Advertisement

Strong Leakage Resilient Encryption by Hiding Partial Ciphertext

  • Jia XuEmail author
  • Jianying Zhou
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11605)

Abstract

Leakage-resilient encryption is a powerful tool to protect data confidentiality against side channel attacks. In this work, we introduce a new and strong leakage setting to counter backdoor (or Trojan horse) plus covert channel attack, by relaxing the restrictions on leakage. We allow bounded leakage at anytime and anywhere and over anything. Our leakage threshold (e.g. 10000 bits) could be much larger than typical secret key (e.g. AES key or RSA private key) size. Under such a strong leakage setting, we propose an efficient encryption scheme which is semantic secure in standard setting (i.e. without leakage) and can tolerate strong continuous leakage. We manage to construct such a secure scheme under strong leakage setting, by hiding partial (e.g. 1%) ciphertext as secure as we hide the secret key using a small amount of more secure hardware resource, so that it is almost equally difficult for any adversary to steal information regarding this well-protected partial ciphertext or the secret key. We remark that, the size of such well-protected small portion of ciphertext is chosen to be much larger than the leakage threshold. We provide concrete and practical examples of such more secure hardware resource for data communication and data storage. Furthermore, we also introduce a new notion of computational entropy, as a sort of computational version of Kolmogorov complexity. Our quantitative analysis shows that, hiding partial ciphertext is a powerful countermeasure, which enables us to achieve higher security level than existing approaches in case of backdoor plus covert channel attacks. We also show the relationship between our new notion of computational entropy and existing relevant concepts, including All-or-Nothing Transform and Exposure Resilient Function. This new computation entropy formulation may have independent interests.

Keywords

Leakage resilient encryption Secret sharing Information dispersal algorithm Information-theoretic security Side channel attack Covert channel attack Subliminal channel Kolmogorov complexity 

Notes

Acknowledgment

The first author is supported by the National Research Foundation, Prime Minister’s Office, Singapore under its Corporate Laboratory@University Scheme, National University of Singapore, and Singapore Telecommunications Ltd. The second author is supported by the National Research Foundation (NRF), Prime Minister’s Office, Singapore, under its National Cybersecurity R&D Programme (Award No. NRF2014NCR-NCR001-31) and administered by the National Cybersecurity R&D Directorate.

References

  1. 1.
    Abdalla, M., Belaïd, S., Fouque, P.A.: Leakage-resilient symmetric encryption via re-keying. In: Proceedings of the 15th International Conference on Cryptographic Hardware and Embedded Systems, CHES 2013, pp. 471–488 (2013)CrossRefGoogle Scholar
  2. 2.
    Alwen, J., Dodis, Y., Wichs, D.: Leakage-resilient public-key cryptography in the bounded-retrieval model. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 36–54. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-03356-8_3 CrossRefzbMATHGoogle Scholar
  3. 3.
    Alwen, J., Dodis, Y., Wichs, D.: Survey: leakage resilience and the bounded retrieval model. In: Proceedings of the 4th International Conference on Information Theoretic Security, ICITS 2009, pp. 1–18 (2010)Google Scholar
  4. 4.
    Kolmogorov, A.N.: On tables of random numbers. Theor. Comput. Sci. 207, 387–395 (1998)MathSciNetCrossRefGoogle Scholar
  5. 5.
    Barak, B., et al.: On the (im)possibility of obfuscating programs. J. ACM 59(2), 6:1–6:48 (2012)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Barwell, G., Martin, D.P., Oswald, E., Stam, M.: Authenticated encryption in the face of protocol and side channel leakage. Cryptology ePrint Archive, Report 2017/068 (2017). https://eprint.iacr.org/2017/068
  7. 7.
    Barwell, G., Martin, D.P., Oswald, E., Stam, M.: Authenticated encryption in the face of protocol and side channel leakage. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 693–723. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-70694-8_24CrossRefzbMATHGoogle Scholar
  8. 8.
    Ben Othman, J., Mokdad, L.: Enhancing data security in ad hoc networks based on multipath routing. J. Parallel Distrib. Comput. 70, 309–316 (2010)CrossRefGoogle Scholar
  9. 9.
    Bronchain, O., Dassy, L., Faust, S., Standaert, F.X.: Implementing Trojan-resilient hardware from (mostly) untrusted components designed by colluding manufacturers. In: Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security, ASHES 2018, pp. 1–10. ACM, New York (2018).  https://doi.org/10.1145/3266444.3266447
  10. 10.
    Canetti, R., Dodis, Y., Halevi, S., Kushilevitz, E., Sahai, A.: Exposure-resilient functions and all-or-nothing transforms. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 453–469. Springer, Heidelberg (2000).  https://doi.org/10.1007/3-540-45539-6_33CrossRefGoogle Scholar
  11. 11.
    Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard (2002)Google Scholar
  12. 12.
    Apon, D., Huang, Y., Katz, J., Malozemoff, A.J.: Implementing cryptographic program obfuscation. Cryptology ePrint Archive, Report 2014/779 (2014). https://eprint.iacr.org/2014/779
  13. 13.
    Di Crescenzo, G., Lipton, R., Walfish, S.: Perfectly secure password protocols in the bounded retrieval model. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 225–244. Springer, Heidelberg (2006).  https://doi.org/10.1007/11681878_12CrossRefGoogle Scholar
  14. 14.
    Dodis, Y., Haralambiev, K., López-Alt, A., Wichs, D.: Efficient public-key cryptography in the presence of key leakage. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 613–631. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-17373-8_35CrossRefzbMATHGoogle Scholar
  15. 15.
    Dziembowski, S.: Intrusion-resilience via the bounded-storage model. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 207–224. Springer, Heidelberg (2006).  https://doi.org/10.1007/11681878_11CrossRefGoogle Scholar
  16. 16.
    Dziembowski, S., Faust, S., Standaert, F.X.: Private circuits III: hardware Trojan-resilience via testing amplification. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 142–153. ACM, New York (2016).  https://doi.org/10.1145/2976749.2978419
  17. 17.
    Dziembowski, S., Pietrzak, K.: Leakage-resilient cryptography. In: Proceedings of the 2008 49th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2008, pp. 293–302, IEEE Computer Society, Washington, DC, USA (2008).  https://doi.org/10.1109/FOCS.2008.56
  18. 18.
    Goldwasser, S., Kalai, Y.T.: On the impossibility of obfuscation with auxiliary input. In: Proceedings of the 46th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2005, pp. 553–562 (2005)Google Scholar
  19. 19.
    HÅsstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999)MathSciNetCrossRefGoogle Scholar
  20. 20.
    Krawczyk, H.: Secret sharing made short. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 136–146. Springer, Heidelberg (1994).  https://doi.org/10.1007/3-540-48329-2_12CrossRefGoogle Scholar
  21. 21.
    McEliece, R.J., Sarwate, D.V.: On sharing secrets and Reed-Solomon codes. Commun. ACM 24(9), 583–584 (1981)MathSciNetCrossRefGoogle Scholar
  22. 22.
    Micali, S., Reyzin, L.: Physically observable cryptography. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 278–296. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24638-1_16CrossRefzbMATHGoogle Scholar
  23. 23.
    Pereira, O., Standaert, F.X., Vivek, S.: Leakage-resilient authentication and encryption from symmetric cryptographic primitives. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015, pp. 96–108 (2015)Google Scholar
  24. 24.
    Rabin, M.O.: Efficient dispersal of information for security, load balancing, and fault tolerance. J. ACM 36(2), 335–348 (1989).  https://doi.org/10.1145/62044.62050MathSciNetCrossRefzbMATHGoogle Scholar
  25. 25.
    Rivest, R.L.: All-or-nothing encryption and the package transform. In: Proceedings of the 4th International Workshop on Fast Software Encryption, FSE 1997, pp. 210–218 (1997)CrossRefGoogle Scholar
  26. 26.
    Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)MathSciNetCrossRefGoogle Scholar
  27. 27.
    Standaert, F.-X., Pereira, O., Yu, Y.: Leakage-resilient symmetric cryptography under empirically verifiable assumptions. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 335–352. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40041-4_19CrossRefGoogle Scholar
  28. 28.
    Xu, J., Zhou, J.: Strong leakage resilient encryption by hiding partial ciphertext. Cryptology ePrint Archive, Report 2018/846 (2018). https://eprint.iacr.org/2018/846
  29. 29.
    Xu, J., Zhou, J.: Virtually isolated network: a hybrid network to achieve high level security. In: Data and Applications Security and Privacy XXXII, DBSec 2018, pp. 299–311 (2018)Google Scholar
  30. 30.
    Yao, A.C.C.: Theory and applications of trapdoor functions. In: Proceedings of 23rd Annual Symposium on Foundations of Computer Science, EUROCRYPT 2007, pp. 80–91 (1982)Google Scholar
  31. 31.
    Yu, Y., Standaert, F.X., Pereira, O., Yung, M.: Practical leakage-resilient pseudorandom generators. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, pp. 141–151. ACM, New York (2010).  https://doi.org/10.1145/1866307.1866324

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Singtel/TrustwaveSingaporeSingapore
  2. 2.Singapore University of Technology and DesignSingaporeSingapore

Personalised recommendations