|Ph.D Student||Genkin Daniel|
|Subject||Secure Computation in Hostile Environments|
|Department||Department of Computer Science||Supervisors||Professor Yuval Ishai|
|Dr. Eran Tromer|
|Full Thesis text|
Computer systems are everywhere, often controlling critical processes and containing sensitive information. However, the ubiquitous nature of computer systems also means that these systems often operate in hostile environments where they are subjected to various attacks.
This dissertation studies aspects of designing systems which can securely operate in hostile environments. The dissertation consists of three parts.
Part I: Side-Channel Attacks. A common assumption is the ability of programs to control their outputs. Thus, to keep a secret, programmers are taught to never output something that might reveal it. Yet, the control of programs over their outputs is a convenient abstraction since the hardware running the program interacts with its environment in complex ways (electric currents, electromagnetic fields, sound, etc.). Exploiting such leakage, side-channel attacks have been used to break the security of numerous cryptographic implementations on small devices (smart-cards, microcontrollers). However, the PC-class of devices (laptops, desktops, servers) received little academic attention. We explore the vulnerability of PCs to side-channel attacks. We show that cryptographic keys can be extracted from PCs, often cheaply and easily. As a result of these attacks, countermeasures were deployed by cryptographic libraries running on PCs.
Part II: Securing Circuits Against Additive Attacks. Another assumption often made by system designers relates to the system’s hardware integrity. However, many real-world threats (faulty components, backdoored devices) make blind trust in the hardware dangerous. Most prior designs of resilient hardware assumed some bound on the number of circuit components which can be modified, or assumed that some circuit parts are leakage free. Taking a different approach, we allow the adversary to modify all wires in the circuit but limit its capabilities to perturbing the wire values by blind additions of constants. We refer to these as additive attacks. We design circuit compilers which transform any arithmetic or boolean circuit into an equivalent circuit, of similar size, which resists additive attacks. The study of additive attacks is also motivated by an application to secure computation (see below).
Part III: Secure Multiparty Computation (MPC). An MPC protocol allows multiple parties to compute a function of their inputs without compromising the privacy of the inputs or the correctness of the outputs, even if some parties are corrupted by an adversary. The efficiency of MPC protocols largely depends on the power of the adversary. An important distinction is between protocols that offer security against passive adversaries, who follow the protocol's specification but try to learn information from messages they receive, and security against active adversaries, who are allowed to deviate from the protocol's specification. We observe that for many passively-secure protocols for evaluating circuits, any deviation made by an active adversary is equivalent to an additive attack on the underlying circuit. Thus, by running the passively-secure protocol on an additive attack resilient circuit, we obtain an actively-secure protocol whose communication complexity matches the passively-secure protocol. Using this methodology we simplify feasibility results and attain efficiency improvements in several models, closing some asymptotic gaps in communication complexity between the passive and active case.