1

WS 2016/2017 – 3CP

Prof. Stefan Katzenbeisser / Security Engineering Group

Privacy-Enhancing Technologies

Practical Projects

Organization:

Niklas Büscher, room S4|14 – 4.2.21

buescher@seceng.informatik.tu-darmstadt.de

2

Pratical Projects - Overview

Goal: Hands-on work in research topics on privacy in the SecEng group

Organization:

• Form groups of four by November 20th

• Inform Niklas Buescher via mail about

• group members

• 5 preferred topics in order

• (one mail per group, members in CC)

• After you received an email about your assignment, get in contact with your topic

supervisor to organize a meeting

Hints:

• Unfortunately, we cannot guarantee topics by preference

• If you cannot find a group (or enough members), please also register via mail. We will

form (fill up) groups with the remaining students

[…]

wir haben uns zu folgender Gruppe

zusammengefunden:

* Max Mustermann, mailmenot@example.com

* Sabine Musterfrau, sabine@mailmenot.com

* Donald Trumpf, mr.trumpf@hotmail.com

* Hillarious Klinton, ms.klinton@yahoo.de

Unsere 5 Wunschthemen sind:

T5,T1,T3,T7,T9

[…]

3

Overview

Topic 1: What is the cost of confidentiality? (Markus Heinrich)

Topic 2: Crypto Performance Analysis (Florian Kohnhäuser)

Topic 3: Physical Unclonable Functions (Nikolaos Anagnostopoulos, eng.)

Topic 4: Implementation of Flash-based PUFs (André Schaller)

Topic 5: Interactive Framework for Differential Privacy (Spyros Boukoros, eng.)

Topic 6: Privacy Metrics and Attacks (Spyros Boukoros, eng.)

Topic 7: Privacy-preserving „German tax income algorithm“ (Niklas Buescher)

Topic 8: Side-Channel Attacks on the GPU (Nikolay Matyunin, eng.)

Topic 9: Electromagnetic Covert Channel using the GPU (Nikolay Matyunin, eng.)

Topic 10: Multithreading in OpenSSL (Nikolaos Karvelas)

Topic 11: Post-Quantum Secure Oblivious RAM (Nikolaos Karvelas)

4

Topic 1 (Markus Heinrich):

What is the cost of confidentiality?

How do digital signatures and encryption influence the

transmission of messages?

• Research how to evaluate cryptographic algorithms.

• Define the metrics to investigate (e.g. processing time).

• Develop an evaluation framework that can…

• … run different algorithms.

• … run on different hardware platforms.

• … exploit external conditions (e.g. strong sender, weak receiver).

• Summarize and present your results.

5

Topic 2 (Florian Kohnhäuser)

Crypto Performance Analysis for Emergency Communication

with Mobile Devices

• Mobile devices (smartphones, laptops, etc.) connected in ad-hoc networks

provide a great potential to facilitate emergency communication

• Classified or privacy-critical data (e.g., building plans or health data) need to be

cryptographically secured in the emergency use case

• Crypto energy-consumption critical: battery life should be as long as possible

• Crypto runtime critical: feasible to encrypt and/or sign all transmitted data?

Tasks:

(1) Requirement Analysis: appropriate crypto solutions for emergency use case

(2) Implementation: Android smartphones; some experiments are already existing

(3) Evaluation: energy-consumption and runtime of cryptographic algorithms

6

Topic 3 (Nikolaos Anagnostopoulos)

Phyisical Unclonable Functions (PUFs)

SRAM block

(array of SRAM cells)

challenge: memory address

response: memory content

PUFs are based on unique characteristics of hardware

modules, which can be used in order to construct a key (or

in general, a token for cryptographic applications).

To this end, we use as PUF characteristics the initial values

or the decay characteristics of SRAM and/or DRAM cells of

commodity off-the-shelf devices. Such hardware is also

commonly used in IoT device implementations.

In other words, we produce cryptographic keys using IoT

hardware.

7

(T3) Logically reconfigurable PUFs

PUF output: 1010101111010101

We can use logical algorithms to diversify the end responses of PUFs while using

the same PUF output.

The reconfiguration can be as simple as an XOR operation between the

(re)configuration bitstring and the PUF’s output.

Reconfiguring a PUF can increase its security.

A potential use case could be the production of PUF-based session keys.

Reconfiguration

Configuration A → Configuration B

1010100100100101 → 1001010110100110

Reconfiguration

Response A = (PUF output) XOR (Configuration A)

Response A: 0000001011110000

Response B = (PUF output) XOR (Configuration B)

Response B: 0011111001110011

8

(T3) Data Remanence and PUFs

Memory-based PUFs are implemented on Static and Dynamic RAM (SRAM and

DRAM).

SRAM and DRAM exhibit data remanence, which means that data stored on them

remain (for some time) even after the power supply to them has been cut.

This phenomenon can be seen both as a vulnerability of such PUFs and as a feature

which can be utilised for the creation of novel PUFs.

Relevant attacks can be based both on the decay of data and on their extended

remanence.

However, the same phenomenon can be used for timekeeping purposes or as a

characteristic that is unique per device and can thus be used to implement a new

category of PUFs.

Task: Various implementations and evaluations for the aforementioned PUF types

Requirements/Nice-to-have: Low-level programming skills (C, ASM, etc.)

9

Topic 4 (André Schaller)

Implementation of Flash-based PUFs

Project Idea:

• Physically Unclonable Functions are used to extract unique identifiers based on

the physical characteristics of the underlying hardware component

• Different hardware components have been proposed to be used in order to

extract a PUF instance (SRAM, DRAM, Flash)

• Implement a Flash-based PUF on commodity devices (PandaBoard, TI

Stellaris, BeagleBone, …)

10

(T4) Implementation of Flash-based PUFs

Approach:

• based on existing work in the literature on Flash-based PUFs, different

approaches will be implement to get a first proof-of-concept

• in a next step, the implementation will be modified to optimize the PUF w.r.t. to

the underlying hardware and meet additional security requirements

• evaluation of the PUF

Requirements:

• c programming experience

• embedded programming experience

• working with technical reference manuals

Nice to have:

• ASM programming experience

• ARM-programming experience

11

Topic 5 & 6 (Spyros Boukoros, eng.):

Differential Privacy

Add ‘calibrated’ noise to the output of a query

Hide the presence of any individual

Preserve utility

The process depends only on the:

Dataset

Query

Privacy budget ε

Various mechanisms for selecting the noise

Laplacian, Exponential etc..

12

(T5) Differential Privacy

Implementation Interactive Framework

Implement an interactive differential privacy mechanism

Ideally in Python using PostrgreSQL

Users can query a database

Your framework `sits’ in front of the database protecting it

For every query, calculates the sensitivity

Checks the privacy budget ε

Returns the result with noise

Possible directions:

Perform noise addition using various mechanisms

Implement personalized differential privacy

13

(T6) Privacy Metrics and Attacks

Overview

Metrics that measure a user’s privacy in a database can be categorized in:

Similarity measures

Entropy

Attacker’s estimation error

Etc..

De – anonymization attacks use auxiliary information

Aux. info is collected from other datasets or directly from the individuals

Try to match aux. info to entries in the dataset

14

(T6) Privacy Metrics and Attacks

Implementation

(G)UI that a user can select a metric or an attack

Various metrics will be discussed at the initial meeting

Python

The metric will be calculated on an existing dataset

Metrics and attacks can be parameterized

Possible Directions:

Graphs for each metric

Comparison of metrics

15

Topic 7 (Niklas Buescher)

Introduction - Secure Multi-party Computation

ff(x,y)

x

f(x,y)

y

Privacy-preserving fingerprint matching between mobile and server

?

protocol

16

(T7) Implementation of the

“German income tax algorithm”

Goal: Implementation of a privacy-friendly version of the German income

tax algorithm (Lohnsteueralgorithmus) with TPC/MPC

Approach:

• Use existing TPC/MPC frameworks

• Implement the algorithm in languages in simple C (or similar DSL)

• Evaluate the performance of the algorithm in at least two different

frameworks

• CBMC-GC (TPC - Yao’s Garbled Circuits)

• Sharemind (MPC – Linear Secret Sharing)

17

Topic 8&9 (Nikolay Matyunin, eng.)

Side channels in GPUs: Overview

Graphics Processing Units (GPU) are used for:

• rendering data to the screen

• general-purpose parallel computations

(CUDA, OpenCL etc.)

GPUs, similarly to CPUs, may leak information about performed activity

through side channels:

• timing

• electromagnetic emissions

• power consumption

• acoustic noise

Attackers may exploit side channels:

1) to discover performed activity

2) to covertly transmit data

18

(T8) Side-Channel Attacks on the GPU

Goal: exploit side channels to detect specific activities

performed on GPUs, such as:

• cryptographic computations

• cryptocurrency mining

Approach: use magnetometers in smartphones to detect

distinct electromagnetic disturbance caused by laptop’s GPU

Requirements:

• common C/C++/Java programming & scripting skills

• (optional) experience or interest in CUDA/OpenCL programming

• (optional) experience or interest in machine learning

A B

?

19

(T9) Electromagnetic Covert Channel

using the GPU

Goal: covertly transmit binary data from a laptop to a

nearby smartphone by emitting electromagnetic disturbance on

laptop’s GPU

Approach: use magnetometers in smartphones to receive

binary data encoded into electromagnetic emanations caused

by laptop’s GPU

Requirements:

• common C/C++/Java programming & scripting skills

• (optional) experience or interest in CUDA/OpenCL programming

• (optional) experience or interest in signal processing

1110010

1110010

20

Topic 10 (Nikolaos Karvelas)

Multithreading in OpenSSL

Project goal / task:

• You will be given a piece of code in C++, that uses the cryptographic library of

OpenSSl, and that can be parallelized.

• You will be asked to parallelize the given program in C/C++.

Project Idea:

• The cryptographic library of OpenSSL is widely used.

• It is however not (very) well documented.

• In many applications multi-threading is demanded.

21

Topic 11 (Nikolaos Karvelas)

Post-Quantum Secure Oblivious RAM

Project goal:

• Implement the necessary condition for a PQ secure ORAM, in C/C++.

Project Idea:

• Oblivious RAM (ORAM) is an important cryptographic primitive, that allows

access pattern hiding in processors and remote servers.

• In most ORAM constructions, data is encrypted under a semantically secure

encryption scheme.

• Using a Post-Quantum (PQ) secure encryption scheme, is one of the necessary

requirements in having a PQ secure ORAM.

Project task:

• You will be given a working implementation of current state-of-the-art ORAM in

C++.

• You will be asked to replace the encryption scheme used, with its PQ-secure

counterpart.