1,705 research outputs found
A Tamper and Leakage Resilient von Neumann Architecture
We present a universal framework for tamper and leakage resilient computation on a von
Neumann Random Access Architecture (RAM in short). The RAM has one CPU that accesses
a storage, which we call the disk. The disk is subject to leakage and tampering. So is the bus
connecting the CPU to the disk. We assume that the CPU is leakage and tamper-free. For
a fixed value of the security parameter, the CPU has constant size. Therefore the code of the
program to be executed is stored on the disk, i.e., we consider a von Neumann architecture. The
most prominent consequence of this is that the code of the program executed will be subject to
tampering.
We construct a compiler for this architecture which transforms any keyed primitive into a
RAM program where the key is encoded and stored on the disk along with the program to
evaluate the primitive on that key. Our compiler only assumes the existence of a so-called
continuous non-malleable code, and it only needs black-box access to such a code. No further
(cryptographic) assumptions are needed. This in particular means that given an information
theoretic code, the overall construction is information theoretic secure.
Although it is required that the CPU is tamper and leakage proof, its design is independent
of the actual primitive being computed and its internal storage is non-persistent, i.e., all secret
registers are reset between invocations. Hence, our result can be interpreted as reducing the
problem of shielding arbitrary complex computations to protecting a single, simple yet universal
component
The chaining lemma and its application
We present a new information-theoretic result which we call the Chaining Lemma. It considers a so-called âchainâ of random variables, defined by a source distribution X(0)with high min-entropy and a number (say, t in total) of arbitrary functions (T1,âŠ, Tt) which are applied in succession to that source to generate the chain (Formula presented). Intuitively, the Chaining Lemma guarantees that, if the chain is not too long, then either (i) the entire chain is âhighly randomâ, in that every variable has high min-entropy; or (ii) it is possible to find a point j (1 †j †t) in the chain such that, conditioned on the end of the chain i.e. (Formula presented), the preceding part (Formula presented) remains highly random. We think this is an interesting information-theoretic result which is intuitive but nevertheless requires rigorous case-analysis to prove. We believe that the above lemma will find applications in cryptography. We give an example of this, namely we show an application of the lemma to protect essentially any cryptographic scheme against memory tampering attacks. We allow several tampering requests, the tampering functions can be arbitrary, however, they must be chosen from a bounded size set of functions that is fixed a prior
Revisiting the Sanders-Freiman-Ruzsa Theorem in and its Application to Non-malleable Codes
Non-malleable codes (NMCs) protect sensitive data against degrees of
corruption that prohibit error detection, ensuring instead that a corrupted
codeword decodes correctly or to something that bears little relation to the
original message. The split-state model, in which codewords consist of two
blocks, considers adversaries who tamper with either block arbitrarily but
independently of the other. The simplest construction in this model, due to
Aggarwal, Dodis, and Lovett (STOC'14), was shown to give NMCs sending k-bit
messages to -bit codewords. It is conjectured, however, that the
construction allows linear-length codewords. Towards resolving this conjecture,
we show that the construction allows for code-length . This is achieved
by analysing a special case of Sanders's Bogolyubov-Ruzsa theorem for general
Abelian groups. Closely following the excellent exposition of this result for
the group by Lovett, we expose its dependence on for the
group , where is a prime
Efficiently Testable Circuits
In this work, we put forward the notion of "efficiently testable circuits" and provide circuit compilers that transform any circuit into an efficiently testable one. Informally, a circuit is testable if one can detect tampering with the circuit by evaluating it on a small number of inputs from some test set.
Our technical contribution is a compiler that transforms any circuit C into a testable circuit (C?,??) for which we can detect arbitrary tampering with all wires in C?. The notion of a testable circuit is weaker or incomparable to existing notions of tamper-resilience, which aim to detect or even correct for errors introduced by tampering during every query, but our new notion is interesting in several settings, and we achieve security against much more general tampering classes - like tampering with all wires - with very modest overhead.
Concretely, starting from a circuit C of size n and depth d, for any L (think of L as a small constant, say L = 4), we get a testable (C?,??) where C? is of size ? 12n and depth d+log(n)+L? n^{1/L}. The test set ?? is of size 4? 2^L. The number of extra input and output wires (i.e., pins) we need to add for the testing is 3+L and 2^L, respectively
On the Duality of Probing and Fault Attacks
In this work we investigate the problem of simultaneous privacy and integrity
protection in cryptographic circuits. We consider a white-box scenario with a
powerful, yet limited attacker. A concise metric for the level of probing and
fault security is introduced, which is directly related to the capabilities of
a realistic attacker. In order to investigate the interrelation of probing and
fault security we introduce a common mathematical framework based on the
formalism of information and coding theory. The framework unifies the known
linear masking schemes. We proof a central theorem about the properties of
linear codes which leads to optimal secret sharing schemes. These schemes
provide the lower bound for the number of masks needed to counteract an
attacker with a given strength. The new formalism reveals an intriguing duality
principle between the problems of probing and fault security, and provides a
unified view on privacy and integrity protection using error detecting codes.
Finally, we introduce a new class of linear tamper-resistant codes. These are
eligible to preserve security against an attacker mounting simultaneous probing
and fault attacks
Non-Malleable Codes for Partial Functions with Manipulation Detection
Non-malleable codes were introduced by Dziembowski, Pietrzak and Wichs (ICS
\u2710) and its main application is the protection of cryptographic devices
against tampering attacks on memory. In this work, we initiate a comprehensive
study on non-malleable codes for the class of partial functions, that
read/write on an arbitrary subset of codeword bits with specific cardinality.
Our constructions are efficient in terms of information rate, while allowing
the attacker to access asymptotically almost the entire codeword. In addition,
they satisfy a notion which is stronger than non-malleability, that we call
non-malleability with manipulation detection, guaranteeing that any modified
codeword decodes to either the original message or to . Finally, our
primitive implies All-Or-Nothing Transforms (AONTs) and as a result our
constructions yield efficient AONTs under standard assumptions (only one-way
functions), which, to the best of our knowledge, was an open question until
now. In addition to this, we present a number of additional applications of
our primitive in tamper resilience
Security of Electrical, Optical and Wireless On-Chip Interconnects: A Survey
The advancement of manufacturing technologies has enabled the integration of
more intellectual property (IP) cores on the same system-on-chip (SoC).
Scalable and high throughput on-chip communication architecture has become a
vital component in today's SoCs. Diverse technologies such as electrical,
wireless, optical, and hybrid are available for on-chip communication with
different architectures supporting them. Security of the on-chip communication
is crucial because exploiting any vulnerability would be a goldmine for an
attacker. In this survey, we provide a comprehensive review of threat models,
attacks, and countermeasures over diverse on-chip communication technologies as
well as sophisticated architectures.Comment: 41 pages, 24 figures, 4 table
Efficiently Testable Circuits without Conductivity
The notion of ``efficiently testable circuits\u27\u27 (ETC) was recently put forward by Baig et al.~(ITCS\u2723). Informally, an ETC compiler takes as input any Boolean circuit and outputs a circuit/inputs tuple where (completeness) is functionally equivalent to
and (security) if is tampered in some restricted way, then this can be detected as will err on at least one input in the small test set . The compiler of Baig et al. detects tampering even if the adversary can tamper with \emph{all} wires in the compiled circuit. Unfortunately, the model requires a strong ``conductivity\u27\u27 restriction: the compiled circuit has gates with fan-out up to 3, but wires can only be tampered in one way even if they have fan-out greater than one. In this paper, we solve the main open question from their work and construct an ETC compiler without this conductivity restriction.
While Baig et al. use gadgets computing the AND and OR of particular subsets of the wires, our compiler computes inner products with random vectors. We slightly relax their security notion and only require that tampering is detected with high probability over the choice of the randomness.
Our compiler increases the size of the circuit by
only a small constant factor. For a parameter (think ), the number of additional input and output wires is , while the number of test queries to detect an error with constant probability is around
Non-Malleable Codes for Bounded Depth, Bounded Fan-in Circuits
We show how to construct efficient, unconditionally secure non-malleable codes for bounded output locality. In particular, our scheme is resilient against functions such that any output bit is dependent on at most bits, where is the total number of bits in a codeword and a constant. Notably, this tampering class includes
Locally Decodable and Updatable Non-Malleable Codes and Their Applications
Non-malleable codes, introduced as a relaxation of error-correcting codes by Dziembowski, Pietrzak and Wichs (ICS \u2710), provide the security guarantee that the message contained in a tampered codeword is either the same as the original message or is set to an unrelated value. Various applications of non-malleable codes have been discovered, and one of the most significant applications among these is the connection with tamper-resilient cryptography. There is a large body of work considering security against various classes of tampering functions, as well as non-malleable codes with enhanced features such as leakage resilience.
In this work, we propose combining the concepts of non-malleability, leakage resilience, and locality in a coding scheme. The contribution of this work is three-fold:
1. As a conceptual contribution, we define a new notion of locally decodable and updatable non-malleable code that combines the above properties.
2. We present two simple and efficient constructions achieving our new notion with different levels of security.
3. We present an important application of our new tool--securing RAM computation against memory tampering and leakage attacks. This is analogous to the usage of traditional non-malleable codes to secure implementations in the circuit model against memory tampering and leakage attacks
- âŠ