Papers
Topics
Authors
Recent
Search
2000 character limit reached

Software-Based Memory Erasure with relaxed isolation requirements: Extended Version

Published 12 Jan 2024 in cs.CR | (2401.06626v1)

Abstract: A Proof of Secure Erasure (PoSE) is a communication protocol where a verifier seeks evidence that a prover has erased its memory within the time frame of the protocol execution. Designers of PoSE protocols have long been aware that, if a prover can outsource the computation of the memory erasure proof to another device, then their protocols are trivially defeated. As a result, most software-based PoSE protocols in the literature assume that provers are isolated during the protocol execution, that is, provers cannot receive help from a network adversary. Our main contribution is to show that this assumption is not necessary. We introduce formal models for PoSE protocols playing against provers aided by external conspirators and develop three PoSE protocols that we prove secure in this context. We reduce the requirement of isolation to the more realistic requirement that the communication with the external conspirator is relatively slow. Software-based protocols with such relaxed isolation assumptions are especially pertinent for low-end devices, where it is too costly to deploy sophisticated protection methods.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (44)
  1. “Secure, Accurate, and Practical Narrow-Band Ranging System” In IACR Transactions on Cryptographic Hardware and Embedded Systems, 2021
  2. Joël Alwen, Jeremiah Blocki and Ben Harsha “Practical Graphs for Optimal Side-Channel Resistant Memory-Hard Functions” In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017, pp. 1001–1017
  3. Joël Alwen, Jeremiah Blocki and Krzysztof Pietrzak “Depth-Robust Graphs and Their Cumulative Memory Complexity” In Annual International Conference on the Theory and Applications of Cryptographic Techniques Springer, 2017, pp. 3–32
  4. Joël Alwen, Jeremiah Blocki and Krzysztof Pietrzak “Sustained Space Complexity” In Annual International Conference on the Theory and Applications of Cryptographic Techniques Springer, 2018, pp. 99–130
  5. “On the Complexity of Scrypt and Proofs of Space in the Parallel Random Oracle Model” In Annual International Conference on the Theory and Applications of Cryptographic Techniques Springer, 2016, pp. 358–387
  6. “Scrypt Is Maximally Memory-Hard” In Annual International Conference on the Theory and Applications of Cryptographic Techniques Springer, 2017, pp. 33–62
  7. Mahmoud Ammar, Bruno Crispo and Gene Tsudik “Simple: A Remote Attestation Approach for Resource Constrained Iot Devices” In 2020 ACM/IEEE 11th International Conference on Cyber-Physical Systems (ICCPS) IEEE, 2020, pp. 247–258
  8. “Speed: Secure Provable Erasure for Class-1 Iot Devices” In Eighth ACM Conference on Data and Application Security and Privacy, 2018, pp. 111–118
  9. Sigurd Frej Joel Jørgensen Ankergaard, Edlira Dushku and Nicola Dragoni “State-of-the-Art Software-Based Remote Attestation: Opportunities and Open Issues for Internet of Things” In Sensors 21.5 Multidisciplinary Digital Publishing Institute, 2021, pp. 1598
  10. “A Security Framework for the Analysis and Design of Software Attestation” In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, 2013, pp. 1–12
  11. “Proofs of Space: When Space Is of the Essence” In International Conference on Security and Cryptography for Networks Springer, 2014, pp. 538–557
  12. “Random Oracles Are Practical: A Paradigm for Designing Efficient Protocols” In Proceedings of the 1st ACM Conference on Computer and Communications Security, 1993, pp. 62–73
  13. “A New Connection Between Node and Edge Depth Robust Graphs” In 12th Innovations in Theoretical Computer Science Conference (ITCS 2021), 2021 Schloss Dagstuhl-Leibniz-Zentrum für Informatik
  14. “Security Analysis and Implementation of Relay-Resistant Contactless Payments” In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, 2020, pp. 879–898
  15. “Software-Based Memory Erasure with Relaxed Isolation Requirements” In Proc. 37th IEEE Computer Security Foundations Symposium (CSF’24), 2024, pp. to appear
  16. “On the Difficulty of Software-Based Attestation of Embedded Devices” In Proceedings of the 16th ACM Conference on Computer and Communications Security, 2009, pp. 400–409
  17. “Covering Codes” Elsevier, 1997
  18. “Evexchange: A Relay Attack on Electric Vehicle Charging System” In Computer Security–ESORICS 2022: 27th European Symposium on Research in Computer Security, Copenhagen, Denmark, September 26–30, 2022, Proceedings, Part I Springer, 2022, pp. 488–508
  19. Anindya De, Luca Trevisan and Madhur Tulsiani “Time Space Tradeoffs for Attacks against One-Way Functions and PRGs” In Annual Cryptology Conference Springer, 2010, pp. 649–665
  20. Cynthia Dwork, Moni Naor and Hoeteck Wee “Pebbling and Proofs of Work” In Annual International Cryptology Conference Springer, 2005, pp. 37–54
  21. “Proofs of Space” In Annual Cryptology Conference Springer, 2015, pp. 585–605
  22. Stefan Dziembowski, Tomasz Kazana and Daniel Wichs “One-Time Computable Self-Erasing Functions” In Theory of Cryptography Conference Springer, 2011, pp. 125–143
  23. E.M.V. EMVCo “Contactless Specifications for Payment Systems” In Book C-2, Kernel 2, 2021
  24. Paul Erdos, Ronald L. Graham and Endre Szemerédi “On Sparse Graphs with Dense Long Paths” In Comp. and Math. with Appl 1, 1975, pp. 145–161
  25. “Is Eve Nearby? Analysing Protocols under the Distant-Attacker Assumption” In IEEE Computer Security Foundations Symposium, August 7-10, 2022, Haifa, Israel, 2022 DOI: 10.1109/CSF54842.2022.9919655
  26. Peter Gutmann “Secure Deletion of Data from Magnetic and Solid-State Memory” In 6th USENIX Security Symposium (USENIX Security 96) San Jose, CA: USENIX Association, 1996 URL: https://www.usenix.org/conference/6th-usenix-security-symposium/secure-deletion-data-magnetic-and-solid-state-memory
  27. Ghassan O. Karame and Wenting Li “Secure Erasure and Code Update in Legacy Sensors” In International Conference on Trust and Trustworthy Computing Springer, 2015, pp. 283–299
  28. Nikolaos P. Karvelas and Aggelos Kiayias “Efficient Proofs of Secure Erasure” In International Conference on Security and Cryptography for Networks Springer, 2014, pp. 520–537
  29. “Remote Attestation to Dynamic System Properties: Towards Providing Complete System Integrity Evidence” In IEEE/IFIP International Conference on Dependable Systems & Networks, 2009
  30. Dénes Konig “Graphs and Matrices” In Matematikai és Fizikai Lapok 38, 1931, pp. 116–119
  31. “A Survey of Remote Attestation in Internet of Things: Attacks, Countermeasures, and Prospects” In Computers & Security 112 Elsevier, 2022, pp. 102498
  32. “Disproving the Conjectures from “On the Complexity of Scrypt and Proofs of Space in the Parallel Random Oracle Model”” In International Conference on Information Theoretic Security Springer, 2017, pp. 26–38
  33. “IoT: Internet of Threats? A Survey of Practical Security Vulnerabilities in Real IoT Devices” In IEEE Internet of Things Journal 6.5 IEEE, 2019, pp. 8182–8201
  34. Lily Hay Newman “An Elaborate Hack Shows How Much Damage IoT Bugs Can Do”, https://www.wired.com/story/elaborate-hack-shows-damage-iot-bugs-can-do/, 2010
  35. Bryan Parno, Jonathan M. McCune and Adrian Perrig “Bootstrapping Trust in Commodity Computers” In IEEE Symposium on Security and Privacy IEEE, 2010
  36. Wolfgang J. Paul, Robert Endre Tarjan and James R. Celoni “Space Bounds for a Game on Graphs” In Mathematical systems theory 10.1 Springer, 1976, pp. 239–251
  37. “Secure Code Update for Embedded Devices via Proofs of Secure Erasure” In European Symposium on Research in Computer Security Springer, 2010, pp. 643–662
  38. Krzysztof Pietrzak “Proofs of Catalytic Space” In 10th Innovations in Theoretical Computer Science Conference, ITCS 2019, January 10-12, 2019, San Diego, California, USA 124, LIPIcs Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2019, pp. 59:1–59:25 DOI: 10.4230/LIPIcs.ITCS.2019.59
  39. “Practical EMV Relay Protection” In 2022 IEEE Symposium on Security and Privacy (SP) IEEE, 2022, pp. 1737–1756
  40. Kasper Bonne Rasmussen and Srdjan Capkun “Realization of RF Distance Bounding.” In USENIX Security Symposium, 2010, pp. 389–402
  41. Georg Schnitger “On Depth-Reduction and Grates” In 24th Annual Symposium on Foundations of Computer Science (Sfcs 1983) IEEE, 1983, pp. 323–328
  42. “SWATT: Software-based Attestation for Embedded Devices” In IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004 IEEE, 2004, pp. 272–282
  43. Rolando Trujillo-Rasua “Secure Memory Erasure in the Presence of Man-in-the-Middle Attackers” In Journal of Information Security and Applications 57, 2019, pp. 102730
  44. Dominique Unruh “Random Oracles and Auxiliary Input” In Annual International Cryptology Conference Springer, 2007, pp. 205–223

Summary

No one has generated a summary of this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Sign Up to Summarize

Paper to Video (Beta)

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Sign Up to Generate

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Continue Learning

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up