Quantifying Information Flow for Dynamic Secrets

Mardziel, Piotr; Alvim, Mário S.; Hicks, Michael; Clarkson, Michael R.

doi:10.1109/sp.2014.41

Cited by 44 publications

(42 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Notable exceptions are the works [4,8,21], which consider attackers who interact with and influence the system, possibly in an adaptive way, with the purpose of maximizing the leakage of information.…”

Section: Example 2 (Dining Cryptographers)mentioning

confidence: 99%

“…Boreale and Pampaloni [8] consider adaptive attackers, but not adaptive defenders, and show that in this case the adversary's optimal strategy can be always deterministic. Mardziel et al [21] propose a model for both adaptive attackers and defenders, but in none of their extensive case-studies the attacker needs a probabilistic strategy to maximize leakage. In this paper we characterize when randomization is necessary, for either attacker or defender, to achieve optimality in our general information leakage games.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Leakage and Protocol Composition in a Game-Theoretic Perspective

Alvim

Chatzikokolakis

Kawamoto

et al. 2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. In the inference attacks studied in Quantitative Information Flow (QIF), the adversary typically tries to interfere with the system in the attempt to increase its leakage of secret information. The defender, on the other hand, typically tries to decrease leakage by introducing some controlled noise. This noise introduction can be modeled as a type of protocol composition, i.e., a probabilistic choice among different protocols, and its effect on the amount of leakage depends heavily on whether or not this choice is visible to the adversary. In this work we consider operators for modeling visible and invisible choice in protocol composition, and we study their algebraic properties. We then formalize the interplay between defender and adversary in a game-theoretic framework adapted to the specific issues of QIF, where the payoff is information leakage. We consider various kinds of leakage games, depending on whether players act simultaneously or sequentially, and on whether or not the choices of the defender are visible to the adversary. Finally, we establish a hierarchy of these games in terms of their information leakage, and provide methods for finding optimal strategies (at the points of equilibrium) for both attacker and defender in the various cases.

show abstract

Section: Example 2 (Dining Cryptographers)mentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Leakage and Protocol Composition in a Game-Theoretic Perspective

Alvim

Chatzikokolakis

Kawamoto

et al. 2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…In [8] adaptive adversaries are analyzed, however, no cost structure is considered. More general models are in Mardziel et al's [23] and [24]. The model in [23] generalizes the classical model in several respects, in particular the defender is allowed to dynamically replace the current secret with a new one, and can adaptively submit inputs to the system, based on feedback from past outputs.…”

Section: Conclusion and Related Workmentioning

confidence: 99%

“…More general models are in Mardziel et al's [23] and [24]. The model in [23] generalizes the classical model in several respects, in particular the defender is allowed to dynamically replace the current secret with a new one, and can adaptively submit inputs to the system, based on feedback from past outputs. [24] enriches this model one step further, by neatly distinguishing the defender loss from the adversary's gain when quantifying leakage.…”

Section: Conclusion and Related Workmentioning

confidence: 99%

Searching secrets rationally

Boreale

Corradi

2016

International Journal of Approximate Reasoning

View full text Add to dashboard Cite

“…Mardziel et al [72] consider information-flow in dynamic systems, where defender and adversary can interact. Their focus is on secrets that are dynamically changing, whereas our approach specifically considers the aggregation of information about longterm secrets, such as secret keys.…”

Section: Related Work Quantitative Information Flow Analysismentioning

confidence: 99%

Tools for the Evaluation and Choice of Countermeasures against Side-Channel Attacks

Doychev¹

View full text Add to dashboard Cite

Side-channel attacks have been successful in breaking cryptographic protections of systems, by using secret-dependent variations of non-functional properties such as timing or traffic volume. Countermeasures against side-channel attacks usually attempt to eliminate or reduce these variations, which may lead to performance penalties such as increases in the running time of programs, or in the traffic volume they induce. This thesis investigates the trade-off between the security of side-channel countermeasures, and their cost in terms of performance penalties. For this, we seek rigorous answers to two research questions:Q1: How to choose a balance between the security guarantees and the performance penalties of side-channel countermeasures? Q2: How to measure the security of side-channel countermeasures on practical systems? This thesis develops tools that enable the security quantification and the choice of practical countermeasures against side-channel attacks. These tools include the necessary formal models, as well as algorithms and software tools to allow the automatic evaluation of practical systems.In addressing Q1, we develop the first systematic approach for choosing side-channel countermeasures. We do this in a game-theoretic model, where a defender chooses a protection against an adversary who performs an attack. We apply this approach for reasoning about countermeasures against timing attacks, i.e., attacks where an adversary can exploit secret-dependent execution time of programs. We identify cases where leaky countermeasures are preferable to leak-free, constant-time implementations, as they offer better performance without sacrificing security.In addressing Q2, we develop the first tools for the automatic formal quantification of the security of side-channel countermeasures in practical systems. We do this for two types of attacks: cache attacks, where an adversary exploits secret-dependent timing differences due to the use of the CPU cache, and web-traffic attacks, where an adversary exploits secret-dependent differences in the volume of encrypted traffic.To capture cache attacks, we develop the tool CacheAudit, which performs static analysis of x86 binaries, and quantifies their security with respect to cache adversaries. Using CacheAudit, we analyze implementations of AES from the PolarSSL library, as well as of the finalists of the eSTREAM stream cipher competition, and we reason about the effects of architectural features such as cache size and replacement policy to side-channel leakage. Furthermore, we devise novel techniques that provide support for bit-level and symbolic reasoning about pointers in the presence of dynamic memory allocation, which we apply for reasoning about the effectiveness of several widely deployed side-channel countermeasures from the libgcrypt and OpenSSL libraries.To capture web-traffic attacks, we develop scalable algorithms that enable the formal quantification of web-traffic leakage, as well as the generating of provable protections. We apply these algorit...

show abstract

Quantifying Information Flow for Dynamic Secrets

Cited by 44 publications

References 37 publications

Leakage and Protocol Composition in a Game-Theoretic Perspective

Leakage and Protocol Composition in a Game-Theoretic Perspective

Searching secrets rationally

Tools for the Evaluation and Choice of Countermeasures against Side-Channel Attacks

Contact Info

Product

Resources

About