Software-Based Memory Erasure with Relaxed Isolation Requirements

distant attacker; formal verification; memory erasure; security protocols; Communications protocols; Distant attacker; End-devices; Formal modeling; Memory erasure; Protection methods; Protocol execution; Secure erasures; Security protocols; Time frame; Engineering (all)

Abstract :

[en] A Proof of Secure Erasure (PoSE) is a communication protocol where a verifier seeks evidence that a prover has erased the memory on a given device within the time frame of the protocol execution. Designers of PoSE protocols have long been aware that, if a prover can outsource the computation of the memory erasure proof to another device, then their protocols are trivially defeated. As a result, most software-based PoSE protocols in the literature assume that provers are isolated during the protocol execution, that is, provers cannot receive help from a network adversary. Our main contribution is to show that this assumption is not necessary. We introduce formal models for PoSE protocols playing against provers aided by external conspirators and develop two PoSE protocols that we prove secure in this context. We reduce the requirement of isolation to the more realistic requirement that the communication with the external conspirator is relatively slow. Software-based protocols with such relaxed isolation assumptions are especially pertinent for low-end devices, where it is too costly to deploy sophisticated protection methods.

Disciplines :

Computer science

Author, co-author :

BURSUC, Sergiu ; University of Luxembourg > Faculty of Science, Technology and Medicine > Department of Computer Science > Team Sjouke MAUW

GIL PONS, Reynaldo ; University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS)

MAUW, Sjouke ; University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS)

Trujillo-Rasua, Rolando; Rovira i Virgili University, Spain

External co-authors :

yes

Language :

English

Title :

Software-Based Memory Erasure with Relaxed Isolation Requirements

Publication date :

12 July 2024

Event name :

2024 IEEE 37th Computer Security Foundations Symposium (CSF)

Event place :

Enschede, Nld

Event date :

08-07-2024 => 12-07-2024

Main work title :

Proceedings - 2024 IEEE 37th Computer Security Foundations Symposium, CSF 2024

Publisher :

IEEE Computer Society

ISBN/EAN :

9798350362039

Peer reviewed :

Peer reviewed

Additional URL :

http://xplorestaging.ieee.org/ielx8/10664196/10664201/10664348.pdf?arnumber=10664348

Funders :

IEEE Computer Society's Technical Committee on Security and Privacy

Funding text :

Reynaldo Gil-Pons was supported by the Luxembourg National Research Fund, Luxembourg, under the grant AFR-PhD-14565947. Rolando Trujillo-Rasua was funded by a Ramon y Cajal grant from the Spanish Ministry of Science and Innovation and the European Union (REF: RYC2020-028954-I).

Available on ORBilu :

since 27 November 2024

Statistics

Number of views

63 (4 by Unilu)

Number of downloads

91 (2 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

OpenAlex citations

WoS citations^™

Bibliography

Aysajan Abidin et al. "Secure, Accurate, and Practical Narrow-Band Ranging System". IACR Transactions on Cryptographic Hardware and Embedded Systems (2021).
Joël Alwen, Jeremiah Blocki, and Ben Harsha. "Practical Graphs for Optimal Side-Channel Resistant Memory-Hard Functions". Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 2017.
Joël Alwen, Jeremiah Blocki, and Krzysztof Pietrzak. "Depth-Robust Graphs and Their Cumulative Memory Complexity". Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 2017.
Joël Alwen, Jeremiah Blocki, and Krzysztof Pietrzak. "Sustained Space Complexity". Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 2018.
Joël Alwen et al. "On the Complexity of Scrypt and Proofs of Space in the Parallel Random Oracle Model". Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 2016.
Joël Alwen et al. "Scrypt Is Maximally Memory-Hard". Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 2017.
Mahmoud Ammar, Bruno Crispo, and Gene Tsudik. "Simple: A Remote Attestation Approach for Resource Constrained Iot Devices". 2020 ACM/IEEE 11th International Conference on Cyber-Physical Systems (ICCPS). IEEE, 2020.
Mahmoud Ammar et al. "Speed: Secure Provable Erasure for Class-1 Iot Devices". Eighth ACM Conference on Data and Application Security and Privacy. 2018.
Sigurd Frej Joel Jørgensen Ankergaard, Edlira Dushku, and Nicola Dragoni. "State-of-the-Art Software-Based Remote Attestation: Opportunities and Open Issues for Internet of Things". Sensors 21. 5 (2021).
Frederik Armknecht et al. "A Security Framework for the Analysis and Design of Software Attestation". Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security. 2013.
Giuseppe Ateniese et al. "Proofs of Space: When Space Is of the Essence". International Conference on Security and Cryptography for Networks. Springer, 2014.
Mihir Bellare and Phillip Rogaway. "Random Oracles Are Practical: A Paradigm for Designing Efficient Protocols". Proceedings of the 1st ACM Conference on Computer and Communications Security. 1993.
Jeremiah Blocki and Mike Cinkoske. "A New Connection Between Node and Edge Depth Robust Graphs". 12th Innovations in Theoretical Computer Science Conference (ITCS 2021). Schloss Dagstuhl-Leibniz-Zentrum für Informatik. 2021.
Ioana Boureanu et al. "Security Analysis and Implementation of Relay-Resistant Contactless Payments". Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. 2020.
Sergiu Bursuc et al. Software-Based Memory Erasure with relaxed isolation requirements: Extended Version. 2024. arXiv: 2401. 06626 [cs. CR].
Claude Castelluccia et al. "On the Difficulty of Software-Based Attestation of Embedded Devices". Proceedings of the 16th ACM Conference on Computer and Communications Security. 2009.
Mauro Conti et al. "Evexchange: A Relay Attack on Electric Vehicle Charging System". Computer Security-ESORICS 2022: 27th European Symposium on Research in Computer Security, Copenhagen, Denmark. Springer, 2022.
Anindya De, Luca Trevisan, and Madhur Tulsiani. "Time Space Tradeoffs for Attacks against One-Way Functions and PRGs". Annual Cryptology Conference. Springer, 2010.
Cynthia Dwork, Moni Naor, and Hoeteck Wee. "Pebbling and Proofs of Work". Annual International Cryptology Conference. Springer, 2005.
Stefan Dziembowski, Tomasz Kazana, and Daniel Wichs. "One-Time Computable Self-Erasing Functions". Theory of Cryptography Conference. Springer, 2011.
Stefan Dziembowski et al. "Proofs of Space". Annual Cryptology Conference. Springer, 2015.
E. M. V. EMVCo. "Contactless Specifications for Payment Systems". Book C-2, Kernel 2 (2021).
Paul Erdos, Ronald L. Graham, and Endre Szemerédi. "On Sparse Graphs with Dense Long Paths". Comp. and Math. with Appl 1 (1975).
Reynaldo Gil Pons et al. "Is Eve Nearby? Analysing Protocols under the Distant-Attacker Assumption". IEEE Computer Security Foundations Symposium, August 7-10, 2022, Haifa, Israel. 2022.
Peter Gutmann. "Secure Deletion of Data from Magnetic and Solid-State Memory". 6th USENIX Security Symposium (USENIX Security 96). San Jose, CA: USENIX Association, July 1996.
Ghassan O. Karame and Wenting Li. "Secure Erasure and Code Update in Legacy Sensors". International Conference on Trust and Trustworthy Computing. Springer, 2015.
Nikolaos P. Karvelas and Aggelos Kiayias. "Efficient Proofs of Secure Erasure". International Conference on Security and Cryptography for Networks. Springer, 2014.
Chongkyung Kil et al. "Remote Attestation to Dynamic System Properties: Towards Providing Complete System Integrity Evidence". IEEE/IFIP International Conference on Dependable Systems & Networks. 2009.
Dénes Konig. "Graphs and Matrices". Matematikai és Fizikai Lapok 38 (1931).
Boyu Kuang et al. "A Survey of Remote Attestation in Internet of Things: Attacks, Countermeasures, and Prospects". Computers & Security 112 (2022).
Francesca Meneghello et al. "IoT: Internet of Threats? A Survey of Practical Security Vulnerabilities in Real IoT Devices". IEEE Internet of Things Journal 6. 5 (2019).
Lily Hay Newman. An Elaborate Hack Shows How Much Damage IoT Bugs Can Do. https://www. wired. com/story/elaborate-hack-shows-damage-iot-bugscan-do/. 2010.
Bryan Parno, Jonathan M. McCune, and Adrian Perrig. "Bootstrapping Trust in Commodity Computers". IEEE Symposium on Security and Privacy. IEEE, 2010.
Daniele Perito and Gene Tsudik. "Secure Code Update for Embedded Devices via Proofs of Secure Erasure". European Symposium on Research in Computer Security. Springer, 2010.
Krzysztof Pietrzak. "Proofs of Catalytic Space". 10th Innovations in Theoretical Computer Science Conference, ITCS 2019, January 10-12, 2019, San Diego, California, USA. Ed. by Avrim Blum. Vol. 124. LIPIcs. Schloss Dagstuhl-Leibniz-Zentrum für Informatik, 2019.
Andreea-Ina Radu et al. "Practical EMV Relay Protection". 2022 IEEE Symposium on Security and Privacy (SP). IEEE, 2022.
Kasper Bonne Rasmussen and Srdjan Capkun. "Realization of RF Distance Bounding. " USENIX Security Symposium. 2010.
Georg Schnitger. "On Depth-Reduction and Grates". 24th Annual Symposium on Foundations of Computer Science (Sfcs 1983). IEEE, 1983.
Arvind Seshadri et al. "SWATT: Software-based Attestation for Embedded Devices". IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004. IEEE, 2004.
Rolando Trujillo-Rasua. "Secure Memory Erasure in the Presence of Man-in-the-Middle Attackers". Journal of Information Security and Applications 57 (2019).
Dominique Unruh. "Random Oracles and Auxiliary Input". Annual International Cryptology Conference. Springer, 2007.