Publications
Tagged As
The tale of discovering a side channel in secure message transmission systems
August 13, 2022
Conference Paper
Published in:
The Conf. for Failed Approaches and Insightful Losses in Cryptology, CFAIL, 13 August 2022.
Topic:
R&D area:
R&D group:
Summary
Secure message transmission (SMT) systems provide information theoretic security for point-to-point message transmission in networks that are partially controlled by an adversary. This is the story of a research project that aimed to implement a flavour of SMT protocols that uses "path hopping" with the goal of quantifying the real-life efficiency of the system, and while failing to achieve this initial goal, let to the discovery a side-channel that affects the security of a wide range of SMT implementations.
Summary
Secure message transmission (SMT) systems provide information theoretic security for point-to-point message transmission in networks that are partially controlled by an adversary. This is the story of a research project that aimed to implement a flavour of SMT protocols that uses "path hopping" with the goal of quantifying the real-life...
READ MORE
Data trust methodology: a blockchain-based approach to instrumenting complex systems
August 5, 2020
Technical Report
Published in:
MIT Lincoln Laboratory Report TR-1256
Summary
Increased data sharing and interoperability has created challenges in maintaining a level of trust and confidence in Department of Defense (DoD) systems. As tightly-coupled, unique, static, and rigorously validated mission processing solutions have been supplemented with newer, more dynamic, and complex counterparts, mission effectiveness has been impacted. On the one hand, newer deeper processing with more diverse data inputs can offer resilience against overconfident decisions under rapidly changing conditions. On the other hand, the multitude of diverse methods for reaching a decision may be in apparent conflict and decrease decision confidence. This has sometimes manifested itself in the presentation of simultaneous, divergent information to high-level decision makers. In some important specific instances, this has caused the operators to be less efficient in determining the best course of action. In this paper, we will describe an approach to more efficiently and effectively leverage new data sources and processing solutions, without requiring redesign of each algorithm or the system itself. We achieve this by instrumenting the processing chains with an enterprise blockchain framework. Once instrumented, we can collect, verify, and validate data processing chains by tracking data provenance using smart contracts to add dynamically calculated metadata to an immutable and distributed ledger. This noninvasive approach to verification and validation in data sharing environments has the power to improve decision confidence at larger scale than manual approaches, such as consulting individual developer subject matter experts to understand system behavior. In this paper, we will present our study of the following: 1. Types of information (i.e., knowledge) that are supplied and leveraged by decision makers and operational contextualized data processes (Figure 1) 2. Benefits to verifying data provenance, integrity, and validity within an operational processing chain 3. Our blockchain technology framework coupled with analytical techniques which leverage a verification and validation capability that could be deployed into existing DoD data-processing systems with insignificant performance and operational interference.
Summary
Increased data sharing and interoperability has created challenges in maintaining a level of trust and confidence in Department of Defense (DoD) systems. As tightly-coupled, unique, static, and rigorously validated mission processing solutions have been supplemented with newer, more dynamic, and complex counterparts, mission effectiveness has been impacted. On the one...
READ MORE
Leveraging Intel SGX technology to protect security-sensitive applications
November 1, 2018
Conference Paper
Published in:
17th IEEE Int. Symp. on Network Computing and Applications, NCA, 1-3 November 2018.
Topic:
R&D area:
R&D group:
Summary
This paper explains the process by which Intel Software Guard Extensions (SGX) can be leveraged into an existing codebase to protect a security-sensitive application. Intel SGX provides user-level applications with hardware-enforced confidentiality and integrity protections and incurs manageable impact on performance. These protections apply to all three phases of the operational data lifecycle: at rest, in use, and in transit. SGX shrinks the trusted computing base (and therefore the attack surface) of the application to only the hardware on the CPU chip and the portion of the application's software that is executed within the protected enclave. The SDK enables SGX integration into existing C/C++ codebases while still ensuring program support for legacy and non-Intel platforms. This paper is the first published work to walk through the step-by-step process of Intel SGX integration with examples and performance results from an actual cryptographic application produced in a standard Linux development environment.
Summary
This paper explains the process by which Intel Software Guard Extensions (SGX) can be leveraged into an existing codebase to protect a security-sensitive application. Intel SGX provides user-level applications with hardware-enforced confidentiality and integrity protections and incurs manageable impact on performance. These protections apply to all three phases of the...
READ MORE
Towards a universal CDAR device: a high performance adapter-based inline media encryptor
October 23, 2017
Conference Paper
Published in:
MILCOM 2017, 23-25 October 2017.
Topic:
R&D area:
R&D group:
Summary
As the rate at which digital data is generated continues to grow, so does the need to ensure that data can be stored securely. The use of an NSA-certified Inline Media Encryptor (IME) is often required to protect classified data, as its security properties can be fully analyzed and certified with minimal coupling to the environment in which it is embedded. However, these devices are historically purpose-built and must often be redesigned and recertified for each target system. This tedious and costly (but necessary) process limits the ability for an information system architect to leverage advances made in storage technology. Our universal Classified Data At Rest (CDAR) architecture represents a modular approach to reduce this burden and maximize interface flexibility. The core module is designed around NVMe, a high-performance storage interface built directly on PCIe. Interfacing with non-NVMe interfaces such as SATA is achieved with adapters which are outside the certification boundary and therefore can be less costly and leverage rapidly evolving commercial technology. This work includes an analysis for both the functionality and security of this architecture. A prototype was developed with peak throughput of 23.9 Gb/s at a power consumption of 8.5W, making it suitable for a wide range of storage applications.
Summary
As the rate at which digital data is generated continues to grow, so does the need to ensure that data can be stored securely. The use of an NSA-certified Inline Media Encryptor (IME) is often required to protect classified data, as its security properties can be fully analyzed and certified...
READ MORE
SoK: cryptographically protected database search
May 22, 2017
Conference Paper
Published in:
IEEE Symp. on Security and Privacy, 22-26 May 2017.
Summary
Protected database search systems cryptographically isolate the roles of reading from, writing to, and administering the database. This separation limits unnecessary administrator access and protects data in the case of system breaches. Since protected search was introduced in 2000, the area has grown rapidly, systems are offered by academia, start-ups, and established companies. However, there is no best protected search system or set of techniques. Design of such systems is a balancing act between security, functionality, performance, and usability. This challenge is made more difficult by ongoing database specialization, as some users will want the functionality of SQL, NoSQL, or NewSQL databases. This database evolution will continue, and the protected search community should be able to quickly provide functionality consistent with newly invented databases. At the same time, the community must accurately and clearly characterize the tradeoffs between different approaches. To address these challenges, we provide the following contributions:(1) An identification of the important primitive operations across database paradigms. We find there are a small number of base operations that can be used and combined to support a large number of database paradigms.(2) An evaluation of the current state of protected search systems in implementing these base operations. This evaluation describes the main approaches and tradeoffs for each base operation. Furthermore, it puts protected search in the context of unprotected search, identifying key gaps in functionality.(3) An analysis of attacks against protected search for different base queries.(4) A roadmap and tools for transforming a protected search system into a protected database, including an open-source performance evaluation platform and initial user opinions of protected search.
Summary
Protected database search systems cryptographically isolate the roles of reading from, writing to, and administering the database. This separation limits unnecessary administrator access and protects data in the case of system breaches. Since protected search was introduced in 2000, the area has grown rapidly, systems are offered by academia, start-ups...
READ MORE
Bounded-collusion attribute-based encryption from minimal assumptions
March 28, 2017
Conference Paper
Published in:
IACR 20th Int. Conf. on Practice and Theory of Public Key Cryptography, PKC 2017, 28-31 March 2017.
Topic:
R&D area:
R&D group:
Summary
Attribute-based encryption (ABE) enables encryption of messages under access policies so that only users with attributes satisfying the policy can decrypt the ciphertext. In standard ABE, an arbitrary number of colluding users, each without an authorized attribute set, cannot decrypt the ciphertext. However, all existing ABE schemes rely on concrete cryptographic assumptions such as the hardness of certain problems over bilinear maps or integer lattices. Furthermore, it is known that ABE cannot be constructed from generic assumptions such as public-key encryption using black-box techniques. In this work, we revisit the problem of constructing ABE that tolerates collusions of arbitrary but a priori bounded size. We present two ABE schemes secure against bounded collusions that require only semantically secure public-key encryption. Our schemes achieve significant improvement in the size of the public parameters, secret keys, and ciphertexts over the previous construction of bounded-collusion ABE from minimal assumptions by Gorbunov et al. (CRYPTO 2012). In fact, in our second scheme, the size of ABE secret keys does not grow at all with the collusion bound. As a building block, we introduce a multidimensional secret-sharing scheme that may be of independent interest. We also obtain bounded-collusion symmetric-key ABE (which requires the secret key for encryption) by replacing the public-key encryption with symmetric-key encryption, which can be built from the minimal assumption of one-way functions.
Summary
Attribute-based encryption (ABE) enables encryption of messages under access policies so that only users with attributes satisfying the policy can decrypt the ciphertext. In standard ABE, an arbitrary number of colluding users, each without an authorized attribute set, cannot decrypt the ciphertext. However, all existing ABE schemes rely on concrete...
READ MORE
Charting a security landscape in the clouds: data protection and collaboration in cloud storage
July 7, 2016
Technical Report
Published in:
MIT Lincoln Laboratory Report TR-1210
Topic:
R&D area:
R&D group:
Summary
This report surveys different approaches to securely storing and sharing data in the cloud based on traditional notions of security: confidentiality, integrity, and availability, with the main focus on confidentiality. An appendix discusses the related notion of how users can securely authenticate to cloud providers. We propose a metric for comparing secure storage approaches based on their residual vulnerabilities: attack surfaces against which an approach cannot protect. Our categorization therefore ranks approaches from the weakest (the most residual vulnerabilities) to the strongest (the fewest residual vulnerabilities). In addition to the security provided by each approach, we also consider their inherent costs and limitations. This report can therefore help an organization select a cloud data protection approach that satisfies their enterprise infrastructure, security specifications, and functionality requirements.
Summary
This report surveys different approaches to securely storing and sharing data in the cloud based on traditional notions of security: confidentiality, integrity, and availability, with the main focus on confidentiality. An appendix discusses the related notion of how users can securely authenticate to cloud providers. We propose a metric for...
READ MORE
A key-centric processor architecture for secure computing
May 3, 2016
Conference Paper
Published in:
2016 IEEE Int. Symp. on Hardware-Oriented Security and Trust, HOST 2016, 3-5 May 2016.
Topic:
R&D area:
R&D group:
Summary
We describe a novel key-centric processor architecture in which each piece of data or code can be protected by encryption while at rest, in transit, and in use. Using embedded key management for cryptographic key handling, our processor permits mutually distrusting software written by different entities to work closely together without divulging algorithmic parameters or secret program data. Since the architecture performs encryption, decryption, and key management deeply within the processor hardware, the attack surface is minimized without significant impact on performance or ease of use. The current prototype implementation is based on the Sparc architecture and is highly applicable to small to medium-sized processing loads.
Summary
We describe a novel key-centric processor architecture in which each piece of data or code can be protected by encryption while at rest, in transit, and in use. Using embedded key management for cryptographic key handling, our processor permits mutually distrusting software written by different entities to work closely together...
READ MORE
Cryptography for Big Data security
April 27, 2016
Book Chapter
Published in:
Chapter 10 in Big Data: Storage, Sharing, and Security, 2016, pp. 214-87.
Topic:
R&D area:
R&D group:
Summary
This chapter focuses on state-of-the-art provably secure cryptographic techniques for protecting big data applications. We do not focus on more established, and commonly available cryptographic solutions. The goal is to inform practitioners of new techniques to consider as they develop new big data solutions rather than to summarize the current best practice for securing data.
Summary
This chapter focuses on state-of-the-art provably secure cryptographic techniques for protecting big data applications. We do not focus on more established, and commonly available cryptographic solutions. The goal is to inform practitioners of new techniques to consider as they develop new big data solutions rather than to summarize the current...
READ MORE
SoK: privacy on mobile devices - it's complicated
March 2, 2016
Conference Paper
Published in:
Proc. on Privacy Enhancing Techn., Vol. 3, 2016, pp. 96-116.
Topic:
R&D area:
Summary
Modern mobile devices place a wide variety of sensors and services within the personal space of their users. As a result, these devices are capable of transparently monitoring many sensitive aspects of these users' lives (e.g., location, health, or correspondences). Users typically trade access to this data for convenient applications and features, in many cases without a full appreciation of the nature and extent of the information that they are exposing to a variety of third parties. Nevertheless, studies show that users remain concerned about their privacy and vendors have similarly been increasing their utilization of privacy-preserving technologies in these devices. Still, despite significant efforts, these technologies continue to fail in fundamental ways, leaving users' private data exposed. In this work, we survey the numerous components of mobile devices, giving particular attention to those that collect, process, or protect users' private data. Whereas the individual components have been generally well studied and understood, examining the entire mobile device ecosystem provides significant insights into its overwhelming complexity. The numerous components of this complex ecosystem are frequently built and controlled by different parties with varying interests and incentives. Moreover, most of these parties are unknown to the typical user. The technologies that are employed to protect the users' privacy typically only do so within a small slice of this ecosystem, abstracting away the greater complexity of the system. Our analysis suggests that this abstracted complexity is the major cause of many privacy-related vulnerabilities, and that a fundamentally new, holistic, approach to privacy is needed going forward. We thus highlight various existing technology gaps and propose several promising research directions for addressing and reducing this complexity.
Summary
Modern mobile devices place a wide variety of sensors and services within the personal space of their users. As a result, these devices are capable of transparently monitoring many sensitive aspects of these users' lives (e.g., location, health, or correspondences). Users typically trade access to this data for convenient applications...
READ MORE