International symposium on innovations related to the security of digital systems and protocols

DAY 1 9:15 Arrival & registration

9:45 Grand opening - Welcome IntroductionStéphane UBEDA - Head of INRIA Rennes – Bretagne AtlantiqueWolfgang KNIEJSKI - EIT Digital Business Community Leader Digital InfrastructureThe Business Community Digital Infrastructure - Access-to-Market support for high-tech startups

10:00 Opening keynote conferenceShay GUERON - Professor at University of Haifa (Dept. of Mathematics) and Senior Principal Engineer at Intel Corp. (Israel)Intel’s Software Guard Extensions technology and the Memory Encryption Engine

11:30 Olya OHRIMENKO - Researcher at Microsoft Research (UK)Oblivious multi-party machine learning on trusted processors

12:00 Poster Session announcementThomas JENSEN - Head of research at Inria, CominLabs Labex (France)Title to be announced

12:15 Lunch break & showcase

13:30 Startup Pitch - Matchmaking session 1 Introduction by Wolfgang KNIEJSKI - EIT Digital Business Community Leader Digital Infrastructure

14:30 Hoeteck WEE - Researcher at ENS Paris (France)Title to be announced

15:00 Sonia BELAÏD - Cryptography Engineer at Thales Communications (France)Use of formal tools to improve the security of masked implementations

15:30 Coffee break and showcase

16:00 Marc LACOSTE - System security expert at Orange Labs (France)Shielded Trusted Execution in Virtual Environments: Challenges and Solutions

16:30 Florian TRAMER - Professor at EPFL (Switzerland)Sealed-Glass Proofs: Using Transparent Enclaves to Prove and Sell Knowledge

17:30 Official ceremony - Diner cocktail

22:00 End of day

Wed. 23 November 2016

= Keynote talk

International symposium on innovations related to the security of digital systems and protocols

DAY 2 8:45 Welcome by

Jean-Marc JEZEQUEL - Director of IRISAStéphane UBEDA - Director of Inria Rennes - Bretagne Atlantique

9:00 Keynote conferenceLuigi REBUFFI - CEO of European Organisation for Security (EOS), General Secretary and Chairman of the Board of European Cyber Security Organisation (ECSO) (To be confirmed)

9:45 Startup Pitch - Matchmaking session 2Introduction by Wolfgang KNIEJSKI - EIT Digital Business Community Leader Digital Infrastructure

10:45 Coffee break

11:15 Dario FIORE - Assistant Research Professor at IMDEA Software Institute (Spain)Secure Outsourcing of Data and Computation to the Cloud.

11:45 Seny KAMARA - Associate Professor of Computer Science at Brown University (USA)Title to be announced

12:15 Leo DUCAS - Researcher at CWI (The Netherland)NewHope, Frodo, in Between and Beyond

12:45 Lunch break & showcase

13:30 Angela JASCHKE - PhD at the University of Mannheim (Germany)Fully Homomorphic Encryption and its Relatives: A Walk through the Definition Jungle

14:15 Conference 10

14:45 Christian GROTHOFF - Décentralisé Team leader at INRIA (France)Enabling Secure Web Payments with Taler

15:15 Coffee break

15:45 Cristina ONETE - Post-Doc, Embedded Security and Cryptography Team at IRISA (France)Proxying over TLS: Breaking and Fixing CloudFlare’s Keyless SSL

16:15 Jovan GOLIC - EIT Digital Action Line Leader for Privacy, Security and TrustTitle to be announced

16:45 Closing of the event

Thur. 24 November 2016

= Keynote talk

Speakers

Wolfgang Kniejski, EIT Digital Business Community Leader Digital Infrastructure

The Business Community Digital Infrastructure - Access-to-Market support for high-tech startups Business Communities are marketplaces that connect the carriers of innovation to any interested customer, within EIT Digital for each of the so called “Action Lines”. The Action Line Digital Infrastructure also includes Privacy, Security & Trust technologies with an understanding how information technologies impact the privacy of individuals as well as about developing new privacy-preserving and secure technologies to protect them. The action line Digital Infrastructure is transversal to the other action lines of EIT Digital and as such a unique European marketplace connecting innovation buyers (and investors) with selected EIT Digital startups and market-ready innovations for deal and match making. The Business Community also enables market-pull of innovation and facilitates fund raising for EIT Digital startups. The Business Community will enhance the investment of EIT Digital in coached startups and so called “Innovation Activities” on the one hand and strengthen its brand in the European and global innovation market on the other. As dedicated and innovative marketplace, the Business Community promotes carefully selected innovation output (activities' solutions, startups’ products) to relevant prospects through a series of matchmaking tools and actions (website, public events, flyers, success stories, testimonials, word of mouth...). Biography Dr. h.c. Wolfgang. Kniejski joined the EIT Digital Accelerator team in April 2014. He supports the business development of startup companies from all over Europe. In addition, he is leading the Business Community for Digital Infrastructure technologies, supporting the innovations, in which EIT Digital invested, into international market expansion. He is represented in the Boards of several high-tech companies and technology transfer organisations all over the world. After finishing studying business management and economics at the University of Mannheim, Germany, Wolfgang Kniejski started his business career in 1991 as the Financial Manager of Fraunhofer Institute for Computer Graphics, in Darmstadt, Germany. In 1999 he took the position as Business Manager of INI-GraphicsNet Foundation, since 2004 he was appointed as its Treasurer and Business Director. In this capacity he developed and implemented successfully methodologies and processes to support the technology commercialisation for universities and research institutions via licensing and spin-off activities. Dr. Kniejski spun his technology commercialisation knowledge off into his own company and created INI-Novation GmbH as an innovation management and consulting entity. In 2006, he won the innovation award of the Singaporean government for exploiting the integrated technology commercialisation concept to Singapore. He was appointed as innovation consultant by different governmental agencies on an international level to develop concepts for High-Tech Incubators and Business and Science Parks, and he is also jury member in several international business plan and idea competitions.

Shay Gueron, Professor at University of Haifa (Dept. of Mathematics) and Senior Principal

Engineer at Intel Corp. (Israel)

Intel’s Software Guard Extensions technology and the Memory Encryption Engine

Intel has recently introduced a powerful security architecture called “Software Guard

Extensions” (SGX). This security technology is designed to allow a general purpose computer

platform to run application software in a trustworthy manner, and to handle secrets that are

inaccessible to anyone outside the defined trust boundaries. These trust boundaries encompass

only the CPU internals, implying, in particular, that the system memory is untrusted.

Consequently, cryptographic protection of memory is required for SGX. To this end, SGX is

supported by an autonomous hardware unit called the Memory Encryption Engine (MEE), whose

role is to protect the confidentiality, integrity, and freshness of the CPU-DRAM traffic over some

memory range.

In this talk, I will start by a brief description of the basic functionality of SGX, the MEE threat

model, its security objectives, and design challenges under very strict engineering constraints. I

will then explain the MEE design, cryptographic properties and security margins, and will show

some concrete performance results.

Biography

Shay Gueron is an Associated Professor at the Department of Mathematics at the University of

Haifa in Israel. In addition, he is also an Intel Senior Principal Engineer, serving as the Chief Core

Cryptography Architect of the CPU Architecture Group. In this role, he is responsible for some

of the latest CPU instructions that speed up cryptographic algorithms, such as the AES-NI and

the carry-less multiplier instruction, the coming VPMADD52 instruction for public key

operations, and for various micro architectural enhancements in the Intel Cores.

Shay has contribute software patches to open source libraries, such as OpenSSL and NSS;

offering significant performance gains to encryption, authenticated encryption, public key

algorithms, and hashing. He is one of the architects of the new Intel® Software Guard Extensions

(SGX) security technology, in charge of the cryptographic definition and implementation of SGX.

He is the inventor of the Memory Encryption Engine that is part of the latest Intel processor,

micro-architecture codename Skylake processor.

Together with Professor Lindell and Adam Langley of Google, Shay is a co-author of the AES-

GCM-SIV nonce misuse resistant authenticated encryption, submitted to the IETF / CFRG.

Shay’s interests include applied cryptography, applied security, and applied algorithms.

Olya Ohrimenko, Researcher at Microsoft Research (UK)

Oblivious Multi-Party Machine Learning on Trusted Processors Privacy-preserving multi-party machine learning allows multiple organizations to perform collaborative data analytics while guaranteeing the privacy of their individual datasets. Using trusted SGX-processors for this task yields high performance, but requires a careful selection, adaptation, and implementation of machine-learning algorithms to provably prevent the exploitation of any side channels induced by data-dependent access patterns. In this talk, I will present our data-oblivious counterparts of several machine learning algorithms including support vector machines, matrix factorization, neural networks and decision trees. These algorithms are designed to access memory without revealing secret information about their input. We use algorithmic techniques as well as platform specific hardware features to ensure that only public information, such as dataset size, is revealed. I will show that our efficient implementation on Intel Skylake processors scales up to large, realistic datasets, with overheads several orders of magnitude lower than with previous approaches based on advanced cryptographic multi-party computation schemes. This is based on joint work with Felix Schuster, Cédric Fournet, Sebastian Nowozin, Kapil Vaswani and Manuel Costa from MSR Cambridge and Aastha Mehta from MPI-SWS that appeared in USENIX Security 2016. Biography Olya Ohrimenko is a researcher in Constructive Security Group at Microsoft Research, Cambridge, and a research fellow at Darwin College, Cambridge University. Her research interests include privacy, integrity and security issues that emerge in the cloud computing environment. Olya received her Ph.D. degree from Brown University in 2013 and a B.CS. (Hons) degree from The University of Melbourne in 2007.

Sonia Belaïd, Cryptography Engineer at Thales Communications (France)

Use of formal tools to improve the security of masked implementations While most cryptographic algorithms are assumed to be secure against black-box attacks, they are often vulnerable to side-channel attacks which exploit the physical emanations of the underlying device (e.g., temperature, power consumption, time). In order to defeat such attacks, several countermeasures have been exhibited within the last two decades at different physical levels but the most deployed one remains the use of masking. It consists in randomly splitting each sensitive variable of the computation into t+1 shares, where the masking order t represents the security level. While this countermeasure is very useful to improve the security level, it can be complex to design while t grows. During this talk, I will discuss the use of formal methods to build higher-order masking schemes and the solutions that currently show up. In particular, I will present two formal tools. The first one automatically verifies the security of masked implementations and the second automatically generates formally secure masked implementations of cryptographic algorithms from their unprotected version. Biography

Sonia Belaïd is a cryptography engineer at Thales Communications & Security. She defended her

PhD thesis last October on side-channel attacks and countermeasures under the supervision of

Michel Abdalla (ENS, Paris) and Pierre-Alain Fouque (Université de Rennes 1). Her interests

include cryptography, cybersecurity and more recently formal methods. In particular, she has

contributed new efficient and formally proven secure countermeasures to thwart side-channel

attacks.

Marc Lacoste, System security expert at Orange Labs (France) Shielded Trusted Execution in Virtual Environments: Challenges and Solutions Complex virtualized systems like clouds of clouds include multiple untrusted layers and vulnerable security domains. Isolation and trust management are closely intertwined: to fence out malicious VMs from other VMs and provider infrastructure; or, to provide provable protection guarantees to shield VMs against insider attacks from an untrusted infrastructure. Mechanisms are still missing, both: to guarantee secure execution of VMs despite compromise of intermediate infrastructure layers; and to guarantee link integrity between a VM and hardware resources. Different solutions have been proposed, such as isolation architectures based on a trusted layer (e.g., nested virtualization) or minimizing the TCB (unikernels), attestation protocols based on Chains of Trust, or secure virtual enclaves (e.g., Intel SGX technology) for secure VM computation despite hypervisor compromise. However, it remains unclear how such technologies may be compared or composed. In this talk, we will provide some insight on their security benefits and limitations, and on remaining challenges towards unified isolation and trust management for virtualized environments. We will also discuss recent results to manage chains of trust between Intel SGX enclaves in a multi-cloud infrastructure. Biography Dr. Marc Lacoste is a Senior Research Scientist in the Security Department of Orange Labs. His main research interests are in security architecture, cloud computing security, self-protecting systems, and open security kernels. Dr. Lacoste received engineering degrees from Ecole Polytechnique and Télécom ParisTech, and holds a Ph.D. degree in Computer Science from the University of Grenoble, France. He contributed to several European projects, and is currently the Technical Leader of the SUPERCLOUD H2020 Project on user-centric, self-managed security and dependability of multi-cloud infrastructures. He served in several major conference program committees. Member of the ACM, he also published numerous security research papers in international conferences, and holds several patents in security.

Florian Tramèr, Professor at EPFL (Switzerland)

Sealed-Glass Proofs: Using Transparent Enclaves to Prove and Sell Knowledge

Trusted hardware systems, such as Intel's SGX, aim to provide strong confidentiality and integrity assurances for applications. Recent work, however, raises serious concerns about the vulnerability of such systems to side-channel attacks. Application confidentiality, in particular, remains an elusive goal due to leakage of data access patterns, timing, and more.

In light of these vulnerabilities, we explore use-cases of trusted hardware for which security is not contingent on applications keeping secrets from their environment. To this end, we introduce "Sealed-Glass Proofs" (SGP), a primitive that specifically models the capabilities of trusted hardware that can attest to *correct execution* of a piece of code, but whose execution is *transparent*, meaning that an application's secrets and state are visible to other processes on the same host.

I will describe one compelling application of SGPs we considered: an implementation of an end-to-end bug bounty (or zero-day solicitation) platform that couples SGPs with a smart contract. Bounty hunters use SGPs (built on top of SGX) to prove knowledge of a bug or exploit and then proceed to sell their discovery to interested buyers using a cryptocurrency system with expressive smart contract capabilities (e.g., Ethereum or possibly Bitcoin). Our platform enables a marketplace that achieves fair exchange, protects against unfair bounty withdrawals, and resists denial-of-service attacks by dishonest sellers. Our work shows how trusted hardware systems such as SGX can support trustworthy applications even in the presence of powerful side channel attacks.

This is joint work with Fan Zhang, Huang Lin, Jean-Pierre Hubaux, Ari Juels and Elaine Shi.

Biography Florian Tramèr is a PhD candidate at Stanford University. Before joining Stanford, he was a research assistant at EPFL, working with Prof. Jean-Pierre Hubaux. His main interests are in Security and Cryptography, with recent projects spanning topics in genomic privacy, algorithmic fairness, applications of trusted hardware, and security of machine learning services. He received his Bachelor’s and Master’s degrees in Computer Science from EPFL in 2012 and 2015 respectively.

Dario Fiore, Assistant Research Professor at IMDEA Software Institute (Spain)

Secure Outsourcing of Data and Computation to the Cloud

Can we let the Cloud process our data without breaking our privacy? Can we ensure that the

Cloud performs correctly the tasks we delegate to it? Solutions to these questions are central

towards a fully adoption of Cloud computing, an undoubtedly successful paradigm that is also

raising serious security concerns. This talk will discuss recent research developments in

Cryptography that help answering the above questions. Specifically, the talk will focus on

solutions for integrity; it will present the notion of homomorphic authenticators, give an

overview of the state of the art in this area, and cover some of the recent efficient

constructions.

Biography

Dario Fiore is an assistant research professor at the IMDEA Software Institute in Madrid. He

received his Ph.D. degree in Computer Science from the University of Catania, Italy in 2010. Prior

to joining the IMDEA Software Institute in November 2013, Dario held postdoctoral positions at

Max Planck Institute for Software Systems (Germany), New York University (USA), and Ecole

Normale Superieure (France). During his PhD, he was also a visiting student at the IBM T.J.

Watson research center and the New York University. Dario's research interests are in

Cryptography and Security. He works on designing provably-secure cryptographic protocols,

with a particular emphasis on the security of Cloud computing.

Leo Ducas, Researcher at CWI (The Netherland)

NewHope, Frodo, in Between and Beyond

We start by a brief presentation of NewHope, an instantiation of a post-quantum Key-Exchange

scheme based on the Ring-LWE assumption with a few new trick toward, simplicity, efficiency

and security in the wild. We then summarize recent developments in quantum algorithms for

algebraic lattices which incite the use of weaker assumption. This was done in the scheme Frodo

(take off the ring!), using the much weaker LWE assumption, but with a significant loss of

bandwidth efficiency. Finally, we will discuss intermediate solution, that could swipe fears of

algebraic attacks while maintaining acceptable bandwidth. If time allows, we will mention

natural ideas from the theory of codes and lattice-packing to improve bandwidth further.

Biography

Leo is an alumni student from Ecole normale supérieure (France), and a former postdoc from

UC San Diego. He is now a famous researcher for all his results on lattice-based cryptography

and post-quantum cryptography, especially on signatures, fully homomorphic schemes and in

cryptanalysis. This year, he also wins the Internet Defense Prize by Usenix and Facebook for his

work on a lattice-based key exchange called NewHope.

Angela Jäschke, PhD at the University of Mannheim (Germany) [add picture] Fully Homomorphic Encryption and its Relatives: A Walk through the Definition Jungle Fully homomorphic encryption (FHE) schemes are encryption schemes which allow computations on encrypted data without revealing this data to the party performing the computation. This is done in a manner such that the (encrypted) result does not reveal what kind of function was applied to the data. Since this theoretically allows secure outsourcing of computations to untrusted third parties, FHE has been dubbed the holy grail of cryptography, an elusive goal which could solve the IT world's problems of security and trust. Research in the area exploded after 2009 when it was shown that FHE can be realized in principle. Since then, considerable progress has been made in finding more practical and more efficient solutions. While research quickly developed, terminology and concepts became diverse and confusing, with one term often describing several different notions. Also, there are different weaker notions of FHE, where the set of functions that can be applied to the ciphertexts is restricted, and it can be challenging to distinguish between these variants. As a result, it can be difficult to understand what the achievements and limitations of different works actually are. This talk will address three fundamental questions: What is FHE? What can FHE be used for? What is the state of FHE today? As well as surveying the field, we will clarify different terminology in use and explain connections between different FHE-related notions. Biography Born in Berlin, Angela Jäschke grew up in Berlin (Germany), Boston (USA) and Heidelberg (Germany). After graduating high school in 2007, she started her studies of Mathematics at the University of Heidelberg with a Minor in Economics. In 2010/11, she spent a year abroad at the University of Utah (Salt Lake City, USA), where she was awarded with the Dean’s List for outstanding academic achievement in both semesters. Upon returning, she wrote her diploma thesis about “Security Issues in Functional Encryption” and graduated with the mark “very good” in 2013. Since 2013, Angela has been a PhD student at University of Mannheim, where she has worked in several industry projects (involving both research and implementation). Her primary field of study is Fully Homomorphic Encryption, with the most recent paper (titled “Accelerating Homomorphic Computations on Rational Numbers”) examining optimizations for computations on encrypted data, the importance of encoding choices and applications to Machine Learning.

Christian Grothoff, Décentralisé Team leader at INRIA (France) Enabling Secure Web Payments with Taler His talk will focus on Taler, a new electronic payment system designed to provide a reasonable trade-off between privacy for citizens and transparency for governments. Building on established ideas for anonymous payments, Taler introduces new cryptographic mechanisms to give change and refunds, and implements a modern protocol with dramatic usability improvements for secure online payments. Biography Christian Grothoff is leading the Décentralisé team at Inria Rennes. He maintains GNUnet, a

network designed with the goal to provide privacy and security without the need for trusted

third parties. He earned his PhD in computer science from UCLA, an M.S. in computer science

from Purdue University, and a Diploma in mathematics from the University of Wuppertal.

Cristina Onete, Post-Doc, Embedded Security and Cryptography Team at IRISA (France)

Proxying over TLS: Breaking and Fixing CloudFlare's Keyless SSL

One of the fundamental goals of cryptography is enabling parties to communicate securely over

an insecure channel. This functionality is required in our everyday use of the Internet, for secure

Internet browsing, secure emailing, messaging, and even Voice over IP conversations.

In order to construct a secure channel between two parties (usually a client and a server), the

participants execute an authenticated key exchange protocol (AKE), which enables them,

starting from some initial long-term data, to establish fresh, session-specific keys. This first step

is also called a handshake. In a second step, the session keys are use to authenticate and encrypt

the data exchanged by the two parties, thus essentially constructing that secure channel.

TLS/SSL is one of the most widely used protocols today, ensuring secure-channel establishment

over the Internet. Though a subject of debate for many years, the TLS 1.2 protocol was proved

secure under a series of assumptions. However, in real-world applications, TLS is not used in the

way it was designed, namely, between the client and the server directly. Instead, cloud-based

content delivery network architectures (CDN) have introduced a three-party handshake, such

that the client obliviously connects to a cloud provider, which caches and delivers the server's

content. In this talk we show that one type of CDN, namely CloudFlare's Keyless SSL, proxies TLS

in a way that breaks the protocol's security in various ways. We will also show how to fix their

Keyless protocol design, with the surprising result that our novel Keyless TLS 1.3 (i.e. using the

newly designed TLS 1.3 version) is in fact much more efficient than the fixed Keyless TLS 1.2,

whilst attaining the same properties.

Biography

Cristina Onete is a post-doctoral researcher at the Université de Rennes 1, working as part of

the ANR-funded SafeTLS project in the Embedded Security and Cryptography (EMSEC) research

team. Her work focuses on provable security, in particular with a focus on authentication, AKE,

and distance-bounding protocols. She joined the EMSEC research team in September 2015 and

was before a member of the CIDRE team (at the IRISA Rennes), working with Sébastien Gambs

on topics of provable privacy.