When running software applications and services, we rely on the underlying execution platform: the hardware and the lower levels of the software stack. The execution platform is susceptible to a wide range of threats, ranging from accidental bugs, faults and leaks to maliciously-induced trojan horses. The problem is aggravated by growing system complexity and by increasingly-pertinent outsourcing and supply chain consideration. Traditional mechanisms, which painstakingly validate all system components, are expensive and limited in applicability.

What if the platform assurance problem is just too hard? Do we have any hope of securely running software when we cannot trust the underlying hardware, hypervisor, kernel, libraries and compilers?

This talk will discuss a potential approach for doing just so:
conducting trustworthy computation on untrusted execution platforms. The approach, "Proof-Carrying Data" (PCD), circumnavigates the threat of faults and leakage by reasoning solely about properties of a computation's output data, regardless of the process that produced it.
In PCD, the system designer prescribes the desired properties of the computation's outputs. These are then enforced using cryptographic proofs attached to all data flowing through the system, and verified at the system perimeter as well as internal nodes.

Joint works with Eli Ben-Sasson, Alessandro Chiesa and Daniel Genkin

09.35

פרופ' יובל ישי, הטכניון

Secure Multiparty Computation and Its Applications

Secure multiparty computation (MPC) allows two or more parties to perform a joint distributed computation without revealing their secrets to each other. While MPC has traditionally been viewed as an ends rather than a means, in recent years we have seen a growing number of unexpected applications of MPC and connections with problems from other domains. In this talk we will survey several of these connections and the research directions which they motivate. In particular, we will discuss the following connections:

How can MPC protocols which involve many parties and assume an honest majority be useful for two-party cryptography?

How can MPC be used to protect cryptographic hardware against side-channel attacks?

How can MPC with few rounds of interaction lead to fast cryptographic hardware?

How can MPC be useful for reliable and efficient access to data?

We present the first homomorphic signature scheme that is capable of evaluating multivariate polynomials on signed data. Given the public key and a signed data set, there is an efficient algorithm to produce a signature on the mean, standard deviation, and other statistics of the signed data. Previous systems for computing on signed data could only handle linear operations. The system uses ideal lattices in a way that is a ``signature analogue'' of Gentry's fully homomorphic encryption.

A homomorphic encryption scheme is one that allows computing on encrypted data, such that the result of the computation can still be decrypted. I will talk about recent developments in constructing (fully) homomorphic encryption schemes, and relations with protocols for secure function evaluation. Specifically, I will:

Describe the approach that underlies Gentry's recent homomorphic encryption scheme and its variants, and illustrate a few different instantiations of this approach.

Survey some easy (but often ignored) connections between homomorphic encryption schemes and protocols for two-party secure function evaluation.

Show how to extend homomorphic encryption schemes to a "multi hop"
setting: In this setting, several parties sequentially compute on the same encrypted data, and we want to allow each party to use not only the original encrypted data but also the results of prior computations.

13.40

רפי חן, הטכניון

New Techniques for Cryptanalysis of Hash Functions

Cryptographic hash functions take a message of arbitrary length and generate a short fingerprint. Their main use are for digital signatures, due to their collision resistance property, i.e., that it is hard to find two different messages that have the same fingerprint.

In this talk we review the development of hash functions from the time they were first introduced, along with cryptanalysis techniques that were developed to attack them. In particular we review the MD4 and SHA families of hash functions which are the de-facto standards.

We will briefly present the "neutral-bits" technique that enables an attacker to generate many messages that partially conform to a characteristic, and the "multi-block" technique that instead of directly attacking a single block for a collision, creates a path of near-collisions that can be found much more efficiently, and end with a collision. We finally introduce our recent technique which we call "second-order differential" technique. Our techniques are generic and we confirmed them by constructing attacks on SHA-0 and SHA-1.

14.30

איתי מאור, RSA Security

The Evolution of Online Fraud

Cybercrime continues to show no signs of slowing down. In fact, 2010 marked a year of new threats and increased
sophistication in attacks witnessed around the globe. The people behind these attacks have wide technical
knowledge, understanding of the online banking platforms and are highly motivated. The session will provide
insights into current Trojan techniques, share information about the cybercrime lifecycle and ecosystem,
present some of the latest intelligence findings from the RSA FraudAction Research Lab and give a unique
sneak peek into the sizzling underground of cybercrime.