Remote Attestation – Building trust in things you can’t see
N. Asokan and Andrew Paverd, Aalto University, Finland • Wednesday April 5, 13:15
In our increasingly networked society, the ability to interact securely with remote devices and systems is now more important than ever. Secure communication is necessary but not sufficient to achieve this unless complemented by remote attestation, a distinct security service that allows one to ascertain the precise state and configuration of a remote system.
This tutorial begins with the fundamental motivation for remote attestation, its goals and requirements, and its assumed adversary model. We then survey the full landscape of attestation techniques, diving into detail on key topics. We cover the “classical attestation” used in the Trusted Platform Module (TPM), and the improvements gained through property-based attestation. We then compare and contrast this with more recent attestation in Intel’s new Software Guard Extensions (SGX). We examine techniques designed specifically for embedded systems, including software-based attestation, and the use of minimal trust anchors. Finally, we explore new types of attestation, including swarm attestation for groups of devices, control-flow attestation for detecting runtime attacks, and key attestation for hardware-protected cryptographic keys.
N. Asokan is a Professor of Computer Science at Aalto University and the University of Helsinki. His research interest is understanding how to build systems that are simultaneously secure, easy-to-use and inexpensive to deploy. Prior to joining academia, he spent 17 years in industrial research, first at IBM Zurich Research Laboratory and then at Nokia Research Center. Asokan is an ACM Distinguished Scientist and an IEEE Fellow. He directs the Helsinki Aalto Center for Information Security and is the lead principal investigator of Intel Collaborative Research Institute for Secure Computing (ICRI-SC) in Finland.
Andrew Paverd is a post-doctoral researcher in Computer Science at Aalto University. His research interests include trusted hardware, remote attestation, privacy, web security, and most recently, distributed systems. Before moving to Finland, Andrew obtained his doctorate in Computer Science from the University of Oxford. Andrew received his BSc and MSc in Electrical and Computer Engineering from the University of the Witwatersrand, Johannesburg and the University of Cape Town respectively.
Post-quantum cryptography, an overview
Johannes Buchmann, TU Darmstadt, Germany • Monday April 3, 15:35
Public-key cryptography (PKC) is an essential building block for cybersecurity. For example, the TLS protocol that protects Internet communication is based on PKC. The security of PKC algorithms that are used today is based on the hardness of the integer factorization and certain discrete logarithm problem. However, in his seminal 1994 paper Peter Shor showed how to solve these problems in polynomial time on a quantum computer. As a result, it is necessary to come up with new PKC algorithms that resist quantum computer attacks. They are referred to as post-quantum cryptography algorithms. This talk discusses the necessity of PKC. It describes current PKC algorithms. It gives an overview overstatus of the current post-quantum approaches: hash-, lattice-, code-based and multivariate and discusses their practicability and their security.
Johannes Buchmann received a PhD from the Universität zu Köln, Germany in 1982. 1985 and 1986 he was a PostDoc at the Ohio State University on a Fellowship of the Alexander von Humboldt Foundation. From 1988 to 1996 he was a professor of Computer Sience at the Universität des Saarlandes in Saarbrücken. Since 1996 he is a professor of Computer Science and Mathematics at Technische Universität Darmstadt. From 2001 to 2007 he was Vice President Research of TU Darmstadt. In 1993 he received the Leibniz-Prize of the German Science Foundation and in 2012 the Tsugming Tu Award of Taiwan. His is a member of the German Academy of Science and Engineering acatech and of the German Academy of Science Leopoldina. He is the spokesperson of the Collaborative Research Center CROSSING of the German Science Foundation, the Profile Area CYSEC – Cybersecurity [at] TU Darmstadt, and the Deputy Spokesperson of the Center for Research in Security and Privacy Darmstadt CRISP. His research areas are cryptography and its applications.
On the Security of PoW-based Blockchains
Ghassan Karame (NEC) and Alexandra Dmitrienko (ETH, Switzerland) • Thursday April 6, 9:30
The blockchain emerges as an innovative tool which can change the way we see a number of online applications today. In this tutorial, we overview, detail, and analyze the security provisions of Proof of Work (PoW)-based blockchains – effectively capturing recently reported attacks and threats in the system. Our contributions go beyond the mere analysis of reported vulnerabilities on PoW; namely, we describe and evaluate a number of countermeasures to deter threats on the system – some of which have already been incorporated in the system.
Given the increasing number of alternative blockchain proposals, this tutorial extracts the basic security lessons learnt from existing PoW-based deployments with the aim to foster better designs and analysis of next-generation secure blockchain currencies and technologies.
Ghassan O. Karame is the Manager and Chief Researcher of the Security Group of NEC Research Laboratories in Germany. Until April 2012, he was working as a postdoctoral researcher in the Institute of Information Security of ETH Zurich, Switzerland. He holds a Master of Science degree in Information Networking from Carnegie Mellon University (CMU), and a PhD degree in Computer Science from ETH Zurich. Ghassan is interested in all aspects of security and privacy with a focus on cloud security, SDN/network security, and Blockchain security.
Alexandra Dmitrienko is a postdoctoral researcher at ETH Zurich, she joined the System Security Group lead by Prof. Srdjan Capkun at the beginning of 2016. Before joining ETH, she was a Fraunhofer researcher – she joined the Cyber-Physical System Security Group of the Fraunhofer Institute for Secure Information Technology (SIT) in Germany in 2011, and in 2015 she established her own research group on Secure Mobile Services. She obtained her doctoral degree in Information Security from the Technical University in Darmstadt in 2015 with distinction and received two awards for her PhD: the Doctoral Student Honor Award from Intel, and the ERCIM STM Award for the best PhD Thesis given by the European Research Consortium in Informatics and Mathematics. Her research interests focus on secure software engineering and security of mobile and distributed systems. Among other topics, she is interested in security aspects of blockchain technology and in blockchain applications.