Debra L. Cook

Cryptographics: secret key cryptography using graphics cards

We study the feasibility of using Graphics Processing Units (GPUs) for cryptographic processing, by exploiting the ability for GPUs to simultaneously process large quantities of pixels, to offload symmetric key encryption from the main processor. We demonstrate the use of GPUs for applying the key stream when using stream ciphers. We also investigate the use of GPUs for block ciphers, discuss operations that make certain ciphers unsuitable for use with a GPU, and compare the performance of an OpenGL-based implementation of AES with implementations utilizing general CPUs. While we conclude that existing symmetric key ciphers are not suitable for implementation within a GPU given present APIs, we discuss the applicability of moving encryption and decryption into the GPU to image processing, including the handling of displays in thin-client applications and streaming video, in scenarios in which it is desired to limit exposure of the plaintext to within the GPU on untrusted clients.

WebSOS: protecting web servers from DDoS attacks

We present the WebSOS architecture, a mechanism for countering denial of service (DoS) attacks against web servers. WebSOS uses a combination of overlay networking, contentbased routing, and aggressive packet filtering to guarantee access to a service that is targeted by a DoS attack. Our approach requires no modifications to servers or browsers, and makes use of the web proxy feature and TLS client authentication supported by modern browsers. We use a WebSOS prototype to conduct a preliminary performance evaluation both on the local area network and over the Internet using PlanetLab, a testbed for experimentation with network overlays. We determine the end-to-end latency imposed by the architecture to increase by a factor of 5 on average. We conclude that this overhead is reasonable in the context of a determined DoS attack.

Elastic block ciphers

Standard block ciphers are designed around one or a small number of block sizes. From both a practical and a theoretical perspective, the question of how to efficiently support a range of block sizes is of interest. In applications, the length of the data to be encrypted is often not a multiple of the supported block size. This results in the use of plaintext-padding schemes that impose computational and space overheads. Furthermore, a variable-length block cipher ideally provides a variable-length pseudorandom permutation and strong pseudorandom permutation, which are theoretical counterparts of practical block ciphers and correspond to ideal properties for a block cipher. The focus of my research is the design and analysis of a method for creating variable-length block ciphers from existing fixed-length block ciphers. As the heart of the method, I introduce the concept of an elastic block cipher, which refers to stretching the supported block size of a block cipher to any length up to twice the original block size while incurring a computational workload that is proportional to the block size. I create a structure, referred to as the elastic network, that uses the round function from any existing block cipher in a manner that allows the properties of the round function to be maintained and results in the security of the elastic version of a block cipher being directly related to that of the original version. By forming a reduction between the elastic and original versions, I prove that the elastic version of a cipher is secure against round-key recovery attacks if the original cipher is secure against such attacks. I illustrate the method by creating elastic versions of four existing block ciphers. In addition, the elastic network provides a new primitive structure for use in symmetric-key cipher design. It allows for the creation of variable-length pseudorandom permutations and strong pseudorandom permutations in the range of b to 2b bits from round functions that are independently chosen pseudorandom permutations on b bits.

Remotely keyed cryptographics secure remote display access using (mostly) untrusted hardware

Software that covertly monitors user actions, also known as spyware, has become a first-level security threat due to its ubiquity and the difficulty of detecting and removing it. Such software may be inadvertently installed by a user that is casually browsing the web, or may be purposely installed by an attacker or even the owner of a system. This is particularly problematic in the case of utility computing, early manifestations of which are Internet cafes and thin-client computing. Traditional trusted computing approaches offer a partial solution to this by significantly increasing the size of the trusted computing base (TCB) to include the operating system and other software. We examine the problem of protecting a user accessing specific services in such an environment. We focus on secure video broadcasts and remote desktop access when using any convenient, and often untrusted, terminal as two example applications. We posit that, at least for such applications, the TCB can be confined to a suitably modified graphics processing unit (GPU). Specifically, to prevent spyware on untrusted clients from accessing the user’s data, we restrict the boundary of trust to the client’s GPU by moving image decryption into GPUs. This allows us to leverage existing capabilities as opposed to designing a new component from scratch. We discuss the applicability of GPU-based decryption in the two scenarios. We identify limitations due to current GPU capabilities and propose straightforward modifications to GPUs that will allow the realization of our approach.

Secret Key Cryptography Using Graphics Cards

One frequently cited reason for the lack of wide deployment of cryptographic protocols is the (perceived) poor performance of the algorithms they employ and their impact on the rest of the system. Although high-performance dedicated cryptographic accelerator cards have been commercially available for some time, market penetration remains low. We take a different approach, seeking to exploit existing system resources, such as Graphics Processing Units (GPUs) to accelerate cryptographic processing. We exploit the ability for GPUs to simultaneously process large quantities of pixels to offload cryptographic processing from the main processor. We demonstrate the use of GPUs for stream ciphers, which can achieve 75% the performance of a fast CPU. We also investigate the use of GPUs for block ciphers, discuss operations that make certain ciphers unsuitable for use with a GPU, and compare the performance of an OpenGL-based implementation of AES with implementations utilizing general CPUs. In addition to offloading system resources, the ability to perform encryption and decryption within the GPU has potential applications in image processing by limiting exposure of the plaintext to within the GPU.

Elastic block ciphers: the basic design

We introduce the concept of an elastic block cipher, which refers to stretching the supported block size of a block cipher to any length up to twice the original block size while incurring a computational workload that is proportional to the block size. We define a method for converting any existing block cipher into an elastic block cipher and mention our analysis of the construction.

Phishwish: a simple and stateless phishing filter

We define phishing as the practice of directing unsuspecting users to fraudulent websites with the intent of obtaining personal information to be used for illicit purpose by a spammer. We introduce a new anti-phishing filter, phishwish, that has a number of advantages over existing phishing filters: it does not need to be trained, as is the case with Bayesian filters, nor does it consult centralized white or blacklists to determine whether an email is suspect. Phishwish uses a set of only 11 rules to determine the veracity of an incoming email; the results can be used to quarantine the email or to alert the user. We compare the performance of phishwish to SpamAssassin, a popular open source filter, as well as the Google phishing filters accessed from the Firefox browser. Our results indicate that phishwish outperforms existing filters in identifying phishing emails, even identifying those originated by the ‘rock phish’ gang, and that it aids in detection of zero-day attacks that were not caught by existing filters. Copyright

Phishwish: A Stateless Phishing Filter Using Minimal Rules

We introduce phishwish, a phishing filter that offers advantages over existing filters: It does not need any training and does not consult centralized white or black lists. Furthermore, it is simple to configure, requiring only 11 rules to determine the veracity of an incoming email. We compare the performance of phishwish to SpamAssassin and to Googles browser-based phishing filter. Our results indicate that phishwish outperforms these filters and identifies zero days attacks that went undetected by existing filters.

Elastic block ciphers: method, security and instantiations

We introduce the concept of an elastic block cipher which refers to stretching the supported block size of a block cipher to any length up to twice the original block size while incurring a computational workload that is proportional to the block size. Our method uses the round function of an existing block cipher as a black box and inserts it into a substitution- permutation network. Our method is designed to enable us to form a reduction between the elastic and the original versions of the cipher. Using this reduction, we prove that the elastic version of a cipher is secure against key-recovery attacks if the original cipher is secure against such attacks. We note that while reduction-based proofs of security are a cornerstone of cryptographic analysis, they are typical when complete components are used as sub-components in a larger design. We are not aware of the use of such techniques in the case of concrete block cipher designs. We demonstrate the general applicability of the elastic block cipher method by constructing examples from existing block ciphers: AES, Camellia, MISTY1, and RC6. We compare the performance of the elastic versions to that of the original versions and evaluate the elastic versions using statistical tests measuring the randomness of the ciphertext. We also use our examples to demonstrate the concept of a generic key schedule for block ciphers.

Conversion Functions for Symmetric Key Ciphers

As a general design criterion, a symmetric key cipher should not be closed under functional composition due to the implications on the security of the cipher. However, there are scenarios in which this property is desirable and can be obtained without reducing the security of a cipher by increasing the computational workload of the cipher. We ex- pand the idea of a symmetric key cipher being closed under functional composition to a more general scenario where there exists a function that converts the ciphertext resulting from encryption under a speciflc key to the ciphertext correspond- ing to encryption with another key. We show how to perform such a conversion without exposing the plaintext. We dis- cuss the tradeofi between the computational workload and security, and the relationship between such conversions and proxy cryptography. We conclude with a discussion of some practical applications of our results.