430 likes | 545 Vues
Joint work with: Stefan Dziembowski , Krzysztof Pietrzak. Non-Malleable Codes and Tamper-Resilient Security. Speaker: Daniel Wichs. ( ICS 2010 ). Physical Attacks. Leakage: Adv observes physical output of the device.
E N D
Joint work with: Stefan Dziembowski, Krzysztof Pietrzak Non-Malleable CodesandTamper-Resilient Security Speaker: Daniel Wichs ( ICS 2010 )
Physical Attacks • Leakage: Adv observes physical output of the device. • Tampering: Adv modifies internal state and interacts with tampered device.
Example Signature infrastructure using secure tokens (no PKI). • All tokens have the same secret signing key sk. • Each token has a unique userID. • On input message m,token signs (userID, m). m Signsk(userID, m) (userID, sk)
Example: Signsk(userID, m) Can we attack scheme with simple physical attacks? • Attack 1 (RSA sig): Leaking a random 27% of bits of RSA key lets you factor! [HS09] • Attack 2 (RSA sig): Introduce single faulty bit during signing. Use resulting sig to factor the RSA modulus. [BDL97] • Attack 3 (any sig): Eve tampers userID = “Eve” to userID = “Eva” by flipping a few bits. Impersonates Eva.
Lessons from Example • Tampering attacks can be just as devastating as leakage attacks. • Cannot only focus on tamper-resilience for cryptographic primitives.
Algorithmic Protection Want: A general compiler that takes a circuit G with state s and creates a circuit G’ with state s’ such that: • (G, s) acts the same as (G’, s’) • Tampering with (G’, s’) via some well-defined family F of attacks is useless.
Algorithmic Protection Tampering of memory and computation Tampering of memory GLMMR04 This talk IPSW06 Circuit Circuit input input output output Memory Memory
Algorithmic Protection • Q: Why study tampering of (only) memory? • Simpler. Need to understand it first. • Leads to a very natural coding-theory question of independent interest. • Might be reasonable in practice.
Code-based Solution Compiled Functionality (G’, c) Original Functionality (G, s) Decode s= Dec(c). Evaluate G(s). G’= CircuitG’ Circuit G c = Enc(s) s
Talk Outline • Definition of non-malleable codes. • General (im)possibility results for nm-codes. • Efficient non-malleable codes. • Bit-wise independent tampering. • Results in the RO model. • Application to tamper-resilient security: • Formal model of tamper-resilience. • Application of non-malleable codes. • Comparison to prior work.
Coding Schemes decoded message • Encoding can be randomized: c = Enc(s;r). • Correctness: Dec(Enc(s)) = s with probability 1. source message codeword s c s Enc Dec randomized encoding decoding
The “Tampering Experiment” decoded message • Tampering function f 2 F chosen adversarially. • Independent of randomness of encoding. source message s c s* =f(c) c* tamper Enc Dec f F={ } , , f1 f2 f3
The “Tampering Experiment” Goal: For “interesting” familiesF, design coding scheme (Enc, Dec) which provides “meaningful guarantees” about the outcome s*. s c s* c* tamper F Enc Dec
Error-Correction • Error-Correction: require that s*= s • Error-Correcting Codes for Hamming Distance: The family F = {fs.t. 8xdist(x, f(x)) < d } • No randomness in Enc. • Limitations: Cannot be achieved for even small/simple families F. (e.g. even the single function f that maps all values to 0). s c s* c* tamper F Enc Dec
Error-Detection s c s* c* tamper F Enc Dec • Error-Detection: require that s*2{s, ?}(with overwhelming probability). • Problem: Might learn something about s if s* = ?. • Limitation: Cannot be achieved for some even small/simple families F.(e.g. family all “constant” functions fc(x) = c).
New notion: Non-Malleability • Non-Malleability: either s*= s ors* is “unrelated” to s. • Analogous to non-malleability in cryptography [DDN91]. • Harder to define formally (stay tuned). • Examples of “malleability”: • The value s* is same as s, except with 3rd bit flipped. • If s begins with 0, then s* = s. Otherwise s* = ?. • Hope: non-malleability achievable for many rich families F. s c s* c* tamper F Enc Dec
Defining Non-Malleability (Attempt 1) • Tampering via f 2 F does not reveal information. Can answer following without knowing s: • Does your tampering change the codeword c? • If so, what is new message s* =Dec(c*). Definition: A code (Enc, Dec) is non-malleable w.r.t. a family F if 8f 2 F8s0, s1: cà Enc(s0) c*à f(c) If c* = csay “same” else say Dec (c*) cà Enc(s1) c*à f(c) If c* = csay “same” else say Dec (c*) ¼ Problem: Unnecessarily strong! Not satisfied by error-correcting codes.
Defining Non-Malleability • Tampering via f 2 F does not reveal information. Can “simulate” the answer to following questions: • Did the message s stay the same? • If no, what is the new message s*? Definition: A code (Enc, Dec) is non-malleable w.r.t. a family F if 8f 2 F9simulator Df such that 8 s: s*Ã Dec (f(Enc(s)) ) s*ÃDf if s* = “same” output s else output s*. ¼
Talk Outline • Definition of non-malleable codes. • General (im)possibility results for nm-codes. • Efficient non-malleable codes. • Bit-wise independent tampering. • Results in the RO model. • Application to tamper-resilient security: • Formal model of tamper-resilience. • Application of non-malleable codes. • Comparison to prior work.
General Impossibility Non-Malleability • For every coding scheme (Enc, Dec) there exists a single function f, for which the scheme is malleable. • f(c) = Enc(Dec(c) + 1). • Bad f depends heavily on (Enc, Dec). • Corollaries: • No coding scheme (Enc, Dec) (with n bit codewords), is non-malleable w.r.t. Fall = { all f : {0,1}n! {0,1}n }. • No efficient coding scheme is non-malleable w.r.t. all efficient functions.
General Possibility of Non-Malleability Theorem: For every “small enough” family F, there exists a nm-code w.r.tF. “small enough” F: log(log(|F|)) < n. Note: log(log(|Fall|)) = n + log(n). Proved using the probabilistic method. Not efficient…
General Possibility of Non-Malleability • Use “random code” with k-bit messages and n-bit codewords. • Choose the function Dec : {0,1}n! {0,1}kuniformly at random. • Define Enc(s) to sample uniform {c s.t. Dec(c) = s}. • For any fixed family F, a “random code” is non-malleable w.r.t. F with overwhelming probability if: n > log(log (|F|)) + 3k • Notice: rate is 1/3, even for small F. Optimality? • Question: What can we do efficiently?
Talk Outline • Definition of non-malleable codes. • General (im)possibility results for nm-codes. • Efficient non-malleable codes. • Bit-wise independent tampering. • Results in the RO model. • Application to tamper-resilient security: • Formal model of tamper-resilience. • Application of non-malleable codes. • Comparison to prior work.
Bit-wise independent tampering • Every bit of the codeword can be tampered arbitrarily, but independently of the value of other bits. • Tampering functions f = (f1,…,fn) and f(c) = f1(c1),…,fn(cn). • fi : {0,1} ! {0,1} can be arbitrary. • Four options for each fi: “keep”, “flip”, “set to 0”, “set to 1”. • Bit-wise independent tampering contains: • All constant functions: fc(x) = c (only “set to 0/1”). • All “constant error” functions : f¢(x) = x + ¢ (only “keep/flip”).
Tool 1: AMD Codes • Algebraic Manipulation Detection codes:[CDFPW08] A coding scheme (AE, AD) is AMD code if for any s, ¢ 0 Pr[AD( AE(s) + ¢) ?] = negligible. • Achieves error-detection for “keep”/“flip” . • Does not protect against “set to 0”/“set to 1”. Definition:
Tool 2: Secret Sharing • LECSS:Linear Error-Correcting Secret Sharing (SSE, SSD). • Linearity:SSE(s1 + s2) = SSE(s1) + SSE(s2) • t-Privacy: Any t bits of SSE(s) are mutually random. • d-Distance: Any c 0s.t. weightH(c) < d, SSD(c) = ?. Definition:
Bit-wise independent tampering:Construction Theorem: • Given: • AMD code (AE, AD). • LECSS (SSE, SSD) with d/n > ¼ and t = !(log(n)). • The code: • Enc(s) = SSE( AE(s) ) , Dec(c) = AD( SSD(c) ) • is non-malleable for bit-wise independent tampering.
Bit-wise independent tampering: Proof • 4 cases based on q= # of fi that are “set to 0”/”set to 1” s c* = f(c) c f Set to 0 c1 0 AMD Code LECSS Set to 1 c2 1 keep c3 c3 +0 Set to 0 c4 0 flip c5 c5+ 1 flip c6 c6+ 1
Bit-wise independent tampering: Proof • Case 1: n - t ·q : Just samples Dec(c*). • OK since c* is completely unrelated to s (t-privacy). s c c* = f(c) Uniformly random! Keep/flip AMD Code LECSS Set to 0/1
Bit-wise independent tampering: Proof • Case 2: n/2 ·q< n - t: Just outputs ?. • Unlikely that DSS(c*) ?. (distance/privacy). s c c* = f(c) Keep/flip • few valid codewords. AMD Code LECSS • t-wise independent. Set to 0/1
Bit-wise independent tampering: Proof • Case 3: t ·q< n/2: Justoutputs ?. • Consider ¢ = c* - c. Same argument as previous case (linearity). s c ¢ = c* - c Keep/flip AMD Code LECSS • few valid codewords. • t-wise independent. Set to 0/1
Bit-wise independent tampering: Proof • Case 4: q· t: Samples DSS(¢). If 0 output “same” else ?. • ¢ is independent of AMD randomness. • If ¢ 0 AMD code rejects. s s’ c ¢ = c* - c Keep/flip AMD Code LECSS Set to 0/1 • Uniformly random!
Bit-wise independent tampering:Instantiation • Recall, instantiation needs: • LECSS (SSE, SSD) with distance d/n > ¼ and t = !(log(n)). • AMD code (AE, AD) • AMD codes with extremely high rate [CDFPW08]. • LECSS schemes? • Ramp version of Shamir secret sharing does not get d/n > ¼. • Use random linear code. (d = distance, t = dual distance). • Not explicit, but efficient: we never need to correct errors! • Parameters: Rate of final instantiation of (Enc, Dec) is k/n ¼ (1-H(.25)) ¼ .19 • Optimality?
Non-malleable Codes in the Random Oracle Model • Can we instantiate a random code efficiently? • Use a cryptographic hash function modeled as a Random Oracle. • Cheat: gives us an “efficient” way to compute a random function. • Also give this power to the adversary, tampering functions f. • Each bit of f(c) depends on some subset (e.g. 90%) of the bits of c. Theorem: In the RO model, get efficient nm-codes for any “small family”F, which is “closed under oracle access”. (Access to an oracle does not change the family)
Talk Outline • Definition of non-malleable codes. • General (im)possibility results for nm-codes. • Efficient non-malleable codes. • Bit-wise independent tampering. • Results in the RO model. • Application to tamper-resilient security: • Formal model of tamper-resilience. • Application of non-malleable codes. • Comparison to prior work.
Tamper-Resilient Security Compiled Functionality (G’, c) Original Functionality (G, s) Decode s= Dec(c). Evaluate G(s). G’= CircuitG’ Circuit G c = Enc(s) s
Tamper-Resilient Security Compiled Functionality (G’, c) Original Functionality (G, s) adv CircuitG’ Circuit G c = Enc(s) Tamper: f 2 F s
Tamper-Resilient Security Compiled Functionality (G’, c) Original Functionality (G, s) adv CircuitG’ Circuit G c* Tamper: f 2 F s
Tamper-Resilient Security Compiled Functionality (G’, c) Original Functionality (G, s) Simulator adv ¼ CircuitG’ Circuit G Input x Output y Input x Output y c* Tamper: f 2 F s State is re-encoded (reactive)
Tamper-Resilient Security Theorem: If (Enc, Dec) is non-malleablew.r.t. F then our compiler is tamper-resilientw.r.t. F
Comparison to Prior Work • Same assumption: tampers memory, but not computation. • Main solution: use signatures. • Sign the state. • Verify signature on each invocation. If fail, stop working. • Does not satisfy our definition of tamper-resilient security. • e.g. Set the first bit of state to 0. See if device stops working. • Works for signature/encryption scheme (limitations). • Device cannot update its state (requires secret key). • Allows all efficient tampering strategies! Algorithmic Tamper-Proof Security[GLMMR04]
Comparison to Prior Work • Stronger model: adversary can tamper with the wire-values during a computation of a circuit. • Same strong definition of security using a simulator. • Limited to tampering functions which only modify some small subset of the wires (or set wires to 0). Private Circuits (II) [IPSW06]
Conclusions • Define non-malleable codes. • Construct non-malleable codes for: • All “small” families of tampering function (inefficient). • Bit-wise independent tampering (efficient). • Complex families closed under oracle access. (efficient in RO model). • Connect non-malleable codes to tamper-resilient security. • Open Questions: • More efficient constructions of non-malleable codes for other families. • Optimal rates? • Results in the stronger model of [ISPW06].