Publications
SoK: cryptographically protected database search
May 22, 2017
Conference Paper
Published in:
IEEE Symp. on Security and Privacy, 22-26 May 2017.
Summary
Protected database search systems cryptographically isolate the roles of reading from, writing to, and administering the database. This separation limits unnecessary administrator access and protects data in the case of system breaches. Since protected search was introduced in 2000, the area has grown rapidly, systems are offered by academia, start-ups, and established companies. However, there is no best protected search system or set of techniques. Design of such systems is a balancing act between security, functionality, performance, and usability. This challenge is made more difficult by ongoing database specialization, as some users will want the functionality of SQL, NoSQL, or NewSQL databases. This database evolution will continue, and the protected search community should be able to quickly provide functionality consistent with newly invented databases. At the same time, the community must accurately and clearly characterize the tradeoffs between different approaches. To address these challenges, we provide the following contributions:(1) An identification of the important primitive operations across database paradigms. We find there are a small number of base operations that can be used and combined to support a large number of database paradigms.(2) An evaluation of the current state of protected search systems in implementing these base operations. This evaluation describes the main approaches and tradeoffs for each base operation. Furthermore, it puts protected search in the context of unprotected search, identifying key gaps in functionality.(3) An analysis of attacks against protected search for different base queries.(4) A roadmap and tools for transforming a protected search system into a protected database, including an open-source performance evaluation platform and initial user opinions of protected search.
Summary
Protected database search systems cryptographically isolate the roles of reading from, writing to, and administering the database. This separation limits unnecessary administrator access and protects data in the case of system breaches. Since protected search was introduced in 2000, the area has grown rapidly, systems are offered by academia, start-ups...
READ MORE
Iris biometric security challenges and possible solutions: for your eyes only? Using the iris as a key
August 13, 2015
Journal Article
Published in:
IEEE Signal Process. Mag., Vol. 32, No. 5, September 2015, pp. 42-53.
Summary
Biometrics were originally developed for identification, such as for criminal investigations. More recently, biometrics have been also utilized for authentication. Most biometric authentication systems today match a user's biometric reading against a stored reference template generated during enrollment. If the reading and the template are sufficiently close, the authentication is considered successful and the user is authorized to access protected resources. This binary matching approach has major inherent vulnerabilities. An alternative approach to biometric authentication proposes to use fuzzy extractors (also known as biometric cryptosystems), which derive cryptographic keys from noisy sources, such as biometrics. In theory, this approach is much more robust and can enable cryptographic authorization. Unfortunately, for many biometrics that provide high-quality identification, fuzzy extractors provide no security guarantees. This gap arises in part because of an objective mismatch. The quality of a biometric identification is typically measured using false match rate (FMR) versus false nonmatch rate (FNMR). As a result, biometrics have been extensively optimized for this metric. However, this metric says little about the suitability of a biometric for key derivation. In this article, we illustrate a metric that can be used to optimize biometrics for authentication. Using iris biometrics as an example, we explore possible directions for improving processing and representation according to this metric. Finally, we discuss why strong biometric authentication remains a challenging problem and propose some possible future directions for addressing these challenges.
Summary
Biometrics were originally developed for identification, such as for criminal investigations. More recently, biometrics have been also utilized for authentication. Most biometric authentication systems today match a user's biometric reading against a stored reference template generated during enrollment. If the reading and the template are sufficiently close, the authentication is...
READ MORE
Unifying leakage classes: simulatable leakage and pseudoentropy
May 2, 2015
Conference Paper
Published in:
8th Int. Conf. Information-Theoretic Security (ICITS 2015), 2-5 May 2015 in Lecture Notes in Computer Science (LNCS), Vol. 9063, 2015, pp. 69-86.
Topic:
R&D area:
R&D group:
Summary
Leakage resilient cryptography designs systems to withstand partial adversary knowledge of secret state. Ideally, leakage-resilient systems withstand current and future attacks; restoring confidence in the security of implemented cryptographic systems. Understanding the relation between classes of leakage functions is an important aspect. In this work, we consider the memory leakage model, where the leakage class contains functions over the system's entire secret state. Standard limitations include functions over the system's entire secret state. Standard limitations include functions with bounded output length, functions that retain (pseudo) entropy in the secret, and functions that leave the secret computationally unpredictable. Standaert, Pereira, and Yu (Crypto, 2013) introduced a new class of leakage functions they call simulatable leakage. A leakage function is simulatable if a simulator can produce indistinguishable leakage without access to the true secret state. We extend their notion to general applications and consider two versions. For weak simulatability: the simulated leakage must be indistinguishable from the true leakage in the presence of public information. For strong simulatability, this requirement must also hold when the distinguisher has access to the true secret state. We show the following: --Weakly simulatable functions retain computational unpredictability. --Strongly simulatability functions retain pseudoentropy. --There are bounded length functions that are not weakly simulatable. --There are weakly simulatable functions that remove pseudoentropy. --There are leakage functions that retain computational unpredictability are not weakly simulatable.
Summary
Leakage resilient cryptography designs systems to withstand partial adversary knowledge of secret state. Ideally, leakage-resilient systems withstand current and future attacks; restoring confidence in the security of implemented cryptographic systems. Understanding the relation between classes of leakage functions is an important aspect. In this work, we consider the memory leakage...
READ MORE
Robust keys from physical unclonable functions
May 6, 2014
Conference Paper
Published in:
Proc. 2014 IEEE Int. Symp. on Hardware-Oriented Security and Trust, HOST, 6-7 May 2014.
Topic:
R&D area:
R&D group:
Summary
Weak physical unclonable functions (PUFs) can instantiate read-proof hardware tokens (Tuyls et al. 2006, CHES) where benign variation, such as changing temperature, yields a consistent key, but invasive attempts to learn the key destroy it. Previous approaches evaluate security by measuring how much an invasive attack changes the derived key (Pappu et al. 2002, Science). If some attack insufficiently changes the derived key, an expert must redesign the hardware. An unexplored alternative uses software to enhance token response to known physical attacks. Our approach draws on machine learning. We propose a variant of linear discriminant analysis (LDA), called PUF LDA, which reduces noise levels in PUF instances while enhancing changes from known attacks. We compare PUF LDA with standard techniques using an optical coating PUF and the following feature types: raw pixels, fast Fourier transform, short-time Fourier transform, and wavelets. We measure the true positive rate for valid detection at a 0% false positive rate (no mistakes on samples taken after an attack). PUF LDA improves the true positive rate from 50% on average (with a large variance across PUFs) to near 100%. While a well-designed physical process is irreplaceable, PUF LDA enables system designers to improve the PUF reliability-security tradeoff by incorporating attacks without redesigning the hardware token.
Summary
Weak physical unclonable functions (PUFs) can instantiate read-proof hardware tokens (Tuyls et al. 2006, CHES) where benign variation, such as changing temperature, yields a consistent key, but invasive attempts to learn the key destroy it. Previous approaches evaluate security by measuring how much an invasive attack changes the derived key...
READ MORE
DSKE: dynamic set key encryption
October 22, 2012
Conference Paper
Published in:
7th LCN Workshop on Security in Communications, 22 October 2012, pp. 1006-13.
Topic:
R&D area:
R&D group:
Summary
In this paper, we present a novel paradigm for studying the problem of group key distribution, use it to analyze existing key distribution schemes, and then present a novel scheme for group key distribution which we call "Dynamic Set Key Encryption," or DSKE. DSKE meets the demands of a tactical environment while relying only on standard cryptographic primitives. Our "set key" paradigm allows us to focus on the underlying problem of establishing a confidential communication channel shared by a group of users, without concern for related security factors like authenticity and integrity, and without the need to consider any properties of the group beyond a list of its members. This separation of concerns is vital to our development and analysis of DSKE, and can be applied elsewhere to simplify the analyses of other group key distribution schemes.
Summary
In this paper, we present a novel paradigm for studying the problem of group key distribution, use it to analyze existing key distribution schemes, and then present a novel scheme for group key distribution which we call "Dynamic Set Key Encryption," or DSKE. DSKE meets the demands of a tactical...
READ MORE
GROK: a practical system for securing group communications
July 15, 2010
Conference Paper
Published in:
NCA 2010, 9th IEEE Int. Symp. on Network Computing and Applications, 15 July 2010, pp. 100-107.
Topic:
R&D area:
R&D group:
Summary
We have designed and implemented a general-purpose cryptographic building block, called GROK, for securing communication among groups of entities in networks composed of high-latency, low-bandwidth, intermittently connected links. During the process, we solved a number of non-trivial system problems. This paper describes these problems and our solutions, and motivates and justifies these solutions from three viewpoints: usability, efficiency, and security. The solutions described in this paper have been tempered by securing a widely-used group-oriented application, group text chat. We implemented a prototype extension to a popular text chat client called Pidgin and evaluated it in a real-world scenario. Based on our experiences, these solutions are useful to designers of group-oriented systems specifically, and secure systems in general.
Summary
We have designed and implemented a general-purpose cryptographic building block, called GROK, for securing communication among groups of entities in networks composed of high-latency, low-bandwidth, intermittently connected links. During the process, we solved a number of non-trivial system problems. This paper describes these problems and our solutions, and motivates and...
READ MORE
ASE: authenticated statement exchange
December 7, 2009
Conference Paper
Published in:
2010 9th IEEE Int. Symp. on Network Computing and Applications, 7 December 2009, pp. 155-161.
Topic:
R&D area:
R&D group:
Summary
Applications often re-transmit the same data, such as digital certificates, during repeated communication instances. Avoiding such superfluous transmissions with caching, while complicated, may be necessary in order to operate in low-bandwidth, high-latency wireless networks or in order to reduce communication load in shared, mobile networks. This paper presents a general framework and an accompanying software library, called "Authenticated Statement Exchange" (ASE), for helping applications implement persistent caching of application specific data. ASE supports secure caching of a number of predefined data types common to secure communication protocols and allows applications to define new data types to be handled by ASE. ASE is applicable to many applications. The paper describes the use of ASE in one such application, secure group chat. In a recent real-use deployment, ASE was instrumental in allowing secure group chat to operate over low-bandwidth satellite links.
Summary
Applications often re-transmit the same data, such as digital certificates, during repeated communication instances. Avoiding such superfluous transmissions with caching, while complicated, may be necessary in order to operate in low-bandwidth, high-latency wireless networks or in order to reduce communication load in shared, mobile networks. This paper presents a general...
READ MORE
GROK secure multi-user chat at Red Flag 2007-03
November 17, 2008
Conference Paper
Published in:
MILCOM 2008, 16-18 November 2008.
Topic:
R&D area:
R&D group:
Summary
This paper describes the GROK Secure Chat experimental activity performed by MIT Lincoln Laboratory at USAF Red Flag 2007-03 exercises and its results.
Summary
This paper describes the GROK Secure Chat experimental activity performed by MIT Lincoln Laboratory at USAF Red Flag 2007-03 exercises and its results.
READ MORE