COST Action IC1403 Training School – Booket of presentations Ponta Delgada, Azores, Portugal, April 16-20, 2018 www.cryptacus.eu Funded by the Horizon 2020 Framework Programme of the European Union
COST Action IC1403
Training School – Booket of presentations
Ponta Delgada, Azores, Portugal, April 16-20, 2018
www.cryptacus.eu
Funded by the Horizon 2020 Framework Programme of the European Union
COST
“COST is an EU-funded programme that enables researchers to set up their interdisciplinaryresearch networks in Europe and beyond. [COST] provides funds for organising conferences,meetings, training schools, short scientific exchanges or other networking activities in a widerange of scientific topics.” (source: www.cost.eu)
COST Action IC1403
Recent technological advances in hardware and software have irrevocably affected the classicalpicture of computing systems. Today, these no longer consist only of connected servers, butinvolve a wide range of pervasive and embedded devices, leading to the concept of “ubiquitouscomputing systems”. The objective of the Action is to improve and adapt the existent cryptanal-ysis methodologies and tools to the ubiquitous computing framework. Cryptanalysis, which isthe assessment of theoretical and practical cryptographic mechanisms designed to ensure securityand privacy, will be implemented along four axes: cryptographic models, cryptanalysis of buildingblocks, hardware and software security engineering, and security assessment of real-world systems.Researchers have only recently started to focus on the security of ubiquitous computing systems.Despite the critical flaws found, the required highly-specialized skills and the isolation of theinvolved disciplines are a true barrier for identifying additional issues. The Action established anetwork of complementary skills, so that expertise in cryptography, information security, privacy,and embedded systems can be put to work together.
Chair: Prof. Gildas AVOINE, INSA Rennes / IRISA CNRS, FranceVice-chair: Prof. Julio HERNANDEZ-CASTRO, University of Kent, UK
Grant Holder’s Administrative Representative: Isabelle MESGUEN, INSA RennesCOST’s Science Officer: Karina MARCUS
COST’s Administrative Officer: Andrea TORTAJADA
Working GroupsWG1: Security and Privacy Models
Leader: Prof. Serge VAUDENAY, SwitzerlandVice-Leader: Prof. Frederic ARMKNECHT, Germany
WG2: Cryptanalysis of Protocols and PrimitivesLeader: Prof. Andrey BOGDANOV, Denmark
Vice-Leader: Prof. Miroslaw KUTYLOWSKI, Poland
WG3: Hardware and Software Security EngineeringLeader: Prof. Lejla BATINA, The NetherlandsVice-Leader: Prof. Ricardo CHAVES, Portugal
WG4: Security and Privacy Analysis of Real-World SystemsLeader: Prof. Flavio GARCIA, United Kingdom
Vice-Leader: Prof. Alex BIRYUKOV, Luxembourg
SCIENCE PASSION TECHNOLOGY
Software-based Microarchitectural Attacks
Daniel Gruss
April 19, 2018
Graz University of Technology
1 Daniel Gruss — Graz University of Technology
Whoami www.tugraz.at
• Daniel Gruss
• Post-Doc @ Graz University of Technology
• Twitter: @lavados
• Email: [email protected]
2 Daniel Gruss — Graz University of Technology
Timeline of Meltdown and Spectre www.tugraz.at
• Both vulnerabilities existed for many years
No one discovered it before
Suddenly, independent teams discover it within months
Let’s create an evidence board
3 Daniel Gruss — Graz University of Technology
Timeline of Meltdown and Spectre www.tugraz.at
• Both vulnerabilities existed for many years
• No one discovered it before
Suddenly, independent teams discover it within months
Let’s create an evidence board
3 Daniel Gruss — Graz University of Technology
Timeline of Meltdown and Spectre www.tugraz.at
• Both vulnerabilities existed for many years
• No one discovered it before
• Suddenly, 4 independent teams discover it within 6 months
Let’s create an evidence board
3 Daniel Gruss — Graz University of Technology
Timeline of Meltdown and Spectre www.tugraz.at
• Both vulnerabilities existed for many years
• No one discovered it before
• Suddenly, 4 independent teams discover it within 6 months
• Let’s create an evidence board
3 Daniel Gruss — Graz University of Technology
Meltdown vs. Spectre www.tugraz.at
Why two names, two papers, etc?
• Two different problems
They only have a very loose connection
Tw different teams had already quite matured drafts ready when
learning of each other
Initially we tried to merge, but all co-authors quickly agreed that it
would mix things that don’t belong together
re on that after we understand the attacks
4 Daniel Gruss — Graz University of Technology
Meltdown vs. Spectre www.tugraz.at
Why two names, two papers, etc?
• Two different problems
• They only have a very loose connection
Tw different teams had already quite matured drafts ready when
learning of each other
Initially we tried to merge, but all co-authors quickly agreed that it
would mix things that don’t belong together
re on that after we understand the attacks
4 Daniel Gruss — Graz University of Technology
Meltdown vs. Spectre www.tugraz.at
Why two names, two papers, etc?
• Two different problems
• They only have a very loose connection
• Two different teams had already quite matured drafts ready when
learning of each other
Initially we tried to merge, but all co-authors quickly agreed that it
would mix things that don’t belong together
re on that after we understand the attacks
4 Daniel Gruss — Graz University of Technology
Meltdown vs. Spectre www.tugraz.at
Why two names, two papers, etc?
• Two different problems
• They only have a very loose connection
• Two different teams had already quite matured drafts ready when
learning of each other
• Initially we tried to merge, but all co-authors quickly agreed that it
would mix things that don’t belong together
→ More on that after we understand the attacks
4 Daniel Gruss — Graz University of Technology
The Fallout www.tugraz.at
You realize it is something big when...
it is in the news, all over the w rld
you get a Wikipedia article in multiple languages
there are comics, including xkcd
you get a lot of Twitter follower after Snowden mentioned you
5 Daniel Gruss — Graz University of Technology
The Fallout www.tugraz.at
You realize it is something big when...
• it is in the news, all over the world
you get a Wikipedia article in multiple languages
there are comics, including xkcd
you get a lot of Twitter follower after Snowden mentioned you
5 Daniel Gruss — Graz University of Technology
The Fallout www.tugraz.at
You realize it is something big when...
• it is in the news, all over the world
you get a Wikipedia article in multiple languages
there are comics, including xkcd
you get a lot of Twitter follower after Snowden mentioned you
5 Daniel Gruss — Graz University of Technology
The Fallout www.tugraz.at
You realize it is something big when...
• it is in the news, all over the world
you get a Wikipedia article in multiple languages
there are comics, including xkcd
you get a lot of Twitter follower after Snowden mentioned you
5 Daniel Gruss — Graz University of Technology
The Fallout www.tugraz.at
You realize it is something big when...
• it is in the news, all over the world
you get a Wikipedia article in multiple languages
there are comics, including xkcd
you get a lot of Twitter follower after Snowden mentioned you
5 Daniel Gruss — Graz University of Technology
The Fallout www.tugraz.at
You realize it is something big when...
• it is in the news, all over the world
you get a Wikipedia article in multiple languages
there are comics, including xkcd
you get a lot of Twitter follower after Snowden mentioned you
5 Daniel Gruss — Graz University of Technology
The Fallout www.tugraz.at
You realize it is something big when...
• it is in the news, all over the world
• you get a Wikipedia article in multiple languages
there are comics, including xkcd
you get a lot of Twitter follower after Snowden mentioned you
5 Daniel Gruss — Graz University of Technology
The Fallout www.tugraz.at
You realize it is something big when...
• it is in the news, all over the world
• you get a Wikipedia article in multiple languages
there are comics, including xkcd
you get a lot of Twitter follower after Snowden mentioned you
5 Daniel Gruss — Graz University of Technology
The Fallout www.tugraz.at
You realize it is something big when...
• it is in the news, all over the world
• you get a Wikipedia article in multiple languages
there are comics, including xkcd
you get a lot of Twitter follower after Snowden mentioned you
5 Daniel Gruss — Graz University of Technology
The Fallout www.tugraz.at
You realize it is something big when...
• it is in the news, all over the world
• you get a Wikipedia article in multiple languages
• there are comics, including xkcd
you get a lot of Twitter follower after Snowden mentioned you
5 Daniel Gruss — Graz University of Technology
The Fallout www.tugraz.at
You realize it is something big when...
• it is in the news, all over the world
• you get a Wikipedia article in multiple languages
• there are comics, including xkcd
you get a lot of Twitter follower after Snowden mentioned you
5 Daniel Gruss — Graz University of Technology
The Fallout www.tugraz.at
You realize it is something big when...
• it is in the news, all over the world
• you get a Wikipedia article in multiple languages
• there are comics, including xkcd
you get a lot of Twitter follower after Snowden mentioned you
5 Daniel Gruss — Graz University of Technology
The Fallout www.tugraz.at
You realize it is something big when...
• it is in the news, all over the world
• you get a Wikipedia article in multiple languages
• there are comics, including xkcd
• you get a lot of Twitter follower after Snowden mentioned you
5 Daniel Gruss — Graz University of Technology
The Fallout www.tugraz.at
You realize it is something big when...
• it is in the news, all over the world
• you get a Wikipedia article in multiple languages
• there are comics, including xkcd
• you get a lot of Twitter follower after Snowden mentioned you
5 Daniel Gruss — Graz University of Technology
The Core of Meltdown/Spectre www.tugraz.at
• Kernel is isolated from user space
This isolation is a combination of
hardware and software
User applications cannot access
anything from the kernel
There is only a well-defined
interface syscalls
Userspace Kernelspace
ApplicationsOperating
System Memory
8 Daniel Gruss — Graz University of Technology
The Core of Meltdown/Spectre www.tugraz.at
• Kernel is isolated from user space
• This isolation is a combination of
hardware and software
User applications cannot access
anything from the kernel
There is only a well-defined
interface syscalls
Userspace Kernelspace
ApplicationsOperating
System Memory
8 Daniel Gruss — Graz University of Technology
The Core of Meltdown/Spectre www.tugraz.at
• Kernel is isolated from user space
• This isolation is a combination of
hardware and software
• User applications cannot access
anything from the kernel
There is only a well-defined
interface syscalls
Userspace Kernelspace
ApplicationsOperating
System Memory
8 Daniel Gruss — Graz University of Technology
The Core of Meltdown/Spectre www.tugraz.at
• Kernel is isolated from user space
• This isolation is a combination of
hardware and software
• User applications cannot access
anything from the kernel
• There is only a well-defined
interface → syscalls
Userspace Kernelspace
ApplicationsOperating
System Memory
8 Daniel Gruss — Graz University of Technology
1337 4242
Revolutionary concept!
Store your food at home,
never go to the grocery store
during cooking.
Can store ALL kinds of food.
ONLY TODAY INSTEAD OF $1,300
ORDER VIA PHONE: +555 12345
8 Daniel Gruss — Graz University of Technology
CPU Cache www.tugraz.at
printf("%d", i);
printf("%d", i);
9 Daniel Gruss — Graz University of Technology
CPU Cache www.tugraz.at
printf("%d", i);Cac
he miss
printf("%d", i);
9 Daniel Gruss — Graz University of Technology
CPU Cache www.tugraz.at
printf("%d", i);Cach
e miss
Request
printf("%d", i);
9 Daniel Gruss — Graz University of Technology
CPU Cache www.tugraz.at
printf("%d", i);Cach
e miss
Request
Response
printf("%d", i);
9 Daniel Gruss — Graz University of Technology
CPU Cache www.tugraz.at
printf("%d", i);Cach
e miss
Request
Responsei
printf("%d", i);
9 Daniel Gruss — Graz University of Technology
CPU Cache www.tugraz.at
printf("%d", i);Cach
e miss
Request
Responsei
printf("%d", i);
Cache hit
9 Daniel Gruss — Graz University of Technology
CPU Cache www.tugraz.at
printf("%d", i);Cach
e miss
Request
Responsei
printf("%d", i);
Cache hit
DRAM access,
slow
9 Daniel Gruss — Graz University of Technology
CPU Cache www.tugraz.at
printf("%d", i);Cach
e miss
Request
Responsei
printf("%d", i);
Cache hit
No DRAM access,
much faster
DRAM access,
slow
9 Daniel Gruss — Graz University of Technology
Flush+Reload www.tugraz.at
Shared Memory
ATTACKER VICTIM
flush
accessaccess
10 Daniel Gruss — Graz University of Technology
Flush+Reload www.tugraz.at
Shared Memory
ATTACKER
Shared Memory
cach
edcached
VICTIM
flush
accessaccess
10 Daniel Gruss — Graz University of Technology
Flush+Reload www.tugraz.at
Shared Memory
ATTACKER
Shared Memory
VICTIM
flush
accessaccess
10 Daniel Gruss — Graz University of Technology
Flush+Reload www.tugraz.at
Shared Memory
ATTACKER VICTIM
flush
accessaccess
10 Daniel Gruss — Graz University of Technology
Flush+Reload www.tugraz.at
Shared Memory
ATTACKER VICTIM
flush
accessaccess
10 Daniel Gruss — Graz University of Technology
Flush+Reload www.tugraz.at
Shared Memory
ATTACKER
Shared Memory
VICTIM
flush
accessaccess
10 Daniel Gruss — Graz University of Technology
Flush+Reload www.tugraz.at
Shared Memory
ATTACKER
Shared Memory
VICTIM
flush
accessaccess
10 Daniel Gruss — Graz University of Technology
Flush+Reload www.tugraz.at
Shared Memory
ATTACKER
Shared Memory
VICTIM
flush
accessaccess
fast if victim accessed data,slow otherwise
10 Daniel Gruss — Graz University of Technology
Memory Access Latency www.tugraz.at
11 Daniel Gruss — Graz University of Technology
Memory Access Latency www.tugraz.at
11 Daniel Gruss — Graz University of Technology
Cache Template Attack Demo
Cache Template www.tugraz.at
Address
Keyg h i j k l m n o p q r s t u v w x y z
0x7c680
0x7c6c0
0x7c700
0x7c740
0x7c780
0x7c7c0
0x7c800
0x7c840
0x7c880
0x7c8c0
0x7c900
0x7c940
0x7c980
0x7c9c0
0x7ca00
0x7cb80
0x7cc40
0x7cc80
0x7ccc0
0x7cd00
13 Daniel Gruss — Graz University of Technology
13 Daniel Gruss — Graz University of Technology
Wait for an hour
13 Daniel Gruss — Graz University of Technology
Wait for an hour
LATENCY
13 Daniel Gruss — Graz University of Technology
13 Daniel Gruss — Graz University of Technology
Parallelize
Depend
ency
13 Daniel Gruss — Graz University of Technology
Out-of-order Execution www.tugraz.at
1 int width = 10, height = 5;
2
3 float diagonal = sqrt(width * width
4 + height * height);
5 int area = width * height;
6
7 printf("Area %d x %d = %d\n", width , height , area);
14 Daniel Gruss — Graz University of Technology
Out-of-order Execution www.tugraz.at
1 int width = 10, height = 5;
2
3 float diagonal = sqrt(width * width
4 + height * height);
5 int area = width * height;
6
7 printf("Area %d x %d = %d\n", width , height , area);
Parallelize
Depend
ency
14 Daniel Gruss — Graz University of Technology
Building Meltdown www.tugraz.at
1 char data = *(char*)0xffffffff81a000e0;
2 printf("%c\n", data);
1
2
Kernel addresses are not accessible
Are privilege checks also done when executing instructions out of rder?
15 Daniel Gruss — Graz University of Technology
Building Meltdown www.tugraz.at
1 char data = *(char*)0xffffffff81a000e0;
2 printf("%c\n", data);
1 segfault at ffffffff81a000e0 ip 0000000000400535
2 sp 00007 ffce4a80610 error 5 in reader
Kernel addresses are not accessible
Are privilege checks also done when executing instructions out of rder?
15 Daniel Gruss — Graz University of Technology
Building Meltdown www.tugraz.at
1 char data = *(char*)0xffffffff81a000e0;
2 printf("%c\n", data);
1 segfault at ffffffff81a000e0 ip 0000000000400535
2 sp 00007 ffce4a80610 error 5 in reader
• Kernel addresses are not accessible
Are privilege checks also done when executing instructions out of rder?
15 Daniel Gruss — Graz University of Technology
Building Meltdown www.tugraz.at
1 char data = *(char*)0xffffffff81a000e0;
2 printf("%c\n", data);
1 segfault at ffffffff81a000e0 ip 0000000000400535
2 sp 00007 ffce4a80610 error 5 in reader
• Kernel addresses are not accessible
• Are privilege checks also done when executing instructions out of order?
15 Daniel Gruss — Graz University of Technology
Building Meltdown www.tugraz.at
• Adapted code
1 *( volatile char*)0;
2 array [84 * 4096] = 0; // unreachable
Static code analyzer is not happy
1 warn ing : De r e f e r e n c e o f n u l l p o i n t e r
2 ∗( l t i l e ch r ∗) 0 ;
16 Daniel Gruss — Graz University of Technology
Building Meltdown www.tugraz.at
• Adapted code
1 *( volatile char*)0;
2 array [84 * 4096] = 0; // unreachable
• Static code analyzer is not happy
1 warn ing : De r e f e r e n c e o f n u l l p o i n t e r
2 ∗( v o l a t i l e char ∗) 0 ;
16 Daniel Gruss — Graz University of Technology
Building Meltdown www.tugraz.at
• Flush+Reload over all pages of the array
0 50 100 150 200 250
300
400
500
Page
Acc
ess
tim
e
[cyc
les]
• “Unreachable” code line was actually executed
Exception was only thrown afterwards
17 Daniel Gruss — Graz University of Technology
Building Meltdown www.tugraz.at
• Flush+Reload over all pages of the array
0 50 100 150 200 250
300
400
500
Page
Acc
ess
tim
e
[cyc
les]
• “Unreachable” code line was actually executed
• Exception was only thrown afterwards
17 Daniel Gruss — Graz University of Technology
Building Meltdown www.tugraz.at
• Combine the two things
1 char data = *(char*)0xffffffff81a000e0;
2 array[data * 4096] = 0;
= sending end of a cache covert channel
Then check whether any part of is cached
= receiving end of a cache covert channel
18 Daniel Gruss — Graz University of Technology
Building Meltdown www.tugraz.at
• Combine the two things
1 char data = *(char*)0xffffffff81a000e0;
2 array[data * 4096] = 0;
= sending end of a cache covert channel
• Then check whether any part of array is cached
= receiving end of a cache covert channel
18 Daniel Gruss — Graz University of Technology
Building Meltdown www.tugraz.at
• Combine the two things
1 char data = *(char*)0xffffffff81a000e0;
2 array[data * 4096] = 0;
= sending end of a cache covert channel
• Then check whether any part of array is cached
= receiving end of a cache covert channel
18 Daniel Gruss — Graz University of Technology
Building Meltdown www.tugraz.at
• Flush+Reload over all pages of the array
0 50 100 150 200 250
300
400
500
Page
Acc
ess
tim
e
[cyc
les]
• Index of cache hit reveals data
Permission check is in some cases not fast enough
19 Daniel Gruss — Graz University of Technology
Building Meltdown www.tugraz.at
• Flush+Reload over all pages of the array
0 50 100 150 200 250
300
400
500
Page
Acc
ess
tim
e
[cyc
les]
• Index of cache hit reveals data
• Permission check is in some cases not fast enough
19 Daniel Gruss — Graz University of Technology
Leaking Passwords from your Password Manager www.tugraz.at
23 Daniel Gruss — Graz University of Technology
Not so fast. . .
24 Daniel Gruss — Graz University of Technology
Take the kernel addresses... www.tugraz.at
• Kernel addresses in user space are a problem
Why don’t we take the kernel addresses...
25 Daniel Gruss — Graz University of Technology
Take the kernel addresses... www.tugraz.at
• Kernel addresses in user space are a problem
• Why don’t we take the kernel addresses...
25 Daniel Gruss — Graz University of Technology
...and remove them www.tugraz.at
• ...and remove them if not needed?
User accessible check in hardware is not reliable
26 Daniel Gruss — Graz University of Technology
...and remove them www.tugraz.at
• ...and remove them if not needed?
• User accessible check in hardware is not reliable
26 Daniel Gruss — Graz University of Technology
Idea www.tugraz.at
• Let’s just unmap the kernel in user space
Kernel addresses are then no longer present
Memory which is not mapped cannot be accessed at all
27 Daniel Gruss — Graz University of Technology
Idea www.tugraz.at
• Let’s just unmap the kernel in user space
• Kernel addresses are then no longer present
Memory which is not mapped cannot be accessed at all
27 Daniel Gruss — Graz University of Technology
Idea www.tugraz.at
• Let’s just unmap the kernel in user space
• Kernel addresses are then no longer present
• Memory which is not mapped cannot be accessed at all
27 Daniel Gruss — Graz University of Technology
27 Daniel Gruss — Graz University of Technology
Kernel Address Isolation to have Side channels Efficiently Removed
27 Daniel Gruss — Graz University of Technology
Kernel Address Isolation to have Side channels Efficiently Removed
KAISER /ˈkʌɪzə/1. [german] Emperor,ruler of an empire2. largest penguin, emperor penguin
27 Daniel Gruss — Graz University of Technology
Userspace Kernelspace
ApplicationsOperating
System Memory
27 Daniel Gruss — Graz University of Technology
Userspace Kernelspace
ApplicationsOperating
System Memory
Userspace Kernelspace
Applications
Kernel View User View
context switch27 Daniel Gruss — Graz University of Technology
Kernel Address Space Isolation www.tugraz.at
• We published KAISER in July 2017
Intel and others improved and merged it into Linux as KPTI (Kernel
Page Table Isolation)
Microsoft implemented similar concept in Windows
Apple implemented it in macOS 10.13.2 and called it “Double Map”
All share the same idea: switching address spaces on context switch
28 Daniel Gruss — Graz University of Technology
Kernel Address Space Isolation www.tugraz.at
• We published KAISER in July 2017
• Intel and others improved and merged it into Linux as KPTI (Kernel
Page Table Isolation)
Microsoft implemented similar concept in Windows
Apple implemented it in macOS 10.13.2 and called it “Double Map”
All share the same idea: switching address spaces on context switch
28 Daniel Gruss — Graz University of Technology
Kernel Address Space Isolation www.tugraz.at
• We published KAISER in July 2017
• Intel and others improved and merged it into Linux as KPTI (Kernel
Page Table Isolation)
• Microsoft implemented similar concept in Windows 10
Apple implemented it in macOS 10.13.2 and called it “Double Map”
All share the same idea: switching address spaces on context switch
28 Daniel Gruss — Graz University of Technology
Kernel Address Space Isolation www.tugraz.at
• We published KAISER in July 2017
• Intel and others improved and merged it into Linux as KPTI (Kernel
Page Table Isolation)
• Microsoft implemented similar concept in Windows 10
• Apple implemented it in macOS 10.13.2 and called it “Double Map”
All share the same idea: switching address spaces on context switch
28 Daniel Gruss — Graz University of Technology
Kernel Address Space Isolation www.tugraz.at
• We published KAISER in July 2017
• Intel and others improved and merged it into Linux as KPTI (Kernel
Page Table Isolation)
• Microsoft implemented similar concept in Windows 10
• Apple implemented it in macOS 10.13.2 and called it “Double Map”
• All share the same idea: switching address spaces on context switch
28 Daniel Gruss — Graz University of Technology
28 Daniel Gruss — Graz University of Technology
Performance www.tugraz.at
• Depends on how often you need to switch between kernel and user space
Can be slow, 40% r more on old hardware
But modern CPUs have additional features
Performance overhead on average below 2%
29 Daniel Gruss — Graz University of Technology
Performance www.tugraz.at
• Depends on how often you need to switch between kernel and user space
• Can be slow, 40% or more on old hardware
But modern CPUs have additional features
Performance overhead on average below 2%
29 Daniel Gruss — Graz University of Technology
Performance www.tugraz.at
• Depends on how often you need to switch between kernel and user space
• Can be slow, 40% or more on old hardware
• But modern CPUs have additional features
Performance overhead on average below 2%
29 Daniel Gruss — Graz University of Technology
Performance www.tugraz.at
• Depends on how often you need to switch between kernel and user space
• Can be slow, 40% or more on old hardware
• But modern CPUs have additional features
• ⇒ Performance overhead on average below 2%
29 Daniel Gruss — Graz University of Technology
Meltdown and Spectre www.tugraz.at
30 Daniel Gruss — Graz University of Technology
Meltdown and Spectre www.tugraz.at
30 Daniel Gruss — Graz University of Technology
30 Daniel Gruss — Graz University of Technology
Prosciutto30 Daniel Gruss — Graz University of Technology
Funghi30 Daniel Gruss — Graz University of Technology
Diavolo30 Daniel Gruss — Graz University of Technology
Diavolo30 Daniel Gruss — Graz University of Technology
Diavolo30 Daniel Gruss — Graz University of Technology
Diavolo30 Daniel Gruss — Graz University of Technology
»A table for 6 please«
30 Daniel Gruss — Graz University of Technology
30 Daniel Gruss — Graz University of Technology
Speculative Cooking
30 Daniel Gruss — Graz University of Technology
»A table for 6 please«
30 Daniel Gruss — Graz University of Technology
What does Spectre do? www.tugraz.at
• Mistrains branch prediction
CPU speculatively executes code which should not be executed
Can also mistrain indirect calls
Spectre “convinces” program to execute code
31 Daniel Gruss — Graz University of Technology
What does Spectre do? www.tugraz.at
• Mistrains branch prediction
• CPU speculatively executes code which should not be executed
Can also mistrain indirect calls
Spectre “convinces” program to execute code
31 Daniel Gruss — Graz University of Technology
What does Spectre do? www.tugraz.at
• Mistrains branch prediction
• CPU speculatively executes code which should not be executed
• Can also mistrain indirect calls
Spectre “convinces” program to execute code
31 Daniel Gruss — Graz University of Technology
What does Spectre do? www.tugraz.at
• Mistrains branch prediction
• CPU speculatively executes code which should not be executed
• Can also mistrain indirect calls
→ Spectre “convinces” program to execute code
31 Daniel Gruss — Graz University of Technology
Spectre (variant 1) www.tugraz.at
index = 0;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
32 Daniel Gruss — Graz University of Technology
Spectre (variant 1) www.tugraz.at
index = 0;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
32 Daniel Gruss — Graz University of Technology
Spectre (variant 1) www.tugraz.at
Speculate
index = 0;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
32 Daniel Gruss — Graz University of Technology
Spectre (variant 1) www.tugraz.at
Execute
index = 0;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
32 Daniel Gruss — Graz University of Technology
Spectre (variant 1) www.tugraz.at
index = 1;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
32 Daniel Gruss — Graz University of Technology
Spectre (variant 1) www.tugraz.at
index = 1;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
32 Daniel Gruss — Graz University of Technology
Spectre (variant 1) www.tugraz.at
Speculate
index = 1;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
32 Daniel Gruss — Graz University of Technology
Spectre (variant 1) www.tugraz.at
index = 1;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
32 Daniel Gruss — Graz University of Technology
Spectre (variant 1) www.tugraz.at
index = 2;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
32 Daniel Gruss — Graz University of Technology
Spectre (variant 1) www.tugraz.at
index = 2;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
32 Daniel Gruss — Graz University of Technology
Spectre (variant 1) www.tugraz.at
Speculate
index = 2;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
32 Daniel Gruss — Graz University of Technology
Spectre (variant 1) www.tugraz.at
index = 2;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
32 Daniel Gruss — Graz University of Technology
Spectre (variant 1) www.tugraz.at
index = 3;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
32 Daniel Gruss — Graz University of Technology
Spectre (variant 1) www.tugraz.at
index = 3;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
32 Daniel Gruss — Graz University of Technology
Spectre (variant 1) www.tugraz.at
Speculate
index = 3;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
32 Daniel Gruss — Graz University of Technology
Spectre (variant 1) www.tugraz.at
index = 3;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
32 Daniel Gruss — Graz University of Technology
Spectre (variant 1) www.tugraz.at
index = 4;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
32 Daniel Gruss — Graz University of Technology
Spectre (variant 1) www.tugraz.at
index = 4;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
32 Daniel Gruss — Graz University of Technology
Spectre (variant 1) www.tugraz.at
Speculate
index = 4;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
32 Daniel Gruss — Graz University of Technology
Spectre (variant 1) www.tugraz.at
Execute
index = 4;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
32 Daniel Gruss — Graz University of Technology
Spectre (variant 1) www.tugraz.at
index = 5;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
32 Daniel Gruss — Graz University of Technology
Spectre (variant 1) www.tugraz.at
index = 5;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
32 Daniel Gruss — Graz University of Technology
Spectre (variant 1) www.tugraz.at
Speculate
index = 5;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
32 Daniel Gruss — Graz University of Technology
Spectre (variant 1) www.tugraz.at
Execute
index = 5;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
32 Daniel Gruss — Graz University of Technology
Spectre (variant 1) www.tugraz.at
index = 6;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
32 Daniel Gruss — Graz University of Technology
Spectre (variant 1) www.tugraz.at
index = 6;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
32 Daniel Gruss — Graz University of Technology
Spectre (variant 1) www.tugraz.at
Speculate
index = 6;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
32 Daniel Gruss — Graz University of Technology
Spectre (variant 1) www.tugraz.at
Execute
index = 6;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
32 Daniel Gruss — Graz University of Technology
Spectre (variant 2) www.tugraz.at
a->move()
Animal* a = bird;
LUT[data[index] * 4096] 0
fly()
Prediction
swim()swim
()
33 Daniel Gruss — Graz University of Technology
Spectre (variant 2) www.tugraz.at
Speculate
a->move()
Animal* a = bird;
LUT[data[index] * 4096] 0
fly()
Prediction
swim()swim
()
33 Daniel Gruss — Graz University of Technology
Spectre (variant 2) www.tugraz.at
a->move()
Animal* a = bird;
LUT[data[index] * 4096] 0
fly()
Prediction
swim()swim
()
33 Daniel Gruss — Graz University of Technology
Spectre (variant 2) www.tugraz.at
Execute
a->move()
Animal* a = bird;
LUT[data[index] * 4096] 0
fly()
Prediction
swim()swim
()
33 Daniel Gruss — Graz University of Technology
Spectre (variant 2) www.tugraz.at
a->move()
Animal* a = bird;
LUT[data[index] * 4096] 0
fly()
Prediction
fly()swim
()
33 Daniel Gruss — Graz University of Technology
Spectre (variant 2) www.tugraz.at
Speculate
a->move()
Animal* a = bird;
LUT[data[index] * 4096] 0
fly()
Prediction
fly()swim
()
33 Daniel Gruss — Graz University of Technology
Spectre (variant 2) www.tugraz.at
a->move()
Animal* a = bird;
LUT[data[index] * 4096] 0
fly()
Prediction
fly()swim
()
33 Daniel Gruss — Graz University of Technology
Spectre (variant 2) www.tugraz.at
a->move()
Animal* a = fish;
LUT[data[index] * 4096] 0
fly()
Prediction
fly()swim
()
33 Daniel Gruss — Graz University of Technology
Spectre (variant 2) www.tugraz.at
Speculate
a->move()
Animal* a = fish;
LUT[data[index] * 4096] 0
fly()
Prediction
fly()swim
()
33 Daniel Gruss — Graz University of Technology
Spectre (variant 2) www.tugraz.at
a->move()
Animal* a = fish;
LUT[data[index] * 4096] 0
fly()
Prediction
fly()swim
()
33 Daniel Gruss — Graz University of Technology
Spectre (variant 2) www.tugraz.at
Execute
a->move()
Animal* a = fish;
LUT[data[index] * 4096] 0
fly()
Prediction
fly()swim
()
33 Daniel Gruss — Graz University of Technology
Spectre (variant 2) www.tugraz.at
a->move()
Animal* a = fish;
LUT[data[index] * 4096] 0
fly()
Prediction
swim()swim
()
33 Daniel Gruss — Graz University of Technology
Mitigating Spectre www.tugraz.at
• Trivial approach: disable speculative execution
No wrong speculation if there is no speculation
Problem: massive performance hit!
Also: How to disable it?
Speculative execution is deeply integrated int CPU
34 Daniel Gruss — Graz University of Technology
Mitigating Spectre www.tugraz.at
• Trivial approach: disable speculative execution
• No wrong speculation if there is no speculation
Problem: massive performance hit!
Also: How to disable it?
Speculative execution is deeply integrated int CPU
34 Daniel Gruss — Graz University of Technology
Mitigating Spectre www.tugraz.at
• Trivial approach: disable speculative execution
• No wrong speculation if there is no speculation
• Problem: massive performance hit!
Also: How to disable it?
Speculative execution is deeply integrated int CPU
34 Daniel Gruss — Graz University of Technology
Mitigating Spectre www.tugraz.at
• Trivial approach: disable speculative execution
• No wrong speculation if there is no speculation
• Problem: massive performance hit!
• Also: How to disable it?
Speculative execution is deeply integrated int CPU
34 Daniel Gruss — Graz University of Technology
Mitigating Spectre www.tugraz.at
• Trivial approach: disable speculative execution
• No wrong speculation if there is no speculation
• Problem: massive performance hit!
• Also: How to disable it?
• Speculative execution is deeply integrated into CPU
34 Daniel Gruss — Graz University of Technology
Spectre Variant 1 Mitigations www.tugraz.at
W rkaround: insert instructions stopping speculation
insert after every bounds check
x86: , ARM:
Available on all Intel CPUs, retrofitted to existing
ARMv7 and ARMv8
35 Daniel Gruss — Graz University of Technology
Spectre Variant 1 Mitigations www.tugraz.at
• Workaround: insert instructions stopping speculation
insert after every bounds check
x86: , ARM:
Available on all Intel CPUs, retrofitted to existing
ARMv7 and ARMv8
35 Daniel Gruss — Graz University of Technology
Spectre Variant 1 Mitigations www.tugraz.at
• Workaround: insert instructions stopping speculation
→ insert after every bounds check
x86: , ARM:
Available on all Intel CPUs, retrofitted to existing
ARMv7 and ARMv8
35 Daniel Gruss — Graz University of Technology
Spectre Variant 1 Mitigations www.tugraz.at
• Workaround: insert instructions stopping speculation
→ insert after every bounds check
• x86: LFENCE, ARM: CSDB
Available on all Intel CPUs, retrofitted to existing
ARMv7 and ARMv8
35 Daniel Gruss — Graz University of Technology
Spectre Variant 1 Mitigations www.tugraz.at
• Workaround: insert instructions stopping speculation
→ insert after every bounds check
• x86: LFENCE, ARM: CSDB
• Available on all Intel CPUs, retrofitted to existing
ARMv7 and ARMv8
35 Daniel Gruss — Graz University of Technology
Spectre Variant 1 Mitigations www.tugraz.at
Speculation barrier requires compiler supp rted
Already implemented in GCC, LLVM, and MSVC
Can be automated (MSVC) not really reliable
Explicit use by programmer:
36 Daniel Gruss — Graz University of Technology
Spectre Variant 1 Mitigations www.tugraz.at
• Speculation barrier requires compiler supported
Already implemented in GCC, LLVM, and MSVC
Can be automated (MSVC) not really reliable
Explicit use by programmer:
36 Daniel Gruss — Graz University of Technology
Spectre Variant 1 Mitigations www.tugraz.at
• Speculation barrier requires compiler supported
• Already implemented in GCC, LLVM, and MSVC
Can be automated (MSVC) not really reliable
Explicit use by programmer:
36 Daniel Gruss — Graz University of Technology
Spectre Variant 1 Mitigations www.tugraz.at
• Speculation barrier requires compiler supported
• Already implemented in GCC, LLVM, and MSVC
• Can be automated (MSVC) → not really reliable
Explicit use by programmer:
36 Daniel Gruss — Graz University of Technology
Spectre Variant 1 Mitigations www.tugraz.at
• Speculation barrier requires compiler supported
• Already implemented in GCC, LLVM, and MSVC
• Can be automated (MSVC) → not really reliable
• Explicit use by programmer: builtin load no speculate
36 Daniel Gruss — Graz University of Technology
Spectre Variant 1 Mitigations www.tugraz.at
37 Daniel Gruss — Graz University of Technology
Spectre Variant 1 Mitigations www.tugraz.at
37 Daniel Gruss — Graz University of Technology
Spectre Variant 1 Mitigations www.tugraz.at
Speculation barrier w rks if affected code constructs are
known
Programmer has to fully understand vulnerability
Automatic detection is not reliable
Non-negligible performance overhead of barriers
38 Daniel Gruss — Graz University of Technology
Spectre Variant 1 Mitigations www.tugraz.at
• Speculation barrier works if affected code constructs are
known
Programmer has to fully understand vulnerability
Automatic detection is not reliable
Non-negligible performance overhead of barriers
38 Daniel Gruss — Graz University of Technology
Spectre Variant 1 Mitigations www.tugraz.at
• Speculation barrier works if affected code constructs are
known
• Programmer has to fully understand vulnerability
Automatic detection is not reliable
Non-negligible performance overhead of barriers
38 Daniel Gruss — Graz University of Technology
Spectre Variant 1 Mitigations www.tugraz.at
• Speculation barrier works if affected code constructs are
known
• Programmer has to fully understand vulnerability
• Automatic detection is not reliable
Non-negligible performance overhead of barriers
38 Daniel Gruss — Graz University of Technology
Spectre Variant 1 Mitigations www.tugraz.at
• Speculation barrier works if affected code constructs are
known
• Programmer has to fully understand vulnerability
• Automatic detection is not reliable
• Non-negligible performance overhead of barriers
38 Daniel Gruss — Graz University of Technology
Spectre Variant 2 Mitigations (Microcode/MSRs) www.tugraz.at
Intel released microcode updates
• Indirect Branch Restricted Speculation (IBRS):
• Do not speculate based on anything before entering IBRS mode
lesser privileged code cannot influence predictions
Indirect Branch Predictor Barrier (IBPB):
• Flush branch-target buffer
Single Thread Indirect Branch Predictors (STIBP):
• Isolates branch prediction state between two hyperthreads
39 Daniel Gruss — Graz University of Technology
Spectre Variant 2 Mitigations (Microcode/MSRs) www.tugraz.at
Intel released microcode updates
• Indirect Branch Restricted Speculation (IBRS):
• Do not speculate based on anything before entering IBRS mode
lesser privileged code cannot influence predictions
Indirect Branch Predictor Barrier (IBPB):
• Flush branch-target buffer
Single Thread Indirect Branch Predictors (STIBP):
• Isolates branch prediction state between two hyperthreads
39 Daniel Gruss — Graz University of Technology
Spectre Variant 2 Mitigations (Microcode/MSRs) www.tugraz.at
Intel released microcode updates
• Indirect Branch Restricted Speculation (IBRS):
• Do not speculate based on anything before entering IBRS mode
→ lesser privileged code cannot influence predictions
Indirect Branch Predictor Barrier (IBPB):
• Flush branch-target buffer
Single Thread Indirect Branch Predictors (STIBP):
• Isolates branch prediction state between two hyperthreads
39 Daniel Gruss — Graz University of Technology
Spectre Variant 2 Mitigations (Microcode/MSRs) www.tugraz.at
Intel released microcode updates
• Indirect Branch Restricted Speculation (IBRS):
• Do not speculate based on anything before entering IBRS mode
→ lesser privileged code cannot influence predictions
• Indirect Branch Predictor Barrier (IBPB):
• Flush branch-target buffer
Single Thread Indirect Branch Predictors (STIBP):
• Isolates branch prediction state between two hyperthreads
39 Daniel Gruss — Graz University of Technology
Spectre Variant 2 Mitigations (Microcode/MSRs) www.tugraz.at
Intel released microcode updates
• Indirect Branch Restricted Speculation (IBRS):
• Do not speculate based on anything before entering IBRS mode
→ lesser privileged code cannot influence predictions
• Indirect Branch Predictor Barrier (IBPB):
• Flush branch-target buffer
Single Thread Indirect Branch Predictors (STIBP):
• Isolates branch prediction state between two hyperthreads
39 Daniel Gruss — Graz University of Technology
Spectre Variant 2 Mitigations (Microcode/MSRs) www.tugraz.at
Intel released microcode updates
• Indirect Branch Restricted Speculation (IBRS):
• Do not speculate based on anything before entering IBRS mode
→ lesser privileged code cannot influence predictions
• Indirect Branch Predictor Barrier (IBPB):
• Flush branch-target buffer
• Single Thread Indirect Branch Predictors (STIBP):
• Isolates branch prediction state between two hyperthreads
39 Daniel Gruss — Graz University of Technology
Spectre Variant 2 Mitigations (Microcode/MSRs) www.tugraz.at
Intel released microcode updates
• Indirect Branch Restricted Speculation (IBRS):
• Do not speculate based on anything before entering IBRS mode
→ lesser privileged code cannot influence predictions
• Indirect Branch Predictor Barrier (IBPB):
• Flush branch-target buffer
• Single Thread Indirect Branch Predictors (STIBP):
• Isolates branch prediction state between two hyperthreads
39 Daniel Gruss — Graz University of Technology
Spectre Variant 2 Mitigations (Software) www.tugraz.at
Retpoline (compiler extension)
1 push <call_target >
2 call 1f
3 2:
4 lfence
5 jmp 2b
6 1:
7 lea 8(% rsp), %rsp
8 ret
always predict to enter an endless loop
instead of the correct (or wrong) target function performance?
On Broadwell r newer:
• ret may fall-back to the BTB for prediction
microcode patches to prevent that
40 Daniel Gruss — Graz University of Technology
Spectre Variant 2 Mitigations (Software) www.tugraz.at
Retpoline (compiler extension)
1 push <call_target >
2 call 1f
3 2: ; speculation will continue here
4 lfence ; speculation barrier
5 jmp 2b ; endless loop
6 1:
7 lea 8(% rsp), %rsp ; restore stack pointer
8 ret ; the actual call to <call_target >
→ always predict to enter an endless loop
instead of the correct (or wrong) target function performance?
On Broadwell r newer:
• ret may fall-back to the BTB for prediction
microcode patches to prevent that
40 Daniel Gruss — Graz University of Technology
Spectre Variant 2 Mitigations (Software) www.tugraz.at
Retpoline (compiler extension)
1 push <call_target >
2 call 1f
3 2: ; speculation will continue here
4 lfence ; speculation barrier
5 jmp 2b ; endless loop
6 1:
7 lea 8(% rsp), %rsp ; restore stack pointer
8 ret ; the actual call to <call_target >
→ always predict to enter an endless loop
• instead of the correct (or wrong) target function
performance?
On Broadwell r newer:
• ret may fall-back to the BTB for prediction
microcode patches to prevent that
40 Daniel Gruss — Graz University of Technology
Spectre Variant 2 Mitigations (Software) www.tugraz.at
Retpoline (compiler extension)
1 push <call_target >
2 call 1f
3 2: ; speculation will continue here
4 lfence ; speculation barrier
5 jmp 2b ; endless loop
6 1:
7 lea 8(% rsp), %rsp ; restore stack pointer
8 ret ; the actual call to <call_target >
→ always predict to enter an endless loop
• instead of the correct (or wrong) target function → performance?
On Broadwell r newer:
• ret may fall-back to the BTB for prediction
microcode patches to prevent that
40 Daniel Gruss — Graz University of Technology
Spectre Variant 2 Mitigations (Software) www.tugraz.at
Retpoline (compiler extension)
1 push <call_target >
2 call 1f
3 2: ; speculation will continue here
4 lfence ; speculation barrier
5 jmp 2b ; endless loop
6 1:
7 lea 8(% rsp), %rsp ; restore stack pointer
8 ret ; the actual call to <call_target >
→ always predict to enter an endless loop
• instead of the correct (or wrong) target function → performance?
• On Broadwell or newer:
• ret may fall-back to the BTB for prediction
microcode patches to prevent that
40 Daniel Gruss — Graz University of Technology
Spectre Variant 2 Mitigations (Software) www.tugraz.at
Retpoline (compiler extension)
1 push <call_target >
2 call 1f
3 2: ; speculation will continue here
4 lfence ; speculation barrier
5 jmp 2b ; endless loop
6 1:
7 lea 8(% rsp), %rsp ; restore stack pointer
8 ret ; the actual call to <call_target >
→ always predict to enter an endless loop
• instead of the correct (or wrong) target function → performance?
• On Broadwell or newer:
• ret may fall-back to the BTB for prediction
microcode patches to prevent that
40 Daniel Gruss — Graz University of Technology
Spectre Variant 2 Mitigations (Software) www.tugraz.at
Retpoline (compiler extension)
1 push <call_target >
2 call 1f
3 2: ; speculation will continue here
4 lfence ; speculation barrier
5 jmp 2b ; endless loop
6 1:
7 lea 8(% rsp), %rsp ; restore stack pointer
8 ret ; the actual call to <call_target >
→ always predict to enter an endless loop
• instead of the correct (or wrong) target function → performance?
• On Broadwell or newer:
• ret may fall-back to the BTB for prediction
→ microcode patches to prevent that
40 Daniel Gruss — Graz University of Technology
Spectre Variant 2 Mitigations (Software) www.tugraz.at
• ARM provides hardened Linux kernel
Clears branch-predictor state on context switch
Either via instruction ( )...
...or w rkaround (disable/enable MMU)
Non-negligible performance overhead (≈ 200-300 ns)
41 Daniel Gruss — Graz University of Technology
Spectre Variant 2 Mitigations (Software) www.tugraz.at
• ARM provides hardened Linux kernel
• Clears branch-predictor state on context switch
Either via instruction ( )...
...or w rkaround (disable/enable MMU)
Non-negligible performance overhead (≈ 200-300 ns)
41 Daniel Gruss — Graz University of Technology
Spectre Variant 2 Mitigations (Software) www.tugraz.at
• ARM provides hardened Linux kernel
• Clears branch-predictor state on context switch
• Either via instruction (BPIALL)...
...or w rkaround (disable/enable MMU)
Non-negligible performance overhead (≈ 200-300 ns)
41 Daniel Gruss — Graz University of Technology
Spectre Variant 2 Mitigations (Software) www.tugraz.at
• ARM provides hardened Linux kernel
• Clears branch-predictor state on context switch
• Either via instruction (BPIALL)...
• ...or workaround (disable/enable MMU)
Non-negligible performance overhead (≈ 200-300 ns)
41 Daniel Gruss — Graz University of Technology
Spectre Variant 2 Mitigations (Software) www.tugraz.at
• ARM provides hardened Linux kernel
• Clears branch-predictor state on context switch
• Either via instruction (BPIALL)...
• ...or workaround (disable/enable MMU)
• Non-negligible performance overhead (≈ 200-300 ns)
41 Daniel Gruss — Graz University of Technology
What does not work www.tugraz.at
• Prevent access to high-resolution timer
Own timer using timing thread
Flush instruction only privileged
Cache eviction through memory accesses
Just move secrets into secure w rld
Spectre w rks on secure enclaves
42 Daniel Gruss — Graz University of Technology
What does not work www.tugraz.at
• Prevent access to high-resolution timer
→ Own timer using timing thread
Flush instruction only privileged
Cache eviction through memory accesses
Just move secrets into secure w rld
Spectre w rks on secure enclaves
42 Daniel Gruss — Graz University of Technology
What does not work www.tugraz.at
• Prevent access to high-resolution timer
→ Own timer using timing thread
• Flush instruction only privileged
Cache eviction through memory accesses
Just move secrets into secure w rld
Spectre w rks on secure enclaves
42 Daniel Gruss — Graz University of Technology
What does not work www.tugraz.at
• Prevent access to high-resolution timer
→ Own timer using timing thread
• Flush instruction only privileged
→ Cache eviction through memory accesses
Just move secrets into secure w rld
Spectre w rks on secure enclaves
42 Daniel Gruss — Graz University of Technology
What does not work www.tugraz.at
• Prevent access to high-resolution timer
→ Own timer using timing thread
• Flush instruction only privileged
→ Cache eviction through memory accesses
• Just move secrets into secure world
Spectre w rks on secure enclaves
42 Daniel Gruss — Graz University of Technology
What does not work www.tugraz.at
• Prevent access to high-resolution timer
→ Own timer using timing thread
• Flush instruction only privileged
→ Cache eviction through memory accesses
• Just move secrets into secure world
→ Spectre works on secure enclaves
42 Daniel Gruss — Graz University of Technology
Meltdown vs. Spectre www.tugraz.at
Meltdown
Out-of-Order Execution
has nothing to do with branch prediction
turning off speculative execution entirely
has no effect on Meltdown
melts down the isolation provided by the
-bit
in theory: OoO not required, pipelining
can be sufficient
mitigated by KAISER
Spectre
Speculative Execution (subset of
Out-of-Order Execution)
fundamentally builds on branch
(mis)prediction
turning off speculative execution entirely
would w rk
has nothing to do with the
-bit
KAISER has no effect on Spectre at all
43 Daniel Gruss — Graz University of Technology
Meltdown vs. Spectre www.tugraz.at
Meltdown
• Out-of-Order Execution
has nothing to do with branch prediction
turning off speculative execution entirely
has no effect on Meltdown
melts down the isolation provided by the
-bit
in theory: OoO not required, pipelining
can be sufficient
mitigated by KAISER
Spectre
• Speculative Execution (subset of
Out-of-Order Execution)
fundamentally builds on branch
(mis)prediction
turning off speculative execution entirely
would w rk
has nothing to do with the
-bit
KAISER has no effect on Spectre at all
43 Daniel Gruss — Graz University of Technology
Meltdown vs. Spectre www.tugraz.at
Meltdown
• Out-of-Order Execution
• has nothing to do with branch prediction
turning off speculative execution entirely
has no effect on Meltdown
melts down the isolation provided by the
-bit
in theory: OoO not required, pipelining
can be sufficient
mitigated by KAISER
Spectre
• Speculative Execution (subset of
Out-of-Order Execution)
• fundamentally builds on branch
(mis)prediction
turning off speculative execution entirely
would w rk
has nothing to do with the
-bit
KAISER has no effect on Spectre at all
43 Daniel Gruss — Graz University of Technology
Meltdown vs. Spectre www.tugraz.at
Meltdown
• Out-of-Order Execution
• has nothing to do with branch prediction
• turning off speculative execution entirely
has no effect on Meltdown
melts down the isolation provided by the
-bit
in theory: OoO not required, pipelining
can be sufficient
mitigated by KAISER
Spectre
• Speculative Execution (subset of
Out-of-Order Execution)
• fundamentally builds on branch
(mis)prediction
• turning off speculative execution entirely
would work
has nothing to do with the
-bit
KAISER has no effect on Spectre at all
43 Daniel Gruss — Graz University of Technology
Meltdown vs. Spectre www.tugraz.at
Meltdown
• Out-of-Order Execution
• has nothing to do with branch prediction
• turning off speculative execution entirely
has no effect on Meltdown
→ melts down the isolation provided by the
user accessible-bit
in theory: OoO not required, pipelining
can be sufficient
mitigated by KAISER
Spectre
• Speculative Execution (subset of
Out-of-Order Execution)
• fundamentally builds on branch
(mis)prediction
• turning off speculative execution entirely
would work
• has nothing to do with the
user accessible-bit
KAISER has no effect on Spectre at all
43 Daniel Gruss — Graz University of Technology
Meltdown vs. Spectre www.tugraz.at
Meltdown
• Out-of-Order Execution
• has nothing to do with branch prediction
• turning off speculative execution entirely
has no effect on Meltdown
→ melts down the isolation provided by the
user accessible-bit
• in theory: OoO not required, pipelining
can be sufficient
mitigated by KAISER
Spectre
• Speculative Execution (subset of
Out-of-Order Execution)
• fundamentally builds on branch
(mis)prediction
• turning off speculative execution entirely
would work
• has nothing to do with the
user accessible-bit
• KAISER has no effect on Spectre at all
43 Daniel Gruss — Graz University of Technology
Meltdown vs. Spectre www.tugraz.at
Meltdown
• Out-of-Order Execution
• has nothing to do with branch prediction
• turning off speculative execution entirely
has no effect on Meltdown
→ melts down the isolation provided by the
user accessible-bit
• in theory: OoO not required, pipelining
can be sufficient
• mitigated by KAISER
Spectre
• Speculative Execution (subset of
Out-of-Order Execution)
• fundamentally builds on branch
(mis)prediction
• turning off speculative execution entirely
would work
• has nothing to do with the
user accessible-bit
• KAISER has no effect on Spectre at all
43 Daniel Gruss — Graz University of Technology
Meltdown vs. Spectre www.tugraz.at
Meltdown
performs illegal memory accesses we
need to take care of processor exceptions
• exception handling
• exception suppression with TSX
• exception suppression with branch
misprediction
Spectre
performs only legal memory accesses
• has nothing to do with exception
handling
or suppression
• abc
• abc
tw papers, tw names, etc.
44 Daniel Gruss — Graz University of Technology
Meltdown vs. Spectre www.tugraz.at
Meltdown
• performs illegal memory accesses → we
need to take care of processor exceptions
• exception handling
• exception suppression with TSX
• exception suppression with branch
misprediction
Spectre
• performs only legal memory accesses
• has nothing to do with exception
handling
or suppression
• abc
• abc
tw papers, tw names, etc.
44 Daniel Gruss — Graz University of Technology
Meltdown vs. Spectre www.tugraz.at
Meltdown
• performs illegal memory accesses → we
need to take care of processor exceptions
• exception handling
• exception suppression with TSX
• exception suppression with branch
misprediction
Spectre
• performs only legal memory accesses
• has nothing to do with exception
handling
or suppression
• abc
• abc
tw papers, tw names, etc.
44 Daniel Gruss — Graz University of Technology
Meltdown vs. Spectre www.tugraz.at
Meltdown
• performs illegal memory accesses → we
need to take care of processor exceptions
• exception handling
• exception suppression with TSX
• exception suppression with branch
misprediction
Spectre
• performs only legal memory accesses
• has nothing to do with exception
handling or suppression
• abc
• abc
tw papers, tw names, etc.
44 Daniel Gruss — Graz University of Technology
Meltdown vs. Spectre www.tugraz.at
Meltdown
• performs illegal memory accesses → we
need to take care of processor exceptions
• exception handling
• exception suppression with TSX
• exception suppression with branch
misprediction
Spectre
• performs only legal memory accesses
• has nothing to do with exception
handling or suppression
• abc
• abc
tw papers, tw names, etc.
44 Daniel Gruss — Graz University of Technology
Meltdown vs. Spectre www.tugraz.at
Meltdown
• performs illegal memory accesses → we
need to take care of processor exceptions
• exception handling
• exception suppression with TSX
• exception suppression with branch
misprediction
Spectre
• performs only legal memory accesses
• has nothing to do with exception
handling or suppression
• abc
• abc
→ two papers, two names, etc.
44 Daniel Gruss — Graz University of Technology
But ... www.tugraz.at
... why were they named variant 1, and by Google?
“How can you use speculative execution maliciously?”
Intel had much interest in not fancy-naming them ;)
... why were they presented on the same date and on the same website?
We did not choose the date
We did not want to have one of them overshadow the other
immediately
45 Daniel Gruss — Graz University of Technology
But ... www.tugraz.at
... why were they named variant 1, and by Google?
“How can you use speculative execution maliciously?”
Intel had much interest in not fancy-naming them ;)
... why were they presented on the same date and on the same website?
We did not choose the date
We did not want to have one of them overshadow the other
immediately
45 Daniel Gruss — Graz University of Technology
But ... www.tugraz.at
... why were they named variant 1, 2 and 3 by Google?
“How can you use speculative execution maliciously?”
Intel had much interest in not fancy-naming them ;)
... why were they presented on the same date and on the same website?
We did not choose the date
We did not want to have one of them overshadow the other
immediately
45 Daniel Gruss — Graz University of Technology
But ... www.tugraz.at
... why were they named variant 1, 2 and 3 by Google?
• “How can you use speculative execution maliciously?”
Intel had much interest in not fancy-naming them ;)
... why were they presented on the same date and on the same website?
We did not choose the date
We did not want to have one of them overshadow the other
immediately
45 Daniel Gruss — Graz University of Technology
But ... www.tugraz.at
... why were they named variant 1, 2 and 3 by Google?
• “How can you use speculative execution maliciously?”
• Intel had much interest in not fancy-naming them ;)
... why were they presented on the same date and on the same website?
We did not choose the date
We did not want to have one of them overshadow the other
immediately
45 Daniel Gruss — Graz University of Technology
But ... www.tugraz.at
... why were they named variant 1, 2 and 3 by Google?
• “How can you use speculative execution maliciously?”
• Intel had much interest in not fancy-naming them ;)
... why were they presented on the same date and on the same website?
We did not choose the date
We did not want to have one of them overshadow the other
immediately
45 Daniel Gruss — Graz University of Technology
But ... www.tugraz.at
... why were they named variant 1, 2 and 3 by Google?
• “How can you use speculative execution maliciously?”
• Intel had much interest in not fancy-naming them ;)
... why were they presented on the same date and on the same website?
We did not choose the date
We did not want to have one of them overshadow the other
immediately
45 Daniel Gruss — Graz University of Technology
But ... www.tugraz.at
... why were they named variant 1, 2 and 3 by Google?
• “How can you use speculative execution maliciously?”
• Intel had much interest in not fancy-naming them ;)
... why were they presented on the same date and on the same website?
• We did not choose the date
We did not want to have one of them overshadow the other
immediately
45 Daniel Gruss — Graz University of Technology
But ... www.tugraz.at
... why were they named variant 1, 2 and 3 by Google?
• “How can you use speculative execution maliciously?”
• Intel had much interest in not fancy-naming them ;)
... why were they presented on the same date and on the same website?
• We did not choose the date
• We did not want to have one of them overshadow the other
immediately
45 Daniel Gruss — Graz University of Technology
What do we learn from it? www.tugraz.at
We have ignored microarchitectural attacks for many many years:
attacks on crypto “software should be fixed”
attacks on ASLR “ASLR is broken anyway”
attacks on SGX and TrustZone “not part of the threat model”
for years we solely optimized for performance
46 Daniel Gruss — Graz University of Technology
What do we learn from it? www.tugraz.at
We have ignored microarchitectural attacks for many many years:
• attacks on crypto
“software should be fixed”
attacks on ASLR “ASLR is broken anyway”
attacks on SGX and TrustZone “not part of the threat model”
for years we solely optimized for performance
46 Daniel Gruss — Graz University of Technology
What do we learn from it? www.tugraz.at
We have ignored microarchitectural attacks for many many years:
• attacks on crypto → “software should be fixed”
attacks on ASLR “ASLR is broken anyway”
attacks on SGX and TrustZone “not part of the threat model”
for years we solely optimized for performance
46 Daniel Gruss — Graz University of Technology
What do we learn from it? www.tugraz.at
We have ignored microarchitectural attacks for many many years:
• attacks on crypto → “software should be fixed”
• attacks on ASLR
“ASLR is broken anyway”
attacks on SGX and TrustZone “not part of the threat model”
for years we solely optimized for performance
46 Daniel Gruss — Graz University of Technology
What do we learn from it? www.tugraz.at
We have ignored microarchitectural attacks for many many years:
• attacks on crypto → “software should be fixed”
• attacks on ASLR → “ASLR is broken anyway”
attacks on SGX and TrustZone “not part of the threat model”
for years we solely optimized for performance
46 Daniel Gruss — Graz University of Technology
What do we learn from it? www.tugraz.at
We have ignored microarchitectural attacks for many many years:
• attacks on crypto → “software should be fixed”
• attacks on ASLR → “ASLR is broken anyway”
• attacks on SGX and TrustZone
“not part of the threat model”
for years we solely optimized for performance
46 Daniel Gruss — Graz University of Technology
What do we learn from it? www.tugraz.at
We have ignored microarchitectural attacks for many many years:
• attacks on crypto → “software should be fixed”
• attacks on ASLR → “ASLR is broken anyway”
• attacks on SGX and TrustZone → “not part of the threat model”
for years we solely optimized for performance
46 Daniel Gruss — Graz University of Technology
What do we learn from it? www.tugraz.at
We have ignored microarchitectural attacks for many many years:
• attacks on crypto → “software should be fixed”
• attacks on ASLR → “ASLR is broken anyway”
• attacks on SGX and TrustZone → “not part of the threat model”
→ for years we solely optimized for performance
46 Daniel Gruss — Graz University of Technology
When you read the manuals... www.tugraz.at
After learning about a side channel you realize:
the side channels were documented in the Intel manual
only now we understand the implications
47 Daniel Gruss — Graz University of Technology
When you read the manuals... www.tugraz.at
After learning about a side channel you realize:
• the side channels were documented in the Intel manual
only now we understand the implications
47 Daniel Gruss — Graz University of Technology
When you read the manuals... www.tugraz.at
After learning about a side channel you realize:
• the side channels were documented in the Intel manual
• only now we understand the implications
47 Daniel Gruss — Graz University of Technology
What do we learn from it? www.tugraz.at
Motor Vehicle Deaths in U.S. by Year
48 Daniel Gruss — Graz University of Technology
Conclusions www.tugraz.at
A unique chance to
• rethink processor design
grow up, like other fields (car industry, construction industry)
dedicate more time into identifying problems and not solely in
mitigating known problems
49 Daniel Gruss — Graz University of Technology
Conclusions www.tugraz.at
A unique chance to
• rethink processor design
• grow up, like other fields (car industry, construction industry)
dedicate more time into identifying problems and not solely in
mitigating known problems
49 Daniel Gruss — Graz University of Technology
Conclusions www.tugraz.at
A unique chance to
• rethink processor design
• grow up, like other fields (car industry, construction industry)
• dedicate more time into identifying problems and not solely in
mitigating known problems
49 Daniel Gruss — Graz University of Technology
SCIENCE PASSION TECHNOLOGY
Software-based Microarchitectural Attacks
Daniel Gruss
April 19, 2018
Graz University of Technology
50 Daniel Gruss — Graz University of Technology
www.tugraz.at
How to have a MeltdownDaniel GrussGraz University of Technology
April 19/20, 2018 — Cryptacus Training School
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School1
www.tugraz.at
Get your computer ready!
Within the first two hours we will:
Checkout https://github.com/IAIK/cache_template_attacks
Make a histogram
Key stroke attack on an editor
Try to establish a covert channel
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School2
www.tugraz.at
Get your computer ready!
Within the third hour we will:
Use our covert channel in a Meltdown attack
Leak data from kernel addresses
for Meltdown: boot with nopti nokaslr
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School3
www.tugraz.at
1. Quick Start
2. Measuring and exploiting timing leakage
3. CPU caches
4. Cache attacks
5. Cache covert channels
6. Cache template attacks
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School4
www.tugraz.at
What to profile?
# ps -A | grep gedit
# cat /proc/pid/maps
00400000-00489000 r-xp 00000000 08:11 396356
/usr/bin/gedit
7f5a96991000-7f5a96a51000 r-xp 00000000 08:11 399365
/usr/lib/x86_64-linux-gnu/libgdk-3.so.0.1400.14
...
memory range, access rights, offset, –, –, file name
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School5
www.tugraz.at
Profiling a single event
cd ../profiling/generic_low_frequency_example
# put the threshold into spy.c (MIN_CACHE_MISS_CYCLES)
make
./spy
# start the targeted program
sleep 2; ./spy 200 400000-489000 -- 20000
-- -- /usr/bin/gedit
... and hold down key in the targeted programsave addresses with peaks!
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School6
www.tugraz.at
Exploitation phase
cd ../exploitation/generic
# put the threshold into spy.c (MIN_CACHE_MISS_CYCLES)
make
./spy file offset
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School7
www.tugraz.at
Information leakage
Shared hardware
x86 CPU
Data andinstruction
cache
Arithmeticlogicunit
Branchprediction
unit
Memory
Memorybus
Memorydeduplication
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School8
www.tugraz.at
Why targeting the cache?
shared across cores
fast
→ fast cross-core attacks!
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School9
www.tugraz.at
Why targeting the cache?
shared across cores
fast
→ fast cross-core attacks!
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School9
www.tugraz.at
Timing differences
caches improve performance
SRAM is expensive→ small caches
different timings for memory accesses
data is cached→ cache hit→ fastdata is not cached→ cache miss→ slow
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School10
www.tugraz.at
1. Quick Start
2. Measuring and exploiting timing leakage
3. CPU caches
4. Cache attacks
5. Cache covert channels
6. Cache template attacks
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School11
www.tugraz.at
Mesuring timing leakage
How every timing attack works:
learn timing of different corner cases
later, we recognize these corner cases by timing only
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School12
www.tugraz.at
Mesuring timing leakage
How every timing attack works:
learn timing of different corner cases
later, we recognize these corner cases by timing only
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School12
www.tugraz.at
Calibration
git clone https://github.com/IAIK/cache_template_attacks.git
cd calibration
make
./calibration
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School13
www.tugraz.at
Steps
1. build two cases: cache hits and cache misses
2. time each case many times (get rid of noise)
3. we have a histogram!
4. find a threshold to distinguish the two cases
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School14
www.tugraz.at
Steps
1. build two cases: cache hits and cache misses
2. time each case many times (get rid of noise)
3. we have a histogram!
4. find a threshold to distinguish the two cases
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School14
www.tugraz.at
Steps
1. build two cases: cache hits and cache misses
2. time each case many times (get rid of noise)
3. we have a histogram!
4. find a threshold to distinguish the two cases
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School14
www.tugraz.at
Step 1.1. Cache hits
Loop:
1. measure time
2. access variable (always cache hit)
3. measure time
4. update histogram with delta
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School15
www.tugraz.at
Step 1.2. Cache misses
Loop:
1. measure time
2. access variable (always cache miss)
3. measure time
4. update histogram with delta
5. flush variable (clflush instruction)
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School16
www.tugraz.at
Step 2. Accurate timings
very short timings
rdtsc instruction: cycle-accurate timestamps
[...]
rdtsc
function()
rdtsc
[...]
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School17
www.tugraz.at
Step 2. Accurate timings
do you measure what you think you measure?
out-of-order execution→ what is really executed
rdtsc
function()
[...]
rdtsc
rdtsc
[...]
rdtsc
function()
rdtsc
rdtsc
function()
[...]
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School18
www.tugraz.at
Step 2. Accurate timings
use pseudo-serializing instruction rdtscp (recent CPUs)
and/or use serializing instructions like cpuid
and/or use fences like mfence
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School19
www.tugraz.at
Step 2. Accurate timings
use pseudo-serializing instruction rdtscp (recent CPUs)
and/or use serializing instructions like cpuid
and/or use fences like mfence
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School19
www.tugraz.at
Step 2. Accurate timings
use pseudo-serializing instruction rdtscp (recent CPUs)
and/or use serializing instructions like cpuid
and/or use fences like mfence
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School19
www.tugraz.at
Step 2. Accurate timings
use pseudo-serializing instruction rdtscp (recent CPUs)
and/or use serializing instructions like cpuid
and/or use fences like mfence
Intel, How to Benchmark Code Execution Times on Intel IA-32 and IA-64Instruction Set Architectures White Paper, December 2010.
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School19
www.tugraz.at
Step 3. Histogram
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School20
www.tugraz.at
Step 3. Histogram
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School21
www.tugraz.at
Step 4. Find threshold
as high as possible
most cache hits are below
no cache miss below
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School22
www.tugraz.at
Side-channel attack on user input
locate key-dependent memory accesses
with cache template attacks
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School23
www.tugraz.at
Profiling Phase: one event
Attacker address space
Cache
Victim address space
Shared 0x0
Shared 0x0
Cache is empty
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School24
www.tugraz.at
Profiling Phase: one event
Attacker address space
Cache
Victim address space
AShared 0x0
Shared 0x0
Attacker triggers an event
Shared 0x0
Shared 0x0
Shared 0x0
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School24
www.tugraz.at
Profiling Phase: one event
Attacker address space
Cache
Victim address space
Shared 0x0
Shared 0x0
Attacker checks one address for cache hits (“Reload”)
Shared 0x0
Shared 0x0
Shared 0x0
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School24
www.tugraz.at
Profiling Phase: one event
Attacker address space
Cache
Victim address space
Shared 0x0
Shared 0x0
Update number of cache hits per event
Shared 0x0
Shared 0x0
Shared 0x0
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School24
www.tugraz.at
Profiling Phase: one event
Attacker address space
Cache
Victim address space
Shared 0x0
Shared 0x0
Attacker flushes shared memory
Shared 0x0
Shared 0x0
Shared 0x0
flush
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School24
www.tugraz.at
Profiling Phase: one event
Attacker address space
Cache
Victim address space
Shared 0x0
Shared 0x0
Repeat for higher accuracy
A
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School24
www.tugraz.at
Profiling Phase: one event
Attacker address space
Cache
Victim address space
Continue with next address
A
Shared 0x40
Shared 0x40
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School24
www.tugraz.at
Profiling Phase: one event
Attacker address space
Cache
Victim address space
Continue with next address
A
Shared 0x80
Shared 0x80
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School24
www.tugraz.at
1. Quick Start
2. Measuring and exploiting timing leakage
3. CPU caches
4. Cache attacks
5. Cache covert channels
6. Cache template attacks
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School25
www.tugraz.at
Directly mapped cache
Memory Address
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School26
www.tugraz.at
Directly mapped cache
Memory Address Cache
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School26
www.tugraz.at
Directly mapped cache
Memory Address CacheTag Data
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School26
www.tugraz.at
Directly mapped cache
Memory Address CacheTag Data
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School26
www.tugraz.at
Directly mapped cache
Memory Address CacheTag Datab bits
2b bytes
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School26
www.tugraz.at
Directly mapped cache
Memory Address CacheTag Datab bits
2b bytes
n bits
Cache Index
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School26
www.tugraz.at
Directly mapped cache
Memory Address CacheTag Datab bits
2b bytes
n bits
Cache Index
2n cache lines
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School26
www.tugraz.at
Directly mapped cache
Memory Address CacheTag Datab bits
2b bytes
n bits
Cache Index
2n cache linesf
=?
Tag
Hit/Miss
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School26
www.tugraz.at
Directly mapped cache
Memory Address CacheTag Datab bits
2b bytes
n bits
Cache Index
2n cache linesf
=?
Tag
Hit/Miss
Problem: working on congruent addresses
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School26
www.tugraz.at
2-way set associativity
Memory Address CacheTag Datab bitsn bits
Cache Index
2n cache linesf
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School27
www.tugraz.at
2-way set associativity
Memory Address CacheTag Datab bitsn bits
Cache Index
f 2n cache sets
Way 2 Tag Way 2 DataWay 1 Tag Way 1 Data
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School27
www.tugraz.at
2-way set associativity
Memory Address CacheTag Datab bitsn bits
Cache Index
f 2n cache sets
Way 2 Tag Way 2 DataWay 1 Tag Way 1 Data
=?
=?Tag
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School27
www.tugraz.at
2-way set associativity
Memory Address CacheTag Datab bitsn bits
Cache Index
f 2n cache sets
Way 2 Tag Way 2 DataWay 1 Tag Way 1 Data
=?
=?Tag
Data
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School27
www.tugraz.at
2-way set associativity
Memory Address CacheTag Datab bitsn bits
Cache Index
f 2n cache sets
Way 2 Tag Way 2 DataWay 1 Tag Way 1 Data
=?
=?Tag
Data→ replacement policy
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School27
www.tugraz.at
Caches today
core 0
L1
L2
core 1
L1
L2
core 2
L1
L2
core 3
L1
L2 ring bus
LLCslice 0
LLCslice 1
LLCslice 2
LLCslice 3
L1 and L2 are private
last-level cache:
divided in slicesshared across coresinclusive
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School28
www.tugraz.at
Cache levels: Latency comparison
On current Intel CPUs:
L1 cache: 4 cycles
L2 cache: 12 cycles
L3 cache: 26-31 cycles
DRAM memory: >120 cycles
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School29
www.tugraz.at
Cache levels: Latency comparison
On current Intel CPUs:
L1 cache: 4 cycles
L2 cache: 12 cycles
L3 cache: 26-31 cycles
DRAM memory: >120 cycles
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School29
www.tugraz.at
Cache levels: Latency comparison
On current Intel CPUs:
L1 cache: 4 cycles
L2 cache: 12 cycles
L3 cache: 26-31 cycles
DRAM memory: >120 cycles
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School29
www.tugraz.at
Cache levels: Latency comparison
On current Intel CPUs:
L1 cache: 4 cycles
L2 cache: 12 cycles
L3 cache: 26-31 cycles
DRAM memory: >120 cycles
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School29
www.tugraz.at
Cache levels: Latency comparison
On current Intel CPUs:
L1 cache: 4 cycles
L2 cache: 12 cycles
L3 cache: 26-31 cycles
DRAM memory: >120 cycles
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School29
www.tugraz.at
(Unprivileged) cache maintainance
User programs can optimize cache usage:
prefetch: suggest CPU to load data into cache
clflush: throw out data from from all caches
... based on virtual addresses
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School30
www.tugraz.at
1. Quick Start
2. Measuring and exploiting timing leakage
3. CPU caches
4. Cache attacks
5. Cache covert channels
6. Cache template attacks
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School31
www.tugraz.at
CPU cache attacks
cache-based keylogging
crypto key recovery
various implementations (AES, RSA, ECC, ...)up to 97% key bits recovered after 1 encryption
cross-VM, cross-core, even cross-CPU
any CPU vendor
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School32
www.tugraz.at
Cross-core attacks?
using the inclusive property
last-level cache is a superset of L1 and L2
data evicted from last-level cache→ evicted from L1 and L2
a core can evict lines in the private L1 of another core
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School33
www.tugraz.at
Cross-core attacks?
using the inclusive property
last-level cache is a superset of L1 and L2
data evicted from last-level cache→ evicted from L1 and L2
a core can evict lines in the private L1 of another core
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School33
www.tugraz.at
Cross-core attacks?
using the inclusive property
last-level cache is a superset of L1 and L2
data evicted from last-level cache→ evicted from L1 and L2
a core can evict lines in the private L1 of another core
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School33
www.tugraz.at
Cross-core attacks?
using the inclusive property
last-level cache is a superset of L1 and L2
data evicted from last-level cache→ evicted from L1 and L2
a core can evict lines in the private L1 of another core
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School33
www.tugraz.at
Access-driven attacks
Attacker monitors its own activity to find sets accessed by victim.
Prime+ProbePercival 2005Liu et al. 2015
Clementine Maurice, Neumann, et al. 2015
Flush+ReloadGullasch et al. 2011
Yarom and Falkner 2014Gruss, Spreitzer, et al. 2015
Same techniques for covert and side channels
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School34
www.tugraz.at
Flush+Reload: Building Blocks
Shared Library / load binary twice / page deduplication
clflush throws data out of cache
→ We can throw other shared code out of the cache
rdtsc / rdtscp give accurate timing information
→ We can measure whether shared code is in the cache
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School35
www.tugraz.at
Flush+Reload: Building Blocks
Shared Library / load binary twice / page deduplication
clflush throws data out of cache
→ We can throw other shared code out of the cache
rdtsc / rdtscp give accurate timing information
→ We can measure whether shared code is in the cache
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School35
www.tugraz.at
Flush+Reload: Building Blocks
Shared Library / load binary twice / page deduplication
clflush throws data out of cache
→ We can throw other shared code out of the cache
rdtsc / rdtscp give accurate timing information
→ We can measure whether shared code is in the cache
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School35
www.tugraz.at
Flush+Reload: First steps
Measure timing of cached memory
Measure timing of non-cached memory (flush before measuring)
Draw a histogram
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School36
www.tugraz.at
Flush+ReloadAttacker
address space Cache Victimaddress space
step 0: attacker maps shared library→ shared memory, shared in cache
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School37
www.tugraz.at
Flush+ReloadAttacker
address space Cache Victimaddress space
step 0: attacker maps shared library→ shared memory, shared in cache
cached cached
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School37
www.tugraz.at
Flush+ReloadAttacker
address space Cache Victimaddress space
step 0: attacker maps shared library→ shared memory, shared in cachestep 1: attacker flushes the shared line
flushes
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School37
www.tugraz.at
Flush+ReloadAttacker
address space Cache Victimaddress space
step 0: attacker maps shared library→ shared memory, shared in cachestep 1: attacker flushes the shared linestep 2: victim loads data while performing encryption
loads data
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School37
www.tugraz.at
Flush+ReloadAttacker
address space Cache Victimaddress space
step 0: attacker maps shared library→ shared memory, shared in cachestep 1: attacker flushes the shared linestep 2: victim loads data while performing encryptionstep 3: attacker reloads data→ fast access if the victim loaded the line
reloads data
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School37
www.tugraz.at
Flush+Reload
Pros: fine granularity (1 line)
Cons: restrictive
1. needs clflush instruction (not available e.g., in JS)
2. needs shared memory
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School38
www.tugraz.at
Variants of Flush+Reload
Flush+Flush Gruss, Clementine Maurice, et al. 2016
Evict+Reload Gruss, Spreitzer, et al. 2015 on ARM Lipp et al. 2016
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School39
www.tugraz.at
Prime+ProbeAttacker
address space Cache Victimaddress space
step 0: attacker fills the cache (prime)
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School40
www.tugraz.at
Prime+ProbeAttacker
address space Cache Victimaddress space
step 0: attacker fills the cache (prime)
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School40
www.tugraz.at
Prime+ProbeAttacker
address space Cache Victimaddress space
step 0: attacker fills the cache (prime)
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School40
www.tugraz.at
Prime+ProbeAttacker
address space Cache Victimaddress space
step 0: attacker fills the cache (prime)step 1: victim evicts cache lines while performing encryption
loads data
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School40
www.tugraz.at
Prime+ProbeAttacker
address space Cache Victimaddress space
step 0: attacker fills the cache (prime)step 1: victim evicts cache lines while performing encryption
loads data
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School40
www.tugraz.at
Prime+ProbeAttacker
address space Cache Victimaddress space
step 0: attacker fills the cache (prime)step 1: victim evicts cache lines while performing encryption
loads data
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School40
www.tugraz.at
Prime+ProbeAttacker
address space Cache Victimaddress space
step 0: attacker fills the cache (prime)step 1: victim evicts cache lines while performing encryption
loads data
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School40
www.tugraz.at
Prime+ProbeAttacker
address space Cache Victimaddress space
step 0: attacker fills the cache (prime)step 1: victim evicts cache lines while performing encryption
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School40
www.tugraz.at
Prime+ProbeAttacker
address space Cache Victimaddress space
step 0: attacker fills the cache (prime)step 1: victim evicts cache lines while performing encryptionstep 2: attacker probes data to determine if the set was accessed
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School40
www.tugraz.at
Prime+ProbeAttacker
address space Cache Victimaddress space
step 0: attacker fills the cache (prime)step 1: victim evicts cache lines while performing encryptionstep 2: attacker probes data to determine if the set was accessed
fast access
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School40
www.tugraz.at
Prime+ProbeAttacker
address space Cache Victimaddress space
step 0: attacker fills the cache (prime)step 1: victim evicts cache lines while performing encryptionstep 2: attacker probes data to determine if the set was accessed
slow access
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School40
www.tugraz.at
Prime+Probe
Pros: less restrictive
1. no need for clflush instruction (not available e.g., in JS)
2. no need for shared memory
Cons: coarser granularity (1 set)
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School41
www.tugraz.at
Issues with Prime+Probe
We need to evict caches lines without clflush or shared memory:
1. which addresses do we access to have congruent cache lines?
2. without any privilege?
3. and in which order do we access them?
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School42
www.tugraz.at
#1.1: Which physical addresses to access?
“LRU eviction”:
assume that cache uses LRU replacement
accessing n addresses from the same cache set to evict an n-way set
eviction from last level→ from whole hierarchy (it’s inclusive!)
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School43
www.tugraz.at
#1.2: Which addresses map to the same set?
slice 0 slice 1 slice 2 slice 3
H
2
offsetsettagphysical address
30
061735
11
line
function H that maps slices isundocumented
reverse-engineered byClementine Maurice,Le Scouarnec, et al. 2015; Inciet al. 2015; Yarom, Ge, et al.2015
hash function basically anXOR of address bits
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School44
www.tugraz.at
#1.2: Which addresses map to the same set?
slice 0 slice 1 slice 2 slice 3
H
2
offsetsettagphysical address
30
061735
11
line
function H that maps slices isundocumented
reverse-engineered byClementine Maurice,Le Scouarnec, et al. 2015; Inciet al. 2015; Yarom, Ge, et al.2015
hash function basically anXOR of address bits
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School44
www.tugraz.at
#1.2: Which addresses map to the same set?
3 functions, depending on the number of cores
Address bit3 3 3 3 3 3 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 0 0 0 07 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6
2 cores o0 ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕
4 cores o0 ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕o1 ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕
8 coreso0 ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕o1 ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕o2 ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School45
www.tugraz.at
#2: Obtain information without root privileges
last-level cache is physically indexed
root privileges needed for physical addresses
use 2 MB pages→ lowest 21 bits are the same as virtual address
→ enough to compute the cache set
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School46
www.tugraz.at
#2: Obtain information without root privileges
last-level cache is physically indexed
root privileges needed for physical addresses
use 2 MB pages→ lowest 21 bits are the same as virtual address
→ enough to compute the cache set
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School46
www.tugraz.at
#2: Obtain information without root privileges
last-level cache is physically indexed
root privileges needed for physical addresses
use 2 MB pages→ lowest 21 bits are the same as virtual address
→ enough to compute the cache set
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School46
www.tugraz.at
#2: Obtain information without root privileges
last-level cache is physically indexed
root privileges needed for physical addresses
use 2 MB pages→ lowest 21 bits are the same as virtual address
→ enough to compute the cache set
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School46
www.tugraz.at
#3.1: Replacement policy on older CPUs
“LRU eviction” memory accesses
cache set
LRU replacement policy: oldest entry first
timestamps for every cache line
access updates timestamp
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School47
www.tugraz.at
#3.1: Replacement policy on older CPUs
“LRU eviction” memory accesses
cache set
LRU replacement policy: oldest entry first
timestamps for every cache line
access updates timestamp
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School47
www.tugraz.at
#3.1: Replacement policy on older CPUs
“LRU eviction” memory accesses
cache set 2 5 8 1 7 6 3 4
LRU replacement policy: oldest entry first
timestamps for every cache line
access updates timestamp
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School47
www.tugraz.at
#3.1: Replacement policy on older CPUs
“LRU eviction” memory accesses
cache set 2 5 8 1 7 6 3 4
load
9
LRU replacement policy: oldest entry first
timestamps for every cache line
access updates timestamp
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School47
www.tugraz.at
#3.1: Replacement policy on older CPUs
“LRU eviction” memory accesses
cache set 2 5 8 1 7 6 3 49
load
10
LRU replacement policy: oldest entry first
timestamps for every cache line
access updates timestamp
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School47
www.tugraz.at
#3.1: Replacement policy on older CPUs
“LRU eviction” memory accesses
cache set 2 5 8 1 7 6 3 4910
load
11
LRU replacement policy: oldest entry first
timestamps for every cache line
access updates timestamp
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School47
www.tugraz.at
#3.1: Replacement policy on older CPUs
“LRU eviction” memory accesses
cache set 2 5 8 1 7 6 3 4910 11
load
12
LRU replacement policy: oldest entry first
timestamps for every cache line
access updates timestamp
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School47
www.tugraz.at
#3.1: Replacement policy on older CPUs
“LRU eviction” memory accesses
cache set 2 5 8 1 7 6 3 4910 11 12
load
13
LRU replacement policy: oldest entry first
timestamps for every cache line
access updates timestamp
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School47
www.tugraz.at
#3.1: Replacement policy on older CPUs
“LRU eviction” memory accesses
cache set 2 5 8 1 7 6 3 4910 11 1213
load
14
LRU replacement policy: oldest entry first
timestamps for every cache line
access updates timestamp
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School47
www.tugraz.at
#3.1: Replacement policy on older CPUs
“LRU eviction” memory accesses
cache set 2 5 8 1 7 6 3 4910 11 1213 14
load
15
LRU replacement policy: oldest entry first
timestamps for every cache line
access updates timestamp
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School47
www.tugraz.at
#3.1: Replacement policy on older CPUs
“LRU eviction” memory accesses
cache set 2 5 8 1 7 6 3 4910 11 1213 1415
load
16
LRU replacement policy: oldest entry first
timestamps for every cache line
access updates timestamp
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School47
www.tugraz.at
#3.2: Replacement policy on recent CPUs
“LRU eviction” memory accesses
cache set 2 5 8 1 7 6 3 4
no LRU replacement
only 75% success rate on Haswell
more accesses→ higher success rate, but too slow
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School48
www.tugraz.at
#3.2: Replacement policy on recent CPUs
“LRU eviction” memory accesses
cache set 2 5 8 1 7 6 3 4
load
9
no LRU replacement
only 75% success rate on Haswell
more accesses→ higher success rate, but too slow
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School48
www.tugraz.at
#3.2: Replacement policy on recent CPUs
“LRU eviction” memory accesses
cache set 2 5 8 1 7 6 3 49
load
10
no LRU replacement
only 75% success rate on Haswell
more accesses→ higher success rate, but too slow
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School48
www.tugraz.at
#3.2: Replacement policy on recent CPUs
“LRU eviction” memory accesses
cache set 2 5 8 1 7 6 3 4910
load
11
no LRU replacement
only 75% success rate on Haswell
more accesses→ higher success rate, but too slow
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School48
www.tugraz.at
#3.2: Replacement policy on recent CPUs
“LRU eviction” memory accesses
cache set 2 5 8 1 7 6 3 4910 11
load
12
no LRU replacement
only 75% success rate on Haswell
more accesses→ higher success rate, but too slow
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School48
www.tugraz.at
#3.2: Replacement policy on recent CPUs
“LRU eviction” memory accesses
cache set 2 5 8 1 7 6 3 4910 1112
load
13
no LRU replacement
only 75% success rate on Haswell
more accesses→ higher success rate, but too slow
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School48
www.tugraz.at
#3.2: Replacement policy on recent CPUs
“LRU eviction” memory accesses
cache set 2 5 8 1 7 6 3 4910 1112 13
load
14
no LRU replacement
only 75% success rate on Haswell
more accesses→ higher success rate, but too slow
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School48
www.tugraz.at
#3.2: Replacement policy on recent CPUs
“LRU eviction” memory accesses
cache set 2 5 8 1 7 6 3 4910 1112 1314
load
15
no LRU replacement
only 75% success rate on Haswell
more accesses→ higher success rate, but too slow
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School48
www.tugraz.at
#3.2: Replacement policy on recent CPUs
“LRU eviction” memory accesses
cache set 2 5 8 1 7 6 3 4910 1112 1314 15
load
16
no LRU replacement
only 75% success rate on Haswell
more accesses→ higher success rate, but too slow
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School48
www.tugraz.at
#3.2: Replacement policy on recent CPUs
“LRU eviction” memory accesses
cache set 2 5 8 1 7 6 3 4910 1112 1314 1516
no LRU replacement
only 75% success rate on Haswell
more accesses→ higher success rate, but too slow
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School48
www.tugraz.at
#3.2: Replacement policy on recent CPUs
“LRU eviction” memory accesses
cache set 2 5 8 1 7 6 3 4910 1112 1314 1516
no LRU replacement
only 75% success rate on Haswell
more accesses→ higher success rate, but too slow
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School48
www.tugraz.at
#3.3: Cache eviction strategy
Add
ress
a1
a2
a3
a4
a5
a6
a7
a8
a9
TimeFigure: Fast and effective on Haswell. Eviction rate >99.97%.
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School49
www.tugraz.at
What to profile?
# ps -A | grep gedit
# cat /proc/pid/maps
00400000-00489000 r-xp 00000000 08:11 396356
/usr/bin/gedit
7f5a96991000-7f5a96a51000 r-xp 00000000 08:11 399365
/usr/lib/x86_64-linux-gnu/libgdk-3.so.0.1400.14
...
memory range, access rights, offset, –, –, file name
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School50
www.tugraz.at
Profiling a single event
cd ../profiling/generic_low_frequency_example
# put the threshold into spy.c (MIN_CACHE_MISS_CYCLES)
make
./spy
# start the targeted program
sleep 2; ./spy 200 400000-489000 -- 20000
-- -- /usr/bin/gedit
... and hold down key in the targeted programsave addresses with peaks!
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School51
www.tugraz.at
Exploitation phase
cd ../exploitation/generic
# put the threshold into spy.c (MIN_CACHE_MISS_CYCLES)
make
./spy file offset
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School52
www.tugraz.at
1. Quick Start
2. Measuring and exploiting timing leakage
3. CPU caches
4. Cache attacks
5. Cache covert channels
6. Cache template attacks
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School53
www.tugraz.at
Side channels vs covert channels
side channel: attacker spies a victim process
covert channel: communication between two processes
that are not supposed to communicatethat are collaborating
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School54
www.tugraz.at
1-bit cache covert channels
ideas for 1-bit channels:
Prime+Probe: use one cache set to transmit
0: sender does not access the set→ low access time in receiver1: sender does access the set→ high access time in receiver
Flush+Reload/Flush+Flush/Evict+Reload: use one address to transmit
0: sender does not access the address→ high access time inreceiver
1: sender does access the address→ low access time in receiver
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School55
www.tugraz.at
1-bit cache covert channels
ideas for 1-bit channels:
Prime+Probe: use one cache set to transmit
0: sender does not access the set→ low access time in receiver1: sender does access the set→ high access time in receiver
Flush+Reload/Flush+Flush/Evict+Reload: use one address to transmit
0: sender does not access the address→ high access time inreceiver
1: sender does access the address→ low access time in receiver
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School55
www.tugraz.at
1-bit cache covert channels
ideas for 1-bit channels:
Prime+Probe: use one cache set to transmit
0: sender does not access the set→ low access time in receiver1: sender does access the set→ high access time in receiver
Flush+Reload/Flush+Flush/Evict+Reload: use one address to transmit
0: sender does not access the address→ high access time inreceiver
1: sender does access the address→ low access time in receiver
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School55
www.tugraz.at
1-bit covert channels
1 bit data, 0 bit control?
idea: divide time into slices (e.g., 50µs frames)
synchronize sender and receiver with a shared clock
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School56
www.tugraz.at
1-bit covert channels
1 bit data, 0 bit control?
idea: divide time into slices (e.g., 50µs frames)
synchronize sender and receiver with a shared clock
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School56
www.tugraz.at
Problems of 1-bit covert channels
errors?
→ error-correcting codes
retransmission may be more efficient (less overhead)
desynchronization
optimal transmission duration may vary
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School57
www.tugraz.at
Problems of 1-bit covert channels
errors? → error-correcting codes
retransmission may be more efficient (less overhead)
desynchronization
optimal transmission duration may vary
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School57
www.tugraz.at
Multi-bit covert channels
combine multiple 1-bit channels
avoid interferences
→ higher performance
use 1-bit for sending = true/false
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School58
www.tugraz.at
Multi-bit covert channels
combine multiple 1-bit channels
avoid interferences
→ higher performance
use 1-bit for sending = true/false
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School58
www.tugraz.at
Multi-bit covert channels
combine multiple 1-bit channels
avoid interferences
→ higher performance
use 1-bit for sending = true/false
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School58
www.tugraz.at
Packets / frames
Organize data in packets / frames:
some data bits
check sum
sequence number
→ keep sender and receiver synchronous
→ check whether retransmission is necessary
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School59
www.tugraz.at
State of the art
method raw capacity err. rate true capacity env.F+F Gruss, Clementine Maurice, et al. 2016 3968Kbps 0.840% 3690Kbps nativeF+R Gruss, Clementine Maurice, et al. 2016 2384Kbps 0.005% 2382Kbps nativeE+R Lipp et al. 2016 1141Kbps 1.100% 1041Kbps nativeP+P Liu et al. 2015 600Kbps 1.000% 552Kbps virt
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School60
www.tugraz.at
1. Quick Start
2. Measuring and exploiting timing leakage
3. CPU caches
4. Cache attacks
5. Cache covert channels
6. Cache template attacks
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School61
www.tugraz.at
Cache Template Attacks
Profiling Phase
Preprocessing step to find exploitable addresses automatically
w.r.t. “events” (keystrokes, encryptions, ...)called “Cache Template”
Exploitation Phase
Monitor exploitable addresses
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School62
www.tugraz.at
Cache Template Attacks
Profiling Phase
Preprocessing step to find exploitable addresses automatically
w.r.t. “events” (keystrokes, encryptions, ...)called “Cache Template”
Exploitation Phase
Monitor exploitable addresses
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School62
www.tugraz.at
Profiling Phase
Attacker address space
Cache
Victim address space
Shared 0x0
Shared 0x0
Cache is empty
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School63
www.tugraz.at
Profiling Phase
Attacker address space
Cache
Victim address space
AShared 0x0
Shared 0x0
Attacker triggers an event
Shared 0x0
Shared 0x0
Shared 0x0
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School63
www.tugraz.at
Profiling Phase
Attacker address space
Cache
Victim address space
Shared 0x0
Shared 0x0
Attacker checks one address for cache hits (“Reload”)
Shared 0x0
Shared 0x0
Shared 0x0
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School63
www.tugraz.at
Profiling Phase
Attacker address space
Cache
Victim address space
Shared 0x0
Shared 0x0
Update cache hit ratio (per event and address)
Shared 0x0
Shared 0x0
Shared 0x0
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School63
www.tugraz.at
Profiling Phase
Attacker address space
Cache
Victim address space
Shared 0x0
Shared 0x0
Attacker flushes shared memory
Shared 0x0
Shared 0x0
Shared 0x0
flush
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School63
www.tugraz.at
Profiling Phase
Attacker address space
Cache
Victim address space
Shared 0x0
Shared 0x0
Repeat for higher accuracy
A
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School63
www.tugraz.at
Profiling Phase
Attacker address space
Cache
Victim address space
Shared 0x0
Shared 0x0
Repeat for all events
B
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School63
www.tugraz.at
Profiling Phase
Attacker address space
Cache
Victim address space
Shared 0x0
Shared 0x0
Repeat for all events
C
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School63
www.tugraz.at
Profiling Phase
Attacker address space
Cache
Victim address space
Continue with next address
A
Shared 0x40
Shared 0x40
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School63
www.tugraz.at
Profiling Phase
Attacker address space
Cache
Victim address space
Continue with next address
A
Shared 0x80
Shared 0x80
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School63
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling a Single Event
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School64
www.tugraz.at
Profiling Phase: 1 Event, 1 AddressA
DD
RE
SS
KEYn
0x7c800
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School65
www.tugraz.at
Profiling Phase: 1 Event, 1 Address
AD
DR
ES
S
KEYn
0x7c800
Example: Cache Hit Ratio for (0x7c800, n): 200 / 200
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School65
www.tugraz.at
Profiling Phase: All Events, 1 AddressA
DD
RE
SS
KEYg h i j k l m n o p q r s t u v w x y z
0x7c800
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School66
www.tugraz.at
Profiling Phase: All Events, 1 Address
AD
DR
ES
S
KEYg h i j k l m n o p q r s t u v w x y z
0x7c800
Example: Cache Hit Ratio for (0x7c800, u): 13 / 200
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School66
www.tugraz.at
Profiling Phase: All Events, 1 AddressA
DD
RE
SS
KEYg h i j k l m n o p q r s t u v w x y z
0x7c800
Distinguish n from other keys by monitoring 0x7c800
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School66
www.tugraz.at
Profiling Phase: All Events, All Addresses
AD
DR
ES
S
KEYg h i j k l m n o p q r s t u v w x y z
0x7c6800x7c6c00x7c7000x7c7400x7c7800x7c7c00x7c8000x7c8400x7c8800x7c8c00x7c9000x7c9400x7c9800x7c9c00x7ca000x7cb800x7cc400x7cc800x7ccc00x7cd00
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School67
www.tugraz.at
Exploitation Phase
Monitor addresses from Cache Template
Report to log file / attacker
Manual analysis of log file
Find password in keypress log, etc.
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School68
www.tugraz.at
Exploitation Phase
Monitor addresses from Cache Template
Report to log file / attacker
Manual analysis of log file
Find password in keypress log, etc.
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School68
www.tugraz.at
Exploitation Phase
Monitor addresses from Cache Template
Report to log file / attacker
Manual analysis of log file
Find password in keypress log, etc.
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School68
www.tugraz.at
Example Attacks
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School69
www.tugraz.at
Attack 1: Keystroke Timings
Spy on keystroke timings onLinux, Windows and OS X
Sub-microsecond accuracy
Derive text input from timings
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School70
www.tugraz.at
Attack 1: Keystroke Timings
Spy on keystroke timings onLinux, Windows and OS X
Sub-microsecond accuracy
Derive text input from timings0 0.1 0.2
Miss
Hit
TIME IN CYCLES
2.24 2.25 2.26
·107
Event trace Cache-hit trace
Eve
ntst
art
Cac
he-h
itph
ase
Eve
nten
d
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School70
www.tugraz.at
Attack 1: Keystroke Timings
Spy on keystroke timings onLinux, Windows and OS X
Sub-microsecond accuracy
Derive text input from timings0 0.1 0.2
Miss
Hit
TIME IN CYCLES
2.24 2.25 2.26
·107
Event trace Cache-hit trace
Eve
ntst
art
Cac
he-h
itph
ase
Eve
nten
d
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School70
www.tugraz.at
Attack 2: Keylogging
Linux with GTK: monitorkeystrokes of specific keys
Detect groups of keys
Some keys distinct
AD
DR
ES
S
KEYg h i j k l m n o p q r s t u v w x y z
0x7c6800x7c6c00x7c7000x7c7400x7c7800x7c7c00x7c8000x7c8400x7c8800x7c8c00x7c9000x7c9400x7c9800x7c9c00x7ca000x7cb800x7cc400x7cc800x7ccc00x7cd00
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School71
www.tugraz.at
Attack 3: Locate AES T-Tables
AES uses T-Tables (precomputed from S-Boxes)
4 T-Tables
T0[k0,4,8,12 ⊕ p0,4,8,12
]
T1[k1,5,9,13 ⊕ p1,5,9,13
]
...
If we know which entry of T is accessed, we know the result of ki ⊕ pi.Known-plaintext attack (pi is known)→ ki can be determined
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School72
www.tugraz.at
Attack 3: Locate AES T-Tables
AES T-Table implementation from OpenSSL 1.0.2
Most addresses in two groups:
Cache hit ratio 100% (always cache hits)Cache hit ratio 0% (no cache hits)
One 4096 byte memory block:
Cache hit ratio of 92%Cache hits depend on key value and plaintext valueThe T-Tables
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School73
www.tugraz.at
Attack 3: Locate AES T-Tables
AES T-Table implementation from OpenSSL 1.0.2
Most addresses in two groups:
Cache hit ratio 100% (always cache hits)Cache hit ratio 0% (no cache hits)
One 4096 byte memory block:
Cache hit ratio of 92%Cache hits depend on key value and plaintext valueThe T-Tables
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School73
www.tugraz.at
Attack 3: Locate AES T-Tables
AES T-Table implementation from OpenSSL 1.0.2
Most addresses in two groups:
Cache hit ratio 100% (always cache hits)Cache hit ratio 0% (no cache hits)
One 4096 byte memory block:
Cache hit ratio of 92%Cache hits depend on key value and plaintext valueThe T-Tables
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School73
www.tugraz.at
Attack 4: AES T-Table Template Attack
AES T-Table implementation from OpenSSL 1.0.2
Known-plaintext attack
Events: encryption with only one fixed key byte
Profile each event
Exploitation phase:
Eliminate key candidatesReduction of key space in first-round attack:
64 bits after 16–160 encryptions
State of the art: full key recovery after 30000 encryptions
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School74
www.tugraz.at
Attack 4: AES T-Table Template Attack
AES T-Table implementation from OpenSSL 1.0.2
Known-plaintext attack
Events: encryption with only one fixed key byte
Profile each event
Exploitation phase:
Eliminate key candidatesReduction of key space in first-round attack:
64 bits after 16–160 encryptions
State of the art: full key recovery after 30000 encryptions
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School74
www.tugraz.at
Attack 4: AES T-Table Template Attack
AES T-Table implementation from OpenSSL 1.0.2
Known-plaintext attack
Events: encryption with only one fixed key byte
Profile each event
Exploitation phase:
Eliminate key candidates
Reduction of key space in first-round attack:64 bits after 16–160 encryptions
State of the art: full key recovery after 30000 encryptions
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School74
www.tugraz.at
Attack 4: AES T-Table Template Attack
AES T-Table implementation from OpenSSL 1.0.2
Known-plaintext attack
Events: encryption with only one fixed key byte
Profile each event
Exploitation phase:
Eliminate key candidatesReduction of key space in first-round attack:
64 bits after 16–160 encryptions
State of the art: full key recovery after 30000 encryptions
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School74
www.tugraz.at
Attack 4: AES T-Table Template Attack
AES T-Table implementation from OpenSSL 1.0.2
Known-plaintext attack
Events: encryption with only one fixed key byte
Profile each event
Exploitation phase:
Eliminate key candidatesReduction of key space in first-round attack:
64 bits after 16–160 encryptions
State of the art: full key recovery after 30000 encryptions
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School74
www.tugraz.at
Attack 4: AES T-Table Template
k0 = 0x00 k0 = 0x55
(transposed)
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School75
www.tugraz.at
Meltdown
Boot with
nopti nokaslr
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School76
www.tugraz.at
Meltdown setup
1. identify a promising kernel address
/proc/kallsysms
https://github.com/IAIK/meltdown/tree/master/libkdumpsize t paddr = libkdump virt to phys((size t)secret);
2. create a page aligned 256 × 4KB = 1MB array
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School77
www.tugraz.at
Meltdown setup
1. identify a promising kernel address
/proc/kallsysms
https://github.com/IAIK/meltdown/tree/master/libkdumpsize t paddr = libkdump virt to phys((size t)secret);
2. create a page aligned 256 × 4KB = 1MB array
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School77
www.tugraz.at
Meltdown setup
1. identify a promising kernel address
/proc/kallsysms
https://github.com/IAIK/meltdown/tree/master/libkdump
size t paddr = libkdump virt to phys((size t)secret);
2. create a page aligned 256 × 4KB = 1MB array
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School77
www.tugraz.at
Meltdown setup
1. identify a promising kernel address
/proc/kallsysms
https://github.com/IAIK/meltdown/tree/master/libkdumpsize t paddr = libkdump virt to phys((size t)secret);
2. create a page aligned 256 × 4KB = 1MB array
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School77
www.tugraz.at
Meltdown setup
1. identify a promising kernel address
/proc/kallsysms
https://github.com/IAIK/meltdown/tree/master/libkdumpsize t paddr = libkdump virt to phys((size t)secret);
2. create a page aligned 256 × 4KB = 1MB array
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School77
www.tugraz.at
Meltdown in three easy steps
1. load one byte from a kernel address into a register
2. compute array index: multiply byte in register by page size (4KB)
3. access array offset with this index
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School78
www.tugraz.at
Meltdown in three easy steps
1. load one byte from a kernel address into a register
2. compute array index: multiply byte in register by page size (4KB)
3. access array offset with this index
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School78
www.tugraz.at
Meltdown in three easy steps
1. load one byte from a kernel address into a register
2. compute array index: multiply byte in register by page size (4KB)
3. access array offset with this index
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School78
www.tugraz.at
Meltdown: Reading the Secret
1. Flush+Reload over all array offsets
2. Read 0? Repeat.
3. Even something like 500k repetitions can make sense.
4. We can just ignore cache line 0.
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School79
www.tugraz.at
Meltdown: Reading the Secret
1. Flush+Reload over all array offsets
2. Read 0? Repeat.
3. Even something like 500k repetitions can make sense.
4. We can just ignore cache line 0.
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School79
www.tugraz.at
Meltdown: Reading the Secret
1. Flush+Reload over all array offsets
2. Read 0? Repeat.
3. Even something like 500k repetitions can make sense.
4. We can just ignore cache line 0.
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School79
www.tugraz.at
Meltdown: Reading the Secret
1. Flush+Reload over all array offsets
2. Read 0? Repeat.
3. Even something like 500k repetitions can make sense.
4. We can just ignore cache line 0.
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School79
www.tugraz.at
Improving Meltdown
1. Add a null pointer
2. Add software/hardware prefetching
3. Add concurrent loads to the same address
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School80
www.tugraz.at
Improving Meltdown
1. Add a null pointer
2. Add software/hardware prefetching
3. Add concurrent loads to the same address
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School80
www.tugraz.at
Improving Meltdown
1. Add a null pointer
2. Add software/hardware prefetching
3. Add concurrent loads to the same address
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School80
www.tugraz.at
Preventing Meltdown
1. Run the same attack without bootflag nopti
2. Won’t work...
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School81
www.tugraz.at
Preventing Meltdown
1. Run the same attack without bootflag nopti
2. Won’t work...
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School81
www.tugraz.at
How to have a MeltdownDaniel GrussGraz University of Technology
April 19/20, 2018 — Cryptacus Training School
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School82
www.tugraz.at
Bibliography I
Gruss, Daniel, Clementine Maurice, Klaus Wagner, and Stefan Mangard (2016).“Flush+Flush: A Fast and Stealthy Cache Attack”. In: DIMVA’16.
Gruss, Daniel, Raphael Spreitzer, and Stefan Mangard (2015). “Cache TemplateAttacks: Automating Attacks on Inclusive Last-Level Caches”. In: USENIXSecurity Symposium.
Gullasch, David, Endre Bangerter, and Stephan Krenn (2011). “Cache Games –Bringing Access-Based Cache Attacks on AES to Practice”. In: S&P’11.
Inci, Mehmet Sinan, Berk Gulmezoglu, Gorka Irazoqui, Thomas Eisenbarth, andBerk Sunar (2015). “Seriously, get off my cloud! Cross-VM RSA Key Recovery ina Public Cloud”. In: Cryptology ePrint Archive, Report 2015/898, pp. 1–15.
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School83
www.tugraz.at
Bibliography IILipp, Moritz, Daniel Gruss, Raphael Spreitzer, Clementine Maurice, and
Stefan Mangard (2016). “ARMageddon: Last-Level Cache Attacks on MobileDevices”. In: USENIX Security Symposium.
Liu, Fangfei, Yuval Yarom, Qian Ge, Gernot Heiser, and Ruby B. Lee (2015).“Last-Level Cache Side-Channel Attacks are Practical”. In: S&P’15.
Maurice, Clementine, Nicolas Le Scouarnec, Christoph Neumann, Olivier Heen,and Aurelien Francillon (2015). “Reverse Engineering Intel Complex AddressingUsing Performance Counters”. In: RAID.
Maurice, Clementine, Christoph Neumann, Olivier Heen, and Aurelien Francillon(2015). “C5: Cross-Cores Cache Covert Channel”. In: DIMVA’15.
Percival, Colin (2005). “Cache missing for fun and profit”. In: Proceedings ofBSDCan.
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School84
www.tugraz.at
Bibliography IIIYarom, Yuval and Katrina Falkner (2014). “Flush+Reload: a High Resolution, Low
Noise, L3 Cache Side-Channel Attack”. In: USENIX Security Symposium.Yarom, Yuval, Qian Ge, Fangfei Liu, Ruby B. Lee, and Gernot Heiser (2015).
“Mapping the Intel Last-Level Cache”. In: Cryptology ePrint Archive, Report2015/905, pp. 1–12.
Daniel Gruss, Graz University of TechnologyApril 19/20, 2018 — Cryptacus Training School85
THREAT MODELS IN DISTANCE BOUNDING
Handan Kılınç[email protected]
Presentation at Training School 2018 on Cryptanalysis of Ubiquitous Computing Systems
OUTLINE
Introduction
Plain Model
Secure Hardware Model
Conclusion
2
INTRODUCTIONDISTANCE BOUNDING
3
The prover authenticatesand proves its proximity
ProverVerifier
INTRODUCTIONREAL WORLD SCENARIOS
4
Brands and Chaum [Eurocrypt’93]
INTRODUCTIONREAL WORLD SCENARIOS
4
Brands and Chaum [Eurocrypt’93] Relay Attack
INTRODUCTIONREAL WORLD SCENARIOS
4
Brands and Chaum [Eurocrypt’93] Relay Attack
INTRODUCTIONDISTANCE BOUNDING
5
Relay Attack
device 2
INTRODUCTIONDISTANCE BOUNDING
5
Relay Attack
device 1
device 2
INTRODUCTIONDISTANCE BOUNDING
5
Relay Attack
device 1
device 2
INTRODUCTIONDISTANCE BOUNDING
5
Relay Attack
device 1
device 2
INTRODUCTIONDISTANCE BOUNDING
5
Relay Attack
device 1
device 2
INTRODUCTIONDISTANCE BOUNDING
5
Relay Attack
device 1
device 2
INTRODUCTIONDISTANCE BOUNDING
5
Relay Attack
device 1
device 2
INTRODUCTIONDISTANCE BOUNDING
5
Relay Attack
device 1
device 2
INTRODUCTION
6
ProverVerifier
...
c1r1
r2
c2
cn
rn
ts1
tr1
tr2
ts2
tsn
trn
……..
……..
^ tri ts
i
c 2B<latexit sha1_base64="xBpTduJ1VYOLYRgb/J8krzbaB7A=">AAACE3icbVC7TsMwFHV4lvIKMLJYtEgIiSrpAmNVFsYi0YfUlMhxb1qrzgPbAVVR/oGFX2FhACFWFjb+BqftAC1HuldH59wr+x4v5kwqy/o2lpZXVtfWCxvFza3tnV1zb78lo0RQaNKIR6LjEQmchdBUTHHoxAJI4HFoe6PL3G/fg5AsCm/UOIZeQAYh8xklSkuueVp2HqA/AOykji8ITZXLbsVZ3mWW0gw7HO5wte5kZdcsWRVrArxI7BkpoRkarvnl9COaBBAqyomUXduKVS8lQjHKISs6iYSY0BEZQFfTkAQge+nkpgwfa6WP/UjoChWeqL83UhJIOQ48PRkQNZTzXi7+53UT5V/0UhbGiYKQTh/yE45VhPOAcJ8JoIqPNSFUMP1XTIdER6N0jEUdgj1/8iJpVSu2VbGvq6VafRZHAR2iI3SCbHSOaugKNVATUfSIntErejOejBfj3fiYji4Zs50D9AfG5w8vxJ2w</latexit><latexit sha1_base64="xBpTduJ1VYOLYRgb/J8krzbaB7A=">AAACE3icbVC7TsMwFHV4lvIKMLJYtEgIiSrpAmNVFsYi0YfUlMhxb1qrzgPbAVVR/oGFX2FhACFWFjb+BqftAC1HuldH59wr+x4v5kwqy/o2lpZXVtfWCxvFza3tnV1zb78lo0RQaNKIR6LjEQmchdBUTHHoxAJI4HFoe6PL3G/fg5AsCm/UOIZeQAYh8xklSkuueVp2HqA/AOykji8ITZXLbsVZ3mWW0gw7HO5wte5kZdcsWRVrArxI7BkpoRkarvnl9COaBBAqyomUXduKVS8lQjHKISs6iYSY0BEZQFfTkAQge+nkpgwfa6WP/UjoChWeqL83UhJIOQ48PRkQNZTzXi7+53UT5V/0UhbGiYKQTh/yE45VhPOAcJ8JoIqPNSFUMP1XTIdER6N0jEUdgj1/8iJpVSu2VbGvq6VafRZHAR2iI3SCbHSOaugKNVATUfSIntErejOejBfj3fiYji4Zs50D9AfG5w8vxJ2w</latexit><latexit sha1_base64="xBpTduJ1VYOLYRgb/J8krzbaB7A=">AAACE3icbVC7TsMwFHV4lvIKMLJYtEgIiSrpAmNVFsYi0YfUlMhxb1qrzgPbAVVR/oGFX2FhACFWFjb+BqftAC1HuldH59wr+x4v5kwqy/o2lpZXVtfWCxvFza3tnV1zb78lo0RQaNKIR6LjEQmchdBUTHHoxAJI4HFoe6PL3G/fg5AsCm/UOIZeQAYh8xklSkuueVp2HqA/AOykji8ITZXLbsVZ3mWW0gw7HO5wte5kZdcsWRVrArxI7BkpoRkarvnl9COaBBAqyomUXduKVS8lQjHKISs6iYSY0BEZQFfTkAQge+nkpgwfa6WP/UjoChWeqL83UhJIOQ48PRkQNZTzXi7+53UT5V/0UhbGiYKQTh/yE45VhPOAcJ8JoIqPNSFUMP1XTIdER6N0jEUdgj1/8iJpVSu2VbGvq6VafRZHAR2iI3SCbHSOaugKNVATUfSIntErejOejBfj3fiYji4Zs50D9AfG5w8vxJ2w</latexit><latexit sha1_base64="xBpTduJ1VYOLYRgb/J8krzbaB7A=">AAACE3icbVC7TsMwFHV4lvIKMLJYtEgIiSrpAmNVFsYi0YfUlMhxb1qrzgPbAVVR/oGFX2FhACFWFjb+BqftAC1HuldH59wr+x4v5kwqy/o2lpZXVtfWCxvFza3tnV1zb78lo0RQaNKIR6LjEQmchdBUTHHoxAJI4HFoe6PL3G/fg5AsCm/UOIZeQAYh8xklSkuueVp2HqA/AOykji8ITZXLbsVZ3mWW0gw7HO5wte5kZdcsWRVrArxI7BkpoRkarvnl9COaBBAqyomUXduKVS8lQjHKISs6iYSY0BEZQFfTkAQge+nkpgwfa6WP/UjoChWeqL83UhJIOQ48PRkQNZTzXi7+53UT5V/0UhbGiYKQTh/yE45VhPOAcJ8JoIqPNSFUMP1XTIdER6N0jEUdgj1/8iJpVSu2VbGvq6VafRZHAR2iI3SCbHSOaugKNVATUfSIntErejOejBfj3fiYji4Zs50D9AfG5w8vxJ2w</latexit>
INTRODUCTIONATTACKS
Mafia Fraud (MiM): A man-in-the-middle (MiM) adversary between a verifier
and a far-away honest prover tries to make the verifier accept.
Distance Fraud (DF): A malicious, far-away prover tries to prove that (s)he is
close enough.
Distance Hijacking (DH): A far-away malicious prover takes advantage of some
honest and active provers who are close to the verifier to make the verifier grant
privileges to the far-away prover.
Terrorist fraud (TF): A far-away malicious prover, with the help of the
adversary, tries to make the verifier accept. 7
INTRODUCTIONATTACKS
Mafia Fraud (MiM): A man-in-the-middle (MiM) adversary between a verifier
and a far-away honest prover tries to make the verifier accept.
Distance Fraud (DF): A malicious, far-away prover tries to prove that (s)he is
close enough.
Distance Hijacking (DH): A far-away malicious prover takes advantage of some
honest and active provers who are close to the verifier to make the verifier grant
privileges to the far-away prover.
Terrorist fraud (TF): A far-away malicious prover, with the help of the
adversary, tries to make the verifier accept. 7
.V .P.Afar
INTRODUCTIONATTACKS
Mafia Fraud (MiM): A man-in-the-middle (MiM) adversary between a verifier
and a far-away honest prover tries to make the verifier accept.
Distance Fraud (DF): A malicious, far-away prover tries to prove that (s)he is
close enough.
Distance Hijacking (DH): A far-away malicious prover takes advantage of some
honest and active provers who are close to the verifier to make the verifier grant
privileges to the far-away prover.
Terrorist fraud (TF): A far-away malicious prover, with the help of the
adversary, tries to make the verifier accept. 7
.V .P.Afar
.V .Pfar
INTRODUCTIONATTACKS
Mafia Fraud (MiM): A man-in-the-middle (MiM) adversary between a verifier
and a far-away honest prover tries to make the verifier accept.
Distance Fraud (DF): A malicious, far-away prover tries to prove that (s)he is
close enough.
Distance Hijacking (DH): A far-away malicious prover takes advantage of some
honest and active provers who are close to the verifier to make the verifier grant
privileges to the far-away prover.
Terrorist fraud (TF): A far-away malicious prover, with the help of the
adversary, tries to make the verifier accept. 7
.V .P.Afar
.V .Pfar
.V .P.P’far
INTRODUCTIONATTACKS
Mafia Fraud (MiM): A man-in-the-middle (MiM) adversary between a verifier
and a far-away honest prover tries to make the verifier accept.
Distance Fraud (DF): A malicious, far-away prover tries to prove that (s)he is
close enough.
Distance Hijacking (DH): A far-away malicious prover takes advantage of some
honest and active provers who are close to the verifier to make the verifier grant
privileges to the far-away prover.
Terrorist fraud (TF): A far-away malicious prover, with the help of the
adversary, tries to make the verifier accept. 7
.V .P.Afar
.V .Pfar
.V .P.P’far
.V .P.Afar
INTRODUCTIONBRANDS AND CHAUM
8
OUTLINE
Introduction
Plain Model*
Secure Hardware Model
Conclusion
9
* Ioana Boureanu, Aikaterini Mitrokotsa, and Serge Vaudenay. Practical and provably secure distance-bounding, Journal of Computer Security
10
DISTANCE BOUNDINGFORMAL DEFINITION OF SYMMETRIC DB
ProverVerifier
10
DISTANCE BOUNDINGFORMAL DEFINITION OF SYMMETRIC DB
ProverVerifierK! K
10
DISTANCE BOUNDINGFORMAL DEFINITION OF SYMMETRIC DB
ProverVerifierK! K
V (K) P (K)
10
DISTANCE BOUNDINGFORMAL DEFINITION OF SYMMETRIC DB
ProverVerifier
B
K! K
V (K) P (K)
10
DISTANCE BOUNDINGFORMAL DEFINITION OF SYMMETRIC DB
ProverVerifier
BOutV
K! K
V (K) P (K)
10
DISTANCE BOUNDINGFORMAL DEFINITION OF SYMMETRIC DB
ProverVerifier
BOutV
K! K
V (K) P (K)
DB = (K, P, V, B)<latexit sha1_base64="pUfFokJ2hwdLHYwc+ihhAsEOxf0=">AAACA3icdVBNS0JBFJ1nX2Zfr9rVZkgDA5EZF6mLQKxF0MYgP0BF5o2jDs77YGZeIA+hTX+lTYsi2vYn2vVvmqcGFXXgwuGce7n3HicQXGmEPqzE0vLK6lpyPbWxubW9Y+/uNZQfSsrq1Be+bDlEMcE9VtdcC9YKJCOuI1jTGZ/HfvOWScV970ZPAtZ1ydDjA06JNlLPPshcVOEZzHZcokeUiOhqmqvlGrnqSaZnp1EeIYQxhjHBxVNkSLlcKuASxLFlkAYL1Hr2e6fv09BlnqaCKNXGKNDdiEjNqWDTVCdULCB0TIasbahHXKa60eyHKTw2Sh8OfGnK03Cmfp+IiKvUxHVMZ3yq+u3F4l9eO9SDUjfiXhBq5tH5okEooPZhHAjsc8moFhNDCJXc3ArpiEhCtYktZUL4+hT+TxqFPEZ5fF1IV6qLOJLgEByBLMCgCCrgEtRAHVBwBx7AE3i27q1H68V6nbcmrMXMPvgB6+0TUB6VZA==</latexit><latexit sha1_base64="pUfFokJ2hwdLHYwc+ihhAsEOxf0=">AAACA3icdVBNS0JBFJ1nX2Zfr9rVZkgDA5EZF6mLQKxF0MYgP0BF5o2jDs77YGZeIA+hTX+lTYsi2vYn2vVvmqcGFXXgwuGce7n3HicQXGmEPqzE0vLK6lpyPbWxubW9Y+/uNZQfSsrq1Be+bDlEMcE9VtdcC9YKJCOuI1jTGZ/HfvOWScV970ZPAtZ1ydDjA06JNlLPPshcVOEZzHZcokeUiOhqmqvlGrnqSaZnp1EeIYQxhjHBxVNkSLlcKuASxLFlkAYL1Hr2e6fv09BlnqaCKNXGKNDdiEjNqWDTVCdULCB0TIasbahHXKa60eyHKTw2Sh8OfGnK03Cmfp+IiKvUxHVMZ3yq+u3F4l9eO9SDUjfiXhBq5tH5okEooPZhHAjsc8moFhNDCJXc3ArpiEhCtYktZUL4+hT+TxqFPEZ5fF1IV6qLOJLgEByBLMCgCCrgEtRAHVBwBx7AE3i27q1H68V6nbcmrMXMPvgB6+0TUB6VZA==</latexit><latexit sha1_base64="pUfFokJ2hwdLHYwc+ihhAsEOxf0=">AAACA3icdVBNS0JBFJ1nX2Zfr9rVZkgDA5EZF6mLQKxF0MYgP0BF5o2jDs77YGZeIA+hTX+lTYsi2vYn2vVvmqcGFXXgwuGce7n3HicQXGmEPqzE0vLK6lpyPbWxubW9Y+/uNZQfSsrq1Be+bDlEMcE9VtdcC9YKJCOuI1jTGZ/HfvOWScV970ZPAtZ1ydDjA06JNlLPPshcVOEZzHZcokeUiOhqmqvlGrnqSaZnp1EeIYQxhjHBxVNkSLlcKuASxLFlkAYL1Hr2e6fv09BlnqaCKNXGKNDdiEjNqWDTVCdULCB0TIasbahHXKa60eyHKTw2Sh8OfGnK03Cmfp+IiKvUxHVMZ3yq+u3F4l9eO9SDUjfiXhBq5tH5okEooPZhHAjsc8moFhNDCJXc3ArpiEhCtYktZUL4+hT+TxqFPEZ5fF1IV6qLOJLgEByBLMCgCCrgEtRAHVBwBx7AE3i27q1H68V6nbcmrMXMPvgB6+0TUB6VZA==</latexit><latexit sha1_base64="pUfFokJ2hwdLHYwc+ihhAsEOxf0=">AAACA3icdVBNS0JBFJ1nX2Zfr9rVZkgDA5EZF6mLQKxF0MYgP0BF5o2jDs77YGZeIA+hTX+lTYsi2vYn2vVvmqcGFXXgwuGce7n3HicQXGmEPqzE0vLK6lpyPbWxubW9Y+/uNZQfSsrq1Be+bDlEMcE9VtdcC9YKJCOuI1jTGZ/HfvOWScV970ZPAtZ1ydDjA06JNlLPPshcVOEZzHZcokeUiOhqmqvlGrnqSaZnp1EeIYQxhjHBxVNkSLlcKuASxLFlkAYL1Hr2e6fv09BlnqaCKNXGKNDdiEjNqWDTVCdULCB0TIasbahHXKa60eyHKTw2Sh8OfGnK03Cmfp+IiKvUxHVMZ3yq+u3F4l9eO9SDUjfiXhBq5tH5okEooPZhHAjsc8moFhNDCJXc3ArpiEhCtYktZUL4+hT+TxqFPEZ5fF1IV6qLOJLgEByBLMCgCCrgEtRAHVBwBx7AE3i27q1H68V6nbcmrMXMPvgB6+0TUB6VZA==</latexit>
DISTANCE BOUNDINGFORMAL DEFINITION OF PUBLIC-KEY DB
ProverVerifier
DISTANCE BOUNDINGFORMAL DEFINITION OF PUBLIC-KEY DB
ProverVerifierKP ! (skP , pkP )KV ! (skV , pkV )
DISTANCE BOUNDINGFORMAL DEFINITION OF PUBLIC-KEY DB
ProverVerifierV (skV , pkV )
KP ! (skP , pkP )
P (skP , pkP , pkV )
KV ! (skV , pkV )
DISTANCE BOUNDINGFORMAL DEFINITION OF PUBLIC-KEY DB
ProverVerifier
B
V (skV , pkV )
KP ! (skP , pkP )
P (skP , pkP , pkV )
KV ! (skV , pkV )
DISTANCE BOUNDINGFORMAL DEFINITION OF PUBLIC-KEY DB
ProverVerifier
B
V (skV , pkV )
KP ! (skP , pkP )
P (skP , pkP , pkV )
KV ! (skV , pkV )
OutVPOut = pkP
DISTANCE BOUNDINGFORMAL DEFINITION OF PUBLIC-KEY DB
ProverVerifier
B
V (skV , pkV )
KP ! (skP , pkP )
P (skP , pkP , pkV )
KV ! (skV , pkV )
DB = (KV , KP , P, V, B)
OutVPOut = pkP
THREAT MODELSADVERSARIAL AND COMMUNICATION MODEL
DB protocols run in a natural communication settings.
• notion of time, e.g., time-unit, a notion of measurable distance
• communication cannot be faster than speed of light
The adversary sees all the messages.
The adversary can change the destinations of messages.
The adversary can create polynomially many instances of parties.
The honest instances cannot be run in parallel. 12
MAFIA FRAUD (MIM)HONEST PROVER
The game begins by running the key set up algorithms:
The game gives to the adversary
The adversary creates instances of the honest prover, verifier and itself.
The adversary wins if there exists an instance V which outputs and when P is far away.
A DB protocol is MiM-secure if the success probability of winning the game is negligible.
13
pkP , pkV
OutV = 1
KV ! (skV , pkV ) KP ! (skP , pkP )
PoutV = pkP<latexit sha1_base64="FYG8rHnpBjTUZl8DIhopr2/JmXs=">AAACCnicdVDLSsNAFJ3UV62vqEs3o63gqiR1YbsQim5cRrAPaEOYTCft0MkkzEyEErJ246+4caGIW7/AnX/jNG3B54ELh3Pu5d57/JhRqSzrwygsLa+srhXXSxubW9s75u5eW0aJwKSFIxaJro8kYZSTlqKKkW4sCAp9Rjr++HLqd26JkDTiN2oSEzdEQ04DipHSkmceVvohUiMZpE6UqMxrw3O4UOJx5jkVzyxb1Vqjbp024G9iV60cZTCH45nv/UGEk5BwhRmSsmdbsXJTJBTFjGSlfiJJjPAYDUlPU45CIt00fyWDx1oZwCASuriCufp1IkWhlJPQ1535lT+9qfiX10tUUHdTyuNEEY5ni4KEQRXBaS5wQAXBik00QVhQfSvEIyQQVjq9kg5h8Sn8n7RrVduq2te1cvNiHkcRHIAjcAJscAaa4Ao4oAUwuAMP4Ak8G/fGo/FivM5aC8Z8Zh98g/H2CVDKmqo=</latexit><latexit sha1_base64="FYG8rHnpBjTUZl8DIhopr2/JmXs=">AAACCnicdVDLSsNAFJ3UV62vqEs3o63gqiR1YbsQim5cRrAPaEOYTCft0MkkzEyEErJ246+4caGIW7/AnX/jNG3B54ELh3Pu5d57/JhRqSzrwygsLa+srhXXSxubW9s75u5eW0aJwKSFIxaJro8kYZSTlqKKkW4sCAp9Rjr++HLqd26JkDTiN2oSEzdEQ04DipHSkmceVvohUiMZpE6UqMxrw3O4UOJx5jkVzyxb1Vqjbp024G9iV60cZTCH45nv/UGEk5BwhRmSsmdbsXJTJBTFjGSlfiJJjPAYDUlPU45CIt00fyWDx1oZwCASuriCufp1IkWhlJPQ1535lT+9qfiX10tUUHdTyuNEEY5ni4KEQRXBaS5wQAXBik00QVhQfSvEIyQQVjq9kg5h8Sn8n7RrVduq2te1cvNiHkcRHIAjcAJscAaa4Ao4oAUwuAMP4Ak8G/fGo/FivM5aC8Z8Zh98g/H2CVDKmqo=</latexit><latexit sha1_base64="FYG8rHnpBjTUZl8DIhopr2/JmXs=">AAACCnicdVDLSsNAFJ3UV62vqEs3o63gqiR1YbsQim5cRrAPaEOYTCft0MkkzEyEErJ246+4caGIW7/AnX/jNG3B54ELh3Pu5d57/JhRqSzrwygsLa+srhXXSxubW9s75u5eW0aJwKSFIxaJro8kYZSTlqKKkW4sCAp9Rjr++HLqd26JkDTiN2oSEzdEQ04DipHSkmceVvohUiMZpE6UqMxrw3O4UOJx5jkVzyxb1Vqjbp024G9iV60cZTCH45nv/UGEk5BwhRmSsmdbsXJTJBTFjGSlfiJJjPAYDUlPU45CIt00fyWDx1oZwCASuriCufp1IkWhlJPQ1535lT+9qfiX10tUUHdTyuNEEY5ni4KEQRXBaS5wQAXBik00QVhQfSvEIyQQVjq9kg5h8Sn8n7RrVduq2te1cvNiHkcRHIAjcAJscAaa4Ao4oAUwuAMP4Ak8G/fGo/FivM5aC8Z8Zh98g/H2CVDKmqo=</latexit><latexit sha1_base64="FYG8rHnpBjTUZl8DIhopr2/JmXs=">AAACCnicdVDLSsNAFJ3UV62vqEs3o63gqiR1YbsQim5cRrAPaEOYTCft0MkkzEyEErJ246+4caGIW7/AnX/jNG3B54ELh3Pu5d57/JhRqSzrwygsLa+srhXXSxubW9s75u5eW0aJwKSFIxaJro8kYZSTlqKKkW4sCAp9Rjr++HLqd26JkDTiN2oSEzdEQ04DipHSkmceVvohUiMZpE6UqMxrw3O4UOJx5jkVzyxb1Vqjbp024G9iV60cZTCH45nv/UGEk5BwhRmSsmdbsXJTJBTFjGSlfiJJjPAYDUlPU45CIt00fyWDx1oZwCASuriCufp1IkWhlJPQ1535lT+9qfiX10tUUHdTyuNEEY5ni4KEQRXBaS5wQAXBik00QVhQfSvEIyQQVjq9kg5h8Sn8n7RrVduq2te1cvNiHkcRHIAjcAJscAaa4Ao4oAUwuAMP4Ak8G/fGo/FivM5aC8Z8Zh98g/H2CVDKmqo=</latexit>
.V .P.Afar
MAFIA FRAUD (MIM)MIM-SECURITY GAME
14
pkP , pkV
Adversary (A)
MAFIA FRAUD (MIM)MIM-SECURITY GAME
14
pkP , pkV
Adversary (A)V
P
V A
P
A
V PA V
A
V
PA
VPA A
MAFIA FRAUD (MIM)MIM-SECURITY GAME
14
pkP , pkV
Adversary (A)V
P
V A
P
A
V PA V
A
V
PA
VPA A
MAFIA FRAUD (MIM)MIM-SECURITY GAME
14
pkP , pkV
Adversary (A)V
P
V A
P
A
V PA V
A
VA
P
AAAOutV = 1
POutV = pkP
The adversary wins if
V
PA
VPA A
DISTANCE FRAUDMALICIOUS PROVER
The game begins by running key setup algorithm:
The game gives the public key
The adversary generates with
The adversary creates instances of the verifier and itself.
The adversary wins if V outputs and when P is far away.
A DB protocol is DF-secure if the success probability of winning the game is negligible.
15
KV ! (skV , pkV )
pkV
KP (pkP )! (skP , pkP )(skP , pkP )
OutV = 1 PoutV = pkP<latexit sha1_base64="FYG8rHnpBjTUZl8DIhopr2/JmXs=">AAACCnicdVDLSsNAFJ3UV62vqEs3o63gqiR1YbsQim5cRrAPaEOYTCft0MkkzEyEErJ246+4caGIW7/AnX/jNG3B54ELh3Pu5d57/JhRqSzrwygsLa+srhXXSxubW9s75u5eW0aJwKSFIxaJro8kYZSTlqKKkW4sCAp9Rjr++HLqd26JkDTiN2oSEzdEQ04DipHSkmceVvohUiMZpE6UqMxrw3O4UOJx5jkVzyxb1Vqjbp024G9iV60cZTCH45nv/UGEk5BwhRmSsmdbsXJTJBTFjGSlfiJJjPAYDUlPU45CIt00fyWDx1oZwCASuriCufp1IkWhlJPQ1535lT+9qfiX10tUUHdTyuNEEY5ni4KEQRXBaS5wQAXBik00QVhQfSvEIyQQVjq9kg5h8Sn8n7RrVduq2te1cvNiHkcRHIAjcAJscAaa4Ao4oAUwuAMP4Ak8G/fGo/FivM5aC8Z8Zh98g/H2CVDKmqo=</latexit><latexit sha1_base64="FYG8rHnpBjTUZl8DIhopr2/JmXs=">AAACCnicdVDLSsNAFJ3UV62vqEs3o63gqiR1YbsQim5cRrAPaEOYTCft0MkkzEyEErJ246+4caGIW7/AnX/jNG3B54ELh3Pu5d57/JhRqSzrwygsLa+srhXXSxubW9s75u5eW0aJwKSFIxaJro8kYZSTlqKKkW4sCAp9Rjr++HLqd26JkDTiN2oSEzdEQ04DipHSkmceVvohUiMZpE6UqMxrw3O4UOJx5jkVzyxb1Vqjbp024G9iV60cZTCH45nv/UGEk5BwhRmSsmdbsXJTJBTFjGSlfiJJjPAYDUlPU45CIt00fyWDx1oZwCASuriCufp1IkWhlJPQ1535lT+9qfiX10tUUHdTyuNEEY5ni4KEQRXBaS5wQAXBik00QVhQfSvEIyQQVjq9kg5h8Sn8n7RrVduq2te1cvNiHkcRHIAjcAJscAaa4Ao4oAUwuAMP4Ak8G/fGo/FivM5aC8Z8Zh98g/H2CVDKmqo=</latexit><latexit sha1_base64="FYG8rHnpBjTUZl8DIhopr2/JmXs=">AAACCnicdVDLSsNAFJ3UV62vqEs3o63gqiR1YbsQim5cRrAPaEOYTCft0MkkzEyEErJ246+4caGIW7/AnX/jNG3B54ELh3Pu5d57/JhRqSzrwygsLa+srhXXSxubW9s75u5eW0aJwKSFIxaJro8kYZSTlqKKkW4sCAp9Rjr++HLqd26JkDTiN2oSEzdEQ04DipHSkmceVvohUiMZpE6UqMxrw3O4UOJx5jkVzyxb1Vqjbp024G9iV60cZTCH45nv/UGEk5BwhRmSsmdbsXJTJBTFjGSlfiJJjPAYDUlPU45CIt00fyWDx1oZwCASuriCufp1IkWhlJPQ1535lT+9qfiX10tUUHdTyuNEEY5ni4KEQRXBaS5wQAXBik00QVhQfSvEIyQQVjq9kg5h8Sn8n7RrVduq2te1cvNiHkcRHIAjcAJscAaa4Ao4oAUwuAMP4Ak8G/fGo/FivM5aC8Z8Zh98g/H2CVDKmqo=</latexit><latexit sha1_base64="FYG8rHnpBjTUZl8DIhopr2/JmXs=">AAACCnicdVDLSsNAFJ3UV62vqEs3o63gqiR1YbsQim5cRrAPaEOYTCft0MkkzEyEErJ246+4caGIW7/AnX/jNG3B54ELh3Pu5d57/JhRqSzrwygsLa+srhXXSxubW9s75u5eW0aJwKSFIxaJro8kYZSTlqKKkW4sCAp9Rjr++HLqd26JkDTiN2oSEzdEQ04DipHSkmceVvohUiMZpE6UqMxrw3O4UOJx5jkVzyxb1Vqjbp024G9iV60cZTCH45nv/UGEk5BwhRmSsmdbsXJTJBTFjGSlfiJJjPAYDUlPU45CIt00fyWDx1oZwCASuriCufp1IkWhlJPQ1535lT+9qfiX10tUUHdTyuNEEY5ni4KEQRXBaS5wQAXBik00QVhQfSvEIyQQVjq9kg5h8Sn8n7RrVduq2te1cvNiHkcRHIAjcAJscAaa4Ao4oAUwuAMP4Ak8G/fGo/FivM5aC8Z8Zh98g/H2CVDKmqo=</latexit>
.V .Pfar
DISTANCE FRAUDDF-GAME
16
Adversary (A)
pkVK
P (pkP )! (skP , pkP )
DISTANCE FRAUDDF-GAME
16
Adversary (A)
V
P
V
P
V P
VPP
pkVK
P (pkP )! (skP , pkP )
V
P
P
P
DISTANCE FRAUDDF-GAME
16
Adversary (A)
V
P
V
P
V P
VPP
pkVK
P (pkP )! (skP , pkP )
V
P
P
P
DISTANCE FRAUDDF-GAME
16
Adversary (A)
V
P
V
P
V P
V
P
VPP
OutV = 1POutV = pkP
The adversary wins ifpkV
KP (pkP )! (skP , pkP )
V
P
P
P
The game begins by running key generation algorithms.
The game gives the public keys and
The adversary generates where with
The adversary creates instances of the verifier, the honest prover and itself.The adversary wins if V outputs and when P
is far away.
A DB protocol is DH-secure if the success probability of winning the game is negligible.
17
DISTANCE HIJACKINGMALICIOUS PROVER
KP (pkV , pkP 0)! (skP , pkP )
KP ! (skP 0 , pkP 0)
POutV = pkP
KV ! (skV , pkV )pkV pkP 0
(skP , pkP )
OutV = 1
pkP 6= pkP 0<latexit sha1_base64="jF3GHqQ6MggKF0hYz3VenD2a7PI=">AAACDnicdVC7TsMwFHXKq5RXgJHFoq1gipIy0G4VLIxBog+pjSrHdVqrjhNsB6mK8gUs/AoLAwixMrPxN7hpkXge6UpH59yre+/xY0alsu13o7C0vLK6VlwvbWxube+Yu3ttGSUCkxaOWCS6PpKEUU5aiipGurEgKPQZ6fiT85nfuSFC0ohfqWlMvBCNOA0oRkpLA7Na6YdIjWWQxpNs4MI+J9fwq5S6R1llYJZtq9ao2ycN+Js4lp2jDBZwB+ZbfxjhJCRcYYak7Dl2rLwUCUUxI1mpn0gSIzxBI9LTlKOQSC/N38lgVStDGERCF1cwV79OpCiUchr6ujM/9Kc3E//yeokK6l5KeZwowvF8UZAwqCI4ywYOqSBYsakmCAuqb4V4jATCSidY0iF8fgr/J+2a5diWc1krN88WcRTBATgEx8ABp6AJLoALWgCDW3APHsGTcWc8GM/Gy7y1YCxm9sE3GK8fqtycgQ==</latexit><latexit sha1_base64="jF3GHqQ6MggKF0hYz3VenD2a7PI=">AAACDnicdVC7TsMwFHXKq5RXgJHFoq1gipIy0G4VLIxBog+pjSrHdVqrjhNsB6mK8gUs/AoLAwixMrPxN7hpkXge6UpH59yre+/xY0alsu13o7C0vLK6VlwvbWxube+Yu3ttGSUCkxaOWCS6PpKEUU5aiipGurEgKPQZ6fiT85nfuSFC0ohfqWlMvBCNOA0oRkpLA7Na6YdIjWWQxpNs4MI+J9fwq5S6R1llYJZtq9ao2ycN+Js4lp2jDBZwB+ZbfxjhJCRcYYak7Dl2rLwUCUUxI1mpn0gSIzxBI9LTlKOQSC/N38lgVStDGERCF1cwV79OpCiUchr6ujM/9Kc3E//yeokK6l5KeZwowvF8UZAwqCI4ywYOqSBYsakmCAuqb4V4jATCSidY0iF8fgr/J+2a5diWc1krN88WcRTBATgEx8ABp6AJLoALWgCDW3APHsGTcWc8GM/Gy7y1YCxm9sE3GK8fqtycgQ==</latexit><latexit sha1_base64="jF3GHqQ6MggKF0hYz3VenD2a7PI=">AAACDnicdVC7TsMwFHXKq5RXgJHFoq1gipIy0G4VLIxBog+pjSrHdVqrjhNsB6mK8gUs/AoLAwixMrPxN7hpkXge6UpH59yre+/xY0alsu13o7C0vLK6VlwvbWxube+Yu3ttGSUCkxaOWCS6PpKEUU5aiipGurEgKPQZ6fiT85nfuSFC0ohfqWlMvBCNOA0oRkpLA7Na6YdIjWWQxpNs4MI+J9fwq5S6R1llYJZtq9ao2ycN+Js4lp2jDBZwB+ZbfxjhJCRcYYak7Dl2rLwUCUUxI1mpn0gSIzxBI9LTlKOQSC/N38lgVStDGERCF1cwV79OpCiUchr6ujM/9Kc3E//yeokK6l5KeZwowvF8UZAwqCI4ywYOqSBYsakmCAuqb4V4jATCSidY0iF8fgr/J+2a5diWc1krN88WcRTBATgEx8ABp6AJLoALWgCDW3APHsGTcWc8GM/Gy7y1YCxm9sE3GK8fqtycgQ==</latexit><latexit sha1_base64="jF3GHqQ6MggKF0hYz3VenD2a7PI=">AAACDnicdVC7TsMwFHXKq5RXgJHFoq1gipIy0G4VLIxBog+pjSrHdVqrjhNsB6mK8gUs/AoLAwixMrPxN7hpkXge6UpH59yre+/xY0alsu13o7C0vLK6VlwvbWxube+Yu3ttGSUCkxaOWCS6PpKEUU5aiipGurEgKPQZ6fiT85nfuSFC0ohfqWlMvBCNOA0oRkpLA7Na6YdIjWWQxpNs4MI+J9fwq5S6R1llYJZtq9ao2ycN+Js4lp2jDBZwB+ZbfxjhJCRcYYak7Dl2rLwUCUUxI1mpn0gSIzxBI9LTlKOQSC/N38lgVStDGERCF1cwV79OpCiUchr6ujM/9Kc3E//yeokK6l5KeZwowvF8UZAwqCI4ywYOqSBYsakmCAuqb4V4jATCSidY0iF8fgr/J+2a5diWc1krN88WcRTBATgEx8ABp6AJLoALWgCDW3APHsGTcWc8GM/Gy7y1YCxm9sE3GK8fqtycgQ==</latexit>
.V .P.P’far
18
Adversary (A)
pkV
DISTANCE HIJACKINGDH-GAME
KP (pkV , pkP 0)! (skP , pkP )
pkP 0
18
Adversary (A)
V
P
V
P
V P
VP’P
pkV
V
P
P
P’
P’
DISTANCE HIJACKINGDH-GAME
V PP’
KP (pkV , pkP 0)! (skP , pkP )
pkP 0
18
Adversary (A)
V
P
V
P
V P
VP’P
pkV
V
P
P
P’
P’
DISTANCE HIJACKINGDH-GAME
V PP’
KP (pkV , pkP 0)! (skP , pkP )
pkP 0
18
Adversary (A)
V
P
V
P
V P
VP’P
pkV
V
P
P
P’
P’
DISTANCE HIJACKINGDH-GAME
V
P
P’
V PP’
KP (pkV , pkP 0)! (skP , pkP )
pkP 0
18
Adversary (A)
V
P
V
P
V P
VP’P
OutV = 1POutV = pkP
The adversary wins ifpkV
V
P
P
P’
P’
DISTANCE HIJACKINGDH-GAME
V
P
P’
V PP’
KP (pkV , pkP 0)! (skP , pkP )
pkP 0
TERRORIST FRAUD
TF-security is impossible to achieve because of the trivial attack.
19
Verifier ProverAdversaryClose Far away and malicious
(skP , pkP )
.V .P.Afar
TERRORIST FRAUD
TF-security is impossible to achieve because of the trivial attack.
19
Verifier ProverAdversaryClose Far away and malicious
(skP , pkP )skP
.V .P.Afar
TERRORIST FRAUD
TF-security is impossible to achieve because of the trivial attack.
19
Verifier ProverAdversaryClose Far away and malicious
(skP , pkP )skP
.V .P.Afar
TERRORIST FRAUD
TF-security is impossible to achieve because of the trivial attack.
19
Verifier ProverAdversaryClose Far away and malicious
(skP , pkP )skP
V (skV , pkV )
.V .P.Afar
TERRORIST FRAUD
TF-security is impossible to achieve because of the trivial attack.
19
Verifier ProverAdversaryClose Far away and malicious
(skP , pkP )skP
V (skV , pkV ) P (skP , pkP , pkV )
.V .P.Afar
TERRORIST FRAUD’TF’-SECURITY
Assumption: The malicious prover does not reveal any secret key related information to the adversary.
• Any information forwarded to a close-by adversary would allow another adversary to later pass, without a help of the prover, with the same probability.
• Extractor based definition: If V accepts, then the extractor constructs the secret key by using the view of close parties.
20
Dürholz, U., Fischlin, M., Kasper, M., & Onete, C. A formal approach to distance-bounding RFID protocols, 2011 Fischlin, M., & Onete, C. Terrorism in distance bounding: modeling terrorist-fraud resistance, 2013 Vaudenay, S. On modeling terrorist frauds, 2013
RELATIONS BETWEEN THREAT MODELS
21
TF
MiM
DH
DF
RELATIONS BETWEEN THREAT MODELS
21
TF
MiM
DH
DF
RELATIONS BETWEEN THREAT MODELS
21
TF
MiM
DH
DF
V (skV , pkP ) P (skP , pkP , pkV )
...
c1
c2
c2
cn
cn
ts1
tr1
tr2
ts2
tsn
trn
……..
c1
Echo Protocol
RELATIONS BETWEEN THREAT MODELS
21
TF
MiM
DH
DF
RELATIONS BETWEEN THREAT MODELS
21
TF
MiM
DH
DFV P’ P
A(skV , pkV , pkP , N)! s<latexit sha1_base64="bzGJGSME4BKamAkWsGxIGjbAXcU=">AAACUXicbVFLS8NAEJ7Gd31VPXpZrIJCKUksVm8+Lp6kgq1CE8pmu2mXbh7sbpQS8hc96Mn/4cWD4qatoK0fLHzzzQwz860XcyaVab4VjLn5hcWl5ZXi6tr6xmZpa7slo0QQ2iQRj8SDhyXlLKRNxRSnD7GgOPA4vfcGV3n+/pEKyaLwTg1j6ga4FzKfEay01Cn19y8OnQCrvvRTOcg6rcpPFM9EaSOr3Bw5gvX6CgsRPaHUGW3QFj3PTc3q2emJXTupmFXTrFu2lRO7XjuuZTLb75TKuZ4DzRJrQsowQaNTenG6EUkCGirCsZRty4yVm2KhGOE0KzqJpDEmA9yjbU1DHFDppqN9MnSglS7yI6FfqNBI/d2R4kDKYeDpytGB07lc/C/XTpR/6qYsjBNFQzIe5CccqQjl9qIuE5QoPtQEE8H0roj0scBE6U8oahOs6ZNnScuuWmbVurXL55cTO5ZhF/bgECyowzlcQwOaQOAZ3uETvgqvhQ8DDGNcahQmPTvwB8bqNwKAsTw=</latexit><latexit sha1_base64="bzGJGSME4BKamAkWsGxIGjbAXcU=">AAACUXicbVFLS8NAEJ7Gd31VPXpZrIJCKUksVm8+Lp6kgq1CE8pmu2mXbh7sbpQS8hc96Mn/4cWD4qatoK0fLHzzzQwz860XcyaVab4VjLn5hcWl5ZXi6tr6xmZpa7slo0QQ2iQRj8SDhyXlLKRNxRSnD7GgOPA4vfcGV3n+/pEKyaLwTg1j6ga4FzKfEay01Cn19y8OnQCrvvRTOcg6rcpPFM9EaSOr3Bw5gvX6CgsRPaHUGW3QFj3PTc3q2emJXTupmFXTrFu2lRO7XjuuZTLb75TKuZ4DzRJrQsowQaNTenG6EUkCGirCsZRty4yVm2KhGOE0KzqJpDEmA9yjbU1DHFDppqN9MnSglS7yI6FfqNBI/d2R4kDKYeDpytGB07lc/C/XTpR/6qYsjBNFQzIe5CccqQjl9qIuE5QoPtQEE8H0roj0scBE6U8oahOs6ZNnScuuWmbVurXL55cTO5ZhF/bgECyowzlcQwOaQOAZ3uETvgqvhQ8DDGNcahQmPTvwB8bqNwKAsTw=</latexit><latexit sha1_base64="bzGJGSME4BKamAkWsGxIGjbAXcU=">AAACUXicbVFLS8NAEJ7Gd31VPXpZrIJCKUksVm8+Lp6kgq1CE8pmu2mXbh7sbpQS8hc96Mn/4cWD4qatoK0fLHzzzQwz860XcyaVab4VjLn5hcWl5ZXi6tr6xmZpa7slo0QQ2iQRj8SDhyXlLKRNxRSnD7GgOPA4vfcGV3n+/pEKyaLwTg1j6ga4FzKfEay01Cn19y8OnQCrvvRTOcg6rcpPFM9EaSOr3Bw5gvX6CgsRPaHUGW3QFj3PTc3q2emJXTupmFXTrFu2lRO7XjuuZTLb75TKuZ4DzRJrQsowQaNTenG6EUkCGirCsZRty4yVm2KhGOE0KzqJpDEmA9yjbU1DHFDppqN9MnSglS7yI6FfqNBI/d2R4kDKYeDpytGB07lc/C/XTpR/6qYsjBNFQzIe5CccqQjl9qIuE5QoPtQEE8H0roj0scBE6U8oahOs6ZNnScuuWmbVurXL55cTO5ZhF/bgECyowzlcQwOaQOAZ3uETvgqvhQ8DDGNcahQmPTvwB8bqNwKAsTw=</latexit><latexit sha1_base64="bzGJGSME4BKamAkWsGxIGjbAXcU=">AAACUXicbVFLS8NAEJ7Gd31VPXpZrIJCKUksVm8+Lp6kgq1CE8pmu2mXbh7sbpQS8hc96Mn/4cWD4qatoK0fLHzzzQwz860XcyaVab4VjLn5hcWl5ZXi6tr6xmZpa7slo0QQ2iQRj8SDhyXlLKRNxRSnD7GgOPA4vfcGV3n+/pEKyaLwTg1j6ga4FzKfEay01Cn19y8OnQCrvvRTOcg6rcpPFM9EaSOr3Bw5gvX6CgsRPaHUGW3QFj3PTc3q2emJXTupmFXTrFu2lRO7XjuuZTLb75TKuZ4DzRJrQsowQaNTenG6EUkCGirCsZRty4yVm2KhGOE0KzqJpDEmA9yjbU1DHFDppqN9MnSglS7yI6FfqNBI/d2R4kDKYeDpytGB07lc/C/XTpR/6qYsjBNFQzIe5CccqQjl9qIuE5QoPtQEE8H0roj0scBE6U8oahOs6ZNnScuuWmbVurXL55cTO5ZhF/bgECyowzlcQwOaQOAZ3uETvgqvhQ8DDGNcahQmPTvwB8bqNwKAsTw=</latexit>
B(skP , pkP , pkV , N)! s0<latexit sha1_base64="yaBAKwQHRiL1bhvXQsc1pgJ+GVM=">AAACUnicbZJNTwIxEIYLfiGioh69NIJRE0JaDgI3ghdPBhNBE3ZDuqULDd2PtF0N2exvNDFe/CFePKhlwUTBSZo8885MOjOtEwquNEJvmeza+sbmVm47v1PY3dsvHhz2VBBJyro0EIF8cIhigvusq7kW7CGUjHiOYPfO5GoWv39kUvHAv9PTkNkeGfnc5ZRoIw2KvNw+tzyix8qN1SQZdCo/Xrjixb2kcnNhST4aayJl8ARjK+2gL0eOHaMqQghjXJkBrl8iA81mo4YbiTpLyoNiKc0wBlcBL6AEFtYZFF+sYUAjj/maCqJUH6NQ2zGRmlPBkrwVKRYSOiEj1jfoE48pO04bSuCpUYbQDaQ5voap+rsiJp5SU88xmemEy7GZ+F+sH2m3YcfcDyPNfDq/yI0E1AGc7RcOuWRUi6kBQiU3vUI6JpJQbV4hb5aAl0dehV6tilEV39ZKrfZiHTlwDE7AOcCgDlrgGnRAF1DwDN7BJ/jKvGY+suaXzFOzmUXNEfhj2cI3aEyxXA==</latexit><latexit sha1_base64="yaBAKwQHRiL1bhvXQsc1pgJ+GVM=">AAACUnicbZJNTwIxEIYLfiGioh69NIJRE0JaDgI3ghdPBhNBE3ZDuqULDd2PtF0N2exvNDFe/CFePKhlwUTBSZo8885MOjOtEwquNEJvmeza+sbmVm47v1PY3dsvHhz2VBBJyro0EIF8cIhigvusq7kW7CGUjHiOYPfO5GoWv39kUvHAv9PTkNkeGfnc5ZRoIw2KvNw+tzyix8qN1SQZdCo/Xrjixb2kcnNhST4aayJl8ARjK+2gL0eOHaMqQghjXJkBrl8iA81mo4YbiTpLyoNiKc0wBlcBL6AEFtYZFF+sYUAjj/maCqJUH6NQ2zGRmlPBkrwVKRYSOiEj1jfoE48pO04bSuCpUYbQDaQ5voap+rsiJp5SU88xmemEy7GZ+F+sH2m3YcfcDyPNfDq/yI0E1AGc7RcOuWRUi6kBQiU3vUI6JpJQbV4hb5aAl0dehV6tilEV39ZKrfZiHTlwDE7AOcCgDlrgGnRAF1DwDN7BJ/jKvGY+suaXzFOzmUXNEfhj2cI3aEyxXA==</latexit><latexit sha1_base64="yaBAKwQHRiL1bhvXQsc1pgJ+GVM=">AAACUnicbZJNTwIxEIYLfiGioh69NIJRE0JaDgI3ghdPBhNBE3ZDuqULDd2PtF0N2exvNDFe/CFePKhlwUTBSZo8885MOjOtEwquNEJvmeza+sbmVm47v1PY3dsvHhz2VBBJyro0EIF8cIhigvusq7kW7CGUjHiOYPfO5GoWv39kUvHAv9PTkNkeGfnc5ZRoIw2KvNw+tzyix8qN1SQZdCo/Xrjixb2kcnNhST4aayJl8ARjK+2gL0eOHaMqQghjXJkBrl8iA81mo4YbiTpLyoNiKc0wBlcBL6AEFtYZFF+sYUAjj/maCqJUH6NQ2zGRmlPBkrwVKRYSOiEj1jfoE48pO04bSuCpUYbQDaQ5voap+rsiJp5SU88xmemEy7GZ+F+sH2m3YcfcDyPNfDq/yI0E1AGc7RcOuWRUi6kBQiU3vUI6JpJQbV4hb5aAl0dehV6tilEV39ZKrfZiHTlwDE7AOcCgDlrgGnRAF1DwDN7BJ/jKvGY+suaXzFOzmUXNEfhj2cI3aEyxXA==</latexit><latexit sha1_base64="yaBAKwQHRiL1bhvXQsc1pgJ+GVM=">AAACUnicbZJNTwIxEIYLfiGioh69NIJRE0JaDgI3ghdPBhNBE3ZDuqULDd2PtF0N2exvNDFe/CFePKhlwUTBSZo8885MOjOtEwquNEJvmeza+sbmVm47v1PY3dsvHhz2VBBJyro0EIF8cIhigvusq7kW7CGUjHiOYPfO5GoWv39kUvHAv9PTkNkeGfnc5ZRoIw2KvNw+tzyix8qN1SQZdCo/Xrjixb2kcnNhST4aayJl8ARjK+2gL0eOHaMqQghjXJkBrl8iA81mo4YbiTpLyoNiKc0wBlcBL6AEFtYZFF+sYUAjj/maCqJUH6NQ2zGRmlPBkrwVKRYSOiEj1jfoE48pO04bSuCpUYbQDaQ5voap+rsiJp5SU88xmemEy7GZ+F+sH2m3YcfcDyPNfDq/yI0E1AGc7RcOuWRUi6kBQiU3vUI6JpJQbV4hb5aAl0dehV6tilEV39ZKrfZiHTlwDE7AOcCgDlrgGnRAF1DwDN7BJ/jKvGY+suaXzFOzmUXNEfhj2cI3aEyxXA==</latexit>
RELATIONS BETWEEN THREAT MODELS
21MiM
DH
DFTF’
OUTLINE
Introduction
Plain Model
Secure Hardware Model*
Conclusion
22
Handan Kılınç and Serge Vaudenay, Formal Analysis of Distance Bounding with Secure Hardware, ACNS 2018
SECURE HARDWARE MODEL(SHM)
23
Verifier Prover
Hardware
Handan Kılınç and Serge Vaudenay, Formal Analysis of Distance Bounding with Secure Hardware, ACNS 2018
SECURE HARDWARE MODEL(SHM)
23
Verifier Prover
HardwareSecure hardware are
honest parties.
Each prover possesses its own secure hardware.
The secure hardware of an honest prover can only communicate with its prover and they are both at the same location.
Handan Kılınç and Serge Vaudenay, Formal Analysis of Distance Bounding with Secure Hardware, ACNS 2018
24
SECURE HARDWARE MODEL(SHM)
Verifier Prover
Hardware
Handan Kılınç and Serge Vaudenay, Formal Analysis of Distance Bounding with Secure Hardware, ACNS 2018
24
SECURE HARDWARE MODEL(SHM)
Verifier Prover
Hardware
KV ! (skV , pkV ) KP ! (skP , pkP )
Handan Kılınç and Serge Vaudenay, Formal Analysis of Distance Bounding with Secure Hardware, ACNS 2018
24
SECURE HARDWARE MODEL(SHM)
Verifier Prover
Hardware
KV ! (skV , pkV )
V (skV , pkV )
KP ! (skP , pkP )
Handan Kılınç and Serge Vaudenay, Formal Analysis of Distance Bounding with Secure Hardware, ACNS 2018
24
SECURE HARDWARE MODEL(SHM)
Verifier Prover
Hardware
KV ! (skV , pkV )
V (skV , pkV )
KP ! (skP , pkP )
P (pkP , pkV )
Handan Kılınç and Serge Vaudenay, Formal Analysis of Distance Bounding with Secure Hardware, ACNS 2018
24
SECURE HARDWARE MODEL(SHM)
Verifier Prover
Hardware
KV ! (skV , pkV )
V (skV , pkV )
KP ! (skP , pkP )
H(skP , pkP , pkV )
P (pkP , pkV )
Handan Kılınç and Serge Vaudenay, Formal Analysis of Distance Bounding with Secure Hardware, ACNS 2018
24
SECURE HARDWARE MODEL(SHM)
Verifier Prover
Hardware
KV ! (skV , pkV )
V (skV , pkV )
KP ! (skP , pkP )
H(skP , pkP , pkV )
P (pkP , pkV )
BOutV
PoutV
Handan Kılınç and Serge Vaudenay, Formal Analysis of Distance Bounding with Secure Hardware, ACNS 2018
24
SECURE HARDWARE MODEL(SHM)
Verifier Prover
Hardware
KV ! (skV , pkV )
V (skV , pkV )
KP ! (skP , pkP )
H(skP , pkP , pkV )
P (pkP , pkV )
BOutV
PoutV
DB = (KV , KP , P, V, B, H)
Handan Kılınç and Serge Vaudenay, Formal Analysis of Distance Bounding with Secure Hardware, ACNS 2018
SECURE HARDWARE MODEL(SHM)
25
VA
P’H’
H
P
SECURE HARDWARE MODEL(SHM)
25
VA
P’H’
H
P
OutV = 1POutV = pkP
SECURE HARDWARE MODEL(SHM)
25
TF
MiM
DH
DF VA
P’H’
H
P
OutV = 1POutV = pkP
SECURE HARDWARE MODEL(SHM)
25
TF
MiM
DH
DF VA
P’H’
H
P
Secure = TF, DF, MiM, DH secure in SHM
OutV = 1POutV = pkP
PM AND SHM RELATIONSNOTATIONS
is a dummy prover algorithm in SHM which only relays the messages between the outside world and H without even using any of its input.
26
PdumV H
Pdum
donothing
27
PM AND SHM RELATIONSNOTATIONS
is the algorithm which is constructed from joining P and H in SHM. More precisely, runs P and instead of interacting with H, it executes the same computation that H would do if P had interacted.
PH
PH
27
PM AND SHM RELATIONSNOTATIONS
is the algorithm which is constructed from joining P and H in SHM. More precisely, runs P and instead of interacting with H, it executes the same computation that H would do if P had interacted.
PH
PH
V H
do AB
do CD
E do FG
do I
P
27
PM AND SHM RELATIONSNOTATIONS
is the algorithm which is constructed from joining P and H in SHM. More precisely, runs P and instead of interacting with H, it executes the same computation that H would do if P had interacted.
PH
PH
V H
do AB
do CD
E do FG
do I
P PHVdo A
Bdo CD
E do FGdo I
27
PM AND SHM RELATIONSNOTATIONS
is the algorithm which is constructed from joining P and H in SHM. More precisely, runs P and instead of interacting with H, it executes the same computation that H would do if P had interacted.
PH
PH
PHdum is the hardware algorithm H.
V H
do AB
do CD
E do FG
do I
P PHVdo A
Bdo CD
E do FGdo I
PM AND SHM RELATIONSMIM IN SHM MIM IN PM
28
Theorem 1: Let be a DB
protocol in SHM. We define in
PM. If is MiM-secure then is MiM-secure.DB0DB
)
DB0 = (KV , KP , V, PH , B)<latexit sha1_base64="XYpAZLMJ1hE2bRK2J1INdXtVmZU=">AAACF3icdVDLSgMxFM3UV62vqks3wVasMAwzdWG7EEp1UXBTwdZCW4dMmmlDMw+SjFCG/oUbf8WNC0Xc6s6/MdNWqK8DgZNz7uXee5yQUSFN80NLLSwuLa+kVzNr6xubW9ntnaYIIo5JAwcs4C0HCcKoTxqSSkZaISfIcxi5doZniX99S7iggX8lRyHpeqjvU5diJJVkZ438efUQnsJCx0NygBGLL8Z2U5//1XXY1Os3Nb16lLezOdMolkvmcRn+JpZhTpADM9Tt7HunF+DII77EDAnRtsxQdmPEJcWMjDOdSJAQ4SHqk7aiPvKI6MaTu8bwQCk96AZcPV/CiTrfESNPiJHnqMpkX/HTS8S/vHYk3VI3pn4YSeLj6SA3YlAGMAkJ9ignWLKRIghzqnaFeIA4wlJFmVEhfF0K/yfNomGZhnVZzFWqszjSYA/sgwKwwAmogBqogwbA4A48gCfwrN1rj9qL9jotTWmznl3wDdrbJ+ptnUk=</latexit><latexit sha1_base64="XYpAZLMJ1hE2bRK2J1INdXtVmZU=">AAACF3icdVDLSgMxFM3UV62vqks3wVasMAwzdWG7EEp1UXBTwdZCW4dMmmlDMw+SjFCG/oUbf8WNC0Xc6s6/MdNWqK8DgZNz7uXee5yQUSFN80NLLSwuLa+kVzNr6xubW9ntnaYIIo5JAwcs4C0HCcKoTxqSSkZaISfIcxi5doZniX99S7iggX8lRyHpeqjvU5diJJVkZ438efUQnsJCx0NygBGLL8Z2U5//1XXY1Os3Nb16lLezOdMolkvmcRn+JpZhTpADM9Tt7HunF+DII77EDAnRtsxQdmPEJcWMjDOdSJAQ4SHqk7aiPvKI6MaTu8bwQCk96AZcPV/CiTrfESNPiJHnqMpkX/HTS8S/vHYk3VI3pn4YSeLj6SA3YlAGMAkJ9ignWLKRIghzqnaFeIA4wlJFmVEhfF0K/yfNomGZhnVZzFWqszjSYA/sgwKwwAmogBqogwbA4A48gCfwrN1rj9qL9jotTWmznl3wDdrbJ+ptnUk=</latexit><latexit sha1_base64="XYpAZLMJ1hE2bRK2J1INdXtVmZU=">AAACF3icdVDLSgMxFM3UV62vqks3wVasMAwzdWG7EEp1UXBTwdZCW4dMmmlDMw+SjFCG/oUbf8WNC0Xc6s6/MdNWqK8DgZNz7uXee5yQUSFN80NLLSwuLa+kVzNr6xubW9ntnaYIIo5JAwcs4C0HCcKoTxqSSkZaISfIcxi5doZniX99S7iggX8lRyHpeqjvU5diJJVkZ438efUQnsJCx0NygBGLL8Z2U5//1XXY1Os3Nb16lLezOdMolkvmcRn+JpZhTpADM9Tt7HunF+DII77EDAnRtsxQdmPEJcWMjDOdSJAQ4SHqk7aiPvKI6MaTu8bwQCk96AZcPV/CiTrfESNPiJHnqMpkX/HTS8S/vHYk3VI3pn4YSeLj6SA3YlAGMAkJ9ignWLKRIghzqnaFeIA4wlJFmVEhfF0K/yfNomGZhnVZzFWqszjSYA/sgwKwwAmogBqogwbA4A48gCfwrN1rj9qL9jotTWmznl3wDdrbJ+ptnUk=</latexit><latexit sha1_base64="XYpAZLMJ1hE2bRK2J1INdXtVmZU=">AAACF3icdVDLSgMxFM3UV62vqks3wVasMAwzdWG7EEp1UXBTwdZCW4dMmmlDMw+SjFCG/oUbf8WNC0Xc6s6/MdNWqK8DgZNz7uXee5yQUSFN80NLLSwuLa+kVzNr6xubW9ntnaYIIo5JAwcs4C0HCcKoTxqSSkZaISfIcxi5doZniX99S7iggX8lRyHpeqjvU5diJJVkZ438efUQnsJCx0NygBGLL8Z2U5//1XXY1Os3Nb16lLezOdMolkvmcRn+JpZhTpADM9Tt7HunF+DII77EDAnRtsxQdmPEJcWMjDOdSJAQ4SHqk7aiPvKI6MaTu8bwQCk96AZcPV/CiTrfESNPiJHnqMpkX/HTS8S/vHYk3VI3pn4YSeLj6SA3YlAGMAkJ9ignWLKRIghzqnaFeIA4wlJFmVEhfF0K/yfNomGZhnVZzFWqszjSYA/sgwKwwAmogBqogwbA4A48gCfwrN1rj9qL9jotTWmznl3wDdrbJ+ptnUk=</latexit>
DB = (KV , KP , V, P, B, H)<latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit><latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit><latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit><latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit>
PM AND SHM RELATIONSMIM IN SHM MIM IN PM
28
Theorem 1: Let be a DB
protocol in SHM. We define in
PM. If is MiM-secure then is MiM-secure.DB0DB
DB0
DB
The proof is trivial by adding a hardware to every honest prover at the same location: A MiM-game against becomes a MiM-game against .
)
DB0 = (KV , KP , V, PH , B)<latexit sha1_base64="XYpAZLMJ1hE2bRK2J1INdXtVmZU=">AAACF3icdVDLSgMxFM3UV62vqks3wVasMAwzdWG7EEp1UXBTwdZCW4dMmmlDMw+SjFCG/oUbf8WNC0Xc6s6/MdNWqK8DgZNz7uXee5yQUSFN80NLLSwuLa+kVzNr6xubW9ntnaYIIo5JAwcs4C0HCcKoTxqSSkZaISfIcxi5doZniX99S7iggX8lRyHpeqjvU5diJJVkZ438efUQnsJCx0NygBGLL8Z2U5//1XXY1Os3Nb16lLezOdMolkvmcRn+JpZhTpADM9Tt7HunF+DII77EDAnRtsxQdmPEJcWMjDOdSJAQ4SHqk7aiPvKI6MaTu8bwQCk96AZcPV/CiTrfESNPiJHnqMpkX/HTS8S/vHYk3VI3pn4YSeLj6SA3YlAGMAkJ9ignWLKRIghzqnaFeIA4wlJFmVEhfF0K/yfNomGZhnVZzFWqszjSYA/sgwKwwAmogBqogwbA4A48gCfwrN1rj9qL9jotTWmznl3wDdrbJ+ptnUk=</latexit><latexit sha1_base64="XYpAZLMJ1hE2bRK2J1INdXtVmZU=">AAACF3icdVDLSgMxFM3UV62vqks3wVasMAwzdWG7EEp1UXBTwdZCW4dMmmlDMw+SjFCG/oUbf8WNC0Xc6s6/MdNWqK8DgZNz7uXee5yQUSFN80NLLSwuLa+kVzNr6xubW9ntnaYIIo5JAwcs4C0HCcKoTxqSSkZaISfIcxi5doZniX99S7iggX8lRyHpeqjvU5diJJVkZ438efUQnsJCx0NygBGLL8Z2U5//1XXY1Os3Nb16lLezOdMolkvmcRn+JpZhTpADM9Tt7HunF+DII77EDAnRtsxQdmPEJcWMjDOdSJAQ4SHqk7aiPvKI6MaTu8bwQCk96AZcPV/CiTrfESNPiJHnqMpkX/HTS8S/vHYk3VI3pn4YSeLj6SA3YlAGMAkJ9ignWLKRIghzqnaFeIA4wlJFmVEhfF0K/yfNomGZhnVZzFWqszjSYA/sgwKwwAmogBqogwbA4A48gCfwrN1rj9qL9jotTWmznl3wDdrbJ+ptnUk=</latexit><latexit sha1_base64="XYpAZLMJ1hE2bRK2J1INdXtVmZU=">AAACF3icdVDLSgMxFM3UV62vqks3wVasMAwzdWG7EEp1UXBTwdZCW4dMmmlDMw+SjFCG/oUbf8WNC0Xc6s6/MdNWqK8DgZNz7uXee5yQUSFN80NLLSwuLa+kVzNr6xubW9ntnaYIIo5JAwcs4C0HCcKoTxqSSkZaISfIcxi5doZniX99S7iggX8lRyHpeqjvU5diJJVkZ438efUQnsJCx0NygBGLL8Z2U5//1XXY1Os3Nb16lLezOdMolkvmcRn+JpZhTpADM9Tt7HunF+DII77EDAnRtsxQdmPEJcWMjDOdSJAQ4SHqk7aiPvKI6MaTu8bwQCk96AZcPV/CiTrfESNPiJHnqMpkX/HTS8S/vHYk3VI3pn4YSeLj6SA3YlAGMAkJ9ignWLKRIghzqnaFeIA4wlJFmVEhfF0K/yfNomGZhnVZzFWqszjSYA/sgwKwwAmogBqogwbA4A48gCfwrN1rj9qL9jotTWmznl3wDdrbJ+ptnUk=</latexit><latexit sha1_base64="XYpAZLMJ1hE2bRK2J1INdXtVmZU=">AAACF3icdVDLSgMxFM3UV62vqks3wVasMAwzdWG7EEp1UXBTwdZCW4dMmmlDMw+SjFCG/oUbf8WNC0Xc6s6/MdNWqK8DgZNz7uXee5yQUSFN80NLLSwuLa+kVzNr6xubW9ntnaYIIo5JAwcs4C0HCcKoTxqSSkZaISfIcxi5doZniX99S7iggX8lRyHpeqjvU5diJJVkZ438efUQnsJCx0NygBGLL8Z2U5//1XXY1Os3Nb16lLezOdMolkvmcRn+JpZhTpADM9Tt7HunF+DII77EDAnRtsxQdmPEJcWMjDOdSJAQ4SHqk7aiPvKI6MaTu8bwQCk96AZcPV/CiTrfESNPiJHnqMpkX/HTS8S/vHYk3VI3pn4YSeLj6SA3YlAGMAkJ9ignWLKRIghzqnaFeIA4wlJFmVEhfF0K/yfNomGZhnVZzFWqszjSYA/sgwKwwAmogBqogwbA4A48gCfwrN1rj9qL9jotTWmznl3wDdrbJ+ptnUk=</latexit>
DB = (KV , KP , V, P, B, H)<latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit><latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit><latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit><latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit>
PM AND SHM RELATIONSMIM IN SHM MIM IN PM
28
Theorem 1: Let be a DB
protocol in SHM. We define in
PM. If is MiM-secure then is MiM-secure.DB0DB
DB0
DB
The proof is trivial by adding a hardware to every honest prover at the same location: A MiM-game against becomes a MiM-game against .
)
.V.A.APH.
DB0 = (KV , KP , V, PH , B)<latexit sha1_base64="XYpAZLMJ1hE2bRK2J1INdXtVmZU=">AAACF3icdVDLSgMxFM3UV62vqks3wVasMAwzdWG7EEp1UXBTwdZCW4dMmmlDMw+SjFCG/oUbf8WNC0Xc6s6/MdNWqK8DgZNz7uXee5yQUSFN80NLLSwuLa+kVzNr6xubW9ntnaYIIo5JAwcs4C0HCcKoTxqSSkZaISfIcxi5doZniX99S7iggX8lRyHpeqjvU5diJJVkZ438efUQnsJCx0NygBGLL8Z2U5//1XXY1Os3Nb16lLezOdMolkvmcRn+JpZhTpADM9Tt7HunF+DII77EDAnRtsxQdmPEJcWMjDOdSJAQ4SHqk7aiPvKI6MaTu8bwQCk96AZcPV/CiTrfESNPiJHnqMpkX/HTS8S/vHYk3VI3pn4YSeLj6SA3YlAGMAkJ9ignWLKRIghzqnaFeIA4wlJFmVEhfF0K/yfNomGZhnVZzFWqszjSYA/sgwKwwAmogBqogwbA4A48gCfwrN1rj9qL9jotTWmznl3wDdrbJ+ptnUk=</latexit><latexit sha1_base64="XYpAZLMJ1hE2bRK2J1INdXtVmZU=">AAACF3icdVDLSgMxFM3UV62vqks3wVasMAwzdWG7EEp1UXBTwdZCW4dMmmlDMw+SjFCG/oUbf8WNC0Xc6s6/MdNWqK8DgZNz7uXee5yQUSFN80NLLSwuLa+kVzNr6xubW9ntnaYIIo5JAwcs4C0HCcKoTxqSSkZaISfIcxi5doZniX99S7iggX8lRyHpeqjvU5diJJVkZ438efUQnsJCx0NygBGLL8Z2U5//1XXY1Os3Nb16lLezOdMolkvmcRn+JpZhTpADM9Tt7HunF+DII77EDAnRtsxQdmPEJcWMjDOdSJAQ4SHqk7aiPvKI6MaTu8bwQCk96AZcPV/CiTrfESNPiJHnqMpkX/HTS8S/vHYk3VI3pn4YSeLj6SA3YlAGMAkJ9ignWLKRIghzqnaFeIA4wlJFmVEhfF0K/yfNomGZhnVZzFWqszjSYA/sgwKwwAmogBqogwbA4A48gCfwrN1rj9qL9jotTWmznl3wDdrbJ+ptnUk=</latexit><latexit sha1_base64="XYpAZLMJ1hE2bRK2J1INdXtVmZU=">AAACF3icdVDLSgMxFM3UV62vqks3wVasMAwzdWG7EEp1UXBTwdZCW4dMmmlDMw+SjFCG/oUbf8WNC0Xc6s6/MdNWqK8DgZNz7uXee5yQUSFN80NLLSwuLa+kVzNr6xubW9ntnaYIIo5JAwcs4C0HCcKoTxqSSkZaISfIcxi5doZniX99S7iggX8lRyHpeqjvU5diJJVkZ438efUQnsJCx0NygBGLL8Z2U5//1XXY1Os3Nb16lLezOdMolkvmcRn+JpZhTpADM9Tt7HunF+DII77EDAnRtsxQdmPEJcWMjDOdSJAQ4SHqk7aiPvKI6MaTu8bwQCk96AZcPV/CiTrfESNPiJHnqMpkX/HTS8S/vHYk3VI3pn4YSeLj6SA3YlAGMAkJ9ignWLKRIghzqnaFeIA4wlJFmVEhfF0K/yfNomGZhnVZzFWqszjSYA/sgwKwwAmogBqogwbA4A48gCfwrN1rj9qL9jotTWmznl3wDdrbJ+ptnUk=</latexit><latexit sha1_base64="XYpAZLMJ1hE2bRK2J1INdXtVmZU=">AAACF3icdVDLSgMxFM3UV62vqks3wVasMAwzdWG7EEp1UXBTwdZCW4dMmmlDMw+SjFCG/oUbf8WNC0Xc6s6/MdNWqK8DgZNz7uXee5yQUSFN80NLLSwuLa+kVzNr6xubW9ntnaYIIo5JAwcs4C0HCcKoTxqSSkZaISfIcxi5doZniX99S7iggX8lRyHpeqjvU5diJJVkZ438efUQnsJCx0NygBGLL8Z2U5//1XXY1Os3Nb16lLezOdMolkvmcRn+JpZhTpADM9Tt7HunF+DII77EDAnRtsxQdmPEJcWMjDOdSJAQ4SHqk7aiPvKI6MaTu8bwQCk96AZcPV/CiTrfESNPiJHnqMpkX/HTS8S/vHYk3VI3pn4YSeLj6SA3YlAGMAkJ9ignWLKRIghzqnaFeIA4wlJFmVEhfF0K/yfNomGZhnVZzFWqszjSYA/sgwKwwAmogBqogwbA4A48gCfwrN1rj9qL9jotTWmznl3wDdrbJ+ptnUk=</latexit>
DB = (KV , KP , V, P, B, H)<latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit><latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit><latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit><latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit>
PM AND SHM RELATIONSMIM IN SHM MIM IN PM
28
Theorem 1: Let be a DB
protocol in SHM. We define in
PM. If is MiM-secure then is MiM-secure.DB0DB
DB0
DB
The proof is trivial by adding a hardware to every honest prover at the same location: A MiM-game against becomes a MiM-game against .
)
.V.A.APH. ..V.A
.AP H
DB0 = (KV , KP , V, PH , B)<latexit sha1_base64="XYpAZLMJ1hE2bRK2J1INdXtVmZU=">AAACF3icdVDLSgMxFM3UV62vqks3wVasMAwzdWG7EEp1UXBTwdZCW4dMmmlDMw+SjFCG/oUbf8WNC0Xc6s6/MdNWqK8DgZNz7uXee5yQUSFN80NLLSwuLa+kVzNr6xubW9ntnaYIIo5JAwcs4C0HCcKoTxqSSkZaISfIcxi5doZniX99S7iggX8lRyHpeqjvU5diJJVkZ438efUQnsJCx0NygBGLL8Z2U5//1XXY1Os3Nb16lLezOdMolkvmcRn+JpZhTpADM9Tt7HunF+DII77EDAnRtsxQdmPEJcWMjDOdSJAQ4SHqk7aiPvKI6MaTu8bwQCk96AZcPV/CiTrfESNPiJHnqMpkX/HTS8S/vHYk3VI3pn4YSeLj6SA3YlAGMAkJ9ignWLKRIghzqnaFeIA4wlJFmVEhfF0K/yfNomGZhnVZzFWqszjSYA/sgwKwwAmogBqogwbA4A48gCfwrN1rj9qL9jotTWmznl3wDdrbJ+ptnUk=</latexit><latexit sha1_base64="XYpAZLMJ1hE2bRK2J1INdXtVmZU=">AAACF3icdVDLSgMxFM3UV62vqks3wVasMAwzdWG7EEp1UXBTwdZCW4dMmmlDMw+SjFCG/oUbf8WNC0Xc6s6/MdNWqK8DgZNz7uXee5yQUSFN80NLLSwuLa+kVzNr6xubW9ntnaYIIo5JAwcs4C0HCcKoTxqSSkZaISfIcxi5doZniX99S7iggX8lRyHpeqjvU5diJJVkZ438efUQnsJCx0NygBGLL8Z2U5//1XXY1Os3Nb16lLezOdMolkvmcRn+JpZhTpADM9Tt7HunF+DII77EDAnRtsxQdmPEJcWMjDOdSJAQ4SHqk7aiPvKI6MaTu8bwQCk96AZcPV/CiTrfESNPiJHnqMpkX/HTS8S/vHYk3VI3pn4YSeLj6SA3YlAGMAkJ9ignWLKRIghzqnaFeIA4wlJFmVEhfF0K/yfNomGZhnVZzFWqszjSYA/sgwKwwAmogBqogwbA4A48gCfwrN1rj9qL9jotTWmznl3wDdrbJ+ptnUk=</latexit><latexit sha1_base64="XYpAZLMJ1hE2bRK2J1INdXtVmZU=">AAACF3icdVDLSgMxFM3UV62vqks3wVasMAwzdWG7EEp1UXBTwdZCW4dMmmlDMw+SjFCG/oUbf8WNC0Xc6s6/MdNWqK8DgZNz7uXee5yQUSFN80NLLSwuLa+kVzNr6xubW9ntnaYIIo5JAwcs4C0HCcKoTxqSSkZaISfIcxi5doZniX99S7iggX8lRyHpeqjvU5diJJVkZ438efUQnsJCx0NygBGLL8Z2U5//1XXY1Os3Nb16lLezOdMolkvmcRn+JpZhTpADM9Tt7HunF+DII77EDAnRtsxQdmPEJcWMjDOdSJAQ4SHqk7aiPvKI6MaTu8bwQCk96AZcPV/CiTrfESNPiJHnqMpkX/HTS8S/vHYk3VI3pn4YSeLj6SA3YlAGMAkJ9ignWLKRIghzqnaFeIA4wlJFmVEhfF0K/yfNomGZhnVZzFWqszjSYA/sgwKwwAmogBqogwbA4A48gCfwrN1rj9qL9jotTWmznl3wDdrbJ+ptnUk=</latexit><latexit sha1_base64="XYpAZLMJ1hE2bRK2J1INdXtVmZU=">AAACF3icdVDLSgMxFM3UV62vqks3wVasMAwzdWG7EEp1UXBTwdZCW4dMmmlDMw+SjFCG/oUbf8WNC0Xc6s6/MdNWqK8DgZNz7uXee5yQUSFN80NLLSwuLa+kVzNr6xubW9ntnaYIIo5JAwcs4C0HCcKoTxqSSkZaISfIcxi5doZniX99S7iggX8lRyHpeqjvU5diJJVkZ438efUQnsJCx0NygBGLL8Z2U5//1XXY1Os3Nb16lLezOdMolkvmcRn+JpZhTpADM9Tt7HunF+DII77EDAnRtsxQdmPEJcWMjDOdSJAQ4SHqk7aiPvKI6MaTu8bwQCk96AZcPV/CiTrfESNPiJHnqMpkX/HTS8S/vHYk3VI3pn4YSeLj6SA3YlAGMAkJ9ignWLKRIghzqnaFeIA4wlJFmVEhfF0K/yfNomGZhnVZzFWqszjSYA/sgwKwwAmogBqogwbA4A48gCfwrN1rj9qL9jotTWmznl3wDdrbJ+ptnUk=</latexit>
DB = (KV , KP , V, P, B, H)<latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit><latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit><latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit><latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit>
PM AND SHM RELATIONSMIM-SECURITY IN PM WITH SECURITY IN SHM
29
PHdum ,
Theorem 2: Let be a DB in SHM and and be a DB in PM where H in corresponds H of . is MiM secure in PM if and only if is TF-secure in SHM.
DB0 DB DB0
DB
DB = (KV , KP , V, P, B, H)<latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit><latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit><latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit><latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit>
DB0 = (KV , KP , V, PHdum, B)
<latexit sha1_base64="2Q4XTbcL484TTSq9+2UNgs3waCI=">AAACHXicdVDLSgMxFM3UV62vqks3wVasUMpMFWwXQqkuCm5GsNNCW4dMmmlDMw+SjFCG/ogbf8WNC0VcuBH/xvQh1NeBwMk593LvPU7IqJC6/qElFhaXlleSq6m19Y3NrfT2jiWCiGNSxwELeNNBgjDqk7qkkpFmyAnyHEYazuB87DduCRc08K/lMCQdD/V86lKMpJLs9En2onoIz2Cu7SHZx4jFlyPbys//zDy08qYddyNvdFPLV4+ydjqjF4rlkn5chr+JUdAnyIAZTDv91u4GOPKILzFDQrQMPZSdGHFJMSOjVDsSJER4gHqkpaiPPCI68eS6ETxQShe6AVfPl3CiznfEyBNi6Dmqcry1+OmNxb+8ViTdUiemfhhJ4uPpIDdiUAZwHBXsUk6wZENFEOZU7QpxH3GEpQo0pUL4uhT+T6xiwdALxlUxU6nO4kiCPbAPcsAAp6ACasAEdYDBHXgAT+BZu9cetRftdVqa0GY9u+AbtPdPJYOgIg==</latexit><latexit sha1_base64="2Q4XTbcL484TTSq9+2UNgs3waCI=">AAACHXicdVDLSgMxFM3UV62vqks3wVasUMpMFWwXQqkuCm5GsNNCW4dMmmlDMw+SjFCG/ogbf8WNC0VcuBH/xvQh1NeBwMk593LvPU7IqJC6/qElFhaXlleSq6m19Y3NrfT2jiWCiGNSxwELeNNBgjDqk7qkkpFmyAnyHEYazuB87DduCRc08K/lMCQdD/V86lKMpJLs9En2onoIz2Cu7SHZx4jFlyPbys//zDy08qYddyNvdFPLV4+ydjqjF4rlkn5chr+JUdAnyIAZTDv91u4GOPKILzFDQrQMPZSdGHFJMSOjVDsSJER4gHqkpaiPPCI68eS6ETxQShe6AVfPl3CiznfEyBNi6Dmqcry1+OmNxb+8ViTdUiemfhhJ4uPpIDdiUAZwHBXsUk6wZENFEOZU7QpxH3GEpQo0pUL4uhT+T6xiwdALxlUxU6nO4kiCPbAPcsAAp6ACasAEdYDBHXgAT+BZu9cetRftdVqa0GY9u+AbtPdPJYOgIg==</latexit><latexit sha1_base64="2Q4XTbcL484TTSq9+2UNgs3waCI=">AAACHXicdVDLSgMxFM3UV62vqks3wVasUMpMFWwXQqkuCm5GsNNCW4dMmmlDMw+SjFCG/ogbf8WNC0VcuBH/xvQh1NeBwMk593LvPU7IqJC6/qElFhaXlleSq6m19Y3NrfT2jiWCiGNSxwELeNNBgjDqk7qkkpFmyAnyHEYazuB87DduCRc08K/lMCQdD/V86lKMpJLs9En2onoIz2Cu7SHZx4jFlyPbys//zDy08qYddyNvdFPLV4+ydjqjF4rlkn5chr+JUdAnyIAZTDv91u4GOPKILzFDQrQMPZSdGHFJMSOjVDsSJER4gHqkpaiPPCI68eS6ETxQShe6AVfPl3CiznfEyBNi6Dmqcry1+OmNxb+8ViTdUiemfhhJ4uPpIDdiUAZwHBXsUk6wZENFEOZU7QpxH3GEpQo0pUL4uhT+T6xiwdALxlUxU6nO4kiCPbAPcsAAp6ACasAEdYDBHXgAT+BZu9cetRftdVqa0GY9u+AbtPdPJYOgIg==</latexit><latexit sha1_base64="2Q4XTbcL484TTSq9+2UNgs3waCI=">AAACHXicdVDLSgMxFM3UV62vqks3wVasUMpMFWwXQqkuCm5GsNNCW4dMmmlDMw+SjFCG/ogbf8WNC0VcuBH/xvQh1NeBwMk593LvPU7IqJC6/qElFhaXlleSq6m19Y3NrfT2jiWCiGNSxwELeNNBgjDqk7qkkpFmyAnyHEYazuB87DduCRc08K/lMCQdD/V86lKMpJLs9En2onoIz2Cu7SHZx4jFlyPbys//zDy08qYddyNvdFPLV4+ydjqjF4rlkn5chr+JUdAnyIAZTDv91u4GOPKILzFDQrQMPZSdGHFJMSOjVDsSJER4gHqkpaiPPCI68eS6ETxQShe6AVfPl3CiznfEyBNi6Dmqcry1+OmNxb+8ViTdUiemfhhJ4uPpIDdiUAZwHBXsUk6wZENFEOZU7QpxH3GEpQo0pUL4uhT+T6xiwdALxlUxU6nO4kiCPbAPcsAAp6ACasAEdYDBHXgAT+BZu9cetRftdVqa0GY9u+AbtPdPJYOgIg==</latexit>
PM AND SHM RELATIONSMIM-SECURITY IN PM WITH SECURITY IN SHM
29
PHdum ,
Theorem 2: Let be a DB in SHM and and be a DB in PM where H in corresponds H of . is MiM secure in PM if and only if is TF-secure in SHM.
DB0 DB DB0
DB PHdum = H
DB = (KV , KP , V, P, B, H)<latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit><latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit><latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit><latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit>
DB0 = (KV , KP , V, PHdum, B)
<latexit sha1_base64="2Q4XTbcL484TTSq9+2UNgs3waCI=">AAACHXicdVDLSgMxFM3UV62vqks3wVasUMpMFWwXQqkuCm5GsNNCW4dMmmlDMw+SjFCG/ogbf8WNC0VcuBH/xvQh1NeBwMk593LvPU7IqJC6/qElFhaXlleSq6m19Y3NrfT2jiWCiGNSxwELeNNBgjDqk7qkkpFmyAnyHEYazuB87DduCRc08K/lMCQdD/V86lKMpJLs9En2onoIz2Cu7SHZx4jFlyPbys//zDy08qYddyNvdFPLV4+ydjqjF4rlkn5chr+JUdAnyIAZTDv91u4GOPKILzFDQrQMPZSdGHFJMSOjVDsSJER4gHqkpaiPPCI68eS6ETxQShe6AVfPl3CiznfEyBNi6Dmqcry1+OmNxb+8ViTdUiemfhhJ4uPpIDdiUAZwHBXsUk6wZENFEOZU7QpxH3GEpQo0pUL4uhT+T6xiwdALxlUxU6nO4kiCPbAPcsAAp6ACasAEdYDBHXgAT+BZu9cetRftdVqa0GY9u+AbtPdPJYOgIg==</latexit><latexit sha1_base64="2Q4XTbcL484TTSq9+2UNgs3waCI=">AAACHXicdVDLSgMxFM3UV62vqks3wVasUMpMFWwXQqkuCm5GsNNCW4dMmmlDMw+SjFCG/ogbf8WNC0VcuBH/xvQh1NeBwMk593LvPU7IqJC6/qElFhaXlleSq6m19Y3NrfT2jiWCiGNSxwELeNNBgjDqk7qkkpFmyAnyHEYazuB87DduCRc08K/lMCQdD/V86lKMpJLs9En2onoIz2Cu7SHZx4jFlyPbys//zDy08qYddyNvdFPLV4+ydjqjF4rlkn5chr+JUdAnyIAZTDv91u4GOPKILzFDQrQMPZSdGHFJMSOjVDsSJER4gHqkpaiPPCI68eS6ETxQShe6AVfPl3CiznfEyBNi6Dmqcry1+OmNxb+8ViTdUiemfhhJ4uPpIDdiUAZwHBXsUk6wZENFEOZU7QpxH3GEpQo0pUL4uhT+T6xiwdALxlUxU6nO4kiCPbAPcsAAp6ACasAEdYDBHXgAT+BZu9cetRftdVqa0GY9u+AbtPdPJYOgIg==</latexit><latexit sha1_base64="2Q4XTbcL484TTSq9+2UNgs3waCI=">AAACHXicdVDLSgMxFM3UV62vqks3wVasUMpMFWwXQqkuCm5GsNNCW4dMmmlDMw+SjFCG/ogbf8WNC0VcuBH/xvQh1NeBwMk593LvPU7IqJC6/qElFhaXlleSq6m19Y3NrfT2jiWCiGNSxwELeNNBgjDqk7qkkpFmyAnyHEYazuB87DduCRc08K/lMCQdD/V86lKMpJLs9En2onoIz2Cu7SHZx4jFlyPbys//zDy08qYddyNvdFPLV4+ydjqjF4rlkn5chr+JUdAnyIAZTDv91u4GOPKILzFDQrQMPZSdGHFJMSOjVDsSJER4gHqkpaiPPCI68eS6ETxQShe6AVfPl3CiznfEyBNi6Dmqcry1+OmNxb+8ViTdUiemfhhJ4uPpIDdiUAZwHBXsUk6wZENFEOZU7QpxH3GEpQo0pUL4uhT+T6xiwdALxlUxU6nO4kiCPbAPcsAAp6ACasAEdYDBHXgAT+BZu9cetRftdVqa0GY9u+AbtPdPJYOgIg==</latexit><latexit sha1_base64="2Q4XTbcL484TTSq9+2UNgs3waCI=">AAACHXicdVDLSgMxFM3UV62vqks3wVasUMpMFWwXQqkuCm5GsNNCW4dMmmlDMw+SjFCG/ogbf8WNC0VcuBH/xvQh1NeBwMk593LvPU7IqJC6/qElFhaXlleSq6m19Y3NrfT2jiWCiGNSxwELeNNBgjDqk7qkkpFmyAnyHEYazuB87DduCRc08K/lMCQdD/V86lKMpJLs9En2onoIz2Cu7SHZx4jFlyPbys//zDy08qYddyNvdFPLV4+ydjqjF4rlkn5chr+JUdAnyIAZTDv91u4GOPKILzFDQrQMPZSdGHFJMSOjVDsSJER4gHqkpaiPPCI68eS6ETxQShe6AVfPl3CiznfEyBNi6Dmqcry1+OmNxb+8ViTdUiemfhhJ4uPpIDdiUAZwHBXsUk6wZENFEOZU7QpxH3GEpQo0pUL4uhT+T6xiwdALxlUxU6nO4kiCPbAPcsAAp6ACasAEdYDBHXgAT+BZu9cetRftdVqa0GY9u+AbtPdPJYOgIg==</latexit>
PM AND SHM RELATIONSMIM-SECURITY IN PM WITH SECURITY IN SHM
29
PHdum ,
Theorem 2: Let be a DB in SHM and and be a DB in PM where H in corresponds H of . is MiM secure in PM if and only if is TF-secure in SHM.
DB0 DB DB0
DB
Consider a TF-game in SHM. We run this game in PM by simulating the secure hardware H of with the prover of and simulating the prover P in SHM with an actor in PM. Then, we obtain MiM-game of . If A wins the MiM-game of , then a TF adversary runs A and wins the TF-game for .
)
(
DB0 PHdum
DB0
DB0DB0
DB
PHdum = H
DB = (KV , KP , V, P, B, H)<latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit><latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit><latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit><latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit>
DB0 = (KV , KP , V, PHdum, B)
<latexit sha1_base64="2Q4XTbcL484TTSq9+2UNgs3waCI=">AAACHXicdVDLSgMxFM3UV62vqks3wVasUMpMFWwXQqkuCm5GsNNCW4dMmmlDMw+SjFCG/ogbf8WNC0VcuBH/xvQh1NeBwMk593LvPU7IqJC6/qElFhaXlleSq6m19Y3NrfT2jiWCiGNSxwELeNNBgjDqk7qkkpFmyAnyHEYazuB87DduCRc08K/lMCQdD/V86lKMpJLs9En2onoIz2Cu7SHZx4jFlyPbys//zDy08qYddyNvdFPLV4+ydjqjF4rlkn5chr+JUdAnyIAZTDv91u4GOPKILzFDQrQMPZSdGHFJMSOjVDsSJER4gHqkpaiPPCI68eS6ETxQShe6AVfPl3CiznfEyBNi6Dmqcry1+OmNxb+8ViTdUiemfhhJ4uPpIDdiUAZwHBXsUk6wZENFEOZU7QpxH3GEpQo0pUL4uhT+T6xiwdALxlUxU6nO4kiCPbAPcsAAp6ACasAEdYDBHXgAT+BZu9cetRftdVqa0GY9u+AbtPdPJYOgIg==</latexit><latexit sha1_base64="2Q4XTbcL484TTSq9+2UNgs3waCI=">AAACHXicdVDLSgMxFM3UV62vqks3wVasUMpMFWwXQqkuCm5GsNNCW4dMmmlDMw+SjFCG/ogbf8WNC0VcuBH/xvQh1NeBwMk593LvPU7IqJC6/qElFhaXlleSq6m19Y3NrfT2jiWCiGNSxwELeNNBgjDqk7qkkpFmyAnyHEYazuB87DduCRc08K/lMCQdD/V86lKMpJLs9En2onoIz2Cu7SHZx4jFlyPbys//zDy08qYddyNvdFPLV4+ydjqjF4rlkn5chr+JUdAnyIAZTDv91u4GOPKILzFDQrQMPZSdGHFJMSOjVDsSJER4gHqkpaiPPCI68eS6ETxQShe6AVfPl3CiznfEyBNi6Dmqcry1+OmNxb+8ViTdUiemfhhJ4uPpIDdiUAZwHBXsUk6wZENFEOZU7QpxH3GEpQo0pUL4uhT+T6xiwdALxlUxU6nO4kiCPbAPcsAAp6ACasAEdYDBHXgAT+BZu9cetRftdVqa0GY9u+AbtPdPJYOgIg==</latexit><latexit sha1_base64="2Q4XTbcL484TTSq9+2UNgs3waCI=">AAACHXicdVDLSgMxFM3UV62vqks3wVasUMpMFWwXQqkuCm5GsNNCW4dMmmlDMw+SjFCG/ogbf8WNC0VcuBH/xvQh1NeBwMk593LvPU7IqJC6/qElFhaXlleSq6m19Y3NrfT2jiWCiGNSxwELeNNBgjDqk7qkkpFmyAnyHEYazuB87DduCRc08K/lMCQdD/V86lKMpJLs9En2onoIz2Cu7SHZx4jFlyPbys//zDy08qYddyNvdFPLV4+ydjqjF4rlkn5chr+JUdAnyIAZTDv91u4GOPKILzFDQrQMPZSdGHFJMSOjVDsSJER4gHqkpaiPPCI68eS6ETxQShe6AVfPl3CiznfEyBNi6Dmqcry1+OmNxb+8ViTdUiemfhhJ4uPpIDdiUAZwHBXsUk6wZENFEOZU7QpxH3GEpQo0pUL4uhT+T6xiwdALxlUxU6nO4kiCPbAPcsAAp6ACasAEdYDBHXgAT+BZu9cetRftdVqa0GY9u+AbtPdPJYOgIg==</latexit><latexit sha1_base64="2Q4XTbcL484TTSq9+2UNgs3waCI=">AAACHXicdVDLSgMxFM3UV62vqks3wVasUMpMFWwXQqkuCm5GsNNCW4dMmmlDMw+SjFCG/ogbf8WNC0VcuBH/xvQh1NeBwMk593LvPU7IqJC6/qElFhaXlleSq6m19Y3NrfT2jiWCiGNSxwELeNNBgjDqk7qkkpFmyAnyHEYazuB87DduCRc08K/lMCQdD/V86lKMpJLs9En2onoIz2Cu7SHZx4jFlyPbys//zDy08qYddyNvdFPLV4+ydjqjF4rlkn5chr+JUdAnyIAZTDv91u4GOPKILzFDQrQMPZSdGHFJMSOjVDsSJER4gHqkpaiPPCI68eS6ETxQShe6AVfPl3CiznfEyBNi6Dmqcry1+OmNxb+8ViTdUiemfhhJ4uPpIDdiUAZwHBXsUk6wZENFEOZU7QpxH3GEpQo0pUL4uhT+T6xiwdALxlUxU6nO4kiCPbAPcsAAp6ACasAEdYDBHXgAT+BZu9cetRftdVqa0GY9u+AbtPdPJYOgIg==</latexit>
PM AND SHM RELATIONSWHY NOT WITH
30
PH
V(K) P(K)
for i = 1 to n
NP
NV
ci
ri
C = c1||c2||...||cn
R = r1||r2||...||rn
pick NP
pick NV
C[i] 6= ciif , abort
MiM-symDB
C||R = fK(NP , NV ) C||R = fK(NP , NV )
31
PM AND SHM RELATIONSWHY NOT WITH PH
V(K) P(K)
for i = 1 to n
NP
NV
ci
ri
C = c1||c2||...||cn
R = r1||r2||...||rn
pick NP
pick NV
C[i] 6= ciif , abort
MiM-symDB in SHM
C||R = fK(NP , NV ) C||R = fK(NP , NV )
H(K)
NV NP
ci
ri
32
PM AND SHM RELATIONSWHY NOT WITH
P H(K)V(K)
PH
32
PM AND SHM RELATIONSWHY NOT WITH
Ppick NP
H(K)V(K)
PH
32
PM AND SHM RELATIONSWHY NOT WITH
Ppick NP
H(K)V(K) NP
PH
32
PM AND SHM RELATIONSWHY NOT WITH
Ppick NP
H(K)V(K) NP
pick NV
PH
32
PM AND SHM RELATIONSWHY NOT WITH
Ppick NP
H(K)V(K) NP
NVpick NV
PH
32
PM AND SHM RELATIONSWHY NOT WITH
Ppick NP
H(K)
until find C||R
V(K) NP
NVpick NV
PH
32
PM AND SHM RELATIONSWHY NOT WITH
Ppick NP
H(K)
NP NVuntil find C||R
V(K) NP
NVpick NV
PH
32
PM AND SHM RELATIONSWHY NOT WITH
Ppick NP
H(K)
NP NVuntil find C||R
V(K) NP
NVpick NV
PH
C||R = fK(NP , NV )
32
PM AND SHM RELATIONSWHY NOT WITH
Ppick NP
H(K)
NP NVuntil find C||R
V(K)
for i = 1 to n
NP
NVpick NV
PH
C||R = fK(NP , NV )
32
PM AND SHM RELATIONSWHY NOT WITH
Ppick NP
H(K)
NP NVuntil find C||R
if C[i] = ;
V(K)
for i = 1 to n
NP
NVpick NV
PH
C||R = fK(NP , NV )
32
PM AND SHM RELATIONSWHY NOT WITH
Ppick NP
H(K)
NP NV
c0ipick
until find C||R
if C[i] = ;
V(K)
for i = 1 to n
NP
NVpick NV
PH
C||R = fK(NP , NV )
32
PM AND SHM RELATIONSWHY NOT WITH
Ppick NP
H(K)
NP NV
c0ipick
until find C||R
if C[i] = ;
else: c0i = C[i]
V(K)
for i = 1 to n
NP
NVpick NV
PH
C||R = fK(NP , NV )
32
PM AND SHM RELATIONSWHY NOT WITH
Ppick NP
H(K)
NP NV
c0ipick
until find C||R
if C[i] = ;
else: c0i = C[i]
c0i
V(K)
for i = 1 to n
NP
NVpick NV
PH
C||R = fK(NP , NV )
32
PM AND SHM RELATIONSWHY NOT WITH
Ppick NP
H(K)
NP NV
c0ipick
if , abortC[i] 6= c0i
until find C||R
if C[i] = ;
else: c0i = C[i]
c0i
V(K)
for i = 1 to n
NP
NVpick NV
PH
C||R = fK(NP , NV )
32
PM AND SHM RELATIONSWHY NOT WITH
Ppick NP
H(K)
NP NV
ri
c0ipick
if , abortC[i] 6= c0i
until find C||R
if C[i] = ;
else: c0i = C[i]
c0i
V(K)
for i = 1 to n
NP
NVpick NV
PH
C||R = fK(NP , NV )
32
PM AND SHM RELATIONSWHY NOT WITH
Ppick NP
H(K)
NP NV
ri
c0ipick
if , abortC[i] 6= c0iif not abort
C[i] = c0iR[i] = ri
until find C||R
if C[i] = ;
else: c0i = C[i]
c0i
V(K)
for i = 1 to n
NP
NVpick NV
PH
C||R = fK(NP , NV )
32
PM AND SHM RELATIONSWHY NOT WITH
Ppick NP
H(K)
NP NV
ri
c0ipick
if , abortC[i] 6= c0iif not abort
C[i] = c0iR[i] = ri
else: return beginning
until find C||R
if C[i] = ;
else: c0i = C[i]
c0i
V(K)
for i = 1 to n
NP
NVpick NV
PH
C||R = fK(NP , NV )
32
PM AND SHM RELATIONSWHY NOT WITH
Ppick NP
H(K)
NP NV
ri
c0ipick
if , abortC[i] 6= c0iif not abort
C[i] = c0iR[i] = ri
else: return beginning
until find C||R
if C[i] = ;
else: c0i = C[i]
c0i
V(K)
for i = 1 to n
NP
NV
ci ri
pick NV
PH
C||R = fK(NP , NV )
PM AND SHM RELATIONSIMPORTANT RESULTS OF THEOREM
33
Theorem 1: Let be a DB
protocol in SHM. We define in
PM. If is MiM-secure then is MiM-secure.DB0DB
DB0 = (KV , KP , V, PH , B)<latexit sha1_base64="XYpAZLMJ1hE2bRK2J1INdXtVmZU=">AAACF3icdVDLSgMxFM3UV62vqks3wVasMAwzdWG7EEp1UXBTwdZCW4dMmmlDMw+SjFCG/oUbf8WNC0Xc6s6/MdNWqK8DgZNz7uXee5yQUSFN80NLLSwuLa+kVzNr6xubW9ntnaYIIo5JAwcs4C0HCcKoTxqSSkZaISfIcxi5doZniX99S7iggX8lRyHpeqjvU5diJJVkZ438efUQnsJCx0NygBGLL8Z2U5//1XXY1Os3Nb16lLezOdMolkvmcRn+JpZhTpADM9Tt7HunF+DII77EDAnRtsxQdmPEJcWMjDOdSJAQ4SHqk7aiPvKI6MaTu8bwQCk96AZcPV/CiTrfESNPiJHnqMpkX/HTS8S/vHYk3VI3pn4YSeLj6SA3YlAGMAkJ9ignWLKRIghzqnaFeIA4wlJFmVEhfF0K/yfNomGZhnVZzFWqszjSYA/sgwKwwAmogBqogwbA4A48gCfwrN1rj9qL9jotTWmznl3wDdrbJ+ptnUk=</latexit><latexit sha1_base64="XYpAZLMJ1hE2bRK2J1INdXtVmZU=">AAACF3icdVDLSgMxFM3UV62vqks3wVasMAwzdWG7EEp1UXBTwdZCW4dMmmlDMw+SjFCG/oUbf8WNC0Xc6s6/MdNWqK8DgZNz7uXee5yQUSFN80NLLSwuLa+kVzNr6xubW9ntnaYIIo5JAwcs4C0HCcKoTxqSSkZaISfIcxi5doZniX99S7iggX8lRyHpeqjvU5diJJVkZ438efUQnsJCx0NygBGLL8Z2U5//1XXY1Os3Nb16lLezOdMolkvmcRn+JpZhTpADM9Tt7HunF+DII77EDAnRtsxQdmPEJcWMjDOdSJAQ4SHqk7aiPvKI6MaTu8bwQCk96AZcPV/CiTrfESNPiJHnqMpkX/HTS8S/vHYk3VI3pn4YSeLj6SA3YlAGMAkJ9ignWLKRIghzqnaFeIA4wlJFmVEhfF0K/yfNomGZhnVZzFWqszjSYA/sgwKwwAmogBqogwbA4A48gCfwrN1rj9qL9jotTWmznl3wDdrbJ+ptnUk=</latexit><latexit sha1_base64="XYpAZLMJ1hE2bRK2J1INdXtVmZU=">AAACF3icdVDLSgMxFM3UV62vqks3wVasMAwzdWG7EEp1UXBTwdZCW4dMmmlDMw+SjFCG/oUbf8WNC0Xc6s6/MdNWqK8DgZNz7uXee5yQUSFN80NLLSwuLa+kVzNr6xubW9ntnaYIIo5JAwcs4C0HCcKoTxqSSkZaISfIcxi5doZniX99S7iggX8lRyHpeqjvU5diJJVkZ438efUQnsJCx0NygBGLL8Z2U5//1XXY1Os3Nb16lLezOdMolkvmcRn+JpZhTpADM9Tt7HunF+DII77EDAnRtsxQdmPEJcWMjDOdSJAQ4SHqk7aiPvKI6MaTu8bwQCk96AZcPV/CiTrfESNPiJHnqMpkX/HTS8S/vHYk3VI3pn4YSeLj6SA3YlAGMAkJ9ignWLKRIghzqnaFeIA4wlJFmVEhfF0K/yfNomGZhnVZzFWqszjSYA/sgwKwwAmogBqogwbA4A48gCfwrN1rj9qL9jotTWmznl3wDdrbJ+ptnUk=</latexit><latexit sha1_base64="XYpAZLMJ1hE2bRK2J1INdXtVmZU=">AAACF3icdVDLSgMxFM3UV62vqks3wVasMAwzdWG7EEp1UXBTwdZCW4dMmmlDMw+SjFCG/oUbf8WNC0Xc6s6/MdNWqK8DgZNz7uXee5yQUSFN80NLLSwuLa+kVzNr6xubW9ntnaYIIo5JAwcs4C0HCcKoTxqSSkZaISfIcxi5doZniX99S7iggX8lRyHpeqjvU5diJJVkZ438efUQnsJCx0NygBGLL8Z2U5//1XXY1Os3Nb16lLezOdMolkvmcRn+JpZhTpADM9Tt7HunF+DII77EDAnRtsxQdmPEJcWMjDOdSJAQ4SHqk7aiPvKI6MaTu8bwQCk96AZcPV/CiTrfESNPiJHnqMpkX/HTS8S/vHYk3VI3pn4YSeLj6SA3YlAGMAkJ9ignWLKRIghzqnaFeIA4wlJFmVEhfF0K/yfNomGZhnVZzFWqszjSYA/sgwKwwAmogBqogwbA4A48gCfwrN1rj9qL9jotTWmznl3wDdrbJ+ptnUk=</latexit>
DB = (KV , KP , V, P, B, H)<latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit><latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit><latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit><latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit>
Theorem 2: Let be a DB in SHM and and be a DB in PM where H in corresponds H of . is MiM secure in PM if and only if is TF-secure in SHM.
DB0 DB DB0
DB
DB = (KV , KP , V, P, B, H)<latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit><latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit><latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit><latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit>
DB0 = (KV , KP , V, PHdum, B)
<latexit sha1_base64="2Q4XTbcL484TTSq9+2UNgs3waCI=">AAACHXicdVDLSgMxFM3UV62vqks3wVasUMpMFWwXQqkuCm5GsNNCW4dMmmlDMw+SjFCG/ogbf8WNC0VcuBH/xvQh1NeBwMk593LvPU7IqJC6/qElFhaXlleSq6m19Y3NrfT2jiWCiGNSxwELeNNBgjDqk7qkkpFmyAnyHEYazuB87DduCRc08K/lMCQdD/V86lKMpJLs9En2onoIz2Cu7SHZx4jFlyPbys//zDy08qYddyNvdFPLV4+ydjqjF4rlkn5chr+JUdAnyIAZTDv91u4GOPKILzFDQrQMPZSdGHFJMSOjVDsSJER4gHqkpaiPPCI68eS6ETxQShe6AVfPl3CiznfEyBNi6Dmqcry1+OmNxb+8ViTdUiemfhhJ4uPpIDdiUAZwHBXsUk6wZENFEOZU7QpxH3GEpQo0pUL4uhT+T6xiwdALxlUxU6nO4kiCPbAPcsAAp6ACasAEdYDBHXgAT+BZu9cetRftdVqa0GY9u+AbtPdPJYOgIg==</latexit><latexit sha1_base64="2Q4XTbcL484TTSq9+2UNgs3waCI=">AAACHXicdVDLSgMxFM3UV62vqks3wVasUMpMFWwXQqkuCm5GsNNCW4dMmmlDMw+SjFCG/ogbf8WNC0VcuBH/xvQh1NeBwMk593LvPU7IqJC6/qElFhaXlleSq6m19Y3NrfT2jiWCiGNSxwELeNNBgjDqk7qkkpFmyAnyHEYazuB87DduCRc08K/lMCQdD/V86lKMpJLs9En2onoIz2Cu7SHZx4jFlyPbys//zDy08qYddyNvdFPLV4+ydjqjF4rlkn5chr+JUdAnyIAZTDv91u4GOPKILzFDQrQMPZSdGHFJMSOjVDsSJER4gHqkpaiPPCI68eS6ETxQShe6AVfPl3CiznfEyBNi6Dmqcry1+OmNxb+8ViTdUiemfhhJ4uPpIDdiUAZwHBXsUk6wZENFEOZU7QpxH3GEpQo0pUL4uhT+T6xiwdALxlUxU6nO4kiCPbAPcsAAp6ACasAEdYDBHXgAT+BZu9cetRftdVqa0GY9u+AbtPdPJYOgIg==</latexit><latexit sha1_base64="2Q4XTbcL484TTSq9+2UNgs3waCI=">AAACHXicdVDLSgMxFM3UV62vqks3wVasUMpMFWwXQqkuCm5GsNNCW4dMmmlDMw+SjFCG/ogbf8WNC0VcuBH/xvQh1NeBwMk593LvPU7IqJC6/qElFhaXlleSq6m19Y3NrfT2jiWCiGNSxwELeNNBgjDqk7qkkpFmyAnyHEYazuB87DduCRc08K/lMCQdD/V86lKMpJLs9En2onoIz2Cu7SHZx4jFlyPbys//zDy08qYddyNvdFPLV4+ydjqjF4rlkn5chr+JUdAnyIAZTDv91u4GOPKILzFDQrQMPZSdGHFJMSOjVDsSJER4gHqkpaiPPCI68eS6ETxQShe6AVfPl3CiznfEyBNi6Dmqcry1+OmNxb+8ViTdUiemfhhJ4uPpIDdiUAZwHBXsUk6wZENFEOZU7QpxH3GEpQo0pUL4uhT+T6xiwdALxlUxU6nO4kiCPbAPcsAAp6ACasAEdYDBHXgAT+BZu9cetRftdVqa0GY9u+AbtPdPJYOgIg==</latexit><latexit sha1_base64="2Q4XTbcL484TTSq9+2UNgs3waCI=">AAACHXicdVDLSgMxFM3UV62vqks3wVasUMpMFWwXQqkuCm5GsNNCW4dMmmlDMw+SjFCG/ogbf8WNC0VcuBH/xvQh1NeBwMk593LvPU7IqJC6/qElFhaXlleSq6m19Y3NrfT2jiWCiGNSxwELeNNBgjDqk7qkkpFmyAnyHEYazuB87DduCRc08K/lMCQdD/V86lKMpJLs9En2onoIz2Cu7SHZx4jFlyPbys//zDy08qYddyNvdFPLV4+ydjqjF4rlkn5chr+JUdAnyIAZTDv91u4GOPKILzFDQrQMPZSdGHFJMSOjVDsSJER4gHqkpaiPPCI68eS6ETxQShe6AVfPl3CiznfEyBNi6Dmqcry1+OmNxb+8ViTdUiemfhhJ4uPpIDdiUAZwHBXsUk6wZENFEOZU7QpxH3GEpQo0pUL4uhT+T6xiwdALxlUxU6nO4kiCPbAPcsAAp6ACasAEdYDBHXgAT+BZu9cetRftdVqa0GY9u+AbtPdPJYOgIg==</latexit>
PM AND SHM RELATIONSIMPORTANT RESULTS OF THEOREM
33
Theorem 1: Let be a DB
protocol in SHM. We define in
PM. If is MiM-secure then is MiM-secure.DB0DB
DB0 = (KV , KP , V, PH , B)<latexit sha1_base64="XYpAZLMJ1hE2bRK2J1INdXtVmZU=">AAACF3icdVDLSgMxFM3UV62vqks3wVasMAwzdWG7EEp1UXBTwdZCW4dMmmlDMw+SjFCG/oUbf8WNC0Xc6s6/MdNWqK8DgZNz7uXee5yQUSFN80NLLSwuLa+kVzNr6xubW9ntnaYIIo5JAwcs4C0HCcKoTxqSSkZaISfIcxi5doZniX99S7iggX8lRyHpeqjvU5diJJVkZ438efUQnsJCx0NygBGLL8Z2U5//1XXY1Os3Nb16lLezOdMolkvmcRn+JpZhTpADM9Tt7HunF+DII77EDAnRtsxQdmPEJcWMjDOdSJAQ4SHqk7aiPvKI6MaTu8bwQCk96AZcPV/CiTrfESNPiJHnqMpkX/HTS8S/vHYk3VI3pn4YSeLj6SA3YlAGMAkJ9ignWLKRIghzqnaFeIA4wlJFmVEhfF0K/yfNomGZhnVZzFWqszjSYA/sgwKwwAmogBqogwbA4A48gCfwrN1rj9qL9jotTWmznl3wDdrbJ+ptnUk=</latexit><latexit sha1_base64="XYpAZLMJ1hE2bRK2J1INdXtVmZU=">AAACF3icdVDLSgMxFM3UV62vqks3wVasMAwzdWG7EEp1UXBTwdZCW4dMmmlDMw+SjFCG/oUbf8WNC0Xc6s6/MdNWqK8DgZNz7uXee5yQUSFN80NLLSwuLa+kVzNr6xubW9ntnaYIIo5JAwcs4C0HCcKoTxqSSkZaISfIcxi5doZniX99S7iggX8lRyHpeqjvU5diJJVkZ438efUQnsJCx0NygBGLL8Z2U5//1XXY1Os3Nb16lLezOdMolkvmcRn+JpZhTpADM9Tt7HunF+DII77EDAnRtsxQdmPEJcWMjDOdSJAQ4SHqk7aiPvKI6MaTu8bwQCk96AZcPV/CiTrfESNPiJHnqMpkX/HTS8S/vHYk3VI3pn4YSeLj6SA3YlAGMAkJ9ignWLKRIghzqnaFeIA4wlJFmVEhfF0K/yfNomGZhnVZzFWqszjSYA/sgwKwwAmogBqogwbA4A48gCfwrN1rj9qL9jotTWmznl3wDdrbJ+ptnUk=</latexit><latexit sha1_base64="XYpAZLMJ1hE2bRK2J1INdXtVmZU=">AAACF3icdVDLSgMxFM3UV62vqks3wVasMAwzdWG7EEp1UXBTwdZCW4dMmmlDMw+SjFCG/oUbf8WNC0Xc6s6/MdNWqK8DgZNz7uXee5yQUSFN80NLLSwuLa+kVzNr6xubW9ntnaYIIo5JAwcs4C0HCcKoTxqSSkZaISfIcxi5doZniX99S7iggX8lRyHpeqjvU5diJJVkZ438efUQnsJCx0NygBGLL8Z2U5//1XXY1Os3Nb16lLezOdMolkvmcRn+JpZhTpADM9Tt7HunF+DII77EDAnRtsxQdmPEJcWMjDOdSJAQ4SHqk7aiPvKI6MaTu8bwQCk96AZcPV/CiTrfESNPiJHnqMpkX/HTS8S/vHYk3VI3pn4YSeLj6SA3YlAGMAkJ9ignWLKRIghzqnaFeIA4wlJFmVEhfF0K/yfNomGZhnVZzFWqszjSYA/sgwKwwAmogBqogwbA4A48gCfwrN1rj9qL9jotTWmznl3wDdrbJ+ptnUk=</latexit><latexit sha1_base64="XYpAZLMJ1hE2bRK2J1INdXtVmZU=">AAACF3icdVDLSgMxFM3UV62vqks3wVasMAwzdWG7EEp1UXBTwdZCW4dMmmlDMw+SjFCG/oUbf8WNC0Xc6s6/MdNWqK8DgZNz7uXee5yQUSFN80NLLSwuLa+kVzNr6xubW9ntnaYIIo5JAwcs4C0HCcKoTxqSSkZaISfIcxi5doZniX99S7iggX8lRyHpeqjvU5diJJVkZ438efUQnsJCx0NygBGLL8Z2U5//1XXY1Os3Nb16lLezOdMolkvmcRn+JpZhTpADM9Tt7HunF+DII77EDAnRtsxQdmPEJcWMjDOdSJAQ4SHqk7aiPvKI6MaTu8bwQCk96AZcPV/CiTrfESNPiJHnqMpkX/HTS8S/vHYk3VI3pn4YSeLj6SA3YlAGMAkJ9ignWLKRIghzqnaFeIA4wlJFmVEhfF0K/yfNomGZhnVZzFWqszjSYA/sgwKwwAmogBqogwbA4A48gCfwrN1rj9qL9jotTWmznl3wDdrbJ+ptnUk=</latexit>
DB = (KV , KP , V, P, B, H)<latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit><latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit><latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit><latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit>
Theorem 2: Let be a DB in SHM and and be a DB in PM where H in corresponds H of . is MiM secure in PM if and only if is TF-secure in SHM.
DB0 DB DB0
DB PHdum = H
DB = (KV , KP , V, P, B, H)<latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit><latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit><latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit><latexit sha1_base64="3+D27Dw5judt+/m1D4NiusSz/n8=">AAACFnicdVDLSgMxFM3UV62vUZdugq1QYSwzdWG7EEp1UXAzgn1AOwyZNG1DMw+SjFCGfoUbf8WNC0Xcijv/xvQh1NeBwMk593LvPV7EqJCm+aGllpZXVtfS65mNza3tHX13ryHCmGNSxyELectDgjAakLqkkpFWxAnyPUaa3vBi4jdvCRc0DG7kKCKOj/oB7VGMpJJc/SR3WYXnMN/xkRxgxJKrsdswFn+2ARuGbVSN2nHO1bNmoVgumadl+JtYBXOKLJjDdvX3TjfEsU8CiRkSom2ZkXQSxCXFjIwznViQCOEh6pO2ogHyiXCS6VljeKSULuyFXL1Awqm62JEgX4iR76nKyb7ipzcR//LaseyVnIQGUSxJgGeDejGDMoSTjGCXcoIlGymCMKdqV4gHiCMsVZIZFcLXpfB/0igWLLNgXRezleo8jjQ4AIcgDyxwBiqgBmxQBxjcgQfwBJ61e+1Re9FeZ6Upbd6zD75Be/sENhic5g==</latexit>
DB0 = (KV , KP , V, PHdum, B)
<latexit sha1_base64="2Q4XTbcL484TTSq9+2UNgs3waCI=">AAACHXicdVDLSgMxFM3UV62vqks3wVasUMpMFWwXQqkuCm5GsNNCW4dMmmlDMw+SjFCG/ogbf8WNC0VcuBH/xvQh1NeBwMk593LvPU7IqJC6/qElFhaXlleSq6m19Y3NrfT2jiWCiGNSxwELeNNBgjDqk7qkkpFmyAnyHEYazuB87DduCRc08K/lMCQdD/V86lKMpJLs9En2onoIz2Cu7SHZx4jFlyPbys//zDy08qYddyNvdFPLV4+ydjqjF4rlkn5chr+JUdAnyIAZTDv91u4GOPKILzFDQrQMPZSdGHFJMSOjVDsSJER4gHqkpaiPPCI68eS6ETxQShe6AVfPl3CiznfEyBNi6Dmqcry1+OmNxb+8ViTdUiemfhhJ4uPpIDdiUAZwHBXsUk6wZENFEOZU7QpxH3GEpQo0pUL4uhT+T6xiwdALxlUxU6nO4kiCPbAPcsAAp6ACasAEdYDBHXgAT+BZu9cetRftdVqa0GY9u+AbtPdPJYOgIg==</latexit><latexit sha1_base64="2Q4XTbcL484TTSq9+2UNgs3waCI=">AAACHXicdVDLSgMxFM3UV62vqks3wVasUMpMFWwXQqkuCm5GsNNCW4dMmmlDMw+SjFCG/ogbf8WNC0VcuBH/xvQh1NeBwMk593LvPU7IqJC6/qElFhaXlleSq6m19Y3NrfT2jiWCiGNSxwELeNNBgjDqk7qkkpFmyAnyHEYazuB87DduCRc08K/lMCQdD/V86lKMpJLs9En2onoIz2Cu7SHZx4jFlyPbys//zDy08qYddyNvdFPLV4+ydjqjF4rlkn5chr+JUdAnyIAZTDv91u4GOPKILzFDQrQMPZSdGHFJMSOjVDsSJER4gHqkpaiPPCI68eS6ETxQShe6AVfPl3CiznfEyBNi6Dmqcry1+OmNxb+8ViTdUiemfhhJ4uPpIDdiUAZwHBXsUk6wZENFEOZU7QpxH3GEpQo0pUL4uhT+T6xiwdALxlUxU6nO4kiCPbAPcsAAp6ACasAEdYDBHXgAT+BZu9cetRftdVqa0GY9u+AbtPdPJYOgIg==</latexit><latexit sha1_base64="2Q4XTbcL484TTSq9+2UNgs3waCI=">AAACHXicdVDLSgMxFM3UV62vqks3wVasUMpMFWwXQqkuCm5GsNNCW4dMmmlDMw+SjFCG/ogbf8WNC0VcuBH/xvQh1NeBwMk593LvPU7IqJC6/qElFhaXlleSq6m19Y3NrfT2jiWCiGNSxwELeNNBgjDqk7qkkpFmyAnyHEYazuB87DduCRc08K/lMCQdD/V86lKMpJLs9En2onoIz2Cu7SHZx4jFlyPbys//zDy08qYddyNvdFPLV4+ydjqjF4rlkn5chr+JUdAnyIAZTDv91u4GOPKILzFDQrQMPZSdGHFJMSOjVDsSJER4gHqkpaiPPCI68eS6ETxQShe6AVfPl3CiznfEyBNi6Dmqcry1+OmNxb+8ViTdUiemfhhJ4uPpIDdiUAZwHBXsUk6wZENFEOZU7QpxH3GEpQo0pUL4uhT+T6xiwdALxlUxU6nO4kiCPbAPcsAAp6ACasAEdYDBHXgAT+BZu9cetRftdVqa0GY9u+AbtPdPJYOgIg==</latexit><latexit sha1_base64="2Q4XTbcL484TTSq9+2UNgs3waCI=">AAACHXicdVDLSgMxFM3UV62vqks3wVasUMpMFWwXQqkuCm5GsNNCW4dMmmlDMw+SjFCG/ogbf8WNC0VcuBH/xvQh1NeBwMk593LvPU7IqJC6/qElFhaXlleSq6m19Y3NrfT2jiWCiGNSxwELeNNBgjDqk7qkkpFmyAnyHEYazuB87DduCRc08K/lMCQdD/V86lKMpJLs9En2onoIz2Cu7SHZx4jFlyPbys//zDy08qYddyNvdFPLV4+ydjqjF4rlkn5chr+JUdAnyIAZTDv91u4GOPKILzFDQrQMPZSdGHFJMSOjVDsSJER4gHqkpaiPPCI68eS6ETxQShe6AVfPl3CiznfEyBNi6Dmqcry1+OmNxb+8ViTdUiemfhhJ4uPpIDdiUAZwHBXsUk6wZENFEOZU7QpxH3GEpQo0pUL4uhT+T6xiwdALxlUxU6nO4kiCPbAPcsAAp6ACasAEdYDBHXgAT+BZu9cetRftdVqa0GY9u+AbtPdPJYOgIg==</latexit>
PM AND SHM RELATIONSIMPORTANT RESULTS OF THEOREMS
We can conclude if is MiM-secure and correct DB protocol, then we can construct a secure DB protocol . SHM for any algorithm P. is further correct when .
In order to prove security of in SHM, it is enough to prove MiM-security of in PM.
MiM security and security of a DB protocol . in SHM are equivalent if due to Theorem 1 and Theorem 2. Note that this result may not hold without . .
34
Pdum
P = Pdum
DB
P = Pdum
DB0 = (KV , KP , V, PHdum, B)
<latexit sha1_base64="2Q4XTbcL484TTSq9+2UNgs3waCI=">AAACHXicdVDLSgMxFM3UV62vqks3wVasUMpMFWwXQqkuCm5GsNNCW4dMmmlDMw+SjFCG/ogbf8WNC0VcuBH/xvQh1NeBwMk593LvPU7IqJC6/qElFhaXlleSq6m19Y3NrfT2jiWCiGNSxwELeNNBgjDqk7qkkpFmyAnyHEYazuB87DduCRc08K/lMCQdD/V86lKMpJLs9En2onoIz2Cu7SHZx4jFlyPbys//zDy08qYddyNvdFPLV4+ydjqjF4rlkn5chr+JUdAnyIAZTDv91u4GOPKILzFDQrQMPZSdGHFJMSOjVDsSJER4gHqkpaiPPCI68eS6ETxQShe6AVfPl3CiznfEyBNi6Dmqcry1+OmNxb+8ViTdUiemfhhJ4uPpIDdiUAZwHBXsUk6wZENFEOZU7QpxH3GEpQo0pUL4uhT+T6xiwdALxlUxU6nO4kiCPbAPcsAAp6ACasAEdYDBHXgAT+BZu9cetRftdVqa0GY9u+AbtPdPJYOgIg==</latexit><latexit sha1_base64="2Q4XTbcL484TTSq9+2UNgs3waCI=">AAACHXicdVDLSgMxFM3UV62vqks3wVasUMpMFWwXQqkuCm5GsNNCW4dMmmlDMw+SjFCG/ogbf8WNC0VcuBH/xvQh1NeBwMk593LvPU7IqJC6/qElFhaXlleSq6m19Y3NrfT2jiWCiGNSxwELeNNBgjDqk7qkkpFmyAnyHEYazuB87DduCRc08K/lMCQdD/V86lKMpJLs9En2onoIz2Cu7SHZx4jFlyPbys//zDy08qYddyNvdFPLV4+ydjqjF4rlkn5chr+JUdAnyIAZTDv91u4GOPKILzFDQrQMPZSdGHFJMSOjVDsSJER4gHqkpaiPPCI68eS6ETxQShe6AVfPl3CiznfEyBNi6Dmqcry1+OmNxb+8ViTdUiemfhhJ4uPpIDdiUAZwHBXsUk6wZENFEOZU7QpxH3GEpQo0pUL4uhT+T6xiwdALxlUxU6nO4kiCPbAPcsAAp6ACasAEdYDBHXgAT+BZu9cetRftdVqa0GY9u+AbtPdPJYOgIg==</latexit><latexit sha1_base64="2Q4XTbcL484TTSq9+2UNgs3waCI=">AAACHXicdVDLSgMxFM3UV62vqks3wVasUMpMFWwXQqkuCm5GsNNCW4dMmmlDMw+SjFCG/ogbf8WNC0VcuBH/xvQh1NeBwMk593LvPU7IqJC6/qElFhaXlleSq6m19Y3NrfT2jiWCiGNSxwELeNNBgjDqk7qkkpFmyAnyHEYazuB87DduCRc08K/lMCQdD/V86lKMpJLs9En2onoIz2Cu7SHZx4jFlyPbys//zDy08qYddyNvdFPLV4+ydjqjF4rlkn5chr+JUdAnyIAZTDv91u4GOPKILzFDQrQMPZSdGHFJMSOjVDsSJER4gHqkpaiPPCI68eS6ETxQShe6AVfPl3CiznfEyBNi6Dmqcry1+OmNxb+8ViTdUiemfhhJ4uPpIDdiUAZwHBXsUk6wZENFEOZU7QpxH3GEpQo0pUL4uhT+T6xiwdALxlUxU6nO4kiCPbAPcsAAp6ACasAEdYDBHXgAT+BZu9cetRftdVqa0GY9u+AbtPdPJYOgIg==</latexit><latexit sha1_base64="2Q4XTbcL484TTSq9+2UNgs3waCI=">AAACHXicdVDLSgMxFM3UV62vqks3wVasUMpMFWwXQqkuCm5GsNNCW4dMmmlDMw+SjFCG/ogbf8WNC0VcuBH/xvQh1NeBwMk593LvPU7IqJC6/qElFhaXlleSq6m19Y3NrfT2jiWCiGNSxwELeNNBgjDqk7qkkpFmyAnyHEYazuB87DduCRc08K/lMCQdD/V86lKMpJLs9En2onoIz2Cu7SHZx4jFlyPbys//zDy08qYddyNvdFPLV4+ydjqjF4rlkn5chr+JUdAnyIAZTDv91u4GOPKILzFDQrQMPZSdGHFJMSOjVDsSJER4gHqkpaiPPCI68eS6ETxQShe6AVfPl3CiznfEyBNi6Dmqcry1+OmNxb+8ViTdUiemfhhJ4uPpIDdiUAZwHBXsUk6wZENFEOZU7QpxH3GEpQo0pUL4uhT+T6xiwdALxlUxU6nO4kiCPbAPcsAAp6ACasAEdYDBHXgAT+BZu9cetRftdVqa0GY9u+AbtPdPJYOgIg==</latexit>
DB = (KP , KP , V, P, B, H)
DB = (KP , KP , V, P, B, H)DB0 = (KV , KP , V, PH
dum, B)<latexit sha1_base64="2Q4XTbcL484TTSq9+2UNgs3waCI=">AAACHXicdVDLSgMxFM3UV62vqks3wVasUMpMFWwXQqkuCm5GsNNCW4dMmmlDMw+SjFCG/ogbf8WNC0VcuBH/xvQh1NeBwMk593LvPU7IqJC6/qElFhaXlleSq6m19Y3NrfT2jiWCiGNSxwELeNNBgjDqk7qkkpFmyAnyHEYazuB87DduCRc08K/lMCQdD/V86lKMpJLs9En2onoIz2Cu7SHZx4jFlyPbys//zDy08qYddyNvdFPLV4+ydjqjF4rlkn5chr+JUdAnyIAZTDv91u4GOPKILzFDQrQMPZSdGHFJMSOjVDsSJER4gHqkpaiPPCI68eS6ETxQShe6AVfPl3CiznfEyBNi6Dmqcry1+OmNxb+8ViTdUiemfhhJ4uPpIDdiUAZwHBXsUk6wZENFEOZU7QpxH3GEpQo0pUL4uhT+T6xiwdALxlUxU6nO4kiCPbAPcsAAp6ACasAEdYDBHXgAT+BZu9cetRftdVqa0GY9u+AbtPdPJYOgIg==</latexit><latexit sha1_base64="2Q4XTbcL484TTSq9+2UNgs3waCI=">AAACHXicdVDLSgMxFM3UV62vqks3wVasUMpMFWwXQqkuCm5GsNNCW4dMmmlDMw+SjFCG/ogbf8WNC0VcuBH/xvQh1NeBwMk593LvPU7IqJC6/qElFhaXlleSq6m19Y3NrfT2jiWCiGNSxwELeNNBgjDqk7qkkpFmyAnyHEYazuB87DduCRc08K/lMCQdD/V86lKMpJLs9En2onoIz2Cu7SHZx4jFlyPbys//zDy08qYddyNvdFPLV4+ydjqjF4rlkn5chr+JUdAnyIAZTDv91u4GOPKILzFDQrQMPZSdGHFJMSOjVDsSJER4gHqkpaiPPCI68eS6ETxQShe6AVfPl3CiznfEyBNi6Dmqcry1+OmNxb+8ViTdUiemfhhJ4uPpIDdiUAZwHBXsUk6wZENFEOZU7QpxH3GEpQo0pUL4uhT+T6xiwdALxlUxU6nO4kiCPbAPcsAAp6ACasAEdYDBHXgAT+BZu9cetRftdVqa0GY9u+AbtPdPJYOgIg==</latexit><latexit sha1_base64="2Q4XTbcL484TTSq9+2UNgs3waCI=">AAACHXicdVDLSgMxFM3UV62vqks3wVasUMpMFWwXQqkuCm5GsNNCW4dMmmlDMw+SjFCG/ogbf8WNC0VcuBH/xvQh1NeBwMk593LvPU7IqJC6/qElFhaXlleSq6m19Y3NrfT2jiWCiGNSxwELeNNBgjDqk7qkkpFmyAnyHEYazuB87DduCRc08K/lMCQdD/V86lKMpJLs9En2onoIz2Cu7SHZx4jFlyPbys//zDy08qYddyNvdFPLV4+ydjqjF4rlkn5chr+JUdAnyIAZTDv91u4GOPKILzFDQrQMPZSdGHFJMSOjVDsSJER4gHqkpaiPPCI68eS6ETxQShe6AVfPl3CiznfEyBNi6Dmqcry1+OmNxb+8ViTdUiemfhhJ4uPpIDdiUAZwHBXsUk6wZENFEOZU7QpxH3GEpQo0pUL4uhT+T6xiwdALxlUxU6nO4kiCPbAPcsAAp6ACasAEdYDBHXgAT+BZu9cetRftdVqa0GY9u+AbtPdPJYOgIg==</latexit><latexit sha1_base64="2Q4XTbcL484TTSq9+2UNgs3waCI=">AAACHXicdVDLSgMxFM3UV62vqks3wVasUMpMFWwXQqkuCm5GsNNCW4dMmmlDMw+SjFCG/ogbf8WNC0VcuBH/xvQh1NeBwMk593LvPU7IqJC6/qElFhaXlleSq6m19Y3NrfT2jiWCiGNSxwELeNNBgjDqk7qkkpFmyAnyHEYazuB87DduCRc08K/lMCQdD/V86lKMpJLs9En2onoIz2Cu7SHZx4jFlyPbys//zDy08qYddyNvdFPLV4+ydjqjF4rlkn5chr+JUdAnyIAZTDv91u4GOPKILzFDQrQMPZSdGHFJMSOjVDsSJER4gHqkpaiPPCI68eS6ETxQShe6AVfPl3CiznfEyBNi6Dmqcry1+OmNxb+8ViTdUiemfhhJ4uPpIDdiUAZwHBXsUk6wZENFEOZU7QpxH3GEpQo0pUL4uhT+T6xiwdALxlUxU6nO4kiCPbAPcsAAp6ACasAEdYDBHXgAT+BZu9cetRftdVqa0GY9u+AbtPdPJYOgIg==</latexit>
DB0 = (KV , KP , V, PHdum, B)
<latexit sha1_base64="2Q4XTbcL484TTSq9+2UNgs3waCI=">AAACHXicdVDLSgMxFM3UV62vqks3wVasUMpMFWwXQqkuCm5GsNNCW4dMmmlDMw+SjFCG/ogbf8WNC0VcuBH/xvQh1NeBwMk593LvPU7IqJC6/qElFhaXlleSq6m19Y3NrfT2jiWCiGNSxwELeNNBgjDqk7qkkpFmyAnyHEYazuB87DduCRc08K/lMCQdD/V86lKMpJLs9En2onoIz2Cu7SHZx4jFlyPbys//zDy08qYddyNvdFPLV4+ydjqjF4rlkn5chr+JUdAnyIAZTDv91u4GOPKILzFDQrQMPZSdGHFJMSOjVDsSJER4gHqkpaiPPCI68eS6ETxQShe6AVfPl3CiznfEyBNi6Dmqcry1+OmNxb+8ViTdUiemfhhJ4uPpIDdiUAZwHBXsUk6wZENFEOZU7QpxH3GEpQo0pUL4uhT+T6xiwdALxlUxU6nO4kiCPbAPcsAAp6ACasAEdYDBHXgAT+BZu9cetRftdVqa0GY9u+AbtPdPJYOgIg==</latexit><latexit sha1_base64="2Q4XTbcL484TTSq9+2UNgs3waCI=">AAACHXicdVDLSgMxFM3UV62vqks3wVasUMpMFWwXQqkuCm5GsNNCW4dMmmlDMw+SjFCG/ogbf8WNC0VcuBH/xvQh1NeBwMk593LvPU7IqJC6/qElFhaXlleSq6m19Y3NrfT2jiWCiGNSxwELeNNBgjDqk7qkkpFmyAnyHEYazuB87DduCRc08K/lMCQdD/V86lKMpJLs9En2onoIz2Cu7SHZx4jFlyPbys//zDy08qYddyNvdFPLV4+ydjqjF4rlkn5chr+JUdAnyIAZTDv91u4GOPKILzFDQrQMPZSdGHFJMSOjVDsSJER4gHqkpaiPPCI68eS6ETxQShe6AVfPl3CiznfEyBNi6Dmqcry1+OmNxb+8ViTdUiemfhhJ4uPpIDdiUAZwHBXsUk6wZENFEOZU7QpxH3GEpQo0pUL4uhT+T6xiwdALxlUxU6nO4kiCPbAPcsAAp6ACasAEdYDBHXgAT+BZu9cetRftdVqa0GY9u+AbtPdPJYOgIg==</latexit><latexit sha1_base64="2Q4XTbcL484TTSq9+2UNgs3waCI=">AAACHXicdVDLSgMxFM3UV62vqks3wVasUMpMFWwXQqkuCm5GsNNCW4dMmmlDMw+SjFCG/ogbf8WNC0VcuBH/xvQh1NeBwMk593LvPU7IqJC6/qElFhaXlleSq6m19Y3NrfT2jiWCiGNSxwELeNNBgjDqk7qkkpFmyAnyHEYazuB87DduCRc08K/lMCQdD/V86lKMpJLs9En2onoIz2Cu7SHZx4jFlyPbys//zDy08qYddyNvdFPLV4+ydjqjF4rlkn5chr+JUdAnyIAZTDv91u4GOPKILzFDQrQMPZSdGHFJMSOjVDsSJER4gHqkpaiPPCI68eS6ETxQShe6AVfPl3CiznfEyBNi6Dmqcry1+OmNxb+8ViTdUiemfhhJ4uPpIDdiUAZwHBXsUk6wZENFEOZU7QpxH3GEpQo0pUL4uhT+T6xiwdALxlUxU6nO4kiCPbAPcsAAp6ACasAEdYDBHXgAT+BZu9cetRftdVqa0GY9u+AbtPdPJYOgIg==</latexit><latexit sha1_base64="2Q4XTbcL484TTSq9+2UNgs3waCI=">AAACHXicdVDLSgMxFM3UV62vqks3wVasUMpMFWwXQqkuCm5GsNNCW4dMmmlDMw+SjFCG/ogbf8WNC0VcuBH/xvQh1NeBwMk593LvPU7IqJC6/qElFhaXlleSq6m19Y3NrfT2jiWCiGNSxwELeNNBgjDqk7qkkpFmyAnyHEYazuB87DduCRc08K/lMCQdD/V86lKMpJLs9En2onoIz2Cu7SHZx4jFlyPbys//zDy08qYddyNvdFPLV4+ydjqjF4rlkn5chr+JUdAnyIAZTDv91u4GOPKILzFDQrQMPZSdGHFJMSOjVDsSJER4gHqkpaiPPCI68eS6ETxQShe6AVfPl3CiznfEyBNi6Dmqcry1+OmNxb+8ViTdUiemfhhJ4uPpIDdiUAZwHBXsUk6wZENFEOZU7QpxH3GEpQo0pUL4uhT+T6xiwdALxlUxU6nO4kiCPbAPcsAAp6ACasAEdYDBHXgAT+BZu9cetRftdVqa0GY9u+AbtPdPJYOgIg==</latexit>
PM AND SHM RELATIONSIMPORTANT RESULTS OF THE THEOREM
35
TF
MiM
DH
DF TF MiM DH DF
Security Implications in PM and SHM
Security Implicationsin SHM with
Pdum
OUTLINE
Introduction
Plain Model
Secure Hardware Model
Conclusion
36
CONCLUSION
We have to consider MiM, DF, DH and TF security in a distance bounding protocol.
In plain model, it is not possible to achieve TF-security because of the trivial attack.
In secure hardware model, it is possible to prevent the trivial attack, so we can have TF-security.
Constructing secure protocols in SHM are easier and more efficient than PM.
We have following relations between PM and SHM
• MiM in SHM MiM in PM
• MiM-security in PM with Security in SHM
• If the prover algorithm is dummy one then MiM-security in SHM Security in SHM
37
)PH
dum
,,
Innovations in permutation-based crypto
Joan Daemen1,2
based on joint work withGuido Bertoni3, Seth Hoffert, Michaël Peeters1, Gilles Van Assche1 and RonnyVan Keer1
Cryptacus Training School, Azores, April 17, 20181STMicroelectronics 2Radboud University 3Security Pattern
1
Message authentication (MAC)
plaintext
plaintext
4
Authenticated encryption
nonce
plaintext = ciphertext
plaintext
5
String sequence input and incrementality
packet #1 packet #2 packet #3
packet #1 packet #2 packet #3
FK(P(3) P(2) P(1)
)
6
Session authenticated encryption (SAE) [KT, SAC 2011]
K, N1
T(0)
A(1) P(1)
C(1) T(1)
A(2) P(2)
C(2) T(3)
A(3) P(3)
C(3) T(2)
Initialization taking nonce NT← 0t + FK (N)
history← Nreturn tag T of length t
Wrap taking metadata A and plaintext PC← P+ FK (A history)
T← 0t + FK (C A history)
history← C A historyreturn ciphertext C of length |P| and tag T of length t
7
Synthetic initialization value (SIV) of [KT, eprint 2016/1188]
A
P
FK FK
T C
Unwrap taking metadata A, ciphertext C and tag TP← C+ FK (T A)τ ← 0t + FK (P A)if τ = T then return error!else return plaintext P of length |C|
Variant of SIV of [Rogaway & Shrimpton, EC 2006]
8
How to build a PRF?
By icelight (flickr.com)
9
Sponge [Keccak Team, Ecrypt 2008]
input output
outerinner
0
0
r
c
f f f f f f
absorbing squeezing
Taking K as first part of input gives a PRF
10
More efficient: donkeySponge [Keccak Team, DIAC 2012]
11
Incrementality: duplex [Keccak Team, SAC 2011]
0
0
r
c
outerinner
initialize
pad trunc
f
duplexing
σ0 Z0
pad trunc
f
duplexing
σ1 Z1
pad trunc
f
duplexing
σ2 Z2
…
12
More efficient: MonkeyDuplex [Keccak Team, DIAC 2012]
Instances:
Ketje [Keccak Team, now extended with Ronny Van Keer, CAESAR 2014] + half a dozen other CAESAR submissions
13
Consolidation: Full-state keyed duplex
±
Kf
iv
Z ¾
f
Z ¾
f
Z ¾
…
[Mennink, Reyhanitabar, & Vizar, Asiacrypt 2015]
[Daemen, Mennink & Van Assche, Asiacrypt 2017]
14
SAE with full-state keyed duplex: Motorist [KT, Keyak 2015]
0 SUV1
T(0)
A(1)P(1)
C(1) T(1)
P(2)
C(2) T(2)
A(3)
T(3)
15
How to build a parallelizable PRF?
by Barilla Food Service
16
Farfalle: early attempt [KT 2014-2016]
0k f
M0
1k f
M1
ik f
Mi
… …
f
k
0 Z0
f
k
1 Z1
f
k
j Zj
Similar to Protected Counter Sums [Bernstein, “stretch”, JOC 1999]
Problem: collisions with higher-order differentials if f has low degree
17
Farfalle now [Keccak Team + Seth Hoffert, ToSC 2018]
pc
c
m0
k
pc
c
m1
k
…
pc
i c
mi
k
pee
z0
k′
pee
z1
k′
…
peje
zj
k′
K∥10∗ pb
i+2c
pd
Input mask rolling and pc against accumulator collisions State rolling, pe and output mask against state retrieval atoutput
Middle pd against higher-order DC Input-output attacks have to deal with pe pd pc
18
Kravatte as in TOSC 2018
fm0
k
fm1
k
…
f
i
mi
k
f z0
k′
f z1
k′
…
fj zj
k′
K∥10∗ f
i+2
f
Target security: 128 bits, incl. multi-target and quantum adv. pi = Keccak-p[1600] with # rounds 6666 : Achouffe configuration Input mask rolling with LFSR, state rolling with NLFSR
19
In which sense is Kravatte lightweight?
fm0
k
fm1
k
…
f
i
mi
k
f z0
k′
f z1
k′
…
fj zj
k′
K∥10∗ f
i+2
f
Workload per round (in HW or bit-slice SW)• AES: 16 XORs and 4 AND per bit• Keccak-p: 3 XORs and 1 AND per bit
Number of rounds• AES CBC or CTR: 10 rounds• Kravatte compress or expand: 6 rounds
Disadvantage of Kravatte: 200-byte granularity
20
by Perrie Nicholas Smith (perriesmith.deviantart.com)
21
Gimli [Bernstein, Kölbl, Lucks, Massolino, Mendel, Nawaz, Schneider, Schwabe, Stan-daert, Todo, Viguier, CHES 2017]
Ideal size and shape: 48 bytes in 12 words of 32 bits• compact on low-end: fits registers of ARM Cortex M3/M4• fast on high-end: suitable for SIMD
For low-end platforms: locality of operations to limit swapping• limits diffusion, see e.g. [Mike Hamburg, 2017]• no problem for nominal number of rounds: 24• not clear how many rounds needed in Farfalle
22
Xoodoo · [noun, mythical] · /zu: du:/ · Alpinemammal that lives in compact herds, can surviveavalanches and is appreciated for the wide trails itcreates in the landscape. Despite its fluffy appear-ance it is very robust and does not get distracted byside channels.
23
Xoodoo [Keccak team with Seth Hoffert and Johan De Meulder]
https://github.com/XoodooTeam/Xoodoo
384-bit permutation
Main purpose: usage in Farfalle: XooPRF• Achouffe configuration• Full-state rolling functions• Efficient on wide range of platforms
But also for• small-state authenticated encryption, Ketje style• sponge-based hashing, …
Keccak-p philosophy ported to Gimli dimensions 3× 4× 32! 24
Xoodoo state
x
y
z
statex
y
z
plane
x
y
z
lanex
y
z
column
State: 3 horizontal planes each consisting of 4 lanes
25
Xoodoo round function
θ
ρwest
χ
ρeast
Iterated: nr rounds that differ only by round constant
26
Nonlinear mapping χ
Effect on one plane:
0
1
2
complement
χ as in Keccak-p, operating on 3-bit columns Involution and same propagation differentially and linearly
27
Mixing layer θ
+ =
column parity θ-effect
fold
Column parity mixer: compute parity, fold and add to state good average diffusion, identity for states in kernel
28
Plane shift ρeast
0
1
2shift (2,8)
shift (0,1)
After χ and before θ
Shifts planes y = 1 and y = 2 over different directions
29
Plane shift ρwest
0
1
2shift (0,11)
shift (1,0)
After θ and before χ
Shifts planes y = 1 and y = 2 over different directions
30
Xoodoo pseudocodenr rounds from i = 1− nr to 0, with a 5-step round function:
θ :P← A0 + A1 + A2E← P ≪ (1, 5) + P ≪ (1, 14)Ay ← Ay + E for y ∈ 0, 1, 2
ρwest :A1 ← A1 ≪ (1, 0)A2 ← A2 ≪ (0, 11)
ι :A0,0 ← A0,0 + rci
χ :B0 ← A1 · A2B1 ← A2 · A0B2 ← A0 · A1Ay ← Ay + By for y ∈ 0, 1, 2
ρeast :A1 ← A1 ≪ (0, 1)A2 ← A2 ≪ (2, 8)
31
Xoodoo software performance
width cycles/byte per roundARM Intel
bytes Cortex M3 SkylakeKeccak-p[1600] 200 2.44 0.080ChaCha 64 0.69 0.059Gimli 48 0.91 0.074∗Xoodoo 48 1.20 0.083
∗ on Intel Haswell
32
Xoodoo diffusion and confusion
Trail bounds, using [Mella, Daemen, Van Assche, ToSC 2016]:
min. trail weights# rounds diff. linear
1 2 22 8 83 36 366 ≥ 100 ≥ 100
Strict Avalanche Criterion (SAC) [Webster, Tavares, Crypto ’85]A mapping satisfies SAC if flipping an input bit will make eachoutput bit flip with probability close to 1/2
Xoodoo satisfies SAC
after 3 rounds in forward direction after 2 rounds in backward direction
33
Do you think this is interesting?
I’m hiring!PhD positions, starting September
Scope:
Propagation in Xoodoo-like functions• computer-assisted bound proving• mathematical unification of attacks
Interaction between modes and permutations Impact of key schedule in block ciphers DPA vulnerability of Xoodoo-like functions …
34
Thanks for your attention!
θ
ρwest
χ
ρeast
35
Slide 1
Body Impedance for Authentication, KeyGeneration and Device Pairing
Kasper [email protected]
University of Oxford
April 18, 2018
Body Impeedence Biometric
Slide 3
Body Impeedence (Pulse Response)
• Pulse signal applied to the palm of one hand.• The biometric is captured by measuring the response in the user’s
other hand.
0.0
0.5
1.0
0 100 200 300 400 500 600 700Time [ns]
Sig
nal m
agni
tude
[Vol
t]
Input signal
Measured signal
0
100
200
300
400
500
0 25 50 75 100Frequency bins
Spe
ctra
l den
sity
Measured signal
Slide 4
Clasification
Slide 5
Clasification Results
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
Equal Error Rate
0.00
0.25
0.50
0.75
1.00
0.00 0.25 0.50 0.75 1.00False positive rate (FPR)
True
pos
itive
rat
e (T
PR
)
Classifier
Euclidean
Mahalanobis
SVM
Data set
Over time
Single data set
Key Generation
Slide 7
Biometric keys• Biometric classifiers can be used directly to make security decisions
• Authentication• Identification• Access control
• Biometric information is difficult to use in large scale applications• Because most biometrics are constant over time (tracking, profiling,
replay)• Cannot be revoked• Can only be used ”locally” (i.e., not over a network)
Biometric keys• Extend biometric properties to remote verifiers• Key will be tied to an individual• Nothing to remember
Slide 8
Generating keys from a biometric
Biometric samples
Feature extraction
Key generation
Biometric features Biometric keys
54 89 e9 d1 a3 43 ..
c5 df 15 fd 85 07 ..
c2 11 04 1e a1 01 ..
User 2User 1 User 3A
cquisition of biometric
Individuals
• Three things are needed:• Acquire the biometric (we use the ”pulse-response” biometric)• Extract features• Compute key (using a Template)
The Template is what allows us to turn a feature vector into a key in arepeatable way.
Slide 9
Feature Extraction
Feature learning• Two identical deep neural networks in a Siamese configuration• Minimize the Hinge loss: |Ωa − Ωb| or max(m − |Ωa − Ωb|), if a = b or
a 6= b respectively.
Slide 10
Feature Quantization
c
Strong Featuresfeature φ i isconsidered ”strong”for a particular user, ifthe range of its valuesfor all enrollmentsamples (β1, . . . , βj) issmaller than δ.
Slide 11
Key and Template Generation (Enrollment)• Based on Randomized Biometric Templates [Ballard2008]• Pairs are ordered such that all strong features are located before all
other features
• Stopping token generated
• Key generated
Slide 12
User Verification (Key Generation)• Takes as input the template TU , a sample β and the pin π
• Keep trying to hash quantized samples until the stop token is found
• When the token is found use the key-hash to calculate the key
Slide 13
Our Optimal Key guessing algorithm
• Improved the version from [Ballard2008]• Used the fact that the algorithm is deterministic• Closed-form expression• Much stronger than previous algorithms
• Best case for the adversary• tighter bound on security• We have results that are comparable in numbers (i.e., much better given
the stronger adversary)
Slide 14
Key generation results
0
20
30
40
50
60
80
100
1 220 230 242 250 258260 270
Number of guesses
Fra
ctio
n of
key
s [%
]
Shannon entropy estimate
Our key guessing algorithm
Key guessing algorithm of Ballard et al. [2]
• 50% of the keys take more than 258 guesses.• equivalent to 59 bit keys• Guaranteed that the person was involved in transaction
Slide 15
Remote Biometric Authentication
There is a potential problem with the amount of entropy from the underlyingbiometric
• Dangerous to use the biometric key directly to do things like MACK (·)• It give the adversary a token with which to test offline key-guesses.
We propose a new scheme
• Based on integer commitment scheme from 2001 by Damgard et al.• Enables secure remote authentication
• without requiring the biometric measurements to be sent neither to theVerifier nor the Authority.
• without giving an eavesdropping adversary any offline guessing material
Slide 16
Remote User Authentication – EnrolmentUser
U
Reader
R
Authority
CAuth
choose h ∈ G, γand set g = hγ
g, h
Prove to Reader that g ∈ 〈h〉
Choose PIN πU , PIN π
sample β1, . . . , βj
TU = Enroll(β1, . . . , βj, π)
K = KeyGen(β1, . . . , βj , TU , π)
choose random r andcompute cU = gKhr
cU
notify U
Remote User Authentication – enrollment
Slide 17
Remote User AuthenticationUser
U
Reader
R
Verifier
V
U , PIN π
sample β′
K ′ = KeyGen(β′, TU , π)
Pick: y and s andcompute d = gyhs
d
Pick challenge ee
compute u = y+e·K ′
and v = s+ e · r
U, u, v
verify thatguhv = d(cU )
e
Remote User Authentication
Slide 18
Security guaranties
Passive eavesdropper• To get the key an attacker would need to extract it from
guhv = geK+yher+s = gyhs(gK hr )e = d(cU)e
Active manipulation• the adversary knows neither r nor K• so by the hiding property of [damgard2001], he has to guess either y
and s, or K and r themselves to create a message that will pass theverifiers check.
Replay• cannot reuse the captured values u and v because they both depend
on the challenge e
Slide 19
Biometric security properties
• Only the ”right person” can generate the ”right key”• Remote devices can be sure the user is present (and involved)• Biometric stays private (no one else gets a copy)
Device Pairing
Slide 21
Device Pairing
• Bootstrap secure communication
• Two un-associated devices derive a mutual secret
• No trusted third party
• Problem: Establish the “identity” of the other device
Slide 22
Existing Device Pairing Schemes
Most existing schemes either
• depend on physical assumptions on thecommunication channel
OR• use an auxiliary channel
• require users to makesecurity relevant decisions
Near field communication
C8 00 21
=?
Short string comparison
Slide 23
Our Idea in a Nutshell
• Two devices can be paired if
they are being held by the same human at the same time
• Physical access to both devices implies ability to pair• All a device needs to determine if it is being held is a small electrode,
i.e., a conductive patch• User does not make any security decisions!
Interface Properties• Can be built into almost any device.• Does not require a screen, keyboard, camera, . . .
Slide 24
Our Approach (System Model)
• Devices share twocommunication channels:
1. Regular wireless channel(actually any communicationchannel will do)
2. Body channel via capacitivecoupling
• A human touches an electrodeon each device to establish datatransmission
Device A Device B
Electrodes
Bodychannel
Wirelesschannel
Slide 25
Adversary Model
Wireless channel
Device A(Alice)
Adversary
Device B(Bob)
Body channel
Body channel leakage
Adversary• No physical access to devices• Full (read/write) access to
wireless channel• Read-only access to body
channel
The goal is passive eavesdroppingOR to achieve remote pairing• without a human present• with a device held by a human• as MITM in regular pairing
session
Slide 26
Pairing Protocol
Device A(Alice)
Device B(Bob)
DH
key
exc
han
ge
Key
co
nfi
rmat
ion
Body chan
nel
Slide 27
Security Guarantees
Device A(Alice)
Device B(Bob)
DH
key
exc
han
ge
Key
co
nfi
rmat
ion
Passive Eavesdropping
Remote pairingWith or without a human present
Become MITM in pairing session
Slide 28
Security Guarantees
Device A(Alice)
Device B(Bob)
DH
key
exc
han
ge
Key
co
nfi
rmat
ion
Passive Eavesdropping• Adversary can
• Obtain identifiers A and B• But cannot
• obtain the key (by DH assumption)• lean “useful” information
Remote pairingWith or without a human present
Become MITM in pairing session
Slide 29
Security Guarantees
Device A(Alice)
Device B(Bob)
DH
key
exc
han
ge
Key
co
nfi
rmat
ion
Passive Eavesdropping
Remote pairingWith or without a human present
• Adversary can• complete DH• receive MAC
• But cannot (by read-only property)• send MAC on body channel
Become MITM in pairing session
Slide 30
Security Guarantees
Device A(Alice)
Device B(Bob)
DH
key
exc
han
ge
Key
co
nfi
rmat
ion
Passive Eavesdropping
Remote pairingWith or without a human present
Become MITM in pairing session• Adversary can
• complete DH with both devices• But cannot (by 2nd pre-img resistance)
• force valid MAC
Slide 31
Is The Body Channel Really Read-Only?
• The security of the pairing protocol relies on read-only property of thebody channel
• The receiving device needs to be able to distinguish between
A. Messages from anotherdevice being held by theperson
B. Messages from an externalsource
Receivingdevice
Adversary
Transmittingdevice
A
B
B
• We experimentally verify this property
Slide 32
Brief Aside on Intra-Body Communication
Galvanic Coupling
• Induce AC in thebody
• Small currentthrough human
− Short transmission− Two electrodes
required
Surface Wave• RF transmission• body as a
wave-guide
− Affected by externalelectromagneticwaves
Capacitive Coupling
• Electrostaticcoupling to earthground
+ Hand to hand+ One electrode
External ground
Signal electrodes
Ground electrodes
Electric field
ReceiverTransmitter
Skin
Electromagnetic wave
ReceiverTransmitter
Current flows
Singal path / Closed loop
Slide 33
Implementation / SetupProof-of-concept for body channel transmitter and receiver
Isolator
Electrodes
Balun
Synchronization
Waveform GeneratorSoftware Defined Radio
Isolator Isolator
Workstation
RF Amplifier
Bal
un
Touch-electrodeGround electrode
7cm
4cm2cm
4cm
7cm
Frequency bandwidth 0.5 MHz - 3.5 MHzTransmitter voltage 3 Volts (peek-peek)Current through body ∼10 micro-Amperes
User Safety• Very little current flow through body• Much less than, e.g., body composition scales
Miniaturized version can be manufactured as single chip
Slide 34
Prototype Body Channel Transmission• On-off keying of manchester-encoded
data• Frequency sweep during “on-periods”• Sweep allows to characterize the
channel
Manchesterencoding
Data
Transmittedsignal
1 0 1001 1
1 0 1001 10 1 0110 0
Frequency sweep
Prototype Performance• 500 bit/s (on-period is
1ms)• Transmitting two 56bit
MACs takes 224ms• Measured bit error rate is
below 10−6
Slide 35
Body Channel Characteristics
• Energy transmitted on bodychannel is attenuated due to• Capacitive coupling• Intrinsic resistance (and
capacitance) of humanbody
• Sweeps are attenuateddepending on frequency
• We chose communicationfrequencies between 0.5MHz and 3.5 MHz
0.2 0.5 1.0 2.0 3.5 5.0 10.0
Frequency [MHz]
100
80
60
40
20
0
Att
enuati
on [
dB
]
Receiver directly connected to transmitter
Body channel
No connection
Slide 36
Experimental Verification of Read-Only Property
1. Classifier to let devices distinguish body channel transmissions fromexternal transmissions• Person sitting• Person standing
2. Different adversarial antennas to maximize the advantage for theadversary
3. Different external transmission distances.
Slide 37
Classification of Transmission Origin
0.00 0.05 0.10 0.15 0.20
False positive rate
0.80
0.85
0.90
0.95
1.00
Tru
e p
osi
tive r
ate
Sitting and standingSitting only
• False positives: externaltransmission accepted
• True positives: bodychannel transmissionaccepted
• External sources can beexcluded with very highprobability
Slide 38
Different Antennas and Distances
• It seems as if injectioncan happen if theexternal source• is very close to
receiver and• has a large
capacitance
We used a large aluminiumsheet, right next to the victim,to maximize the adversary’sadvantage.
Person touches device Device by itself
Rodantenna
Rodantenna
Aluminiumsheet
Aluminiumsheet
40%
91%
1% 9% 9%0%
30%
0%
at 30 cmat 60 cm
Slide 39
Additional Verification Using Signal Injection Model
Human Body Model• Simulate injection from near field• Approximation with three
cylinders• Dielectric properties of human
tissues• Receiver and transmitter can be
attached anywhere on body
Arm diameter
Arm length
Torso diameter
Torso length
Arm unit length
Torso unit length
Slide 40
External Signal Injection
• Pattern changes significantlyif sheet is 5cm further away
• Attenuation pattern is volatile
External Source• Has to match body channel
characteristics• High capacitance antenna
with high output power• Works only in near field
Injection with aluminium sheet
0.50 0.75 1.00 1.50 2.00 3.00 3.50
Frequency [MHz]
90
80
70
60
50
40
Att
enuati
on [
dB
]
Read-only assumption holds when the adversary is 50cm away.
Slide 41
Collaborators
This work is done, in part, in collaboration with
Marc Roeschlin Ivan Martinovic Gene Tsudik
Slide 42
Thank you for your attention
[email protected]://www.cs.ox.ac.uk/people/kasper.rasmussen/
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
Physical Attacks: from a concept to real-world
Lejla Batina
Institute for Computing and Information Sciences – Digital SecurityRadboud University Nijmegen
Ponta Delgada, PortugalApril 16, 2018
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 1 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
Contents
Introduction to Physical Attacks
Breaking Ed25519 in WolfSSL
Niels Samwel, Lejla Batina, Guido Bertoni, Joan Daemen and Ruggero Susella, CTRSA2018
Practical Fault Injection on Deterministic Signatures: the Case of EdDSA
Niels Samwel and Lejla Batina, AFRICACRYPT 2018
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 2 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
Embedded cryptographic devices
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 3 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
Blackbox scenario
Cryptographic Device CiphertextPlaintext
• The cipher (e.g. AES) model: the fixed key (unknown to the adversary), as theparameter that takes input to generate output
• Analyzing the security in the blackbox scenario relates to classical cryptanalysis
• Can you derive the secret key by observing plaintext/ciphertext pairs?
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 4 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
Greybox scenario
Cryptographic Device CiphertextPlaintext
Leakage
• The cryptographic algorithm is implemented on a real device such as amicrocontroller, FPGA etc.• We can observe certain physical quantities in the device’s vicinity and use the
additional information during cryptanalysis• Observations: execution time, power consumption, EM radiation, sound• Side-channel attacks are attacks on implementations of algorithmsLejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 5 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
Side-channel attacks in the news
sing EM measurements, we were able tofully extract secret signing keys fromOpenSSL and CoreBitcoin running on iOSdevices. We also showed partial keyleakage from OpenSSL running on AndroidMarch 2016.https://www.cs.tau.ac.il/~tromer/acoustic/
http://www.theregister.co.uk/2016/06/04/sidechannel_
encryption_theft/
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 6 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
Taxonomy of implementation attacks
Active vs passive:
• Active i.e. tampering: the key is recovered by exploiting some abnormal behaviore.g. power glitches or laser pulses
• Passive i.e. eavesdropping: the device operates within its specification
Invasiveness:
• Invasive aka expensive: the strongest type e.g. bus probing
• Semi-invasive: the device is de-packaged but no direct contact with the chip e.g.optical attacks or faults/glitches by voltage, clock, EM, etc.• Non-invasive aka low-cost:
• power/EM measurements• data remanence in memories ooling down is increasing the retention time• Rowhammer
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 7 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
Timing side-channel: PIN verification
Input: 4-digit PIN code
Output: PIN verified or rejected
Process CheckPIN (pin[4])
int pin_ok=0;
if (pin[0]==5)
if (pin[1]==9)
if (pin[2]==0)
if (pin[3]==2)
pin_ok=1;
end
end
end
end
return pin_ok;
EndProcess
What are the execution times of the process for PIN inputs
[0,1,2,3], [5,3,0,2], [5,9,0,0]?
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 8 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
Power side-channel: CMOS leakage
• The most relevant leakage for side-channel attacks is the charge and discharge ofthe CMOS load capacitance a.k.a dynamic power consumption• Dynamic power consumption (Pdyn) is produced by CMOS transitions from state
0 to 1 and from state 1 to 0• Pdyn = CV 2
DDP0→1f ,where C the transistor capacitance, VDD the power supply voltage, f thefrequency and P0→1 the probability of a 0→ 1 transition
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 9 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
Power side-channel: Modeling the leakage
• Hamming distance model counts the number of 0→ 1 and 1→ 0 transitions• Ex. 1: A hardware register R storing the result of an AES round (initial value v0
gets overwritten with value v1)
• Power consumption is related to the number of bit flips (due to the reg. transitionv0 → v1)• It can be modeled as HammingDistance(v0, v1) = HammingWeight(v0 ⊕ v1)
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 10 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
Power side-channel: Modeling the leakage
• Ex. 2: In a microcontroller, assume register A with value v0mov rB, rA
• In processors the instruction will transfer value v0 from register A to B via theCPU, using the bus• Often bus is pre-charged at all bits being zeros or all being one (busInitialValue)• Power consumption of the assembly instruction can be modeled as
HammingDistance(busInitialValue,v0) = HammingWeight(v0 ⊕ 0) = HW(v0)
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 11 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
Power side-channel: Measurement setup
• Usually power measurements requires physical proximity to the device andcustomized measurement equipment (resistor, oscilloscope)
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 12 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
Power side-channel: Measurement setup
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 13 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
SPA on AES
• Power consumption leakage of an AES cipher implementation on an AVRmicrocontroller
• How many rounds are executed?
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 14 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
SPA on AES
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 15 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
SPA on RSA Square and Multiply
RSA modular exponentiation
Input: integers x, e, n, length l of e
Output: x^e mod n
Process ModularExponentiation(x, e, n, l)
r=1;
for j=l-1 down to 0
r=r^2 mod n //square
if (bit j of e) == 1
r= r*x mod n //multiply
end
return r;
EndProcess
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 16 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
SPA on RSA Square and Multiply
• Can you find the exponent bits by visual inspection of the patterns?
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 17 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
SPA on RSA Square and Multiply
• Square and Multiply (bit==1) are lengthier operations than Square only (bit==0)
• Multiplications are often more power consuming compared to Squarings
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 18 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
Power side-channel: RSA Square and Multiply Always
• Trying to fix the problem we create a timing-constant implementation
Process ConstantTimeModExp(x, e, n, l)
r[0]=1;
r[1]=1;
for j=l-1 down to 0
r[0]=r[0]^2 mod n //square
r[1]= r[0]*x mod n //multiply
index=bit j of e
r[0]=r[index]
return r[0];
EndProcess
• Side-channel leakage still exists! Can you see it?• Location-based leakage can lead to key recovery
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 19 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
EM side-channel
• Observing a power signal in an embedded device can be messy• Board capacitors, complicated SoCs, multiple peripherals• Countermeasures trying to flatten the power consumption signal• Use an electromagnetic probe instead
• A probe is an easy way to access the power consumption with less boardmodifications• Smaller probes can focus on interesting locations and ignore interference from
unrelated electrical components
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 20 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
EM side-channel: Decapsulation
• To improve spatial resolution of analysis use a micrometer-sized antenna
• To exploit more leakage decapsulate the chip using chemicals
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 21 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
EM side-channel: Decapsulation and Microprobing
• Left: close inspection of decapsulated ARM processor using a microscope
• Right: EM emission heatmap of the same chip
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 22 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
Sound emission
• In 1965, MI5 put a microphone near the rotor-cipher machine used by theEgyptian Embassy• RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis, Shamir et al.
• Attacking a computer by listening to the high-pitched (10 to 150 KHz) soundsproduced as it decrypts data
• Extracted 4096-bit RSA keys• Using low- and high-pass filters to ensure to get only the sounds that emanate from
the PC while the CPU is decrypting data• Can be carried out over a distance of 4m with a high-quality microphone (or a
smartphone)
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 23 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
Out-of-order and speculative execution
• January 3rd 2018
• Kernel addresses were access unintentionally due to out-of-order execution
• Seems hard to patch since the culprit is the structure of a processor
• Meltdown and Spectre, https://meltdownattack.com/
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 24 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
Attackers goals and targets
• Targets: transportation cards, medical devices, passports, payment system etc.• The goals of side-channel analysis:• Recover the key and data• Gain anauthorized access• Acquire intellectual property• Privacy mining• Reverse engineering• Malware/intrusion detectionLejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 25 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
In short
• Overall side-channels pose a threat to secure implementations
• Side-channel attacks are usually passive (i.e. just listening or eavesdropping)
• Some are non-invasive e.g. power analysis or simple EM probing
• Others are classified as semi-invasive attacks e.g. high-resolution EM or photonicside-channel, since they require decapsulation
• Passive and non-invasive attacks are fairly cheap to launch
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 26 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
Correlation Power Analysis (CPA)
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 27 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
Ed25519
• Instance of EdDSA, which was proposed to “fix the unnecessary requirements onrandomness” in ECDSA
• Does not depend on a “good” source of randomness, but instead derives a secretdeterministically (hashing the msg and a long-term auxiliary key)
• Widely adopted by OpenSSH, Tor, Signal, WolfSSL etc.
• Turns out to be easy to attacks in some real-world deployments i.e. WolfSSL
Niels Samwel, Lejla Batina, Guido Bertoni, Joan Daemen and Ruggero Susella:Breaking Ed25519 in WolfSSL, CTRSA2018.Niels Samwel, Lejla Batina Practical Fault Injection on Deterministic Signatures: theCase of EdDSA, Africacrypt 2018.
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 28 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
The Attack Components
Three components
• Attacking Ed25519 to recover long term secret
• Attack on SHA512
• DPA on modular addition
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 29 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
Ed25519
Algorithm 1 Ed25519 key setup and signature generation
Key setup.1: Hash k such that H(k) = (h0, h1, . . . , h2b−1) = (a, b)2: a = (h0, . . . , hb−1), private scalar3: b = (hb, . . . , h2b−1), auxiliary key4: Compute public key: A = aB
Signature generation.5: Compute ephemeral private key: r = H(b,M)6: Compute ephemeral public key: R = rB7: Compute h = H(R,A,M) and convert to integer8: Compute: S = (r + ha) mod l9: Signature pair: (R,S)
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 30 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
Attacking Ed25519
Using auxiliary key b that was successfully recovered:
1 Compute r = H(b,M).2 Compute h = H(R,A,M).3 Compute a = (S − r)h−1 mod l .
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 31 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
SHA512
Algorithm 2 Merkle Damgard
Input: Message M with 0 ≤ bit-length < 2128
Output: Hash value of M1: Pad message M by appending an encoding of the message length2: Initialize chaining value CV with constant IV3: Split padded message M into blocks4: for all blocks Mi do5: CVi+1 ← CF(CVi ,Mi )6: end for7: return H ← CV
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 32 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
SHA512 construction
IV R
K M0−k w
CV R
M1 w
CV
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 33 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
SHA512 message schedule
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
· · ·
w[ ]
Round[0]
Round[1]
Round[2]
Round[3]
Round[4]
Round[5]
Round[6]
Round[7]
Round[8]
Round[9]
Round[10]
Round[11]
Round[12]
Round[13]
Round[14]
Round[15]
Round[16]
Round[17]
Round[18]
Round[19]
· · ·
σ0
σ1
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 34 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
Attack
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 35 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
DPA on modular addition
Setup
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 36 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
DPA on modular addition
0 2 4 6 8 10 12
Time samples 104
-150
-100
-50
0
50
100
150
Dis
cret
e po
wer
con
sum
ptio
n va
lues
Round 16
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 37 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
DPA on modular addition
w [16]← σ1(w [14]) + w [9] + σ0(w [1]) + w [0]
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 38 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
DPA on modular addition
102 103
Number of traces
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
Suc
ces
prob
abili
ty
k16
k17
k18
k19
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 39 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
Countermeasure
IV R
K 0 R0 w
CV R
M0 w
CV
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 40 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
FI on Ed25519
Contributions• We present a differential fault attack on Ed25519.
• We apply the attack on a real-world implementation using EM and voltageglitching.
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 41 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
Ed25519
Algorithm 3 Ed25519 key setup and signature generation
Key setup.1: Hash k such that H(k) = (h0, h1, . . . , h2b−1) = (a, b)2: a = (h0, . . . , hb−1), Private scalar3: b = (hb, . . . , h2b−1), Auxiliary key4: Compute public key: A = aB.
Signature generation.5: Compute ephemeral private key: r = H(b,M).6: Compute ephemeral public key: R = rB.7: Compute h = H(R,A,M) and convert to integer.8: Compute: S = (r + ha) mod l .9: Signature pair: (R,S).
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 42 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
The Attack
Two signatures, original (R,S) and faulty (R ′, S ′):
S = r + ha
S ′ = r + h′a
S − ha = S ′ − h′a
a =S − S ′
h − h′
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 43 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
Setup
PCPC
Oscilloscope
FTDI
Trigger
VC Glitcher
Vcc
Trigger
Reset
Reset line
Glitch Amplifier
InOut
Current Probe
In +In -Out
XYZ-Table
Target
Pulse Amplitude
Digital Glitch
(a) Setup Overview (b) Setup Photo
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 44 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
Results
0 500 1000 1500 2000 2500 3000 3500 4000 4500 5000
Glitch length (ns)
-0.5
-0.45
-0.4
-0.35
-0.3
-0.25
-0.2
-0.15
-0.1
-0.05
0
Glit
ch v
olta
ge (
V)
0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2
Glitch offset (ns) 106
-0.5
-0.45
-0.4
-0.35
-0.3
-0.25
-0.2
-0.15
-0.1
-0.05
0
Glit
ch v
olta
ge (
V)
0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2
Glitch offset (ns) 106
0
500
1000
1500
2000
2500
3000
3500
4000
4500
5000
Glit
ch le
ngth
(ns
)
Figure: Voltage fault injection results, Normal (green), Inconclusive (yellow), Successful (red).
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 45 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
Results
x-axis
y-axis
FigureLejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 46 / 23
IntroductionSCA of Ed25519FI on Ed25519
ConclusionRadboud University Nijmegen
Conclusion
Two physical attacks on Ed25519
• Side-channel analysis of Ed25519 with 4000 traces
• Fault injection on Ed25519 with 100% success rate for EM FI and 70% for voltageglitching out of 10 000 measurements
• For both attacks there exist inexpensive countermeasures
Lejla Batina CRYPTACUS training school 2018 FI and SCA on Ed25519 47 / 23
Differential Cryptanalysis
Maria EichlsederCRYPTACUS Training School, Azores, 20 April 2018
www.iaik.tugraz.at
This Lecture: Overview
The contextIntroduction to differential cryptanalysisFinding characteristics with automatic toolsImpact for lightweight cryptoApplications beyond cryptanalysis
1 / 31
protocols – TLS, . . .schemes – SHA-2, AES-GCM, . . .
primitives – AES, . . .
protocols – TLS, . . .schemes – SHA-2, AES-GCM, . . .
primitives – AES, . . .
www.iaik.tugraz.at
Primitives
E
MK
C
block cipher
E
M TK
C
tweakable bc
P
M
C
permutation
F
Hi Mi
Hi+1compression f.
3 / 31www.iaik.tugraz.at
Primitives – A Look Inside
Rh
Rh
. . .. . .
Rh
MT,K
C4 / 31
www.iaik.tugraz.at
Differential Cryptanalysis [BS90]Method
EK∆M
∆C
Attack GoalsEK
∆M
∆C
Kr
p
key recovery
EK∆M
∆C
p
∆C0
collision,forgery
· · ·
5 / 31
Part IDifferential Characteristics
www.iaik.tugraz.at
Primitives – A Closer Look InsideExample: The block cipher PRESENT (31 rounds) [BKL+07]
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
7 / 31www.iaik.tugraz.at
Primitives – A Closer Look InsideExample: A toy block cipher
⊕K0S S S S
⊕K1S S S S
⊕K2S S S S
⊕K3S S S S
⊕K4S S S S
⊕K5S S S S
K6
x 0 1 2 3 4 5 6 7 8 9 a b c d e f
S(x) 2 0 4 3 9 5 6 7 1 d e f a 8 c b
7 / 31
www.iaik.tugraz.at
Let’s Flip a BitK0
S S S S
K1S S S S
K2S S S S
K3S S S S
K4S S S S
K5S S S S
K6
S“active”
8 / 31www.iaik.tugraz.at
Differential Properties of S-boxes (Confusion)∆in = 8 → ∆out =?
x 0 1 2 3 4 5 6 7 8 9 a b c d e f
S(x) 2 0 4 3 9 5 6 7 1 d e f a 8 c b
9 / 31
www.iaik.tugraz.at
Differential Properties of S-boxes (Confusion)∆in = 8 → ∆out =?
x 0 1 2 3 4 5 6 7 8 9 a b c d e f
S(x) 2 0 4 3 9 5 6 7 1 d e f a 8 c b
∆in = 8
∆out = 3
9 / 31www.iaik.tugraz.at
Differential Properties of S-boxes (Confusion)∆in = 8 → ∆out =?
x 0 1 2 3 4 5 6 7 8 9 a b c d e f
S(x) 2 0 4 3 9 5 6 7 1 d e f a 8 c b
∆in = 8
∆out = d
9 / 31
www.iaik.tugraz.at
Differential Properties of S-boxes (Confusion)∆in = 8 → ∆out =?
x 0 1 2 3 4 5 6 7 8 9 a b c d e f
S(x) 2 0 4 3 9 5 6 7 1 d e f a 8 c b
∆in = 8
∆out = a
9 / 31www.iaik.tugraz.at
Differential Properties of S-boxes (Confusion)∆in = 8 → ∆out ∈ 3, a, c, d
x 0 1 2 3 4 5 6 7 8 9 a b c d e f
S(x) 2 0 4 3 9 5 6 7 1 d e f a 8 c b
Knowing the value tells us the differenceKnowing the difference tells us (something about) the value:
solutions(∆in,∆out) := x : S(x ⊕∆in) ⊕ S(x) = ∆out
9 / 31
www.iaik.tugraz.at
Differential Distribution Table (DDT)I\O 0 1 2 3 4 5 6 7 8 9 a b c d e f
0 16 - - - - - - - - - - - - - - -1 - 4 4 - - - - 4 - - - - 4 - - -2 - - 4 4 - - 4 - - - - - - - - 43 - 4 - 4 4 - - - - - - - - - 4 -4 - - 4 - 4 4 - - - - - 4 - - - -5 - - - 4 - 4 - 4 - 4 - - - - - -6 - - - - 4 - 4 4 - - - - - 4 - -7 - 4 - - - 4 4 - - - 4 - - - - -8 - - - 4 - - - - - - 4 - 4 4 - -9 - 4 - - - - - - - - - 4 - 4 - 4a - - - - - 4 - - - - - - 4 - 4 4b - - 4 - - - - - - 4 - - - 4 4 -c - - - - - - - - 16 - - - - - - -d - - - - 4 - - - - 4 4 - - - - 4e - - - - - - - 4 - - 4 4 - - 4 -f - - - - - - 4 - - 4 - 4 4 - - - 10 / 31
www.iaik.tugraz.at
Let’s Flip a BitK0
S S S S
K1S S S S
K2S S S S
K3S S S S
K4S S S S
K5S S S S
K6
S
∆ p8000 1
11 / 31
www.iaik.tugraz.at
Let’s Flip a BitK0
S S S S
K1S S S S
K2S S S S
K3S S S S
K4S S S S
K5S S S S
K6
S
∆ p8000 13000 2−2
·2−2
11 / 31www.iaik.tugraz.at
Let’s Flip a BitK0
S S S S
K1S S S S
K2S S S S
K3S S S S
K4S S S S
K5S S S S
K6
S
S S
∆ p8000 13000 2−2
0280 2−2
·2−2
·1
11 / 31
www.iaik.tugraz.at
Let’s Flip a BitK0
S S S S
K1S S S S
K2S S S S
K3S S S S
K4S S S S
K5S S S S
K6
S
S S
∆ p8000 1a000 2−2
8200 2−2
·2−2
·1
11 / 31www.iaik.tugraz.at
Let’s Flip a BitK0
S S S S
K1S S S S
K2S S S S
K3S S S S
K4S S S S
K5S S S S
K6
S
SS S
∆ p8000 1d000 2−2
a080 2−2
·2−2
·1
11 / 31
www.iaik.tugraz.at
Let’s Flip a BitK0
S S S S
K1S S S S
K2S S S S
K3S S S S
K4S S S S
K5S S S S
K6
S
SS
∆ p8000 1c000 2−2
a000 2−2
·2−2
·1
11 / 31www.iaik.tugraz.at
Let’s Flip a BitK0
S S S S
K1S S S S
K2S S S S
K3S S S S
K4S S S S
K5S S S S
K6
S
SS
∆ p8000 1c000 2−2
a000 2−2
·2−2
·1
S
c000 2−4
a000 2−4
·2−2
·1
... ...11 / 31
www.iaik.tugraz.at
Differential Properties of Mixing Layers (Diffusion)Branch number B:Min number of active S-boxes in 2 consecutive roundsIn our toy cipher: B = 2Can we do better?
Best case: B = 1+ number of S-boxes per roundRequires actual “mixing” (xor), not just bit permutations
12 / 31www.iaik.tugraz.at
Design of AES
00 00 00 40
00 00 00 00
00 00 00 00
00 00 00 00
S7−→
00 00 00 6a
00 00 00 00
00 00 00 00
00 00 00 00
PMC7−→
00 00 00 d4
00 00 00 6a
00 00 00 6a
00 00 00 be
S7−→
00 00 00 2b
00 00 00 61
00 00 00 61
00 00 00 cd
PM7−→
cd 61 a3 56
cd a3 c2 2b
4c c2 61 2b
81 61 61 7d
2−6 2−6×4
Max differential probability (MDP) of the 8× 8 S-box: 2−6MDS mixing layer with B = 5 (in 2 rounds→≥ 5 active S-boxes)In 4 rounds→≥ 25 active S-boxes→ p ≤ 2−6×25 = 2−150
13 / 31
Part IIFinding Differential Characteristics
www.iaik.tugraz.at
Automated tools for cryptanalysisMotivation:
Finding the best (or very good) characteristics can be very hardNecessary to evaluate new primitives
Solvers:By handGeneral-purpose solvers:SAT/SMT (Boolean SATisfiability/Sat. Modulo Theories): STP, Lingeling, . . .
MILP (Mixed Integer Linear Programming) IBM ILOG CPLEX, Gurobi, . . .CP (Constraint Programming): Z3, Choco, . . .
Dedicated solversnltool (SHA-2)KeccakTools (SHA-3). . .
15 / 31
www.iaik.tugraz.at
Example: AES as a Mixed-Integer Linear Program (MILP) [MWGP11]Variables:
Sr ,i ∈ 0, 1: Is S-box i in round r active?Mr ,j ∈ 0, 1: Is MixColumns j in round r active?
Linear Program (LP):min
∑
r ,iSr ,i (Min # active S-boxes)
s.t. B ·Mr ,j ≤4∑
i=1Sr ,ji +
8∑i=5
Sr+1,ji ≤ 8 ·Mr ,j (For each MixColumns)∑
r ,iSr ,i ≥ 1 (Non-triviality)
16 / 31
Part IIIExploiting Differentials
www.iaik.tugraz.at
A Differential CharacteristicK0
S S S S
K1S S S S
K2S S S S
K3
S
S
∆ p = 2−68000
a000
·2−2
Sa000
·2−2
a000
·2−2
18 / 31www.iaik.tugraz.at
A DifferentialK0
S S S S
K1S S S S
K2S S S S
K3
∆ p ≥ 2−68000
≥ 2−6
a000
?19 / 31
www.iaik.tugraz.at
For ForgeriesExample: CBC-MAC
EK · · · EK EK
M1 M`−1 M`
T
0
· · · ∆M`−1
EK
∆M`
Forgery with success probability p
20 / 31www.iaik.tugraz.at
For Key Recovery
EK∆M
∆C
Kr
p
Assume p 2−bQuery about 1/p chosen-plaintext pairs (M ,M ′)→ (C ,C ′)Decrypt each pair 1 round with each possible last-round key KrIf we get ∆C , upvote candidate Kr
Kr Upvote counter0000
0001
0002
0003. . . . . .
21 / 31
www.iaik.tugraz.at
For Key Recovery – Detailsp : Expected differential probability for R − 1 roundsN : Number of queried pairsA : Upvoted candidates per pairB : Fraction of pairs after filtering ciphertextsk : Number of guessed key bitsPs: Target success probability of the attack
Signal-to-Noise Ratio SNR =N · prightN · pwrong =
pA · B · 2−k .
Need roughly N ≈ 3 · 1/p pairs if SNR 2, or N ≈ 30 · 1/p if 1 < SNR ≤ 2.More precisely, using ranking statistics, to recover the k bits we need about:
N =
(√SNR+ 1 · Φ−1(Ps) + Φ−1(1− 2−k ))2
SNR · p−1.22 / 31
www.iaik.tugraz.at
Some Grains of Salt“Expected differential probability (EDP)”
“Hypothesis of stochastic equivalence”
“Wrong key randomization hypothesis”
Dependencies, Known-/Related-key constructions, Clustering, . . .∆K
23 / 31
Part IVThe Case of Lightweight Ciphers
www.iaik.tugraz.at
The Case of Lightweight Ciphers
What they offerSome out of. . .
Lower areaLower energyLower latencyCheaper SC protection
How they do itSmall, low-degree S-boxes → higher pLightweight linear layer → lower BMinimal security margin (?) → fragileConstrain attack model (?) → fragile
25 / 31
www.iaik.tugraz.at
Example: Analysis of MANTIS [BJK+16]Breaking a low-latency tweakable block cipher in 1 hour [DEKM16; EK17]
M
C
T
k0
k ′0
1
12
k1
k1+α
2
11
S
S
h C
k1
k1+α
P
P
M
M
S
S
h C
k1
k1+α
P
P
M
M
3
10
S
S
h C
k1
k1+α
P
P
M
M
4
9
S
S
h C
k1
k1+α
5
8
?
?
P
P
M
M
6*
7*
S
S
M
1 = |χi | Differential characteristic 2−72
15 or 16 Truncated differential characteristic 2−1004 This cluster 2−3913 Data complexity per solution 2≈25
26 / 31
Part V“Cheating” with Differences
www.iaik.tugraz.at
Cheat 1: Changing the Intermediates, not the InputDifferential Fault Attacks (DFA) [BS97], Statistical Fault Attacks (SFA) [FJLT13]
EK∆M
∆C
Kr
p
differential cryptanalysis
EKM
∆CE Kr
differential fault analysis
EKM
∆C ,CE Kr
statistical fault analysis
28 / 31www.iaik.tugraz.at
Cheat 1: Changing the Intermediates, not the InputStatistical Ineffective Fault Attacks (SIFA) [DEK+18]
EKM
∆C ,CE Kr
only if ∆ = 0 500 1000212427
NLLR
LLR∗W µ∗W LLRR µR
https://eprint.iacr.org/2018/071→ [email protected]
29 / 31
www.iaik.tugraz.at
Cheat 1: Changing the Intermediates, not the InputSIFA Revisited for Masked Implementations [DEG+18]
...
Implementation view
Round R−1
Round R E
•E
...
Analysis viewK
E
•E
https://eprint.iacr.org/2018/357→ [email protected]
30 / 31www.iaik.tugraz.at
Cheat 2: Changing the Outside, not the Inside(Cryptographic) polyglots [AAE+14]
good!
file0.mbr
evil!
file1.mbr
good.
file0.sh
evil.
file1.sh
good0090
90. . .file0.rar
evil“evil.txt”file1.rar
= =
= =collision
@angealbertini
31 / 31
Differential Cryptanalysis
Maria EichlsederCRYPTACUS Training School, Azores, 20 April 2018
www.iaik.tugraz.at
Bibliography I[BS90] E. Biham and A. ShamirDifferential cryptanalysis of DES-like cryptosystemsAdvances in Cryptology – CRYPTO 1990[BKL+07] A. Bogdanov, L. R. Knudsen, G. Leander, C. Paar, A. Poschmann, M. J. B. Robshaw, Y. Seurin, andC. VikkelsoePRESENT: an ultra-lightweight block cipherCryptographic Hardware and Embedded Systems – CHES 2007[MWGP11] N. Mouha, Q. Wang, D. Gu, and B. PreneelDifferential and linear cryptanalysis using mixed-integer linear programmingInformation Security and Cryptology – Inscrypt 2011[BJK+16] C. Beierle, J. Jean, S. Kolbl, G. Leander, A. Moradi, T. Peyrin, Y. Sasaki, P. Sasdrich, and S. M. SimThe SKINNY family of block ciphers and its low-latency variant MANTISAdvances in Cryptology – CRYPTO 2016[DEKM16] C. Dobraunig, M. Eichlseder, D. Kales, and F. MendelPractical key-recovery attack on MANTIS5IACR Transactions on Symmetric Cryptology 2016:2, 2016[EK17] M. Eichlseder and D. KalesClustering related-tweak characteristics: Application to MANTIS-6IACR Cryptology ePrint Archive, Report 2017/1136
www.iaik.tugraz.at
Bibliography II[BS97] E. Biham and A. ShamirDifferential fault analysis of secret key cryptosystemsAdvances in Cryptology – CRYPTO ’97[FJLT13] T. Fuhr, E. Jaulmes, V. Lomne, and A. ThillardFault attacks on AES with faulty ciphertexts onlyFault Diagnosis and Tolerance in Cryptography – FDTC 2013[DEK+18] C. Dobraunig, M. Eichlseder, T. Korak, S. Mangard, F. Mendel, and R. PrimasExploiting ineffective fault inductions on symmetric cryptographyIACR Cryptology ePrint Archive, Report 2018/071[DEG+18] C. Dobraunig, M. Eichlseder, H. Gross, S. Mangard, F. Mendel, and R. PrimasStatistical ineffective fault attacks on masked aes with fault countermeasuresIACR Cryptology ePrint Archive, Report 2018/357[AAE+14] A. Albertini, J.-P. Aumasson, M. Eichlseder, F. Mendel, and M. SchlafferMalicious hashing: Eve’s variant of SHA-1Selected Areas in Cryptography – SAC 2014
Efficient, portabletemplate attacks
Marios O. Choudary, Markus G. Kuhn
Computer Laboratory
https://www.cl.cam.ac.uk/~mgk25/
Paper: IEEE Trans. Inf. Foren. Sec. 13(2), Feb. 2018,DOI 10.1109/TIFS.2017.2757440
1 / 46
Side-channel attacks on microcontrollers I
The power-supply current waveform of microprocessors (andresulting EM emissions) is affected at each clock cycle by
I (category of) the executed instruction
I addresses/registers accessed
I operands
I status flags
I result values
I prior state (of wires, bus lines, flip flops, memory cells)
I intermediate activities (e.g., glitches before ALU results arestable)
I micro-architectural state
I etc.
6 / 46
Side-channel attacks on microcontrollers II
Instruction categories are often easy to distinguish visually, e.g. ifa conditional branch is taken or not. (“simple power analysis”)
In some cases (e.g., with interpreters) this enables reconstructionof executed application instruction sequences from recordings of asingle execution.
Data-dependent variations require more effort to separate themfrom measurement noise:
I repeat measurements
I statistical signal processing
I exploitation of knowledge of executed algorithms
I low-noise/low-jitter measurement setup
7 / 46
528 528.1 528.2 528.3 528.4 528.5 528.6 528.7 528.8 528.9 529−5
0
5
10
15
20
µs
mA
Current traces for 256 different values of password byte 1
wrong inputs: min/max measured currents
wrong inputs: min/max difference to median
correct input: current
correct input: difference to median
8 / 46
Side-channel attacks on microcontroller data busses
Many techniques have been demonstrated since 1998 to exploitdata-dependent variations in power and EM emissions. Most ofthese reconstruct subkeys used in known crypto algorithms byobserving operation vk(p) = S(p⊕ k) with known plain-text inputp and substitution table (“s-box”) S, e.g. in first round of a blockcipher:
Differential Power Analysis: [Kocher, et al., 1998]
I for all candidate subkey bytes k ∈ S and each observed inputp predict one bit b in vk(p)
I estimate leakage trace xk,b(t) as a function of b (by averagingmany traces with different p but identical k and b)
I only the correct candidate key k will cause a significant peakat time t in the difference-of-means trace xk,1(t)− xk,0(t)Only if the assumed k was correct will we have split our set of recorded tracescorrectly into two piles, one for b = 0 and one for b = 1, such that the twoaverage traces, one for each pile, show a difference (contributed by b).
9 / 46
Side-channel attacks on microcontroller data busses
Many techniques have been demonstrated since 1998 to exploitdata-dependent variations in power and EM emissions. Most ofthese reconstruct subkeys used in known crypto algorithms byobserving operation vk(p) = S(p⊕ k) with known plain-text inputp and substitution table (“s-box”) S, e.g. in first round of a blockcipher:
Correlation Power Analysis:
I for all candidate subkeys k ∈ S predict a value f(vk(p)) thatis expected to be proportional to some samples in the leakagetraces, e.g. the Hamming weight of vk(p)
I the correct candidate key k will cause the highest Pearsoncorrelation coefficient between f(vk(p)) and some samplepositions in the recorded leakage traces
9 / 46
Side-channel attacks on microcontroller data busses
Many techniques have been demonstrated since 1998 to exploitdata-dependent variations in power and EM emissions. Most ofthese reconstruct subkeys used in known crypto algorithms byobserving operation vk(p) = S(p⊕ k) with known plain-text inputp and substitution table (“s-box”) S, e.g. in first round of a blockcipher:
Mutual Information Analysis:
I the correct candidate key k will cause the highest mutualinformation between (some function f of) vk(p) and somesample positions in the recorded leakage traces
9 / 46
Side-channel attacks on microcontroller data busses
Many techniques have been demonstrated since 1998 to exploitdata-dependent variations in power and EM emissions. Most ofthese reconstruct subkeys used in known crypto algorithms byobserving operation vk(p) = S(p⊕ k) with known plain-text inputp and substitution table (“s-box”) S, e.g. in first round of a blockcipher:
Template Attack: [Chari, et al., 2003]
I profiling phase: build a Gaussian multivariate model (pdf) forthe leakage trace for each result byte vrequires access to a test chip/mode where k and hence v is known
I attack phase: find the maximum-likelihood candidate key kgiven na leakage traces xp1 ,xp2 , . . . ,xpna
and associatedinputs p, using the probability density function f(xp|v) builtduring the profiling phase
9 / 46
Side-channel attacks on microcontroller data busses
Many techniques have been demonstrated since 1998 to exploitdata-dependent variations in power and EM emissions. Most ofthese reconstruct subkeys used in known crypto algorithms byobserving operation vk(p) = S(p⊕ k) with known plain-text inputp and substitution table (“s-box”) S, e.g. in first round of a blockcipher:
“Stochastic Model”: [Schindler, et al., 2005]
I profiled, like template attack, but rather than building a pdffor each possible value v, model the leakage trace of v as alinear combination of traces for its individual bits (or pairs)
I shorter profiling phase due to reduced number of parametersto be estimated
I more practical for 16-bit busses
I can be less accurate than full template attack, especially withsmall design sizes (more non-linear effects, capacitive couplingbetween bus traces, etc.) 9 / 46
Side-channel attacks on microcontroller data busses
Many techniques have been demonstrated since 1998 to exploitdata-dependent variations in power and EM emissions. Most ofthese reconstruct subkeys used in known crypto algorithms byobserving operation vk(p) = S(p⊕ k) with known plain-text inputp and substitution table (“s-box”) S, e.g. in first round of a blockcipher:
“Deep Learning”:
I profiled attack to train a neural network to classify tracesaccording to v
I very compute intensive, very large number of parameters
I convolutional layers may learn to auto align traces, whereastemplate attacks rely strongly on low-jitter alignment
I all magic
9 / 46
Objectives here:
I Use template attack independent of any cryptographicalgorithm (no known s-box, etc.).
I Directly eavesdrop on 8-bit parallel bus lines(or 32-bit busses that handle 8-bit data)
I Demonstration attack target: a single 8-bit load instruction(e.g., RAM to register) in a microcontroller
I Example targets: data parsers handling secrets, stringprocessing functions, instruction fetch cycles, loading keys intocryptographic hardware, etc. (“sub-cryptographic algorithms”)
I Such code may still lack masking/hiding countermeasures
I Much more demanding than DPA-style crypto attacks, as wenow depend on all bits being distinguishable (rather than justcruder leakage models, such as Hamming weights)
I Signal pre-processing and dimensionality reduction tomaximize signal-to-noise ratio and reduce number ofparameters to estimate become crucial
10 / 46
Template attack (basics, notation)
Hopefully identical hardware: profiling device, attacked device
Goal: infer some secret value k? ∈ S, processed by the attackeddevice at some point. For 8-bit microcontroller: S = 0, . . . , 255Required: ability to sample supply-current or electro-magneticwaveforms (“raw leakage vectors” xr ∈ Rmr
) at times t1, . . . , tmrduring and near the point in time where k? is processed.
Profiling phase: record np raw leakage vectors xrki ∈ Rmr
(1 ≤ i ≤ np) from the profiling device for each possible candidatevalue k ∈ S.
Result: one raw leakage matrix
Xrk =
:::::::::
:::::::::
...:::::::::
∈ Rnp×mr
for each k ∈ S, containing row vectors xrki′ ( ′ = transposed)
11 / 46
Trace compression (basics, notation)
Raw leakage vectors xrki may contain mr = hundreds or thousands
of samples, due to high sampling rates used.
We may compress them before further processing, either by
I sample selection: keep only a subset of m mr samples
I dimensionality reduction: Principal Component Analysis(PCA) or Fisher’s Linear Discriminant Analysis (LDA)
Compressed leakage vectors: xrki ∈ Rmr 7→ xki ∈ Rm
Combine these as rows into the compressed leakage matrix
Xk =
. . . . . .
. . . . . ....
. . . . . .
∈ Rnp×m .
Without any such compression step: Xk = Xrk and m = mr.
12 / 46
Template parameters (basics, notation)
Now use compressed leakage matrices Xk to estimate for eachpossible value k ∈ S
Mean trace: xk = 1np
np∑
i=1
xki
Covariance matrix: Sk = 1np−1
np∑
i=1
(xki − xk)(xki − xk)′
Note:
np∑
i=1
(xki − xk)(xki − xk)′ = X′kXk where Xk is Xk with x′ksubtracted from each row.
Side-channel leakage traces can generally be modelled well by aGaussian multi-variate distribution, meaning that xk and Sk aresufficient statistics defining the underlying distribution (probabilitydensity function)
f(x | k) =1√
(2π)m |Sk|· e− 1
2(x−xk)′S−1
k (x−xk)
13 / 46
Illustrative example
-50 -40 -30 -20 -10 0 10 20 30 40
-20
-10
0
10
20
30
Each dot represents a trace x (with just m = 2 samples, colour indicates k),red circles represent mean traces xk, red lines represent eigenvectors ofcovariance matrix Sk, and the green ellipses are equiprobability lines of f(x | k). 14 / 46
Attack phase (basics, notation)
Infer the secret value k? ∈ S processed by the attacked device:
I Trigger repeat processing of k? for na times.
I Use same recording technique and compression method as inprofiling phase.
I Obtain na leakage vectors xi ∈ Rm , store in leakage matrix
Xk? =
. . . . . .
. . . . . ....
. . . . . .
∈ Rna×m
I For each k ∈ S compute a discriminant score D(k | Xk?).
I Finally try all k ∈ S on the attacked device, in order ofdecreasing score (optimized brute-force search, e.g. for apassword or cryptographic key), until correct k? found.
15 / 46
Discriminant function
Given a trace xi from Xk?, Bayes rule suggests:
D(k | xi) = f(xi | k)P (k)
or, if P (k) is independent of k (P (k) = |S|−1), then
D(k | xi) = f(xi | k).
The full Bayes likelihood is
L(k | xi) =f(xi | k)P (k)∑k′ f(xi | k′)P (k′)
but we can omit here factors that are same for each k and therefore do not affect therelative order of the discriminat scores.
With more than one measurement, assuming noise is independentacross repeat measurements, the joint likelihood over all attacktraces xi in Xk? is
L(k | Xk?) =∏
xi in Xk?
L(k | xi)
Is this a better discriminat than L(k | n−1a∑na
i=1 xi), i.e. averaging all attack tracesfirst before looking up a pdf? Yes, but . . .
16 / 46
Numerical problems
So far so simple. But in practice the pdf
f(x | k) =1√
(2π)m |Sk|· e− 1
2(x−xk)′S−1
k (x−xk)
can easily cause numerical problems that require attention:
I Sk may not be invertible (|Sk| ≈ 0):
In fact Sk cannot be invertible if np ≤ m:
This is because Sk is essentially X′kXk, and therefore
Xk ∈ Rnp×m and Sk ∈ Rm×m have the same rank.
I |Sk| may also overflow easily
I ex may overflow easilyIEEE double covers ex only for |x| < 710, easily exceeded for large m.
17 / 46
Pooled co-variance matrix
The template mean vectors xk characterize the signal.The co-variance matrices Sk characterize the noise.
If the measured noise is independent of the signal, then theunderlying covariances estimated by the Sk will be identical(“homoscedasticity”).
We can then average the Sk into a single pooled covariance matrix:
Spooled =1
|S|∑
k∈SSk
This has many advantages:
I better noise model (more data)
I relaxation of the necessary condition for Spooled beinginvertible: m < |S| · np, or np >
m|S|
I enables compression with Linear Discriminant Analysis (LDA)
I enables faster and more stable discriminant functionsBut: some side-channel countermeasures can result in data-dependent noise.
18 / 46
Illustrative example
-50 -40 -30 -20 -10 0 10 20 30 40
-20
-10
0
10
20
30
All |S| = 8 error ellipses are identically sized and orientated, and do not depend on k.
19 / 46
Compression: sample selection I
I keeping the dimension m of the multivariate pdf model smallhelps avoid numerical problems
I many samples in xri will contain no data-dependent variation
I discarding too much information will reduce success rate
Data-dependent variation characterized by between-groups vectors:
τk = xrk − xr where xr =
1
|S|∑
k∈Sxrk.
Various per-sample signal-strength estimates have been proposed:Difference of Means (DOM), the Sum of Squared Differences(SOSD), the Signal to Noise Ratio (SNR) and SOST. Example:
sDOM(t) =∑
1≤k<k′<|S||xrk(t)− xr
k′(t)|
20 / 46
Compression: sample selection II
Normalized signal-strength estimates from DOM, SOSD and SNR on our referencedata set (Grizzly Beta).
1 1.5 2 2.5clock cycles
domsosdsnrstdclock
Simplest techniques: take the m samples with the highest signalstrength s(t), or all above some threshold.
But these may all come from the same clock cycle and be highlycorrelated with each other (i.e., not say much new).
Alternative strategy: Take a maximum number of samples (e.g.,1, 3, 20) from each clock clock cycle.
21 / 46
Covariance of the between-group vectors
-50 -40 -30 -20 -10 0 10 20 30 40
-20
-10
0
10
20
30
The between-groups vectors τk = xrk − xr shown in blue.
22 / 46
Principal Component Analysis [Archambeau et al., 2006]
Sample-between-groups matrix:
B =∑
k∈S(xrk − xr)(xr
k − xr)′
Singular value decomposition: B = UDU′
I each column of the orthonormal matrix U ∈ Rmr×mris an
eigenvector uj of B
I diagonal matrix D ∈ Rmr×mrcontains the corresponding
eigenvalues δj , with δ1 ≥ δ2 ≥ · · · ≥ δmr .
Only the first m |S| eigenvectors (u1 . . .um) = Um are neededto preserve most of the variability from the mean vectors xr
k.
Compression step:Xk = Xr
kUm
This projects each raw trace xri in Xr
k onto the just m largesteigenvectors of B: xi = xr
iUm.
23 / 46
PCA example: eigenvectors of B
0 500 1000 1500 2000 2500
u1u2u3u4u5u6
24 / 46
PCA example: eigenvalues of B
0 5 10 15 2010 6
10 7
10 8
10 9
10 10
10 11
25 / 46
Linear discriminant analysis: maximising SNR
-50 -40 -30 -20 -10 0 10 20 30 40
-20
-10
0
10
20
30
LDA uses two covariance matrixes: B for signal and Spooled for noise, and projects the
xri onto the largest eigenvectors of the “signal-to-noise matrix”
(Sr
pooled
)−1B.
26 / 46
Linear discriminant analysis I [Standaert/Archambeau, 2008]
PCA finds directions δj where the signal is strong, to project onto,but ignores the noise.
Fisher’s LDA instead considers projections yj = aj′xr and finds
directions aj ∈ Rmrthat maximize
between-groups variance
within-groups variance=
∑
k∈S
(E (yjk)− E (yj)
)2
∑
k∈SVar (yjk)
=
∑
k∈S
(aj′(E (xr
k)− E (xr)))2
∑
k∈SVar
(aj′xrk
)
which can be estimated as
|S|(np − 1)∑
k∈S(aj′(xr
k − xr))2
∑
k∈S
np∑
i=1
aj′(xki − xk)(xki − xk)′aj
=aj′Baj
aj ′Srpooledaj
27 / 46
Linear discriminant analysis II
The coefficient aj that maximises
aj′Baj
aj ′Srpooledaj
is the first eigenvector (i.e., the one with the largest associatedeigenvalue) of (
Srpooled
)−1B
With the constraint Cov(yik, yjk) = 0, the other aj that maximisethe above ratio are the eigenvectors with the next largesteigenvalues.Note that
(Sr
pooled
)−1B is not necessarily symmetric, so we cannot directly apply
singular-value decomposition to obtain orthonormal eigenvectors. Instead, we can first
compute the eigenvectors uj of the symmetric matrix(Sr
pooled
)− 12 B(Sr
pooled
)− 12 ,
which has the same eigenvalues as(Sr
pooled
)−1B, and from which we can then obtain
the coefficients aj =(Sr
pooled
)− 12 uj .
There are a maximum of s = min(mr, |S| − 1) non-zero eigenvectors, as that is themaximum number of independent linear combinations available in B.
28 / 46
LDA example: eigenvectors of B
0 500 1000 1500 2000 2500
u1u2u3u4u5u6
29 / 46
LDA example: eigenvectors of(Sr
pooled
)
0 500 1000 1500 2000 2500
u1u2u3u4u5u6
30 / 46
LDA example: eigenvectors of(Sr
pooled
)−1B
0 500 1000 1500 2000 2500
u1u2u3u4u5u6
31 / 46
Linear discriminant analysis III
I Like with PCA, pick m such that the first m eigenvalues of(Sr
pooled
)−1B cover e.g. 95% of the sum of all eigenvalues.
I Let A = (a1 . . .am) be the matrix of the first m eigenvectors
of(Sr
pooled
)−1B, then project each leakage matrix as
Xk = XrkA
I LDA generally outperforms all other compression methods,but relies on homoscedasticity, therefore PCA remains usefulwhere the noise is not easily characterized.
I When we scale the coefficients aj , such that
aj′Sr
pooledaj = 1
the covariance in the discriminant function becomes theidentity matrix, i.e. Sk = I, which greatly reducescomputation and storage requirements.
32 / 46
After linear discriminant analysis
-20 -15 -10 -5 0 5 10 15-10
-8
-6
-4
-2
0
2
4
6
8
10
33 / 46
The log-likelihood discriminant
Recall the numerical problems with
f(x | k) =1√
(2π)m |Sk|· e− 1
2(x−xk)′S−1
k (x−xk)
Avoid overflowing ex and |Sk| by using instead the log-likelihood
log f(x | k) = −m2
log 2π− 1
2log |Sk| −
1
2(x− xk)′S−1
k (x− xk)
Compute log |Sk| = 2∑m
i=1 log cii using the Cholesky decomposition Sk = C′C.Since C is triangular, its determinant is the product of its diagonal elements cii.
Dropping the first term (constant across all k) gives us a robustdiscriminant based on the log-likelihood:
Dlog(k | xi) = −1
2log |Sk| −
1
2(xi − xk)′S−1
k (xi − xk)
34 / 46
The linear discriminant
Using Spooled, we can discard log |Sk| as well. This leaves the“Mahalanobis distance”
d2M(x, xk) = (x− xk)′S−1
pooled(x− xk) ≥ 0
to compare candidates k. (Covariance is positive semidefinite.)
Rewrite as
d2M(x, xk) = x′S−1
pooledx− 2x′kS−1pooledx + x′kS
−1pooledxk
and drop the first term (constant for all candidates k) to obtain adiscriminant that depends linearly on xi:
Dlinear(k | xi) = x′kS−1pooledxi −
1
2x′kS
−1pooledxk
35 / 46
Joint discriminants
Recall that to combine na attack traces (essential for the successof many side-channel attacks), we need to compute a discriminantbased on their their joint likelihood
L(k | Xk?) =∏
xi in Xk?
L(k | xi) or logL(k | Xk?) =na∑
i=1
logL(k | xi)
This costs O(nam2) for
Dlog(k | Xk?) = −na
2log |Sk| −
1
2
na∑
i=1
(xi − xk)′S−1k (xi − xk)
but only O(nam +m2) for
Dlinear(k | Xk?) = x′kS−1pooled
( na∑
i=1
xi
)− na
2x′kS
−1pooledxk
since x′kS−1pooled and x′kS
−1pooledxk only need to be done once.
Practical evaluation example: Dlog 3.5 days, Dlinear 30 min!
36 / 46
Example: comparison of different compression methods
Our test dataset Grizzly (available online):
I Atmel XMEGA 256 A3U processor
I 10 ohm resistor in ground line
I powered from 3.3 V battery via voltage regulator
I 1 MHz sine wave clock
I 250 MHz sampling frequency, 8-bit samples
I 3072 traces for each byte, mr = 2500 samples per trace
I sequence of LOAD instructions, where only one handles k?,all others handle constant value zero
Guessing entropy: Binary logarithm of rank order of correct k? inlist of k value sorted by decreasing discriminant function, averagedover 10 attacks.
Sample selections: ≤ 1 samples/clock (1ppc, m ≈ 8), ≤ 3samples/clock 3ppc (m ≈ 25), 20ppc (m ≈ 77) and allap(m ≈ 125) selections (all selected samples above the highest 95thpercentile of s(t)).
37 / 46
10 0 10 1 10 2 10 3
na (log axis)
0
1
2
3
4
5
6
7
Gue
ssin
g en
trop
y (b
its)
10 0 10 1 10 2 10 3
na (log axis)
0
1
2
3
4
5
6
7
Gue
ssin
g en
trop
y (b
its)
PCA, m=4sample, 1ppcsample, 3ppcsample, 20ppcsample, allap
10 0 10 1 10 2 10 3
na (log axis)
0
1
2
3
4
5
6
7
Gue
ssin
g en
trop
y (b
its)
10 0 10 1 10 2 10 3
na (log axis)
0
1
2
3
4
5
6
7
Gue
ssin
g en
trop
y (b
its)
LDA, m=4PCA, m=4sample, 1ppcsample, 3ppcsample, 20ppcsample, allap
Sk
(Dlo
g)
Sp
oo
led
(Dlin
ear)
np = 200 np = 2000
PCA
LDA
1ppc
38 / 46
Attacks on AES software/hardware implementations
10 0 10 1 10 2
na (log axis)
0
1
2
3
4
5
6
7
Gue
ssin
g en
trop
y (b
its)
LDA, m=4PCA, m=41ppc3ppc20ppcallap
10 0 10 1 10 2
na (log axis)
0
1
2
3
4
5
6
7
Gue
ssin
g en
trop
y (b
its)
LDA, m=10PCA, m=101ppc, m=63ppc, m=1820ppc, m=120
Left: Guessing entropy after template attack on the Grizzly datasetin an AES S-box scenario (simulated).
⇒ DPA-style attack on AES much easier than directeavesdropping of a single LOAD instruction.
Right: Template attack on AES engine (Polar dataset).
⇒ Software implementation much easier to attack than hardwareimplementation.
39 / 46
Attacks on different devices
Four XMEGA PCB devices used in our experiments.40 / 46
Classic template attacks in different scenarios
10 0 10 1 10 2 10 3
na (log axis)
0
1
2
3
4
5
6
7
Gue
ssin
g en
trop
y (b
its) LDA, m=4
PCA, m=4sample, 1ppcsample, 3ppcsample, 20ppcsample, allap
10 0 10 1 10 2 10 3
na (log axis)
0
1
2
3
4
5
6
7
Gue
ssin
g en
trop
y (b
its) LDA, K=4
PCA, K=4sample, 1ppcsample, 3ppcsample, 20ppcsample, allap
Left: using device Alpha for profiling and device Beta for attack.
Right: using same device (Beta) but different acquisitioncampaigns for profile (Beta) and attack (Beta Bis)
⇒ all compression techniques (except for LDA!) failed badly acrossdifferent devices or even across different campaigns on the samedevice.
41 / 46
Major cause: DC drift across devices, boards, campaigns
850 878 884 900 9500
1
2
3
4
5
mA
single trace from Beta
850 878 884 900 950-0.3
-0.2
-0.1
0
0.1
mA
AlphaBetaBeta bisGammaDeltaBeta + ciBeta - ciSNR of Beta
Top: Trace from Beta (first clock cycle of target LOAD)
Bottom: overall mean vectors xr for all campaigns minus overall mean vector of Beta42 / 46
LDA gets this:(Sr
pooled
)(noise) has DC eigenvector
0 500 1000 1500 2000 2500
u1u2u3u4u5u6
43 / 46
No major incompatibility of underlying leakage model
3.2 3.4 3.6 3.8 4 4.2 4.4 4.6 4.8
mA
0
0.5
1
1.5
2
2.5
0123456789
3.2 3.4 3.6 3.8 4 4.2 4.4 4.6 4.8
mA
0
0.5
1
1.5
2
2.5
0123456789
Normal distribution at sample index j = 884 based on thetemplate parameters (xr
k,Srpooled) for k ∈ 0, . . . , 9 on Alpha
(left) and Beta (right).
44 / 46
I Template attacks are very sensitive to changes in DC bias
I Changes in DC bias can also happen within a single campaign(e.g. due to temperature changes)
I This causes a DC eigenvector to emerge in Srpooled which LDA
utilizes to ignore DC drift as noise
Workarounds:
I Use different devices during profiling campaigns.
I Allow temperature variation during profiling campaigns (canalso affect switching thresholds).
I Use LDA.
I Where LDA is not applicable: use PCA with random DCoffsets added to mean vectors before calculating B, to pushmost DC signal into a single eigenvector and keep the restDC-free.
I Apply DC-block filter: happens already automatically if EMsensors or other high-pass filters are used. However this canalso significantly increase noise, by spreading nearby variabilityvia filter impulse response.
45 / 46
Profiling on Alpha, attack on Beta
100
101
102
103
0
1
2
3
4
5
6
na (log axis)
Gue
ssin
g en
trop
y (b
its)
LDA, m=4PCA, m=4sample, 1ppcsample, 3ppcsample, 20ppcsample, allapLDA, m=3LDA, m=5LDA, m=6LDA, m=40PCA, m=5PCA, m=6PCA, m=40
10 0 10 1 10 2 10 3
na (log axis)
0
1
2
3
4
5
6
Gue
ssin
g en
trop
y (b
its)
LDA, m=4LDA, m=5PCA, m=4PCA, m=5
LDA m = 3,m = 4
PCA m = 4
Left: using various compressions with the classic method.DC eigenvector of B: j = 5
Right: using PCA and LDA after adding random DC offset. DCeigenvector of B: j = 1
PCA benefits from including DC eigenvector in projection, LDAdoes not.
46 / 46
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
GDPR and legal challenges for designingdistance bounding protocols
Mirosław Kutyłowski
Politechnika Wrocławska
Cryptacus Training School, Ponta Delgada 2018
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
Security in system design
security of all parties involved must be concerned, notonly of a user... in particular security of the system designermany things may go wrong:
financial claims against system designer based onsystem errorspressure from the authorities on system designer tomisbehavepressure on certificate/audit bodies to provide falseevidencemistakes during implementationpatent claims...
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
Security and privacy
Standard approaches to ensure Security and Privacycriminal lawcertification/audit frameworksindustrial standardslegal contracts
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR Criminal law
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
Situation in EU
in most countries the same roots of the legal system(Roman Empire)there are two incompatible systems: continental law,common lawthe same ideas occur in European countries, howeverpractically there are deep differences based on detailseven more differences with USA
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
German criminal law versus system design
Section 202a, Data espionage1 Whosoever unlawfully obtains data for himself or another
that were not intended for him and were especially protectedagainst unauthorised access, if he has circumvented theprotection, shall be liable to imprisonment not exceedingthree years or a fine.
2 Within the meaning of subsection (1) above data shall onlybe those stored or transmitted electronically or magneticallyor otherwise in a manner not immediately perceivable.
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
German criminal law versus system design
Section 202b, PhishingWhosoever unlawfully intercepts data (section 202a(2)) notintended for him, for himself or another by technical meansfrom a non-public data processing facility or from theelectromagnetic broadcast of a data processing facility,shall be liable to imprisonment not exceeding two years or afine, unless the offense incurs a more severe penalty underother provisions.
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
German criminal law versus system design
Section 202c Acts preparatory to data espionage andphishing
1 Whosoever prepares the commission of an offenseunder section 202a or section 202b by producing,acquiring for himself or another, selling, supplying toanother, disseminating or making otherwise accessible
1 passwords or other security codes enabling access todata (section 202a(2)), or
2 software for the purpose of the commission of such anoffense,
shall be liable to imprisonment not exceeding one yearor a fine.
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
German criminal law versus system design
Section 203 Violation of private secrets(1) Whosoever unlawfully discloses a secret of another, inparticular, a secret which belongs to the sphere of personalprivacy or a business or trade secret, which was confided toor otherwise made known to him in his capacity as a ...[here a narrow closed list] ...
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
German criminal law versus system design
Section 204, Exploitation of the secrets of another(1) Whosoever unlawfully exploits the secret of another, inparticular a business or trade secret, which he is obliged tokeep secret pursuant to section 203, shall be liable toimprisonment not exceeding two years or a fine.
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
German criminal law versus system design
Section 206 Violation of the postal and telecommunicationssecret
1 Whosoever unlawfully discloses to another person factswhich are subject to the postal or telecommunicationssecret and which became known to him as the owneror employee of an enterprise in the business ofproviding postal or telecommunications services, shallbe liable to ...
2 Whosoever, as an owner or employee of an enterpriseindicated in subsection (1) above unlawfully
1 opens a piece of sealed mail ...
shall incur the same penalty.
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
German criminal law versus system design
Section 263a, Computer fraud1 Whosoever with the intent of obtaining for himself or a
third person an unlawful material benefit damages theproperty of another by influencing the result of a dataprocessing operation through incorrect configuration ofa program, use of incorrect or incomplete data,unauthorised use of data or other unauthorisedinfluence on the course of the processing shall be liableto imprisonment not exceeding five years or a fine.
2 The attempt shall be punishable.
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
German criminal law versus system design
Section 263a, Computer fraud3. In especially serious cases the penalty shall be
imprisonment from six months to ten years. Anespecially serious case typically occurs if the offender
1 acts on a commercial basis or as a member of a gangwhose purpose is the continued commission of forgeryor fraud;
2 causes a major financial loss of or acts with the intent ofplacing a large number of persons in danger of financialloss by the continued commission of offenses of fraud;
3 places another person in financial hardship;4 abuses his powers or his position as a public official ; or
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR Common Criteria
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
Common Criteria Framework
Goals1 a common evaluation framework2 guide for a customer to choose the right product
However1 CC certificate is not a security guarantee2 it is frequently misunderstood as a security certificate3 processing cost is still high
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
Common Criteria Framework
Idea1 write a Protection Profile based on evaluation of risks
(PP)2 build a product according to Protection Profile (Security
Target, ST)3 audit the product according to a very formalized
procedure by a certification body
ease the process,reuse work,build from standard components
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
Common Criteria Framework
CC certificate contributionCC certification says that a product has beendeveloped according to a given PP (or ST)assurance level concerns only the stated requirements,e.g. trivial requirements⇒high EAL level(possible mistake: demanding high EAL level withoutspecifying PP)
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
Protection Profile
Target of Evaluation (TOE)“is aimed at potential consumers who are looking throughlists of evaluated TOEs/Products to find TOEs that maymeet their security needs, and are supported by theirhardware, software and firmware”
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
Protection Profile
important sections of TOEUsage and major security features of the TOE
crucial properties of the system (high level) and securityfeatures from the point of view of the security effect and nothow it is achieved
life-cyclethe product in the whole life cycle including manufacturing,delivery and destroying
TOE typewhich parts, which general purpose, which functionalities arepresent and which are missing, e.g. ATM card with nocontactless payments
Required non-TOE hardware/software/firmwareother components that can be crucial for evaluation
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
Protection Profile
Conformance ClaimCC Conformance Claim: version of CCPP claim: other PP taken into account in aplug-and-play wayPackage claim: which EAL package level
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
Protection Profile
EAL
6 “assurance classes”
subdivided into 27 sub-categories (the so-called “assurancefamilies”)
for each assurance family – grading of an evaluation: a number
EAL result: an array of 27 values
7 predefined ratings, called evaluation assurance levels or EALs.called EAL1 to EAL7, with EAL1 the lowest and EAL7 the highest
e.g.: EAL2 assigns the rating 2 to 7 assurance families, the rating 1to 11 assurance families, and 0 to the other 9 assurance families
monotonic: EALn+1 gives at least the same assurance level asEALn in each assurance family
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
Example assurance familyALC FLR Flaw remediation
ALC FLR.1
The flaw remediation procedures documentation shall describe theprocedures used to track all reported security flaws in each releaseof the TOE.
The flaw remediation procedures shall require that a description ofthe nature and effect of each security flaw be provided, as well asthe status of finding a correction to that flaw.
The flaw remediation procedures shall require that correctiveactions be identified for each of the security flaws.
The flaw remediation procedures documentation shall describe themethods used to provide flaw information, corrections andguidance on corrective actions to TOE users.
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
Example assurance familyALC FLR Flaw remediation
ALC FLR.2:
ALC FLR.1 as before
The flaw remediation procedures shall describe a means by whichthe developer receives from TOE users reports and enquiries ofsuspected security flaws in the TOE.
The procedures for processing reported security flaws shall ensurethat any reported flaws are remediated and the remediationprocedures issued to TOE users.
The procedures for processing reported security flaws shall providesafeguards that any corrections to these security flaws do notintroduce any new flaws.
The flaw remediation guidance shall describe a means by whichTOE users report to the developer any suspected security flaws inthe TOE.
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
Protection Profile
Security Problem DefinitionOSP Object Security Problem : “The security
problem definition defines the security problemthat is to be addressed.”
axiomatic : deriving the security problem definitionoutside the scope of CC
crucial: “the usefulness of the results of an evaluationstrongly depends on the security problemdefinition”
requires work : “spend significant resources and usewell-defined processes and analyses to derivea good security problem definition”
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
Protection ProfileSecurity Problem Definition
assets
entities that someone places value upon.E.g. contents of a file, - distance correctness, - presence at a givenplace, - anonymity with respect to an external observer
threats
threats to assets, what may happen that would endanger an asset
assets versus threats
a mapping matrix: mark which threat endangers which asset
an asset which is not the subject of any threat can be disregarded
from this point we are not talking about assets but only threats
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
Protection Profile
Security objectives
The security objectives are a concise and abstract statement of theintended solution to the problem defined by the security problemdefinition.
Role of SO
a high-level, natural language solution of the problem;
divide this solution into part-wise solutions, each addressing a partof the problem;
demonstrate that these part-wise solutions form a completesolution to the problem.
bridge between the security problem and Security FunctionalRequirements (SFR)
Example of SO: the token communicates only with legitimate readers
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
Protection ProfileSO
mapping
mapping objectives to threats: a matrix with SO andthreatseach threat should be covered, each objective has torespond to some threatanswers the question:
what is sufficient to avoid threats?have we forgot about something?
rationale: a verifiable explanation why the mapping issound
after this stage we may forget about threats and think aboutSOs only
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
Protection Profile
SFR (Security Functional requirements)SFRs are a translation of the security objectives for theTOE.a complete translation (the security objectives must becompletely addressed)SFRs should be independent of any specific technicalsolution (implementation)standardized language - to ease evaluation andcomparison
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
Protection Profile
SFRs catalogue
many SFRs already predefined via CCpossibility to add own onescustomizing possible in most cases (options left for thewriter of a PP)
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
Protection Profile
examples of predefined classesLogging and audit class FAUIdentification and authentication class FIACryptographic operation class FCSAccess control families FDP ACC, FDP ACFInformation flow control families FDP IFC, FDP IFManagement functions class FMT(Technical) protection of user data families FDP RIP,FDP ITT, FDP ROL(Technical) protection of TSF data class FPT...
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
Common Criteriasummary
“compose from pieces” approach (versus monolithicapproach)checkable: divide-and-conquer approachkey security issue: poorly written PP⇒ insecuresystem
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
Standards
Standards versus securitystandardization is a process of getting a compromiseregarding choice of technical details,security relevant consequences:
it is better to have one target to analyze/attack thanpotentially unlimited number of choicescompromise is almost always not driven by securityissuesnot a transparent process, security specialists might bemissing in the team
Threat: many decision makers regard a technical standardas a security guarantee.
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
Contracts
Typical practicesno responsibility for correct operation, “use program as it is”
theoretically a user can try to negotiate better conditions,but it is nearly impossibleGDPR changes the situation dramatically – with regard topersonal data protection
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR Privacy protection and GDPR
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
Privacy by design
GDPR1 General Data Protection Regulation in EU2 scope:
activities in EUexporting such dataactivities outside Europe concerning commercialservices in EU
3 in practice enforcing the same regime elsewhere
“devices compliant with GDPR”
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
GDPR
Technical scopeGDPR “applies to the processing of personal data wholly orpartly by automated means and to the processing other thanby automated means of personal data which form part of afiling system or are intended to form part of a filing system.”
most systems processing data in systematic way fulfill theseconditions
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
GDPR
personal dataany information relating to an identified or identifiablenatural person (“data subject”);
an identifiable natural person is one who can be identified,directly or indirectly, in particular by reference to an identifiersuch as a name, an identification number, location data, anonline identifier or to one or more factors specific to thephysical, physiological, genetic, mental, economic, culturalor social identity of that natural person;
recommendationwhenever possible create systems so that data cannotbe linked to a natural person
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
GDPR
processingany operation or set of operations
which is performed on personal data or on sets of personaldata,
whether or not by automated means,
such as collection, recording, organization, structuring,storage,adaptation or alteration, retrieval, consultation, use,disclosure by transmission, dissemination or otherwisemaking available, alignment or combination, restriction,erasure or destruction;
corollarypossessing personal data already means “processing”.destroying is also processing and must be lawful
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
GDPR
pseudonymisationprocessing of personal data in such a manner that thepersonal data can no longer be attributed to a specific datasubject without the use of additional information, providedthat such additional information is kept separately and issubject to technical and organizational measures to ensurethat the personal data are not attributed to an identified oridentifiable natural person;
corollarypseudonymisation reversible with additional keys
apply whenever it might be necessary to recover thelink to a natural person
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
GDPRactors
controller ... body which determines the purposes andmeans of the processing of personal data;
processor ... processes personal data on behalf of thecontroller;
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
GDPRrules of processing
Personal data shall be:(a) processed lawfully, fairly and in a transparent manner in
relation to the data subject“lawfulness, fairness and transparency”;
(b) collected for specified, explicit and legitimate purposesand not further processed in a manner that isincompatible with those purposes;further processing for archiving purposes in the public interest,scientific or historical research purposes or statistical purposesshall, ... not be considered to be incompatible with the initialpurposes“purpose limitation”;
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
GDPRrules of processing
Personal data shall be:(c) adequate, relevant and limited to what is necessary in
relation to the purposes for which they are processed“data minimization”
(d) accurate and, where necessary, kept up to date; everyreasonable step must be taken to ensure that personaldata that are inaccurate, having regard to the purposesfor which they are processed, are erased or rectifiedwithout delay “accuracy”
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
GDPRrules of processing
Personal data shall be:(e) kept in a form which permits identification of data
subjects for no longer than is necessary for thepurposes for which the personal data are processed; ...“storage limitation”
(f) processed in a manner that ensures appropriatesecurity of the personal data, including protectionagainst unauthorised or unlawful processing andagainst accidental loss, destruction or damage, usingappropriate technical or organizational measures“integrity and confidentiality”
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
GDPRprivacy by design
accountabilityThe controller shall be responsible for, and be able todemonstrate compliance with [these rules]
provable security!not regarding an abstract model but realitythe previous regulation referred to responsibility only
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
GDPR lawful processing
Conditions for lawful processing1 the data subject has given consent to the processing ... for one or
more specific purposes;
2 processing is necessary for the performance of a contract to whichthe data subject is party or in order to take steps at the request ofthe data subject prior to entering into a contract;
3 processing is necessary for compliance with a legal obligation towhich the controller is subject;
4 processing is necessary in order to protect the vital interests of thedata subject or of another natural person;
5 processing is necessary for the performance of a task carried out inthe public interest or in the exercise of official authority vested in thecontroller;
6 processing is necessary for the purposes of the legitimate interestspursued by the controller or by a third party, except where suchinterests are overridden by the interests or fundamental rights andfreedoms of the data subject ...
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
GDPR
Conditions for consent1 ... the controller shall be able to demonstrate that the
data subject has consented to processing ...2 The data subject shall have the right to withdraw his or
her consent at any time.3 ... It shall be as easy to withdraw as to give consent.
extra requirements for enabling to leave the system andremove data
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
GDPR
Problems with biometric data1. Processing of personal data revealing racial or ethnic
origin, political opinions, religious or philosophicalbeliefs, or trade union membership, and the processingof genetic data, biometric data for the purpose ofuniquely identifying a natural person, ... shall beprohibited.
2. Paragraph 1 shall not apply if one of the followingapplies: ...
corollaryavoid any processing of biometric data,if you must process biometric data, then particular careduring system design is necessary
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
GDPR
Information to the data subjectThe controller shall take appropriate measures to provideany information referred to in Articles 13 and 14 and anycommunication under Articles 15 to 22 and 34 relating toprocessing to the data subject in a concise, transparent,intelligible and easily accessible form, using clear and plainlanguage, in particular for any information addressedspecifically to a child.
consequencesautomatic processing necessarycompleteness of informationcentralized information retrieval
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
GDPR
who gets the dataWhere personal data relating to a data subject are collectedfrom the data subject, the controller shall, at the time whenpersonal data are obtained, provide the data subject with allof the following information:
(c) the purposes of the processing for which the personaldata are intended as well as the legal basis for theprocessing;
(e) the recipients or categories of recipients of the personaldata, if any;
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
GDPR
Information obligationsIn addition to the information referred to in paragraph 1, thecontroller shall, at the time when personal data areobtained, provide the data subject with the following furtherinformation necessary to ensure fair and transparentprocessing:(a) (a) the period for which the personal data will be stored,
or if that is not possible, the criteria used to determinethat period;...
consequencethe controller must have an information channel to the datasubject
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
GDPR
Right of access by the data subject
The data subject shall have the right to obtain from the controllerconfirmation as to whether or not personal data concerning him or herare being processed, and, where that is the case, access to the personaldata and the following information:
(a) the purposes of the processing;
(b) the categories of personal data concerned;
(c) the recipients or categories of recipient to whom the personal datahave been or will be disclosed, in particular recipients in thirdcountries or international organizations;
...
consequences
online access for a user?
you have to be particularly careful about transfering data outsideEurope
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
GDPRright-to-be-forgotten
The data subject shall have the right to obtain from the controller theerasure of personal data ... without undue delay ... where one of thefollowing grounds applies:
(a) the personal data are no longer necessary in relation to thepurposes ...
(b) the data subject withdraws consent on which the processing isbased according to and where there is no other legal ground for theprocessing;
(c) the data subject objects to the processing pursuant to Article 21(1)and there are no overriding legitimate grounds ...
(d) the personal data have been unlawfully processed;
...
consequences
problems for distributed ledgers
automated (erasure) processing versus examination of legalsituation
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
GDPRfurther topics
1 right for correcting information2 profiling users and the right to object3 data portability
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
GDPR
Security obligations of the controller and the processor1. Taking into account the state of the art, the costs of implementation
and the nature, scope, context and purposes of processing as wellas the risk of varying likelihood and severity for the rights andfreedoms of natural persons,
the controller and the processor shall implement appropriatetechnical and organizational measures to ensure a level of securityappropriate to the risk, including inter alia as appropriate:
(a) the pseudonymisation and encryption of personal data;(b) the ability to ensure the ongoing confidentiality, integrity,
availability and resilience of processing systems and services;(c) the ability to restore the availability and access to personal
data in a timely manner in the event of a physical or technicalincident;
(d) a process for regularly testing, assessing and evaluating theeffectiveness of technical and organizational measures forensuring the security of the processing.
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
GDPR
Security obligations of the controller and the processor2. In assessing the appropriate level of security account shall be taken
in particular of the risks that are presented by processing, inparticular from accidental or unlawful destruction, loss, alteration,unauthorised disclosure of, or access to personal data transmitted,stored or otherwise processed.
3. Adherence to an approved code of conduct as referred to in Article40 or an approved certification mechanism as referred to in Article42 may be used as an element by which to demonstrate compliancewith the requirements set out in paragraph 1 of this Article.
4. The controller and processor shall take steps to ensure that anynatural person acting under the authority of the controller or theprocessor who has access to personal data does not process themexcept on instructions from the controller, unless he or she isrequired to do so by Union or Member State law.
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
GDPRpenalties
Administrative fines for controllers and processorsup to 20.000.000 EUR up to 4 % of the total worldwideannual turnover of the preceding financial year, whichever ishigherdepending on the art of the problem
the upper bounds established so that they are not negligiblefor big players from USA, but for small enterprises ....
GDPRchallenges
M.Kutyłowski
classicalapproachescriminal law
Common Criteria
standards
contract based
GDPR
Identification challenge
identificationin most scenarios if two devices interact, then theyhave to present their identifiersbut if they communicate over an open channel.. there is no privacy-by-design
asymmetric cryptoestablish a secure channel - e.g. with Diffie-Hellmanexchange identity data over secure channel
symmetric crypto???tracing threats might be hard to avoid for lightweightdevices, a significant challenge to implement systemsaccording to GDPR
(C) 2018 P. Schaumont (VT)
Fault Attacks on Embedded Software:
Threats, Design, and MitigationPatrick Schaumont
ProfessorBradley Department of ECE
Virginia Tech
AcknowledgementsFAME Project Team
https://sites.google.com/view/famechip
Supported throughNational Science Foundation
Semiconductor Research Corporation1
(C) 2018 P. Schaumont (VT)
Objective
2
input
output’
(Secure)SW
correctbehavior
faultybehavior
Fault Analysis
The black‐box model
output
FaultInjection
?
? ?
?
(C) 2018 P. Schaumont (VT)
Objective
3
input
output’
(Secure)SW
correctbehavior
faultybehavior
Fault Analysis
The black‐box model
output
FaultInjection
The grey‐box model
?
? ?
?
(C) 2018 P. Schaumont (VT)
Objective
4
input
output’
(Secure)SW
correctbehavior
faultybehavior
Fault Analysis
The black‐box model
output
FaultInjection
The grey‐box model
Microprocessor
Mem Hierarchy
(Secure) SWInjection
Manifestation
Propagation
Observation
Fault
Exploitation
(C) 2018 P. Schaumont (VT)
Objective
5
input
output’
(Secure)SW
correctbehavior
faultybehavior
Fault Analysis
The black‐box model
output
FaultInjection
The grey‐box model
Microprocessor
Mem Hierarchy
(Secure) SWInjection
Manifestation
Propagation
Observation
Fault
Exploitation
• Make a systematic review of the fault‐attack process on embedded software
(C) 2018 P. Schaumont (VT)
Outline
1. Introducing the Fault Attack2. Anatomy of a Fault Attack3. Fault Injection Techniques4. Manifestation and Propagation in the ISA5. FAME – A Mitigation Technique for
Microprocessors
6
(C) 2018 P. Schaumont (VT)
Attacks on Embedded Software
7
CPUMEMI/O
• Embedded Software assumes execution is correct• (This presentation)
Incorrect execution as starting point for attack‐ Privilege Escalation ‐ Information Leakage
(C) 2018 P. Schaumont (VT)
Privilege Escalation & Information Leakage
• Privilege Escalation= Adversarial Control of Critical Decisions
if (! access_allowed )abort( );
• Information Leakage= Disclosure of Secret Data & Dependencies
if (key_bit)out = f(r1);
elseout = f(r0);
8
r1
key_bit leaks through out
(C) 2018 P. Schaumont (VT)
Triggering Incorrect Execution
Attacker Attack Target Security FailureInput/Output Attacker Input/Output Data Software BugsMemory Attacker Application/Task Image Lack of Mem IsolationHardware Attacker Instruction Opcode Modification
Instruction Execution Micro-ArchitectureCircuit Timing, Threshold LevelsEnvironment Operating Conditions
9
CPUMEMI/O
this talk
(C) 2018 P. Schaumont (VT)
Outline
1. Introducing the Fault Attack2. Anatomy of a Fault Attack3. Fault Injection Techniques4. Manifestation and Propagation in the ISA5. FAME – A Mitigation Technique for
Microprocessors
10
(C) 2018 P. Schaumont (VT)
Anatomy of a Fault Attack
1. Fault Attack Design• Fault Target and Fault Model• Fault Injection Method • Fault Exploitation Method
2. Fault Attack Implementation• Fault Injection• Fault Manifestation• Fault Propagation• Fault Observation• Fault Exploitation
11
Defined by Security (Attack)
Objective
Constrained by Implementation
(C) 2018 P. Schaumont (VT)
Anatomy of a Fault Attack
12
Physical Level Fault Injection
electrical transient
(C) 2018 P. Schaumont (VT)
Anatomy of a Fault Attack
13
Circuit Level
Physical Level Fault Injection
electrical transient
Fault Manifestation
faulty bits
(C) 2018 P. Schaumont (VT)
Anatomy of a Fault Attack
14
Instruction Memory
Data MemRegister File
Boot ROM
Status Regs
DatapathControl
I‐Fetch
DecodeD‐Fetch
Execute
Store
Hardware
Circuit Level
Physical Level
Micro‐ArchitectureLevel
Fault Injection
electrical transient
Fault Manifestation
faulty bits
Fault Propagation
faulty micro‐op
(C) 2018 P. Schaumont (VT)
Anatomy of a Fault Attack
15
Instruction Set Architecture
Instruction Memory
Data MemRegister File
Boot ROM
Status Regs
DatapathControl
I‐Fetch
Decode
D‐Fetch
Execute
Store
Software
Hardware
Circuit Level
Physical Level
Micro‐ArchitectureLevel
ApplicationOS
Firmware
int verify(S,P) int r; if (S = P) r = 1; else r = 0; return r
1 23
45
1
2
3 4
5
S,P
r r
SPFaulty Control Flowand/or Data Flow
Fault Injection
electrical transient
Fault Manifestation
faulty bits
Fault Propagation
faulty instruction
Fault Observation
faulty micro‐op
(C) 2018 P. Schaumont (VT)
Anatomy of a Fault Attack
16
Instruction Set Architecture
Instruction Memory
Data MemRegister File
Boot ROM
Status Regs
DatapathControl
I‐Fetch
DecodeD‐Fetch
Execute
Store
Software
Hardware
Circuit Level
Physical Level
Micro‐ArchitectureLevel
ApplicationOS
Firmware
int verify(S,P) int r; if (S = P) r = 1; else r = 0; return r
1 23
45
1
2
3 4
5
S,P
r r
SPFaulty Control Flowand/or Data Flow
Fault Injection
electrical transient
Fault Manifestation
faulty bits
Fault Propagation
faulty instruction
Fault Observation
Fault Exploitation
faulty micro‐op
(C) 2018 P. Schaumont (VT)
Outline
1. Introducing the Fault Attack2. Anatomy of a Fault Attack3. Fault Injection Techniques4. Manifestation and Propagation in the ISA5. FAME – A Mitigation Technique for
Microprocessors
17
(C) 2018 P. Schaumont (VT)
Fault‐injection Control
18
Hardware‐controlledFault Injection
Software‐controlledFault Injection
CPUMEMI/O CPUMEMI/O
InjectorFault Control
Physical StressTiming
Fault Injection Hardware
VictimCTL/Injection
Software Tasks
Physical Stress
(C) 2018 P. Schaumont (VT)
Timing
19
clk
critical path
+ slack
nominal clock period
logic
VddTemp
(C) 2018 P. Schaumont (VT)
Artificial Timing Faults
20
clk
critical path
shortened clock period
logic
VddTemp
• Overclocking• Clock Glitching
increased critical path
nominal clock period
‐ slack
‐ slack
• Underfeeding• Voltage Glitching• Overheating
TimingViolation
(C) 2018 P. Schaumont (VT)
Noise Injection ‐ EMFI
21
clk
logic
Field B
Area A
E = ‐A . dBdt
didt
E
Faraday’s Law
(C) 2018 P. Schaumont (VT)
Noise Injection ‐ EMFI
22
clk
logic
Field B
Area A
E = ‐A . dBdt
didt
E
Faraday’s Law
(C) 2018 P. Schaumont (VT)
Noise Injection – Laser Faults
23
Vss
Vdd
Laser Beam
0 1
Photocurrent
on
off
Laser Beam
Flip
Glitches Single Event Upset
(C) 2018 P. Schaumont (VT)
Software‐Controlled Faults
• DVFS Interface (CLKSCREW)
• Memory Disturbance
24
row buffer
row 0row 1row 2
word
bit
leak charge @ repeated word access
PLL
PMIC
f1
f2 Core1
Core2V1
V2
ProgrammingInterface timing violation by modified (V2,f2)
software controlled
software controlled
(C) 2018 P. Schaumont (VT)
Fault Injection Portfolio
25
Fault Injection SpatialPrecision
TemporalPrecision
Cost Intensity
Overclocking Low Low Low Clock fClock Glitching Low High Low Glitch WidthUnderfeeding Low Low Low VoltageVoltage Glitching Low High Low Glitch V/WOverheating Low Low Low TemperatureLight Pulse Medium Medium Low Pulse W/EnrgyLaser Pulse High High High Pulse W/EnrgyEM Pulse Medium High High Probe CurrentDVFS Interface Low Medium Zero V/fMemory Disturbance High Medium Zero Disturbance f
(C) 2018 P. Schaumont (VT)
Outline
1. Introducing the Fault Attack2. Anatomy of a Fault Attack3. Fault Injection Techniques4. Manifestation and Propagation in the ISA5. FAME – A Mitigation Technique for
Microprocessors
26
(C) 2018 P. Schaumont (VT)
Processor Micro‐architecture
27
Instruction Set Architecture
• Instruction Semantics & Syntax• Memory Model• Interrupt/Exception Interface
Instruction Memory
Control
Datapath
RegFileData Mem
Micro‐Architecture
Programmer’s Model
Fetch
Decode
LoadStore
Flags
(C) 2018 P. Schaumont (VT)
Processor Micro‐architecture Faults
28
Instruction Set Architecture
• Instruction Semantics & Syntax• Memory Model• Interrupt/Exception Interface
Manifestation
Propagation
Instruction Memory
Control
Datapath
RegFileData Mem
Micro‐Architecture
Programmer’s Model
Fetch
Decode
LoadStore
Flags
• Fault Location• Fault Effect• Fault Duration• Fault Size
Faulty Instruction
(C) 2018 P. Schaumont (VT)
Processor Micro‐architecture Faults
29
Instruction‐memory
Instruction‐fetch
Instruction‐decode
Operand‐fetch
Execute
Store
Data‐memory
Register File
Status Flags
Micro‐architecture Element
(C) 2018 P. Schaumont (VT)
Processor Micro‐architecture Faults
30
Instruction‐memory
Instruction‐fetch
Instruction‐decode
Operand‐fetch
Execute
Store
Data‐memory
Register File
Status Flags
Micro‐architecture Element
Function ImmediateOperand
Differentinstruction
Differentsource/dest
Differentvalue
(C) 2018 P. Schaumont (VT)
Processor Micro‐architecture Faults
31
ld [%i1 + 4], %g1
Instruction‐memory
Instruction‐fetch
Instruction‐decode
Operand‐fetch
Execute
Store
Data‐memory
Register File
Status Flags
Micro‐architecture Element
Assume a one‐bit fault on
Function ImmediateOperand
Differentinstruction
Differentsource/dest
Differentvalue
Resulting fault space includes• 21 ld variants with different load address• 6 ld variants with a different target• 1 add variant• 1 store variant• 1 call variant• 2 unknown variants (trap)
(C) 2018 P. Schaumont (VT)
Processor Micro‐architecture Faults
32
add %l2, %l7, %g2
Instruction‐memory
Instruction‐fetch
Instruction‐decode
Operand‐fetch
Execute
Store
Data‐memory
Register File
Status Flags
Micro‐architecture Element
Assume a one‐bit fault on
Function ImmediateOperand
Differentinstruction
Differentsource/dest
Differentvalue
Resulting fault space includes• 12 add variants with a different source• 9 unknown variants (trap)• 5 add variants with a different target• 3 arithmetic variants (sub, addx, addcc)• 2 logical variants (or, and)• 1 ld variant
(C) 2018 P. Schaumont (VT)
Processor Micro‐architecture Faults
33
be 0x40005924
Instruction‐memory
Instruction‐fetch
Instruction‐decode
Operand‐fetch
Execute
Store
Data‐memory
Register File
Status Flags
Micro‐architecture Element
Assume a one‐bit fault on
Function ImmediateOperand
Differentinstruction
Differentsource/dest
Differentvalue
Resulting fault space includes• 23 be variants with a different target• 5 branch targets with different condition• 2 unknown variants (trap)• 1 call variant• 1 add variant
(C) 2018 P. Schaumont (VT)
Processor Micro‐architecture Faults
34
Instruction‐memory
Instruction‐fetch
Instruction‐decode
Operand‐fetch
Execute
Store
Data‐memory
Register File
Status Flags
Micro‐architecture Element
Modifies the PC, can modify control flow
(C) 2018 P. Schaumont (VT)
Processor Micro‐architecture Faults
35
Instruction‐memory
Instruction‐fetch
Instruction‐decode
Operand‐fetch
Execute
Store
Data‐memory
Register File
Status Flags
Micro‐architecture Element
Modifies the value of the source operands
ld [r1 + r2], r3
cmp r1, r2
be dest
faulty r3
faulty flags
no effect
(C) 2018 P. Schaumont (VT)
Processor Micro‐architecture Faults
36
Instruction‐memory
Instruction‐fetch
Instruction‐decode
Operand‐fetch
Execute
Store
Data‐memory
Register File
Status Flags
Micro‐architecture Element
Modifies the value of the computation
ld [r1 + r2], r3
cmp r1, r2
be dest
faulty r3
faulty flags
faulty jump address
(C) 2018 P. Schaumont (VT)
Processor Micro‐architecture Faults
37
Instruction‐memory
Instruction‐fetch
Instruction‐decode
Operand‐fetch
Execute
Store
Data‐memory
Register File
Status Flags
Micro‐architecture Element
‐ Fault effects on a microarchitecture are highly nonlinear
+ For a given fault effect, analysis is possible
(C) 2018 P. Schaumont (VT)
Outline1. Introducing the Fault Attack2. Anatomy of a Fault Attack3. Fault Injection Techniques4. Manifestation and Propagation in the ISA5. FAME – A Mitigation Technique for
Microprocessors
38
Intermezzo: Fault Exploitation
DFA Biased FaultAnalysis
Safe ErrorAnalysis
Cryptanalysis Fault‐AidedSCA
Fault‐EnabledLogical Attacks
(C) 2018 P. Schaumont (VT)
Bit‐flip Attack on AES
SubBytes
ShiftRows
AddRoundKey
Secret state v9th round
Ciphertext C
Last round of the Advanced Encryption Standard
S S S S S S S S S S S S S S S S
(C) 2018 P. Schaumont (VT)
Bit‐flip Attack on AES
SubBytes
ShiftRows
AddRoundKey
Fault Model: Bit‐flip on a secret state bit
A bit‐flip results in a faulty ciphertext byte
S S S S S S S S S S S S S S S S
(C) 2018 P. Schaumont (VT)
Bit‐flip Attack on AES
• Fault Differentialc = sbox(v) k c' = sbox(v') kHence = c c' = sbox(v) sbox(v')
• Fault AnalysisReconstruct v by analyzing Once we know v, we find the last round‐key as:
k = sbox(v) c
32 bit‐flip faults in round 10 disclose entire key
S
c c'
v, v'
(C) 2018 P. Schaumont (VT)
Classic Differential Fault Analysis
CryptographicAlgorithm Fault Model
Random ByteRandom BitChosen Bit
DFAC, C’, C’’, .. → K
42
[TM 2010] Single random byte fault at 8th round of AES-128: Key 2128 212
[SL+ 2012] Two seq. byte fault at 9th, 10th round of AES-192: Key 2128 1
Current DFA methods are optimalIF
the fault model can be realized
(C) 2018 P. Schaumont (VT)
Implementations and Actual Faults
CryptographicAlgorithm Fault Model
Random ByteRandom BitChosen Bit
DFAC, C’, C’’, .. → K
Implementation FaultInjection
CryptographicArchitecture Fault
43
(C) 2018 P. Schaumont (VT)
Biased Fault Attacks
CryptographicAlgorithm Fault Model
Random ByteRandom BitChosen Bit
DFAC, C’, C’’, .. → K
Implementation FaultInjection
CryptographicArchitecture Fault Fault Bias
1-bit, 2-bit, ..
FSA [2010]NUEVA [2012]NUFVA [2013]DFIA [2014]DERA [2015]...
Variable Fault Intensity
44
(C) 2018 P. Schaumont (VT)
Biased Faults as a Side Channel
45
S
C
RK
SBOX
(8-dimensional space)
correct S
faulty S’
C’
BiasedFaultInjection
8
(C) 2018 P. Schaumont (VT)
Biased Faults as a Side Channel
46
S
C
RK
SBOX
correct S
faulty S’
C’ C’
SBOX-1(C’ RKhyp)
4
SBOX-1(C’ RKhyp)
Under Correct Key Hypothesis
Under WrongKey HypothesisBiased
FaultInjection
8
(C) 2018 P. Schaumont (VT)
Differential Fault Intensity Analysis
47
S
C
RK
SBOX
BiasedFaultInjection
1. Inject Faults at different Fault IntensitiesHW(S S’) <
2. Collect Fault Ciphertext C’
3. For all Key hypothesis RKhyp computeSi,RK = SBOX‐1(C’ RKhyp)
4. Select RK for whichRK = ArgMin(i j HD(Si,RK, Sj,RK))
Differential Fault Intensity Analysis
8
(C) 2018 P. Schaumont (VT)
DFIA versus DFA
DFA• makes a precise assumption on the injected fault• needs a system of equations to resolve key guess
DFIA• makes an approximate model of the injected fault• uses max likelihood testing to resolve key guess
DFIA relaxes the fault model requirements and is more suitable when fault injection is hard to control
48
(C) 2018 P. Schaumont (VT)
Outline
1. Introducing the Fault Attack2. Anatomy of a Fault Attack3. Fault Injection Techniques4. Manifestation and Propagation in the ISA5. FAME – A Mitigation Technique for
Microprocessors
49
Mitigating Fault Attacks on Embedded SW
50
Redundant Execution in SW Sensors and Checkpoint
(C) 2018 P. Schaumont (VT)
Mitigating Fault Attacks on Embedded SW
Strategy 1:Redundant Execution in SW
Strategy 2:HW Sensors and Checkpoint
Detection Verify redundant copies Dedicated HW sensor(Timing, EM, Voltage, ..)
Response Correct fault using redundancy Recover from checkpoint
Overhead Redundant execution Checkpoint storageRisk Redundant Fault False pos/neg on sensor
(C) 2018 P. Schaumont (VT)
Mitigating Fault Attacks on Embedded SW
Strategy 1:Redundant Execution in SW
Strategy 2:HW Sensors and Checkpoint
Detection Verify redundant copies Dedicated HW sensor(Timing, EM, Voltage, ..)
Response Correct fault using redundancy Recover from checkpoint
Overhead Redundant execution Checkpoint storageRisk Redundant Fault False pos/neg on sensor
FAMEFault‐attack Aware Microprocessor Extension
(C) 2018 P. Schaumont (VT)
FAME Operation [HASP 16]
53
Fault DetectionUnit (FDU)
Fault Control Unit (FCU)
Baseline Processor
Fault Response Registers (FRR)
Secure Trap Handler (STH)
Application Software
2. alarm
FAME Processor
Protected Software 3. transfer the control to the trap handler
Fault‐attack Aware Microprocessor Extensions
3. fault recovery info
Vddclk
1. fault injection4. access and restorefault‐free checkpoint
(C) 2018 P. Schaumont (VT)
All‐digital Fault Sensors in FAME
54
alarm
T‐flopD‐flop
D‐flop
c[i]configurable delay stage (20x)
clk
clk
clk
d q
qdq
Glitch Timing Sensor
In‐situ EM Sensor
(C) 2018 P. Schaumont (VT)
Single‐cycle Checkpointing Hardware
Fault Response Registers (FRR) for critical processor state, including PC, PSR and last two pipeline stages
55
(C) 2018 P. Schaumont (VT)
FAME Chip 1 Block Diagram
56
LEON3Core
(w FRR)
Sensor(FDU)
Recovery(FCU)
FAME CoreAHB
APB
FAME ASIC
FAME Core Functionality
I$ (1KB)D$ (2KB)
ResetManagement
(C) 2018 P. Schaumont (VT)
FAME Chip 1 Block Diagram
57
LEON3Core
(w FRR)
Sensor(FDU)
Recovery(FCU)
FAME CoreAHB
APB
FAME ASIC
DebugUART1
DebugUART2Debug Support Unit
SRAM64KB
ROM1KB
debugger
Download and Debug Software
I$ (1KB)D$ (2KB)
ResetManagement
(C) 2018 P. Schaumont (VT)
FAME Chip 1 Block Diagram
58
LEON3Core
(w FRR)
Sensor(FDU)
Recovery(FCU)
FAME CoreAHB
APB
FAME ASIC
User Applications
DebugUART1
DebugUART2Debug Support Unit
SRAM64KB
ROM1KB
debugger
GPIO
UserUART
InterruptController
user I/O
I$ (1KB)D$ (2KB)
ResetManagement
(C) 2018 P. Schaumont (VT)
FAME Chip 1 Block Diagram
59
DebugUART1
DebugUART2Debug Support Unit
LEON3Core
(w FRR)
Sensor(FDU)
Recovery(FCU)
I$ (1KB)D$ (2KB)
SRAM64KBReset
Management
GPIO
UserUART
InterruptController
FAME Core
ROM1KB
AHB
APB
Trigger
Observe
debugger user I/Ofault injection
controller
Fault injector(FPGA)
FAME ASIC
Fault Injection and Fault Diagnosis
(C) 2018 P. Schaumont (VT)
FAME Chip 1 Block Diagram
60
DebugUART1
DebugUART2Debug Support Unit
LEON3Core
(w FRR)
Sensor(FDU)
Recovery(FCU)
I$ (1KB)D$ (2KB)
SRAM64KBReset
Management
GPIO
UserUART
InterruptController
FAME Core
ROM1KB
AHB
APB
Trigger
Observe
debugger user I/Ofault injection
controller
Fault injector(FPGA)
FAME ASIC
(C) 2018 P. Schaumont (VT)
FAME Chip 1 Micrograph
61
• 180nm 6LM TSMC• 25 mm2 die area• Active area
LEON3: 6.217mm2
w FAME: 6.301 mm2
w FAME+Diag: 6.364 mm2
• FAME extensions overhead1.35% (of active area)
• 80 MHz clock• 54 I/O
• Clock, reset• 8 I/O, 16 Core Power• 3x UART• 4 GPIO• 4 Trigger• Sensor alarm monitor• Scan and test pins
• 108-pin PGA package
(C) 2018 P. Schaumont (VT)
FAME Chip 1 Test PCB
62
SAKURA-G FPGA wglitch generator
Debug/User USB-UART
PowerMeasurement
Power/ Clock Glitcher
FPGA Interface: GPIO, Trigger, Scan, Alarm
(C) 2018 P. Schaumont (VT)
FAME Chip 1 Test Setup
63
GlitchControl
Software
FAMEApplicationMonitor
(C) 2018 P. Schaumont (VT)
FAME Chip 1 Fault Sensor
64
alarm
T‐flopD‐flop
D‐flop
c[i]configurable delay stage (20x)
clk
clk
clk
d q
qdq
(C) 2018 P. Schaumont (VT)
Secure Trap Handler Development
65
falls through
ptc--;
(C) 2018 P. Schaumont (VT)
Traditional Redundancy Based Design
66
int ptc = 3;
int ptc = 3; //Pin Try Counterchar devicePIN[5] = “12824”;
int VerifyPin(userPIN) ptc--; if (ptc > 0) if (ptc > 0) if (Cmp(userPIN,devicePIN)) if (Cmp(userPIN,devicePIN))
result = 1; ptc++;
else result = 0; else result = 0; else result = 0; else result = 0; return result;
hardened if
Algorithm-level redundancyInstruction-level redundancy
(C) 2018 P. Schaumont (VT)
Traditional Redundancy Based Design
67
Disadvantage- performance overhead- Fails under redundant fault injection
Algorithm-level redundancyInstruction-level redundancy int ptc = 3;
int ptc = 3; //Pin Try Counterchar devicePIN[5] = “12824”;
int VerifyPin(userPIN) ptc--; if (ptc > 0) if (ptc > 0) if (Cmp(userPIN,devicePIN)) if (Cmp(userPIN,devicePIN))
result = 1; ptc++;
else result = 0; else result = 0; else result = 0; else result = 0; return result;
(C) 2018 P. Schaumont (VT)
FAME Based Design
68
int ptc = 3; //Pin Try Counterchar devicePIN[5] = “12824”;int noFault = 1;int VerifyPin(userPIN) if (ptc > 0)if (Cmp(userPIN,devicePIN))result = noFault;
elseresult = 0;ptc--;
else result = 0;return result;
SecureTrapHandler() if (ptc > 0)ptc--;noFault = 0;
No redundancy needed:FAME FRR Hardware Checkpointprevents fault propagation
No overhead without fault
Secure trap handler enablesuser-defined fault response
(C) 2018 P. Schaumont (VT)
EMFI on FAME
69
Clock TreeRoot
Clock TreeLeaves
FAMEFlip‐flop
[DAC2018]
(C) 2018 P. Schaumont (VT)
EMFI on FAME
70
146 Faulty Flip Flop 24 Faulty Flip Flop
Global Effect of EMFIInjection at clock tree root
Local Effect of EMFIInjection at clock tree leaves
[DAC2018]
(C) 2018 P. Schaumont (VT)
References
1. B. Yuce, M. Witteman, P. Schaumont, “Fault Attacks on Secure Embedded Software: Threats, Design and Evaluation,” Journal of Hardware and Systems Security, (preprint).
2. B. Yuce, C. Deshpande, M. Ghodrati, A. Bendre, L. Nazhandali, P. Schaumont, "A Secure Exception Mode for Fault‐Attack‐Resistant Processing" IEEE Transactions on Dependable and Secure Computing, (preprint).
3. M. Ghodrati, B. Yuce, S. Gujar, C. Deshpande, L. Nazhandali, P. Schaumont, “Inducing Local Timing Fault through EM Injection”, DAC 2018.
4. FAME – Fault Awareness using Microprocessor Enhancements. https://sites.google.com/view/famechip
71
(C) 2018 P. Schaumont (VT)
Thank You!
Questions?
Patrick [email protected]
72
Science and
Communication
CRYPTACUS 2018 training school
Tiago Dias and Ricardo Chaves
technologyfrom seed
Science and Communication
• Scientific research
• Information gathering and analysis
• Communicating with others
– Written
– Oral
– …
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/20182
technologyfrom seed
Scientific research
• Seek and properly interpret the facts.
Interesting examples:
– Black plague, who is to blame?
• Rats?
– Facts:
• Propagation rate: > 3Km/day (within 4 years all Europe was
contaminated)
• Incubation period of 20 days
• Total amount of deaths: 25.000.000
– Cause: Human merchants!
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/20183
technologyfrom seed
Scientific research
• Scientific method:– a method of learning about the physical universe by applying
the principles of the scientific method, which includes making empirical observations, proposing hypotheses to explain those observations, and testing those hypotheses in valid and reliableways;
– the central theme in this methodology is the testing of hypotheses and the ability to make predictions. The overall goalof science is to better understand nature and our Universe.
– also refers to the organized body of knowledge that results from the scientific study.
• Research:– to study a subject thoroughly, especially in order to discover
(new) information or reach a (new) understanding
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/20184
technologyfrom seed
Scientific research
• Problem with these definitions:
– Validation/fallacies:
• Is astronomy a science?
– How to validate/verify the BigBang!
– Explanation of Nature:
• Is Physics a science?
– What is gravity: Wave or particle?
• Is Mathematics a science?
– Or just a rule game/ artificial postulates (without support)!
• Is “Social Science” a science?
– What can we really predict? Or just explains/reports past events!
• Everything is science?
– As long as we use the right tools
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/20185
technologyfrom seed
Close-up of lunar roving vehicle at Apollo 17 Taurus-Littrow landing site
Description: A close-up view of the lunar roving vehicle (LRV) at the Apollo 17 Taurus-Littrow landing site extravehicular activity (EVA). Note the makeshift repair arrangement on the right rear fender of the LRV. During EVA-1 a hammer got underneath the fender and a part of it was knocked off. Following a suggestion from Astronaut John W. Young in Mission Control Center at Houston, the crewmen reapired the fender early in EVA-2 using lunar maps and clamps from the optical alignment telescope lamp. Schmitt is seated in the rover. Cernan took this picture.
http://www.hq.nasa.gov/office/pao/History/alsj/a17/AS17-137-20979HR.jpg
What is missing in this NASA picture ?
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/20186
Scientific research
technologyfrom seed
• What is wrong with this one?
– AS17-140-21370.jpg
Conclusion? …
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/20187
Scientific research
1. Too much light
2. I see aliens at the end!
3. Men never went to the moon...
and the Earth is flat.
4. Other
technologyfrom seed
Scientific research
• Tampering (with evidences):
– Ethical questions.
– Peer pressure.
– What can we actually conclude from the data we have?
– We are humans! “errare humanum est”
• Scientists are accused of promoting horrors:– E.g.: Nuclear weapons
• If they would refuse to develop them they would be considered traitors!
– E.g.: Biologic weapons
• How many treatments/therapeutic drugs resulted from these studies?
– Current attempts to perform Human cloning!?
• Unfulfilled promises:– Should we keep financing the research?
errare humanum est, sed perseverare diabolicum:
to err is human, but to persist (in the mistake) is diabolical.
Moral and ethical questions
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/20188
technologyfrom seed
Information gathering and analysis
• Available information
• Information triage
• Where to obtain the information
• Exploring the information
• Storage and usage of the information
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/20189
technologyfrom seed
Information gathering and analysis
• Search for existing theories
– Should not be something too esoteric
– A theory should have a practical interest, but…
• What research has been performed on the topic by
the scientific community?
• Which methods were used?
• Where to look for this information?
– Indexed data bases of tutorials and papers (articles)
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201810
technologyfrom seed
Information gathering and analysis
• Perform a critical unbiased analysis of the results and methods used by others to avoid:
– Sagging to peer trends
– Fooled by result manipulation
– Inadequate methods
• Do not be obsessed by:
– The most recent results
• Is the most recent more innovative / complete?
– Quantitative results
• The magic of number manipulation
– Qualitative results
• May lack thoroughness / rigor
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201811
technologyfrom seed
Information gathering and analysis
• What as been written about ‘The topic’
– Under-information
• Not enough information sometimes on obvious results
– Over-information
• Too many papers/works on identical topics on the same field
– Pseudo-information
• Scientific information on the media
• Literature of science (aka popular science)
• Wikipedia and similar sites
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201812
technologyfrom seed
Information gathering and analysis
• How to handle information:
– Under-information
• Exploring the under-information gaps
– E.g. interdisciplinary search/techniques
– Over-information
• Search only for useful information having in mind the goals
– Not always easy!
– Pseudo-information
• Comparative analyses of the information
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201813
technologyfrom seed
Information gathering and analysis
• Where to obtain the information:
– Origin:
• Libraries
– physical or electronic
• Reliable sources
– ieeexplore.ieee.org, portal.acm.org, …, b-on, and scholar.google.com !!
• Semi-reliable sources
– Pseudo-information
» Eg: internet, Wikipedia, …
– Support:
• Encyclopedias, dictionaries, …
• Books and specialized journals
• Scientific proceedings and conferences
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201814
technologyfrom seed
Information gathering and analysis
• Exploring the information:1. Select the information
– Keywords, acronyms, authors, topics
2. Treat the information
3. Interpret that same information
– Triage:
• Start by selecting a set of documents (Beware of literary gluttony)• Successive approximations (towards the mother lode).
• Support:– Written word
– Audio
– Pictures and video
– Others (Data loggers, …)
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201815
technologyfrom seed
Information gathering and analysis
• Save time by reading what is relevant!
• How to explore the text/information:– Title and keywords
– Does it sound of any interest to your work / (re)search
– Author and institution or editor– Are they known?
– Are they reliable?
– Index
– Abstract/Summary– What the paper is about
– What is proposed/novelty
– Key results
– Conclusions– Small version of the entire paper
– Clear and concise
– Introduction and results section
– And finally … the main body of the paper– If more details or in-depth knowledge of the described work is needed
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201816
technologyfrom seed
Information gathering and analysis
• Storage and usage of the information:– Organize your bibliography
• Sooner or later you will need to go back to it“what was the name of that paper??…”
– Organization of references:• Author’s name
• Title of the paper
• Where and When was it published
• Topic of the paper
• Other relevant data
BibTeX is an useful tool to facilitate the organization and use of references. Used directly in LaTeX.
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201817
technologyfrom seed
Communicating with others
• Written communication
• Oral and visual communication
• Communicating using slides
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201818
technologyfrom seed
Written communication
• Written communication
– Types of document
• Reports
• Papers
• Thesis
– Organization & Structure of the document
– Writing it…
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201819
technologyfrom seed
Written communication
Types of documents
• Reports– Technical
– Project
– Progress
• Scientific communications – Conferences
– Journals
• Theses– Graduation
– MSc
– PhD
• Advertisement – Billboards (written communication?)
– Magazines (scientific or not)
• Others
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201820
technologyfrom seed
Written communication
• What to transmit about the research work:
– Goals
– The object of the work
– Related work
• relation between what is proposed and what has been proposed
– Developed work
– Obtained results
• Adequate analysis of the obtained results
– Conclusions
– Future work
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201821
technologyfrom seed
Written communication
Target of the communication
Scientific
community
Public and private
organizationsMedia
Clarity + ++ ++++
Depth ++++ ++ +
Terminology Coded Semi-coded Simplified
StructureRigorous &
Detailed Simplified Appealing
Always: Seek the truth (Rigor) ; Have a Correct speech (Clarity)
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201822
technologyfrom seed
Written communication
• Organization of the text:
– Goals
– Presentation of the problem
• Introduction to the problem
• Back ground / State of the art
– Research process
• Methodology
• Theoretical / Practical development
– Achieved results
• Simulations
• Experimental results
– Consequences of the results
• Added value
– Analytical analyses of the results
– Comparison with the related state of the art
• Future work
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201823
technologyfrom seed
Written communication
• Structure of a paper– Title
– Authors information
– Abstract (1-3%)
– Keywords (3-5#)
– Introduction (10-15%)
– Main body (60-75%)
• State of the art
• Methodology
• Development
– Results (10-20%)
– Conclusions (3-5%)
– Acknowledgments
– References (4-6%)
• Structure of a report/theses– Cover
• Title and Author(s)/Company information
i. Abstract• May be in more than one language
• Keywords
ii. Acknowledgments
iii. List of contents • Content of the report/theses
• List of Figures and Tables
• List of Acronyms
1. Introduction
2. Main body
3. Conclusions
I. Appendix
Bibliography
Index
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201824
technologyfrom seed
Written communication
• Where to start?
– Compose the contents table (index table)
• Organizing the structural units
– Chapters
– Sections
– Subsections
» Helps to structure the information
• Structures the presentation of the work
• Should not be rigid
– The structure may change
» As fluid as the work!!
» Use it as a LEGO
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201825
technologyfrom seed
Written communication
• The Title:
– Works as a calling card.
– It should:
• attract the reader
• be in accordance with the content
• be concise
– One line (two at most)
– Length also depends on the specificity of the presented work
• be as clear/descriptive as possible
• acronyms help, but…
• Keywords• topics / areas that are the object of the document
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201826
technologyfrom seed
Written communication
• The Abstract/Summary:
– Allows to perceive the work without the need to read the whole paper
• Research topic
• Methodology & developed work
• Obtained results
• Key conclusions
Small version of the whole paper, focusing on the key aspects
– Some times each chapter has a summary of its own
• In big reports/theses
• Clear exposition of the work
• Improves the levels of reading
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201827
technologyfrom seed
Written communication
• The Abstract:
– A summary of the main ideas that allows to perceive the whole
research work presented in the paper.
• Most of the detail should be left out!
– The key trick is to plan your argument in 6 sentences
what’s the topic?
• What’s the key research question?
• Why nobody else has answered this research question?
• What’s your big new idea?
• How did you go about doing the research?
• What’s the key impact of your research?
• Use these questions to structure the entire thesis/paper!
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201828
technologyfrom seed
Written communication
• Results section:
– How the results were obtained:
• Simulation
– Model(s) used
• Experimental results
– How was it measured
– Environmental and external conditions
– Comparison with the related work
• Using the same criteria/conditions
– If not possible, why and what approximations were made
– Improve the related work by more than 5-10%
• Giving a margin for simulation/measuring errors
Be impartial, thorough, clear, and critical of your own work when comparing.
- Nevertheless, you may give more focus on the positive aspects
of your results!!CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201829
technologyfrom seed
Written communication
• Introduction:
– Motivation for the work
– Background
– Proposed Work
– Dissertation/work objectives
– Key results
– Paper overview/organization
• Some author prefer not to add this, particularly in smaller documents
– When/at which stage to finish writing it?
• At the end
– Only then do we have a full perspective of the developed/described work
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201830
technologyfrom seed
Written communication
• Figures and tables:– Used to illustrate concepts/results
– One picture is worth 1000 words
– It is a tool to achieve the goal, not the goal itself !• Must be referenced and explained in the text.
– Must have a caption• Option a: Concise and clear
– Caption = title of the picture
– The description of the pictures goes in the text, not in the caption
• Option b: Descriptive – Caption describes the image in detail. Allows the reader to get the idea without
reading the text
• Legend– Explain the symbols used (very concise)
– Avoid unnecessary complexity
– Types of Figures:• Graphics, diagrams, images, pictures
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201831
technologyfrom seed
Written communication
• References:– Inner text
– chapters, sections, appendixes, figures, equations, …
– Bibliographic:• Use credible and scientific references from credible sources:
1. peer reviewed papers (Scientific journals and conferences)
2. published books, theses
3. reports, internal reports, …
4. ‘Wikipedia like’ references are not adequate
– Bibliography listing:• By order of citation
– Papers, reports
• Alphabetic– Theses, books
• Typically defined by the publisher
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201832
technologyfrom seed
Written communication
• What to put in appendix:
– Complementary information
• Important information
• Mandatory information
• Informative information
– Theoretical deductions
• To validate or prove statements in the main body
– Others
• Code
• Auxiliary figures, tables, …
Text that is not fundamental to understand the description in the main body but
required to prove statements or complement the information
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201833
technologyfrom seed
Written communication
• Things to avoid:
– Chapters with 1 or 2 pages
– Section with few lines of text
– Frequent use of footnotes• Breaks the reading flow
– Frequent information redirection• See Chapter # / Section #
• See reference …
– Different names/designations for the same entity
– Distinct entities with the same name
– Unchecked or unsubstantiated statements• Unproven affirmations must have a valid reference
– Undefined concepts, acronyms, etc.
– Incoherent concepts and relations
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201834
technologyfrom seed
Written communication
• In conclusion:
– Be clear but specific/detailed
– Be structured but appealing
– Go to the point, avoid digressing
Remember: Levels of reading/information
» Abstract: Illustrative but short
» Main body: detailed but long
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201835
technologyfrom seed
Written communication
• Acknowledgments
– Give credit to those who helped accomplishing the work
• Financial support
– Scholarships
– Equipment
– Others
• Scientific support
• Personal support
– In theses or in special cases
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201836
technologyfrom seed
Acknowledgments
To professor António Serralheiro for his notes on
“Projecto/Metodologias da investigação”
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201837
technologyfrom seed
Oral and visual communication
• Communicate with:
– Clarity
– Confidence
– Expressiveness
– Empathy
• Communicate in a positive fashion
– Maintain visual contact
• Without staring
– Listen to what the other people are ‘saying’
– Have a good posture
A good communication = A good deal/transaction
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201838
technologyfrom seed
Oral and visual communication
• Communication effectiveness:– Transmit a succinct but complete message
– Use supportive forms of communication• Images/animations
• Charts / Graphic representations
• Gestures
• Sounds
– Good vocal projection and diction• Speak to the audience not to the slides
– Adequate graphics • Colors used
• Explicit charts and diagrams
– Make sure the message got through• Analyze the body language
• Questions asked or not asked• …
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201839
technologyfrom seed
Oral and visual communication
• Body language (examples):
+ Hands in the hips
+ Sincere look
+ Smile
+ Slightly bend forward
+ Adequate distance from the listener
• 1 meter > L > 1,5 meters
– Looking down when speaking
– Staring the other person
– Shoulders down
– Harms crossed
– Hands in the pockets
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201840
technologyfrom seed
Oral and visual communication
• Revealing hints (examples):
– Sweaty hands → nervous
– Broken verbal fluidity → lack of preparation
– Touching the earlobe → doubt / uncertainty
– Self hand massage → lack of confidence in oneself
Beware of generalizations and assumption…
• Improving yourself:
– Practice in front of a mirror
– Rehearse with your co-workers
– Record and playback to analyze yourself
– To calm yourself : breath deep and slowly (discreetly)
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201841
technologyfrom seed
Oral and visual communication
• Helpful techniques:
– Take notes
– Smile
• Even on the phone
– Be cordial
• Get up when saluting others
• Avoid interrupting the other peoples sentences
• Show interest
– Have a good posture
• Sit up straight
• Adequately dressed
– If justified use communication and marketing professionals
– Be on time
• Or even slightly earlier to make sure everything is prepared
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201842
technologyfrom seed
Oral and visual communication
• Helpful techniques:
– Discreetly mimic the target.
• Dress code
• Behavior
– Keep an open mind to other ideas
– Put things in writing as soon as possible:
• Agreements
• Promises
• Decisions
– Use examples
• Beware not to loose generalization of the goal !
– Adjust the message and the communication medium
• Depending on the target
• The objective of the communication
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201843
technologyfrom seed
Communicating using slides
• Communicating using slides:– Mixture between oral and visual presentation
– Use short meaningful sentences• As if the title of what you are saying
• Keywords
– Use Illustrative figures and charts• With simple captions / subtitles
• Complement them with an oral explanation
– Use different levels of reading• Headings
• Different letter size
• Highlighted text/ Color text
• …
– If the audience looses track of what you are talking about, they should be able to use the slides to get back on track
– The attention span of the audience is limited• Typically 25 to 45 minutes, after this they disconnect
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201845
From: D.A.Bligh, “What’s the use of Lectures?“, Intellect books,1998.
technologyfrom seed
Communicating using slides
• Content of the slides:
– Do not overload the slides with information
– Present yourself• specially in conferences, multiple presentation meetings
– Describe the content of the presentations
– Put the slide(s) overall topic on the header
– Use your company/institute logo in each slide• Discrete but constant, be known
• If appropriate also add your name
– Number each slide
– Finish the presentation with an conclusion• Achieved goals
• Key results
• And if adequate, with future work
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201846
technologyfrom seed
Communicating using slides
• When presenting:– To large audiences:
• You may select a few people in the room to talk to– To focus your presentation
– Perceive if the audience is getting the message
– Look and talk towards the audience• Do not speak to the floor or the slide projection
– Use a pointing device • Do not just point with your finger
– Properly manage the available time• Do not finish significantly before time
• Do not use more time than the one you have
• Do not start fast and finish slow, nor vice-versa
– Adjust your presentation to the time you have available
– Speak clearly and at a controlled pace
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201847
technologyfrom seed
Communicating using slides
• In conclusion:
– Be clear and illustrative
– Do not overload the audience with information• make then desire for more information!
– Slides are a complement to your verbal exposition/explanation
– Go to the point, avoid digressing
– Allow the audience to get back on track
Remember: Levels of reading and key points
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201848
technologyfrom seedFinal words on research and
development
Creativity & Discipline
Creativity: mostly about breaking rules
Discipline: mostly about following rules
Rules = internal consistency, mathematical correctness,
sticking with stated assumptions
CRYPTACUS 2018 training school - Science and Communication Tiago Dias and RIcardo Chaves 20/4/201849
SecurePosi+oning:FromGPStoIoT
SrdjanČapkunDepartmentofComputerScience
ETHZurich
All photographs, imagery, media belong to their respective owners/creators.
Applica+onsof(Secure)DistanceMeasurement/Posi+oning
AccessControlHomeAutoma+on Robo+cs,UAVPayments
Industrialautoma+onInternetofThingsAssetandPeopleTrackingReal-TimeLocaliza+on
BasicS&P
SpoofingResilience:devicecanobtainitstrueLoca+on
Incorrectloca+ones+matedbythedrone
Drone ASackerSpoofingsignal
GPSsatellites
BasicS&P
SpoofingResilience:devicecanobtainitstrueLoca+on
Incorrectloca+ones+matedbythedrone
Drone ASackerSpoofingsignal
OneCanVerifyLoca+onsofOthers(Remotely)
Areyouathome?
Hm…howcanIbesure?
Parolofficer Exinmatehome
Exinmate
Yes,Iamathome!
GPSsatellites
BasicS&P
SpoofingResilience:devicecanobtainitstrueLoca+on
Loca+onandIden+tyPrivacy
Incorrectloca+ones+matedbythedrone
Drone ASackerSpoofingsignal
OneCanVerifyLoca+onsofOthers(Remotely)
Areyouathome?
Hm…howcanIbesure?
Parolofficer Exinmatehome
Exinmate
Yes,Iamathome!
GPSsatellites
GPSsecurity
GPSsignalgenerators
http://www.bbc.com/news/technology-18643134http://www.csmonitor.com/World/Middle-East/2011/1215/Exclusive-Iran-hijacked-US-drone-says-Iranian-engineer-Video
5
5
GPSspoofing
p
L1
L2 L3
L4
s1(t) s2(t)
s3(t) s4(t)
|L1 – p|
|L2 – p| |L3 – p| |L4 – p|
c·δ"
BS1
BS2 BS3 BS4
7
ASackereithermodifiesthenaviga+onmessagecontentsormanipulatesthe+meofarrival
CivilianGPSarenotauthen+catedandcanbegeneratedORdelayedMilitaryGPSsignalscanonlybedelayed
p’ (spoofed location)
p (true location)
enlarged ranges
GPSspoofing
Detec%ngGPSSpoofing
OverviewofCountermeasures
*Seereferencesattheendofthetalk.
OverviewofCountermeasures
• ChangestoGPS/Galileo
*Seereferencesattheendofthetalk.
OverviewofCountermeasures
• ChangestoGPS/Galileo• Authen+ca+onofNaviga+onMessages(signatures/TESLA)• Doesn’thelp(messagescans+llbedelayed)
*Seereferencesattheendofthetalk.
OverviewofCountermeasures
• ChangestoGPS/Galileo• Authen+ca+onofNaviga+onMessages(signatures/TESLA)• Doesn’thelp(messagescans+llbedelayed)
• DirectSequenceSpreadSpectrum(DSSS)• SecretSpreadingCodes-Requiressharedsecretkeys
*Seereferencesattheendofthetalk.
OverviewofCountermeasures
• ChangestoGPS/Galileo• Authen+ca+onofNaviga+onMessages(signatures/TESLA)• Doesn’thelp(messagescans+llbedelayed)
• DirectSequenceSpreadSpectrum(DSSS)• SecretSpreadingCodes-Requiressharedsecretkeys
• DSSSwithDelayedCodeDisclosure[Kuhn05]• DelayedSpreadingCodeDisclosure/Delaystheposi+oncalcula+on• Doesn’tsolveallaSacks/Highgainantennascanseparatesignals
*Seereferencesattheendofthetalk.
OverviewofCountermeasures
• ChangestoGPS/Galileo• Authen+ca+onofNaviga+onMessages(signatures/TESLA)• Doesn’thelp(messagescans+llbedelayed)
• DirectSequenceSpreadSpectrum(DSSS)• SecretSpreadingCodes-Requiressharedsecretkeys
• DSSSwithDelayedCodeDisclosure[Kuhn05]• DelayedSpreadingCodeDisclosure/Delaystheposi+oncalcula+on• Doesn’tsolveallaSacks/Highgainantennascanseparatesignals
*Seereferencesattheendofthetalk.
0 200 400 600 800 1000 1200 1400 1600 1800
Time samples
40
60
80
100
120
140
160
180
200
dBm
Variation of noise values due to GPS spoofing
SpoofingDetec+onwithoutchangestoGPS• MonitorAGC,Noiselevel,#ofsatellites• Autocorrela+onPeakDistor+on• Spa+alDiversity(AoA,…)
OverviewofCountermeasures
• ChangestoGPS/Galileo• Authen+ca+onofNaviga+onMessages(signatures/TESLA)• Doesn’thelp(messagescans+llbedelayed)
• DirectSequenceSpreadSpectrum(DSSS)• SecretSpreadingCodes-Requiressharedsecretkeys
• DSSSwithDelayedCodeDisclosure[Kuhn05]• DelayedSpreadingCodeDisclosure/Delaystheposi+oncalcula+on• Doesn’tsolveallaSacks/Highgainantennascanseparatesignals
*Seereferencesattheendofthetalk.
0 200 400 600 800 1000 1200 1400 1600 1800
Time samples
40
60
80
100
120
140
160
180
200
dBm
Variation of noise values due to GPS spoofing
SpoofingDetec+onwithoutchangestoGPS• MonitorAGC,Noiselevel,#ofsatellites• Autocorrela+onPeakDistor+on• Spa+alDiversity(AoA,…)
10
SeamlessTakeoverASack
-Tippenhauer,Popper,Rasmussen,Capkun,OntherequirementsforsuccessfulGPSspoofingaFacks,ACMCCS2011-Nighswander,Ledvina,Diamond,Brumley,Brumley,GPSsoSwareaFacks,ACMCCS2012.
10
SeamlessTakeoverASack
-Tippenhauer,Popper,Rasmussen,Capkun,OntherequirementsforsuccessfulGPSspoofingaFacks,ACMCCS2011-Nighswander,Ledvina,Diamond,Brumley,Brumley,GPSsoSwareaFacks,ACMCCS2012.
10
SeamlessTakeoverASack
-Tippenhauer,Popper,Rasmussen,Capkun,OntherequirementsforsuccessfulGPSspoofingaFacks,ACMCCS2011-Nighswander,Ledvina,Diamond,Brumley,Brumley,GPSsoSwareaFacks,ACMCCS2012.
10
SeamlessTakeoverASack
-Tippenhauer,Popper,Rasmussen,Capkun,OntherequirementsforsuccessfulGPSspoofingaFacks,ACMCCS2011-Nighswander,Ledvina,Diamond,Brumley,Brumley,GPSsoSwareaFacks,ACMCCS2012.
10
SeamlessTakeoverASack
-Tippenhauer,Popper,Rasmussen,Capkun,OntherequirementsforsuccessfulGPSspoofingaFacks,ACMCCS2011-Nighswander,Ledvina,Diamond,Brumley,Brumley,GPSsoSwareaFacks,ACMCCS2012.
10
SeamlessTakeoverASack
-Tippenhauer,Popper,Rasmussen,Capkun,OntherequirementsforsuccessfulGPSspoofingaFacks,ACMCCS2011-Nighswander,Ledvina,Diamond,Brumley,Brumley,GPSsoSwareaFacks,ACMCCS2012.
10
SeamlessTakeoverASack
-Tippenhauer,Popper,Rasmussen,Capkun,OntherequirementsforsuccessfulGPSspoofingaFacks,ACMCCS2011-Nighswander,Ledvina,Diamond,Brumley,Brumley,GPSsoSwareaFacks,ACMCCS2012.
10
SeamlessTakeoverASack
-Tippenhauer,Popper,Rasmussen,Capkun,OntherequirementsforsuccessfulGPSspoofingaFacks,ACMCCS2011-Nighswander,Ledvina,Diamond,Brumley,Brumley,GPSsoSwareaFacks,ACMCCS2012.
10
SeamlessTakeoverASack
-Tippenhauer,Popper,Rasmussen,Capkun,OntherequirementsforsuccessfulGPSspoofingaFacks,ACMCCS2011-Nighswander,Ledvina,Diamond,Brumley,Brumley,GPSsoSwareaFacks,ACMCCS2012.
10
SeamlessTakeoverASack
-Tippenhauer,Popper,Rasmussen,Capkun,OntherequirementsforsuccessfulGPSspoofingaFacks,ACMCCS2011-Nighswander,Ledvina,Diamond,Brumley,Brumley,GPSsoSwareaFacks,ACMCCS2012.
10
SeamlessTakeoverASack
-Tippenhauer,Popper,Rasmussen,Capkun,OntherequirementsforsuccessfulGPSspoofingaFacks,ACMCCS2011-Nighswander,Ledvina,Diamond,Brumley,Brumley,GPSsoSwareaFacks,ACMCCS2012.
• SPoofingREsistantGPSrEceiver(SPREE),thefirstGPSreceivercapableofdetec+ng(uptoanaccuracy)allknownspoofingaSacks.
• Anovelauxiliarypeaktrackingtechniqueenablesdetec+onofaseamlesstakeoveraSacks(tracksallpeaks…)
Detec+ngSpoofingWithaSingleReceiver?
• SPoofingREsistantGPSrEceiver(SPREE),thefirstGPSreceivercapableofdetec+ng(uptoanaccuracy)allknownspoofingaSacks.
• Anovelauxiliarypeaktrackingtechniqueenablesdetec+onofaseamlesstakeoveraSacks(tracksallpeaks…)
Detec+ngSpoofingWithaSingleReceiver?
• SPoofingREsistantGPSrEceiver(SPREE),thefirstGPSreceivercapableofdetec+ng(uptoanaccuracy)allknownspoofingaSacks.
• Anovelauxiliarypeaktrackingtechniqueenablesdetec+onofaseamlesstakeoveraSacks(tracksallpeaks…)
• SPREEisbasedonGNSS-SDRandopensource[2016]: www.spree-gnss.ch[MobiCom2016]
Detec+ngSpoofingWithaSingleReceiver?
12
• OurownGPSsimulators• TEXASSpoofingBaSery(TEXBAT)
• de-factostandardofpubliclyavailablespoofingtraces(includesseamlesstakeoveraSack)
• Wardriving
GPStraces
config file
Spoofing Resistant GPS Receiver
(SPREE)
Fig. 8. Evaluation Setup: A configuration file specified vital system param-eters such as input source, source signal sampling rate and configuration ofthe spoofing detection module.
including those needed by the spoofing detection module. Inour evaluations, the GPS signal traces (spoofing and clean)were recorded and stored in files and later input to SPREE.First, we describe the various GPS signal traces that were usedin evaluating SPREE’s effectiveness against spoofing attacks.We then proceed to evaluate the effectiveness of each of ourspoofing detection modules against the attackers described inSection III. Finally, we summarize the results and show thatSPREE detects all spoofing attacks described in literature.
A. GPS Traces
We evaluated SPREE against three different sets of GPSsignals: (i) The Texas Spoofing Battery (TEXBAT) [17], (ii)signals recorded through our own wardriving effort and (iii)spoofing signals generated using COTS GPS simulators.
Texas Spoofing Test Battery (TEXBAT): TEXBAT [17]is a set of digital recordings containing both static anddynamic civilian GPS spoofing tests conducted by theUniversity of Texas at Austin. TEXBAT is the de-factostandard for testing spoofing resilience of GPS receivers.TEXBAT includes two clean data sets, one each for a staticand dynamic receiver setting, in addition to eight spoofingscenarios based on the location and time of the clean GPStraces. One scenario replicates the case where the attackerhas physical access to the targets antenna and can thuscompletely remove the authentic signals and replace themwith his counterfeit signals. All other scenarios perform atake-over attack where either the time or position of thetarget is spoofed. TEXBAT also includes a scenario werean security code estimation and replay (SCER) attack [16]is performed. In an SCER attack, the attacker attempts toguess the value of the navigational data bit in real time.The spoofing signals are closely code-phase aligned withthe authentic signals. However, the carrier phase alignmentof the spoofing signals with the authentic signals dependson the scenario. For example, when the attacker attemptsto spoof the victim receiver’s position or time, the carrierphase is manipulated such that the rate of change of spoofingsignal’s carrier phase equals that of the authentic signal. Intwo spoofing scenarios, the carrier phase of the spoofingsignal is also aligned to the authentic GPS signals duringthe take over. We note that, such carrier-phase alignment is
Fig. 9. Our wardriving setup with a front-end consisting of a (1) a activeconical GPS antenna and a (2) USRP N210R4. The signals were recordedusing a (3) laptop. The recording were periodically moved to an (4) externalhard disk.
possible only under controlled laboratory conditions due tothe precise cm-level position knowledge that is required bythe attacker. In other scenarios the attackers signals’ carrierphase is either proportional to the code phase change (CodePhase Proportional) or the initial phase offset between thecounterfeit signals and the authentic signals is maintainedthroughout the spoofing scenario (Frequency Lock mode). Wetest SPREE and present our results even against such a strongattacker. In addition, the TEXBAT scenarios include varyinglevels of spoofing to authentic signal power advantage. Wesummarize the properties of the TEXBAT dataset in Table III.
Wardriving: In addition to using TEXBAT scenarios, wecollected our own authentic GPS traces through an extensivewardriving effort. The setup used for recording the GPSsignals during the wardriving effort is shown in 9. The frontend of the setup consists of an active conical GPS antennawith a 25 dB gain. A bias-tee that outputs 5 V powers theantenna’s amplifier. We followed a two-step procedure torecord GPS signals. First, we used a custom script thatdetected any satellite signals present in real-time. Oncesatellite signals were detected, we switched to the recordingmode where we started recording raw signals without anyprocessing into an external hard disk. The signals wererecorded as complex signals with a sampling rate of 10 MHz.The setup itself was powered through the car’s power outlet.GPS signals were recorded at various locations over adistance of over 200 km. The locations were as follows:(i) An open field, (ii) parking lot of a small village, (iii)driving on a highway, (iv) driving inside a city, (v) inside acity with neighbouring tall buildings and (vi) inside a forestwith dense tree cover. We used the wardriving dataset toevaluate SPREE’s behaviour in a non-adversarial scenario anddetermine how reliable are the proposed spoofing detectionwith respect to false triggers.
GPS Simulator: We also evaluated SPREE against our ownspoofing signals generated using commercial off the shelfGPS simulators. Specifically we used Spectracom’s GSG-5Series advanced GPS simulator [2] in order to generate ourspoofing traces. One of the key features of the simulator
GPSSignalTraces
ResultsSoFar…
12
3
4
12
• OurownGPSsimulators• TEXASSpoofingBaSery(TEXBAT)
• de-factostandardofpubliclyavailablespoofingtraces(includesseamlesstakeoveraSack)
• Wardriving
GPStraces
config file
Spoofing Resistant GPS Receiver
(SPREE)
Fig. 8. Evaluation Setup: A configuration file specified vital system param-eters such as input source, source signal sampling rate and configuration ofthe spoofing detection module.
including those needed by the spoofing detection module. Inour evaluations, the GPS signal traces (spoofing and clean)were recorded and stored in files and later input to SPREE.First, we describe the various GPS signal traces that were usedin evaluating SPREE’s effectiveness against spoofing attacks.We then proceed to evaluate the effectiveness of each of ourspoofing detection modules against the attackers described inSection III. Finally, we summarize the results and show thatSPREE detects all spoofing attacks described in literature.
A. GPS Traces
We evaluated SPREE against three different sets of GPSsignals: (i) The Texas Spoofing Battery (TEXBAT) [17], (ii)signals recorded through our own wardriving effort and (iii)spoofing signals generated using COTS GPS simulators.
Texas Spoofing Test Battery (TEXBAT): TEXBAT [17]is a set of digital recordings containing both static anddynamic civilian GPS spoofing tests conducted by theUniversity of Texas at Austin. TEXBAT is the de-factostandard for testing spoofing resilience of GPS receivers.TEXBAT includes two clean data sets, one each for a staticand dynamic receiver setting, in addition to eight spoofingscenarios based on the location and time of the clean GPStraces. One scenario replicates the case where the attackerhas physical access to the targets antenna and can thuscompletely remove the authentic signals and replace themwith his counterfeit signals. All other scenarios perform atake-over attack where either the time or position of thetarget is spoofed. TEXBAT also includes a scenario werean security code estimation and replay (SCER) attack [16]is performed. In an SCER attack, the attacker attempts toguess the value of the navigational data bit in real time.The spoofing signals are closely code-phase aligned withthe authentic signals. However, the carrier phase alignmentof the spoofing signals with the authentic signals dependson the scenario. For example, when the attacker attemptsto spoof the victim receiver’s position or time, the carrierphase is manipulated such that the rate of change of spoofingsignal’s carrier phase equals that of the authentic signal. Intwo spoofing scenarios, the carrier phase of the spoofingsignal is also aligned to the authentic GPS signals duringthe take over. We note that, such carrier-phase alignment is
Fig. 9. Our wardriving setup with a front-end consisting of a (1) a activeconical GPS antenna and a (2) USRP N210R4. The signals were recordedusing a (3) laptop. The recording were periodically moved to an (4) externalhard disk.
possible only under controlled laboratory conditions due tothe precise cm-level position knowledge that is required bythe attacker. In other scenarios the attackers signals’ carrierphase is either proportional to the code phase change (CodePhase Proportional) or the initial phase offset between thecounterfeit signals and the authentic signals is maintainedthroughout the spoofing scenario (Frequency Lock mode). Wetest SPREE and present our results even against such a strongattacker. In addition, the TEXBAT scenarios include varyinglevels of spoofing to authentic signal power advantage. Wesummarize the properties of the TEXBAT dataset in Table III.
Wardriving: In addition to using TEXBAT scenarios, wecollected our own authentic GPS traces through an extensivewardriving effort. The setup used for recording the GPSsignals during the wardriving effort is shown in 9. The frontend of the setup consists of an active conical GPS antennawith a 25 dB gain. A bias-tee that outputs 5 V powers theantenna’s amplifier. We followed a two-step procedure torecord GPS signals. First, we used a custom script thatdetected any satellite signals present in real-time. Oncesatellite signals were detected, we switched to the recordingmode where we started recording raw signals without anyprocessing into an external hard disk. The signals wererecorded as complex signals with a sampling rate of 10 MHz.The setup itself was powered through the car’s power outlet.GPS signals were recorded at various locations over adistance of over 200 km. The locations were as follows:(i) An open field, (ii) parking lot of a small village, (iii)driving on a highway, (iv) driving inside a city, (v) inside acity with neighbouring tall buildings and (vi) inside a forestwith dense tree cover. We used the wardriving dataset toevaluate SPREE’s behaviour in a non-adversarial scenario anddetermine how reliable are the proposed spoofing detectionwith respect to false triggers.
GPS Simulator: We also evaluated SPREE against our ownspoofing signals generated using commercial off the shelfGPS simulators. Specifically we used Spectracom’s GSG-5Series advanced GPS simulator [2] in order to generate ourspoofing traces. One of the key features of the simulator
GPSSignalTraces
ResultsSoFar…
12
3
4
AllspoofingaFacks>1kmdetected!(peakseparaZonclearlydisZnguishablefrommulZ-path)
Detec%ngGPSSpoofingusingMul%pleReceivers
LeveragingSpa+alDiversity
ASackertransmitsomnidirec+onally=>BothR1andR2computetheirposiZoningatV
R2
t4
t3t2
t1
L2
R1
t3t2
t1t4
L1
V
Ifd(R1,R2)isknown =>spoofingdetecZon
-Tippenhauer,Popper,Rasmussen,Capkun,OntherequirementsforsuccessfulGPSspoofingaFacks,ACMCCS2011
LeveragingSpa+alDiversity
R1
L1
R2
R3
L2
L3
R1
L’1
R2
R3
L’2
L’3
L’I are spoofed locations
“TheGPSGroupSpoofingProblem is theproblemoffindingcombina+onsofGPSsignals (sentby theaSacker),transmission6mes (atwhichthespoofingsignalsaresent),andspooferloca6onssuchthattheloca+onor+meofeachvic+misspoofedtothedesiredloca+on/+me.”
Spa+alDiversityConstrainstheASacker
Showstheloca+onswheretheaSackercanplacespooferstosuccessfullyspoof(assumingomnidirec+onalaSacker).
04
812
1620
x
–4–2
02
4
y
–15–10
–505
1015
z
(a) 2 receivers
04
812
1620
x
–4–2
02
4
y
–15–10
–505
1015
z
(b) 3 receivers
04
812
1620
x
–4–2
02
4
y
–15–10
–505
1015
z
(c) 4 receivers
Figure 5: Visualization of possible attacker placements. For (a) two victims, all points on the hyperboloid are viable solutions; for (b)three victims the solutions lie on a curve (red/white intersection); and (c) for four victims only two points are viable solutions (whitedots).
and LA3 = (2, 2, 0) for the claimed satellite positions in the GPS
messages. This determines three hyperboloids relative to P1 andP2 based on b0112, b0212, and b0312.
Result 3. A necessary condition for a successful GPS group spoof-ing attack is that 8Vj , Vk, 8si, b0ijk |Pj Pk| .
In other words, the difference b0ijk of the perceived pseudorangesof each signal sA
i at any two spoofed victim locations L0j and L0
k
must be smaller than or equal to the distance between the victims’physical locations Pj and Pk. From Equation 11 and the triangleinequality it follows that bijk |Pj Pk|. Since it must hold thatb0ijk = bijk, if b0ijk > |PjPk| for any si, then there is no possiblesolution for the attacker’s placement P A
i . Thus we get
|Pj Pk| |L0j LA
i | |L0k LA
i | + 0j 0
k (13)
as a necessary condition for a successful attack.
As we know from Result 2, for two victims, all possible an-tenna placements for the attacker lie on a hyperboloid defined byPj , L
0j ,
0j and LA
i . We will now extend this result to the case ofthree and more victims. In the following, we assume that b0ijk |Pj Pk| is fulfilled 8Vj , Vk and 8si, i. e., it is physically possibleto spoof the locations of the receivers.
Result 4. In a GPS group spoofing attack on three victims V1, V2, V3
to specific locations L0j and time offsets 0j , all possible attacker
placements P Ai lie on the intersection of two hyperboloids defined
by b0i12, b0i13.
This can be shown by constructing two hyperboloids using b0i12and b0i13 as in Result 2. Both hyperboloids yield the possible place-ments of attacker’s antennas to achieve the correct pseudorange forV1, V2 or V1, V3, respectively. Each point on the intersection of thetwo hyperboloids has a specific A
i and is at the correct distance toall three victims. Therefore, all points of this space curve are validP A
i to solve the group spoofing problem.
We can extend our example from Result 2 by a third victimplaced at P3 = (1, 5, 0), which is spoofed to L0
3 = (1, 1, 0) with03 = 0. This reduces the possible locations from the hyperboloid asshown in Figure 5(a) to the intersection curve of the hyperboloidsconstructed using b0i12 and b0i13, as shown in Figure 5(b).
Result 5. In a GPS group spoofing attack on four victims V1, . . . , V4
to specific locations L0j and time offsets 0j , there are at most two
possible placements for P Ai to impersonate a satellite at LA
i . Theseare the intersection points of three hyperboloids defined by b0i12,b0i13, b
0i14.
As previously, to show this, we consider each signal sAi sepa-
rately. By computing b0i12, b0i13, b
0i14 (and b0i11 = 0) according to
Equation 11 and setting bijk = b0ijk, we can construct three hyper-boloids. Their intersection points are possible placements for theantennas of the attacker. As the intersection of two hyperboloidsyields a spaced curve, the intersection of three hyperboloids is anintersection of this curve with a third hyperboloid, which resultsin at most two points. We can also arrive at this number of solu-tions by considering the system of four quadratic equations basedon Equation 7. These can be transformed into three linear and onequadratic equation [1], defining the solutions for the location LA
i
and time offset Ai . As the quadratic equation has at most two solu-
tions [1], and each of the linear equations has one unique solution,there are at most two solutions for the attacker’s position and trans-mission time.
This result can also be observed in our example by adding afourth victim placed at P4 = (10, 0, 0), which is spoofed to L0
4 =(1, 0, 0) with 04 = 0. The possible placements for the attacker’santenna is now the intersection of the previously obtained curvewith another hyperboloid, yielding two points only (Figure 5(c)).
Result 6. In a GPS group spoofing attack on five or more victimsV1, . . . , Vn to specific locations L0
j and time offsets 0j , there is atmost one possible placement for P A
i to impersonate a satellite atLA
i . This is the intersection point of n 1 hyperboloids defined byb0i12, . . . , b
0i1n.
This result directly continues our previous reasoning: Each addedvictim adds another hyperboloid to the set of hyperboloids whichmust intersect to yield a possible P A
i . For five or more receivers,the set of (n 1) linear equations and one quadratic equation isoverdetermined, and therefore has at most one solution.
From Result 5, we know that for military GPS receivers, thereare at most two solutions for a given combination of Pj , L
0j ,
0j , and
LAi = LS
i . For attacks on civilian GPS receivers, the attacker caninfluence the position of the two solutions of the system of equa-tions by changing the claimed satellite location LA
i . We will now
Spoofing to Spoofing to multipleone location locations (preserved formation)
n Civ. & Mil. GPS Civilian GPS Military GPS
1 P Ai 2 R3 - -
2 P Ai 2 R3 set of hyperboloids one hyperboloid
3 P Ai 2 R3 set of intersections intersection of
of two hyperboloids two hyperboloids4 P A
i 2 R3 set of 2 points 2 points5 P A
i 2 R3 set of points 1 point
Table 2: Summary of results for the number of possible at-tacker locations P A
i for n victims.
give an intuition where these solutions are located for a formation-preserving GPS spoofing attack.
Result 7. When spoofing a group of GPS receivers V1, . . . , Vn
such that the formation (i. e., the mutual distances and relative timeoffsets) is preserved, there is always at least one solution to thedecisional group GPS spoofing problem.
One way to show this result is to use an affine transformation todescribe the relation between physical and spoofed locations of thereceivers and senders. If the formation of the victims is preserved,there exists a bijective affine augmented transformation matrix Twhich describes this translation and rotation. Assuming that L andP are represented as augmented row vectors, we can therefore writeT · Lj = L0
j . Then, the inverse transformation T1 applied to LAi
will yield a possible antenna placement P Ai = T1 · LA
i , becauseall pseudoranges R0
ij between L0j and LA
i and the measured rangeRij between P A
i and Pj will be the same (the transformation pre-serves the Euclidean distance).
As a consequence of Results 6 and 7, spoofing five or more re-ceivers while retaining their formation has exactly one solution, anaffine transformation of the claimed satellite position LA
i .
Summary of results: Table 2 gives an overview of sets of possiblepositions P A
i for the attacker’s antenna depending on the numberof victims and on the target locations: spoofing all receivers to onelocation or each victim to a different location with a preserved for-mation. The results are shown for civilian and military GPS; ‘hy-perboloid’ refers to half of a two-sheeted hyperboloid. In the tablewe assume that the condition of Result 3 holds.
The results in Table 2 show that there are no restrictions on theattacker’s position for spoofing any number of victims to one lo-cation (P A
i 2 R3). With an increasing number of victims and aconstant formation, the attacker is getting more and more restrictedin terms of his antenna placement. For civilian GPS, the attackerhas more degrees of freedom because he can select claimed (false)satellite locations LA
i and thus influence the hyperboloid, intersec-tion of hyperboloids, etc., whereas these are fixed for military GPS(i. e., there is only one specific hyperboloid of attacker positions foreach transmitted signal per pair of victims).
5. EXPERIMENTS ON SATELLITE-LOCKTAKEOVER
A GPS spoofing attack in the presence of legitimate GPS satellitesignals requires the attacker to make the victim stop receiving sig-nals from the legitimate satellites and start receiving the attacker’s
Figure 6: The experimental setup.
signals. If this takeover is noticed by the victim, e. g. because thevictim suddenly loses contact to previously seen satellites, it candetect the spoofing attack. While the victim might lose contactdue to random noise or environmental changes, the attacker ideallyshould take over without being noticed. We say that the receiverhas a lock on a specific transmitter when it is already receiving datafrom that satellite. The satellite lock makes spoofing attacks hardersince a spoofing signal is likely to be misaligned (in phase, Dopplershift, or data content) to the legitimate signal. When the attacker’ssignal is turned on, this momentary interruption in the data-flowfrom that satellite could cause the victim to be temporarily unableto compute his position. Therefore, we now investigate how theattacker can take over the victim’s lock with the victim losing theability to calculate its position, even for a moment.
In Section 3 we assumed a strong attacker, who is always able togenerate signals with perfect timing and power level, and who hasperfect knowledge of his own and the victim’s position. In a practi-cal attack, many of these assumptions might be invalid. We conductexperiments to evaluate the influence of such imperfections. Be-cause we do not change the claimed location of the satellite in thedata sent by the attacker, all discussed imperfections should applyequally for military and public GPS receivers.
5.1 Experimental Setup and ProcedureIn our experiments, the spoofing signals and the legitimate GPS
signals are sent over a cable to eliminate the influence of the trans-mission channel. This enables us to measure the unique influenceof the parameters of interest while disregarding channel and an-tenna noise.
We conduct the lock takeover attacks using a Spirent GSS7700GPS simulator (see Figure 6). The GPS signal simulator is a hard-ware device that generates GPS signals and is controlled by a dedi-cated simulation PC running the SimGen simulation software pack-age [20]. The GSS7700 GPS simulator generates two independentGPS constellations with up to 16 satellites in each. One constel-lation is simulating the signals from the legitimate GPS satellites,and the other is simulating the attacker’s signals. Both are mixedtogether and sent to the GPS receiver via a wired connection. TheGPS receiver in our experiments is an Antaris evaluation kit by u-blox, containing the ATR0600 GPS chip from Atmel.
At the start of each experiment, we send only the legitimate GPSsignals for a static location. We reset the GPS receiver to make sureall experiments are independent and no internal state is kept froma previous experiment. After about 30 seconds the GPS receiverwill lock on to enough satellites to be able to calculate a stableposition. This position is the legitimate position L and the goal ofthe attacker is now to move the victim to a new location L0 suchthat (i) the victim is continuously able to compute its position (ii)no noticeable discontinuities in the location occur.
BroadcastsystemslikeGPScannotbefullysecured(ASSUMINGASTRONGATTACKER)!!!
GPSSpoofingcanbePreventedinanumberofScenariosbut…
p’ (spoofed location)
p (true location)
enlarged ranges
BroadcastsystemslikeGPScannotbefullysecured(ASSUMINGASTRONGATTACKER)!!!
GPSSpoofingcanbePreventedinanumberofScenariosbut…
p’ (spoofed location)
p (true location)
enlarged ranges
• Secureposi+oningrequireseither:• bidirec+onalcommunica+onor• communica+onfromthedevicetotheinfrastructure(i.e.,HIDDENBASESTATIONS)
BacktoEarth:IoTPosi%oning
i.e.,(usingbidirec6onalcommunica6on tosecureposi6oning)
SecureDistanceMeasurement
SecureDistanceMeasurement:-Measuringacorrectdistance(bound)betweentwodevicesinthepresenceofanaSacker.-Typically,secureproximityverifica+on.
A B
[DB]StefanBrands,DavidChaum:Distance-boundingprotocols,Eurocrypt1993
[Desmedt88]Desmedt,Y.:Majorsecurityproblemswiththe’unforgeable’(feige)-fiat-shamirproofsofiden+tyandhowtoovercomethem.In:SecuriCom1988
SecureDistanceMeasurement
SecureDistanceMeasurement:-Measuringacorrectdistance(bound)betweentwodevicesinthepresenceofanaSacker.-Typically,secureproximityverifica+on.
A B
M
[DB]StefanBrands,DavidChaum:Distance-boundingprotocols,Eurocrypt1993
[Desmedt88]Desmedt,Y.:Majorsecurityproblemswiththe’unforgeable’(feige)-fiat-shamirproofsofiden+tyandhowtoovercomethem.In:SecuriCom1988
SecureDistanceMeasurement
SecureDistanceMeasurement:-Measuringacorrectdistance(bound)betweentwodevicesinthepresenceofanaSacker.-Typically,secureproximityverifica+on.
A B
M
SecureProximityDetecZon:AFackercannotconvinceAandBthattheyarecloserthantheyare.(i.e.,distanceupperbound)
[DB]StefanBrands,DavidChaum:Distance-boundingprotocols,Eurocrypt1993
[Desmedt88]Desmedt,Y.:Majorsecurityproblemswiththe’unforgeable’(feige)-fiat-shamirproofsofiden+tyandhowtoovercomethem.In:SecuriCom1988
OtherProper+es
DistanceFraud• dishonestproverpretendstobeclosertotheverifierthanitis
MafiaFraud(WEMAINLYDISCUSSTHIS)• honestprover• aSackerconvincesverifierandproverthattheyarecloserthantheytrulyare
DistanceFraud
MafiaFraud
Proximity-BasedAuthoriza+onandAccessControl
Exampleapplica+ons:• Ifkeyfobclose(1m)tothecar/door=>unlockthecar/door• Iflaptopclose(1m)totheaccesspoint=>allownetworkaccess• Ifphoneinthebuilding/room=>allowaccesstodata• ifphone/cardclose(20cm)totheterminal=>executepayment• Ifbraceletclose(10cm)tothegun=>allowtheguntobefired• Iftwodevicesclose(10cm)=>establishkeys
Proximity-BasedAuthoriza+onandAccessControl
Exampleapplica+ons:• Ifkeyfobclose(1m)tothecar/door=>unlockthecar/door• Iflaptopclose(1m)totheaccesspoint=>allownetworkaccess• Ifphoneinthebuilding/room=>allowaccesstodata• ifphone/cardclose(20cm)totheterminal=>executepayment• Ifbraceletclose(10cm)tothegun=>allowtheguntobefired• Iftwodevicesclose(10cm)=>establishkeys
Intui+ve,non-interac+veandsecureapproachtoauthorizingaccesstophysicalspaces,dataandtotheexecu+onofservices.
ASack:PassiveKeylessEntryandStartSystems
THE KEYLESS ACCESS WORLD problem
K
K
[DA11]A.Francillon,B.Danev,S.Capkun
RelayASacksonPassiveKeylessEntryandStartSystemsinModernCars,NDSS2011
ASack:PassiveKeylessEntryandStartSystems
THE KEYLESS ACCESS WORLD problem
FreshChallenge(LF,120-135KHz)
Authen%cReply (UHF,315-433MHz)
shortrange(<2m)
longrange(<100m)
If:-correctkeyKisused-replywithinMaxDelay
then:-opendoor/startcar
K
K
[DA11]A.Francillon,B.Danev,S.Capkun
RelayASacksonPassiveKeylessEntryandStartSystemsinModernCars,NDSS2011
ASack:PassiveKeylessEntryandStartSystems
THE KEYLESS ACCESS WORLD problem
FreshChallenge(LF,120-135KHz)
Authen%cReply (UHF,315-433MHz)
shortrange(<2m)
longrange(<100m)
If:-correctkeyKisused-replywithinMaxDelay
then:-opendoor/startcar
K
K
[DA11]A.Francillon,B.Danev,S.Capkun
RelayASacksonPassiveKeylessEntryandStartSystemsinModernCars,NDSS2011
ASack:PassiveKeylessEntryandStartSystems
THE KEYLESS ACCESS WORLD problem
FreshChallenge(LF,120-135KHz)
Authen%cReply (UHF,315-433MHz)
shortrange(<2m)
longrange(<100m)
If:-correctkeyKisused-replywithinMaxDelay
then:-opendoor/startcar
K
K
[DA11]A.Francillon,B.Danev,S.Capkun
RelayASacksonPassiveKeylessEntryandStartSystemsinModernCars,NDSS2011
Weneed-anauthen+cateddistanceboundingprotocol:-adistancemeasurementtechnique(thatprovidesgoodrangeandprecision)-physicallayer/distancemeasurementthatissecureagainstallaFacks-lowpower/complexityofimplementa+on
V P
d = (tr-ts-tp)c/2
tp<< tr-ts
ts
tr
f(NP,NV)
authentication
HowToSecureDistanceMeasurement?
NP
HowToSecureDistanceMeasurement?
Mainidea:MeasurethedistancebetweenVandP+AuthenZcateMessages
IDM=IndirectDistanceMeasurement(noTime-of-Flight)NFC/RFID(e.g.,ISO)RSSImeasurement(e.g.,WiFi,Bluetooth,802.15.4)Phase(mul+-carrier)measurement(e.g.,AtmelAT86RF233)FMCW(Frequency-ModulatedCon+nuous-Wave)AoA(AngleofArrival)measurement(e.g.,Bluetooth5.0)
DirectDistanceMeasurement(Time-of-Flight)ChirpSpreadSpectrum(802.15.4a,ISO/IEC24730-5,NanoLOC)UltraWideBand(UWB)•802.15.4aUWB•802.15.4fUWB(singlepulseperbit)andmul%-pulseperbit[Singh17]
[Ran17]A.Ranganathan,S.Capkun,AreWeReallyClose?VerifyingProximityinWirelessSystems,IEEESecurity&PrivacyMagazine,May-June2017(overview)
SecureDistanceMeasurement:PhysicalLayerASacks
AFackerreducesthemeasureddistance!By -advancingthearrivalofthesignal(ordirectlychangingitsfeatures)(a)-injec%ngsignalstochangetheToAes%mate(b,c)
SimpleRelay,PhaseRelay,SignalAmplifica+on,EarlyDetect/LateCommit,Cicada,PreambleAdvance,…
SecureDistanceMeasurement:ASacks
EarlyDetect/LateCommitASack
[CL06]J.Clulow,G.P.Hancke,M.G.Kuhn,T.Moore,SoNearandYetSoFar:Distance-BoundingASacksinWirelessNetworks,ESAS2006
Weknow:longsymbols(fromasmallsymbolspace)=>ED/LCandCicadaaFacks
Twoop+onstocounteraSacks:
-shortsymbols(ToAover1pulse=>shortrange)• 1UWBpulseperbit=>fullysecure(aFackercancheatwithinthewidthofthepulse)
-longsymbols(ToAoversequence=>longrange)• randomizedsymbols• UWBwithpulsereordering:interleavingofmul%-pulsesymbols[Singh17]
PhysicalLayer
HowToSecureDistanceMeasurement?[Singh17]
SoWeNeedtoDo“RapidBitExchange”?
MANY PROTOCOLS DESIGNED AND MODELS DEVELOPED UNDER THIS ASSUMPTIONIMPLYING LIMITED RANGE AND APPLICABILITY OF THESE PROTOCOLS / SYSTEMS
HowToSecureDistanceMeasurementwithLongSymbols?[Singh17]
WITH PULSE REORDERING, WE CAN HAVE “ARBITRARY RANGE”
Security[Singh17]
SupportforBothTrustedandUntrustedProver
TrustedProveristriviallysupported:• ProverdecodesUWBPRsequences• Computesareply(fixed+mecomputa+on)• Replies
UntrustedProver:• Proverreplies“blindly”topulses(similarto
CRCS[Rasmussen10])• No“real+me”decodingattheprover• VerifierdecodestheUWBPRsequences
HowToSecureDistanceMeasurement?[Singh17]
V P
d = (tr-ts-tp)c/2
tp<< tr-ts
ts
tr
f(NP,NV)
authentication
NP
(illustraZon-differentprotocolscanbesupported)
PhysicallayerthatsupportsdistancemeasurementandissecureagainstallaFacks-BasedonUWB802.15.4f,500MHz-1GHzbandwidth-Roundtrip+meofflight
Currentimplementa+on:• 150-200m(LoS)range,15cmprecision• 1mspermeasurement• Lowpower
UsinglongsymbolswithReordering,rangecanbeextended“arbitrarily”(tradingoff%meofmeasurement)(incontrasttopastimplementa%onsthathavelimitedrange)
HowToSecureDistanceMeasurement?[Singh17]
[Singh17]M.Singh,P.Leu,S.Capkun,UWBwithPulseReordering:SecuringRangingagainstRelayandPhysicalLayerASacks,EPrintArchive,2017
TechnologyandImplementa+on
With3DBtechnologies(hSps://www.3db-access.com)
DoweNeedRapidBitExchange?
V P
d = (tr-ts-tp)c/2
tp<< tr-ts
ts
tr
f(NP,NV)
authentication
NP
No-singlerounddistancemeasurementoverasinglemessageisbothsecureandpreferable.
THISSIMPLIFIESPROTOCOLDESIGNANDANALYSISANDINCREASESTHERANGEANDAPPLICATIONSPACE
(illustraZon-differentprotocolscanbesupported)
BroadcastsystemslikeGPScannotbefullysecured(ASSUMINGASTRONGATTACKER)!!!
GPSSpoofingcanbePreventedinanumberofScenariosbut…
p’ (spoofed location)
p (true location)
enlarged ranges
• Secureposi+oningrequireseither:• bidirec+onalcommunica+onor• communica+onfromthedevicetotheinfrastructure(i.e.,HIDDENBASESTATIONS)
Nowthatwecandosecuredistancemeasurementwith“unlimitedrange” (i.e.,aSackercannotreducethemeasureddistance)=>SecurePosi+oningthroughVerifiableMul%latera%on[Cap05]
SecurePosi+oning
V1 V2
V3
P
P’
d1 d2
d3
d2’
P→P’ => d2’<d2
[Cap05]S.Capkun,J.P.Hubaux,Secureposi+oninginwirelessnetworks,JSAC2006/INFOCOM2005
Implica+onsforPastResearch/Assump+onsMadeintheCommunity
SomeCommentsontheAssump+onsMadeintheCommunity
-Israpidbitexchangeneededfordistancebounding?No.Weshowthatmul+-bitnoncescanalsobeused.Itwillalsorequiremore+mesinceroundtrip+memeasurementisexecutedseveral+mes.
-Areprotocolsbasedonmul+-bitnoncesinsecure?No,unlessoneuses“insecure”physicallayer.
-Isthedistancemeasuredon‘individualbits’?No.Forrobustness/performance,distanceistypicallymeasuredoveraseriesofsymbolsandbutsActually,typicallyitismeasuredoverapreambleandthenverifiedoverthedata(DistanceCommitment).
-DoesRapidBitExchangeimprovetheRobustness?Doweneed“robust”rapidbitexchange?Notreally,ifbitsareencodedaslongsequencesofpulses,thereisenoughrobustnesstocompensateforfailuresonthechannel.
WereBrandsandChaum[BC]and[CL06]Right?
[BC]:-userapidbitexchange[CL06]:-userapidbitexchange(mul+-bitchallenge-responseisinsecure)-use1(UWB)symbolperbit-specificprotocolsthatusemul+-bitchallenge-responsesareinsecure
Ourwork[Singh17]showsthat-Mul+-pulseperbitsymbolscanbesecure-Mul+-bitchallengeresponsecanbesecure-Protocolsthatwereclaimedtobevulnerablein[CL06]aresecure
[Singh17]M.Singh,P.Leu,S.Capkun,UWBwithPulseReordering:SecuringRangingagainstRelayandPhysicalLayerASacks,EPrintArchive,2017
[CL06]J.Clulow,G.P.Hancke,M.G.Kuhn,T.Moore,SoNearandYetSoFar:Distance-BoundingASacksinWirelessNetworks,ESAS2006
Clulowetal.[CL06]-ED/LCaSacks
“Weshowthatproposeddistance-boundingprotocolsofHu,PerrigandJohnson(2003),Sastry,ShankarandWagner(2003),andČapkunandHubaux(2005,2006)arevulnerabletoaguessingaKackwherethemaliciousproverpreemp6velytransmitsguessedvaluesforanumberofresponsebits.”
and
“WeproposeanumberofprinciplestoadheretowhenimplemenZngdistance-boundingsystems.TheserestrictthechoiceofcommunicaZonmediumtospeed-of-lightchannels,thecommunica6onformattosinglebitexchangesfor6ming,symbollengthtonarrow(ultrawideband)pulses,andprotocolstoerror-tolerantversions.TheserestricZonsincreasethetechnicalchallengeofimplemenZngsecuredistancebounding.“
Basedonourresults,theseconclusionsdonothold.
[CL06]J.Clulow,G.P.Hancke,M.G.Kuhn,T.Moore,SoNearandYetSoFar:Distance-BoundingASacksinWirelessNetworks,ESAS2006
WereBrandsandChaum[BC]and[CL06]Right?
[CL06]:• mul+-bitchallenge-responsedistanceboundingandprotocolsofHu/Perrig/Johnson,Sastry/
ShankarandCapkun/HubauxthatusethemarevulnerabletoED/LCaSacksOurwork[Singh17]showsthatthisisnotcorrect:• mul+-bitconstruc+onsandthereforetheaboveprotocolsaresecureifanappropriatephysical
layerischosen.• Noneoftheseprotocolsassumedapar+cularphysicallayerandthereforetheaSacksclaimedin
[CL06]donotholdexceptunderthephysicallayerassumedin[CL06].
[CL06]:• SymbollengthisrestrictedtosingleUWBpulsesandprotocolstoerrortolerantversionsOurwork[Singh17]showsthatthisisnotcorrect:• Mul+-pulseandmul+-bitconstruc+onsarepossible(andpreferable)• Errortoleranceisnotnecessaryattheprotocollevel,asitfollowsfromtherobustphysicallayer
[Singh17]M.Singh,P.Leu,S.Capkun,UWBwithPulseReordering:SecuringRangingagainstRelayandPhysicalLayerASacks,EPrintArchive,2017
DirectTimeMeasurementvs“DistanceCommitment”
Allowsfortheprovertorespondbeforeitevendecodesthereceivedsymbol/bit.[Tipp15,Singh17]=>distancefraudcanbeimplementedwithmul+-pulsesymbolsandmul+-bitnonces
DoweNeedRapidBitExchange?
V P
d = (tr-ts-tp)c/2
tp<< tr-ts
ts
tr
f(NP,NV)
authentication
NP
No-singlerounddistancemeasurementoverasinglemessageisbothsecureandpreferable.
(illustraZon-differentprotocolscanbesupported)
Otherusesofproximity: LeveragingProximityforOn-lineAuthen%ca%on
2ndFactorAuthen+ca+on
• Interac%ve:• OTP(SMS,RSAsecurID),PhotoTAN• GoogleTwoStep,DuoSecurity,EncapSecuritypushmessagetophone,…
• Non-interac%ve:• If2ndfactordeviceisclosetoPC=>authen6cate• Enablescon6nuousauthen6ca6on
HowtoDetectProximitytothePhone?
• Phoneneedstodetectifitisclosetothelaptoponwhichtheuserisopeningabrowsersessiontotheserver.
HowtoDetectProximitytothePhone?
• Phoneneedstodetectifitisclosetothelaptoponwhichtheuserisopeningabrowsersessiontotheserver.
• Butbrowsersaresandboxed=>noaccesstoWiFi,BT,…(openingupnow)
HowtoDetectProximitytothePhone?
• Phoneneedstodetectifitisclosetothelaptoponwhichtheuserisopeningabrowsersessiontotheserver.
• Butbrowsersaresandboxed=>noaccesstoWiFi,BT,…(openingupnow)
• Wedon’twantaddi+onalSW,browserextensions,plugins,…
HowtoDetectProximitytothePhone?
• Phoneneedstodetectifitisclosetothelaptoponwhichtheuserisopeningabrowsersessiontotheserver.
Design goal: Usability and deployability
• Butbrowsersaresandboxed=>noaccesstoWiFi,BT,…(openingupnow)
• Wedon’twantaddi+onalSW,browserextensions,plugins,…
Sound-Proof:LeveragingSoundtoEstablishProximity
• Accesstomicrophonesupportedbyallmajorbrowsers• Accessgrantedbyuserperdomain• Permanentorper-session
Sound-Proof:LeveragingSoundtoEstablishProximity
• Accesstomicrophonesupportedbyallmajorbrowsers• Accessgrantedbyuserperdomain• Permanentorper-session
• PhoneandServerScriptcan• communicate=>checkproximity.• recordambientnoise=>checkproximity.
Sound-Proof:LeveragingSoundtoEstablishProximity
• Accesstomicrophonesupportedbyallmajorbrowsers• Accessgrantedbyuserperdomain• Permanentorper-session
• PhoneandServerScriptcan• communicate=>checkproximity.• recordambientnoise=>checkproximity.
Sound-Proof:BasicIdea
1. Username, password
Sound-Proof:BasicIdea
1. Username, password 2. Transmit and Record
2. Transmit and Record
Sound-Proof:BasicIdea
1. Username, password 2. Transmit and Record
2. Transmit and Record
Sound-Proof:BasicIdea
1. Username, password 2. Transmit and Record
2. Transmit and Record
Sound-Proof:BasicIdea
1. Username, password 2. Transmit and Record
2. Transmit and Record
Similarity score s+ additional checks (ML/AI)
Sound-Proof:BasicIdea
1. Username, password 2. Transmit and Record
2. Transmit and Record 3. Login authorization
Similarity score s+ additional checks (ML/AI)
Sound-Proof:BasicIdea
1. Username, password 2. Transmit and Record
2. Transmit and Record 3. Login authorization
Similarity score s+ additional checks (ML/AI)
Sound-Proof:BasicIdea
• communicatetocheckproximity(near-ultrasound)• recordambientnoisetocheckproximity(ambientsound)
Sound-Proof
• Easyandfastforend-users(5secondstoauthen+cate)• Con+nuousAuthen+ca+on• Zerointerac+on• Workswellinawiderangeofenvironments
(evenwhenphoneinpocket/purse)• Deployable:Compa+blewithsmartphonesandmajorbrowsers
withoutplugins• Easyintegra+onwithbackend
Acknowledgements(inrandomorder):
• MridulaSingh• PatrickLeu• AanjhanRanganathan• BorisDanev• NilsTippenhauer• KasperRasmussen• Chris+naPopper• NikosKarapanos• ClaudioSoriente• ClaudioMarforio• HildurOlafsdo|r…
MoreInforma+on
• www.zisc.ethz.ch• hSps://secureposi+oning.com/