"Cryptographic Reverse Firewalls"
Ilya Mironov
(Stanford)
Monday, April 6th, 2015, 2:00 pm
EBU3B, Room 4258
Abstract:
In light of recent revelations regarding scope and sophistication of surveillance programs, vulnerabilities of common software libraries (e.g., Heartbleed) and attacks on commodity hardware (e.g., Equation Group's hard disk firmware modifications), the boundaries separating the trusted and the untrusted parts of one's system are crumbling. Facing the disturbing, and quite real, possibility of a compromise that reaches inside one’s communication platform, we address the following, seemingly paradoxical question: Can we design cryptographic protocols that achieve meaningful security when the adversary may arbitrarily tamper with the victim’s computer?
Inverting the metaphor from network security, we propose and investigate the power of a (cryptographic) reverse firewall - an entity whose role is to protect cryptographic schemes and protocols from insider attacks. Our security definition for reverse firewalls depends on the security notion(s) of the underlying protocol. As such, our model generalizes much prior work and provides a general framework for building cryptographic schemes that remain secure when run on compromised machine. It is also a modern take on a line of work that received considerable attention in the 80s and 90s.
We show that our definition is achievable by constructing several protocols for important cryptographic tasks---message transmission, oblivious transfer, secure function evaluation---that admit reverse firewalls.
Joint work with Yevgeniy Dodis and Noah Stephens-Davidowitz (NYU).