Niklas Büscher

Breaking reCAPTCHA: A Holistic Approach via Shape Recognition

CAPTCHAs are small puzzles which should be easily solvable by human beings but hard to solve for computers. They build a security cornerstone of the modern Internet service landscape, deployed in essentially any kind of login service, allowing to distinguish authorized human beings from automated attacks. One of the most popular and successful systems today is reCAPTCHA. As many other systems, reCAPTCHA is based on distorted images of words, where the distortion system evolves over time and determines different generations of the system. In this work, we analyze three recent generations of reCAPTCHA and present an algorithm that is capable of solving at least 5% of the challenges generated by these versions. We achieve this by applying a specialized variant of shape contexts proposed by Belongie et al. to match entire words at once. In order to handle the ellipse shaped distortions employed in one of the generations, we propose a machine learning algorithm that virtually eliminates the distortion. Finally, an improved shape matching strategy allows us to use word dictionaries of a reasonable size (with approximately 20,000 entries).

Creating Cryptographic Challenges Using Multi-Party Computation: The LWE Challenge

Practical hardness results are necessary to select parameters for cryptographic schemes. Cryptographic challenges proved to be useful for determining the practical hardness of computational problems that are used to build public-key cryptography. However, several of these problems have the drawback that it is not known how to create a challenge for them without knowing the solutions. Hence, for these problems the creators of the challenges are excluded from participating. In this work, we present a method to create cryptographic challenges without excluding anyone from participating. This method is based on secure multi-party computation (MPC). We demonstrate that the MPC-based approach is indeed feasible by using it to build a challenge for the learning with errors (LWE) problem. The LWE problem is one of the most important problems in lattice-based cryptography. The security of many cryptographic schemes that have been proposed in the last decade is directly based on it. We identify parameters for LWE instances that provide the appropriate hardness level for a challenge while representing instances used to instantiate encryption schemes as close as possible. The LWE challenge is designed to determine the practical hardness of LWE, to gain an overview of the best known LWE solvers, and to motivate additional research effort in this direction.

SCAPI: a scalable attestation protocol to detect software and physical attacks

Interconnected embedded devices are increasingly used in various scenarios, including industrial control, building automation, or emergency communication. As these systems commonly process sensitive information or perform safety critical tasks, they become appealing targets for cyber attacks. A promising technique to remotely verify the safe and secure operation of networked embedded devices is remote attestation. However, existing attestation protocols only protect against software attacks, or show limited scalability and robustness. In this paper, we present the first scalable attestation protocol that detects physical attacks. Based on the assumption that physical attacks require an adversary to capture and disable devices for a noticeable amount of time, our protocol identifies devices with compromised hardware and software. Compared to existing solutions, our protocol reduces communication complexity and runtimes by orders of magnitude, precisely identifies compromised devices, and is robust against failures or network disruptions. We show the security of our protocol and evaluate its scalability and robustness. Our results demonstrate that our protocol is highly efficient in well-connected networks and operates robust in disruptive and very dynamic network topologies.

Two Is Not Enough: Privacy Assessment of Aggregation Schemes in Smart Metering

Abstract The widespread deployment of smart meters that frequently report energy consumption information, is a known threat to consumers’ privacy. Many promising privacy protection mechanisms based on secure aggregation schemes have been proposed. Even though these schemes are cryptographically secure, the energy provider has access to the plaintext aggregated power consumption. A privacy trade-off exists between the size of the aggregation scheme and the personal data that might be leaked, where smaller aggregation sizes leak more personal data. Recently, a UK industrial body has studied this privacy trade-off and identified that two smart meters forming an aggregate, are sufficient to achieve privacy. In this work, we challenge this study and investigate which aggregation sizes are sufficient to achieve privacy in the smart grid. Therefore, we propose a flexible, yet formal privacy metric using a cryptographic game based definition. Studying publicly-available, real world energy consumption datasets with various temporal resolutions, ranging from minutes to hourly intervals, we show that a typical household can be identified with very high probability. For example, we observe a 50% advantage over random guessing in identifying households for an aggregation size of 20 households with a 15-minutes reporting interval. Furthermore, our results indicate that single appliances can be identified with significant probability in aggregation sizes up to 10 households.

HyCC: Compilation of Hybrid Protocols for Practical Secure Computation

While secure multi-party computation (MPC) is a vibrant research topic and a multitude of practical MPC applications have been presented recently, their development is still a tedious task that requires expert knowledge. Previous works have made first steps in compiling high-level descriptions from various source descriptions into MPC protocols, but only looked at a limited set of protocols. In this work we present HyCC, a tool-chain for automated compilation of ANSI C programs into hybrid protocols that efficiently and securely combine multiple MPC protocols with optimizing compilation, scheduling, and partitioning. As a result, our compiled protocols are able to achieve performance numbers that are comparable to hand-built solutions. For the MiniONN neural network (Liu et al., CCS 2017), our compiler improves performance of the resulting protocol by more than a factor of

SALAD: Secure and Lightweight Attestation of Highly Dynamic and Disruptive Networks

3

Compiling ANSI-C Code into Boolean Circuits

. Thus, for the first time, highly efficient hybrid MPC becomes accessible for developers without cryptographic background.

Towards Scalable and Optimizing Compilation for MPC

Today, tiny embedded Internet of Things (IoT) devices are increasingly used in safety- and privacy-critical application scenarios. In many of these scenarios, devices perform a certain task collectively as a swarm. Remote attestation is an important cornerstone for the security of these IoT devices, as it allows to verify the integrity of the software on remote devices. Recently proposed collective attestation protocols are able to attest entire device swarms in an efficient way. However, these protocols are inefficient or even inapplicable when devices in the network are mobile or lack continuous connectivity. This work presents SALAD, the first collective attestation protocol for highly dynamic and disruptive networks. SALAD uses a novel distributed approach, where devices incrementally establish a common view on the integrity of all devices in the network. In contrast to existing protocols, SALAD performs well in highly dynamic and disruptive network topologies, increases resilience against targeted Denial of Service (DoS) attacks, and allows to obtain the attestation result from any device. Moreover, SALAD is capable of mitigating physical attacks in an efficient manner, which is achieved by adapting and extending recently proposed aggregation schemes. We demonstrate the security of SALAD and show its effectiveness by providing large-scale simulation results.

Compiling Parallel Circuits

The practicality of Secure Multi-party Computation (MPC) is hindered by the difficulty to implement applications on top of the underlying cryptographic protocols. This is because the manual construction of efficient applications, which need to be represented as Boolean or arithmetic circuits, is a complex, error-prone, and time-consuming task. For the practical use of MPC, and thus, the development of further privacy-enhancing technologies, compilers supporting common programming languages are desirable to provide developers an accessible interface to MPC. In this chapter (This chapter is based in parts on our paper “Secure Two-party Computations from ANSI-C” (Holzer et al. ACM CCS 12: 19th Conference on Computer and Communications Security. ACM Press, New York, 2012).) we describe a general approach to translate source code into Boolean circuits for MPC. We illustrate this compilation chain alongside our compiler CBMC-GC capable of compiling ANSI C.

Compiling Depth-Optimized Circuits for Multi-Round MPC Protocols

The drawback of holistic optimizations on the gate level, as in CBMC-GC, are their very limited scalability. Therefore, previous efforts in compiler research for MPC focussed either on the development of scalable compilers or on the optimization of smaller circuits. In this section, we give a design of a scalable optimizing MPC compiler (This chapter is based on our paper “Scalable Secure Computation from ANSI-C” (Buscher et al. IEEE International Workshop on Information Forensics and Security, WIFS 2016, 2016).), and show as such that both goals are not mutually exclusive. We introduce a technique called source code guided optimization to guide the circuit minimization efforts more effectively. A prototype implementation and experimental evaluation illustrate the practicality of our approach.