a perfect memory key compromise in an efficiency centric
play

A Perfect Memory: Key Compromise in an Efficiency-centric World - PowerPoint PPT Presentation

Feb 10, 2023 •831 likes •1.04k views

A Perfect Memory: Key Compromise in an Efficiency-centric World Britta Hale NTNU, Norwegian University of Science and Technology A Perfect Memory.... Britta Hale | Crypto vs. Mass Surveillance Workshop Facebook Google Lule, Sweden Britta

  1. A Perfect Memory: Key Compromise in an Efficiency-centric World Britta Hale NTNU, Norwegian University of Science and Technology

  2. A Perfect Memory.... Britta Hale | Crypto vs. Mass Surveillance Workshop

  3. Facebook Google Luleå, Sweden Britta Hale | Crypto vs. Mass Surveillance Workshop

  4. Threat Landscape: Always present adversary Long-term adversary Learn Master K sk 1 sk 2 sk 3 sk 4 sk 5 Are past session keys secure? Britta Hale | Crypto vs. Mass Surveillance Workshop

  5. Perfect Forward Secrecy: Long-term key compromised Past session keys remain secure Learn Master K sk 1 sk 2 sk 3 sk 4 sk 5 *Günther, C. G. Eurocrypt ’89 Britta Hale | Crypto vs. Mass Surveillance Workshop

  6. forward secrecy in practice • TLS... ? • DHE-RSA / ECDHE-RSA / ... • TLS 1.2 vs. TLS 1.3 • TLS 1.3 0-RTT ... What? Britta Hale | Crypto vs. Mass Surveillance Workshop

  7. Client Server Client Hello Server Hello Certificate Server Hello Done Client Key Exchange Change Cipher Spec. Client Finished Change Cipher Spec. Server Finished Application Data Application Data Simplified TLS Handshake Protocol Britta Hale | Crypto vs. Mass Surveillance Workshop

  8. The story of low-latency / 0-RTT protocols... Data is sent encrypted immediately Britta Hale | Crypto vs. Mass Surveillance Workshop

  9. • QUIC by ... (Quick UDP Internet Connections) Britta Hale | Crypto vs. Mass Surveillance Workshop

  10. low-latency key exchange Server cnf [ m ] temp . sk Cache: Server cnf Client Server . . . [ m ] sk Britta Hale | Crypto vs. Mass Surveillance Workshop

  11. Client Server (previous communication) Sign K ( g s ) 0-RTT key exchange: g x temp . sk ← g xs temp . sk ← g xs [0-RTT data] temp . sk g y sk ← g xy sk ← g xy [further data] sk Britta Hale | Crypto vs. Mass Surveillance Workshop

  12. • QUIC • Presented in 2013 • Encrypted data can be sent in the first flow • To be replaced by TLS 1.3 • TLS 1.3 draft (version 18): 0-RTT variant • based on a pre-shared key • new forward secrecy concerns Britta Hale | Crypto vs. Mass Surveillance Workshop

  13. Client Server (previous communication) (previous communication) temp . sk temp . sk 0-RTT key exchange: “ temp . sk identity”, *Client key share [0-RTT data] temp . sk “ temp . sk identity”, *Server key share Derive sk Derive sk [further data] sk “This data is not forward secret, as it is encrypted solely under keys derived using the offered PSK.” – TLS 1.3 Draft Britta Hale | Crypto vs. Mass Surveillance Workshop

  14. 0-rtt folklore For 0-RTT, there is an “upper bound on the forward security of the connection” – QUIC Crypto Specification Forward secrecy “can’t be done in 0-RTT” – TLS 1.3 mailing list Britta Hale | Crypto vs. Mass Surveillance Workshop

  15. 0-RTT Key Exchange with Full Forward Secrecy Felix Günther 1 Britta Hale 2 Tibor Jager 3 Sebastian Lauer 3 1 TU Darmstadt 2 NTNU, Trondheim 3 Ruhr-University Bochum • Server has public/secret key pair ( PK, SK ) , where SK is updated • Puncturable FS Key Encapsulation Mechanism (PFS-KEM) • Built from a HIBKEM and One-Time Signatures Britta Hale | Crypto vs. Mass Surveillance Workshop

  16. final comments • Forward secrecy is a serious problem in a world with indefinitely stored data • 0-RTT encrypted data is a growing demand : traffic increase, IoT, ... • Current 0-RTT solutions do not address forward secrecy, or have simply changed the context • Forward secrecy is possible for 0-RTT data, despite all previous claims Britta Hale | Crypto vs. Mass Surveillance Workshop

  17. Questions Britta Hale | Crypto vs. Mass Surveillance Workshop

  18. Britta Hale | Crypto vs. Mass Surveillance Workshop

Recommend

1 Memory SoC Persistent Memory-Driven Memory Memory Processor-Centric Memory SoC SoC

1 Memory SoC Persistent Memory-Driven Memory Memory Processor-Centric Memory SoC SoC

1 Memory SoC Persistent Memory-Driven Memory Memory Processor-Centric Memory SoC SoC Computing Computing + Fabric SoC Memory HYPERCONVERGED Exascale EDGE DEVICE SYSTEM Eliminate data movement via shared

400 views • 11 slides
Learning From Data Lecture 17 Memory and Efficiency in Nearest Neighbor Memory Efficiency M.

Learning From Data Lecture 17 Memory and Efficiency in Nearest Neighbor Memory Efficiency M.

Learning From Data Lecture 17 Memory and Efficiency in Nearest Neighbor Memory Efficiency M. Magdon-Ismail CSCI 4100/6100 recap: Similarity and Nearest Neighbor Similarity 1. Simple. | x x | d ( x , x ) = | | 2. No training.

546 views • 25 slides
No Compromise Using Unified Memory for High Resolution Medical Image AI Joe Yeh, M.D., CEO

No Compromise Using Unified Memory for High Resolution Medical Image AI Joe Yeh, M.D., CEO

No Compromise Using Unified Memory for High Resolution Medical Image AI Joe Yeh, M.D., CEO Outline Dimension problem with medical image AI Ways to overcome dimension problems Using unified memory for CNN training

617 views • 42 slides
Mnemo: Boosting Memory Cost Efficiency in Hybrid Memory Systems Thaleia Dimitra Doudali Ada

Mnemo: Boosting Memory Cost Efficiency in Hybrid Memory Systems Thaleia Dimitra Doudali Ada

Mnemo: Boosting Memory Cost Efficiency in Hybrid Memory Systems Thaleia Dimitra Doudali Ada Gavrilovska Problem Space Cost of memory dominates in the cloud. 60% - 85% of the hourly VM cost! Big Data Analytics Volatile Memory (DRAM)

535 views • 18 slides
User centric Cost based Flight Efficiency and Equity indicators . Dr. Javier Lpez

User centric Cost based Flight Efficiency and Equity indicators . Dr. Javier Lpez

User centric Cost based Flight Efficiency and Equity indicators . Dr. Javier Lpez Leons (Boeing Research & Technology Europe) Marcos Sanz Bravo (CRIDA A.I.E.) Belgrade, 30 of November 2017 Authors JAVIER LOPEZ LEONES , MANUEL

591 views • 58 slides
Computational Logic Efficiency Issues in Prolog 1 Efficiency In general, efficiency

Computational Logic Efficiency Issues in Prolog 1 Efficiency In general, efficiency

Computational Logic Efficiency Issues in Prolog 1 Efficiency In general, efficiency savings: Not only time (number of unifications, reduction steps, LIPS, etc.) Also memory General advice: Use the best algorithms Use

196 views • 19 slides
The Java Memory Model Jaroslav Sev c k University of Edinburgh Supported by ITI

The Java Memory Model Jaroslav Sev c k University of Edinburgh Supported by ITI

The Java Memory Model Jaroslav Sev c k University of Edinburgh Supported by ITI Techmedia The Java Memory Model p. 1/30 Overview Part I : Motivation for weak memory models: Compromise between standard optimisations and

813 views • 46 slides
Twizzler: A Data-Centric OS for Persistent Memory Daniel Bittman Peter Alvaro Pankaj Mehra

Twizzler: A Data-Centric OS for Persistent Memory Daniel Bittman Peter Alvaro Pankaj Mehra

Twizzler: A Data-Centric OS for Persistent Memory Daniel Bittman Peter Alvaro Pankaj Mehra Darrell Long Ethan Miller Center for Research in Storage Systems University of California, Santa Cruz 1 Hardware Trends sys_read ~100-300 ns

196 views • 17 slides
Last Class: Memory Management Allocating memory to processes Limited physical memory,

Last Class: Memory Management Allocating memory to processes Limited physical memory,

Last Class: Memory Management Allocating memory to processes Limited physical memory, internal and external fragmentation Paging and segmentation Address translation, efficiency Hardware support (e.g., TLB) Page

513 views • 13 slides
Tripwire Inferring Internet Site Compromise Joe DeBlasio Stefan Savage UC San Diego Geoffrey

Tripwire Inferring Internet Site Compromise Joe DeBlasio Stefan Savage UC San Diego Geoffrey

Tripwire Inferring Internet Site Compromise Joe DeBlasio Stefan Savage UC San Diego Geoffrey M. Voelker Alex C. Snoeren On account compromise Compromise of email/social network/etc is devastating Personal/professional reputational, financial

798 views • 49 slides
Emerging memory technologies for improved energy efficiency Martin Wenzel Advanced Seminar

Emerging memory technologies for improved energy efficiency Martin Wenzel Advanced Seminar

Emerging memory technologies for improved energy efficiency Martin Wenzel Advanced Seminar WS2015 Memory Bandwidth Technology BW GB/s DDR3-1333 2GB 10,66 DDR4-2667 4GB 21,34 Hennessy, Patterson, Computer Architecture, A quantitative

445 views • 21 slides
IRS & FTB Offers in Compromise December 12, 2012 Thank you for attending this seminar. Your

IRS & FTB Offers in Compromise December 12, 2012 Thank you for attending this seminar. Your

IRS & FTB Offers in Compromise December 12, 2012 Thank you for attending this seminar. Your work on behalf of ALRP clients can reduce, or eliminate, the financial burdens that result from having tax problems. FEDERAL OFFERS IN COMPROMISE

403 views • 8 slides
Missouri Compromise, 1820 Firebell in the Night The Missouri Compromise, 1820 Divides the

Missouri Compromise, 1820 Firebell in the Night The Missouri Compromise, 1820 Divides the

Missouri Compromise, 1820 Firebell in the Night The Missouri Compromise, 1820 Divides the Louisiana Purchase into Free and Slave territory along 36 30 Admits Missouri as a Slave state and Maine as a Free state Keeps Equal Political Power

378 views • 24 slides
Value Types Objectives Discuss concept of value types efficiency memory management

Value Types Objectives Discuss concept of value types efficiency memory management

Value Types Objectives Discuss concept of value types efficiency memory management value semantics boxing unboxing simple types Introduce struct value type definition use advantages

615 views • 26 slides
The Worlds First LED Human Centric Fluorescent Tube by Human Centric Optics Inc. 333,

The Worlds First LED Human Centric Fluorescent Tube by Human Centric Optics Inc. 333,

The Worlds First LED Human Centric Fluorescent Tube by Human Centric Optics Inc. 333, 10654-82 Ave NW Edmonton, Alberta info@hcolab.com www.hcolab.com Human Centric LED Medical science discovers a third receptor in our eyes This

714 views • 13 slides
Cougar Helicopters Presentation Offshore Helicopter Safety Inquiry 1 No Compromise No

Cougar Helicopters Presentation Offshore Helicopter Safety Inquiry 1 No Compromise No

EXHIBIT/P-00155 Cougar Helicopters Presentation Offshore Helicopter Safety Inquiry 1 No Compromise No operation or business opportunity, either new or ongoing, should ever compromise safety or unduly affect our accepted levels of risk

838 views • 83 slides
Content-peering Dynamics of Autonomous Caches in a Content-centric Network Valentino Pacifici,

Content-peering Dynamics of Autonomous Caches in a Content-centric Network Valentino Pacifici,

Introduction Model Perfect Information Imperfect Information Conclusions Content-peering Dynamics of Autonomous Caches in a Content-centric Network Valentino Pacifici, Gy orgy D an Laboratory for Communication Networks School of

531 views • 35 slides
COMPETITION, EQUILIBRIUM AND EFFICIENCY Overview Context: markets where firm entry is

COMPETITION, EQUILIBRIUM AND EFFICIENCY Overview Context: markets where firm entry is

COMPETITION, EQUILIBRIUM AND EFFICIENCY Overview Context: markets where firm entry is relatively easy Concepts: perfect competition, efficiency, comparative statics Economic principle: competition tends to eliminate above-average

621 views • 43 slides
Data Placement Optimization in GPU Memory Hierarchy Using Predictive Modeling Larisa Stoltzfus * ,

Data Placement Optimization in GPU Memory Hierarchy Using Predictive Modeling Larisa Stoltzfus * ,

Data Placement Optimization in GPU Memory Hierarchy Using Predictive Modeling Larisa Stoltzfus * , Murali Emani, Pei-Hung Lin, Chunhua Liao * University of Edinburgh (UK), Lawrence Livermore National Laboratory MCHPC'18: Workshop on Memory Centric

209 views • 19 slides
SSH Compromise Detection using NetFlow/IPFIX Rick Hofstede, Luuk Hendriks 51 percent of

SSH Compromise Detection using NetFlow/IPFIX Rick Hofstede, Luuk Hendriks 51 percent of

SSH Compromise Detection using NetFlow/IPFIX Rick Hofstede, Luuk Hendriks 51 percent of respondents admitted that their organizations have already been impacted by an SSH key-related compromise in the last 24 months. Ponemon 2014 SSH

916 views • 57 slides
Memory II. Memory improvement III. Problems with memory 3 systems/stages of Memory: memory

Memory II. Memory improvement III. Problems with memory 3 systems/stages of Memory: memory

Main Focus I. Memory as a process Memory II. Memory improvement III. Problems with memory 3 systems/stages of Memory: memory the process by which I. Sensory Memory information is - acquired, II. Short -Term Memory - stored,

169 views • 5 slides
We are not a perfect church We are not a perfect people We are here because we know we need

We are not a perfect church We are not a perfect people We are here because we know we need

We are not a perfect church We are not a perfect people We are here because we know we need Gods help and He has provided this help through Jesus Christ our Lord! CFF Exists to Know Christ and to Make Him Known! Prayer for all

322 views • 16 slides
PERFECT SURFACES WORLDWIDE A WELCOME FROM THE TECHNOLOGY LEADER in mass finishing Proverbial

PERFECT SURFACES WORLDWIDE A WELCOME FROM THE TECHNOLOGY LEADER in mass finishing Proverbial

PERFECT SURFACES WORLDWIDE A WELCOME FROM THE TECHNOLOGY LEADER in mass finishing Proverbial ingenuity, coupled with German efficiency and a love of perfection, are the best qualifications for developing successful ways of creating immaculate

736 views • 50 slides
PERFECT SURFACES WORLDWIDE A WELCOME FROM THE TECHNOLOGY LEADER in mass finishing Proverbial

PERFECT SURFACES WORLDWIDE A WELCOME FROM THE TECHNOLOGY LEADER in mass finishing Proverbial

PERFECT SURFACES WORLDWIDE A WELCOME FROM THE TECHNOLOGY LEADER in mass finishing Proverbial ingenuity, coupled with German efficiency and a love of perfection, are the best qualifications for developing successful ways of creating immaculate

898 views • 54 slides

More recommend