Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptography on Non-Trusted Machines Stefan Dziembowski.

Published byCecily Snow Modified over 9 years ago

Similar presentations

Presentation on theme: "Cryptography on Non-Trusted Machines Stefan Dziembowski."— Presentation transcript:

1 Cryptography on Non-Trusted Machines Stefan Dziembowski

2 Outline Introduction State-of-the-art Research plan

3 Idea Design cryptographic protocols that are secure even on the machines that are not fully trusted.

4 How to construct secure digital systems? CRYPTO MACHINE (PC, smartcard, etc.) very secure Security based on well-defined mathematical problems. not secure!

5 The problem hard to attack easy to attack CRYPTO MACHINE (PC, smartcard, etc.)

6 Machines cannot be trusted! 1. Information leakage 2. Malicious modifications MACHINE (PC, smartcard, etc.)

7 Relevant scenarios PCs specialized hardware malicious software: viruses, trojan horses. side-channel attacks: power consumption, electromagnetic leaks, timing information. MACHINES...

8 The standard view CRYPTO theoreticians practitioners MACHINE (PC, smartcard, etc.) definitions, theorems, security reductions,.. anti-virus software, intrusion detection, tamper resistance,… Implementation is not our business!

9 cryptographic scheme Our model (standard) black-box access additional access to the internal data

10 State-of-the-art

11 virus sends S to the adversary Bounded-Retrieval Model MACHINE (PC) S ? virus S large cryptographic secret (e.g. a key) any “bounded-output” function h(S) Idea: protect against the theft of secret data by making the secrets artificially large

12 Example of a protocol in the Bounded- Retrieval Model USER’S MACHINE key S = (S 1,...,S n ) a 1,…,a t S a 1,…,S a t Entity authentication [Dziembowski, TCC 2006]: Other results: Session-key agreement [Dziembowski, TCC 2006], Secure storage [Dziembowski, CRYPTO 2006], Secret sharing [Dziembowski and Pietrzak, FOCS 2007]. key S = (S 1,...,S n ) BANK verifies

13 Private circuits – the model: and or neg and or neg and orand orneg MACHINE the adversary can learn the values on up to t wires

14 Private circuits – the construction: [Ishai, Sahai and Wagner, CRYPTO 2003] circuit C circuit C’ transformation the adversary gains no advantage even if he reads up to t wires

15 Distributed cryptography can corrupt at most one machine

16 External trusted hardware can corrupt cannot corrupt

17 Research Plan

18 The general goal Contribute to creating a new discipline: “Cryptography on Non-Trusted Machines” with solid foundations, and practical impact.

19 Objectives 1.Extensions of the models 2.New applications and methods 3.Improvement of the previous results 4.Theoretical foundations

20 Objective 1: Extend (and unify) the existing models h(S) “Private circuits”: strong results weaker model Bounded-Retrieval Model: weaker results strong model anything in between? example:

21 Objective 2: New methods S0S0 S1S1 S2S2 … Example 1: time → fixed “information/second rate” Key evolution: information

22 Objective 2: New methods can corrupt cannot corrupt human-based methods: example:

23 Human-based methods – an example keyboard, screen internet non-trusted PC user (no trusted hardware) Known method of user authentication: one-time passwords drawback: authenticates the user not the transaction! Can we also authenticate the transaction? bank virus

24 Objective 3: Improvement of the previous results Most of the papers in this area contain just the feasibility results. Can they be optimized?

25 Objective 4: Theoretical foundations Cryptography has well-known connections to the complexity theory. “Cryptography on Non-Trusted Machines” provides new connections of these type. Bounded-Retrieval Model has non-trivial connections to: 1. the theory of compressibility of NP-instances [Dziembowski, CRYPTO 2006], and 2. the theory of round complexity [Dziembowski and Pietrzak, FOCS 2007]. Can these be extended?

26 Conclusion “Cryptography on Non-Trusted Machines” - a new area with a big potential. Dziembowski and Pietrzak Intrusion-Resilient Secret Sharing. FOCS 2007 Dziembowski On Forward-Secure Storage. CRYPTO 2006 Dziembowski Intrusion-Resilience Via the Bounded-Storage Model. TCC 2006

Download ppt "Cryptography on Non-Trusted Machines Stefan Dziembowski."

Similar presentations

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
White-Box Cryptography

White-Box Cryptography
Computer and Network Security Mini Lecture by Milica Barjaktarovic.

Computer and Network Security Mini Lecture by Milica Barjaktarovic.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
NON-MALLEABLE EXTRACTORS AND SYMMETRIC KEY CRYPTOGRAPHY FROM WEAK SECRETS Yevgeniy Dodis and Daniel Wichs (NYU) STOC 2009.

NON-MALLEABLE EXTRACTORS AND SYMMETRIC KEY CRYPTOGRAPHY FROM WEAK SECRETS Yevgeniy Dodis and Daniel Wichs (NYU) STOC 2009.
Public-Key Encryption in the Bounded-Retrieval Model Joël Alwen, Yevgeniy Dodis, Moni Naor, Gil Segev, Shabsi Walfish, Daniel Wichs Earlier Today: Yevgeniy.

Public-Key Encryption in the Bounded-Retrieval Model Joël Alwen, Yevgeniy Dodis, Moni Naor, Gil Segev, Shabsi Walfish, Daniel Wichs Earlier Today: Yevgeniy.
Protecting Circuits from Leakage the computationally bounded and noisy cases Sebastian Faust Eurocrypt 2010, Nice Joint work with KU Leuven Tal Rabin Leo.

Protecting Circuits from Leakage the computationally bounded and noisy cases Sebastian Faust Eurocrypt 2010, Nice Joint work with KU Leuven Tal Rabin Leo.
Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.

Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.
Securing Online Transactions with a Trusted Digital Identity Dave Steeves - Security Software Engineer Microsoft’s.

Securing Online Transactions with a Trusted Digital Identity Dave Steeves - Security Software Engineer Microsoft’s.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
A Secure Fault-Tolerant Conference- Key Agreement Protocol Wen-Guey Tzeng Source : IEEE Transactions on computers Speaker : LIN, KENG-CHU.

A Secure Fault-Tolerant Conference- Key Agreement Protocol Wen-Guey Tzeng Source : IEEE Transactions on computers Speaker : LIN, KENG-CHU.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Årskonference 2003 Theory and Practice of Personal Digital Signatures - The ITSCI project Ivan Damgård, University of Aarhus.

Årskonference 2003 Theory and Practice of Personal Digital Signatures - The ITSCI project Ivan Damgård, University of Aarhus.
Leakage-Resilient Storage Francesco Davì Stefan Dziembowski Daniele Venturi SCN 2010 13/09/2010 Sapienza University of Rome.

Leakage-Resilient Storage Francesco Davì Stefan Dziembowski Daniele Venturi SCN /09/2010 Sapienza University of Rome.

Similar presentations

Ads by Google