Cryptography Reference
In-Depth Information
It is significant that Rogaway refers to radiation leakage and the side-
channels attacks discussed at the beginning of this chapter. Like the ROM,
the attacks discovered by Kocher and colleagues have brought to the
surface the abstractions that underline the “standard model,” with far-
reaching implications for the community of theory-oriented cryptogra-
phers. Famed theoretician Silvio Micali and his colleague Leonid Reyzin
put it plainly: “Such 'physical observation attacks'
bypass
the impressive
barrier of mathematical security erected so far, and successfully break
mathematically impregnable systems. The great practicality and the inher-
ent availability of physical attacks threaten the very relevance of complex-
ity-theoretic security.”
30
In response to this threat, a new paradigm of
physical security
has
emerged as an alternative to the traditional assumptions built into the
provable security paradigm. In this model, in addition to their usual com-
putational abstractions, cryptographers integrate explicit assumptions
about the physicality of computing devices, relative to their power con-
sumption, their electromagnetic leakage, the availability of countermea-
sures (such as tamper-proofing and physical shielding), and the various
levels of access adversaries enjoy to the device. For example, Goldwasser
proposes “one-time programs” whose security properties are dependent on
“one-time memories,” a secure hardware device, with the following char-
acteristics: “memory locations that are
never accessed
by the device are
never
leaked
via a side channel .
. .
and the device has a
single
tamper-proof bit
. . . the device is very inexpensive, low energy, and disposable, much like
RFID tags used in clothing.”
31
Goldwasser is able to perform a traditional
mathematical analysis of the security of one-time programs given their
implementation using devices with the required physical properties.
Inevitably, the same issues creep up again and researchers find the-
mselves questioning the
fitness
of the model relative to its environment:
“when moving to a physical setting, we need to determine what are
the physical limits of the adversary. Therefore, the question arises of how
relevant the physical models are and to which extent they capture the
engineering experience.”
32
It is thus not surprising that, in the spirit of
the ROM, Standaert, Malkin, and Yung have already felt the need for
a “practice-oriented” version of the physical security model. This new
model will aim to “reduce the gap between the previously introduced
theoretical notions of physical security and the actual attacks performed
