patchable indistinguishability obfuscation io for
play

Patchable (Indistinguishability) Obfuscation: iO for evolving - PowerPoint PPT Presentation

Jan 23, 2024 •250 likes •1.03k views

Patchable (Indistinguishability) Obfuscation: iO for evolving software Prabhanjan Abhishek Amit Ananth Jain Sahai Software Evolution 1990 Software Evolution 1990 1995 Software Evolution 1997 1990 1995 Software Evolution 1997 1990

  1. Patchable (Indistinguishability) Obfuscation: iO for evolving software Prabhanjan Abhishek Amit Ananth Jain Sahai

  2. Software Evolution 1990

  3. Software Evolution 1990 1995

  4. Software Evolution 1997 1990 1995

  5. Software Evolution 1997 1990 1995 2000

  6. Software Evolution 1997 1990 1995 2003 2000

  7. Software Evolution 1997 1990 1995 2003 2000 2007

  8. Software Evolution 1997 1990 2010 1995 2003 2000 2007

  9. Software Evolution 1997 1990 2010 1995 2003 2000 2013 2007

  10. Software Evolution 1997 1990 2010 2016 1995 2003 2000 2013 2007

  11. Why does software evolve? 1. Changes in hardware requirements 2. Changes in functionality requirements 3. Resolve compatibility issues 4. Performance of the system has to be upgraded 5. Fixing bugs …

  12. How to model Software Evolution?

  13. M Patch P Update M’

  14. Goal: To protect evolving software Ensure software privacy from the user yet allowing for software updates

  15. This Work: iO for Evolving Software

  16. This Work: Patchable iO

  17. Why doesn't (static) iO suffice? iO( M ) M M

  18. Why doesn't (static) iO suffice? iO( M ) M M P Update M’

  19. Why doesn't (static) iO suffice? iO( M ) M M P Update iO( M’ ) M’ M’

  20. Communication Complexity? iO( M M P Update |iO( M’ )| ~ | M’ | M M

  21. Patchable iO Communication complexity P ~

  22. Patchable iO iO( M ) M M P P GenPatch

  23. Patchable iO iO( M ) M M P P ApplyPatch GenPatch M’

  24. Syntax: Patchable iO • Setup (1 k ) = sk • Obfuscate ( sk , M ) = M • GenPatch ( sk , P ) = P • ApplyPatch M M’ = P ,

  25. Syntax: Patchable iO • Setup (1 k ) = sk • Obfuscate ( sk , M ) = M Efficiency: • GenPatch ( sk , P ) = P | | ~ | P | P • ApplyPatch M M’ = P ,

  26. Definitional Issues

  27. 1. How to Apply Patches

  28. 1. How to Apply Patches Sequential Patching: P 1 P 2 M 0 M 1 M 2

  29. 2. How many Patches?

  30. 2. How many Patches? Want: Unbounded number of patches (chosen adaptively ) P 1 P 2 M 0 M 1 M 2

  31. 3. Patching Multiple Programs M M P M M M M

  32. 3. Patching Multiple Programs P P M M P M M P M M P P

  33. 3. Patching Multiple Programs M’ M’ M’ M’ M’ M’

  34. Multi-program Patchable iO M’ M’ M’ M’ M’ M’

  35. Summary of Requirements (so far) • Patch encoding size only depends on patch size • Patches can modify the program arbitrarily - modeled as Turing machine • Unbounded number of patches • Support for patching multiple programs

  36. Correctness and Security?

  37. Single-Program Patchable iO 1. Correctness for Sequential Patching • For every TM M 0 and patch sequence P 1 ,…,P L M 1 =Update( M 0, P 1 ) ≡ M 1 = ApplyPatch M 0 P 1 , M 1 P 2 M 2 =Update( M 1, P 2 ) M 2 = ApplyPatch ≡ , P L M L-1 M L M L =Update( M L-1, P L ) = ApplyPatch ≡ ,

  38. Single-Program Patchable iO 1. Correctness for Sequential Patching • For every TM M 0 and patch sequence P 1 ,…,P L M 1 =Update( M 0, P 1 ) ≡ M 1 = ApplyPatch M 0 P 1 , M 1 P 2 M 2 =Update( M 1, P 2 ) M 2 = ApplyPatch ≡ , P L M L-1 M L M L =Update( M L-1, P L ) = ApplyPatch ≡ , • Remark 1 : Patches must be applied sequentially “in order”

  39. Single-Program Patchable iO 1. Correctness for Sequential Patching • For every TM M 0 and patch sequence P 1 ,…,P L M 1 =Update( M 0, P 1 ) ≡ M 1 = ApplyPatch M 1 P 1 , M 1 P 2 M 2 =Update( M 1, P 2 ) M 2 = ApplyPatch ≡ , P L M L-1 M L M L =Update( M L-1, P L ) = ApplyPatch ≡ , • Remark 1 : Patches must be applied sequentially “in order” • Remark 2 : Each patch can only be used once

  40. Single-Program Patchable iO 2. Security for Adaptive Patches ( M 0 ) 0 , ( M 1 ) 0 ( M b ) 0 ( P 0 ) i , ( P 1 ) i (P b ) i Adversary Challenger ( M 0 ) j = Update( ( M 0 ) j-1 , ( P 0 ) j ) ( M 0 ) j ≡ ( M 1 ) j where ( M 1 ) j = Update( ( M 1 ) j-1 , ( P 1 ) j )

  41. Single-Program Patchable iO 2. Security for Adaptive Patches ( M 0 ) 0 , ( M 1 ) 0 ( M b ) 0 ( P 0 ) i , ( P 1 ) i Correctness and Security can be generalized to multiprogram setting in a similar manner (P b ) i Adversary Challenger ( M 0 ) j = Update( ( M 0 ) j-1 , ( P 0 ) j ) ( M 0 ) j ≡ ( M 1 ) j where ( M 1 ) j = Update( ( M 1 ) j-1 , ( P 1 ) j )

  42. Our Results Theorem. Assuming sub-exp. iO for circuits and sub- exp. DDH (or sub-exp. LWE), there exists multi-program patchable iO for TMs * . In paper, we also consider other types of patching processes * The input length to the TMs is fixed a priori

  43. Incremental/ Updatable Cryptography • Incremental signatures [BGG94,…] • Incremental encryption [BGG95,…] … Concurrent work : Incremental Obfuscation [Garg-Pandey’15]

  44. Theoretical Applications

  45. Functional Encryption for Turing Machines Functional Key of M Ciphertext of y M x= ⊥ Set x := y Let M x be an input-less machine that outputs M(x)

  46. Functional Encryption for Turing Machines Functional Key of M Ciphertext of y M x= ⊥ Set M x=y x := y Let M x be an input-less machine that outputs M(x)

  47. Functional Encryption for Turing Machines Functional Key of M Ciphertext of y M x= ⊥ Set x := y ADVANTAGE: Simple construction! previous construction by A-Sahai’16 from iO is more involved

  48. Other Applications of Patchable iO • Multi-Input Functional Encryption for TMs • iO for TMs with unbounded input length - requires reusable patching mechanism

  49. Technical Overview

  50. Template of Single-Program Patchable iO

  51. Template of Single-Program Patchable iO Patchable Obfuscation of M Obf ( 1. Decode ) + Encode( M ) 2. Evaluate M on x Input = ( Encode(M), x ) Use an encoding scheme to encode M

  52. Template of Single-Program Patchable iO Patchable Obfuscation of M Obf ( 1. Decode ) + Encode( M ) 2. Evaluate M on x Input = ( Encode(M), x ) Evaluation On input x, • Evaluate obfuscated ckt on (Encode(M),x) to get M(x)

  53. Template of Single-Program Patchable iO Patchable Obfuscation of M Obf ( 1. Decode ) + Encode( M ) 2. Evaluate M on x What properties should the encoding scheme satisfy? 1. Correctness 2. Hiding 3. Patching

  54. Properties of Encoding Scheme 1. Correctness: Decoding ‘Encode( M )’ should yield M 2. Hiding: Encode( M 0 ) ≈ c Encode( M 1 ) 3. Patching: For patch P: Encode( M ) + Encode( P ) := Encode( M’ )

  55. Properties of Encoding Scheme We call such a scheme, patchable encoding scheme

  56. Properties of Encoding Scheme e : a t d i d n a C c i h p r o m o m o h y l l u F ! n o i t p y r c n e We call such a scheme, patchable encoding scheme

  57. Template of Single-Program Patchable iO Patchable Obfuscation of M Obf ( 1. Decode ) + Encode( M ) 2. Evaluate M on x Issue: Adversary can apply encoded patches of his choice

  58. Template of Single-Program Patchable iO Patchable Obfuscation of M Obf ( 1. Decode ) + Encode( M ) 2. Evaluate M on x Issue: Adversary can apply encoded patches of his choice Fix: Sign the patches!

  59. M P Encode( M ) + Obf ( ) Encode( P ) , sgn Ptch 1. Verify 2. Decode +Upd. 3. Evaluate M on x Input = ( Encode(M), Encode(P), sgn Ptch , x )

  60. M P Encode( M ) + Obf ( ) Encode( P ) , sgn Ptch 1. Verify 2. Decode +Upd. 3. Evaluate M on x Issue: Adversary can apply patches out of order Apply P 50 , P 4 , P 10 , …

  61. M P Encode( M ) + Obf ( ) Encode( P ) , sgn Ptch 1. Verify 2. Decode +Upd. 3. Evaluate M on x Issue: Adversary can apply patches out of order Fix: Authenticate the patched machine!

  62. M P Encode( M ) + Obf ( ) Encode( P ) , sgn M/c 1. Verify 2. Decode +Upd. sgn M/c 3. Evaluate M on x signature on Encode(M’) sgn M/c ensures that Encode(P) is only applied to Encode(M)

  63. Encode( M ) + 1. Verify STATE:= Encode(M), SK ( 3. Evaluate M on x ) 2. Decode + Update

  64. Encode( M ) + 1. Verify STATE:= Encode(M), SK ( 3. Evaluate M on x ) 2. Decode + Update P Encode( P ) Update Encode( M’ ) Encode( P ) Sign Encode( M’ ) to get sgn M/c + sgn M/c

  65. STATE:= Encode(M), SK Issue: Authority needs to maintain large state! Not scalable to multiple programs

  66. STATE:= Encode(M), SK Issue: Authority needs to maintain large state! Solution: Reverse delegation

  67. STATE:= Encode(M), SK Issue: Authority needs to maintain large state! Solution: Reverse delegation (delegate to client)

  68. Implementation Issues 1. The state should be hidden from the user - state contains secret information 2. How does Apple generate secure patches? - It no longer has access to the state

  69. Implementation Issues 1. The state should be hidden from the user - state contains secret information 2. How does Apple generate secure patches? - It no longer has access to the state TOOL: Adaptive garbled TMs for persistent memory [Canetti-Chen-Holmgren-Raykova’16, A-Chen-Chung-Lin-Lin’16]

Recommend

Limits on the Power of Indistinguishability Obfuscation Gilad Asharov Gil Segev Limits on the

Limits on the Power of Indistinguishability Obfuscation Gilad Asharov Gil Segev Limits on the

Limits on the Power of Indistinguishability Obfuscation Gilad Asharov Gil Segev Limits on the Power of iO Limits on the Power of Indistinguishability Obfuscation (and Functional Encryption) FOCS 2015 On Constructing One-Way

841 views • 47 slides
Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation

Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation

Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation Dan Boneh Mark Zhandry Stanford University {dabo, zhandry}@cs.stanford.edu Abstract In this work, we show how to use indistinguishability

780 views • 49 slides
INDISTINGUISHABILITY OBFUSCATION Mark Zhandry Stanford University * Joint work with Dan Boneh

INDISTINGUISHABILITY OBFUSCATION Mark Zhandry Stanford University * Joint work with Dan Boneh

INDISTINGUISHABILITY OBFUSCATION Mark Zhandry Stanford University * Joint work with Dan Boneh Program Obfuscation Intuition: Mangle a program Same functionality as original Hides all implementation details Potential uses: IP

295 views • 28 slides
Limits on the Power of Indistinguishability Obfuscation and Functional Encryption Gilad Asharov

Limits on the Power of Indistinguishability Obfuscation and Functional Encryption Gilad Asharov

Limits on the Power of Indistinguishability Obfuscation and Functional Encryption Gilad Asharov Gil Segev Hebrew University This Talk A framework for proving impossibility results for commonly-used non-black-box techniques Limits on

596 views • 22 slides
Projective Arithmetic Functional Encryption and Indistinguishability Obfuscation (iO) from

Projective Arithmetic Functional Encryption and Indistinguishability Obfuscation (iO) from

Projective Arithmetic Functional Encryption and Indistinguishability Obfuscation (iO) from Degree-5 Multilinear maps Prabhanjan Ananth Amit Sahai Constructions of iO All current constructions of iO are based on multilinear maps [GGHRSW13,

649 views • 39 slides
Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Dan Boneh, Yuval Ishai,

Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Dan Boneh, Yuval Ishai,

Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Dan Boneh, Yuval Ishai, Amit Sahai, and David J. Wu Program Obfuscation [BGIRSVY01, GGHRSW13] Indistinguishability obfuscation ( ) has emerged as a central hub

648 views • 36 slides
On The Complexity of Compressing Obfuscation Gilad Asharov, Naomi Ephraim, Ilan Komargodski, and

On The Complexity of Compressing Obfuscation Gilad Asharov, Naomi Ephraim, Ilan Komargodski, and

On The Complexity of Compressing Obfuscation Gilad Asharov, Naomi Ephraim, Ilan Komargodski, and Rafael Pass Cornell University and Cornell Tech CRYPTO 2018 Indistinguishability Obfuscation (iO) An obfuscator is a compiler which preserves

1.01k views • 86 slides
Post Silicon Patchable Hardware Post-Silicon Patchable Hardware Masahiro F jita Masahiro Fujita

Post Silicon Patchable Hardware Post-Silicon Patchable Hardware Masahiro F jita Masahiro Fujita

Post Silicon Patchable Hardware Post-Silicon Patchable Hardware Masahiro F jita Masahiro Fujita VLSI Design and Education Center (VDEC) VLSI Design and Education Center (VDEC) The University of Tokyo July 22 nd , 2011 Respin Statistics (North

677 views • 46 slides
Obfuscation Lecture 26 Different Flavours VBB Obfuscation Note: Considers only corrupt

Obfuscation Lecture 26 Different Flavours VBB Obfuscation Note: Considers only corrupt

Obfuscation Lecture 26 Different Flavours VBB Obfuscation Note: Considers only corrupt receiver x 1 Virtual f O(f) F B f(x 1) Black-Box x 2 (VBB) f(x 2) Obfuscation : A Secure (and f Family f Family b b single

466 views • 18 slides
) UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Optimization and Obfuscation

) UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Optimization and Obfuscation

) UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Optimization and Obfuscation Techniques)%00 Techniques)%00 Roberto Salgado Co-founder of Websec Provide information security solutions Pen-testing, training

1.11k views • 93 slides
HOST Circuit Obfuscation I ECE 525 Hardware Obfuscation (Drawn from "Hardware Protection

HOST Circuit Obfuscation I ECE 525 Hardware Obfuscation (Drawn from "Hardware Protection

HOST Circuit Obfuscation I ECE 525 Hardware Obfuscation (Drawn from "Hardware Protection thr Obfuscation) Circuit modification techniques designed to conceal or lock the functionality and/or circuit structure The modifications are designed

157 views • 11 slides
Obfuscation: know your enemy Ninon EYROLLES neyrolles@quarkslab.com Serge GUELTON

Obfuscation: know your enemy Ninon EYROLLES neyrolles@quarkslab.com Serge GUELTON

Obfuscation: know your enemy Ninon EYROLLES neyrolles@quarkslab.com Serge GUELTON sguelton@quarkslab.com Introduction Control flow obfuscation Data flow obfuscation Python obfuscation Prelude Introduction Control flow obfuscation Data

1.23k views • 76 slides
OBFUSCURO : : A Commodity Obfuscation Engine for Intel SGX Adil Ahmad *, Byunggill Joe*, Yuan

OBFUSCURO : : A Commodity Obfuscation Engine for Intel SGX Adil Ahmad *, Byunggill Joe*, Yuan

OBFUSCURO : : A Commodity Obfuscation Engine for Intel SGX Adil Ahmad *, Byunggill Joe*, Yuan Xiao Yinqian Zhang, Insik Shin, Byoungyoung Lee (* denotes equal contribution) Program Obfuscation Program Obfuscation Trusted Untrusted (except

1.34k views • 116 slides
Obfuscation from LWE? proofs, attacks, candidates Hoeteck Wee CNRS & ENS . . . . . .

Obfuscation from LWE? proofs, attacks, candidates Hoeteck Wee CNRS & ENS . . . . . .

Obfuscation from LWE? proofs, attacks, candidates Hoeteck Wee CNRS & ENS . . . . . . . . C x C x C x C C c obfuscation [ BGIRSVY01, H00, GR07, GGHRSW13 ] . . . . . . . . C x C x C x C C c obfuscation [

1.03k views • 92 slides
Authorship Obfuscation Using Heuristic Search Masters Thesis Defence by Janek Bevendorff on 20

Authorship Obfuscation Using Heuristic Search Masters Thesis Defence by Janek Bevendorff on 20

Authorship Obfuscation Using Heuristic Search Masters Thesis Defence by Janek Bevendorff on 20 June 2018 Supervisors: Prof. Dr. Benno Stein, PD Dr. Andreas Jakoby Unmasking for short texts Obfuscation against unmasking Obfuscation

1.38k views • 95 slides
Engineering Code Obfuscation ISSISP 2017 - Obfuscation I Christian Collberg Department of

Engineering Code Obfuscation ISSISP 2017 - Obfuscation I Christian Collberg Department of

Engineering Code Obfuscation ISSISP 2017 - Obfuscation I Christian Collberg Department of Computer Science University of Arizona http://collberg.cs.arizona.edu collberg@gmail.com Supported by NSF grants 1525820 and 1318955 and by the

924 views • 69 slides
Decidability of a Sound Set of Inference Rules for Computational Indistinguishability Adrien

Decidability of a Sound Set of Inference Rules for Computational Indistinguishability Adrien

Decidability of a Sound Set of Inference Rules for Computational Indistinguishability Adrien Koutsos LSV, CNRS, ENS Paris-Saclay June 29, 2019 Adrien Koutsos (LSV, ENS PS) Indistinguishability June 29, 2019 1 / 34 Introduction Motivation

1.06k views • 76 slides
Relaxing IND-CCA: Indistinguishability Against Chosen Ciphertext Verification Attack Sumit Kumar

Relaxing IND-CCA: Indistinguishability Against Chosen Ciphertext Verification Attack Sumit Kumar

Relaxing IND-CCA: Indistinguishability Against Chosen Ciphertext Verification Attack Sumit Kumar Pandey Indian Statistical Institute Kolkata January 14, 2012 Sumit Kumar Pandey Relaxing IND-CCA: Indistinguishability Against Chosen Outline 1

624 views • 37 slides
Characterizing the Strength of Software Obfuscation Against Automated Attacks Sebastian Banescu,

Characterizing the Strength of Software Obfuscation Against Automated Attacks Sebastian Banescu,

Fakultt fr Informatik T echnische Universitt Mnchen Dagstuhl Seminar 17281 Characterizing the Strength of Software Obfuscation Against Automated Attacks Sebastian Banescu, BMW Group Outline 1 Introduction 2 Obfuscation in Theory 3

815 views • 69 slides
What You Are Looking for? Simon Oya, Carmela Troncoso, Fernando Prez-Gonzlez 1 Motivation.

What You Are Looking for? Simon Oya, Carmela Troncoso, Fernando Prez-Gonzlez 1 Motivation.

Is Geo-Indistinguishability What You Are Looking for? Simon Oya, Carmela Troncoso, Fernando Prez-Gonzlez 1 Motivation. Obfuscation-Based Location Privacy. Location information is sensitive. I want to use location services Solution:

216 views • 10 slides
CRYPTOSYSTEMS IN A QUANTUM WORLD Mark Zhandry Stanford University * Joint work with Dan Boneh

CRYPTOSYSTEMS IN A QUANTUM WORLD Mark Zhandry Stanford University * Joint work with Dan Boneh

CLASSICAL CRYPTOSYSTEMS IN A QUANTUM WORLD Mark Zhandry Stanford University * Joint work with Dan Boneh But First: My Current Work Indistinguishability Obfuscation (and variants) Multiparty NIKE without trusted setup and with small

1.05k views • 65 slides
Simplifying Game-Based Definitions Indistinguishability up to correctness and its application to

Simplifying Game-Based Definitions Indistinguishability up to correctness and its application to

Simplifying Game-Based Definitions Indistinguishability up to correctness and its application to stateful AE Phillip Rogaway Yusi (James) Zhang University of California, Davis, USA C RYPTO 2018 1. Introduction 2. IND|C 3. Examples 1

523 views • 20 slides
HOP: Hardware makes Obfuscation Practical Kartik Nayak With Chris Fletcher, Ling Ren, Nishanth

HOP: Hardware makes Obfuscation Practical Kartik Nayak With Chris Fletcher, Ling Ren, Nishanth

HOP: Hardware makes Obfuscation Practical Kartik Nayak With Chris Fletcher, Ling Ren, Nishanth Chandran, Satya Lokam, Elaine Shi and Vipul Goyal 1 Compression 1 KB 1 MB Used by everyone, perhaps license it - VBB Obfuscation No one should

942 views • 34 slides
Deciding Indistinguishability: A Decision Result for a Set of Cryptographic Game Transformations

Deciding Indistinguishability: A Decision Result for a Set of Cryptographic Game Transformations

Deciding Indistinguishability: A Decision Result for a Set of Cryptographic Game Transformations Adrien Koutsos March 13, 2018 Adrien Koutsos Deciding Indistinguishability March 13, 2018 1 / 37 Introduction 1 The Model 2 Game

746 views • 73 slides

More recommend