Using Universal Composition to Design and Analyze Secure Complex Hardware Systems
Ran Canetti1, Marten van Dijk2, Hoda Maleki3, Ulrich Rührmair4 and Patrick Schaumont5
1Boston University
fganji@ufl.edu
2CWI Amsterdam and UConn.
hmaleki@augusta.edu
3Augusta University,
ruehrmair@ilo.de
4LMU Munich and University of Connecticut
pschaumont@wpi.edu
5WPI
ABSTRACT
Modern hardware typically is characterized by a multitude of interacting physical components and software mechanisms. To address this complexity, security analysis should be modular: We would like to formulate and prove security properties of individual components, and then deduce the security of the overall design (encompassing hardware and software) from the security of the components. While this seems like an elusive goal, we argue that this is essentially the only feasible way to provide rigorous security analysis of modern hardware. This paper investigates the possibility of using the Universally Composable (UC) security framework towards this aim. The UC framework has been devised and successfully used in the theoretical cryptography community to study and formally prove security of arbitrarily interleaving cryptographic protocols. In particular, a sophisticated analytical toolbox has been developed using this framework. We provide an introduction to this framework, and investigate, via a number of examples, ways by which this framework can be used to facilitate a novel type of modular security analysis. This analysis applies to combined hardware and software systems, and investigates their security against attacks that combine both physical and digital steps.
Keywords: Universal Composition Framework, Hardware Security, Physical Cryptography and Security.