Cybersecurity is the protection of computer systems and networks from the theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide. This research area studies secure systems including human factors, software and hardware.
N. Asokan (Secure Systems Research Group) Aalto University
Tuomas Aura (Secure Systems Research Group) Aalto University
Chris Brzuska Aalto University
Lachlan Gunn Aalto University
Janne Lindqvist (Aalto Human-Computer Interaction and Security Engineering Lab, Focus area deputy leader) Aalto University
Valtteri Niemi (Focus area leader) University of Helsinki
HAIC Talks: The HAIC public outreach initiative aims to make cybersecurity more accessible to a broader audience. As part of this initiative, are organizing HAIC Talks, a series of public lectures on contemporary topics in cybersecurity. In the style of studia generalia, these lectures are free and open to everyone. No background knowledge in cybersecurity is required. HAIC Talks are made possible through the generous support of the Aalto University School of Science.
Hardware Platform Security for Mobile Devices is a new book, published in Now’s Foundations and Trends in Privacy and Security series. A preprint is available here.
Today, personal mobile devices like smartphones and tablets are ubiquitous. People use mobile devices for fun, for work, and for organizing and managing their lives, including their finances. This became possible because over the last two decades, mobile phones evolved from closed platforms intended for voice calls and messaging to open platforms whose functionality can be extended in myriad ways by third party developers. Such wide-ranging scope of use also means widely different security and privacy requirements for those uses. The mobile device ecosystem involved multiple different stakeholders such as mobile network operators, regulators, enterprise information technology administrators, and of course ordinary users. So, as mobile platforms became gradually open, platform security mechanisms were incorporated into their architectures so that the security and privacy requirements of all stakeholders could be met. Platform security mechanisms help to isolate applications from one another, protect persistent data and other on-device resources (like access to location or peripherals), and help strengthen software against a variety of attack vectors. All major mobile platforms incorporate comprehensive software and hardware platform security architectures, including mechanisms like trusted execution environments (TEEs).
Over the past decade, mobile devices have been undergoing convergences in multiple dimensions. The distinction between “mobile” and “fixed” devices has blurred. Similar security mechanisms and concepts are being used across different platforms, leading to similar security architectures. Hardware enablers used to support platform security have gradually matured. At the same time, there have also been novel types of attacks, ranging from software attacks like return- and data-oriented programming to hardware attacks like side channels that exploit micro-architectural phenomena. It is no longer tenable to assume that the current hardware security mechanisms underpinning mobile platform security are inviolable.
The time is therefore right to take a new look at mobile platform security, which brings us to this book. We focus on hardware platform security. The book is divided into four parts: we begin by looking at the why and how of mobile platform security, followed by a discussion on vulnerabilities and attacks; we conclude by looking forward discussing emerging research that explores ways of dealing with hardware compromise, and building blocks for the next generation of hardware platform security.
Our intent is to provide a broad overview of the current state of practice and a glimpse of possible research directions that can be of use to practitioners, decision makers, and researchers.
Nimble Out-of-Band Authentication for EAP (EAP-NOOB)
Tuomas Aura, Mohit Sethi, Aleksi Peltonen
The Extensible Authentication Protocol (EAP) provides support for multiple authentication methods. This document defines the EAP-NOOB authentication method for nimble out-of-band (OOB) authentication and key derivation. The EAP method is intended for bootstrapping all kinds of Internet-of-Things (IoT) devices that have no preconfigured authentication credentials. The method makes use of a user-assisted, one-directional, out-of-band (OOB) message between the peer device and authentication server to authenticate the in-band key exchange. The device must have a nonnetwork input or output interface, such as a display, microphone, speaker, or blinking light, that can send or receive dynamically generated messages of tens of bytes in length.
On Derandomizing Yao’s Weak-to-Strong OWF Construction
Chris Brzuska, Geoffroy Couteau, Pihla Karanko, Felix Rohrbach
The celebrated result of Yao (Yao, FOCS’82) shows that concatenating n⋅p(n) copies of a weak one-way function (OWF) f, which can be inverted with probability 1−1p(n), suffices to construct a strong OWF g, showing that weak and strong OWFs are black-box equivalent. This direct product theorem for hardness amplification of OWFs has been very influential. However, the construction of Yao is not security-preserving, i.e., the input to g needs to be much larger than the input to f. Understanding whether a larger input is inherent is a long-standing open question.
In this work, we explore necessary features of constructions which achieve short input length by proving the following: for any direct product construction of a strong OWF g from a weak OWF f, which can be inverted with probability 1−1p(n), the input size of g must grow as Ω(p(n)). By direct product construction, we refer to any construction with the following structure: the construction g executes some arbitrary pre-processing function (independent of f) on its input, obtaining a vector (y1,⋯,yl), and outputs f(y1),⋯,f(yl). Note that Yao’s construction is obtained by setting the pre-processing to be the identity. Our result generalizes to functions g with post-processing, as long as the post-processing function is not too lossy. Thus, in essence, any weak-to-strong OWF hardness amplification must either (1) be very far from security-preserving, (2) use adaptivity, or (3) must be very far from a direct-product structure (in the sense of having a very lossy post-processing of the outputs of f).
On a technical level, we use ideas from lower bounds for secret-sharing to prove the impossibility of derandomizing Yao in a black-box way. Our results are in line with Goldreich, Impagliazzo, Levin, Venkatesan, and Zuckerman (FOCS 1990) who derandomize Yao’s construction for regular weak OWFs by evaluating the OWF along a random walk on an expander graph—the construction is adaptive, since it alternates steps on the expander graph with evaluations of the weak OWF.
FPGA Implementations of 256-Bit SNOW Stream Ciphers for Postquantum Mobile Security
Milad Bahadori, Kimmo Järvinen, Valtteri Niemi
Quantum computing is a serious threat for contemporary cryptography and, in order to address this threat, key sizes used for symmetric cryptography should be doubled, most typically from 128 to 256 bits. The third-generation partnership project (3GPP), the standards organization for mobile communications, is currently in the process of adding support for 256-bit keys into future mobile standards for the purpose of confidentiality and integrity protection. The current standard defines three ciphers with 128-bit keys: AES, SNOW 3G, and ZUC. There are two competing stream ciphers for the replacement of the 128-bit SNOW 3G: a 256-bit variant of SNOW 3G and a new design SNOW-V. SNOW-V has superior performance in software platforms. In this article, we investigate the implementations of these ciphers on field-programmable gate arrays (FPGAs) for both confidentiality and integrity protection. We develop optimized architectures and introduce a new parallelization technique that applies to both ciphers and offers significant throughput improvements in particular when the ciphers are used in the integrity protection modes. Our results show that SNOW-V has a significant performance advantage over the 256-bit SNOW 3G also on FPGAs.
On Post-Quantum Identification in 5G
We introduce PQ 5G AKA, a prototype for possible extensions of the current 5G authentication and key agreement protocol to the post-quantum setting, we further analyse the computational and communication complexities of our prototype using potential post-quantum KEMs
Public Views on Digital COVID-19 Certificates: a Mixed Methods User Study