international symposium on innovations related to the ... · international symposium on innovations...
TRANSCRIPT
International symposium on innovations related to the security of digital systems and protocols
DAY 1 9:15 Arrival & registration
9:45 Grand opening - Welcome IntroductionStéphane UBEDA - Head of INRIA Rennes – Bretagne AtlantiqueWolfgang KNIEJSKI - EIT Digital Business Community Leader Digital InfrastructureThe Business Community Digital Infrastructure - Access-to-Market support for high-tech startups
10:00 Opening keynote conferenceShay GUERON - Professor at University of Haifa (Dept. of Mathematics) and Senior Principal Engineer at Intel Corp. (Israel)Intel’s Software Guard Extensions technology and the Memory Encryption Engine
11:30 Olya OHRIMENKO - Researcher at Microsoft Research (UK)Oblivious multi-party machine learning on trusted processors
12:00 Poster Session announcementThomas JENSEN - Head of research at Inria, CominLabs Labex (France)Title to be announced
12:15 Lunch break & showcase
13:30 Startup Pitch - Matchmaking session 1 Introduction by Wolfgang KNIEJSKI - EIT Digital Business Community Leader Digital Infrastructure
14:30 Hoeteck WEE - Researcher at ENS Paris (France)Title to be announced
15:00 Sonia BELAÏD - Cryptography Engineer at Thales Communications (France)Use of formal tools to improve the security of masked implementations
15:30 Coffee break and showcase
16:00 Marc LACOSTE - System security expert at Orange Labs (France)Shielded Trusted Execution in Virtual Environments: Challenges and Solutions
16:30 Florian TRAMER - Professor at EPFL (Switzerland)Sealed-Glass Proofs: Using Transparent Enclaves to Prove and Sell Knowledge
17:30 Official ceremony - Diner cocktail
22:00 End of day
Wed. 23 November 2016
= Keynote talk
International symposium on innovations related to the security of digital systems and protocols
DAY 2 8:45 Welcome by
Jean-Marc JEZEQUEL - Director of IRISAStéphane UBEDA - Director of Inria Rennes - Bretagne Atlantique
9:00 Keynote conferenceLuigi REBUFFI - CEO of European Organisation for Security (EOS), General Secretary and Chairman of the Board of European Cyber Security Organisation (ECSO) (To be confirmed)
9:45 Startup Pitch - Matchmaking session 2Introduction by Wolfgang KNIEJSKI - EIT Digital Business Community Leader Digital Infrastructure
10:45 Coffee break
11:15 Dario FIORE - Assistant Research Professor at IMDEA Software Institute (Spain)Secure Outsourcing of Data and Computation to the Cloud.
11:45 Seny KAMARA - Associate Professor of Computer Science at Brown University (USA)Title to be announced
12:15 Leo DUCAS - Researcher at CWI (The Netherland)NewHope, Frodo, in Between and Beyond
12:45 Lunch break & showcase
13:30 Angela JASCHKE - PhD at the University of Mannheim (Germany)Fully Homomorphic Encryption and its Relatives: A Walk through the Definition Jungle
14:15 Conference 10
14:45 Christian GROTHOFF - Décentralisé Team leader at INRIA (France)Enabling Secure Web Payments with Taler
15:15 Coffee break
15:45 Cristina ONETE - Post-Doc, Embedded Security and Cryptography Team at IRISA (France)Proxying over TLS: Breaking and Fixing CloudFlare’s Keyless SSL
16:15 Jovan GOLIC - EIT Digital Action Line Leader for Privacy, Security and TrustTitle to be announced
16:45 Closing of the event
Thur. 24 November 2016
= Keynote talk
Speakers
Wolfgang Kniejski, EIT Digital Business Community Leader Digital Infrastructure
The Business Community Digital Infrastructure - Access-to-Market support for high-tech startups Business Communities are marketplaces that connect the carriers of innovation to any interested customer, within EIT Digital for each of the so called “Action Lines”. The Action Line Digital Infrastructure also includes Privacy, Security & Trust technologies with an understanding how information technologies impact the privacy of individuals as well as about developing new privacy-preserving and secure technologies to protect them. The action line Digital Infrastructure is transversal to the other action lines of EIT Digital and as such a unique European marketplace connecting innovation buyers (and investors) with selected EIT Digital startups and market-ready innovations for deal and match making. The Business Community also enables market-pull of innovation and facilitates fund raising for EIT Digital startups. The Business Community will enhance the investment of EIT Digital in coached startups and so called “Innovation Activities” on the one hand and strengthen its brand in the European and global innovation market on the other. As dedicated and innovative marketplace, the Business Community promotes carefully selected innovation output (activities' solutions, startups’ products) to relevant prospects through a series of matchmaking tools and actions (website, public events, flyers, success stories, testimonials, word of mouth...). Biography Dr. h.c. Wolfgang. Kniejski joined the EIT Digital Accelerator team in April 2014. He supports the business development of startup companies from all over Europe. In addition, he is leading the Business Community for Digital Infrastructure technologies, supporting the innovations, in which EIT Digital invested, into international market expansion. He is represented in the Boards of several high-tech companies and technology transfer organisations all over the world. After finishing studying business management and economics at the University of Mannheim, Germany, Wolfgang Kniejski started his business career in 1991 as the Financial Manager of Fraunhofer Institute for Computer Graphics, in Darmstadt, Germany. In 1999 he took the position as Business Manager of INI-GraphicsNet Foundation, since 2004 he was appointed as its Treasurer and Business Director. In this capacity he developed and implemented successfully methodologies and processes to support the technology commercialisation for universities and research institutions via licensing and spin-off activities. Dr. Kniejski spun his technology commercialisation knowledge off into his own company and created INI-Novation GmbH as an innovation management and consulting entity. In 2006, he won the innovation award of the Singaporean government for exploiting the integrated technology commercialisation concept to Singapore. He was appointed as innovation consultant by different governmental agencies on an international level to develop concepts for High-Tech Incubators and Business and Science Parks, and he is also jury member in several international business plan and idea competitions.
Shay Gueron, Professor at University of Haifa (Dept. of Mathematics) and Senior Principal
Engineer at Intel Corp. (Israel)
Intel’s Software Guard Extensions technology and the Memory Encryption Engine
Intel has recently introduced a powerful security architecture called “Software Guard
Extensions” (SGX). This security technology is designed to allow a general purpose computer
platform to run application software in a trustworthy manner, and to handle secrets that are
inaccessible to anyone outside the defined trust boundaries. These trust boundaries encompass
only the CPU internals, implying, in particular, that the system memory is untrusted.
Consequently, cryptographic protection of memory is required for SGX. To this end, SGX is
supported by an autonomous hardware unit called the Memory Encryption Engine (MEE), whose
role is to protect the confidentiality, integrity, and freshness of the CPU-DRAM traffic over some
memory range.
In this talk, I will start by a brief description of the basic functionality of SGX, the MEE threat
model, its security objectives, and design challenges under very strict engineering constraints. I
will then explain the MEE design, cryptographic properties and security margins, and will show
some concrete performance results.
Biography
Shay Gueron is an Associated Professor at the Department of Mathematics at the University of
Haifa in Israel. In addition, he is also an Intel Senior Principal Engineer, serving as the Chief Core
Cryptography Architect of the CPU Architecture Group. In this role, he is responsible for some
of the latest CPU instructions that speed up cryptographic algorithms, such as the AES-NI and
the carry-less multiplier instruction, the coming VPMADD52 instruction for public key
operations, and for various micro architectural enhancements in the Intel Cores.
Shay has contribute software patches to open source libraries, such as OpenSSL and NSS;
offering significant performance gains to encryption, authenticated encryption, public key
algorithms, and hashing. He is one of the architects of the new Intel® Software Guard Extensions
(SGX) security technology, in charge of the cryptographic definition and implementation of SGX.
He is the inventor of the Memory Encryption Engine that is part of the latest Intel processor,
micro-architecture codename Skylake processor.
Together with Professor Lindell and Adam Langley of Google, Shay is a co-author of the AES-
GCM-SIV nonce misuse resistant authenticated encryption, submitted to the IETF / CFRG.
Shay’s interests include applied cryptography, applied security, and applied algorithms.
Olya Ohrimenko, Researcher at Microsoft Research (UK)
Oblivious Multi-Party Machine Learning on Trusted Processors Privacy-preserving multi-party machine learning allows multiple organizations to perform collaborative data analytics while guaranteeing the privacy of their individual datasets. Using trusted SGX-processors for this task yields high performance, but requires a careful selection, adaptation, and implementation of machine-learning algorithms to provably prevent the exploitation of any side channels induced by data-dependent access patterns. In this talk, I will present our data-oblivious counterparts of several machine learning algorithms including support vector machines, matrix factorization, neural networks and decision trees. These algorithms are designed to access memory without revealing secret information about their input. We use algorithmic techniques as well as platform specific hardware features to ensure that only public information, such as dataset size, is revealed. I will show that our efficient implementation on Intel Skylake processors scales up to large, realistic datasets, with overheads several orders of magnitude lower than with previous approaches based on advanced cryptographic multi-party computation schemes. This is based on joint work with Felix Schuster, Cédric Fournet, Sebastian Nowozin, Kapil Vaswani and Manuel Costa from MSR Cambridge and Aastha Mehta from MPI-SWS that appeared in USENIX Security 2016. Biography Olya Ohrimenko is a researcher in Constructive Security Group at Microsoft Research, Cambridge, and a research fellow at Darwin College, Cambridge University. Her research interests include privacy, integrity and security issues that emerge in the cloud computing environment. Olya received her Ph.D. degree from Brown University in 2013 and a B.CS. (Hons) degree from The University of Melbourne in 2007.
Sonia Belaïd, Cryptography Engineer at Thales Communications (France)
Use of formal tools to improve the security of masked implementations While most cryptographic algorithms are assumed to be secure against black-box attacks, they are often vulnerable to side-channel attacks which exploit the physical emanations of the underlying device (e.g., temperature, power consumption, time). In order to defeat such attacks, several countermeasures have been exhibited within the last two decades at different physical levels but the most deployed one remains the use of masking. It consists in randomly splitting each sensitive variable of the computation into t+1 shares, where the masking order t represents the security level. While this countermeasure is very useful to improve the security level, it can be complex to design while t grows. During this talk, I will discuss the use of formal methods to build higher-order masking schemes and the solutions that currently show up. In particular, I will present two formal tools. The first one automatically verifies the security of masked implementations and the second automatically generates formally secure masked implementations of cryptographic algorithms from their unprotected version. Biography
Sonia Belaïd is a cryptography engineer at Thales Communications & Security. She defended her
PhD thesis last October on side-channel attacks and countermeasures under the supervision of
Michel Abdalla (ENS, Paris) and Pierre-Alain Fouque (Université de Rennes 1). Her interests
include cryptography, cybersecurity and more recently formal methods. In particular, she has
contributed new efficient and formally proven secure countermeasures to thwart side-channel
attacks.
Marc Lacoste, System security expert at Orange Labs (France) Shielded Trusted Execution in Virtual Environments: Challenges and Solutions Complex virtualized systems like clouds of clouds include multiple untrusted layers and vulnerable security domains. Isolation and trust management are closely intertwined: to fence out malicious VMs from other VMs and provider infrastructure; or, to provide provable protection guarantees to shield VMs against insider attacks from an untrusted infrastructure. Mechanisms are still missing, both: to guarantee secure execution of VMs despite compromise of intermediate infrastructure layers; and to guarantee link integrity between a VM and hardware resources. Different solutions have been proposed, such as isolation architectures based on a trusted layer (e.g., nested virtualization) or minimizing the TCB (unikernels), attestation protocols based on Chains of Trust, or secure virtual enclaves (e.g., Intel SGX technology) for secure VM computation despite hypervisor compromise. However, it remains unclear how such technologies may be compared or composed. In this talk, we will provide some insight on their security benefits and limitations, and on remaining challenges towards unified isolation and trust management for virtualized environments. We will also discuss recent results to manage chains of trust between Intel SGX enclaves in a multi-cloud infrastructure. Biography Dr. Marc Lacoste is a Senior Research Scientist in the Security Department of Orange Labs. His main research interests are in security architecture, cloud computing security, self-protecting systems, and open security kernels. Dr. Lacoste received engineering degrees from Ecole Polytechnique and Télécom ParisTech, and holds a Ph.D. degree in Computer Science from the University of Grenoble, France. He contributed to several European projects, and is currently the Technical Leader of the SUPERCLOUD H2020 Project on user-centric, self-managed security and dependability of multi-cloud infrastructures. He served in several major conference program committees. Member of the ACM, he also published numerous security research papers in international conferences, and holds several patents in security.
Florian Tramèr, Professor at EPFL (Switzerland)
Sealed-Glass Proofs: Using Transparent Enclaves to Prove and Sell Knowledge
Trusted hardware systems, such as Intel's SGX, aim to provide strong confidentiality and integrity assurances for applications. Recent work, however, raises serious concerns about the vulnerability of such systems to side-channel attacks. Application confidentiality, in particular, remains an elusive goal due to leakage of data access patterns, timing, and more.
In light of these vulnerabilities, we explore use-cases of trusted hardware for which security is not contingent on applications keeping secrets from their environment. To this end, we introduce "Sealed-Glass Proofs" (SGP), a primitive that specifically models the capabilities of trusted hardware that can attest to *correct execution* of a piece of code, but whose execution is *transparent*, meaning that an application's secrets and state are visible to other processes on the same host.
I will describe one compelling application of SGPs we considered: an implementation of an end-to-end bug bounty (or zero-day solicitation) platform that couples SGPs with a smart contract. Bounty hunters use SGPs (built on top of SGX) to prove knowledge of a bug or exploit and then proceed to sell their discovery to interested buyers using a cryptocurrency system with expressive smart contract capabilities (e.g., Ethereum or possibly Bitcoin). Our platform enables a marketplace that achieves fair exchange, protects against unfair bounty withdrawals, and resists denial-of-service attacks by dishonest sellers. Our work shows how trusted hardware systems such as SGX can support trustworthy applications even in the presence of powerful side channel attacks.
This is joint work with Fan Zhang, Huang Lin, Jean-Pierre Hubaux, Ari Juels and Elaine Shi.
Biography Florian Tramèr is a PhD candidate at Stanford University. Before joining Stanford, he was a research assistant at EPFL, working with Prof. Jean-Pierre Hubaux. His main interests are in Security and Cryptography, with recent projects spanning topics in genomic privacy, algorithmic fairness, applications of trusted hardware, and security of machine learning services. He received his Bachelor’s and Master’s degrees in Computer Science from EPFL in 2012 and 2015 respectively.
Dario Fiore, Assistant Research Professor at IMDEA Software Institute (Spain)
Secure Outsourcing of Data and Computation to the Cloud
Can we let the Cloud process our data without breaking our privacy? Can we ensure that the
Cloud performs correctly the tasks we delegate to it? Solutions to these questions are central
towards a fully adoption of Cloud computing, an undoubtedly successful paradigm that is also
raising serious security concerns. This talk will discuss recent research developments in
Cryptography that help answering the above questions. Specifically, the talk will focus on
solutions for integrity; it will present the notion of homomorphic authenticators, give an
overview of the state of the art in this area, and cover some of the recent efficient
constructions.
Biography
Dario Fiore is an assistant research professor at the IMDEA Software Institute in Madrid. He
received his Ph.D. degree in Computer Science from the University of Catania, Italy in 2010. Prior
to joining the IMDEA Software Institute in November 2013, Dario held postdoctoral positions at
Max Planck Institute for Software Systems (Germany), New York University (USA), and Ecole
Normale Superieure (France). During his PhD, he was also a visiting student at the IBM T.J.
Watson research center and the New York University. Dario's research interests are in
Cryptography and Security. He works on designing provably-secure cryptographic protocols,
with a particular emphasis on the security of Cloud computing.
Leo Ducas, Researcher at CWI (The Netherland)
NewHope, Frodo, in Between and Beyond
We start by a brief presentation of NewHope, an instantiation of a post-quantum Key-Exchange
scheme based on the Ring-LWE assumption with a few new trick toward, simplicity, efficiency
and security in the wild. We then summarize recent developments in quantum algorithms for
algebraic lattices which incite the use of weaker assumption. This was done in the scheme Frodo
(take off the ring!), using the much weaker LWE assumption, but with a significant loss of
bandwidth efficiency. Finally, we will discuss intermediate solution, that could swipe fears of
algebraic attacks while maintaining acceptable bandwidth. If time allows, we will mention
natural ideas from the theory of codes and lattice-packing to improve bandwidth further.
Biography
Leo is an alumni student from Ecole normale supérieure (France), and a former postdoc from
UC San Diego. He is now a famous researcher for all his results on lattice-based cryptography
and post-quantum cryptography, especially on signatures, fully homomorphic schemes and in
cryptanalysis. This year, he also wins the Internet Defense Prize by Usenix and Facebook for his
work on a lattice-based key exchange called NewHope.
Angela Jäschke, PhD at the University of Mannheim (Germany) [add picture] Fully Homomorphic Encryption and its Relatives: A Walk through the Definition Jungle Fully homomorphic encryption (FHE) schemes are encryption schemes which allow computations on encrypted data without revealing this data to the party performing the computation. This is done in a manner such that the (encrypted) result does not reveal what kind of function was applied to the data. Since this theoretically allows secure outsourcing of computations to untrusted third parties, FHE has been dubbed the holy grail of cryptography, an elusive goal which could solve the IT world's problems of security and trust. Research in the area exploded after 2009 when it was shown that FHE can be realized in principle. Since then, considerable progress has been made in finding more practical and more efficient solutions. While research quickly developed, terminology and concepts became diverse and confusing, with one term often describing several different notions. Also, there are different weaker notions of FHE, where the set of functions that can be applied to the ciphertexts is restricted, and it can be challenging to distinguish between these variants. As a result, it can be difficult to understand what the achievements and limitations of different works actually are. This talk will address three fundamental questions: What is FHE? What can FHE be used for? What is the state of FHE today? As well as surveying the field, we will clarify different terminology in use and explain connections between different FHE-related notions. Biography Born in Berlin, Angela Jäschke grew up in Berlin (Germany), Boston (USA) and Heidelberg (Germany). After graduating high school in 2007, she started her studies of Mathematics at the University of Heidelberg with a Minor in Economics. In 2010/11, she spent a year abroad at the University of Utah (Salt Lake City, USA), where she was awarded with the Dean’s List for outstanding academic achievement in both semesters. Upon returning, she wrote her diploma thesis about “Security Issues in Functional Encryption” and graduated with the mark “very good” in 2013. Since 2013, Angela has been a PhD student at University of Mannheim, where she has worked in several industry projects (involving both research and implementation). Her primary field of study is Fully Homomorphic Encryption, with the most recent paper (titled “Accelerating Homomorphic Computations on Rational Numbers”) examining optimizations for computations on encrypted data, the importance of encoding choices and applications to Machine Learning.
Christian Grothoff, Décentralisé Team leader at INRIA (France) Enabling Secure Web Payments with Taler His talk will focus on Taler, a new electronic payment system designed to provide a reasonable trade-off between privacy for citizens and transparency for governments. Building on established ideas for anonymous payments, Taler introduces new cryptographic mechanisms to give change and refunds, and implements a modern protocol with dramatic usability improvements for secure online payments. Biography Christian Grothoff is leading the Décentralisé team at Inria Rennes. He maintains GNUnet, a
network designed with the goal to provide privacy and security without the need for trusted
third parties. He earned his PhD in computer science from UCLA, an M.S. in computer science
from Purdue University, and a Diploma in mathematics from the University of Wuppertal.
Cristina Onete, Post-Doc, Embedded Security and Cryptography Team at IRISA (France)
Proxying over TLS: Breaking and Fixing CloudFlare's Keyless SSL
One of the fundamental goals of cryptography is enabling parties to communicate securely over
an insecure channel. This functionality is required in our everyday use of the Internet, for secure
Internet browsing, secure emailing, messaging, and even Voice over IP conversations.
In order to construct a secure channel between two parties (usually a client and a server), the
participants execute an authenticated key exchange protocol (AKE), which enables them,
starting from some initial long-term data, to establish fresh, session-specific keys. This first step
is also called a handshake. In a second step, the session keys are use to authenticate and encrypt
the data exchanged by the two parties, thus essentially constructing that secure channel.
TLS/SSL is one of the most widely used protocols today, ensuring secure-channel establishment
over the Internet. Though a subject of debate for many years, the TLS 1.2 protocol was proved
secure under a series of assumptions. However, in real-world applications, TLS is not used in the
way it was designed, namely, between the client and the server directly. Instead, cloud-based
content delivery network architectures (CDN) have introduced a three-party handshake, such
that the client obliviously connects to a cloud provider, which caches and delivers the server's
content. In this talk we show that one type of CDN, namely CloudFlare's Keyless SSL, proxies TLS
in a way that breaks the protocol's security in various ways. We will also show how to fix their
Keyless protocol design, with the surprising result that our novel Keyless TLS 1.3 (i.e. using the
newly designed TLS 1.3 version) is in fact much more efficient than the fixed Keyless TLS 1.2,
whilst attaining the same properties.
Biography
Cristina Onete is a post-doctoral researcher at the Université de Rennes 1, working as part of
the ANR-funded SafeTLS project in the Embedded Security and Cryptography (EMSEC) research
team. Her work focuses on provable security, in particular with a focus on authentication, AKE,
and distance-bounding protocols. She joined the EMSEC research team in September 2015 and
was before a member of the CIDRE team (at the IRISA Rennes), working with Sébastien Gambs
on topics of provable privacy.