Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
International Journal of Information Security
Published in: International Journal of Information Security 4/2019

02-01-2019 | Regular Contribution

Breaking MPC implementations through compression

Authors: João S. Resende, Patrícia R. Sousa, Rolando Martins, Luís Antunes

Published in: International Journal of Information Security | Issue 4/2019

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

There are many cryptographic protocols in the literature that are scientifically and mathematically sound. By extension, cryptography today seeks to respond to numerous properties of the communication process beyond confidentiality (secrecy), such as integrity, authenticity, and anonymity. In addition to the theoretical evidence, implementations must be equally secure. Due to the ever-increasing intrusion from governments and other groups, citizens are now seeking alternatives ways of communication that do not leak information. In this paper, we analyze multiparty computation (MPC), which is a sub-field of cryptography with the goal of creating methods for parties to jointly compute a function over their inputs while keeping those inputs private. This is a very useful method that can be used, for example, to carry out computations on anonymous data without having to leak that data. Thus, due to the importance of confidentiality in this type of technique, we analyze active and passive attacks using complexity measures (compression and entropy). We start by obtaining network traces and syscalls, then we analyze them using compression and entropy techniques. Finally, we cluster the traces and syscalls using standard clustering techniques. This approach does not need any deep specific knowledge of the implementations being analyzed. This paper presents a security analysis for four MPC frameworks, where three were identified as insecure. These insecure libraries leak information about the inputs provided by each party of the communication. Additionally, we have detected, through a careful analysis of its source code, that SPDZ-2’s secret sharing schema always produces the same results.
previous article You click, I steal: analyzing and detecting click hijacking attacks in web pages
next article SSPFA: effective stack smashing protection for Android OS

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
Appendix
Available only for authorised users
Footnotes
1
Entropy is a measure of unpredictability of information content [31].
 
2
tcpdump is a tool that allows to inspect the traffic passing through the data network. Like all sniffers, tcpdump can be used for good (e.g., detecting communication errors), but also for evil (e.g., capturing personal data).
 
3
STrace allows the attacker to observe the system calls used by an application. STrace is useful because it can help the user to better understand what the system does during program execution, which can be a great help in tuning performance and resource management.
 
4
Approximate Entropy is a technique used to quantify the amount of regularity and the unpredictability of fluctuations over time-series data [32].
 
5
A network socket is an endpoint to the communication flow between two programs running over a network.
 
Literature
1.
Anderson, R.: Why cryptosystems fail. In: Proceedings of the 1st ACM Conference on Computer and Communications Security. ACM (1993)
2.
Acar, Y., et al.: Comparing the usability of cryptographic APIs. In: Proceedings of the 38th IEEE Symposium on Security and Privacy (2017)
3.
Georgiev, M., et al.: The most dangerous code in the world: validating SSL certificates in non-browser software. In: Proceedings of the 2012 ACM conference on Computer and communications security. ACM (2012)
4.
Reaves, B., et al.: Mo (bile) money, Mo (bile) problems: analysis of branchless banking applications in the developing world. In: USENIX Security Symposium (2015)
5.
Sousa, P.R., Antunes, L., Martins, R.: The present and future of privacy-preserving computation in fog computing. In: Rahmani, A., Liljeberg, P., Preden, J.-S., Jantsch, A. (eds.) Fog Computing in the Internet of Things, pp. 51–69. Springer, Berlin (2018)CrossRef
6.
Back, A., Moller, U., Stiglic, A.: Traffic analysis attacks and trade-offs in anonymity providing systems. In: Information Hiding, vol. 2137 (2001)
7.
8.
Wehner, S.: Analyzing worms and network traffic using compression. J. Comput. Secur. 15(3), 303–320 (2007)CrossRef
9.
Santos, C.C., et al.: Clustering fetal heart rate tracings by compression. In: 19th IEEE International Symposium on Computer-Based Medical Systems. CBMS 2006. IEEE (2006)
10.
Damgrd, I., et al.: Practical covertly secure MPC for dishonest majority or: breaking the SPDZ limits. In: European Symposium on Research in Computer Security. Springer, Berlin (2013)
11.
Demmler, D., Schneider, T., Zohner, M.: ABY-a framework for efficient mixed-protocol secure two-party computation. In: NDSS (2015)
12.
Kolesnikov, V., et al.: Efficient batched oblivious PRF with applications to private set intersection. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM (2016)
13.
Frederiksen, T.K., et al.: TinyLEGO: an interactive garbling scheme for maliciously secure two-party computation. IACR Cryptology ePrint Archive 2015/309 (2015)
14.
Kolesnikov, V., et al.: DUPLO: unifying cut-and-choose for garbled circuits. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2017
15.
16.
Orlandi, C.: Is multiparty computation any good in practice? In: 2011 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). IEEE (2011)
17.
18.
Borbely, R.S.: On normalized compression distance and large malware. J. Comput. Virol. Hacking Tech. 12(4), 235–242 (2016)CrossRef
19.
20.
Yao, A.C.: Protocols for secure computations. In: 23rd Annual Symposium on Foundations of Computer Science, SFCS’08. IEEE (1982)
21.
Yao, A.C.-C.: How to generate and exchange secrets. In: 27th Annual Symposium on Foundations of Computer Science. IEEE (1986)
22.
Yao, A.C. Theory and application of trapdoor functions. In: 23rd Annual Symposium on Foundations of Computer Science, SFCS’08. IEEE (1982)
23.
Araki, T., et al.: High-throughput semi-honest secure three-party computation with an honest majority. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM (2016)
24.
25.
26.
27.
28.
29.
30.
Souto, A.: Traffic analysis based on compression. In: Proc Confer\(\hat{e}\)ncia sobre Redes de Computadores CRC’15, Évora, Portugal, Vol. 1, pp. 1–7, November 2015
31.
32.
Pincus, S.M., Gladstone, I.M., Ehrenkranz, R.A.: A regularity statistic for medical data analysis. J. Clin. Monit. Comput. 7(4), 335–345 (1991)CrossRef
Metadata
Title
Breaking MPC implementations through compression
Authors
João S. Resende
Patrícia R. Sousa
Rolando Martins
Luís Antunes
Publication date
02-01-2019
Publisher
Springer Berlin Heidelberg
Published in
International Journal of Information Security / Issue 4/2019
Print ISSN: 1615-5262
Electronic ISSN: 1615-5270
DOI
https://doi.org/10.1007/s10207-018-0424-2

Other articles of this Issue 4/2019

International Journal of Information Security 4/2019 Go to the issue

Regular Contribution

Double-spending prevention for Bitcoin zero-confirmation transactions

Regular Contribution

SSPFA: effective stack smashing protection for Android OS

Regular Contribution

Analyzing XACML policies using answer set programming

Regular Contribution

SpyDetector: An approach for detecting side-channel attacks at runtime

Regular Contribution

Mobile botnets meet social networks: design and analysis of a new type of botnet

Regular Contribution

You click, I steal: analyzing and detecting click hijacking attacks in web pages

Premium Partner

    Image Credits