Speaker Tom Ristenpart, Krzysztof Pietrzak, and Yevgeniy Dodis
Host Kristin Lauter
Date recorded 6 August 2010
Virtual Machine Reset Vulnerabilities and Hedged Cryptography
Tom Ristenpart, UC San Diego
Virtual machines are widely used to, for example, support cloud computing services and improve home desktop security. In this talk I'll present recent work on showing a new class of vulnerabilities, termed VM reset vulnerabilities, that arise due to reuse of VM snapshots. A snapshot is the saved state of a VM, which can include caches, memory, persistent storage, etc. A reset vulnerability occurs when resuming two or more times from the same VM snapshot exposes security bugs. I'll report on our discovery of several reset vulnerabilities in modern browsers used within commonly-used VM managers. These vulnerabilities exploit weaknesses in cryptographic protocols when confronted with reused randomness. I'll then explore a new framework of hedged cryptography, which aims to build into cryptographic protocols mechanisms that provide improved security in the face of reset (or other) vulnerabilities.
Krzysztof Pietrzak, CWI
The (decisional) learning with errors (LWE) problem asks to
We introduce (seemingly) much stronger *adaptive* assumptions SLWE and
This implies that the standard LWE/LPN problems are surprisingly
We also present a new very simple and efficient authentication
Cryptography Against Continuous Memory Attacks
Yevgeniy Dodis, New York University
We say that a cryptographic scheme is Continuous Leakage-Resilient (CLR), if it allows users to refresh their secret keys, using only fresh local randomness, such that: -- The scheme remains functional after any number of key refreshes, although the public key never changes. Thus, the "outside world" is neither affected by these key refreshes, nor needs to know about their frequency. -- The scheme remains secure even if the adversary can continuously leak arbitrary information about the current secret-key of the system, as long as the amount of leaked information is bounded in between any two successive key refreshes. There is no bound on the total amount of information that can be leaked during the lifetime of the system. In this work, we construct a variety of practical CLR schemes, including CLR one-way relations, CLR signatures, CLR identification schemes, and CLR authenticated key agreement protocols. For each of the above, we give general constructions, and then show how to instantiate them efficiently using a well established assumption on bilinear groups, called the K-Linear assumption. Joint work with Kristiyan Haralambiev and Adriana Lopez-Alt and Daniel Wichs. The extended abstract of the paper will appear at FOCS'10 and can be found at http://eprint.iacr.org/2010/196
©2010 Microsoft Corporation. All rights reserved.