TY - GEN
T1 - Steel
T2 - 24th IACR International Conference on Practice and Theory of Public Key Cryptography, PKC 2021
AU - Bhatotia, Pramod
AU - Kohlweiss, Markulf
AU - Martinico, Lorenzo
AU - Tselekounis, Yiannis
N1 - Publisher Copyright:
© 2021, International Association for Cryptologic Research.
PY - 2021
Y1 - 2021
N2 - Trusted execution environments (TEEs) enable secure execution of programs on untrusted hosts and cryptographically attest the correctness of outputs. As these are complex systems, it is essential to formally capture the exact security achieved by protocols employing TEEs, and ultimately, prove their security under composition, as TEEs are typically employed in multiple protocols, simultaneously. Our contribution is twofold. On the one hand, we show that under existing definitions of attested execution setup, we can realise cryptographic functionalities that are unrealisable in the standard model. On the other hand, we extend the adversarial model to capture a broader class of realistic adversaries, we demonstrate weaknesses of existing security definitions this class, and we propose stronger ones. Specifically, we first define a generalization of Functional Encryption that captures Stateful and Randomised functionalities (FESR ). Then, assuming the ideal functionality for attested execution of Pass et al. (Eurocrypt ’2017), we construct the associated protocol, Steel, and we prove that Steel UC-realises FESR in the universal composition with global subroutines model by Badertscher et al. (TCC ’2020). Our work is also a validation of the compositionality of the Iron protocol by Fisch et al. (CCS ’2017), capturing (non-stateful) hardware-based functional encryption. As the existing functionality for attested execution of Pass et al. is too strong for real world use, we propose a weaker functionality that allows the adversary to conduct rollback and forking attacks. We demonstrate that Steel (realising stateful functionalities), contrary to the stateless variant corresponding to Iron, is not secure in this setting and discuss possible mitigation techniques.
AB - Trusted execution environments (TEEs) enable secure execution of programs on untrusted hosts and cryptographically attest the correctness of outputs. As these are complex systems, it is essential to formally capture the exact security achieved by protocols employing TEEs, and ultimately, prove their security under composition, as TEEs are typically employed in multiple protocols, simultaneously. Our contribution is twofold. On the one hand, we show that under existing definitions of attested execution setup, we can realise cryptographic functionalities that are unrealisable in the standard model. On the other hand, we extend the adversarial model to capture a broader class of realistic adversaries, we demonstrate weaknesses of existing security definitions this class, and we propose stronger ones. Specifically, we first define a generalization of Functional Encryption that captures Stateful and Randomised functionalities (FESR ). Then, assuming the ideal functionality for attested execution of Pass et al. (Eurocrypt ’2017), we construct the associated protocol, Steel, and we prove that Steel UC-realises FESR in the universal composition with global subroutines model by Badertscher et al. (TCC ’2020). Our work is also a validation of the compositionality of the Iron protocol by Fisch et al. (CCS ’2017), capturing (non-stateful) hardware-based functional encryption. As the existing functionality for attested execution of Pass et al. is too strong for real world use, we propose a weaker functionality that allows the adversary to conduct rollback and forking attacks. We demonstrate that Steel (realising stateful functionalities), contrary to the stateless variant corresponding to Iron, is not secure in this setting and discuss possible mitigation techniques.
UR - http://www.scopus.com/inward/record.url?scp=85106434895&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-75248-4_25
DO - 10.1007/978-3-030-75248-4_25
M3 - Conference contribution
AN - SCOPUS:85106434895
SN - 9783030752477
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 709
EP - 736
BT - Public-Key Cryptography – PKC 2021 - 24th IACR International Conference on Practice and Theory of Public Key Cryptography, 2021, Proceedings
A2 - Garay, Juan A.
PB - Springer Science and Business Media Deutschland GmbH
Y2 - 10 May 2021 through 13 May 2021
ER -