[Busec] BUSEC Seminar tomorrow postponed to 2pm
goldbe at cs.bu.edu
Wed Jan 22 09:34:01 EST 2014
Lunch will be available in the MCS135 lounge at 1:30; Alessandra's talk
starts at 2PM in MCS137, rescheduled due to the snow-day closure in the
*BUSec Seminar *
> *Universally Composable Secure Computation with PUFs*
> *Alessandra Scafuro, UCLA *
> *Wednesday, January 22, 2014 at 2pm in MCS 137*
> A PUF [Pappu01] is a physical device, that when stimulated, it magically
> produces an output which is "unpredictable"?. In particular a PUF does
> not keep state, and does not have secrets to be protected (in contrast
> with tamper-proof hardware, for example). As such, PUFs are naturally
> very appealing for cryptographic applications.
> Universal Composition [Can01] is a security notion that provides strong
> security guarantees: a protocol that is Universally Composable (UC)
> remains secure even when is run concurrently with any other (possibly
> insecure) protocol. Sadly, UC-security is impossible to achieve in the
> plain-model. Consequently, UC-secure protocols proposed in literature
> are either based on trusted setups (e.g., the CRS model) or physical
> assumptions (e.g., tamper-proof hardware model).
> A natural question is: can we achieve UC-security using PUFs?
> A positive answer was given in [BFSK11] by Bruzska et al. They propose a
> way to model PUFs in the UC-framework, and they show unconditional
> UC-secure protocols in such model. However, this model might be a bit
> too optimistic as it assumes that even an adversary plays with honestly
> generated PUFs. A perhaps more natural model is to assume that only
> honest parties use honest PUFs, while malicious parties can play with
> arbitrarily malicious hardware (as long as it "looks like" a PUF).
> In this talk -- after having introduced you to the magic behind PUFs'
> behavior -- I will discuss an extension of BFK11 model, called Malicious
> PUF model (that we introduced in [OSVW13]) and prove that UC-security is
> still achievable, using computational assumptions. Moreover, if we
> restrict ourself to the commitment functionality, I will show (maybe
> only mention) that we can even obtain unconditional security [DS13].
> Busec mailing list
> Busec at cs.bu.edu
Computer Science, Boston University
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Busec