CyLab

CAMELLIA is a 128 bit block cipher certified for its security by NESSIE and CRYPTREC. Yet an implementation of CAMELLIA can easily fall prey to cache attacks. In this paper we present an attack on CAMELLIA, which utilizes cache access patterns along with the differential properties of CAMELLIA's s-boxes. The attack, when implemented on a PowerPC microprocessor having a 32 byte cache line size requires power traces from 2 16 different encryptions. Further, the work shows that this trace requirement reduces to 2 11 if a 64 byte cache line is used.

CAMELLIA is a 128 bit block cipher certified for its security by NESSIE and CRYPTREC. Yet an implementation of CAMELLIA can easily fall prey to cache attacks. In this paper we present an attack on CAMELLIA, which utilizes cache access patterns along with the differential properties of CAMELLIA's s-boxes. The attack, when implemented on a PowerPC microprocessor having a 32 byte cache line size requires power traces from 2 16 different encryptions. Further, the work shows that this trace requirement reduces to 2 11 if a 64 byte cache line is used.

Reported results on cache trace attacks on CLEFIA do not work with increased cache line size. In this paper we present an enhanced cache trace attack on CLEFIA using the differential property of the s-boxes of the cipher and the diffusion properties of the linear transformations of the underlying Feistel structures. The attack requires 3 round keys, which are obtained by monitoring cache access patterns of 4 rounds of the cipher. A theoretical analysis is made on the complexity of the attack, while experimental results are presented to show the effectiveness of power and timing side-channels in deducing cache access patterns. The efficacy of the attack is theoretically justified by showing the effect of cache line size on the time and space complexity of the attack. Finally countermeasures that guarantee security against cache-attacks are compared for their efficiency on large cache lines.

Verifiable secret sharing (VSS) is a vital primitive in secure distributed computing. It allows an untrusted dealer to verifiably share a secret among n parties in the presence of an adversary controlling at most t of them. VSS in the synchronous communication model has received tremendous attention in the cryptographic research community. Nevertheless, recent interest in deploying secure distributed computing over the Internet requires going beyond the synchronous model and thoroughly investigating VSS in the asynchronous communication model. In this work, we consider the communication complexity of asynchronous VSS in the computational setting for the optimal resilience of n = 3t + 1. The best known asynchronous VSS protocol by Cachin et al. has O(n 2 ) message complexity and O(κn 3 ) communication complexity, where κ is a security parameter. We close the linear complexity gap between these two measures for asynchronous VSS by presenting two protocols with O(n 2 ) message complexity and O(κn 2 ) communication complexity. Our first protocol satisfies the standard VSS definition, and can be used in stand-alone VSS scenarios as well as in applications such as Byzantine agreement. Our second and more intricate protocol satisfies a stronger VSS definition, and is useful in all VSS applications including multiparty computation and threshold cryptography.

ABSTRACT In a series of studies, we investigated a user interface intended to help users stay aware of their access-control policy even when they are engaged in another activity as their primary task. Methodological issues arose in each study that impacted the scope of the results. We describe the difficulties encountered during each study, and changes to the methodology designed to overcome those difficulties.

Several works have recently shown that Android's security architecture cannot prevent many undesired behaviors that compromise the integrity of applications and the privacy of their data. This paper makes two main contributions to the body of research on Android security: first, it develops a formal framework for analyzing Android-style security mechanisms; and, second, it describes the design and implementation of Sorbet, an enforcement system that enables developers to use permissions to specify secrecy and integrity policies.

Abstract In this work we ask the question: what are the challenges of managing a physical or file system access-control policy for a large organization? To answer the question, we conducted a series of interviews with thirteen administrators who manage access-control policy for either a file system or a physical space.

Abstract. Run-time monitors ensure that untrusted software and system behavior adheres to a security policy. This paper defines an expressive formal framework, based on I/O automata, for modeling systems, policies, and run-time monitors in more detail than is typical. We explicitly model, for example, the environment, applications, and the interaction between them and monitors.

ABSTRACT Text-based passwords are still the most commonly used authentication mechanism in information systems. We took advantage of a unique opportunity presented by a significant change in the Carnegie Mellon University (CMU) computing services password policy that required users to change their passwords. Through our survey of 470 CMU computer users, we collected data about behaviors and practices related to the use and creation of passwords.

Abstract The proliferation of advanced technologies has been altering our lifestyle and social interactions–the next frontier is the digital home. Although the future of smart homes is promising, many technical challenges must be addressed to achieve convenience and security. In this paper, we delineate the unique combination of security challenges specifically for access control and consider the challenges of how to simply and securely assign access control policies to visitors for home devices and resources.

Abstract Recent years have seen a dramatic increase in the number and importance in daily life of smartphones and similar mobile devices. The security properties that these devices provide to their applications, however, are inadequate to protect against many undesired behaviors. A broad class of such behaviors is violations of simple information-flow properties.

Abstract As users store and share more digital content at home, access control becomes increasingly important. One promising approach for helping non-expert users create accurate access policies is reactive policy creation, in which users can update their policy dynamically in response to access requests that would not otherwise succeed. An earlier study suggested reactive policy creation might be a good fit for file access control at home.

As users store and share more digital content at home, effective access control becomes increasingly important. One promising approach to helping non-expert users create accurate access policies is reactive policy creation, in which users can update their policy dynamically in response to access requests that cannot otherwise succeed. An earlier study [8] suggested that reactive policy creation might be a good fit for file access control at home.

Abstract: Logical techniques have been developed that capture both authorization and information flow requirements in security applications. These logical techniques achieve a significantly higher degree of end-to-end accountability in distributed systems than is currently possible. Furthermore, a case study has shown that these techniques are applicable to security policies that are relevant to the needs of the intelligence community while providing much greater flexibility in security policy specification.

Abstract In access-control systems, policy rules conflict when they prescribe different decisions (allow or deny) for the same access. We present the results of a user study that demonstrates the significant impact of conflict-resolution method on policy-authoring usability. In our study of 54 participants, varying the conflict-resolution method yielded statistically significant differences in accuracy in five of the six tasks we tested, including differences in accuracy rates of up to 78%.

Abstract Authorization logics allow concise specification of flexible access-control policies, and are the basis for logic-based access-control systems. In such systems, resource owners issue credentials to specify policies, and the consequences of these policies are derived using logical inference rules. Proofs in authorization logics can serve as capabilities for gaining access to resources.

Abstract A number of research systems have demonstrated the benefits of accompanying each request with a machine-checkable proof that the request complies with access-control policy-a technique called proof-carrying authorization. Numerous authorization logics have been proposed as vehicles by which these proofs can be expressed and checked. A challenge in building such systems is how to allow delegation between institutions that use different authorization logics.

Abstract We take a detailed look at how users, while focusing on non-permission tasks, notice and fix access-control permission errors depending on where the access-control policy is spatially located on a photo-sharing website. The access-control policy was placed on an online photo-sharing website under the photo or album, on the sidebar, or on a separate settings page.

Abstract A runtime monitor is a program that runs in parallel with an untrusted application and examines actions from the application's instruction stream. If the sequence of program actions deviates from a specified security policy, the monitor transforms the sequence or terminates the program. We present the design and formal specification of a language for defining the policies enforced by program monitors. Our language provides a number of facilities for composing complex policies from simpler ones.

A run-time monitor is a program that runs in parallel with an untrusted application and examines actions from the application's instruction stream. If the sequence of program actions deviates from a specified security policy, the monitor transforms the sequence or terminates the program. We present the design and formal specification of a language for defining the policies enforced by program monitors. Our language provides a number of facilities for composing complex policies from simpler ones.