
Speaker Tom Ristenpart, Krzysztof Pietrzak, and Yevgeniy Dodis Host Kristin Lauter Duration 02:25:38 Date recorded 6 August 2010 Virtual Machine Reset Vulnerabilities and Hedged Cryptography Tom Ristenpart, UC San Diego Virtual machines are widely used to, for example, support cloud computing services and improve home desktop security. In this talk I'll present recent work on showing a new class of vulnerabilities, termed VM reset vulnerabilities, that arise due to reuse of VM snapshots. A snapshot is the saved state of a VM, which can include caches, memory, persistent storage, etc. A reset vulnerability occurs when resuming two or more times from the same VM snapshot exposes security bugs. I'll report on our discovery of several reset vulnerabilities in modern browsers used within commonlyused VM managers. These vulnerabilities exploit weaknesses in cryptographic protocols when confronted with reused randomness. I'll then explore a new framework of hedged cryptography, which aims to build into cryptographic protocols mechanisms that provide improved security in the face of reset (or other) vulnerabilities. Subspace LWE Krzysztof Pietrzak, CWI The (decisional) learning with errors (LWE) problem asks to We introduce (seemingly) much stronger *adaptive* assumptions SLWE and This implies that the standard LWE/LPN problems are surprisingly We also present a new very simple and efficient authentication Cryptography Against Continuous Memory Attacks Yevgeniy Dodis, New York University We say that a cryptographic scheme is Continuous LeakageResilient (CLR), if it allows users to refresh their secret keys, using only fresh local randomness, such that:  The scheme remains functional after any number of key refreshes, although the public key never changes. Thus, the "outside world" is neither affected by these key refreshes, nor needs to know about their frequency.  The scheme remains secure even if the adversary can continuously leak arbitrary information about the current secretkey of the system, as long as the amount of leaked information is bounded in between any two successive key refreshes. There is no bound on the total amount of information that can be leaked during the lifetime of the system. In this work, we construct a variety of practical CLR schemes, including CLR oneway relations, CLR signatures, CLR identification schemes, and CLR authenticated key agreement protocols. For each of the above, we give general constructions, and then show how to instantiate them efficiently using a well established assumption on bilinear groups, called the KLinear assumption. Joint work with Kristiyan Haralambiev and Adriana LopezAlt and Daniel Wichs. The extended abstract of the paper will appear at FOCS'10 and can be found at http://eprint.iacr.org/2010/196
©2010 Microsoft Corporation. All rights reserved.
By the same speakersPeople also watched 