVERSITY AARHUS UNIVERSITY PRATYAY MUKHERJEE 25. FEB 2014 CONTINUOUS NON-MALLEABLE CODES JOINT WORK WITH SEBASTIAN FAUST, JESPER.
Efficient Non-Malleable Codes and Key-derivations against Poly-size Tampering Circuits PRATYAY MUKHERJEE (Aarhus University) Joint work with Sebastian.

Efficient Non-Malleable Codes and Key-derivations against Poly-size Tampering Circuits PRATYAY MUKHERJEE (Aarhus University) Joint work with Sebastian.
PRATYAY MUKHERJEE Aarhus University Joint work with

PRATYAY MUKHERJEE Aarhus University Joint work with
Circuits Resilient to Additive Manipulation with Applications to Secure Computation Yuval Ishai Technion Daniel Genkin Manoj Prabhakaran Amit Sahai Eran.

Circuits Resilient to Additive Manipulation with Applications to Secure Computation Yuval Ishai Technion Daniel Genkin Manoj Prabhakaran Amit Sahai Eran.
Private Circuits Protecting Circuits Against Side-Channel Attacks Yuval Ishai Technion & UCLA Based on joint works with Manoj Prabhakaran, Amit Sahai,

Private Circuits Protecting Circuits Against Side-Channel Attacks Yuval Ishai Technion & UCLA Based on joint works with Manoj Prabhakaran, Amit Sahai,
A Rate-Optimizing Compiler for Non- malleable Codes against Bit-wise Tampering and Permutations Shashank Agrawal (UIUC), Divya Gupta (UCLA), Hemanta K.

A Rate-Optimizing Compiler for Non- malleable Codes against Bit-wise Tampering and Permutations Shashank Agrawal (UIUC), Divya Gupta (UCLA), Hemanta K.
LEAKAGE and TAMPER Resilient Random Access Machine (LTRAM) Pratyay Mukherjee Aarhus University Joint work with Sebastian Faust, Jesper Buus Nielsen and.

LEAKAGE and TAMPER Resilient Random Access Machine (LTRAM) Pratyay Mukherjee Aarhus University Joint work with Sebastian Faust, Jesper Buus Nielsen and.
NON-MALLEABLE CODES AND TAMPER-RESILIENT SECURITY ( ICS 2010 ) Joint work with: Stefan Dziembowski, Krzysztof Pietrzak Speaker: Daniel Wichs.

NON-MALLEABLE CODES AND TAMPER-RESILIENT SECURITY ( ICS 2010 ) Joint work with: Stefan Dziembowski, Krzysztof Pietrzak Speaker: Daniel Wichs.
Protecting Circuits from Leakage the computationally bounded and noisy cases Sebastian Faust Eurocrypt 2010, Nice Joint work with KU Leuven Tal Rabin Leo.

Protecting Circuits from Leakage the computationally bounded and noisy cases Sebastian Faust Eurocrypt 2010, Nice Joint work with KU Leuven Tal Rabin Leo.
PRATYAY MUKHERJEE AARHUS UNIVERSITY AARHUS UNIVERSITY PRATYAY MUKHERJEE 28. MARCH 2014 NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH 2014.

PRATYAY MUKHERJEE AARHUS UNIVERSITY AARHUS UNIVERSITY PRATYAY MUKHERJEE 28. MARCH 2014 NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH 2014.
TAMPER DETECTION AND NON-MALLEABLE CODES Daniel Wichs (Northeastern U)

TAMPER DETECTION AND NON-MALLEABLE CODES Daniel Wichs (Northeastern U)
Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland.

Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland.
Strong Error Detection for Control Units Against Advanced Attackers Kahraman Daglar Akdemir Advisor: Berk Sunar Electrical and Computer Engineering MOTIVATION.

Strong Error Detection for Control Units Against Advanced Attackers Kahraman Daglar Akdemir Advisor: Berk Sunar Electrical and Computer Engineering MOTIVATION.
Chapter 5: Computer Systems Organization Invitation to Computer Science, Java Version, Third Edition.

Chapter 5: Computer Systems Organization Invitation to Computer Science, Java Version, Third Edition.
Cryptography in The Presence of Continuous Side-Channel Attacks Ali Juma University of Toronto Yevgeniy Vahlis Columbia University.

Cryptography in The Presence of Continuous Side-Channel Attacks Ali Juma University of Toronto Yevgeniy Vahlis Columbia University.
1 Sec (2.1) Computer Architectures. 2 For temporary storage of information, the CPU contains cells, or registers, that are conceptually similar to main.

1 Sec (2.1) Computer Architectures. 2 For temporary storage of information, the CPU contains cells, or registers, that are conceptually similar to main.
©TheMcGraw-Hill Companies, Inc. Permission required for reproduction or display. COMPSCI 125 Introduction to Computer Science I.

©TheMcGraw-Hill Companies, Inc. Permission required for reproduction or display. COMPSCI 125 Introduction to Computer Science I.
Leakage-Resilient Storage Francesco Davì Stefan Dziembowski Daniele Venturi SCN 2010 13/09/2010 Sapienza University of Rome.

Leakage-Resilient Storage Francesco Davì Stefan Dziembowski Daniele Venturi SCN /09/2010 Sapienza University of Rome.
CS 1308 Computer Literacy and the Internet Computer Systems Organization.

CS 1308 Computer Literacy and the Internet Computer Systems Organization.
Levels of Architecture & Language CHAPTER 1 © copyright Bobby Hoggard / material may not be redistributed without permission.

Levels of Architecture & Language CHAPTER 1 © copyright Bobby Hoggard / material may not be redistributed without permission.

Similar presentations

Ads by Google