Faerieplay on Tiny Trusted Third Parties ( Work in Progress ) ∗

Many security protocols refer to a trusted third party (TTP) as an ideal way of handling computation and data with conflicting stakeholders. Subsequent discussion usually dismisses a TTP as hypothetical or impractical. However, the last decade has seen the emergence of hardware-based devices like the IBM 4758 that, to high assurance, can carry out computation unmolested; TPM-based systems like Intel’s Lagrande also provide secure platforms; emerging research in trusted computing promises more. In theory, such devices can perform the role of a TTP in real-world problems. In practice, all existing devices have problems. TPM-based systems are not secure against physical attack. The 4758 aspires to be general-purpose but is too small to accommodate real-world problem sizes. The small size forces programmers to hand-tune each algorithm anew, to fit inside the small space without losing security. This tuning heavily uses operations that general-purpose processors do not perform well. Furthermore, current devices are too expensive to deploy widely. Our current research attempts to overcome these barriers, by focusing on the effective use of tiny TTPs (T3Ps). To eliminate the programming obstacle, we designed and prototyped an efficient system, called Faerieplay, to execute arbitrary programs on T3Ps while preserving critical trust properties. To eliminate the performance and cost obstacles, we are currently examining the potential hardware design for a T3P optimized for bottleneck operations. We estimate that such a T3P could outperform the 4758 by several orders of magnitude, while also having a gate-count of only 30K-60K, one to three orders of magnitude smaller than the 4758 or hardened CPU systems like AEGIS. We are currently proceeding with a proof-of-concept prototype on a Xilinx FPGA.

[1]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[2]  Bennet S. Yee,et al.  Using Secure Coprocessors , 1994 .

[3]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[4]  Dan Boneh,et al.  Architectural support for copy and tamper resistant software , 2000, SIGP.

[5]  尚弘 島影 National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .

[6]  Sean W. Smith,et al.  Improving DES Coprocessor Throughput for Short Operations , 2001, USENIX Security Symposium.

[7]  Sean W. Smith,et al.  Practical server privacy with secure coprocessors , 2001, IBM Syst. J..

[8]  Sean W. Smith,et al.  Fairy Dust, Secrets, and the Real World , 2003, IEEE Secur. Priv..

[9]  Leendert van Doorn,et al.  The IBM PCIXCC: A new cryptographic coprocessor for the IBM eServer , 2004, IBM J. Res. Dev..

[10]  John Viega,et al.  The Security and Performance of the Galois/Counter Mode (GCM) of Operation , 2004, INDOCRYPT.

[11]  Benny Pinkas,et al.  Fairplay - Secure Two-Party Computation System , 2004, USENIX Security Symposium.

[12]  Dmitri Asonov Querying Databases Privately: A New Approach to Private Information Retrieval , 2004, Lecture Notes in Computer Science.

[13]  Sean W. Smith,et al.  Private Information Storage with Logarithm-Space Secure Hardware , 2004, International Information Security Workshops.

[14]  Sean W. Smith Outbound authentication for programmable secure coprocessors , 2004, International Journal of Information Security.

[15]  Sean W. Smith,et al.  More Efficient Secure Function Evaluation Using Tiny Trusted Third Parties , 2005 .

[16]  Sean W. Smith,et al.  Protecting client privacy with trusted computing at the server , 2005, IEEE Security & Privacy Magazine.

[17]  Sean W. Smith,et al.  Towards Tiny Trusted Third Parties , 2005 .

[18]  G. Edward Suh,et al.  Design and implementation of the AEGIS single-chip secure processor using physical random functions , 2005, 32nd International Symposium on Computer Architecture (ISCA'05).

[19]  A. Iliev Using Tiny Trusted Third Parties to Enhance Secure Two-Party Computations , 2006 .

[20]  Robert H. Deng,et al.  Private Information Retrieval Using Trusted Hardware , 2006, IACR Cryptol. ePrint Arch..

[21]  A Formal Treatment of Remotely KeyedEncryption ( Extended Abstract ) ? , 2007 .