Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptography Against Physical Attacks Dana Dachman-Soled University of Maryland

Published bySilas Freeman Modified over 8 years ago

Similar presentations

Presentation on theme: "Cryptography Against Physical Attacks Dana Dachman-Soled University of Maryland"— Presentation transcript:

1 Cryptography Against Physical Attacks Dana Dachman-Soled University of Maryland danadach@ece.umd.edu

2 Cryptography Public Key Encryption Digital Signatures Secure Multiparty Computation

3 Attacks Even on “provably secure” schemes such as RSA Problem: Attacks were not captured by the theoretical threat model. Focus today: Secure Computation in the presence of Physical Attacks.

4 Physical Attacks Can run implementation specific attacks Attacks that compromise the security of a system by exploiting physical properties of implementations.

5 Leakage attacks—passively leak some function of the honest party’s secret state: – Timing attacks [Kocher96,…] – Power attacks [Kocher-Jaffe-Jun99,…] – Acoustic attacks [Shamir-Tromer04] Examples of Physical Attacks

6 Tampering attacks—actively disrupt honest party’s computation while observing input/output behavior. – Fault attacks [Boneh-DeMillo-Lipton97, Biham-Shamir98,..] – Radiation attacks Examples of Physical Attacks

7 Roadmap Protection against tampering and leakage on Random Access Memory (RAM). Protection against tampering on circuit wires (fault induction).

8 Roadmap Protection against tampering and leakage on Random Access Memory (RAM). Protection against tampering on circuit wires (fault induction).

9 Non-Malleable Codes Standard way of protecting secret key stored in memory against tampering. A coding scheme has two algorithms: (Encode, Decode) Non-malleable codes: by tampering with the codeword, the underlying message is either the same or unrelated. Message m Codeword c=Encode(m) c - unchanged Encode(m’) - Unrelated m’ Encode

10 Leakage Resilient Codes Getting partial information about the codeword does not reveal the underlying message Codeword c=Encode(m) The underlying message ??? Partial codeword

11 Problem

12 Locally Decodable and Updatable Codes m1m1 m2m2 …mnmn Message C1C1 C2C2 C3C3 …C N-1 CNCN Codeword Encode Decode(i): Take input an index i, read a few blocks of the codeword and output m i Decode(i): Take input an index i, read a few blocks of the codeword and output m i Update(j, m’): Take inputs an index j and a new message m’, update a few blocks of the codeword Update(j, m’): Take inputs an index j and a new message m’, update a few blocks of the codeword

13 Achieve all three properties! Leakage resilience, non-malleability, locality Non-malleability in our setting: Tampering function either: 1.Destroy several blocks (keeps others unchanged), or 2.Change everything to unrelated messages Putting It Together C1C1 C2C2 C3C3 …C N-1 CNCN Decode(i) outputs “Error” while others unchanged C’ 1 C’ 2 C’ 3 …C’ N-1 C’ N Decodes of all positions become unrelated

14 Tamper and Leakage Resilience For RAM Computation CPU Random Access Memory (RAM) Our new code, together with an ORAM scheme, protects against physical attacks on random access memory. Store an encoding of Data in RAM-- Encode(ORAM(Data)) Write(j,m’): Use Update(j,m’) Read(i): Use Decode(i)

15 Our Results [D, Liu, Shi, Zhou, TCC ‘15] Concepts: propose a new notion that captures all three properties Constructions: two efficient new constructions, achieving different levels of security Applications: using our new tool to protect RAM computation against memory attacks. Analogous to using regular non-malleable codes to protect circuit computation Encode(Data) Our code protects data against physical attacks!

16 Future/Ongoing Work Beyond hardware tampering, Locally Decodable and Updatable Non-Malleable Codes seem to be useful in server-client settings as well. Server is infected with a virus which both downloads sensitive data but also modifies data. Assume the virus is limited in how much data it can download at once. Construct locally decodable and updatable non-malleable codes against a class of leakage and tampering functions that correspond to capabilities of virus (bounded retrieval).

17 Roadmap Protection against tampering and leakage on Random Access Memory (RAM). Protection against tampering on circuit wires (fault induction).

18 Public input Example: Circuit computes a signature using: Secret key stored in memory Public message submitted by adversary

19 Public input Choose tampering function Tamper with constant (1/k) fraction of total number of wires

20 Public input Receive output of tampered circuit Security: Learn nothing beyond input/output behavior of untampered circuit. Attacker can run the circuit and tamper over and over. Tampering with memory is persistent.

21 Our Results [D, Kalai, CRYPTO ’12 & TCC ‘14]

22 Memory: S = ECC(s) Encoding of Input Circuit Computation PCPP Computation PCPP Verification Error CascadeOutput Input: x X = ECC(x) b

23 Future/Ongoing Work Protect against simultaneous leakage and tampering. Protect against larger classes of tampering – Tampering on some subset of wires depends on the values of another subset of wires.

24 Thank you! Dana Dachman-Soled danadach@ece.umd.edu

Download ppt "Cryptography Against Physical Attacks Dana Dachman-Soled University of Maryland"

Similar presentations

PROOFS OF RETRIEVABILITY VIA HARDNESS AMPLIFICATION Yevgeniy Dodis, Salil Vadhan and Daniel Wichs.

PROOFS OF RETRIEVABILITY VIA HARDNESS AMPLIFICATION Yevgeniy Dodis, Salil Vadhan and Daniel Wichs.
Efficient Non-Malleable Codes and Key-derivations against Poly-size Tampering Circuits PRATYAY MUKHERJEE (Aarhus University) Joint work with Sebastian.

Efficient Non-Malleable Codes and Key-derivations against Poly-size Tampering Circuits PRATYAY MUKHERJEE (Aarhus University) Joint work with Sebastian.
PRATYAY MUKHERJEE Aarhus University Joint work with

PRATYAY MUKHERJEE Aarhus University Joint work with
Circuits Resilient to Additive Manipulation with Applications to Secure Computation Yuval Ishai Technion Daniel Genkin Manoj Prabhakaran Amit Sahai Eran.

Circuits Resilient to Additive Manipulation with Applications to Secure Computation Yuval Ishai Technion Daniel Genkin Manoj Prabhakaran Amit Sahai Eran.
Private Circuits Protecting Circuits Against Side-Channel Attacks Yuval Ishai Technion & UCLA Based on joint works with Manoj Prabhakaran, Amit Sahai,

Private Circuits Protecting Circuits Against Side-Channel Attacks Yuval Ishai Technion & UCLA Based on joint works with Manoj Prabhakaran, Amit Sahai,
Secure Evaluation of Multivariate Polynomials

Secure Evaluation of Multivariate Polynomials
Henry C. H. Chen and Patrick P. C. Lee

Henry C. H. Chen and Patrick P. C. Lee
HAIL (High-Availability and Integrity Layer) for Cloud Storage

HAIL (High-Availability and Integrity Layer) for Cloud Storage
LEAKAGE and TAMPER Resilient Random Access Machine (LTRAM) Pratyay Mukherjee Aarhus University Joint work with Sebastian Faust, Jesper Buus Nielsen and.

LEAKAGE and TAMPER Resilient Random Access Machine (LTRAM) Pratyay Mukherjee Aarhus University Joint work with Sebastian Faust, Jesper Buus Nielsen and.
NON-MALLEABLE CODES AND TAMPER-RESILIENT SECURITY ( ICS 2010 ) Joint work with: Stefan Dziembowski, Krzysztof Pietrzak Speaker: Daniel Wichs.

NON-MALLEABLE CODES AND TAMPER-RESILIENT SECURITY ( ICS 2010 ) Joint work with: Stefan Dziembowski, Krzysztof Pietrzak Speaker: Daniel Wichs.
CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.

CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Protecting Circuits from Leakage the computationally bounded and noisy cases Sebastian Faust Eurocrypt 2010, Nice Joint work with KU Leuven Tal Rabin Leo.

Protecting Circuits from Leakage the computationally bounded and noisy cases Sebastian Faust Eurocrypt 2010, Nice Joint work with KU Leuven Tal Rabin Leo.
PRATYAY MUKHERJEE AARHUS UNIVERSITY AARHUS UNIVERSITY PRATYAY MUKHERJEE 28. MARCH 2014 NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH 2014.

PRATYAY MUKHERJEE AARHUS UNIVERSITY AARHUS UNIVERSITY PRATYAY MUKHERJEE 28. MARCH 2014 NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH 2014.
Rennes, 23/10/2014 Cristina Onete Putting it all together: using multiple primitives together.

Rennes, 23/10/2014 Cristina Onete Putting it all together: using multiple primitives together.
TAMPER DETECTION AND NON-MALLEABLE CODES Daniel Wichs (Northeastern U)

TAMPER DETECTION AND NON-MALLEABLE CODES Daniel Wichs (Northeastern U)
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
1 Adaptive Witness Encryption and Asymmetric Password-based Cryptography PKC 2015 March 31, 2015 Mihir Bellare UC San Diego Viet Tung Hoang University.

1 Adaptive Witness Encryption and Asymmetric Password-based Cryptography PKC 2015 March 31, 2015 Mihir Bellare UC San Diego Viet Tung Hoang University.
Strong Error Detection for Control Units Against Advanced Attackers Kahraman Daglar Akdemir Advisor: Berk Sunar Electrical and Computer Engineering MOTIVATION.

Strong Error Detection for Control Units Against Advanced Attackers Kahraman Daglar Akdemir Advisor: Berk Sunar Electrical and Computer Engineering MOTIVATION.
The Physically Observable Security of Signature Schemes Alexander W. Dent Joint work with John Malone-Lee University of Bristol.

The Physically Observable Security of Signature Schemes Alexander W. Dent Joint work with John Malone-Lee University of Bristol.

Similar presentations

Ads by Google