securing circuits
play

Securing Circuits Against Constant-Rate Tampering Dana - PowerPoint PPT Presentation

Mar 29, 2024 •346 likes •564 views

Securing Circuits Against Constant-Rate Tampering Dana Dachman-Soled Yael Tauman Kalai Microsoft Research Tamper-Resilient Circuits [Ishai-Prabhakaran-Sahai-Wagner06] wire tampering: Tamper with me toggle, set wire to 0/1 I will

  1. Securing Circuits Against Constant-Rate Tampering Dana Dachman-Soled Yael Tauman Kalai Microsoft Research

  2. Tamper-Resilient Circuits [Ishai-Prabhakaran-Sahai-Wagner06] wire tampering: Tamper with me toggle, set wire to 0/1 I will self destruct! [IPSW06]: 1/size tampering rate Our work: 1/const tampering rate

  3. Physical Attacks Cold-boot attack [Halderman-Schoen- Heninger-Clarkson- Calandrino-Feldman- Appelbaum – Felten08] Fault attacks [Boneh-DeMillo-Lipton97, Timing attacks Biham- Shamir98, …] [Kocher96,…] Power attacks [Kocher-Jaffe- Jun99,…] Radiation Attacks Acoustic attacks [Agrawal-Archambeault- [Shamir-Tromer] Rao-Rohatgi02]

  4. Leakage attacks Tampering attacks Cold-boot attack [Halderman-Schoen- Heninger-Clarkson- Calandrino-Feldman- Appelbaum – Felten08] Fault attacks [Boneh-DeMillo-Lipton97, Timing attacks Biham- Shamir98, …] [Kocher96,…] Power attacks [Kocher-Jaffe- Jun99,…] Radiation Attacks Acoustic attacks [Agrawal-Archambeault- [Shamir-Tromer] Rao-Rohatgi02]

  5. Leakage attacks Tampering attacks [Rivest1997, Boyko1999, Canetti-Dodis- [Bellare-Kohno2003, Gennaro-Lysyanskaya-Malkin- Halevi-Kushilevitz-Sahai2000, Ishai-Sahai- Micali-Rabin2004, Ishai-Prabhakaran-Sahai- Wagner2003, Micali-Reyzin2004, Ishai- Wagner2006, Applebaum-Harnik-Ishai2010, Prabhakaran-Sahai-Wagner2006, Dziembowski-Pietrzak-Wichs2010, Kalai-kanakhurthi- Dziembowski-Pietrzak2008, Pietrzak2009 , Sahai2011, , Choi-Kiayias-Malkin11, Kalai-Lewko- Akavia-Goldwasser-Vaikuntanathan2009, Rao2011, Liu-Lysyanskaya12] Dodis-K-Lovett2009, Naor-Segev2009, Katz- Vaikuntanathan2009, Alwen-Dodis- Wichs2009, Alwen-Dodis-Naor-Segev- Walfish-Wichs2009, Faust-Kiltz-Pietrzak- Rothblum2009, Faust-Rabin-Reyzin-Tromer- Vaikuntanathan2010, Dodis-Goldwasser-K- Peikert-Vaikuntanathan2010, Goldwasser-K- Peikert-Vaikuntanathan2010, Juma- Vahlis2010, Goldwasswer-Rothblum2010, Canetti-K-Mayank-Wichs2010, Dodis- Haralambiev-LopezAlt-Wichs2010, Brakerski-K-Katz-Vaikuntanathan2010, Boyle-Segev-Wichs2010, Dodis- Pietrzak2010, Braverman-Hassidim-K2010, Lewko-Waters2010, Lewko-Rouselakis- Waters2011, Lewko-Lewko-Waters2011, Jain-Pietrzak2011, Bitansky-Canetti-Halevi- Goldwasser-K-Rothblum2011, Bitansky- Canetti-Halevi2011, Garg-Jain-Sahai2011, Brakerski-K2011, Dodis-Lewko-Waters- Wichs2011,Boyle-Garg-Goldwasser-Jain- Sahai11…]

  6. Our Results Compiler 𝐷’ 𝐷 “tamper r esilient” Need to define: 1. Tampering model 2. Security guarantee

  7. Theoretical Result

  8. Tampering Model (tampering with individual wires) Inspired by [Ishai-Prabhakaran-Sahai-Wagner2006] input 𝑦 𝑗 𝐷 tampering function 𝑦 𝑗 Memory Secret 𝑡 Public input 𝑦 𝑗

  9. Tampering Model (tampering with individual wires) Inspired by [Ishai-Prabhakaran-Sahai-Wagner2006] input 𝑦 𝑗 tampering function 𝑦 𝑗 Impossible! Memory Secret 𝑡 Public input [IPSW06] 𝑦 𝑗

  10. Tampering Model (tampering with individual wires) Inspired by [Ishai-Prabhakaran-Sahai-Wagner2006] input 𝑦 𝑗 tampering function 𝑦 𝑗 Memory Secret 𝑡 𝑗 Public input 𝑦 𝑗

  11. Our Results Compiler 𝐷’ 𝐷 tamper resilient Need to define: 1. Tampering model 2. Security guarantee

  12. Security Guarantee there exists simulator 𝑇𝑗𝑛 s.t. For every 𝑇𝑗𝑛 𝐷 ≈ , 𝑀(𝑡) 𝑡 𝑗 𝑦 𝑗 When did self- Only log bits destruct occur of leakage

  13. Our Results Compiler 𝐷’ 𝐷 tamper resilient • Resilient to constant tampering rate. • Information theoretic

  14. Comparison with [IPSW06] [IPSW06] Our Work 1 Tampering rate < Tampering rate is const . 𝑙 Uses randomness gates or Information theoretic relies on computational no need for randomness assumptions No leakage log bits of leakage Non-persistent Persistent faults faults

  15. Other Related Work • Fault-tolerant computation [VonNeumann56, . . ., KLM94, GZ95, KRL12] • Tampering only with the memory gates. [Gennaro-Lysyanskaya-Malkin-Micali-Rabin2004, Applebaum- Harnik-Ishai2010, Dziembowski-Pietrzak-Wichs2010, Kalai- Kanakhurthi-Sahai2011 , Choi-Kiayias-Malkin11, Liu- Lysyanskaya12] • Tampering with the entire circuit: [IPSW06, Faust-Pietrzak-Venturi11] – [FPV11] logarithmic leakage. – [FPV11] tamper with wires, but random errors

  16. Overview of our Construction tamper- Starting point [IPSW06]: resilient Add tamper-detection component that erases memory if tampering is detected. Key : Tamper-detection component in 𝑂𝐷 0 . . . circuit of constant size Tool: PCP of Proximity [Ben-Sasson-Goldreich-Harsha-Sudan-Vadhan06]

  17. Overview of our Construction (Cont.) Tool: PCP of Proximity [Ben-Sasson-Goldreich-Harsha-Sudan-Vadhan06] 𝐷 PCPP for 𝐷(𝑦) = 𝑐 Compiler 𝐷 Memory Secret 𝑡 Public input 𝑦 Memory Secret 𝑡 Public input 𝑦

  18. 𝑐 Error Cascade Output ˄ 𝐻 𝑝𝑣𝑢 ˄ 𝐻 𝑑𝑏𝑡 PCPP Verification b PCPP Computation Circuit Computation X = ECC(x) Encoding Memory: S = ECC(s) of Input Input: x

  19. Summary Compiler 𝐷’ 𝐷 tamper resilient • Resilient to constant tampering rate. • Information theoretic • Extend to leakage + tampering (in the paper)

  20. Thank you!

Recommend

Securing Hardware Platforms Against Malicious Circuits Through Static Analysis Matthew Hicks -

Securing Hardware Platforms Against Malicious Circuits Through Static Analysis Matthew Hicks -

Securing Hardware Platforms Against Malicious Circuits Through Static Analysis Matthew Hicks - University of Illinois Samuel T. King - University of Illinois Milo M. K. Martin - University of Pennsylvania Jonathan M. Smith - University of

625 views • 27 slides
IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT is a system of systems, with A great deal of heterogeneity (sensing, computation, communication, energy) New types of devices appearing all

1.35k views • 65 slides
Building&amp;Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl

Building&amp;Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl

www.securing.pl Building&amp;Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl @_r3ggi wojciech.regula@securing.pl www.securing.pl www.securing.pl WHOAMI -Senior IT Security Consultant @ SecuRing -Focused on

998 views • 67 slides
Sequential Circuits Combinational circuits : current input output Sequential circuit :

Sequential Circuits Combinational circuits : current input output Sequential circuit :

14:332:231 DIGITAL LOGIC DESIGN Ivan Marsic, Rutgers University Electrical &amp; Computer Engineering Fall 2013 Lecture #15: Sequential Circuits: Latches Sequential Circuits Combinational circuits : current input output Sequential

483 views • 15 slides
Lecture 14: Sequential Circuits, FSM Todays topics: Sequential circuits Finite

Lecture 14: Sequential Circuits, FSM Todays topics: Sequential circuits Finite

Lecture 14: Sequential Circuits, FSM Todays topics: Sequential circuits Finite state machines 1 Sequential Circuits Until now, circuits were combinational when inputs change, the outputs change after a while (time = logic

435 views • 19 slides
Lecture 13: Sequential Circuits, FSM Todays topics: Sequential circuits Finite

Lecture 13: Sequential Circuits, FSM Todays topics: Sequential circuits Finite

Lecture 13: Sequential Circuits, FSM Todays topics: Sequential circuits Finite state machines 1 Clocks A microprocessor is composed of many different circuits that are operating simultaneously if each circuit X takes in

449 views • 20 slides
SANS Securing The Human Training Department of Safety Securing the Human Training Web

SANS Securing The Human Training Department of Safety Securing the Human Training Web

SANS Securing The Human Training Department of Safety Securing the Human Training Web based Centrally Administrated Divisionally managed Consistent content Central reporting Ability to add custom content (Policy's)

761 views • 10 slides
Stevenage Circuits Group Incorporating: Stevenage Circuits Tru-Lon Printed Circuits March 2011

Stevenage Circuits Group Incorporating: Stevenage Circuits Tru-Lon Printed Circuits March 2011

Stevenage Circuits Group Incorporating: Stevenage Circuits Tru-Lon Printed Circuits March 2011 The Organisation Stevenage Circuits formed 1971 Tru-Lon integrated into the Stevenage site March 2011 Group privately owned 11m

1.26k views • 67 slides
Securing and Protecting Securing and Protecting Water Rights and Uses in Water Rights and Uses

Securing and Protecting Securing and Protecting Water Rights and Uses in Water Rights and Uses

Securing and Protecting Securing and Protecting Water Rights and Uses in Water Rights and Uses in Arizona Arizona L. William Staudenmaier One Arizona Center 400 East Van Buren Street, Suite 1900 Phoenix, Arizona 85004 2202 602.382.6000 |

574 views • 32 slides
Securing a future for our horses. Securing a future for our sport. TABLE OF CONTENTS

Securing a future for our horses. Securing a future for our sport. TABLE OF CONTENTS

Securing a future for our horses. Securing a future for our sport. TABLE OF CONTENTS Industry-United Initiative ............................................ 2 The TAA Difference .................................................... 3 Life After

466 views • 19 slides
Securing Internet Routing Securing Internet Routing $ Local ISP Sharon Goldberg g Princeton

Securing Internet Routing Securing Internet Routing $ Local ISP Sharon Goldberg g Princeton

Jobtalk Securing Internet Routing Securing Internet Routing $ Local ISP Sharon Goldberg g Princeton University Based on work with: Based on work with: Boaz Barak, Shai Halevi, Aaron Jaggard, Vijay Ramachandran, Jennifer Rexford, Eran

1.12k views • 42 slides
Securing home Wi-Fi with WPA3 personal Raoul Dijksman and Erik Lamers Securing home Wi-Fi with

Securing home Wi-Fi with WPA3 personal Raoul Dijksman and Erik Lamers Securing home Wi-Fi with

Securing home Wi-Fi with WPA3 personal Raoul Dijksman and Erik Lamers Securing home Wi-Fi with WPA3 personal Making Wi-Fi great again With security this time, right? Securing home Wi-Fi with WPA3 personal - July 3 rd 2020 2 Why is WPA3

853 views • 28 slides
Web Security Thierry Sans Securing the web architecture means securing ... The network

Web Security Thierry Sans Securing the web architecture means securing ... The network

Web Security Thierry Sans Securing the web architecture means securing ... The network The operating system The web server ( Apache for instance) The administration server ( SSH for instance) The database ( Oracle for instance)

1.37k views • 61 slides
SECURING DONATIONS SECURING DONATIONS nonprofit.212mediastudios.com | 574.269.0720 |

SECURING DONATIONS SECURING DONATIONS nonprofit.212mediastudios.com | 574.269.0720 |

NON-PROFIT PRESENTATION TIPS FOR NON-PROFIT PRESENTATION TIPS FOR SECURING DONATIONS SECURING DONATIONS nonprofit.212mediastudios.com | 574.269.0720 | info@212mediastudios.com Having an efgective communication strategy is the fjrst step for your

116 views • 9 slides
Getting Acquainted W ith Zoom Outline Securing Your Computer Your Invitation The

Getting Acquainted W ith Zoom Outline Securing Your Computer Your Invitation The

Getting Acquainted W ith Zoom Outline Securing Your Computer Your Invitation The Waiting Room Working with Audio Working with Video Using the Tool Tray Chat In the Meeting When Things Go Wrong 2 Securing Your

325 views • 14 slides
RC Circuits RC Circuits Charging At t=0, capacitance is uncharged and C Q=0 (initial

RC Circuits RC Circuits Charging At t=0, capacitance is uncharged and C Q=0 (initial

RC Circuits RC Circuits Charging At t=0, capacitance is uncharged and C Q=0 (initial condition). At t=0, switched is closed, it the capacitor has no charge, it behaves like a conductor and I= /R. R After the capacitor is

539 views • 12 slides
Securing Home Networks Securing Home Networks protocols protocols A SWN04 A SWN04 K.

Securing Home Networks Securing Home Networks protocols protocols A SWN04 A SWN04 K.

Securing Home Networks Securing Home Networks protocols protocols A SWN04 A SWN04 K. MASMOUDI, K. MASMOUDI, H. AFIFI H. AFIFI Boston, 08/2004 6 th PCRD Integrated Project Goal : provide secure communication

450 views • 22 slides
Transient response of RC and RL circuits ENGR 40M lecture notes July 26, 2017 Chuan-Zheng Lee,

Transient response of RC and RL circuits ENGR 40M lecture notes July 26, 2017 Chuan-Zheng Lee,

Transient response of RC and RL circuits ENGR 40M lecture notes July 26, 2017 Chuan-Zheng Lee, Stanford University Resistorcapacitor (RC) and resistorinductor (RL) circuits are the two types of first-order circuits: circuits either one

181 views • 6 slides
LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Securing a Mobile

LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Securing a Mobile

LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Securing a Mobile Phone Securing a Mobile Phone Securing a Mobile Phone Securing a Mobile Phone Can We Have it Both Ways? Safe Secure Privacy-friendly

892 views • 62 slides
CPSC 121: Models of Computation Module 8: Sequential Circuits Module 8: Sequential Circuits By

CPSC 121: Models of Computation Module 8: Sequential Circuits Module 8: Sequential Circuits By

CPSC 121: Models of Computation Module 8: Sequential Circuits Module 8: Sequential Circuits By the start of class, you should be able to Trace the operation of a DFA (deterministic finite- state automaton) represented as a diagram on an input,

656 views • 39 slides
CPSC 121: Models of Computation Module 9: Sequential Circuits Module 9: Sequential Circuits By

CPSC 121: Models of Computation Module 9: Sequential Circuits Module 9: Sequential Circuits By

CPSC 121: Models of Computation Module 9: Sequential Circuits Module 9: Sequential Circuits By the start of class, you should be able to Trace the operation of a DFA (deterministic finite- state automaton) represented as a diagram on an input,

613 views • 33 slides
Lightweight Circuits with Shift and Swap Subhadeep Banik Asian Symmetric Key Workshop, ISI

Lightweight Circuits with Shift and Swap Subhadeep Banik Asian Symmetric Key Workshop, ISI

Lightweight Circuits with Shift and Swap Subhadeep Banik Asian Symmetric Key Workshop, ISI Kolkata November 18, 2018 Introduction Types of Circuits: Brief background. Block cipher circuits: Round based vs Serial. Eg: Working example

489 views • 44 slides
Securing IoT with a hardware Secure Element Marc Renaudin - Serge Maginot - TIEMPO CONFIDENTIAL

Securing IoT with a hardware Secure Element Marc Renaudin - Serge Maginot - TIEMPO CONFIDENTIAL

Securing IoT with a hardware Secure Element Marc Renaudin - Serge Maginot - TIEMPO CONFIDENTIAL TIEMPO S.A.S. December 3, 2019 1 Outline Connected Objects Securing IoT with a hardware Secure Element Introduction Securing Treats

537 views • 10 slides
Lecture 14: Boolean Circuits I Arijit Bishnu 17.04.2010 Introduction Boolean Circuits and P

Lecture 14: Boolean Circuits I Arijit Bishnu 17.04.2010 Introduction Boolean Circuits and P

Introduction Boolean Circuits and P Uniformly Generated Circuits Turing Machines that take Advice / poly Lecture 14: Boolean Circuits I Arijit Bishnu 17.04.2010 Introduction Boolean Circuits and P Uniformly Generated Circuits Turing Machines

1.08k views • 71 slides

More recommend