A Tamper and Leakage Resilient von Neumann Architecture

Slides:

Advertisements

Similar presentations

PRATYAY MUKHERJEE AARHUS UNIVERSITY AARHUS UNIVERSITY PRATYAY MUKHERJEE 25. FEB 2014 CONTINUOUS NON-MALLEABLE CODES JOINT WORK WITH SEBASTIAN FAUST, JESPER.

Advertisements

Efficient Non-Malleable Codes and Key-derivations against Poly-size Tampering Circuits PRATYAY MUKHERJEE (Aarhus University) Joint work with Sebastian.

PRATYAY MUKHERJEE Aarhus University Joint work with

Circuits Resilient to Additive Manipulation with Applications to Secure Computation Yuval Ishai Technion Daniel Genkin Manoj Prabhakaran Amit Sahai Eran.

Private Circuits Protecting Circuits Against Side-Channel Attacks Yuval Ishai Technion & UCLA Based on joint works with Manoj Prabhakaran, Amit Sahai,

A Rate-Optimizing Compiler for Non- malleable Codes against Bit-wise Tampering and Permutations Shashank Agrawal (UIUC), Divya Gupta (UCLA), Hemanta K.

LEAKAGE and TAMPER Resilient Random Access Machine (LTRAM) Pratyay Mukherjee Aarhus University Joint work with Sebastian Faust, Jesper Buus Nielsen and.

NON-MALLEABLE CODES AND TAMPER-RESILIENT SECURITY ( ICS 2010 ) Joint work with: Stefan Dziembowski, Krzysztof Pietrzak Speaker: Daniel Wichs.

Protecting Circuits from Leakage the computationally bounded and noisy cases Sebastian Faust Eurocrypt 2010, Nice Joint work with KU Leuven Tal Rabin Leo.

PRATYAY MUKHERJEE AARHUS UNIVERSITY AARHUS UNIVERSITY PRATYAY MUKHERJEE 28. MARCH 2014 NEW RESULTS IN NON-MALLEABLE CODES PRATYAY MUKHERJEE 28. MARCH 2014.

TAMPER DETECTION AND NON-MALLEABLE CODES Daniel Wichs (Northeastern U)

Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland.

Strong Error Detection for Control Units Against Advanced Attackers Kahraman Daglar Akdemir Advisor: Berk Sunar Electrical and Computer Engineering MOTIVATION.

Chapter 5: Computer Systems Organization Invitation to Computer Science, Java Version, Third Edition.

Cryptography in The Presence of Continuous Side-Channel Attacks Ali Juma University of Toronto Yevgeniy Vahlis Columbia University.

1 Sec (2.1) Computer Architectures. 2 For temporary storage of information, the CPU contains cells, or registers, that are conceptually similar to main.

©TheMcGraw-Hill Companies, Inc. Permission required for reproduction or display. COMPSCI 125 Introduction to Computer Science I.

Leakage-Resilient Storage Francesco Davì Stefan Dziembowski Daniele Venturi SCN /09/2010 Sapienza University of Rome.

CS 1308 Computer Literacy and the Internet Computer Systems Organization.

Levels of Architecture & Language CHAPTER 1 © copyright Bobby Hoggard / material may not be redistributed without permission.

Computer Organization - 1. INPUT PROCESS OUTPUT List different input devices Compare the use of voice recognition as opposed to the entry of data via.

RESOURCE GUIDE STORED PROGRAM CONCEPT. Understand how the von Neumann architecture is constructed. Understand how the von Neumann architecture works.

Computer Science 101 Computer Systems Organization.

Computer System Internal components - The processor - Main memory - I / O controllers - Buses External components (peripherals). These include: - keyboard.

1 Control Unit Operation and Microprogramming Chap 16 & 17 of CO&A Dr. Farag.

COMPUTER ORGANISATION I HIGHER STILL Computing Computer Systems Higher Marr College Computing Department 2002.

PROTECTING CIRCUITS from LEAKAGE IBM T. J. Watson Vinod Vaikuntanathan the computationally bounded and noisy cases Joint with S. Faust (KU Leuven), L.

Operand Addressing And Instruction Representation Cs355-Chapter 6.

1 Information Security – Theory vs. Reality , Winter Lecture 13: Cryptographic leakage resilience (cont.) Eran Tromer Slides credit:

Protecting Cryptographic Memory against Tampering Attack PRATYAY MUKHERJEE PhD Dissertation Seminar Supervised by Jesper Buus Nielsen October 8, 2015.

CSE115: Introduction to Computer Science I Dr. Carl Alphonce 219 Bell Hall

Cryptography Against Physical Attacks Dana Dachman-Soled University of Maryland

TAMPER DETECTION AND NON-MALLEABLE CODES Daniel Wichs (Northeastern U)

1 Information Security – Theory vs. Reality , Winter Lecture 9: Leakage resilience (continued) Lecturer: Eran Tromer.

Chapter 2 Data Manipulation © 2007 Pearson Addison-Wesley. All rights reserved.

Non-malleable Reductions and Applications Divesh Aggarwal * Yevgeniy Dodis * Tomasz Kazana ** Maciej Obremski ** Non-Malleable Codes from Two-Source Extractors.

Computer Organization

Efficient Leakage Resilient Circuit Compilers

Computers’ Basic Organization

Carmit Hazay (Bar-Ilan University, Israel)

Control Unit Lecture 6.

TCC 2016-B Composable Security in the Tamper-Proof Hardware Model under Minimal Complexity Carmit Hazay Bar-Ilan University, Israel Antigoni Ourania.

Microprocessor and Assembly Language

Processor Organization and Architecture

IB Computer Science Topic 2.1.1

Digital Signature Schemes and the Random Oracle Model

Cryptographic Hash Functions Part I

Intro to Architecture & Organization

Unknown Input Attacks in the Parallel Setting Improving the Security of the CHES 2012 Leakage Resilient PRF Marcel Medwed François-Xavier Standaert Ventzislav.

CSCE Fall 2013 Prof. Jennifer L. Welch.

Cryptography for Quantum Computers

CSCE 121: Simple Computer Model Spring 2015

Introduction to Computer Architecture

Chapter 5: Computer Systems Organization

von Neumann Architecture CPU

GCSE OCR 3 Memory Computer Science J276 Unit 1

Recall: ROM example Here are three functions, V2V1V0, implemented with an 8 x 3 ROM. Blue crosses (X) indicate connections between decoder outputs and.

CSCE Fall 2012 Prof. Jennifer L. Welch.

The Von Neumann Architecture

Provable Security at Implementation-level

Fiat-Shamir for Highly Sound Protocols is Instantiable

Control units In the last lecture, we introduced the basic structure of a control unit, and translated our assembly instructions into a binary representation.

ECE 352 Digital System Fundamentals

What is Computer Architecture?

What is Computer Architecture?

New Frontiers in Secret Sharing

GCSE OCR 1 The CPU Computer Science J276 Unit 1

Information Representation: Machine Instructions

Objectives Describe common CPU components and their function: ALU Arithmetic Logic Unit), CU (Control Unit), Cache Explain the function of the CPU as.

Presentation transcript:

A Tamper and Leakage Resilient von Neumann Architecture Pratyay Mukherjee Aarhus University joint work with Sebastian Faust (EPFL), Jesper Buus Nielsen (Aarhus), Daniele Venturi (La Sapienza, Rome)

Physical Attack on implementations Traditional Crypto: Blackbox Reality: Physical Attacks Main focus tampering Implement input leakage tampered output output

Why care about tampering? BDL’01: Inject single (random) fault to the signing-key of some type of RSA-sig Factor RSA-modulus ! Anderson and Kuhn ’96 Skorobogatov et al. ’02 Coron et al. ’09 …………and many more……. More… Devastating attacks on Provably Secure Crypto-systems!

Theoretical Models of Tampering This talk Memory only tampering (GLMMR ’04) Tamper with both memory and computation (IPSW ’06) F k F k Easier analysis. Lot of positive results In practice hard to guarantee.

Earlier approach: protect circuits against tampering Approach: Model computation as circuits: build circuit compiler which transforms any C to C’ which is protected against tampering First initiative by IPSW06: protects against constant number of wire faults Current best: DK14: Protects against tampering of (1/poly)-fraction of all wires. Analysis complicated: involves tools like PCP. Our goal: simpler framework stronger tampering adversary

Our approach CPU P= (P[1],P[2],…) An alternative model of computation: von Neumann Architecture (vNA)/ Random Access Machine (RAM) P= (P[1],P[2],…) P[1] P[2] CPU Bus Disk

Tamper and leakage resilient vNA NO leak/tamper CPU Bus Disk CPU “small” and “universal” Does not store any secret. otherwise simple solution ! stores an untamperable special purpose bit.

DLSZ15: A concurrent and independent work Our results A general framework to compute any keyed functionality in a tampering-leakage environment. Reducing the problem of shielding arbitrary complex computations to protecting a single, simple,universal component (CPU): Similar in spirit with leakage-resilient computations (GR10) We construct a compiler which turns program P for ideal vNA to a program P’ for vNA under tampering: using non-malleable codes (black-box) Locally Decodable and Updatable Non-Malleable Codes and Their Applications DLSZ15: A concurrent and independent work

The security notion P P’ compiler REAL IDEAL

Modular approach: Hybrid world Q CPU P[4] No leakage Mild tampering: COPY within disk Overwrite

Our construction: Two steps P= (P[1],P[2],…) Compiler Step-1 P P’ Ideal Hybrid I->H Compiler Step-2 P’ P” Hybrid Real H->R Compiler

Step-1: Ideal to Hybrid compiler P= (P[1],P[2],…) P’= (P’[1],P’[2],…) Hybrid Recall : in hybrid model there is only limited tampering: 1. COPY 2. OVERWRITE Augment each P[i] by appending: A secret level L Binds the instructions and secrets Guarantees that if the adversary overwrites instructions, it has to overwrite secrets. Otherwise one can just overwrites instructions to output secrets.

Step-1: Ideal to Hybrid compiler P= (P[1],P[2],…) P’= (P’[1],P’[2],…) Hybrid Recall : in hybrid model there is only limited tampering: 1. COPY 2. OVERWRITE Augment each P[i] by appending: A secret level L The position i Protect against copying from one location to another

Step-2: Hybrid to Real compiler P”= (P”[1],P”[2],…) P’= (P’[1],P’[2],…) Hybrid Idea: Encode each P’[i] such that the adversary can only copy or overwrite Encode using Non-malleable codes Guarantees that if the adversary does not copy the encoding then only can overwrite Then is equal or unrelated to An encoding (ENC, DEC) is non-malleable w.r.t. a function family if the following holds Non-malleable Codes (DPW10)

A suitable instantiation of Non-malleable codes Since the same encoding can be tampered multiple times we will need continuous non-malleable codes Continuous Non-malleable Codes: introduced by FMNV14 Construction works for split-state : codeword has two parts which are independently temperable Needs Common Random String Needs self-destruct

Implementing vNA via FMNV14 code CPU Disk-1 Bus P”[1][1] P”[2][1] NO leak/tamper P”[1][2] P”[2][2] Disk-2 (P”[i][1],P”[i][2])<—ENC(P’[i]) P’[i] accessed bounded no. of times. CNMC protect against bounded leakage the self-destruct flag CPU CRS is part of description and hardwired. stores one untamperable special purpose bit.

Summarizing.. We propose a new framework of protecting computations against tampering (and leakage). Our architecture can withhold significantly stronger tampering: (split-state) than the circuit-oriented approach. Since our transformation from Hybrid to Real uses the CNMC in blackbox way, better construction will improve the overall construction. Future direction: CPU size depends linearly on sec-param since it has to execute DECODE of CNMC. Can we get constant?

Thank You !