Dana Dachman Soled University of Maryland danadacheceumdedu Cryptography Public Key Encryption Digital Signatures Secure Multiparty Computation Attacks Even on provably secure schemes such as RSA ID: 467433
Download Presentation The PPT/PDF document "Cryptography Against Physical Attacks" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Cryptography Against Physical Attacks
Dana
Dachman
-Soled
University of Maryland
danadach@ece.umd.eduSlide2
Cryptography
Public Key Encryption
Digital Signatures
Secure Multiparty ComputationSlide3
Attacks
Even on “provably secure” schemes such as RSA
Problem: Attacks were not captured by
the theoretical threat model
.Focus today: Secure Computation in the presence of Physical Attacks.Slide4
Physical Attacks
Can run implementation specific attacks
Attacks that compromise the security of a system by exploiting physical properties of implementations.Slide5
Leakage attacks
—p
assively
leak some function of the honest party’s secret state:Timing attacks [Kocher96,…]
Power attacks [Kocher-Jaffe-Jun99,…]Acoustic attacks [Shamir-Tromer04]
Examples of Physical AttacksSlide6
Tampering attacks
—actively disrupt honest party’s computation while observing input/output behavior.
Fault attacks
[Boneh-DeMillo-Lipton97,
Biham-Shamir98, ..]Radiation attacks
Examples of Physical AttacksSlide7
Roadmap
Protection against tampering and leakage on Random Access Memory (RAM).
Protection against tampering on circuit wires (fault induction).Slide8
Roadmap
Protection against tampering and leakage on Random Access Memory (RAM).
Protection against tampering on circuit wires (fault induction).Slide9
Non-Malleable Codes
Standard way of protecting
secret key
stored in memory against
tampering
.
A
coding scheme has two algorithms: (Encode, Decode)
Non-malleable codes: by
tampering
with the
codeword
, the underlying message is
either the same or unrelated.
Message
m
Codeword
c=Encode(m
)
c
- unchanged
Encode(m’)
- Unrelated
m’
EncodeSlide10
Leakage Resilient Codes
Getting
partial
information about the
codeword
does
not
reveal the underlying message
Codeword
c=Encode(m
)
The underlying message ???
Partial
codewordSlide11
Problem
Non-malleable codes are entirely unsuitable for random access computation!
Message
, encoded as
.
In order to decode and recover some , the entire codeword needs to be accessed.In order to update
, must re-encode the entire message
.
If non-malleable code is used to encode blocks of RAM
individually
, security guarantees
do not hold
.
Simple attacks against existing
schems
.
Slide12
Locally Decodable and
Updatable Codes
m
1
m
2
…m
n
Message
C
1
C
2
C
3
…
C
N-1
C
N
Codeword
Encode
Decode(
i
):
Take input an index
i
,
read
a few blocks of the
codeword
and output
m
i
Update(j, m’)
:
Take
inputs
an index
j
and a new message m’,
update
a few blocks of the
codewordSlide13
Achieve
all three
properties!
Leakage resilience, non-malleability, localityNon-malleability in our setting: Tampering function either:
Destroy several blocks (keeps others unchanged), or Change everything to unrelated messages
Putting It TogetherC1
C2
C
3
…
C
N-1
C
N
Decode(
i
) outputs
“Error” while others
unchanged
C’
1
C’
2
C’
3
…
C’
N-1
C’
N
Decodes of
all
positions become
unrelatedSlide14
Tamper and Leakage Resilience
For RAM
Computation
CPU
Random Access Memory (RAM)
Our new code, together with an ORAM scheme, protects against physical attacks on random access memory.
Store an encoding of
Data
in RAM
-- Encode(ORAM(
Data
))
Write(
j,m
’):
Use Update(
j,m’) Read(i): Use Decode(
i
) Slide15
Our
Results
[D, Liu, Shi, Zhou, TCC ‘15]
Concepts
: propose a
new notion
that captures all three properties
Constructions: two efficient new constructions, achieving different levels of security
Applications
: using our new tool to protect
RAM
computation against
memory
attacks. Analogous to using regular non-malleable codes to protect circuit computation
Encode(Data)
Our code protects data against physical attacks!Slide16
Future/Ongoing Work
Beyond hardware tampering,
Locally Decodable and Updatable Non-Malleable Codes
seem to be useful in server-client settings as well.
Server is infected with a virus which both downloads sensitive data but also
modifies
data.
Assume the virus is limited in how much data it can download at once.Construct locally decodable and updatable non-malleable codes against a class of leakage and tampering functions that correspond to capabilities of virus (bounded retrieval
).Slide17
Roadmap
Protection against tampering and leakage on Random Access Memory (RAM).
Protection against tampering on circuit wires (fault induction). Slide18
Attack Model:
i-th
run of circuit
Memory
Secret
Public input
Choose public input
Example: Circuit computes a signature using:
Secret key stored in memory
Public message submitted by adversarySlide19
Attack Model:
i-th
run of circuit
Memory
Secret
Public input
_
Choose tampering function
Tamper with constant
(1/k)
fraction
of total number of wiresSlide20
Attack Model:
i-th
run of circuit
Memory
Secret
Public input
Receive output of tampered circuit
Security: Learn nothing beyond input/output behavior of untampered circuit.
Attacker can run the circuit and tamper over and over. Tampering with memory is
persistent
.Slide21
Our Results
[
D
, Kalai, CRYPTO ’12 & TCC ‘14]
Construct an efficient circuit compiler :Takes any private circuit and converts it to another circuit
, which has the same input-output behavior but is tamper-resilient.Tamper resilience: Whatever an adversary can learn by arbitrarily tampering with a constant (
1/k) fraction of wires in each run, he can learn with just logarithmic leakage (no leakage) on the secret state.Logarithmic leakage is so small that in most cases underlying scheme remains secure.
Slide22
Memory: S = ECC(s)
Encoding of Input
Circuit Computation
PCPP Computation
PCPP Verification
Error Cascade
Output
Input: x
X = ECC(x)
b
Slide23
Future/Ongoing Work
Protect against simultaneous leakage and tampering.
Protect against larger classes of tampering
Tampering on some subset of wires depends on the values of another subset of wires.Slide24
Thank you!
Dana
Dachman
-Soleddanadach@ece.umd.edu