Fortified Multi-Party Computation: Taking Advantage of Simple Secure Hardware Modules

In practice, there are numerous settings where mutually distrusting parties need to perform distributed computations on their private inputs. For instance, participants in a first-price sealed-bid online auction do not want their bids to be disclosed. This problem can be addressed using secure multi-party computation (MPC), where parties can evaluate a publicly known function on their private inputs by executing a specific protocol that only reveals the correct output, but nothing else about the private inputs. Such distributed computations performed over the Internet are susceptible to remote hacks that may take place during the computation. As a consequence, sensitive data such as private bids may leak. All existing MPC protocols do not provide any protection against the consequences of such remote hacks. We present the first MPC protocols that protect the remotely hacked parties’ inputs and outputs from leaking. More specifically, unless the remote hack takes place before the party received its input or all parties are corrupted, a hacker is unable to learn the parties’ inputs and outputs, and is also unable to modify them. We achieve these strong (privacy) guarantees by utilizing the fact that in practice parties may not be susceptible to remote attacks at every point in time, but only while they are online, i.e. able to receive messages. To this end, we model communication via explicit channels. In particular, we introduce channels with an airgap switch (disconnectable by the party in control of the switch), and unidirectional data diodes. These channels and their isolation properties, together with very few, similarly simple and plausibly remotely unhackable hardware modules serve as the main ingredient for attaining such strong security guarantees. In order to formalize these strong guarantees, we propose the UC with Fortified Security (UC#) framework, a variant of the Universal Composability (UC) framework

Fortified Universal Composability: Taking Advantage of Simple Secure Hardware Modules

Adaptive security is the established way to capture adversaries breaking into computers during secure computations. However, adaptive security does not prevent remote hacks where adversaries learn and modify a party’s secret inputs and outputs. We initiate the study of security notions which go beyond adaptive security. To achieve such a strong security notion, we utilize realistic simple remotely unhackable hardware modules such as air-gap switches and data diodes together with isolation assumptions. Such hardware modules have, to the best of our knowledge, not been used for secure multi-party computation so far. As a result, we are able to construct protocols with very strong composable security guarantees against remote hacks, which are not provided by mere adaptive security. We call our new notion Fortified UC security. Using only very few and very simple remotely unhackable hardware modules, we construct protocols where mounting remote attacks does not enable an adversary to learn or modify a party’s inputs and outputs unless he hacks a party via the input port before it has received its (first) input (or gains control over all parties). Hence, our protocols protect inputs and outputs against all remote attacks, except for hacks via the input port while a party is waiting for input. To achieve this level of security, the parties’ inputs and outputs are authenticated, masked and shared in our protocols in such a way that an adversary is unable to learn or modify them when gaining control over a party via a remote hack. It is important to note that the remotely unhackable hardware modules applied in this work are based on substantially weaker assumptions than the hardware tokens proposed by Katz at EUROCRYPT ‘07. In particular, they are not assumed to be physically tamper-proof, can thus not be passed to other (possibly malicious) parties, and are therefore not sufficient to circumvent the impossibility results in the Universal Composability (UC) framework. Our protocols therefore rely on well-established UC-complete setup assumptions in tandem with our remotely unhackable hardware modules to achieve composability

Bingo Voting: Secure and coercion-free voting using a trusted random number generator

It is debatable if current direct-recording electronic voting machines can sufficiently be trusted for a use in elections. Reports about malfunctions and possible ways of manipulation abound. Voting schemes have to fulfill seemingly contradictory requirements: On one hand the election process should be verifiable to prevent electoral fraud and on the other hand each vote should be deniable to avoid coercion and vote buying. This work presents a new verifiable and coercion-free voting scheme Bingo Voting, which is based on a trusted random number generator. As a motivation for the new scheme two coercion/vote buying attacks on voting schemes are presented which show that it can be dangerous to let the voter contribute randomness to the voting scheme. A proof-of-concept implementation of the scheme shows the practicality of the scheme: all costly computations can be moved to a non time critical pre-voting phase

Concurrently Composable Security with Shielded Super-Polynomial Simulators

We propose a new framework for concurrently composable security that relaxes the security notion of UC security. As in previous frameworks, our notion is based on the idea of providing the simulator with super-polynomial resources. However, in our new framework simulators are only given restricted access to the results computed in super-polynomial time. This is done by modeling the super-polynomial resource as a stateful oracle that may directly interact with a functionality without the simulator seeing the communication. We call these oracles shielded oracles. Our notion is fully compatible with the UC framework, i.e., protocols proven secure in the UC framework remain secure in our framework. Furthermore, our notion lies strictly between SPS and Angel-based security, while being closed under protocol composition. Shielding away super-polynomial resources allows us to apply new proof techniques where we can replace super-polynomial entities by indistinguishable polynomially bounded entities. This allows us to construct secure protocols in the plain model using weaker primitives than in previous composable frameworks involving simulators with super-poly resources. In particular, we only use non-adaptive-CCA-secure commitments as a building block in our constructions. As a feasibility result, we present a constant-round general MPC protocol in the plain model based on standard assumptions that is secure in our framework

Enhancing Electronic Voting Machines on the Example of Bingo Voting

No description supplie

Evaluating a proof-of-concept approach of the german health telematics infrastructure in the context of discharge management

Although national eHealth strategies have existed now for more than a decade in many countries, they have been implemented with varying success. In Germany, the eHealth strategy so far has resulted in a roll out of electronic health cards for all citizens in the statutory health insurance, but in no clinically meaningful IT-applications. The aim of this study was to test the technical and organisation feasibility, usability, and utility of an eDischarge application embedded into a laboratory Health Telematics Infrastructure (TI). The tests embraced the exchange of eDischarge summaries based on the multiprofessional HL7 eNursing Summary standard between a municipal hospital and a nursing home. All in all, 36 transmissions of electronic discharge documents took place. They demonstrated the technical-organisation feasibility and resulted in moderate usability ratings. A comparison between eDischarge and paper-based summaries hinted at higher ratings of utility and information completeness for eDischarges. Despite problems with handling the electronic health card, the proof-of-concept for the first clinically meaningful IT-application in the German Health TI could be regarded as successful

Evaluation einer elektronisch unterstützten pflegerischen Überleitung zwischen Krankenhaus und Pflegeheim unter Nutzung einer Test-Telematikinfrastruktur: eine Fallanalyse

Background: Improper information transmission can lead to compromised patient safety and quality of life when patients are transferred from one setting to another. Electronic instruments may improve this situation, however, they are rarely used. Objective: The aim of this study therefore was to investigate the technical and organizational feasibility, usability, usefulness and completeness of an electronic instrument that is based on the German HL7 CDA standard for eNursing Summaries.Materials and methods: To this end, a test health telematics infrastructure, which included the German electronic health card, was established and nursing summary application was developed that allowed summary documents to be communicated between a hospital and a nursing home. The users were asked to evaluate the usability of the nursing summary application as well as to compare the usefulness and completeness of electronically and paper transmitted information.Results: This study demonstrated the feasibility of implementing an electronic nursing summary application that was based on the German HL7 CDA standard eNursing Summary and that was integrated in a test health telematics infrastructure. It could also be shown that the users rated this application as usable and that electronically supported patient transfers were superior to paper based ones. The use of the German electronic health card was regarded as a barrier by the users.Discussion: This study emphasizes the feasibility, relevance and barriers of electronically supported transfers of patients with nursing needs. Nurses working in hospitals and long-term care can integrate an application based on the HL7 CDA Standard ePfgebericht into their working processes and get better and more complete information. To ensure continuity of care in a sustainable manner in the future, the German HL7 CDA based eNursing Summary standard should become part of the German telematics infrastructure