Abstract
Erasable memory is an important resource for designing practical cryptographic protocols that are secure against adaptive attacks. Many practical memory devices such as solid state drives, hard disks, or file systems are not perfectly erasable because a deletion operation leaves traces of the deleted data in the system. A number of methods for constructing a large erasable memory from a small one, e.g., using encryption, have been proposed. Despite the importance of erasable memory in cryptography, no formal model has been proposed that allows one to formally analyse such memory constructions or cryptographic protocols relying on erasable memory.
The contribution of this paper is three-fold. First, we provide a formal model of erasable memory. A memory device allows a user to store, retrieve, and delete data, and it is characterised by a leakage function defining the extent to which erased data is still accessible to an adversary.
Second, we investigate how the erasability of such memories can be amplified. We provide a number of constructions of memories with strong erasability guarantees from memories with weaker guarantees. One of these constructions of perfectly erasable memories from imperfectly erasable ones can be considered as the prototypical application of Canetti et al.’s All-or-Nothing Transform (AoNT). Motivated by this construction, we propose some new and better AoNTs that are either perfectly or computationally secure. These AoNTs are of possible independent interest.
Third, we show (in the constructive cryptography framework) how the construction of erasable memory and its use in cryptographic protocols (for example to achieve adaptive security) can naturally be composed to obtain provable security of the overall protocol.
The first and second author were supported by the European Commission through the Seventh Framework Programme under the ERC grant #321310 (PERCY) and the third author was supported by the Zurich Information Security & Privacy Center (ZISC).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
In this paper, we chose to consider monotone \(\rho \)’s. We chose to model the memory resource in such a way that it only responds on the same interface it was activated, hence it is not possible for the adversary to be notified of an event that causes the memory to become readable. To simplify the modelling of simulators, we consider the adversary to be eager and trying to read the memory as soon as possible and then placing the resulting data in an “intermediate buffer” that can then be collected through the Eve-interface at a later point.
References
Bernstein, D.J.: Cache-timing attacks on AES. Manuscript, April 2005. https://cr.yp.to/antiforgery/cachetiming-20050414.pdf
Camenisch, J., Chandran, N., Shoup, V.: A public key encryption scheme secure against key dependent chosen plaintext and adaptive chosen ciphertext attacks. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 351–368. Springer, Heidelberg (2009)
Canetti, R., Dodis, Y., Halevi, S., Kushilevitz, E., Sahai, A.: Exposure-resilient functions and all-or-nothing transforms. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 453–469. Springer, Heidelberg (2000)
Canetti, R., Eiger, D., Goldwasser, S., Lim, D.-Y.: How to protect yourself without perfect shredding. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008, Part II. LNCS, vol. 5126, pp. 511–523. Springer, Heidelberg (2008)
Canetti, R., Eiger, D., Goldwasser, S., Lim, D.-Y.: How to protect yourself without perfect shredding. Cryptology ePrint Archive, Report 2008/291 (2008)
Di Crescenzo, G., Ferguson, N., Impagliazzo, R., Jakobsson, M.: How to forget a secret. In: Meinel, C., Tison, S. (eds.) STACS 1999. LNCS, vol. 1563, pp. 500–509. Springer, Heidelberg (1999)
Franklin, M.K., Yung, M.: Communication complexity of secure computation (extended abstract). In: 24th ACM STOC, pp. 699–710. ACM Press, May 1992
Gaži, P., Maurer, U., Tackmann, B.: Manuscript. (available from the authors)
Gutmann, P.: Secure deletion of data from magnetic and solid-state memory. In: Proceedings of the Sixth USENIX Security Symposium, vol. 14, San Jose, CA (1996)
Hazay, C., Lindell, Y., Patra, A.: Adaptively secure computation with partial erasures. Cryptology ePrint Archive, Report 2015/450 (2015)
Jarecki, S., Lysyanskaya, A.: Adaptively secure threshold cryptography: introducing concurrency, removing erasures (extended abstract). In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 221–242. Springer, Heidelberg (2000)
Katz, J., Lindell, Y.: Introduction to Modern Cryptography. CRC Press, Boca Raton (2015)
Lim, D.-Y.: The paradigm of partial erasures. Ph.D. thesis, Massachusetts Institute of Technology (2008)
Maurer, U.: Constructive cryptography – a new paradigm for security definitions and proofs. In: Mödersheim, S., Palamidessi, C. (eds.) TOSCA 2011. LNCS, vol. 6993, pp. 33–56. Springer, Heidelberg (2012)
Maurer, U., Renner, R.: Abstract cryptography. In: ICS 2011, pp. 1–21. Tsinghua University Press, January 2011
Plotkin, M.: Binary codes with specified minimum distance. IRE Trans. Inf. Theor. 6(4), 445–450 (1960)
Reardon, J., Basin, D.A., Capkun, S.: SoK: secure data deletion. In: 2013 IEEE Symposium on Security and Privacy, pp. 301–315. IEEE Computer Society Press, May 2013
Reardon, J., Capkun, S., Basin, D.: Data node encrypted file system: efficient secure deletion for flashmemory. In: Proceedings of the 21st USENIX Conference on Security Symposium, pp. 17–17. USENIX Association (2012)
Reardon, J., Ritzdorf, H., Basin, D.A., Capkun, S.: Secure data deletion from persistent media. In: ACM CCS 2013, pp. 271–284. ACM Press, November 2013
Yee, B.: Using secure coprocessors. Ph.D. thesis, CMU (1994)
Yee, B., Tygar, J.D.: Secure coprocessors in electronic commerce applications. In: Proceedings of The First USENIX Workshop on Electronic Commerce, New York (1995)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Camenisch, J., Enderlein, R.R., Maurer, U. (2016). Memory Erasability Amplification. In: Zikas, V., De Prisco, R. (eds) Security and Cryptography for Networks. SCN 2016. Lecture Notes in Computer Science(), vol 9841. Springer, Cham. https://doi.org/10.1007/978-3-319-44618-9_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-44618-9_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-44617-2
Online ISBN: 978-3-319-44618-9
eBook Packages: Computer ScienceComputer Science (R0)