cryptographic security for mobile code
play

Cryptographic Security for Mobile Code Sean Kugele CS 6204, Spring - PowerPoint PPT Presentation

Nov 27, 2023 •355 likes •601 views

Cryptographic Security for Mobile Code Sean Kugele CS 6204, Spring 2005 1 Mobile Code A program produced by one entity, called the originator, and transferred to a different entity, called the host, where it is immediately executed

  1. Cryptographic Security for Mobile Code Sean Kugele CS 6204, Spring 2005 1

  2. Mobile Code ♦ A program produced by one entity, called the originator, and transferred to a different entity, called the host, where it is immediately executed – mobile code must arrive at the host ready to run; i.e. no installation required. – example: Java Applets CS 6204, Spring 2005 2

  3. Security Problems in Mobile Code Protecting the host executing the code 1. from malicious mobile code • Sandboxing, Proof Carrying Code Protecting the mobile code from malicious 2. hosts • Far less developed • Concern of this paper CS 6204, Spring 2005 3

  4. History of Mobile Code Protection Schemes ♦ Originally considered impossible until a 1998 paper by Sanders and Tschudin applied theoretical cryptography to allow code execution in encrypted form • Required multiple rounds of interaction between originator and host • Only works for a subset of possible programs ♦ More recently, a protocol was devised that only required one round of interaction and allowed efficient evaluation of encrypted code • Must not allow host to gain information about the computation • Only the originator may receive output CS 6204, Spring 2005 4

  5. History of Mobile Code Protection Schemes ♦ Use of trusted hardware to allow “active code”. Mobile code runs exclusively within the trusted hardware, and is encrypted on exit • Hardware must be trusted to execute the code properly, and only once • Expensive CS 6204, Spring 2005 5

  6. Purpose of this Paper ♦ Propose an architecture for secure execution of active mobile code that does not require additional client hardware – Introduced the concept of a Generic Secure Computation Service – Assuming that the trusted service does not collude with anyone the protocol guarantees the following: 1. Privacy of computation for both originator and hosts 2. Integrity of computation for both originator and hosts 3. The Computation Service learns nothing about the computation CS 6204, Spring 2005 6

  7. Model used for Mobile Code Protection ♦ Components: • Originator O • Hosts H 1 , ... , H L • Messages M 0 , ..., M L CS 6204, Spring 2005 7

  8. Host Computation ♦ X ≡ Set of All Possible Agent States ♦ Yj ≡ Set of All Possible Inputs from Hj ♦ Zj ≡ Set of All Possible Outputs to Hj ♦ Functions: – g j : X × Y j → X – h j : X × Y j → Z j CS 6204, Spring 2005 8

  9. Generic (non-interactive) secure mobile computing ♦ Consists of 2L + 2 algorithms: A 0 ,..., A L B 1 ,..., B L , and D CS 6204, Spring 2005 9

  10. Model using Generic Secure Computation Service ♦ T is a separate entity offered as a service for “secure mobile agent computation” ♦ Portions of the mobile code that need “protection” are executed by T, the rest of the mobile code is executed at Hj • Too computational expensive to execute all code in this way ♦ Based on the encryption of binary digital circuits CS 6204, Spring 2005 10

  11. Constructing Encrypted Circuits ♦ First proposed in 1986 by A.C. Yao ♦ Overview Given • a binary function g(x,y) that outputs z • Two parties Alice (who supplies x) and Bob (who supplies y) Essential Components • construct algorithm for producing the encrypted circuit • A transfer protocol for communication between Alice and Bob • evaluate algorithm for allowing Bob to decipher g(x,y) Result • Bob learns z, but nothing else • Alice learns nothing at all CS 6204, Spring 2005 11

  12. Constructing Encrypted Circuits ( construct algorithm) ♦ Input: a circuit C that computes g(x,y) ♦ Output: a tuple ( C , L , K , U ) • where C denotes the encrypted input circuit and, CS 6204, Spring 2005 12

  13. Constructing Encrypted Circuits (Transfer Protocol) ♦ Oblivious Transfer: • Alice has two messages • Bob chooses to receive one of these messages, but gains no knowledge of the other message • Alice does not learn which message Bob received CS 6204, Spring 2005 13

  14. Oblivious Transfer Example Alice generates two public/private key pairs and sends 1. both public keys to Bob Bob generates a symmetric key K Bob and choosing one of 2. Alice’s public keys he encrypts K Bob without telling Alice which public Key Alice decrypts K Bob using both of her private keys, 3. producing both K Bob and another key which is garbage. But Alice does not know which is K Bob and which is garbage Alice encrypts both of her message, one with K Bob and 4. the other with the garbage key, and sends both back to Bob Bob, using K Bob is able to decrypt on of Alice’s messages 5. but not both, and Alice has no idea which message Bob actually received - paraphrased from Applied Cryptography by Bruce Schneier CS 6204, Spring 2005 14

  15. Constructing Encrypted Circuits (Transfer Protocol) CS 6204, Spring 2005 15

  16. Constructing Encrypted Circuits ( evaluate algorithm) ♦ Input: ♦ Output: – Using this output Bob can recover z – How is this done? • Bob must have access to U, the set of output key pairs produced by construct . • For each key Bob compares this key with each key pair in U. If the protocol was executed properly each output key will match one of the keys from the corresponding pair. • If the key matches the first key of the pair then Bob sets z i = 0, otherwise z i = 1. CS 6204, Spring 2005 16

  17. Basic Scheme (Single Host) The originator, O, must choose a string id, to uniquely 1. identify the mobile code O invokes construct (C) and obtains ( C,L,K,U ). 2. • U consists of n x + n z key pairs. U x denotes the first n x key pairs in U , and U z denotes the last n z key pairs in U O, using Key PubT , encrypts each key K i,b in K, along with 3. id generated in step 1 and the index i that identifies K i,b CS 6204, Spring 2005 17

  18. Basic Scheme (Single Host) O chooses exactly one key from each key pair in L using 4. the input bit x i as the selector, and sends these keys, along will all the encrypted keys in K-bar , U z, and id to the host, H H chooses exactly one key from each key pair in K-bar , 5. using the input bit y i as the selector, and sends these keys, along with id , to T CS 6204, Spring 2005 18

  19. Basic Scheme (Single Host) T decrypts these keys using Key PrivateT and verifies id and 7. the index i from each • Remember that O sent a copy of id with each encrypted key, and H sent another plaintext copy of id T sends the decrypted keys, which represent the inputs 8. y i , back to H CS 6204, Spring 2005 19

  20. Basic Scheme (Single Host) H invokes the evaluate algorithm, and obtains z from 9. U z ′ by comparing these keys with the pairs in U z , which were sent to H in step 4 Note that if O had sent U x to H in step 4 then H could • have determined ξ H forwards U x ′ to O 10. 11. O determines the final state ξ by a similar comparison with U x CS 6204, Spring 2005 20

  21. Extension for Multiple Hosts ♦ Similar to the basic scheme with the following differences: 1. O must generate an encrypted circuit for each of the hosts 2. A mechanism is added for transferring the state of the mobile code securely between each successive host CS 6204, Spring 2005 21

  22. Applications ♦ Comparison Shopper ♦ Generalized Auctions CS 6204, Spring 2005 22

  23. Trusted Service vs. Trusted Hardware Both require trust 1. – Trusted service model requires Generic Secure Computation Service not to collude – Trusted hardware model requires honest hardware manufacturers Trusted hardware has knowledge of all 2. computations GSCS learns nothing about the computations 3. other than that they take place Clear speed advantage in the trusted hardware 4. approach CS 6204, Spring 2005 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Formal Security Analysis of Cryptographic Protocol Code

Formal Security Analysis of Cryptographic Protocol Code

Formal Security Analysis of Cryptographic Protocol Code Karthikeyan Bhargavan INRIA IIT Delhi, Fall 2010 Lecture 1: WriCng Secure Web ApplicaCons

472 views • 25 slides
Future Cryptographic Requirements from Mobile Applications Chris Mitchell, Kenny Paterson and

Future Cryptographic Requirements from Mobile Applications Chris Mitchell, Kenny Paterson and

Future Cryptographic Requirements from Mobile Applications Chris Mitchell, Kenny Paterson and Vaia Sdralia Information Security Group, Royal Holloway, University of London, Egham, Surrey, TW20 0EX, UK. Some Trends in Mobile Telecoms >

460 views • 5 slides
Mobile Application Security Testing and Code Review 19 Nov 2013 Mobile and Smart Device

Mobile Application Security Testing and Code Review 19 Nov 2013 Mobile and Smart Device

Mobile Application Security Testing and Code Review 19 Nov 2013 Mobile and Smart Device Security 2013 Boston, MA Presen sented ted by: Francis Brown & Joe DeMesy Bishop Fox www.bishopfox.com Introductions VERY QUICKLY

3.77k views • 83 slides
Formal Security Analysis of Cryptographic Protocol Code

Formal Security Analysis of Cryptographic Protocol Code

Formal Security Analysis of Cryptographic Protocol Code Karthikeyan Bhargavan INRIA Karthikeyan.Bhargavan@inria.fr IIT Delhi, Fall 2010 Lecture 4: Security

348 views • 34 slides
Formal Security Analysis of Cryptographic Protocol Code

Formal Security Analysis of Cryptographic Protocol Code

Formal Security Analysis of Cryptographic Protocol Code Karthikeyan Bhargavan INRIA Karthikeyan.Bhargavan@inria.fr IIT Delhi, Fall 2010 Lecture 3: Coding

527 views • 36 slides
Formal Security Analysis of Cryptographic Protocol Code

Formal Security Analysis of Cryptographic Protocol Code

Formal Security Analysis of Cryptographic Protocol Code Karthikeyan Bhargavan INRIA Karthikeyan.Bhargavan@inria.fr IIT Delhi, Fall 2010 Lecture 7: Using

393 views • 38 slides
Formal Security Analysis of Cryptographic Protocol Code

Formal Security Analysis of Cryptographic Protocol Code

Formal Security Analysis of Cryptographic Protocol Code Karthikeyan Bhargavan INRIA Karthikeyan.Bhargavan@inria.fr IIT Delhi, Fall 2010 Lecture 2: A

530 views • 41 slides
Network Security Cryptography: Cryptographic Hash Functions And Message Authentication Code

Network Security Cryptography: Cryptographic Hash Functions And Message Authentication Code

Network Security Cryptography: Cryptographic Hash Functions And Message Authentication Code F033581 Topic 2: Hash Functions and 1 Message Authentication Readings for This Lecture Wikipedia Cryptographic Hash Functions Message

689 views • 25 slides
Steroids For Your App Security Assessment Marco Grassi Mobile Security Researcher ~ whoami

Steroids For Your App Security Assessment Marco Grassi Mobile Security Researcher ~ whoami

Steroids For Your App Security Assessment Marco Grassi Mobile Security Researcher ~ whoami R&D Team Member @ viaForensics I work mainly on Android/iOS The Problem We want to trace the code in mobile applications that we

632 views • 48 slides
CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools Cryptographic Tools Cryptographic algorithms important element in security services Review various types of elements symmetric encryption secure

1.27k views • 23 slides
CS 528 Mobile and Ubiquitous Computing Lecture 11: Mobile Security and Mobile Software

CS 528 Mobile and Ubiquitous Computing Lecture 11: Mobile Security and Mobile Software

CS 528 Mobile and Ubiquitous Computing Lecture 11: Mobile Security and Mobile Software Vulnerabilities Emmanuel Agu Mobile Security Issues Introduction So many cool mobile apps Access to web, personal information, social media, etc

1.05k views • 55 slides
Mobile Application Security Testing ASSES SESSMENT NT & CODE REVIEW EW st 2014 Sept. t.

Mobile Application Security Testing ASSES SESSMENT NT & CODE REVIEW EW st 2014 Sept. t.

Mobile Application Security Testing ASSES SESSMENT NT & CODE REVIEW EW st 2014 Sept. t. 31 31 st Presenters ITAC 2014 Bishop Fox Francis Brown Partner Joe DeMesy Security Associate 2 2 Int ntrodu roductions ctions

1.32k views • 86 slides
Security-by-Contract: Toward a Semantics for Digital Signatures on Mobile Code* N. Dragoni, F .

Security-by-Contract: Toward a Semantics for Digital Signatures on Mobile Code* N. Dragoni, F .

Security-by-Contract: Toward a Semantics for Digital Signatures on Mobile Code* N. Dragoni, F . Massacci, K. Naliuka and I. Siahaan Department of Information and Communication Technologies University of Trento, ITALY dragoni@dit.unitn.it

841 views • 35 slides
Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction to cryptographic protocols communication (various security goals) Bruno Blanchet use cryptographic primitives (e.g. encryption, hash function,

451 views • 14 slides
On the Bit Security of Cryptographic Primitives M E T R A S 7 . 7 M Daniele Micciancio

On the Bit Security of Cryptographic Primitives M E T R A S 7 . 7 M Daniele Micciancio

On the Bit Security of Cryptographic Primitives M E T R A S 7 . 7 M Daniele Micciancio Michael Walter UCSD IST Austria eprint.iacr.org/2018/077 Security Security Adversary Game 1 Security Security Adversary Game

883 views • 40 slides
Chapter7. Security 7.1 Introduction 7.2 Overview of security techniques 7.3 Cryptographic

Chapter7. Security 7.1 Introduction 7.2 Overview of security techniques 7.3 Cryptographic

Chapter7. Security 7.1 Introduction 7.2 Overview of security techniques 7.3 Cryptographic algorithms 7.4 Digital signatures 7.5 Cryptography pragmatics 7.1. Introduction Why need security mechanisms in DS? Share of resources

364 views • 24 slides
NASA Sounder Science Team Meeting November 3-5, 2010 Greenbelt, MD Bruce Vollmer

NASA Sounder Science Team Meeting November 3-5, 2010 Greenbelt, MD Bruce Vollmer

NASA Sounder Science Team Meeting November 3-5, 2010 Greenbelt, MD Bruce Vollmer Bruce.E.Vollmer@nasa.gov 1 Operation Summary AIRS Data Holdings AIRS Data Distribution Metrics AIRS Data Services Ongoing Support Recent

400 views • 16 slides
StatVerif: Modelling protocols that involve persistent state Mark D. Ryan University of

StatVerif: Modelling protocols that involve persistent state Mark D. Ryan University of

StatVerif: Modelling protocols that involve persistent state Mark D. Ryan University of Birmingham Joint work with Myrto Arapinis, St ephanie Delaune, Steve Kremer, Joshua Phillips and Graham Steel 78 December 2011 Outline The ProVerif

345 views • 32 slides
Mobile Apps Often Need to Talk to a Remote server Internet Internet Saving resources (e.g.,

Mobile Apps Often Need to Talk to a Remote server Internet Internet Saving resources (e.g.,

Introduction Overview Detailed Design Evaluation Discussion Related Work Summary References Automatic Forgery of Cryptographically Consistent Messages to Identify Security Vulnerabilities in Mobile Services Chaoshun Zuo , Wubing Wang

347 views • 34 slides
High Impact Project Life-cycle management of mission-critical systems through certification,

High Impact Project Life-cycle management of mission-critical systems through certification,

High Impact Project Life-cycle management of mission-critical systems through certification, commissioning, in-service maintenance, remote testing, and risk assessment Research Team M. Kezunovic, PI Co-PIs: D. Bakken, S. Meliopoulos, T.

620 views • 43 slides
Network Redesign at Bates College MTUG 2018 If the network is supposed to be up all of the

Network Redesign at Bates College MTUG 2018 If the network is supposed to be up all of the

Network Redesign at Bates College MTUG 2018 If the network is supposed to be up all of the time, then how do you maintain and upgrade it? Bates College A private, highly selective, residential college devoted to undergraduate study in

903 views • 35 slides
VISA: Netstations Virtual Internet SCSI Adapter Rodney Van Meter USC/Information Sciences

VISA: Netstations Virtual Internet SCSI Adapter Rodney Van Meter USC/Information Sciences

VISA: Netstations Virtual Internet SCSI Adapter Rodney Van Meter USC/Information Sciences Institute rdv@isi.edu http://www.isi.edu/netstation/ July 15, 1997 1 Talk Outline Netstation STORM & Derived Virtual Devices IP

653 views • 29 slides
Interdomain Routing and Games Hagay Levin Michael Schapira Aviv Zohar Abstract We

Interdomain Routing and Games Hagay Levin Michael Schapira Aviv Zohar Abstract We

Interdomain Routing and Games Hagay Levin Michael Schapira Aviv Zohar Abstract We present a game-theoretic model that captures many of the intricacies of interdomain routing in todays Internet. In this model, the strategic agents are

429 views • 17 slides
Downgrade Attacks by Example How Compatibility breaks Security Michael Rodler (@f0rki)

Downgrade Attacks by Example How Compatibility breaks Security Michael Rodler (@f0rki)

Downgrade Attacks by Example How Compatibility breaks Security Michael Rodler (@f0rki) 2012-01-21 Michael Rodler Downgrade Attacks 1 / 39 About me about me @f0rki, http://f0rki.at Student Sichere Informationssysteme Bachelor at

820 views • 51 slides

More recommend