Topic in Security and Privacy

[pentium3]

Ref:

https://www.usenix.org/conference/osdi21/presentation/preview-security-privacy

CSCI5271 UMN

---

1. Security Properties

• Integrity: Protection of the data or system states from illegal modification
• Confidentiality: Protection of the data or system states from illegal observation
• Privacy: Protection of the users’ identities or personal states from illegal observation of data or metadata(eg: Who is sending message? How big is the message? When is the message sent? etc. ) .

Two major-topic divisions: System security, Network security Five sub-topic areas: Software security, OS security, Cryptography, Network security, Other security topics(Web, usability, AI, etc.)

• Defenders: avoid weaknesses that can be abused by attackers to violate security policy
• Attackers: take advantage of a vulnerability to cause unintended behaviors -> attackers get privilege that they shouldn’t

Some common Threat Models

How could attackers threat the system?

1. Single-Party; Centralized Trust model All the entities are in the same camp and will follow the protocol. -> will not leak data

2. Multi-Party; Decentralized Trust model Everybody is on their own. There might be someone potentially malicious and may not follow the protocol. -> could leak data

3. Multi-Party; Semi-Honest (Honest-but-curious) Multi-Party + Decentralized Trust. But entities are semi-honest(will follow the protocol, but may leak data)

Defense Strategies

How to protect user's Integrity/Confidentiality/Privacy from attacker?

2. Encryption / Secure Computation

maybe too expensive(Computation/Communication)...

Encryption

• Symmetric (Secret Key) Encryption
• Asymmetric (Public Key) Encryption

Secure Computation

• Fully Homomorphic Encryption (FHE)
• MPC

3. TEE / Memory Protection

Trusted computing: From another perspective: what if I want to run my code on a platform where I don’t fully trust the owner? (eg: un-trusted public cloud) -> establish certain degrees of trust.

Six required technology concepts required by Trusted Computer Group:
• Endorsement key: a 2048-bit RSA public and private key pair, never leaves the chip
• Secure input and output: how do you know you’re talking to the right software?
• Memory curtaining: even OS cannot access 
• Sealed storage: only accessible to certain software/hardware (digital rights management)
• Remote attestation: to detect unauthorized changes
• Trusted Third Party (TTP): two parties both trust

SGX

• A Software Guard Extensions
• Scenario: Offloading computation to remote cloud machines (Private data/Sensitive computation)
• Huge trusted computing base • Privileged software: Hypervisor, firmware, etc. • Management stack • Cloud operators
• Support new security guarantees • Confidentiality and integrity of a program • Not availability • Shipped with most laptop and desktop machines (since 2015)
• Provides enclave: A protected execution region • Enclave runs a user-level program • Enclave is protected from the rest of system
• A new set of instructions to use • Example: ENCLU—Enter an Enclave

SGX enclave:

Memory Access Patterns

Penetration(渗透) Testing & Bug Detection

[pentium3]

Trends in Security/Privacy conferences

https://zhuanlan.zhihu.com/p/278495714

https://zhuanlan.zhihu.com/p/31635977

https://aegis-readers.github.io/

[pentium3]

Cryptography

Goal: to provide a “secure channel” between Alice and Bob. The channel should remain secure even though Eve can inspect, modify or drop any message, and control the channel. A secure channel should:

• Leaks NO information about its contents (confidentiality)
• Delivers only messages from Alice and Bob (authenticity)
• Delivers messages in order or not at all (integrity)

Cryptographic key(加密密钥): A parameter that determines the functional output of a cryptographic algorithm. The only secret part of the cipher is a key.

• Symmetric-key crypto: one key used for both encryption and decryption participants.
• Public-key crypto: one key kept secret, another published; one for encryption, and the other for decryption

Symmetric-key crypto

Encryption

mainly uses stream cipher or block cipher.

Encryption protects secrecy, not message integrity. For constant-size encryption, changing the ciphertext just creates a different plaintext.

How to protect integrity?

Hash functions:

Message authentication code(MAC): to confirm that the message came from the stated sender (authenticity) and has not been changed (integrity)

• Similar to hash function, but with a key. Hash_func(Key|Msg)
• Adversary without key cannot forge MACs

Public-key crypto