Sonia Belaïd, Cryptography Engineer at Thales Communications (France)
Use of formal tools to improve the security of masked implementations
While most cryptographic algorithms are assumed to be secure against black-box attacks, they are often vulnerable to side-channel attacks which exploit the physical emanations of the underlying device (e.g., temperature, power consumption, time). In order to defeat such attacks, several countermeasures have been exhibited within the last two decades at different physical levels but the most deployed one remains the use of masking. It consists in randomly splitting each sensitive variable of the computation into t+1 shares, where the masking order t represents the security level. While this countermeasure is very useful to improve the security level, it can be complex to design while t grows. During this talk, I will discuss the use of formal methods to build higher-order masking schemes and the solutions that currently show up. In particular, I will present two formal tools. The first one automatically verifies the security of masked implementations and the second automatically generates formally secure masked implementations of cryptographic algorithms from their unprotected version.
Sonia Belaïd is a cryptography engineer at Thales Communications & Security. She defended her PhD thesis last October on side-channel attacks and countermeasures under the supervision of Michel Abdalla (ENS, Paris) and Pierre-Alain Fouque (Université de Rennes 1). Her interests include cryptography, cybersecurity and more recently formal methods. In particular, she has contributed new efficient and formally proven secure countermeasures to thwart side-channel attacks.
Leo Ducas, Researcher at CWI (Netherlands)
NewHope, Frodo, in Between and Beyond
AbstractWe start by a brief presentation of NewHope, an instantiation of a post-quantum Key-Exchange scheme based on the Ring-LWE assumption with a few new trick toward, simplicity, efficiency and security in the wild. We then summarize recent developments in quantum algorithms for algebraic lattices which incite the use of weaker assumption. This was done in the scheme Frodo (take off the ring!), using the much weaker LWE assumption, but with a significant loss of bandwidth efficiency. Finally, we will discuss intermediate solution, that could swipe fears of algebraic attacks while maintaining acceptable bandwidth. If time allows, we will mention natural ideas from the theory of codes and lattice-packing to improve bandwidth further.
Leo is an alumni student from Ecole normale supérieure (France), and a former postdoc from UC San Diego. He is now a famous researcher for all his results on lattice-based cryptography and post-quantum cryptography, especially on signatures, fully homomorphic schemes and in cryptanalysis. This year, he also won the Internet Defense Prize by Usenix and Facebook for his work on a lattice-based key exchange called NewHope.
Dario Fiore, Assistant Research Professor at IMDEA Software Institute (Spain)
Secure Outsourcing of Data and Computation to the Cloud
Can we let the Cloud process our data without breaking our privacy? Can we ensure that the Cloud performs correctly the tasks we delegate to it? Solutions to these questions are central towards a full adoption of Cloud computing, an undoubtedly successful paradigm that is also raising serious security concerns. This talk will discuss recent research developments in cryptography that help answering the above questions. Specifically, the talk will focus on solutions for integrity; it will present the notion of homomorphic authenticators, give an overview of the state of the art in this area, and cover some of the recent efficient constructions.
Dario Fiore is an assistant research professor at the IMDEA Software Institute in Madrid. He received his PhD degree in Computer Science from the University of Catania, Italy in 2010. Prior to joining the IMDEA Software Institute in November 2013, Dario held postdoctoral positions at Max Planck Institute for Software Systems (Germany), New York University (USA), and Ecole Normale Superieure (France). During his PhD, he was also a visiting student at the IBM T.J. Watson research center and the New York University. Dario's research interests are in Cryptography and Security. He works on designing provably-secure cryptographic protocols, with a particular emphasis on the security of Cloud computing.
Jovan Golic, EIT Digital Action Line Leader for Privacy, Security & Trust (Italy)
Privacy, Security and Trust in Cyberspace: A Perspective
Challenges and solutions in the areas of cyber security and cyber privacy will be addressed. Special attention will be dedicated to the topics of digital identity management, privacy-aware user profiling, advanced crypto techniques for data protection, cyber surveillance, and backdoors in software and hardware. Mission, strategy, and innovation activities of the EIT ICT Labs / EIT Digital Action Line for Privacy, Security and Trust will be highlighted.
Jovan Golic has been working in the field of information security for more than three decades, both in academic and industrial world. In his current position at the Security Lab of Telecom Italia Group, he has been working on a number of projects related to data anonymization and pseudonymization, format-preserving and syntax-preserving encryption, pseudorandom number generation and stream ciphers, true random number generation in hardware, secure hardware implementations, secret sharing and key agreement protocols, intrusion detection, statistical anomaly detection, biometric authentication, authentication in ad hoc networks, security in information-centric networks, and embedded SIM protocols. He has been also involved in startup creation and delivering services and products to the market.
Before joining Telecom Italia in 2003, he had worked for two years with the Rome CryptoDesign Center of Gemplus, the world-known smart card company, on the design of smart cards with enhanced security features, such as resistance to side-channel attacks and high-quality true random number generation. Before that, he has pursued an academic career, including professorial or research positions at the Faculty of Electrical Engineering, University of Belgrade, the Information Security Research Centre, Queensland University of Technology, Brisbane, the Institute of Applied Mathematics and Electronics, Belgrade, as well as the School of Electrical Engineering, Cornell University.
Jovan Golic established a worldwide reputation for his research and innovation contributions to many areas of cryptography, cryptanalysis, hardware security, network security, and information security in general. He has published more than one hundred papers in prestigious international journals and book series, e.g., 25 papers in the IEEE Transactions. He holds a dozen international patents or patent applications, produced while working with Telecom Italia.
Jovan Golic has been the Action Line Leader for Privacy, Security & Trust of the EIT Digital since July 2013.
Christian Grothoff, TAMIS team leader at INRIA (France)
Enabling Secure Web Payments with Taler
This talk will focus on Taler, a new electronic payment system designed to provide a reasonable trade-off between privacy for citizens and transparency for governments. Building on established
ideas for anonymous payments, Taler introduces new cryptographic mechanisms to give change and refunds, and implements a modern protocol with dramatic usability improvements for secure online payments.
Christian Grothoff is leading the DECENTRALISE team at Inria Rennes. He maintains GNUnet, a network designed with the goal to provide privacy and security without the need for trusted third parties. He earned his PhD in computer science from UCLA, an M.S. in computer science from Purdue University, and a Diploma in mathematics from the University of Wuppertal.
Shay Gueron, Professor at University of Haifa (Dept. of Mathematics) and Senior Principal Engineer at Intel Corp. (Israel)
Intel’s Software Guard Extensions technology and the Memory Encryption Engine
Intel has recently introduced a powerful security architecture called “Software Guard Extensions” (SGX). This security technology is designed to allow a general purpose computer platform to run application software in a trustworthy manner, and to handle secrets that are inaccessible to anyone outside the defined trust boundaries. These trust boundaries encompass only the CPU internals, implying, in particular, that the system memory is untrusted. Consequently, cryptographic protection of memory is required for SGX. To this end, SGX is supported by an autonomous hardware unit called the Memory Encryption Engine (MEE), whose role is to protect the confidentiality, integrity, and freshness of the CPU-DRAM traffic over some memory range.
In this talk, I will start by a brief description of the basic functionality of SGX, the MEE threat model, its security objectives, and design challenges under very strict engineering constraints. I will then explain the MEE design, cryptographic properties and security margins, and will show some concrete performance results.
Shay Gueron is an Associated Professor at the Department of Mathematics at the University of Haifa in Israel. In addition, he is also an Intel Senior Principal Engineer, serving as the Chief Core Cryptography Architect of the CPU Architecture Group. In this role, he is responsible for some of the latest CPU instructions that speed up cryptographic algorithms, such as the AES-NI and the carry-less multiplier instruction, the coming VPMADD52 instruction for public key operations, and for various micro architectural enhancements in the Intel Cores.
Shay has contributed to software patches to open source libraries, such as OpenSSL and NSS; offering significant performance gains to encryption, authenticated encryption, public key algorithms, and hashing. He is one of the architects of the new Intel® Software Guard Extensions (SGX) security technology, in charge of the cryptographic definition and implementation of SGX. He is the inventor of the Memory Encryption Engine that is part of the latest Intel processor, micro-architecture codename Skylake processor.
Together with Professor Lindell and Adam Langley of Google, Shay is a co-author of the AES-GCM-SIV nonce misuse resistant authenticated encryption, submitted to the IETF / CFRG.
Shay’s interests include applied cryptography, applied security, and applied algorithms.
Angela Jäschke, PhD at the University of Mannheim (Germany)
Fully Homomorphic Encryption and its Relatives: A Walk through the Definition Jungle
Fully homomorphic encryption (FHE) schemes are encryption schemes which allow computations on encrypted data without revealing this data to the party performing the computation. This is done in a manner such that the (encrypted) result does not reveal what kind of function was applied to the data. Since this theoretically allows secure outsourcing of computations to untrusted third parties, FHE has dubbed the holy grail of cryptography, an elusive goal which could solve the IT world's problems of security and trust. Research in the area exploded after 2009 when it was shown that FHE can be realized in principle. Since then, considerable progress has been made in finding more practical and more efficient solutions. While research quickly developed, terminology and concepts became diverse and confusing, with one term often describing several different notions. Also, there are different weaker notions of FHE, where the set of functions that can be applied to the ciphertexts is restricted, and it can be challenging to distinguish between these variants. As a result, it can be difficult to understand what the achievements and limitations of different works actually are.
This talk will address three fundamental questions: What is FHE? What can FHE be used for? What is the state of FHE today? As well as surveying the field, we will clarify different terminology in use and explain connections between different FHE-related notions.
Born in Berlin, Angela Jäschke grew up in Berlin (Germany), Boston (USA) and Heidelberg (Germany). After graduating high school in 2007, she started her studies of Mathematics at the University of Heidelberg with a Minor in Economics. In 2010/11, she spent a year abroad at the University of Utah (Salt Lake City, USA), where she was awarded with the Dean’s List for outstanding academic achievement in both semesters. Upon returning, she wrote her diploma thesis about “Security Issues in Functional Encryption” and graduated with the mark “very good” in 2013. Since 2013, Angela has been a PhD student at University of Mannheim, where she has worked in several industry projects (involving both research and implementation). Her primary field of study is Fully Homomorphic Encryption, with the most recent paper (titled “Accelerating Homomorphic Computations on Rational Numbers”) examining optimizations for computations on encrypted data, the importance of encoding choices and applications to Machine Learning.
Seny Kamara, Associate Professor of Computer Science at Brown University (USA)
SQL on Structurally-Encrypted Databases
We show how to encrypt a relational database in such a way that it can efficiently support a large class of SQL queries. Our construction is based solely on structured encryption and does not make use of any property-preserving encryption (PPE) schemes such as deterministic and order-preserving encryption. As such, our approach leaks considerably less than PPE-based solutions which have recently been shown to reveal a lot of information in certain settings (Naveed et al., CCS '15). Our construction achieves asymptotically optimal query complexity under very natural conditions on the database and queries.
Researcher in the Cryptography Group at Microsoft Research. His research interests are in cryptography and security with a focus on privacy issues in surveillance, cloud computing and databases. He received his Ph.D. in Computer Science from Johns Hopkins University.
In 2016, he was appointed by the National Academies of Sciences to the committee on Law Enforcement and Encryption to study the options and tradeoffs of law enforcement access to data in an era of widespread encryption. The Boston Global Foundation named Professor Kamara as a Dukakis Leadership Fellow in 2016 for his work and commitment to global peace. In 2006, he was a research fellow at the UCLA Institute for Pure and Applied Mathematics.
Wolfgang Kniejski, EIT Digital Business Community Leader Digital Infrastructure
The Business Community Digital Infrastructure - Access-to-Market support for high-tech startups
Business Communities are marketplaces that connect the carriers of innovation to any interested customer, within EIT Digital for each of the so called “Action Lines”. The Action Line Digital Infrastructure also includes Privacy, Security & Trust technologies with an understanding how information technologies impact the privacy of individuals as well as about developing new privacy-preserving and secure technologies to protect them. The action line Digital Infrastructure is transversal to the other action lines of EIT Digital and as such a unique European marketplace connecting innovation buyers (and investors) with selected EIT Digital startups and market-ready innovations for deal and match making. The Business Community also enables market-pull of innovation and facilitates fund raising for EIT Digital startups. The Business Community will enhance the investment of EIT Digital in coached startups and so called “Innovation Activities” on the one hand and strengthen its brand in the European and global innovation market on the other. As dedicated and innovative marketplace, the Business Community promotes carefully selected innovation output (activities' solutions, startups’ products) to relevant prospects through a series of matchmaking tools and actions (website, public events, flyers, success stories, testimonials, word of mouth...).
Dr. h.c. Wolfgang. Kniejski joined the EIT Digital Accelerator team in April 2014. He supports the business development of startup companies from all over Europe. In addition, he is leading the Business Community for Digital Infrastructure technologies, supporting the innovations, in which EIT Digital invested, into international market expansion. He is represented in the Boards of several high-tech companies and technology transfer organisations all over the world.
After finishing studying business management and economics at the University of Mannheim, Germany, Wolfgang Kniejski started his business career in 1991 as the Financial Manager of Fraunhofer Institute for Computer Graphics, in Darmstadt, Germany. In 1999 he took the position as Business Manager of INI-GraphicsNet Foundation, since 2004 he was appointed as its Treasurer and Business Director. In this capacity he developed and implemented successfully methodologies and processes to support the technology commercialisation for universities and research institutions via licensing and spin-off activities. Dr. Kniejski spun his technology commercialisation knowledge off into his own company and created INI-Novation GmbH as an innovation management and consulting entity. In 2006, he won the innovation award of the Singaporean government for exploiting the integrated technology commercialisation concept to Singapore.
He was appointed as innovation consultant by different governmental agencies on an international level to develop concepts for High-Tech Incubators and Business and Science Parks, and he is also jury member in several international business plan and idea competitions.
Marc Lacoste, System security expert at Orange Labs (France)
Shielded Trusted Execution in Virtual Environments: Challenges and Solutions
Complex virtualized systems like clouds of clouds include multiple untrusted layers and vulnerable security domains. Isolation and trust management are closely intertwined: to fence out malicious VMs from other VMs and provider infrastructure; or, to provide provable protection guarantees to shield VMs against insider attacks from an untrusted infrastructure. Mechanisms are still missing, both: to guarantee secure execution of VMs despite compromise of intermediate infrastructure layers; and to guarantee link integrity between a VM and hardware resources.
Different solutions have been proposed, such as isolation architectures based on a trusted layer (e.g., nested virtualization) or minimizing the TCB (unikernels), attestation protocols based on Chains of Trust, or secure virtual enclaves (e.g., Intel SGX technology) for secure VM computation despite hypervisor compromise. However, it remains unclear how such technologies may be compared or composed. In this talk, we will provide some insight on their security benefits and limitations, and on remaining challenges towards unified isolation and trust management for virtualized environments. We will also discuss recent results to manage chains of trust between Intel SGX enclaves in a multi-cloud infrastructure.
Dr. Marc Lacoste is a Senior Research Scientist in the Security Department of Orange Labs. His main research interests are in security architecture, cloud computing security, self-protecting systems, and open security kernels. Dr. Lacoste received engineering degrees from Ecole Polytechnique and Télécom ParisTech, and holds a Ph.D. degree in Computer Science from the University of Grenoble, France. He contributed to several European projects, and is currently the Technical Leader of the SUPERCLOUD H2020 Project on user-centric, self-managed security and dependability of multi-cloud infrastructures. He served in several major conference program committees. Member of the ACM, he also published numerous security research papers in international conferences, and holds several patents in security.
Olya Ohrimenko, Researcher at Microsoft Research (UK)
Oblivious Multi-Party Machine Learning on Trusted Processors
Privacy-preserving multi-party machine learning allows multiple organizations to perform collaborative data analytics while guaranteeing the privacy of their individual datasets. Using trusted SGX-processors for this task yields high performance, but requires a careful selection, adaptation, and implementation of machine-learning algorithms to provably prevent the exploitation of any side channels induced by data-dependent access patterns.
In this talk, I will present our data-oblivious counterparts of several machine learning algorithms including support vector machines, matrix factorization, neural networks and decision trees. These algorithms are designed to access memory without revealing secret information about their input. We use algorithmic techniques as well as platform specific hardware features to ensure that only public information, such as dataset size, is revealed.
I will show that our efficient implementation on Intel Skylake processors scales up to large, realistic datasets, with overheads several orders of magnitude lower than with previous approaches based on advanced cryptographic multi-party computation schemes.
This is based on joint work with Felix Schuster, Cédric Fournet, Sebastian Nowozin, Kapil Vaswani and Manuel Costa from MSR Cambridge and Aastha Mehta from MPI-SWS that appeared in USENIX Security 2016.
Olya Ohrimenko is a researcher in Constructive Security Group at Microsoft Research, Cambridge, and a research fellow at Darwin College, Cambridge University. Her research interests include privacy, integrity and security issues that emerge in the cloud computing environment. Olya received her Ph.D. degree from Brown University in 2013 and a B.CS. (Hons) degree from The University of Melbourne in 2007.
Cristina Onete, Post-Doc, Embedded Security and Cryptography Team at IRISA (France)
Proxying over TLS: Breaking and Fixing CloudFlare's Keyless SSL
One of the fundamental goals of cryptography is enabling parties to communicate securely over an insecure channel. This functionality is required in our everyday use of the Internet, for secure Internet browsing, secure emailing, messaging, and even Voice over IP conversations.
In order to construct a secure channel between two parties (usually a client and a server), the participants execute an authenticated key exchange protocol (AKE), which enables them, starting from some initial long-term data, to establish fresh, session-specific keys. This first step is also called a handshake. In a second step, the session keys are use to authenticate and encrypt the data exchanged by the two parties, thus essentially constructing that secure channel.
TLS/SSL is one of the most widely used protocols today, ensuring secure-channel establishment over the Internet. Though a subject of debate for many years, the TLS 1.2 protocol was proved secure under a series of assumptions. However, in real-world applications, TLS is not used in the way it was designed, namely, between the client and the server directly. Instead, cloud-based content delivery network architectures (CDN) have introduced a three-party handshake, such that the client obliviously connects to a cloud provider, which caches and delivers the server's content. In this talk we show that one type of CDN, namely CloudFlare's Keyless SSL, proxies TLS in a way that breaks the protocol's security in various ways. We will also show how to fix their Keyless protocol design, with the surprising result that our novel Keyless TLS 1.3 (i.e. using the newly designed TLS 1.3 version) is in fact much more efficient than the fixed Keyless TLS 1.2, whilst attaining the same properties.
Cristina Onete is a post-doctoral researcher at the Université de Rennes 1, working as part of the ANR-funded SafeTLS project in the Embedded Security and Cryptography (EMSEC) research team. Her work focuses on provable security, in particular with a focus on authentication, AKE, and distance-bounding protocols. She joined the EMSEC research team in September 2015 and was before a member of the CIDRE team (at the IRISA Rennes), working with Sébastien Gambs on topics of provable privacy.
Luigi Rebuffi, CEO of European Organisation for Security (EOS), General Secretary of European Cyber Security Organisation (ECSO)
European cybersecurity Public Private Partnership: a challenge for our society at regional, national and European level
The cybersecurity cPPP brings together actors throughout Europe and across the diverse segments of the economy and society implicated in the development of a secure and trusted digital market (e.g. technology and solution suppliers and service providers, public and private sector customers and users, policy makers and public administrations) in pursuit of an agreed and coordinated strategy and policy actions aimed at:
- Protecting the (growth of the) European Digital Single Market from cyber threats;
- Structuring, consolidating and strengthening the European cybersecurity market with trustworthy and privacy aware technologies, products services and solutions;
- Supporting the development of European capabilities to develop and bring to market innovative cybersecurity technologies and, thereby, building a strong, resilient and globally competitive European cybersecurity industry with a strong European‐based offering and an equal level playing field.
Luigi Rebuffi is the CEO and founder of EOS (European Organisation for Security) and the Secretary General (and Chairman of the Board ad interim) of ECSO (European Cyber Security Organisation). After having graduated in Nuclear Engineering at the Politecnico di Milano, ha has worked on the development of high power microwave systems for the next thermonuclear fusion reactor (ITER). He continued his carrier at Thomson CSF / Thales where he took on increasing responsibilities for European Affairs (R&D) in different sectors: telecom, industrial, medical, scientific, and becoming in 2003 Director for European Affairs for the civilian activities of the Group. In 2007, he suggested the creation of EOS and coordinated its establishment while he was still Deputy Director for Security at ASD.
He is a Member of the Protect and Security Advisory Group on EU Security Research and President of the Steering Board of the French ANR for security research.
Florian Tramèr, Professor at EPFL (Switzerland)
Sealed-Glass Proofs: Using Transparent Enclaves to Prove and Sell Knowledge
Trusted hardware systems, such as Intel's SGX, aim to provide strong confidentiality and integrity assurances for applications. Recent work, however, raises serious concerns about the vulnerability of such systems to side-channel attacks. Application confidentiality, in particular, remains an elusive goal due to leakage of data access patterns, timing, and more.
In light of these vulnerabilities, we explore use-cases of trusted hardware for which security is not contingent on applications keeping secrets from their environment. To this end, we introduce "Sealed-Glass Proofs" (SGP), a primitive that specifically models the capabilities of trusted hardware that can attest to *correct execution* of a piece of code, but whose execution is *transparent*, meaning that an application's secrets and state are visible to other processes on the same host.
I will describe one compelling application of SGPs we considered: an implementation of an end-to-end bug bounty (or zero-day solicitation) platform that couples SGPs with a smart contract. Bounty hunters use SGPs (built on top of SGX) to prove knowledge of a bug or exploit and then proceed to sell their discovery to interested buyers using a cryptocurrency system with expressive smart contract capabilities (e.g., Ethereum or possibly Bitcoin). Our platform enables a marketplace that achieves fair exchange, protects against unfair bounty withdrawals, and resists denial-of-service attacks by dishonest sellers. Our work shows how trusted hardware systems such as SGX can support trustworthy applications even in the presence of powerful side channel attacks.
This is joint work with Fan Zhang, Huang Lin, Jean-Pierre Hubaux, Ari Juels and Elaine Shi.
Florian Tramèr is a PhD candidate at Stanford University. Before joining Stanford, he was a research assistant at EPFL, working with Prof. Jean-Pierre Hubaux.
His main interests are in Security and Cryptography, with recent projects spanning topics in genomic privacy, algorithmic fairness, applications of trusted hardware, and security of machine learning services.
He received his Bachelor’s and Master’s degrees in Computer Science from EPFL in 2012 and 2015 respectively.
Thomas Jensen, Head of research at INRIA, CominLabs Labex (France)
Security research in the LABEX Comin Labs
In this talk, I'll give an overview of the Security Track of the LABEX Comin Labs and its activities around cryptography, malware detection and Web security.
Thomas Jensen is directeur de recherche at Inria and head of the Celtique team at Inria Rennes. He has a PhD from Imperial College London and a habilitation from U. Rennes 1. His research areas cover program analysis, programming languages, and software security. He has been involved in a series of projects related to software security, including the ANSSI JavaSec project and the SawjaCard project on certification of Java Card applications. Since 2015, he is responsible for the security track of the LABEX Comin Labs
Bjoern Tackmann, Researcher at IBM Research (Switzerland)
The Use of Authenticated Encryption in TLS 1.3
TLS, the Transport Layer Security protocol, is the most widely used cryptographic protocol in the Internet. The most recent protocol version, TLS 1.2, has been specified in 2006. Since then, multiple security flaws have been found in the protocol. Additionally, the protocol structure leads to poor session setup speed in the now prevalent mobile use case. The Internet Engineering Task Force has therefore started the development of a new protocol version, TLS 1.3, to address these concerns. One particular mechanism that was added to the protocol is a measure against mass surveillance attacks. In the research underlying this presentation, we analyzed that mechanism and suggested a modification with improved security.
Dr. Björn Tackmann is a postdoctoral researcher in the Cloud & Computing Infrastructure Department of IBM Research in Zürich, in the Industry Platforms and Blockchain research group. He received a Masters degree from the Karlsruhe Institute of Technology and holds a Ph.D. from ETH Zürich. He joined IBM Research in September 2016 after spending two years as a postdoctoral research scholar at the University of California in San Diego. His research interests span from the theoretical foundations of provable security to applied cryptography, and he is a contributor to the upcoming Internet security protocol standard TLS 1.3.