Protecting Cryptographic Memory against Tampering Attack

In this dissertation we investigate the question of protecting cryptographic devices from tampering attacks. Traditional theoretical analysis of cryptographic devices is based on black-box models which do not take into account the attacks on the implementations, known as physical attacks. In practice such attacks can be executed easily, e.g. by heating the device, as substantiated by numerous works in the past decade. Tampering attacks are a class of such physical attacks where the attacker can change the memory/computation, gains additional (non-black-box) knowledge by interacting with the faulty device and then tries to break the security. Prior works show that generically approaching such problem is notoriously difficult. So, in this dissertation we attempt to solve an easier question, known as memory-tampering, where the attacker is allowed to tamper only with the memory of the device but not the computation. Such weaker model can still be practically useful and moreover, may provide nice building-blocks to tackle full-fledged tampering in future. In this dissertation we study different models of memory-tampering and provide a number of solutions with different flavors. Mainly we took two different approaches: (i) securing specific schemes against tampering and (ii) constructing a generic transformation which turns any scheme resilient to tampering. In Chapter 3 we take the first approach and propose several tamper-resilient public-key schemes in a new model which allows arbitrary tampering, but only bounded number of times [DFMV13]. We provide solutions mainly for identification schemes and encryption schemes. The second approach is based on an abstract notion called non-malleable codes introduced in an earlier work. In Chapter 5 and 6 we mainly improve the state-of-art of non-malleable codes. In Chapter 5 we provide new constructions of such codes [FMVW14], which implicitly resolve the question of memory-tampering in an important model using the known transformation. In the same chapter we also introduce a new and related notion called non-malleable key-derivations which are found to be useful in tamper-resilience as well. Finally in Chapter 6 we strengthen the prior definitions of non-malleable codes by considering continuous tampering [FMNV14]. We provide a construction which satisfies the stronger definition. This strengthening against continuous tampering provides new and better solutions for generic tamper-resilience which removes the requirement of erasures that were necessary in earlier transformations. We explicitly present the new transformations based on our continuous notion.

[1]  Yevgeniy Dodis,et al.  Non-malleable Reductions and Applications , 2015, Electron. Colloquium Comput. Complex..

[2]  Moni Naor,et al.  Public-Key Cryptosystems Resilient to Key Leakage , 2012, SIAM J. Comput..

[3]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[4]  Pratyay Mukherjee,et al.  Continuous Non-malleable Codes , 2014, IACR Cryptol. ePrint Arch..

[5]  Stefan Dziembowski,et al.  Non-Malleable Codes from Two-Source Extractors , 2013, IACR Cryptol. ePrint Arch..

[6]  Tatsuaki Okamoto,et al.  Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes , 1992, CRYPTO.

[7]  Yevgeniy Dodis,et al.  Non-malleable extractors and symmetric key cryptography from weak secrets , 2009, STOC '09.

[8]  Stefan Lucks Ciphers Secure against Related-Key Attacks , 2004, FSE.

[9]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[10]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[11]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[12]  Elaine Shi,et al.  Locally Decodable and Updatable Non-malleable Codes and Their Applications , 2015, Journal of Cryptology.

[13]  Vinod Vaikuntanathan,et al.  Protecting Circuits from Leakage: the Computationally-Bounded and Noisy Cases , 2010, EUROCRYPT.

[14]  Daniel Wichs,et al.  Tamper Detection and Continuous Non-malleable Codes , 2015, TCC.

[15]  Stefan Dziembowski,et al.  Leakage-Resilient Cryptography From the Inner-Product Extractor , 2011, IACR Cryptol. ePrint Arch..

[16]  Yevgeniy Dodis,et al.  Leakage-Resilient Public-Key Cryptography in the Bounded-Retrieval Model , 2009, CRYPTO.

[17]  Stephen C. Pohlig,et al.  An Improved Algorithm for Computing Logarithms over GF(p) and Its Cryptographic Significance , 2022, IEEE Trans. Inf. Theory.

[18]  Kenneth G. Paterson,et al.  Related-Key Security for Pseudorandom Functions Beyond the Linear Barrier , 2014, Journal of Cryptology.

[19]  Mihir Bellare,et al.  A Theoretical Treatment of Related-Key Attacks: RKA-PRPs, RKA-PRFs, and Applications , 2003, EUROCRYPT.

[20]  Tsz Hon Yuen,et al.  Continuous Non-malleable Key Derivation and Its Application to Related-Key Security , 2015, Public Key Cryptography.

[21]  Venkatesan Guruswami,et al.  Non-malleable Coding Against Bit-Wise and Split-State Tampering , 2013, Journal of Cryptology.

[22]  Kenneth G. Paterson,et al.  RKA Security beyond the Linear Barrier: IBE, Encryption and Signatures , 2012, IACR Cryptol. ePrint Arch..

[23]  Akashi Satoh,et al.  Electromagnetic information leakage for side-channel analysis of cryptographic modules , 2010, 2010 IEEE International Symposium on Electromagnetic Compatibility.

[24]  Jens Groth,et al.  Simulation-Sound NIZK Proofs for a Practical Language and Constant Size Group Signatures , 2006, ASIACRYPT.

[25]  Rafail Ostrovsky,et al.  Robust Non-interactive Zero Knowledge , 2001, CRYPTO.

[26]  Hoeteck Wee Public Key Encryption against Related Key Attacks , 2012, Public Key Cryptography.

[27]  Yael Tauman Kalai,et al.  Overcoming the Hole in the Bucket: Public-Key Cryptography Resilient to Continual Memory Leakage , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[28]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[29]  Feng-Hao Liu,et al.  Tamper and Leakage Resilience in the Split-State Model , 2012, IACR Cryptol. ePrint Arch..

[30]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[31]  Aggelos Kiayias,et al.  A Little Honesty Goes a Long Way - The Two-Tier Model for Secure Multiparty Computation , 2015, TCC.

[32]  Shachar Lovett,et al.  Non-malleable codes from additive combinatorics , 2014, STOC.

[33]  Yael Tauman Kalai,et al.  On cryptography with auxiliary input , 2009, STOC '09.

[34]  Oded Goldreich,et al.  Unbiased Bits from Sources of Weak Randomness and Probabilistic Communication Complexity , 1988, SIAM J. Comput..

[35]  Fabrice Benhamouda,et al.  An Algebraic Framework for Pseudorandom Functions and Applications to Related-Key Security , 2015, CRYPTO.

[36]  Venkatesan Guruswami,et al.  Capacity of Non-Malleable Codes , 2013, IEEE Transactions on Information Theory.

[37]  Yael Tauman Kalai,et al.  Cryptography with Tamperable and Leaky Memory , 2011, CRYPTO.

[38]  Yevgeniy Dodis,et al.  Efficient Public-Key Cryptography in the Presence of Key Leakage , 2010, ASIACRYPT.

[39]  Tom Lash,et al.  A Study of Power Analysis and the Advanced Encryption Standard Recommendations for Designing Power Analysis Resistant Devices , 2002 .

[40]  Ross J. Anderson,et al.  Optical Fault Induction Attacks , 2002, CHES.

[41]  Mihir Bellare,et al.  Randomness-efficient oblivious sampling , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[42]  Aggelos Kiayias,et al.  BiTR: Built-in Tamper Resilience , 2011, IACR Cryptol. ePrint Arch..

[43]  Jean-Jacques Quisquater,et al.  Fault Attacks for CRT Based RSA: New Attacks, New Results, and New Countermeasures , 2007, WISTP.

[44]  Wieland Fischer,et al.  Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures , 2002, CHES.

[45]  Adam O'Neill,et al.  Correlated-Input Secure Hash Functions , 2011, TCC.

[46]  Kai-Min Chung,et al.  On the Impossibility of Cryptography with Tamperable Randomness , 2014, Algorithmica.

[47]  Stefan Dziembowski,et al.  Leakage-Resilient Non-malleable Codes , 2015, TCC.

[48]  Guy N. Rothblum,et al.  How to Compute in the Presence of Leakage , 2012, 2012 IEEE 53rd Annual Symposium on Foundations of Computer Science.

[49]  Yevgeniy Dodis,et al.  Cryptography against Continuous Memory Attacks , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[50]  Manoj Prabhakaran,et al.  Explicit Non-malleable Codes Against Bit-Wise Tampering and Permutations , 2015, CRYPTO.

[51]  Daniel Wichs,et al.  Efficient Non-Malleable Codes and Key Derivation for Poly-Size Tampering Circuits , 2014, IEEE Transactions on Information Theory.

[52]  Manoj Prabhakaran,et al.  A Rate-Optimizing Compiler for Non-malleable Codes Against Bit-Wise Tampering and Permutations , 2015, TCC.

[53]  Vinod Vaikuntanathan,et al.  On Continual Leakage of Discrete Log Representations , 2013, IACR Cryptol. ePrint Arch..

[54]  Silvio Micali,et al.  Algorithmic Tamper-Proof (ATP) Security: Theoretical Foundations for Security against Hardware Tampering , 2004, TCC.

[55]  David Cash,et al.  Pseudorandom Functions and Permutations Provably Secure against Related-Key Attacks , 2010, CRYPTO.

[56]  Ronald Cramer,et al.  Modular Design of Secure yet Practical Cryptographic Protocols , 1997 .

[57]  Vipul Goyal,et al.  Block-wise Non-Malleable Codes , 2016, IACR Cryptol. ePrint Arch..

[58]  Moni Naor,et al.  Non-Malleable Cryptography (Extended Abstract) , 1991, STOC 1991.

[59]  Yuval Ishai,et al.  Semantic Security under Related-Key Attacks and Applications , 2011, ICS.

[60]  Adi Shamir,et al.  RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis , 2014, CRYPTO.

[61]  Vinod Vaikuntanathan,et al.  Signature Schemes with Bounded Leakage Resilience , 2009, ASIACRYPT.

[62]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[63]  Yevgeniy Dodis,et al.  Non-malleable Encryption: Simpler, Shorter, Stronger , 2016, Journal of Cryptology.

[64]  Markus G. Kuhn,et al.  Tamper resistance: a cautionary note , 1996 .

[65]  Daniele Venturi,et al.  Tamper-Proof Circuits: How to Trade Leakage for Tamper-Resilience , 2011, ICALP.

[66]  Jean-Jacques Quisquater,et al.  A "Paradoxical" Indentity-Based Signature Scheme Resulting from Zero-Knowledge , 1988, CRYPTO.

[67]  Stefan Dziembowski,et al.  Leakage-Resilient Cryptography , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[68]  Weiwei Shan,et al.  Hamming Distance Model Based Power Analysis for Cryptographic Algorithms , 2011 .

[69]  Pratyay Mukherjee,et al.  A Tamper and Leakage Resilient von Neumann Architecture , 2015, Public Key Cryptography.

[70]  S. Yang,et al.  AES-Based Security Coprocessor IC in 0.18-$muhbox m$CMOS With Resistance to Differential Power Analysis Side-Channel Attacks , 2006, IEEE Journal of Solid-State Circuits.

[71]  Yuval Ishai,et al.  Private Circuits II: Keeping Secrets in Tamperable Circuits , 2006, EUROCRYPT.

[72]  Stefan Dziembowski,et al.  Leakage-Resilient Storage , 2010, SCN.

[73]  Yuval Ishai,et al.  Circuits resilient to additive attacks with applications to secure computation , 2014, STOC.

[74]  David Cash,et al.  Cryptography Secure Against Related-Key Attacks and Tampering , 2011, IACR Cryptol. ePrint Arch..

[75]  Amir Moradi,et al.  A Generalized Method of Differential Fault Attack Against AES Cryptosystem , 2006, CHES.

[76]  Silvio Micali,et al.  Physically Observable Cryptography (Extended Abstract) , 2004, TCC.

[77]  Krzysztof Pietrzak,et al.  Subspace LWE , 2012, TCC.

[78]  Richard J. Lipton,et al.  On the Importance of Eliminating Errors in Cryptographic Computations , 2015, Journal of Cryptology.

[79]  David Zuckerman,et al.  Non-malleable Codes against Constant Split-State Tampering , 2014, 2014 IEEE 55th Annual Symposium on Foundations of Computer Science.

[80]  Ueli Maurer,et al.  From Single-Bit to Multi-bit Public-Key Encryption via Non-malleable Codes , 2015, TCC.

[81]  Kazuo Ohta,et al.  Fault Analysis Attack against an AES Prototype Chip Using RSL , 2009, CT-RSA.

[82]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[83]  Yael Tauman Kalai,et al.  Securing Circuits against Constant-Rate Tampering , 2012, CRYPTO.

[84]  Marc Fischlin,et al.  The Representation Problem Based on Factoring , 2002, CT-RSA.

[85]  Ivan Damgård,et al.  Bounded Tamper Resilience: How to Go Beyond the Algebraic Barrier , 2013, Journal of Cryptology.

[86]  Gil Segev,et al.  Deterministic Public-Key Encryption for Adaptively Chosen Plaintext Distributions , 2013, EUROCRYPT.

[87]  Krzysztof Pietrzak,et al.  A Leakage-Resilient Mode of Operation , 2009, EUROCRYPT.

[88]  B. Abdolmaleki Non-Malleable Codes , 2017 .

[89]  Yael Tauman Kalai,et al.  Securing Circuits and Protocols against 1/poly(k) Tampering Rate , 2014, TCC.

[90]  R. Gennaro,et al.  Advances in cryptology - CRYPTO 2015 : 35th annual cryptology conference Santa Barbara, CA, USA, August 16-20, 2015 : proceedings , 2015 .

[91]  Rishiraj Bhattacharyya,et al.  Secure Message Authentication Against Related-Key Attack , 2013, FSE.

[92]  Yevgeniy Dodis,et al.  Self-Destruct Non-Malleability , 2014, IACR Cryptol. ePrint Arch..

[93]  Rafail Ostrovsky,et al.  Circular-Secure Encryption from Decision Diffie-Hellman , 2008, CRYPTO.

[94]  Ivan Damgård,et al.  The Chaining Lemma and Its Application , 2015, ICITS.