l eakage and t amper resilient r andom a ccess m achine ( ltram )
DESCRIPTION
L EAKAGE and T AMPER Resilient R andom A ccess M achine ( LTRAM ). Pratyay Mukherjee Aarhus University Joint work with Sebastian Faust, Jesper Buus Nielsen and Daniele Venturi. Provable security breaks down!. Because…. The Model. Reality. Provable security breaks down!. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: L EAKAGE and T AMPER Resilient R andom A ccess M achine ( LTRAM )](https://reader036.vdocuments.mx/reader036/viewer/2022062423/5681432e550346895daf9d52/html5/thumbnails/1.jpg)
LEAKAGE and TAMPER Resilient Random Access Machine (LTRAM)
Pratyay MukherjeeAarhus University
Joint work with
Sebastian Faust, Jesper Buus Nielsen and Daniele Venturi
![Page 2: L EAKAGE and T AMPER Resilient R andom A ccess M achine ( LTRAM )](https://reader036.vdocuments.mx/reader036/viewer/2022062423/5681432e550346895daf9d52/html5/thumbnails/2.jpg)
Provable security breaks down! Because….
The Model Reality
![Page 3: L EAKAGE and T AMPER Resilient R andom A ccess M achine ( LTRAM )](https://reader036.vdocuments.mx/reader036/viewer/2022062423/5681432e550346895daf9d52/html5/thumbnails/3.jpg)
Provable security breaks down! Because….
The Model Reality
More seriousl
y !Side channel attacks: Leakage/ Tampering
Blakcbox
Our main
focus
![Page 4: L EAKAGE and T AMPER Resilient R andom A ccess M achine ( LTRAM )](https://reader036.vdocuments.mx/reader036/viewer/2022062423/5681432e550346895daf9d52/html5/thumbnails/4.jpg)
Models of Tampering
Tamper “only memory”Tamper “whole computation”
![Page 5: L EAKAGE and T AMPER Resilient R andom A ccess M achine ( LTRAM )](https://reader036.vdocuments.mx/reader036/viewer/2022062423/5681432e550346895daf9d52/html5/thumbnails/5.jpg)
Models of Tampering
Tamper “only memory”Tamper “whole computation”In the beginning….
We are STRONGERrrr !!!
![Page 6: L EAKAGE and T AMPER Resilient R andom A ccess M achine ( LTRAM )](https://reader036.vdocuments.mx/reader036/viewer/2022062423/5681432e550346895daf9d52/html5/thumbnails/6.jpg)
Models of Tampering
Tamper “only memory”Tamper “whole computation”
Existing results suffer from limitation e.g. can tamper
upto 1/poly(n)
A number of strong positive results e.g. split-state
tampering
…..after a few years….
[IPSW 06, ….., DK 14] [GLMMR 04, ……………………………..,DPW 10,…..]
I have better RESULTS !!!
![Page 7: L EAKAGE and T AMPER Resilient R andom A ccess M achine ( LTRAM )](https://reader036.vdocuments.mx/reader036/viewer/2022062423/5681432e550346895daf9d52/html5/thumbnails/7.jpg)
Our approachCan we protect against more Tampering with computation if we consider RAM ?
Instead of
Protect me !
![Page 8: L EAKAGE and T AMPER Resilient R andom A ccess M achine ( LTRAM )](https://reader036.vdocuments.mx/reader036/viewer/2022062423/5681432e550346895daf9d52/html5/thumbnails/8.jpg)
Our Result: RAM + NMC => TRAM
TRAM
TCC 2014
Idea: Encode locations with NMC.
Note: The computation is stored as a program.
![Page 9: L EAKAGE and T AMPER Resilient R andom A ccess M achine ( LTRAM )](https://reader036.vdocuments.mx/reader036/viewer/2022062423/5681432e550346895daf9d52/html5/thumbnails/9.jpg)
In fact we can get LTRAM
LTRAM
Caveat: We assume tamper-proof CPU.
But, the CPU is small and universal i.e.independent of the functionality.
![Page 10: L EAKAGE and T AMPER Resilient R andom A ccess M achine ( LTRAM )](https://reader036.vdocuments.mx/reader036/viewer/2022062423/5681432e550346895daf9d52/html5/thumbnails/10.jpg)
Our LTRAM
CPU
Secret Disk-1
Secret Disk-2
Public disk