Protecting Cryptographic Memory against Tampering Attack

In this dissertation we investigate the question of protecting cryptographic devices from tampering attacks. Traditional theoretical analysis of cryptographic devices is based on black-box models which do not take into account the attacks on the implementations, known as physical attacks. In practice such attacks can be executed easily, e.g. by heating the device, as substantiated by numerous works in the past decade. Tampering attacks are a class of such physical attacks where the attacker can change the memory/computation, gains additional (non-black-box) knowledge by interacting with the faulty device and then tries to break the security. Prior works show that generically approaching such problem is notoriously difficult. So, in this dissertation we attempt to solve an easier question, known as memory-tampering, where the attacker is allowed to tamper only with the memory of the device but not the computation. Such weaker model can still be practically useful and moreover, may provide nice building-blocks to tackle full-fledged tampering in future. In this dissertation we study different models of memory-tampering and provide a number of solutions with different flavors. Mainly we took two different approaches: (i) securing specific schemes against tampering and (ii) constructing a generic transformation which turns any scheme resilient to tampering. In Chapter 3 we take the first approach and propose several tamper-resilient public-key schemes in a new model which allows arbitrary tampering, but only bounded number of times [DFMV13]. We provide solutions mainly for identification schemes and encryption schemes. The second approach is based on an abstract notion called non-malleable codes introduced in an earlier work. In Chapter 5 and 6 we mainly improve the state-of-art of non-malleable codes. In Chapter 5 we provide new constructions of such codes [FMVW14], which implicitly resolve the question of memory-tampering in an important model using the known transformation. In the same chapter we also introduce a new and related notion called non-malleable key-derivations which are found to be useful in tamper-resilience as well. Finally in Chapter 6 we strengthen the prior definitions of non-malleable codes by considering continuous tampering [FMNV14]. We provide a construction which satisfies the stronger definition. This strengthening against continuous tampering provides new and better solutions for generic tamper-resilience which removes the requirement of erasures that were necessary in earlier transformations. We explicitly present the new transformations based on our continuous notion.