Manuel Barbosa

Foundations of Hardware-Based Attested Computation and Application to SGX

Exciting new capabilities of modern trusted hardware technologies allow for the execution of arbitrary code within environments completely isolated from the rest of the system and provide cryptographic mechanisms for securely reporting on these executions to remote parties. Rigorously proving security of protocols that rely on this type of hardware faces two obstacles. The first is to develop models appropriate for the induced trust assumptions (e.g., what is the correct notion of a party when the peer one wishes to communicate with is a specific instance of an an outsourced program). The second is to develop scalable analysis methods, as the inherent stateful nature of the platforms precludes the application of existing modular analysis techniques that require high degrees of independence between the components. We give the first steps in this direction by studying three cryptographic tools which have been commonly associated with this new generation of trusted hardware solutions. Specifically, we provide formal security definitions, generic constructions and security analysis for attested computation, key-exchange for attestation and secure outsourced computation. Our approach is incremental: each of the concepts relies on the previous ones according to an approach that is quasi-modular. For example we show how to build a secure outsourced computation scheme from an arbitrary attestation protocol combined together with a key-exchange and an encryption scheme.

Verifiable Side-Channel Security of Cryptographic Implementations: Constant-Time MEE-CBC

We provide further evidence that implementing software countermeasures against timing attacks is a non-trivial task and requires domain-specific software development processes: we report an implementation bug in the s2n library, recently released by AWS Labs. This bug now fixed allowed bypassing the balancing countermeasures against timing attacks deployed in the implementation of the MAC-then-Encode-then-CBC-Encrypt MEE-CBC component, creating a timing side-channel similar to that exploited by Lucky 13. n nAlthough such an attack could only be launched when the MEE-CBC component is used in isolation --- Albrecht and Paterson recently confirmed in independent work that s2ns second line of defence, once reinforced, provides adequate mitigation against current adversary capabilities --- its existence serves as further evidence to the fact that conventional software validation processes are not effective in the study and validation of security properties. To solve this problem, we define a methodology for proving security of implementations in the presence of timing attackers: first, prove black-box security of an algorithmic description of a cryptographic construction; then, establish functional correctness of an implementation with respect to the algorithmic description; and finally, prove that the implementation is leakage secure. n nWe present a proof-of-concept application of our methodology to MEE-CBC, bringing together three different formal verification tools to produce an assembly implementation of this construction that is verifiably secure against adversaries with access to some timing leakage. Our methodology subsumes previous work connecting provable security and side-channel analysis at the implementation level, and supports the verification of a much larger case study. Our case study itself provides the first provable security validation of complex timing countermeasures deployed, for example, in OpenSSL.

Optimization of Parallel Manipulators Using Evolutionary Algorithms

Parallel manipulators have attracted the attention of researchers from different areas such as: high-precision robotics, machine-tools, simulators and haptic devices. The choice of a particular structural configuration and its dimensioning is a central issue to the performance of these manipulators. A solution to the dimensioning problem, normally involves the definition of performance criteria as part of an optimization process. In this paper the kinematic design of a 6-dof parallel robotic manipulator for maximum dexterity is analyzed. The condition number of the inverse kinematic jacobian is defined as the measure of dexterity and solutions that minimize this criterion are found through a genetic algorithm formulation. Subsequently a neuro-genetic formulation is developed and tested. It is shown that the neuro-genetic algorithm can find close to optimal solutions for maximum dexterity, significantly reducing the computational load.

Design of a Parallel Robotic Manipulator Using Evolutionary Computing

In this paper the kinematic design of a 6-dof parallel robotic manipulator is analysed. Firstly, the condition number of the inverse kinematic jacobian is considered as the objective function, measuring the manipulators dexterity and a genetic algorithm is used to solve the optimization problem. In a second approach, a neural network model of the analytical objective function is developed and subsequently used as the objective function in the genetic algorithm optimization search process. It is shown that the neuro-genetic algorithm can find close to optimal solutions for maximum dexterity, significantly reducing the computational burden. The sensitivity of the condition number in the robots workspace is analysed and used to guide the designer in choosing the best structural configuration. Finally, a global optimization problem is also addressed.

Jasmin: High-Assurance and High-Speed Cryptography

Jasmin is a framework for developing high-speed and high-assurance cryptographic software. The framework is structured around the Jasmin programming language and its compiler. The language is designed for enhancing portability of programs and for simplifying verification tasks. The compiler is designed to achieve predictability and efficiency of the output code (currently limited to x64 platforms), and is formally verified in the Coq proof assistant. Using the supercop framework, we evaluate the Jasmin compiler on representative cryptographic routines and conclude that the code generated by the compiler is as efficient as fast, hand-crafted, implementations. Moreover, the framework includes highly automated tools for proving memory safety and constant-time security (for protecting against cache-based timing attacks). We also demonstrate the effectiveness of the verification tools on a large set of cryptographic routines.

Private Functional Encryption: Indistinguishability-Based Definitions and Constructions from Obfuscation

Private functional encryption guarantees that not only the information in ciphertexts is hidden but also the circuits in decryption tokens are protected. A notable use case of this notion is query privacy in searchable encryption. Prior privacy models in the literature were fine-tuned for specific functionalities (namely, identity-based encryption and inner-product encryption), did not model correlations between ciphertexts and decryption tokens, or fell under strong uninstantiability results. We develop a new indistinguishability-based privacy notion that overcomes these limitations and give constructions supporting different circuit classes and meeting varying degrees of security. Obfuscation is a common building block that these constructions share, albeit the obfuscators necessary for each construction are based on different assumptions. In particular, we develop a composable and distributionally secure hyperplane membership obfuscator and use it to build an inner-product encryption scheme that achieves an unprecedented level of privacy, positively answering a question left open by Boneh, Raghunathan and Segev (ASIACRYPT 2013) concerning the extension and realization of enhanced security for schemes supporting this functionality.

Indifferentiable Authenticated Encryption.

We study Authenticated Encryption with Associated Data (AEAD) from the viewpoint of composition in arbitrary (single-stage) environments. We use the indifferentiability framework to formalize the intuition that a “good” AEAD scheme should have random ciphertexts subject to decryptability. Within this framework, we can then apply the indifferentiability composition theorem to show that such schemes offer extra safeguards wherever the relevant security properties are not known, or cannot be predicted in advance, as in general-purpose crypto libraries and standards.

Forming and springback prediction in press brake air bending combining finite element analysis and neural networks

Press brake air bending, a process of obtaining products by sheet metal forming, can be considered at first sight a simple geometric problem. However the accuracy of the obtained geometries involves the combination of multiple parameters directly associated with the tools and the processing parameters, as well as with the sheet metal materials and dimensions. The main topic herein presented deals with the capability of predicting the punch displacement process parameter that enables the product to be accurately shaped to a desired bending angle, in press brake air bending. In our approach, it is considered separately the forming process and the elastic recovery (i.e. the springback effect). Current solutions in press brake numerical control (computer numerical control) are normally configured by analytical models developed from geometrical analysis and including correcting factors. In our approach, it is proposed to combine the use of a learning tool, artificial neural networks, with a simulation and data generation tool (finite element analysis). This combination enables modeling the complex nonlinear behavior of the forming process and springback effect, including the validation of results obtained. A developed model taking into account different process parameters and tool geometries allow extending the range of applications with practical interest in industry. The final solution is compatible with its incorporation in a computer numerical control press brake controller. It was concluded that, using this methodology, it is possible to predict efficient and accurate final geometries after bending, being also a step forward to a “first time right” solution. In addition, the developed models, methodologies and obtained results were validated by comparison with experimental tests.

Temperature time series: Pattern analysis and forecasting

This paper uses time-frequency methods and neural networks for the analysis and forecasting of indoor temperature time series. In a first phase, the time series are processed by means of the Fourier transform and the empirical mode decomposition methods to unveil temporal patterns embedded in the data. In a second phase, neural networks are adopted for forecasting future values. The results obtained illustrate the effectiveness of the tools used and motivate further developments based on time-frequency techniques for designing the NN forecasting approach.

A Fast and Verified Software Stack for Secure Function Evaluation

We present a high-assurance software stack for secure function evaluation (SFE). Our stack consists of three components: i. a verified compiler (CircGen) that translates C programs into Boolean circuits; ii. a verified implementation of Yaos SFE protocol based on garbled circuits and oblivious transfer; and iii. transparent application integration and communications via FRESCO, an open-source framework for secure multiparty computation (MPC). CircGen is a general purpose tool that builds on CompCert, a verified optimizing compiler for C. It can be used in arbitrary Boolean circuit-based cryptography deployments. The security of our SFE protocol implementation is formally verified using EasyCrypt, a tool-assisted framework for building high-confidence cryptographic proofs, and it leverages a new formalization of garbled circuits based on the framework of Bellare, Hoang, and Rogaway (CCS 2012). We conduct a practical evaluation of our approach, and conclude that it is competitive with state-of-the-art (unverified) approaches. Our work provides concrete evidence of the feasibility of building efficient, verified, implementations of higher-level cryptographic systems. All our development is publicly available.