Proof of secure erasure

Last updated September 05, 2023

In computer security, proof of secure erasure (PoSE) or proof of erasure^[1] is a remote attestation ^[2] protocol, by which an embedded device proves to a verifying party, that it has just erased (overwritten) all its writable memory. The purpose is to make sure that no malware remains in the device. After that typically a new software is installed into the device.

Overview

The verifying party may be called the verifier, the device being erased the prover. The verifier must know the device's writable memory size from a trusted source and the device must not be allowed to communicate with other parties during execution of the protocol, which proceeds as follows. The verifier constructs a computational problem, which cannot be solved (in reasonable time or at all) using less than the specified amount of memory, and sends it to the device. The device responds with the solution and the verifier checks its correctness.^[3]

Protocol constructions

Naive approach

In the simplest implementation the verifier sends a random message as large as the device's memory to the device, which is expected to store it. After the device has received the complete message, it is required to send it back. Security of this approach is obvious, but it includes transfer of a huge amount of data (twice the size of the device's memory).^[3]^: 15

This can be halved if the device responds with just a hash of the message. To prevent the device from computing it on the fly without actually storing the message, the hash function is parametrized by a random value sent to the device after the message.^[2]^{[ verification needed ]}^[3]^: 16

Communication-efficient constructions

Avoiding the huge data transfer requires a suitable (as stated in Overview) computational problem, whose description is short. Dziembowski et al.^[1]^{[ verification needed ]} achieve this by constructing what they call an (m − δ, ε)-uncomputable hash function, which can be computed in quadratic time using memory of size m, but with memory of size m − δ it can be computed with at most a negligible probability ε.^[3]^: 16

Communication- and time-efficient constructions

Karvelas and Kiayias claim to have designed the first PoSE with quasilinear time and sublinear communication complexity.^[4]

Relation to proof of space

Proof of space is a protocol similar to proof of secure erasure in that both require the prover to dedicate a specific amount of memory to convince the verifier. Nevertheless, there are important differences in their design considerations.

Because the purpose of proof of space is similar to proof of work, the verifier's time complexity must be very small. While such property may be useful for proof of secure erasure as well, it is not fundamental to its usefulness.

Proof of secure erasure on the other hand requires the prover to be unable to convince the verifier using less than the specified amount of memory. Even this may be useful for the other protocol, however proof of space is not harmed if the prover may succeed even with significantly less space.^[4]

Related Research Articles

In computer security, challenge–response authentication is a family of protocols in which one party presents a question ("challenge") and another party must provide a valid answer ("response") to be authenticated.

A commitment scheme is a cryptographic primitive that allows one to commit to a chosen value while keeping it hidden to others, with the ability to reveal the committed value later. Commitment schemes are designed so that a party cannot change the value or statement after they have committed to it: that is, commitment schemes are binding. Commitment schemes have important applications in a number of cryptographic protocols including secure coin flipping, zero-knowledge proofs, and secure computation.

A cryptographic hash function (CHF) is a hash algorithm that has special properties desirable for a cryptographic application:

In cryptography, a Schnorr signature is a digital signature produced by the Schnorr signature algorithm that was described by Claus Schnorr. It is a digital signature scheme known for its simplicity, among the first whose security is based on the intractability of certain discrete logarithm problems. It is efficient and generates short signatures. It was covered by U.S. Patent 4,995,082 which expired in February 2008.

In cryptography, a random oracle is an oracle that responds to every unique query with a (truly) random response chosen uniformly from its output domain. If a query is repeated, it responds the same way every time that query is submitted.

A cryptographic protocol is an abstract or concrete protocol that performs a security-related function and applies cryptographic methods, often as sequences of cryptographic primitives. A protocol describes how the algorithms should be used and includes details about data structures and representations, at which point it can be used to implement multiple, interoperable versions of a program.

Provable security refers to any type or level of computer security that can be proved. It is used in different ways by different fields.

Proof of work (PoW) is a form of cryptographic proof in which one party proves to others that a certain amount of a specific computational effort has been expended. Verifiers can subsequently confirm this expenditure with minimal effort on their part. The concept was invented by Moni Naor and Cynthia Dwork in 1993 as a way to deter denial-of-service attacks and other service abuses such as spam on a network by requiring some work from a service requester, usually meaning processing time by a computer. The term "proof of work" was first coined and formalized in a 1999 paper by Markus Jakobsson and Ari Juels.

SHA-2 is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compression function itself built using the Davies–Meyer structure from a specialized block cipher.

In cryptography and computer science, a hash tree or Merkle tree is a tree in which every "leaf" (node) is labelled with the cryptographic hash of a data block, and every node that is not a leaf is labelled with the cryptographic hash of the labels of its child nodes. A hash tree allows efficient and secure verification of the contents of a large data structure. A hash tree is a generalization of a hash list and a hash chain.

Cryptographic primitives are well-established, low-level cryptographic algorithms that are frequently used to build cryptographic protocols for computer security systems. These routines include, but are not limited to, one-way hash functions and encryption functions.

In cryptography, Galois/Counter Mode (GCM) is a mode of operation for symmetric-key cryptographic block ciphers which is widely adopted for its performance. GCM throughput rates for state-of-the-art, high-speed communication channels can be achieved with inexpensive hardware resources.

Distributed key generation (DKG) is a cryptographic process in which multiple parties contribute to the calculation of a shared public and private key set. Unlike most public key encryption models, distributed key generation does not rely on Trusted Third Parties. Instead, the participation of a threshold of honest parties determines whether a key pair can be computed successfully. Distributed key generation prevents single parties from having access to a private key. The involvement of many parties requires Distributed key generation to ensure secrecy in the presence of malicious contributions to the key calculation.

Rafail Ostrovsky is a distinguished professor of computer science and mathematics at UCLA and a well-known researcher in algorithms and cryptography.

Non-interactive zero-knowledge proofs are cryptographic primitives, where information between a prover and a verifier can be authenticated by the prover, without revealing any of the specific information beyond the validity of the statement itself. This function of encryption makes direct communication between the prover and verifier unnecessary, effectively removing any intermediaries. The core trustless cryptography "proofing" involves a hash function generation of a random number, constrained within mathematical parameters determined by the prover and verifier.

<span class="mw-page-title-main">Cryptography</span> Practice and study of secure communication techniques

Cryptography, or cryptology, is the practice and study of techniques for secure communication in the presence of adversarial behavior. More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, information security, electrical engineering, digital signal processing, physics, and others. Core concepts related to information security are also central to cryptography. Practical applications of cryptography include electronic commerce, chip-based payment cards, digital currencies, computer passwords, and military communications.

In cryptography, the fast syndrome-based hash functions (FSB) are a family of cryptographic hash functions introduced in 2003 by Daniel Augot, Matthieu Finiasz, and Nicolas Sendrier. Unlike most other cryptographic hash functions in use today, FSB can to a certain extent be proven to be secure. More exactly, it can be proven that breaking FSB is at least as difficult as solving a certain NP-complete problem known as regular syndrome decoding so FSB is provably secure. Though it is not known whether NP-complete problems are solvable in polynomial time, it is often assumed that they are not.

Proof of space (PoS) is a type of consensus algorithm achieved by demonstrating one's legitimate interest in a service by allocating a non-trivial amount of memory or disk space to solve a challenge presented by the service provider. The concept was formulated in 2013 by Dziembowski et al. and by Ateniese et al.. Proofs of space are very similar to proofs of work (PoW), except that instead of computation, storage is used to earn cryptocurrency. Proof-of-space is different from memory-hard functions in that the bottleneck is not in the number of memory access events, but in the amount of memory required.

Hash-based cryptography is the generic term for constructions of cryptographic primitives based on the security of hash functions. It is of interest as a type of post-quantum cryptography.

This is a list of cybersecurity information technology. Cybersecurity is security as it is applied to information technology. This includes all technology that stores, manipulates, or moves data, such as computers, data networks, and all devices connected to or included in networks, such as routers and switches. All information technology devices and facilities need to be secured against intrusion, unauthorized use, and vandalism. Additionally, the users of information technology should be protected from theft of assets, extortion, identity theft, loss of privacy and confidentiality of personal information, malicious mischief, damage to equipment, business process compromise, and the general activity of cybercriminals. The public should be protected against acts of cyberterrorism, such as the compromise or loss of the electric power grid.

References

1 2 Stefan Dziembowski; Tomasz Kazana; Daniel Wichs (2011). "One-Time Computable Self-erasing Functions". Theory of Cryptography. Lecture Notes in Computer Science. Vol. 6597. pp. 125–143. doi:10.1007/978-3-642-19571-6_9. ISBN 978-3-642-19570-9.
1 2 Daniele Perito; Gene Tsudik (2010). "Secure Code Update for Embedded Devices via Proofs of Secure Erasure". Computer Security – ESORICS 2010. Lecture Notes in Computer Science. Vol. 6345. pp. 643–662. CiteSeerX 10.1.1.593.7818 . doi:10.1007/978-3-642-15497-3_39. ISBN 978-3-642-15496-6. S2CID 15898932.
1 2 3 4 Nikolaos P. Karvelas (2013-01-07). "Proofs of secure Erasure (MSc Thesis)" (PDF). Technische Universität Darmstadt. Retrieved 25 April 2017.
1 2 Nikolaos P. Karvelas; Aggelos Kiayias (2014). "Efficient Proofs of Secure Erasure". Security and Cryptography for Networks. Lecture Notes in Computer Science. Vol. 8642. pp. 520–537. doi:10.1007/978-3-319-10879-7_30. ISBN 978-3-319-10878-0.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[DKW11-1] 1 2 Stefan Dziembowski; Tomasz Kazana; Daniel Wichs (2011). "One-Time Computable Self-erasing Functions". Theory of Cryptography. Lecture Notes in Computer Science. Vol. 6597. pp. 125–143. doi:10.1007/978-3-642-19571-6_9. ISBN 978-3-642-19570-9.

[PT10-2] 1 2 Daniele Perito; Gene Tsudik (2010). "Secure Code Update for Embedded Devices via Proofs of Secure Erasure". Computer Security – ESORICS 2010. Lecture Notes in Computer Science. Vol. 6345. pp. 643–662. CiteSeerX 10.1.1.593.7818 . doi:10.1007/978-3-642-15497-3_39. ISBN 978-3-642-15496-6. S2CID 15898932.

[Karvelas-3] 1 2 3 4 Nikolaos P. Karvelas (2013-01-07). "Proofs of secure Erasure (MSc Thesis)" (PDF). Technische Universität Darmstadt. Retrieved 25 April 2017.

[KK14-4] 1 2 Nikolaos P. Karvelas; Aggelos Kiayias (2014). "Efficient Proofs of Secure Erasure". Security and Cryptography for Networks. Lecture Notes in Computer Science. Vol. 8642. pp. 520–537. doi:10.1007/978-3-319-10879-7_30. ISBN 978-3-319-10878-0.

[1]

[2]

[3]

[4]