1 / 22

Cryptography on Non-Trusted Machines

Cryptography on Non-Trusted Machines. Stefan Dziembowski. Outline. Introduction State-of-the-art Research plan. Idea. Design cryptographic protocols that are secure even on the machines that are not fully trusted. How to construct secure digital systems?. MACHINE

cyma
Télécharger la présentation

Cryptography on Non-Trusted Machines

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cryptography on Non-Trusted Machines StefanDziembowski

  2. Outline • Introduction • State-of-the-art • Research plan

  3. Idea Design cryptographic protocols that are secure even on the machines that are not fully trusted.

  4. How to construct secure digital systems? MACHINE (PC, smartcard, etc.) very secure Security based on well-defined mathematical problems. implementation CRYPTO not secure!

  5. The problem MACHINE (PC, smartcard, etc.) easy to attack implementation hard to attack CRYPTO

  6. Machines cannot be trusted! 1. Informationleakage MACHINE (PC, smartcard, etc.) 2. Maliciousmodifications

  7. Relevant scenarios MACHINES . . . PCs specialized hardware • malicious software: • viruses, • trojan horses. • side-channel attacks: • power consumption, • electromagnetic leaks, • timing information.

  8. The standard view anti-virus software, intrusion detection, tamper resistance,… MACHINE (PC, smartcard, etc.) practitioners Implementation is not our business! definitions, theorems, security reductions,.. CRYPTO theoreticians

  9. Our model (standard) black-box access cryptographicscheme additional accessto the internal data

  10. State-of-the-art

  11. Bounded-Retrieval Model Idea: protect against the theft of secret data by making the secretsartificially large MACHINE (PC) any “bounded-output”function large cryptographic secret (e.g. a key) S virus sends S to the adversary ? h(S) S virus

  12. a1,…,at Sa1,…,Sat Example of a protocol in the Bounded-Retrieval Model • Entity authentication [Dziembowski, TCC 2006]: BANK USER’S MACHINE keyS = (S1,...,Sn) keyS = (S1,...,Sn) verifies • Other results: • Session-key agreement [Dziembowski, TCC 2006], • Secure storage [Dziembowski, CRYPTO 2006], • Secret sharing [Dziembowski and Pietrzak, FOCS 2007].

  13. Private circuits – the model: MACHINE or and neg and or and neg or and neg or and neg the adversary can learn the values on up to t wires and or and

  14. transformation Private circuits – the construction: [Ishai, Sahai and Wagner, CRYPTO 2003] circuit C’ circuit C the adversary gains no advantage even if he readsup to t wires

  15. Research Plan

  16. The general goal Contribute to creating a new discipline: “Cryptography on Non-Trusted Machines” with • solid foundations, and • practical impact.

  17. Objectives • Extensions of the models • New applications and methods • Improvement of the previous results • Theoretical foundations

  18. h(S) Objective 1: Extend (and unify) the existing models example: • “Private circuits”: • strong results • weaker model anything in between? • Bounded-Retrieval • Model: • weaker results • strong model

  19. Objective 2: New methods example: human-based methods: can corrupt cannot corrupt

  20. Human-based methods – an example non-trusted PC user (no trusted hardware) bank keyboard, screen internet virus Known method of user authentication: one-time passwords drawback: authenticates the user not the transaction! Can we also authenticate the transaction?

  21. Objective 4: Theoretical foundations • Cryptography has well-known connections to the complexity theory. • “Cryptography on Non-Trusted Machines” provides new connections of these type. Bounded-Retrieval Model has non-trivial connections to: • the theory of compressibility of NP-instances[Dziembowski, CRYPTO 2006], and • the theory of round complexity[Dziembowski and Pietrzak, FOCS 2007]. Can these be extended?

  22. Conclusion “Cryptography on Non-Trusted Machines” - a new area with a big potential. • Dziembowski and Pietrzak Intrusion-Resilient Secret Sharing.FOCS 2007 • DziembowskiOn Forward-Secure Storage.CRYPTO 2006 • DziembowskiIntrusion-Resilience Via the Bounded-StorageModel.TCC 2006

More Related