CryptoDB
Bruno Crispo
Publications
Year
Venue
Title
2008
EPRINT
Towards a Theory of White-Box Security
Abstract
Program hardening for secure execution in remote untrusted environment is an
important yet elusive goal of security, with numerous attempts and efforts of
the research community to produce secure solutions. Obfuscation is the
prevailing practical technique employed to tackle this issue.
Unfortunately, no provably secure obfuscation techniques currently exist.
Moreover, Barak et al., showed that not all programs can be obfuscated.
We present a rigorous approach to {\em program hardening}, based on a new
white box primitive, the {\em White Box Remote Program Execution (WBRPE)},
whose security specifications include confidentiality and integrity of both
the local and the remote hosts. We then show how the {\em WBRPE} can be used
to address the needs of a wide range of applications, e.g. grid computing and
mobile agents.
Next, we construct a specific program and show that if there exists a secure
{\em WBRPE} for that program, then there is a secure {\em WBRPE} for {\em
any} program, reducing its security to the underlying {\em WBRPE} primitive.
This reduction among two white box primitives introduces new techniques that
employ program manipulation.
2006
EPRINT
Reverse SSL: Improved Server Performance and DoS Resistance for SSL Handshakes
Abstract
Common occurrence of server overload and the threat of denial-of-service (DoS) attacks makes highly desirable to improve the performance and DoS resistance of SSL handshakes. In this paper, we tackle these two related problems by proposing reverse SSL, an extension in which the server is relieved from the heavy public key decryption operation and authenticated by means of a digital signature instead. On the server side, reverse SSL employs online/offline signatures to minimize the online computation required to generate the signature and on the client side, RSA key generation computation can be used as a client puzzle when clients do not have a public key certificate. The preliminary performance results show that reverse SSL is a promising technique for improving the performance and DoS resistance of SSL servers.
Coauthors
- Kemal BICAKCI (1)
- Amir Herzberg (1)
- Amitabh Saxena (1)
- Haya Shulman (1)
- Andrew S. Tanenbaum (1)