Certified computer-aided cryptography: efficient provably secure machine code from high-level implementations

Detalhes bibliográficos
Autor(a) principal: Almeida, José Bacelar
Data de Publicação: 2013
Outros Autores: Barbosa, Manuel, Barthe, Gilles Jacques Denis, Dupressoir, François
Idioma: eng
Título da fonte: Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
Texto Completo: http://hdl.handle.net/1822/36148
Resumo: We present a computer-aided framework for proving concrete security bounds for cryptographic machine code implementations. The front-end of the framework is an interactive verification tool that extends the EasyCrypt framework to reason about relational properties of C-like programs extended with idealised probabilistic operations in the style of code-based security proofs. The framework also incorporates an extension of the CompCert certified compiler to support trusted libraries providing complex arithmetic calculations or instantiating idealized components such as sampling operations. This certified compiler allows us to carry to executable code the security guarantees established at the high-level, and is also instrumented to detect when compilation may interfere with side-channel countermeasures deployed in source code. We demonstrate the applicability of the framework by applying it to the RSA-OAEP encryption scheme, as standard- ized in PKCS#1 v2.1. The outcome is a rigorous analysis of the advantage of an adversary to break the security of as- sembly implementations of the algorithms specified by the standard. The example also provides two contributions of independent interest: it bridges the gap between computer-assisted security proofs and real-world cryptographic implementations as described by standards such as PKCS,and demonstrates the use of the CompCert certified compiler in the context of cryptographic software development.
id RCAP_e0da88ef2bb8e8e245a631328ba5ef5e
oai_identifier_str oai:repositorium.sdum.uminho.pt:1822/36148
network_acronym_str RCAP
network_name_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository_id_str https://opendoar.ac.uk/repository/7160
spelling Certified computer-aided cryptography: efficient provably secure machine code from high-level implementationscertified compilationformal proofPKCS#1side-channelsWe present a computer-aided framework for proving concrete security bounds for cryptographic machine code implementations. The front-end of the framework is an interactive verification tool that extends the EasyCrypt framework to reason about relational properties of C-like programs extended with idealised probabilistic operations in the style of code-based security proofs. The framework also incorporates an extension of the CompCert certified compiler to support trusted libraries providing complex arithmetic calculations or instantiating idealized components such as sampling operations. This certified compiler allows us to carry to executable code the security guarantees established at the high-level, and is also instrumented to detect when compilation may interfere with side-channel countermeasures deployed in source code. We demonstrate the applicability of the framework by applying it to the RSA-OAEP encryption scheme, as standard- ized in PKCS#1 v2.1. The outcome is a rigorous analysis of the advantage of an adversary to break the security of as- sembly implementations of the algorithms specified by the standard. The example also provides two contributions of independent interest: it bridges the gap between computer-assisted security proofs and real-world cryptographic implementations as described by standards such as PKCS,and demonstrates the use of the CompCert certified compiler in the context of cryptographic software development.ONR -Office of Naval Research(N000141210914)ACMUniversidade do MinhoAlmeida, José BacelarBarbosa, ManuelBarthe, Gilles Jacques DenisDupressoir, François20132013-01-01T00:00:00Zconference paperinfo:eu-repo/semantics/publishedVersionapplication/pdfhttp://hdl.handle.net/1822/36148eng978-1-4503-2477-91543-722110.1145/2508859.2516652http://dl.acm.org/citation.cfm?doid=2508859.2516652info:eu-repo/semantics/openAccessreponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiainstacron:RCAAP2024-05-11T04:29:43Zoai:repositorium.sdum.uminho.pt:1822/36148Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireinfo@rcaap.ptopendoar:https://opendoar.ac.uk/repository/71602025-05-28T14:49:52.903739Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiafalse
dc.title.none.fl_str_mv Certified computer-aided cryptography: efficient provably secure machine code from high-level implementations
title Certified computer-aided cryptography: efficient provably secure machine code from high-level implementations
spellingShingle Certified computer-aided cryptography: efficient provably secure machine code from high-level implementations
Almeida, José Bacelar
certified compilation
formal proof
PKCS#1
side-channels
title_short Certified computer-aided cryptography: efficient provably secure machine code from high-level implementations
title_full Certified computer-aided cryptography: efficient provably secure machine code from high-level implementations
title_fullStr Certified computer-aided cryptography: efficient provably secure machine code from high-level implementations
title_full_unstemmed Certified computer-aided cryptography: efficient provably secure machine code from high-level implementations
title_sort Certified computer-aided cryptography: efficient provably secure machine code from high-level implementations
author Almeida, José Bacelar
author_facet Almeida, José Bacelar
Barbosa, Manuel
Barthe, Gilles Jacques Denis
Dupressoir, François
author_role author
author2 Barbosa, Manuel
Barthe, Gilles Jacques Denis
Dupressoir, François
author2_role author
author
author
dc.contributor.none.fl_str_mv Universidade do Minho
dc.contributor.author.fl_str_mv Almeida, José Bacelar
Barbosa, Manuel
Barthe, Gilles Jacques Denis
Dupressoir, François
dc.subject.por.fl_str_mv certified compilation
formal proof
PKCS#1
side-channels
topic certified compilation
formal proof
PKCS#1
side-channels
description We present a computer-aided framework for proving concrete security bounds for cryptographic machine code implementations. The front-end of the framework is an interactive verification tool that extends the EasyCrypt framework to reason about relational properties of C-like programs extended with idealised probabilistic operations in the style of code-based security proofs. The framework also incorporates an extension of the CompCert certified compiler to support trusted libraries providing complex arithmetic calculations or instantiating idealized components such as sampling operations. This certified compiler allows us to carry to executable code the security guarantees established at the high-level, and is also instrumented to detect when compilation may interfere with side-channel countermeasures deployed in source code. We demonstrate the applicability of the framework by applying it to the RSA-OAEP encryption scheme, as standard- ized in PKCS#1 v2.1. The outcome is a rigorous analysis of the advantage of an adversary to break the security of as- sembly implementations of the algorithms specified by the standard. The example also provides two contributions of independent interest: it bridges the gap between computer-assisted security proofs and real-world cryptographic implementations as described by standards such as PKCS,and demonstrates the use of the CompCert certified compiler in the context of cryptographic software development.
publishDate 2013
dc.date.none.fl_str_mv 2013
2013-01-01T00:00:00Z
dc.type.driver.fl_str_mv conference paper
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/1822/36148
url http://hdl.handle.net/1822/36148
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv 978-1-4503-2477-9
1543-7221
10.1145/2508859.2516652
http://dl.acm.org/citation.cfm?doid=2508859.2516652
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv ACM
publisher.none.fl_str_mv ACM
dc.source.none.fl_str_mv reponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron:RCAAP
instname_str FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron_str RCAAP
institution RCAAP
reponame_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
collection Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository.name.fl_str_mv Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
repository.mail.fl_str_mv info@rcaap.pt
_version_ 1833594917837864960

Registros relacionados