NDSS 2019: How to Unconditionally Establish a Secure Software Root of Trust π
Learn proven methods for establishing a reliable and unbreakable software root of trust, ensuring system integrity even in untrusted environments. Discover key insights from the NDSS 2019 session.
NDSS Symposium
647 views β’ Apr 2, 2019
About this video
SESSION 10-4 Establishing Software Root of Trust Unconditionally
Root-of-Trust (RoT) establishment ensures either that the state of an untrusted system contains all and only content chosen by a trusted local verifier and the system code begins execution in that state, or that the verifier discovers the existence of unaccounted for content. This ensures program booting into system states that are free of persistent malware. An adversary can no longer retain undetected control of one's local system.
We establish RoT {em unconditionally}; i.e., without secrets, trusted hardware modules and instructions, or bounds on the adversary's computational power. The specification of a system's chipset and device controllers, and an external source of true random numbers, such as a commercially available quantum RNG, is all that is needed. Our system specifications are those of a concrete Word Random Access Machine (cWRAM) model -- the closest computation model to a real system with a large instruction set.
We define the requirements for RoT establishment and explain their differences from past attestation protocols. Then we introduce a RoT establishment protocol based on a new computation primitive with concrete (non-asymptotic) optimal space-time bounds in adversarial evaluation on the cWRAM. The new primitive is a randomized polynomial, which has $k$-independent uniform coefficients in a prime order field. Its collision properties are stronger than those of a $k$-independent (almost) universal hash function in cWRAM evaluations, and are sufficient to prove existence of malware-free states before RoT is established. Preliminary measurements show that randomized-polynomial performance is practical on commodity hardware even for very large $k$.
To prove the concrete optimality of randomized polynomials, we present a result of independent complexity interest: a Horner-rule program is uniquely optimal whenever the cWRAM execution space and time are simultaneously minimized.
PAPER
https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_10-4_Gligor_paper.pdf
SLIDES
https://www.ndss-symposium.org/wp-content/uploads/ndss2019_10-4_Gligor_slides.pdf
AUTHORS
irgil D. Gligor (Carnegie Mellon University)
Maverick S. L. Woo (Carnegie Mellon University)
Network and Distributed System Security (NDSS) Symposium 2019, 24-27 February 2019, Catamaran Resort Hotel & Spa in San Diego, California.
https://www.ndss-symposium.org/ndss-program/ndss-symposium-2019-program/
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
https://www.ndss-symposium.org/
#NDSS #NDSS19 #NDSS2019 #InternetSecurity
Root-of-Trust (RoT) establishment ensures either that the state of an untrusted system contains all and only content chosen by a trusted local verifier and the system code begins execution in that state, or that the verifier discovers the existence of unaccounted for content. This ensures program booting into system states that are free of persistent malware. An adversary can no longer retain undetected control of one's local system.
We establish RoT {em unconditionally}; i.e., without secrets, trusted hardware modules and instructions, or bounds on the adversary's computational power. The specification of a system's chipset and device controllers, and an external source of true random numbers, such as a commercially available quantum RNG, is all that is needed. Our system specifications are those of a concrete Word Random Access Machine (cWRAM) model -- the closest computation model to a real system with a large instruction set.
We define the requirements for RoT establishment and explain their differences from past attestation protocols. Then we introduce a RoT establishment protocol based on a new computation primitive with concrete (non-asymptotic) optimal space-time bounds in adversarial evaluation on the cWRAM. The new primitive is a randomized polynomial, which has $k$-independent uniform coefficients in a prime order field. Its collision properties are stronger than those of a $k$-independent (almost) universal hash function in cWRAM evaluations, and are sufficient to prove existence of malware-free states before RoT is established. Preliminary measurements show that randomized-polynomial performance is practical on commodity hardware even for very large $k$.
To prove the concrete optimality of randomized polynomials, we present a result of independent complexity interest: a Horner-rule program is uniquely optimal whenever the cWRAM execution space and time are simultaneously minimized.
PAPER
https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_10-4_Gligor_paper.pdf
SLIDES
https://www.ndss-symposium.org/wp-content/uploads/ndss2019_10-4_Gligor_slides.pdf
AUTHORS
irgil D. Gligor (Carnegie Mellon University)
Maverick S. L. Woo (Carnegie Mellon University)
Network and Distributed System Security (NDSS) Symposium 2019, 24-27 February 2019, Catamaran Resort Hotel & Spa in San Diego, California.
https://www.ndss-symposium.org/ndss-program/ndss-symposium-2019-program/
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
https://www.ndss-symposium.org/
#NDSS #NDSS19 #NDSS2019 #InternetSecurity
Tags and Topics
Browse our collection to discover more content in these categories.
Video Information
Views
647
Likes
7
Duration
28:59
Published
Apr 2, 2019
Related Trending Topics
LIVE TRENDSRelated trending topics. Click any trend to explore more videos.