Upload
phungngoc
View
213
Download
0
Embed Size (px)
Citation preview
1
WS 2016/2017 – 3CP
Prof. Stefan Katzenbeisser / Security Engineering Group
Privacy-Enhancing Technologies
Practical Projects
Organization:
Niklas Büscher, room S4|14 – 4.2.21
2
Pratical Projects - Overview
Goal: Hands-on work in research topics on privacy in the SecEng group
Organization:
• Form groups of four by November 20th
• Inform Niklas Buescher via mail about
• group members
• 5 preferred topics in order
• (one mail per group, members in CC)
• After you received an email about your assignment, get in contact with your topic
supervisor to organize a meeting
Hints:
• Unfortunately, we cannot guarantee topics by preference
• If you cannot find a group (or enough members), please also register via mail. We will
form (fill up) groups with the remaining students
[…]
wir haben uns zu folgender Gruppe
zusammengefunden:
* Max Mustermann, [email protected]
* Sabine Musterfrau, [email protected]
* Donald Trumpf, [email protected]
* Hillarious Klinton, [email protected]
Unsere 5 Wunschthemen sind:
T5,T1,T3,T7,T9
[…]
3
Overview
Topic 1: What is the cost of confidentiality? (Markus Heinrich)
Topic 2: Crypto Performance Analysis (Florian Kohnhäuser)
Topic 3: Physical Unclonable Functions (Nikolaos Anagnostopoulos, eng.)
Topic 4: Implementation of Flash-based PUFs (André Schaller)
Topic 5: Interactive Framework for Differential Privacy (Spyros Boukoros, eng.)
Topic 6: Privacy Metrics and Attacks (Spyros Boukoros, eng.)
Topic 7: Privacy-preserving „German tax income algorithm“ (Niklas Buescher)
Topic 8: Side-Channel Attacks on the GPU (Nikolay Matyunin, eng.)
Topic 9: Electromagnetic Covert Channel using the GPU (Nikolay Matyunin, eng.)
Topic 10: Multithreading in OpenSSL (Nikolaos Karvelas)
Topic 11: Post-Quantum Secure Oblivious RAM (Nikolaos Karvelas)
4
Topic 1 (Markus Heinrich):
What is the cost of confidentiality?
How do digital signatures and encryption influence the
transmission of messages?
• Research how to evaluate cryptographic algorithms.
• Define the metrics to investigate (e.g. processing time).
• Develop an evaluation framework that can…
• … run different algorithms.
• … run on different hardware platforms.
• … exploit external conditions (e.g. strong sender, weak receiver).
• Summarize and present your results.
5
Topic 2 (Florian Kohnhäuser)
Crypto Performance Analysis for Emergency Communication
with Mobile Devices
• Mobile devices (smartphones, laptops, etc.) connected in ad-hoc networks
provide a great potential to facilitate emergency communication
• Classified or privacy-critical data (e.g., building plans or health data) need to be
cryptographically secured in the emergency use case
• Crypto energy-consumption critical: battery life should be as long as possible
• Crypto runtime critical: feasible to encrypt and/or sign all transmitted data?
Tasks:
(1) Requirement Analysis: appropriate crypto solutions for emergency use case
(2) Implementation: Android smartphones; some experiments are already existing
(3) Evaluation: energy-consumption and runtime of cryptographic algorithms
6
Topic 3 (Nikolaos Anagnostopoulos)
Phyisical Unclonable Functions (PUFs)
SRAM block
(array of SRAM cells)
challenge: memory address
response: memory content
PUFs are based on unique characteristics of hardware
modules, which can be used in order to construct a key (or
in general, a token for cryptographic applications).
To this end, we use as PUF characteristics the initial values
or the decay characteristics of SRAM and/or DRAM cells of
commodity off-the-shelf devices. Such hardware is also
commonly used in IoT device implementations.
In other words, we produce cryptographic keys using IoT
hardware.
7
(T3) Logically reconfigurable PUFs
PUF output: 1010101111010101
We can use logical algorithms to diversify the end responses of PUFs while using
the same PUF output.
The reconfiguration can be as simple as an XOR operation between the
(re)configuration bitstring and the PUF’s output.
Reconfiguring a PUF can increase its security.
A potential use case could be the production of PUF-based session keys.
Reconfiguration
Configuration A → Configuration B
1010100100100101 → 1001010110100110
Reconfiguration
Response A = (PUF output) XOR (Configuration A)
Response A: 0000001011110000
Response B = (PUF output) XOR (Configuration B)
Response B: 0011111001110011
8
(T3) Data Remanence and PUFs
Memory-based PUFs are implemented on Static and Dynamic RAM (SRAM and
DRAM).
SRAM and DRAM exhibit data remanence, which means that data stored on them
remain (for some time) even after the power supply to them has been cut.
This phenomenon can be seen both as a vulnerability of such PUFs and as a feature
which can be utilised for the creation of novel PUFs.
Relevant attacks can be based both on the decay of data and on their extended
remanence.
However, the same phenomenon can be used for timekeeping purposes or as a
characteristic that is unique per device and can thus be used to implement a new
category of PUFs.
Task: Various implementations and evaluations for the aforementioned PUF types
Requirements/Nice-to-have: Low-level programming skills (C, ASM, etc.)
9
Topic 4 (André Schaller)
Implementation of Flash-based PUFs
Project Idea:
• Physically Unclonable Functions are used to extract unique identifiers based on
the physical characteristics of the underlying hardware component
• Different hardware components have been proposed to be used in order to
extract a PUF instance (SRAM, DRAM, Flash)
• Implement a Flash-based PUF on commodity devices (PandaBoard, TI
Stellaris, BeagleBone, …)
10
(T4) Implementation of Flash-based PUFs
Approach:
• based on existing work in the literature on Flash-based PUFs, different
approaches will be implement to get a first proof-of-concept
• in a next step, the implementation will be modified to optimize the PUF w.r.t. to
the underlying hardware and meet additional security requirements
• evaluation of the PUF
Requirements:
• c programming experience
• embedded programming experience
• working with technical reference manuals
Nice to have:
• ASM programming experience
• ARM-programming experience
11
Topic 5 & 6 (Spyros Boukoros, eng.):
Differential Privacy
Add ‘calibrated’ noise to the output of a query
Hide the presence of any individual
Preserve utility
The process depends only on the:
Dataset
Query
Privacy budget ε
Various mechanisms for selecting the noise
Laplacian, Exponential etc..
12
(T5) Differential Privacy
Implementation Interactive Framework
Implement an interactive differential privacy mechanism
Ideally in Python using PostrgreSQL
Users can query a database
Your framework `sits’ in front of the database protecting it
For every query, calculates the sensitivity
Checks the privacy budget ε
Returns the result with noise
Possible directions:
Perform noise addition using various mechanisms
Implement personalized differential privacy
13
(T6) Privacy Metrics and Attacks
Overview
Metrics that measure a user’s privacy in a database can be categorized in:
Similarity measures
Entropy
Attacker’s estimation error
Etc..
De – anonymization attacks use auxiliary information
Aux. info is collected from other datasets or directly from the individuals
Try to match aux. info to entries in the dataset
14
(T6) Privacy Metrics and Attacks
Implementation
(G)UI that a user can select a metric or an attack
Various metrics will be discussed at the initial meeting
Python
The metric will be calculated on an existing dataset
Metrics and attacks can be parameterized
Possible Directions:
Graphs for each metric
Comparison of metrics
15
Topic 7 (Niklas Buescher)
Introduction - Secure Multi-party Computation
ff(x,y)
x
f(x,y)
y
Privacy-preserving fingerprint matching between mobile and server
?
protocol
16
(T7) Implementation of the
“German income tax algorithm”
Goal: Implementation of a privacy-friendly version of the German income
tax algorithm (Lohnsteueralgorithmus) with TPC/MPC
Approach:
• Use existing TPC/MPC frameworks
• Implement the algorithm in languages in simple C (or similar DSL)
• Evaluate the performance of the algorithm in at least two different
frameworks
• CBMC-GC (TPC - Yao’s Garbled Circuits)
• Sharemind (MPC – Linear Secret Sharing)
17
Topic 8&9 (Nikolay Matyunin, eng.)
Side channels in GPUs: Overview
Graphics Processing Units (GPU) are used for:
• rendering data to the screen
• general-purpose parallel computations
(CUDA, OpenCL etc.)
GPUs, similarly to CPUs, may leak information about performed activity
through side channels:
• timing
• electromagnetic emissions
• power consumption
• acoustic noise
Attackers may exploit side channels:
1) to discover performed activity
2) to covertly transmit data
18
(T8) Side-Channel Attacks on the GPU
Goal: exploit side channels to detect specific activities
performed on GPUs, such as:
• cryptographic computations
• cryptocurrency mining
Approach: use magnetometers in smartphones to detect
distinct electromagnetic disturbance caused by laptop’s GPU
Requirements:
• common C/C++/Java programming & scripting skills
• (optional) experience or interest in CUDA/OpenCL programming
• (optional) experience or interest in machine learning
A B
?
19
(T9) Electromagnetic Covert Channel
using the GPU
Goal: covertly transmit binary data from a laptop to a
nearby smartphone by emitting electromagnetic disturbance on
laptop’s GPU
Approach: use magnetometers in smartphones to receive
binary data encoded into electromagnetic emanations caused
by laptop’s GPU
Requirements:
• common C/C++/Java programming & scripting skills
• (optional) experience or interest in CUDA/OpenCL programming
• (optional) experience or interest in signal processing
1110010
1110010
20
Topic 10 (Nikolaos Karvelas)
Multithreading in OpenSSL
Project goal / task:
• You will be given a piece of code in C++, that uses the cryptographic library of
OpenSSl, and that can be parallelized.
• You will be asked to parallelize the given program in C/C++.
Project Idea:
• The cryptographic library of OpenSSL is widely used.
• It is however not (very) well documented.
• In many applications multi-threading is demanded.
21
Topic 11 (Nikolaos Karvelas)
Post-Quantum Secure Oblivious RAM
Project goal:
• Implement the necessary condition for a PQ secure ORAM, in C/C++.
Project Idea:
• Oblivious RAM (ORAM) is an important cryptographic primitive, that allows
access pattern hiding in processors and remote servers.
• In most ORAM constructions, data is encrypted under a semantically secure
encryption scheme.
• Using a Post-Quantum (PQ) secure encryption scheme, is one of the necessary
requirements in having a PQ secure ORAM.
Project task:
• You will be given a working implementation of current state-of-the-art ORAM in
C++.
• You will be asked to replace the encryption scheme used, with its PQ-secure
counterpart.