Using Universal Composition to Design and Analyze Secure Complex Hardware Systems

Modern hardware typically is characterized by a multitude of interacting physical components and software mechanisms. To address this complexity, security analysis should be modular: We would like to formulate and prove security properties of individual components, and then deduce the security of the overall design (encompassing hardware and software) from the security of the components. While this seems like an elusive goal, we argue that this is essentially the only feasible way to provide rigorous security analysis of modern hardware.This paper investigates the possibility of using the Universally Composable (UC) security framework towards this aim. The UC framework has been devised and successfully used in the theoretical cryptography community to study and formally prove security of arbitrarily interleaving cryptographic protocols. In particular, a sophisticated analytical toolbox has been developed using this framework. We provide an introduction to this frame-work, and investigate, via a number of examples, ways by which this framework can be used to facilitate a novel type of modular security analysis. This analysis applies to combined hardware and software systems, and investigates their security against attacks that combine both physical and digital steps.

[1]  Nir Bitansky,et al.  Leakage-Tolerant Interactive Protocols , 2012, TCC.

[2]  Jan Sölter,et al.  PUF modeling attacks: An introduction and overview , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[3]  Jean-Pierre Seifert,et al.  Cloning Physically Unclonable Functions , 2013, 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[4]  Frank Piessens,et al.  A Systematic Evaluation of Transient Execution Attacks and Defenses , 2018, USENIX Security Symposium.

[5]  Ulrich Rührmair,et al.  On the practical use of physical unclonable functions in oblivious transfer and bit commitment protocols , 2013, Journal of Cryptographic Engineering.

[6]  Jonathan Katz,et al.  Universally Composable Multi-party Computation Using Tamper-Proof Hardware , 2007, EUROCRYPT.

[7]  Moti Yung,et al.  Practical leakage-resilient pseudorandom generators , 2010, CCS '10.

[8]  Srinivas Devadas,et al.  Modeling attacks on physical unclonable functions , 2010, CCS '10.

[9]  Ulrich Rührmair,et al.  Practical Security Analysis of PUF-Based Two-Player Protocols , 2012, CHES.

[10]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[11]  Stefan Katzenbeisser,et al.  Physically Uncloneable Functions in the Universal Composition Framework , 2011, CRYPTO.

[12]  Georg T. Becker,et al.  The Gap Between Promise and Reality: On the Insecurity of XOR Arbiter PUFs , 2015, CHES.

[13]  Arash Reyhani-Masoleh,et al.  Stateless leakage resiliency from NLFSRs , 2017, 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[14]  Yuval Ishai,et al.  Founding Cryptography on Tamper-Proof Hardware Tokens , 2010, IACR Cryptol. ePrint Arch..

[15]  G. Edward Suh,et al.  Physical Unclonable Functions for Device Authentication and Secret Key Generation , 2007, 2007 44th ACM/IEEE Design Automation Conference.

[16]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.