• Home

  • Documents

  • Cryptography Against Physical Attacks Dana Dachman-Soled University of Maryland

If you can't read please download the document

Cryptography Against Physical Attacks Dana Dachman-Soled University of Maryland

Embed Size (px)

DESCRIPTION

Attacks Even on “provably secure” schemes such as RSA Problem: Attacks were not captured by the theoretical threat model. Focus today: Secure Computation in the presence of Physical Attacks.

Citation preview

Cryptography Against Physical Attacks Dana Dachman-Soled University of Maryland Cryptography Public Key Encryption Digital Signatures Secure Multiparty Computation Attacks Even on provably secure schemes such as RSA Problem: Attacks were not captured by the theoretical threat model. Focus today: Secure Computation in the presence of Physical Attacks. Physical Attacks Can run implementation specific attacks Attacks that compromise the security of a system by exploiting physical properties of implementations. Leakage attackspassively leak some function of the honest partys secret state: Timing attacks [Kocher96,] Power attacks [Kocher-Jaffe-Jun99,] Acoustic attacks [Shamir-Tromer04] Examples of Physical Attacks Tampering attacksactively disrupt honest partys computation while observing input/output behavior. Fault attacks [Boneh-DeMillo-Lipton97, Biham-Shamir98,..] Radiation attacks Examples of Physical Attacks Roadmap Protection against tampering and leakage on Random Access Memory (RAM). Protection against tampering on circuit wires (fault induction). Roadmap Protection against tampering and leakage on Random Access Memory (RAM). Protection against tampering on circuit wires (fault induction). Non-Malleable Codes Standard way of protecting secret key stored in memory against tampering. A coding scheme has two algorithms: (Encode, Decode) Non-malleable codes: by tampering with the codeword, the underlying message is either the same or unrelated. Message m Codeword c=Encode(m) c - unchanged Encode(m) - Unrelated m Encode Leakage Resilient Codes Getting partial information about the codeword does not reveal the underlying message Codeword c=Encode(m) The underlying message ??? Partial codeword Problem Locally Decodable and Updatable Codes m1m1 m2m2 mnmn Message C1C1 C2C2 C3C3 C N-1 CNCN Codeword Encode Decode(i): Take input an index i, read a few blocks of the codeword and output m i Decode(i): Take input an index i, read a few blocks of the codeword and output m i Update(j, m): Take inputs an index j and a new message m, update a few blocks of the codeword Update(j, m): Take inputs an index j and a new message m, update a few blocks of the codeword Achieve all three properties! Leakage resilience, non-malleability, locality Non-malleability in our setting: Tampering function either: 1.Destroy several blocks (keeps others unchanged), or 2.Change everything to unrelated messages Putting It Together C1C1 C2C2 C3C3 C N-1 CNCN Decode(i) outputs Error while others unchanged C 1 C 2 C 3 C N-1 C N Decodes of all positions become unrelated Tamper and Leakage Resilience For RAM Computation CPU Random Access Memory (RAM) Our new code, together with an ORAM scheme, protects against physical attacks on random access memory. Store an encoding of Data in RAM-- Encode(ORAM(Data)) Write(j,m): Use Update(j,m) Read(i): Use Decode(i) Our Results [D, Liu, Shi, Zhou, TCC 15] Concepts: propose a new notion that captures all three properties Constructions: two efficient new constructions, achieving different levels of security Applications: using our new tool to protect RAM computation against memory attacks. Analogous to using regular non-malleable codes to protect circuit computation Encode(Data) Our code protects data against physical attacks! Future/Ongoing Work Beyond hardware tampering, Locally Decodable and Updatable Non-Malleable Codes seem to be useful in server-client settings as well. Server is infected with a virus which both downloads sensitive data but also modifies data. Assume the virus is limited in how much data it can download at once. Construct locally decodable and updatable non-malleable codes against a class of leakage and tampering functions that correspond to capabilities of virus (bounded retrieval). Roadmap Protection against tampering and leakage on Random Access Memory (RAM). Protection against tampering on circuit wires (fault induction). Public input Example: Circuit computes a signature using: Secret key stored in memory Public message submitted by adversary Public input Choose tampering function Tamper with constant (1/k) fraction of total number of wires Public input Receive output of tampered circuit Security: Learn nothing beyond input/output behavior of untampered circuit. Attacker can run the circuit and tamper over and over. Tampering with memory is persistent. Our Results [D, Kalai, CRYPTO 12 & TCC 14] Memory: S = ECC(s) Encoding of Input Circuit Computation PCPP Computation PCPP Verification Error CascadeOutput Input: x X = ECC(x) b Future/Ongoing Work Protect against simultaneous leakage and tampering. Protect against larger classes of tampering Tampering on some subset of wires depends on the values of another subset of wires. Thank you! Dana Dachman-Soled


Cryptography - Report Advanced Cryptography Standard AES.pdf

Cryptography - Report Advanced Cryptography Standard AES.pdf

Documents
Innovative field of cryptography: DNA cryptography

Innovative field of cryptography: DNA cryptography

Documents
Bronson Jastrow. Outline What is cryptography? Symmetric Key Cryptography Public Key Cryptography How Public Key Cryptography Works Authenticating

Bronson Jastrow. Outline What is cryptography? Symmetric Key Cryptography Public Key Cryptography How Public Key Cryptography Works Authenticating

Documents
Cryptography - A Reviewweb.cse.msstate.edu/~ramkumar/review1.pdfSymmetric Cryptography Asymmetric Cryptography Key Management Network Security Symmetric Cryptography Overview Block

Cryptography - A Reviewweb.cse.msstate.edu/~ramkumar/review1.pdfSymmetric Cryptography Asymmetric Cryptography Key Management Network Security Symmetric Cryptography Overview Block

Documents
Simple, Black-Box Constructions of Adaptively Secure Protocols joint work with Dana Dachman-Soled (Columbia University), Tal Malkin (Columbia University),

Simple, Black-Box Constructions of Adaptively Secure Protocols joint work with Dana Dachman-Soled (Columbia University), Tal Malkin (Columbia University),

Documents
Overview of Cryptography What is Cryptography? Cryptography is a collection of mathematical techniques for protecting information. Cryptography is

Overview of Cryptography What is Cryptography? Cryptography is a collection of mathematical techniques for protecting information. Cryptography is

Documents
Dachman Laura - Deserturi Minunate ro

Dachman Laura - Deserturi Minunate ro

Documents
Beginning Cryptography With Java - Symmetric Key Cryptography

Beginning Cryptography With Java - Symmetric Key Cryptography

Documents
Programa 5s Soled

Programa 5s Soled

Documents
Cryptography 2017 - Chalmers · Cryptography 2017 Introduction ... J. Katz, Y. Lindell, Introduction to Modern Cryptography, ... Introduction Why study cryptography?

Cryptography 2017 - Chalmers · Cryptography 2017 Introduction ... J. Katz, Y. Lindell, Introduction to Modern Cryptography, ... Introduction Why study cryptography?

Documents
TENNIS ES · 2019-12-21 · Tennis shoes onl. Due to the ourt surfae, shoes must e of the proper tread design for tennis (i.e. soft soled). lak -soled shoes, or intended for jogging

TENNIS ES · 2019-12-21 · Tennis shoes onl. Due to the ourt surfae, shoes must e of the proper tread design for tennis (i.e. soft soled). lak -soled shoes, or intended for jogging

Documents
Improved Non-Committing Encryption with Application to Adaptively Secure Protocols joint work with Dana Dachman-Soled (Columbia Univ.), Tal Malkin (Columbia

Improved Non-Committing Encryption with Application to Adaptively Secure Protocols joint work with Dana Dachman-Soled (Columbia Univ.), Tal Malkin (Columbia

Documents
On Minimal Assumptions for Sender-Deniable Public Key Encryption Dana Dachman-Soled University of Maryland

On Minimal Assumptions for Sender-Deniable Public Key Encryption Dana Dachman-Soled University of Maryland

Documents
f^a&efv rxe^JiPr · They ax^ all very casual about footwear, preferring the soft, heel-less moccasin type boot or the rope-soled canvas alpargata, to a hard soled ridingboot. Some

f^a&efv rxe^JiPr · They ax^ all very casual about footwear, preferring the soft, heel-less moccasin type boot or the rope-soled canvas alpargata, to a hard soled ridingboot. Some

Documents
Quantum computing, teleportation, cryptography Computing Teleportation Cryptography

Quantum computing, teleportation, cryptography Computing Teleportation Cryptography

Documents
Welcome to ENEE244-02xx Digital Logic Design Instructor: Dana Dachman-Soled TA: Nathan Sesto UTFs: Max DePalma (201,202) Jordan Appler (203,204)

Welcome to ENEE244-02xx Digital Logic Design Instructor: Dana Dachman-Soled TA: Nathan Sesto UTFs: Max DePalma (201,202) Jordan Appler (203,204)

Documents
Advanced Cryptography Isogeny-based Cryptography

Advanced Cryptography Isogeny-based Cryptography

Documents
Rehearsal Injuries in Soft-Soled Character Shoes: Injury

Rehearsal Injuries in Soft-Soled Character Shoes: Injury

Documents
Cryptography - Coding and Cryptography

Cryptography - Coding and Cryptography

Documents
Lighting SOLED - products

Lighting SOLED - products

Technology
Atlas of Virtual Colonoscopy 2nd ed - A. Dachman, A. Laghi (Springer, 2011) WW

Atlas of Virtual Colonoscopy 2nd ed - A. Dachman, A. Laghi (Springer, 2011) WW

Documents
Palladium Cryptography Palladium Cryptography Next ... · Palladium Cryptography Palladium Cryptography Next Generation Security Computation Base Harshwardhan Rathore, Asst. Prof

Palladium Cryptography Palladium Cryptography Next ... · Palladium Cryptography Palladium Cryptography Next Generation Security Computation Base Harshwardhan Rathore, Asst. Prof

Documents
Oblivious Network RAM and Leveraging Parallelism to ... · Oblivious Network RAM and Leveraging Parallelism to Achieve Obliviousness Dana Dachman-Soled 1,3Chang Liu2 y Charalampos

Oblivious Network RAM and Leveraging Parallelism to ... · Oblivious Network RAM and Leveraging Parallelism to Achieve Obliviousness Dana Dachman-Soled 1,3Chang Liu2 y Charalampos

Documents
Lighting inspirations - SOLED

Lighting inspirations - SOLED

Design
Soft soled moccasins

Soft soled moccasins

Business
Notes on cryptography · Notes on cryptography ... 5 Public-key cryptography: RSA and El-Gamal 83 ... 1.2 Steganography and cryptography

Notes on cryptography · Notes on cryptography ... 5 Public-key cryptography: RSA and El-Gamal 83 ... 1.2 Steganography and cryptography

Documents
Information Security Cryptography ( L03- Old Cryptography Algorithms )

Information Security Cryptography ( L03- Old Cryptography Algorithms )

Technology
Urban lighting luminaire SOLED - Agen lampe med led aec... · 2014. 5. 21. · Soled is a post-top luminaire equipped with LED technology and HID sources. It is featured by a modern

Urban lighting luminaire SOLED - Agen lampe med led aec... · 2014. 5. 21. · Soled is a post-top luminaire equipped with LED technology and HID sources. It is featured by a modern

Documents
An Introduction to Lattice-Based Cryptographydanadach/Cryptography_20/...An Introduction to Lattice-Based Cryptography Dana Dachman-Soled University of Maryland danadach@umd.edu Traditional

An Introduction to Lattice-Based Cryptographydanadach/Cryptography_20/...An Introduction to Lattice-Based Cryptography Dana Dachman-Soled University of Maryland [email protected] Traditional

Documents
ECE578 Cryptography 5: Hash Functions, Asymmetric Cryptography

ECE578 Cryptography 5: Hash Functions, Asymmetric Cryptography

Documents