Skip to main content
Springer Nature Link
Log in

Secure Cryptographic Precomputation with Insecure Memory

  • Conference paper
Information Security Practice and Experience (ISPEC 2008)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4991))

  • 822 Accesses

Abstract

We propose a solution that provides secure storage for cryptographic precomputation using insecure memory that is susceptible to eavesdropping and tampering. Specifically, we design a small tamper-resistant hardware module, the Queue Security Proxy (QSP), that situates transparently on the data-path between the processor and the insecure memory. Our analysis shows that our design is secure and flexible, and yet efficient and inexpensive. In particular, both the timing overhead and the hardware cost of our solution are independent of the storage size.

This work was supported in part by the U.S. Department of Homeland Security under Grant Award Number 2006-CS-001-000001, the Institute for Security Technology Studies, under Grant number 2005-DD-BX-1091 awarded by the Bureau of Justice Assistance, and the National Science Foundation, under grant CNS-0524695. The views and conclusions do not necessarily represent those of the sponsors.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Adida, B., Wikström, D.: Offline/Online Mixing. In: Arge, L., Cachin, C., JurdziÅ„ski, T., Tarlecki, A. (eds.) ICALP 2007. LNCS, vol. 4596, pp. 484–495. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  2. Anderson, R., Kuhn, M.: Tamper Resistance—A Cautionary Note. In: Proceedings of the 2nd USENIX Workshop on Electronic Commerce, pp. 1–11 (1996)

    Google Scholar 

  3. Bellare, M., Namprempre, C.: Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  4. Bellare, M., Rogaway, P.: Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. In: Proceedings of the 1st ACM conference on Computer and communications security, pp. 62–73. ACM Press, New York (1993)

    Chapter  Google Scholar 

  5. Boneh, D., Boyen, X., Shacham, H.: Short Group Signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004)

    Google Scholar 

  6. Brickell, E.F., Gordon, D.M., McCurley, K.S., Wilson, D.B.: Fast Exponentiation with Precomputation (Extended Abstract). In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 200–207. Springer, Heidelberg (1993)

    Chapter  Google Scholar 

  7. Camenisch, J., Lysyanskaya, A.: An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  8. Chaum, D.: Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. Communications of the ACM 4(2) (February 1981)

    Google Scholar 

  9. Clarke, D.E., Devadas, S., van Dijk, M., Gassend, B., Suh, G.E.: Incremental Multiset Hash Functions and Their Application to Memory Integrity Checking. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 188–207. Springer, Heidelberg (2003)

    Google Scholar 

  10. Devanbu, P.T., Stubblebine, S.G.: Stack and Queue Integrity on Hostile Platforms. IEEE Trans. Software Eng. 28(1), 100–108 (2002)

    Article  Google Scholar 

  11. Dworkin, M.: Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC (June 2007)

    Google Scholar 

  12. Dyer, J.G., Lindemann, M., Perez, R., Sailer, R., van Doorn, L., Smith, S.W., Weingart, S.: Building the IBM 4758 Secure Coprocessor. IEEE Computer 34(10), 57–66 (2001)

    Google Scholar 

  13. Gassend, B., Suh, G.E., Clarke, D.E., van Dijk, M., Devadas, S.: Caches and Hash Trees for Efficient Memory Integrity. In: HPCA, pp. 295–306 (2003)

    Google Scholar 

  14. Goldreich, O., Ostrovsky, R.: Software Protection and Simulation on Oblivious RAMs. Journal of the ACM 43(3), 431–473 (1996)

    Article  MATH  MathSciNet  Google Scholar 

  15. Goldwasser, S., Micali, S., Rackoff, C.: The Knowledge Complexity of Interactive Proof Systems. SIAM J. Comput. 18(1), 186–208 (1989)

    Article  MATH  MathSciNet  Google Scholar 

  16. Guttag, J.V., Horning, J.J.: Larch: Languages and Tools for Formal Specification. Springer, New York (1993)

    MATH  Google Scholar 

  17. Kauer, B.: OSLO: Improving the Security of Trusted Computing. In: USENIX Security Symposium, USENIX, pp. 229–237 (2007)

    Google Scholar 

  18. Lie, D., Thekkath, C.A., Mitchell, M., Lincoln, P., Boneh, D., Mitchell, J.C., Horowitz, M.: Architectural Support for Copy and Tamper Resistant Software. In: ASPLOS, pp. 168–177 (2000)

    Google Scholar 

  19. McGrew, D.A., Viega, J.: The Security and Performance of the Galois/Counter Mode (GCM) of Operation. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 343–355. Springer, Heidelberg (2004)

    Google Scholar 

  20. Merkle, R.C.: Protocols for Public Key Cryptosystems. In: IEEE Symposium on Security and Privacy, pp. 122–134 (1980)

    Google Scholar 

  21. NIST. FIPS 186-2: Digital Signature Standard (DSS). Technical report, National Institute of Standards and Technology (NIST) (2000)

    Google Scholar 

  22. Rogers, B., Solihin, Y., Prvulovic, M.: Memory Predecryption: Hiding the Latency Overhead of Memory Encryption. SIGARCH Computer Architecture News 33(1), 27–33 (2005)

    Article  Google Scholar 

  23. Satoh, A.: High-Speed Parallel Hardware Architecture for Galois Counter Mode. In: ISCAS, pp. 1863–1866. IEEE Computer Society Press, Los Alamitos (2007)

    Google Scholar 

  24. Shi, W., Lee, H.-H.S., Ghosh, M., Lu, C., Boldyreva, A.: High Efficiency Counter Mode Security Architecture via Prediction and Precomputation. In: ISCA, pp. 14–24. IEEE Computer Society Press, Los Alamitos (2005)

    Google Scholar 

  25. Smith, S.W., Weingart, S.: Building a High-performance, Programmable Secure Coprocessor. Computer Networks 31(8), 831–860 (1999)

    Article  Google Scholar 

  26. Suh, G.E., Clarke, D.E., Gassend, B., van Dijk, M., Devadas, S.: AEGIS: Architecture for tamper-evident and tamper-resistant processing. In: ICS, pp. 160–171. ACM Press, New York (2003)

    Google Scholar 

  27. Suh, G.E., Clarke, D.E., Gassend, B., van Dijk, M., Devadas, S.: Efficient Memory Integrity Verification and Encryption for Secure Processors. In: MICRO, pp. 339–350. ACM/IEEE (2003)

    Google Scholar 

  28. TPM Work Group. TCG TPM Specification Version 1.2 Revision 103. Technical report, Trusted Computing Group (2007)

    Google Scholar 

  29. Tsang, P.P., Au, M.H., Kapadia, A., Smith, S.W.: Blacklistable Anonymous Credentials: Blocking Misbehaving Users without TTPs. In: CCS 2007: Proceedings of the 14th ACM conference on Computer and communications security, pp. 72–81. ACM, New York (2007)

    Chapter  Google Scholar 

  30. Yang, J., Zhang, Y., Gao, L.: Fast Secure Processor for Inhibiting Software Piracy and Tampering. In: MICRO, pp. 351–360. ACM/IEEE (2003)

    Google Scholar 

  31. Yen, S.-M., Laih, C.-S., Lenstra, A.K.: Multi-Exponentiation. In: IEE Proc. Computers and Digital Techniques, vol. 141, pp. 325–326 (1994)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Dartmouth College, Hanover, NH 03755, USA

    Patrick P. Tsang & Sean W. Smith

Authors
  1. Patrick P. Tsang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sean W. Smith
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Liqun Chen Yi Mu Willy Susilo

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Tsang, P.P., Smith, S.W. (2008). Secure Cryptographic Precomputation with Insecure Memory. In: Chen, L., Mu, Y., Susilo, W. (eds) Information Security Practice and Experience. ISPEC 2008. Lecture Notes in Computer Science, vol 4991. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-79104-1_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-79104-1_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-79103-4

  • Online ISBN: 978-3-540-79104-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics