Defending humans against killers Attack: We kill people based on - - PowerPoint PPT Presentation

defending humans against killers
SMART_READER_LITE
LIVE PREVIEW

Defending humans against killers Attack: We kill people based on - - PowerPoint PPT Presentation

Aug 17, 2022 38 likes •129 views

Defending humans against killers Attack: We kill people based on metadata. April 2014, Michael Hayden (DIRNSA 19992005; DIRCIA 20062009) Daniel J. Bernstein (UIC, TU/e) and Tanja Lange (TU/e) Defending humans against killers

slide-1
SLIDE 1

Defending humans against killers

Attack: “We kill people based on metadata.” —April 2014, Michael Hayden (DIRNSA 1999–2005; DIRCIA 2006–2009)

Daniel J. Bernstein (UIC, TU/e) and Tanja Lange (TU/e)

slide-2
SLIDE 2

Defending humans against killers

Attack: “We kill people based on metadata.” —April 2014, Michael Hayden (DIRNSA 1999–2005; DIRCIA 2006–2009) Countermeasure: Eliminate the metadata.

Daniel J. Bernstein (UIC, TU/e) and Tanja Lange (TU/e)

slide-3
SLIDE 3

Defending humans against killers

Attack: “We kill people based on metadata.” —April 2014, Michael Hayden (DIRNSA 1999–2005; DIRCIA 2006–2009) Countermeasure: Eliminate the metadata. But do they also kill people based on content?

Daniel J. Bernstein (UIC, TU/e) and Tanja Lange (TU/e)

slide-4
SLIDE 4

Defending crypto libraries against side-channel attacks

Crypto libraries leak secrets through metadata. e.g. 2012 CRI DEMA attack against smartphones extracted secrets from timing of memory accesses.

Daniel J. Bernstein (UIC, TU/e) and Tanja Lange (TU/e)

slide-5
SLIDE 5

Defending crypto libraries against side-channel attacks

Crypto libraries leak secrets through metadata. e.g. 2012 CRI DEMA attack against smartphones extracted secrets from timing of memory accesses. Countermeasure: Eliminate the metadata. No secret memory addresses, no secret branch conditions. e.g. NaCl crypto library (Bernstein–Lange–Schwabe).

Daniel J. Bernstein (UIC, TU/e) and Tanja Lange (TU/e)

slide-6
SLIDE 6

Defending crypto libraries against side-channel attacks

Crypto libraries leak secrets through metadata. e.g. 2012 CRI DEMA attack against smartphones extracted secrets from timing of memory accesses. Countermeasure: Eliminate the metadata. No secret memory addresses, no secret branch conditions. e.g. NaCl crypto library (Bernstein–Lange–Schwabe). Which secrets still leak via data being processed? How can we defend crypto libraries against these leaks?

Daniel J. Bernstein (UIC, TU/e) and Tanja Lange (TU/e)

slide-7
SLIDE 7

Defending crypto libraries against side-channel attacks

Crypto libraries leak secrets through metadata. e.g. 2012 CRI DEMA attack against smartphones extracted secrets from timing of memory accesses. Countermeasure: Eliminate the metadata. No secret memory addresses, no secret branch conditions. e.g. NaCl crypto library (Bernstein–Lange–Schwabe). Which secrets still leak via data being processed? How can we defend crypto libraries against these leaks? News (Bernstein–Bekkers–Lange): successful EM extraction of secrets from constant-time software running on fast ARMs.

Daniel J. Bernstein (UIC, TU/e) and Tanja Lange (TU/e)

slide-8
SLIDE 8

SRAM data on fast ARM → EM → key recovery

Daniel J. Bernstein (UIC, TU/e) and Tanja Lange (TU/e)

slide-9
SLIDE 9

Arithmetic data on fast ARM → EM → key recovery

Daniel J. Bernstein (UIC, TU/e) and Tanja Lange (TU/e)