In recent years, we have witnessed an upsurge in cyber-attacks and data breach incidents that put tremendous data at risk, affect millions of users, and cause severe economic losses. As an in-depth defence to counter the persistent and pervasive ...

Modern CPU designs are beginning to incorporate secure hardware features, but leave developers with little control over both the set of features and when and whether updates are available. Reconfigurable logic (e.g., FPGAs) has been proposed as an ...

Numerous cryptographic protocols and mechanisms have been developed to solve computer security challenges, and these techniques vary considerably with respect to security assumptions, performance tradeoffs, and applicability to problems. Secure hardware ...

Functional encryption (FE) is an extremely powerful cryptographic mechanism that lets an authorized entity compute on encrypted data, and learn the results in the clear. However, all current cryptographic instantiations for general FE are too impractical ...

Verifying the integrity of outsourced data is a classic, well-studied problem. However current techniques have fundamental performance and concurrency limitations for update-heavy workloads. In this paper, we investigate the potential advantages of ...

Bitcoin seems to be the most successful cryptocurrency so far given the growing real life deployment and popularity. While Bitcoin requires clients to be online to perform transactions and a certain amount of time to verify them, there are many real ...

Side-channel and fault injection attacks are two threats on devices carrying sensitive information. Protections are thus implemented at design time. However, CAD (Computer Aided Design) tools can compromise them, in ways we detail pedagogically in this ...

Identity and authentication solutions often lack usability and scalability, or do not provide high enough authentication assurance. The concept of Lucidman (Local User-Centric Identity Management) is an approach to providing scalable, secure and user ...

The increasing IC manufacturing cost encourages a business model where design houses outsource IC fabrication to remote foundries. Despite cost savings, this model exposes design houses to IC piracy as remote foundries can manufacture in excess to sell on ...

Caches are integral parts in modern computers; they leverage the memory access patterns of a program to mitigate the gap between the fast processors and slow memory components.

Unfortunately, the behavior of caches can be exploited by attackers to infer ...

In this work, we propose a hardware Trojan within a given encryption platform. This malicious hardware aims at leaking the secret key used for encryption without perturbing the system so that the user does not notice it. We propose a hardware Trojan ...

Contemporary trusted execution environments provide a good foundation for implementing secure user credentials, but these are not properly bound to the application instances that implement their use. This paper introduces a framework for application-...

In this paper we present a software-based implementation of a Mobile Remote Owner Trusted Module, using security extensions of contemporary System-On-Chip architectures. An explicit challenge are the constrained resources of such on-chip mechanisms. We ...

Program Obfuscation that renders any given program essentially equivalent to a black box, while desirable, is impossible [4] in the general polynomial time adversary models. It is natural to search for positive results under restricted programs (e.g., ...

Superdistribution and other peer-to-peer (P2P) distribution schemes like sharing or rental offer a flexible and user-friendly way to distribute digital content. However, the parties involved have different interests (e.g. user privacy vs. license ...

Securely storing and using credentials is critical for ensuring the security of many modern distributed applications. Existing approaches to address this problem fall short. User memorizable passwords are flexible and cheap, but they suffer from bad ...

Designing "secure hardware" like a chip card controller, is a challenging task for hardware manufacturers: More and more attacks that are also more and more sophisticated generate a need for more and more countermeasures. Developers of these devices ...

We introduce a data structure for program execution under a limited oblivious execution model. For fully oblivious execution along the lines of Goldreich and Ostrovsky [2], one transforms a given program into a one that has totally random looking ...