Search

Your search keyword '"Zanella-Béguelin, Santiago"' showing total 94 results
Start Over Author "Zanella-Béguelin, Santiago"
94 results on '"Zanella-Béguelin, Santiago"'

1. Permissive Information-Flow Analysis for Large Language Models

Author

Siddiqui, Shoaib Ahmed, Gaonkar, Radhika, Köpf, Boris, Krueger, David, Paverd, Andrew, Salem, Ahmed, Tople, Shruti, Wutschitz, Lukas, Xia, Menglin, and Zanella-Béguelin, Santiago

Subjects
Computer Science - Machine Learning, Computer Science - Artificial Intelligence
Abstract

Large Language Models (LLMs) are rapidly becoming commodity components of larger software systems. This poses natural security and privacy problems: poisoned data retrieved from one component can change the model's behavior and compromise the entire system, including coercing the model to spread confidential data to untrusted components. One promising approach is to tackle this problem at the system level via dynamic information flow (aka taint) tracking. Unfortunately, the traditional approach of propagating the most restrictive input label to the output is too conservative for applications where LLMs operate on inputs retrieved from diverse sources. In this paper, we propose a novel, more permissive approach to propagate information flow labels through LLM queries. The key idea behind our approach is to propagate only the labels of the samples that were influential in generating the model output and to eliminate the labels of unnecessary input. We implement and investigate the effectiveness of two variations of this approach, based on (i) prompt-based retrieval augmentation, and (ii) a $k$-nearest-neighbors language model. We compare these with the baseline of an introspection-based influence estimator that directly asks the language model to predict the output label. The results obtained highlight the superiority of our prompt-based label propagator, which improves the label in more than 85% of the cases in an LLM agent setting. These findings underscore the practicality of permissive label propagation for retrieval augmentation., Comment: 16 pages, 11 figures

Published
2024

2. Dataset and Lessons Learned from the 2024 SaTML LLM Capture-the-Flag Competition

Author

Debenedetti, Edoardo, Rando, Javier, Paleka, Daniel, Florin, Silaghi Fineas, Albastroiu, Dragos, Cohen, Niv, Lemberg, Yuval, Ghosh, Reshmi, Wen, Rui, Salem, Ahmed, Cherubin, Giovanni, Zanella-Beguelin, Santiago, Schmid, Robin, Klemm, Victor, Miki, Takahiro, Li, Chenhao, Kraft, Stefan, Fritz, Mario, Tramèr, Florian, Abdelnabi, Sahar, and Schönherr, Lea

Subjects
Computer Science - Cryptography and Security, Computer Science - Artificial Intelligence
Abstract

Large language model systems face important security risks from maliciously crafted messages that aim to overwrite the system's original instructions or leak private data. To study this problem, we organized a capture-the-flag competition at IEEE SaTML 2024, where the flag is a secret string in the LLM system prompt. The competition was organized in two phases. In the first phase, teams developed defenses to prevent the model from leaking the secret. During the second phase, teams were challenged to extract the secrets hidden for defenses proposed by the other teams. This report summarizes the main insights from the competition. Notably, we found that all defenses were bypassed at least once, highlighting the difficulty of designing a successful defense and the necessity for additional research to protect LLM systems. To foster future research in this direction, we compiled a dataset with over 137k multi-turn attack chats and open-sourced the platform.

Published
2024

3. Closed-Form Bounds for DP-SGD against Record-level Inference

Author

Cherubin, Giovanni, Köpf, Boris, Paverd, Andrew, Tople, Shruti, Wutschitz, Lukas, and Zanella-Béguelin, Santiago

Subjects
Computer Science - Cryptography and Security, Computer Science - Machine Learning
Abstract

Machine learning models trained with differentially-private (DP) algorithms such as DP-SGD enjoy resilience against a wide range of privacy attacks. Although it is possible to derive bounds for some attacks based solely on an $(\varepsilon,\delta)$-DP guarantee, meaningful bounds require a small enough privacy budget (i.e., injecting a large amount of noise), which results in a large loss in utility. This paper presents a new approach to evaluate the privacy of machine learning models against specific record-level threats, such as membership and attribute inference, without the indirection through DP. We focus on the popular DP-SGD algorithm, and derive simple closed-form bounds. Our proofs model DP-SGD as an information theoretic channel whose inputs are the secrets that an attacker wants to infer (e.g., membership of a data record) and whose outputs are the intermediate model parameters produced by iterative optimization. We obtain bounds for membership inference that match state-of-the-art techniques, whilst being orders of magnitude faster to compute. Additionally, we present a novel data-dependent bound against attribute inference. Our results provide a direct, interpretable, and practical way to evaluate the privacy of trained models against specific inference threats without sacrificing utility.

Published
2024

4. On the Efficacy of Differentially Private Few-shot Image Classification

Author

Tobaben, Marlon, Shysheya, Aliaksandra, Bronskill, John, Paverd, Andrew, Tople, Shruti, Zanella-Beguelin, Santiago, Turner, Richard E, and Honkela, Antti

Subjects
Statistics - Machine Learning, Computer Science - Cryptography and Security, Computer Science - Machine Learning
Abstract

There has been significant recent progress in training differentially private (DP) models which achieve accuracy that approaches the best non-private models. These DP models are typically pretrained on large public datasets and then fine-tuned on private downstream datasets that are relatively large and similar in distribution to the pretraining data. However, in many applications including personalization and federated learning, it is crucial to perform well (i) in the few-shot setting, as obtaining large amounts of labeled data may be problematic; and (ii) on datasets from a wide variety of domains for use in various specialist settings. To understand under which conditions few-shot DP can be effective, we perform an exhaustive set of experiments that reveals how the accuracy and vulnerability to attack of few-shot DP image classification models are affected as the number of shots per class, privacy level, model architecture, downstream dataset, and subset of learnable parameters in the model vary. We show that to achieve DP accuracy on par with non-private models, the shots per class must be increased as the privacy level increases. We also show that learning parameter-efficient FiLM adapters under DP is competitive with learning just the final classifier layer or learning all of the network parameters. Finally, we evaluate DP federated learning systems and establish state-of-the-art performance on the challenging FLAIR benchmark., Comment: 49 pages, 24 figures; published in TMLR 12/2023 https://openreview.net/forum?id=hFsr59Imzm

Published
2023

5. Analyzing Leakage of Personally Identifiable Information in Language Models

Author

Lukas, Nils, Salem, Ahmed, Sim, Robert, Tople, Shruti, Wutschitz, Lukas, and Zanella-Béguelin, Santiago

Subjects
Computer Science - Machine Learning
Abstract

Language Models (LMs) have been shown to leak information about training data through sentence-level membership inference and reconstruction attacks. Understanding the risk of LMs leaking Personally Identifiable Information (PII) has received less attention, which can be attributed to the false assumption that dataset curation techniques such as scrubbing are sufficient to prevent PII leakage. Scrubbing techniques reduce but do not prevent the risk of PII leakage: in practice scrubbing is imperfect and must balance the trade-off between minimizing disclosure and preserving the utility of the dataset. On the other hand, it is unclear to which extent algorithmic defenses such as differential privacy, designed to guarantee sentence- or user-level privacy, prevent PII disclosure. In this work, we introduce rigorous game-based definitions for three types of PII leakage via black-box extraction, inference, and reconstruction attacks with only API access to an LM. We empirically evaluate the attacks against GPT-2 models fine-tuned with and without defenses in three domains: case law, health care, and e-mails. Our main contributions are (i) novel attacks that can extract up to 10$\times$ more PII sequences than existing attacks, (ii) showing that sentence-level differential privacy reduces the risk of PII disclosure but still leaks about 3% of PII sequences, and (iii) a subtle connection between record-level membership inference and PII reconstruction. Code to reproduce all experiments in the paper is available at https://github.com/microsoft/analysing_pii_leakage., Comment: IEEE Symposium on Security and Privacy (S&P) 2023

Published
2023

6. SoK: Let the Privacy Games Begin! A Unified Treatment of Data Inference Privacy in Machine Learning

Author

Salem, Ahmed, Cherubin, Giovanni, Evans, David, Köpf, Boris, Paverd, Andrew, Suri, Anshuman, Tople, Shruti, and Zanella-Béguelin, Santiago

Subjects
Computer Science - Machine Learning, Computer Science - Cryptography and Security, Computer Science - Computer Science and Game Theory
Abstract

Deploying machine learning models in production may allow adversaries to infer sensitive information about training data. There is a vast literature analyzing different types of inference risks, ranging from membership inference to reconstruction attacks. Inspired by the success of games (i.e., probabilistic experiments) to study security properties in cryptography, some authors describe privacy inference risks in machine learning using a similar game-based style. However, adversary capabilities and goals are often stated in subtly different ways from one presentation to the other, which makes it hard to relate and compose results. In this paper, we present a game-based framework to systematize the body of knowledge on privacy inference risks in machine learning. We use this framework to (1) provide a unifying structure for definitions of inference risks, (2) formally establish known relations among definitions, and (3) to uncover hitherto unknown relations that would have been difficult to spot otherwise., Comment: 20 pages, to appear in 2023 IEEE Symposium on Security and Privacy

Published
2022

7. Bayesian Estimation of Differential Privacy

Author

Zanella-Béguelin, Santiago, Wutschitz, Lukas, Tople, Shruti, Salem, Ahmed, Rühle, Victor, Paverd, Andrew, Naseri, Mohammad, Köpf, Boris, and Jones, Daniel

Subjects
Computer Science - Machine Learning, Computer Science - Cryptography and Security
Abstract

Algorithms such as Differentially Private SGD enable training machine learning models with formal privacy guarantees. However, there is a discrepancy between the protection that such algorithms guarantee in theory and the protection they afford in practice. An emerging strand of work empirically estimates the protection afforded by differentially private training as a confidence interval for the privacy budget $\varepsilon$ spent on training a model. Existing approaches derive confidence intervals for $\varepsilon$ from confidence intervals for the false positive and false negative rates of membership inference attacks. Unfortunately, obtaining narrow high-confidence intervals for $\epsilon$ using this method requires an impractically large sample size and training as many models as samples. We propose a novel Bayesian method that greatly reduces sample size, and adapt and validate a heuristic to draw more than one sample per trained model. Our Bayesian method exploits the hypothesis testing interpretation of differential privacy to obtain a posterior for $\varepsilon$ (not just a confidence interval) from the joint posterior of the false positive and false negative rates of membership inference attacks. For the same sample size and confidence, we derive confidence intervals for $\varepsilon$ around 40% narrower than prior work. The heuristic, which we adapt from label-only DP, can be used to further reduce the number of trained models needed to get enough samples by up to 2 orders of magnitude., Comment: 17 pages, 8 figures. Joint main authors: Santiago Zanella-B\'eguelin, Lukas Wutschitz, and Shruti Tople

Published
2022

8. Analyzing Information Leakage of Updates to Natural Language Models

Author

Zanella-Béguelin, Santiago, Wutschitz, Lukas, Tople, Shruti, Rühle, Victor, Paverd, Andrew, Ohrimenko, Olga, Köpf, Boris, and Brockschmidt, Marc

Subjects
Computer Science - Machine Learning, Computer Science - Computation and Language, Computer Science - Cryptography and Security, Statistics - Machine Learning
Abstract

To continuously improve quality and reflect changes in data, machine learning applications have to regularly retrain and update their core models. We show that a differential analysis of language model snapshots before and after an update can reveal a surprising amount of detailed information about changes in the training data. We propose two new metrics---\emph{differential score} and \emph{differential rank}---for analyzing the leakage due to updates of natural language models. We perform leakage analysis using these metrics across models trained on several different datasets using different methods and configurations. We discuss the privacy implications of our findings, propose mitigation strategies and evaluate their effect.

Published
2019
Full Text
View/download PDF

9. A Monadic Framework for Relational Verification: Applied to Information Security, Program Equivalence, and Optimizations

Author

Grimm, Niklas, Maillard, Kenji, Fournet, Cédric, Hritcu, Catalin, Maffei, Matteo, Protzenko, Jonathan, Ramananandro, Tahina, Rastogi, Aseem, Swamy, Nikhil, and Zanella-Béguelin, Santiago

Subjects
Computer Science - Programming Languages, Computer Science - Cryptography and Security
Abstract

Relational properties describe multiple runs of one or more programs. They characterize many useful notions of security, program refinement, and equivalence for programs with diverse computational effects, and they have received much attention in the recent literature. Rather than developing separate tools for special classes of effects and relational properties, we advocate using a general purpose proof assistant as a unifying framework for the relational verification of effectful programs. The essence of our approach is to model effectful computations using monads and to prove relational properties on their monadic representations, making the most of existing support for reasoning about pure programs. We apply this method in F* and evaluate it by encoding a variety of relational program analyses, including information flow control, program equivalence and refinement at higher order, correctness of program optimizations and game-based cryptographic security. By relying on SMT-based automation, unary weakest preconditions, user-defined effects, and monadic reification, we show that, compared to unary properties, verifying relational properties requires little additional effort from the F* programmer., Comment: CPP'18 extended version with the missing ERC acknowledgement

Published
2017
Full Text
View/download PDF

10. Verified Low-Level Programming Embedded in F*

Author

Protzenko, Jonathan, Zinzindohoué, Jean-Karim, Rastogi, Aseem, Ramananandro, Tahina, Wang, Peng, Zanella-Béguelin, Santiago, Delignat-Lavaud, Antoine, Hritcu, Catalin, Bhargavan, Karthikeyan, Fournet, Cédric, and Swamy, Nikhil

Subjects
Computer Science - Programming Languages, Computer Science - Cryptography and Security
Abstract

We present Low*, a language for low-level programming and verification, and its application to high-assurance optimized cryptographic libraries. Low* is a shallow embedding of a small, sequential, well-behaved subset of C in F*, a dependently-typed variant of ML aimed at program verification. Departing from ML, Low* does not involve any garbage collection or implicit heap allocation; instead, it has a structured memory model \`a la CompCert, and it provides the control required for writing efficient low-level security-critical code. By virtue of typing, any Low* program is memory safe. In addition, the programmer can make full use of the verification power of F* to write high-level specifications and verify the functional correctness of Low* code using a combination of SMT automation and sophisticated manual proofs. At extraction time, specifications and proofs are erased, and the remaining code enjoys a predictable translation to C. We prove that this translation preserves semantics and side-channel resistance. We provide a new compiler back-end from Low* to C and, to evaluate our approach, we implement and verify various cryptographic algorithms, constructions, and tools for a total of about 28,000 lines of code, specification and proof. We show that our Low* code delivers performance competitive with existing (unverified) C cryptographic libraries, suggesting our approach may be applicable to larger-scale low-level software., Comment: extended version of ICFP final camera ready version; only Acknowledgements differ from 30 Aug 2017 version

Published
2017
Full Text
View/download PDF

11. Rethinking Privacy in Machine Learning Pipelines from an Information Flow Control Perspective

Author

Wutschitz, Lukas, Köpf, Boris, Paverd, Andrew, Rajmohan, Saravan, Salem, Ahmed, Tople, Shruti, Zanella-Béguelin, Santiago, Xia, Menglin, Rühle, Victor, Wutschitz, Lukas, Köpf, Boris, Paverd, Andrew, Rajmohan, Saravan, Salem, Ahmed, Tople, Shruti, Zanella-Béguelin, Santiago, Xia, Menglin, and Rühle, Victor

Abstract

Modern machine learning systems use models trained on ever-growing corpora. Typically, metadata such as ownership, access control, or licensing information is ignored during training. Instead, to mitigate privacy risks, we rely on generic techniques such as dataset sanitization and differentially private model training, with inherent privacy/utility trade-offs that hurt model performance. Moreover, these techniques have limitations in scenarios where sensitive information is shared across multiple participants and fine-grained access control is required. By ignoring metadata, we therefore miss an opportunity to better address security, privacy, and confidentiality challenges. In this paper, we take an information flow control perspective to describe machine learning systems, which allows us to leverage metadata such as access control policies and define clear-cut privacy and confidentiality guarantees with interpretable information flows. Under this perspective, we contrast two different approaches to achieve user-level non-interference: 1) fine-tuning per-user models, and 2) retrieval augmented models that access user-specific datasets at inference time. We compare these two approaches to a trivially non-interfering zero-shot baseline using a public model and to a baseline that fine-tunes this model on the whole corpus. We evaluate trained models on two datasets of scientific articles and demonstrate that retrieval augmented architectures deliver the best utility, scalability, and flexibility while satisfying strict non-interference guarantees.

Published
2023

12. Proving the TLS Handshake Secure (As It Is)

Author

Bhargavan, Karthikeyan, Fournet, Cédric, Kohlweiss, Markulf, Pironti, Alfredo, Strub, Pierre-Yves, Zanella-Béguelin, Santiago, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Kobsa, Alfred, Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Garay, Juan A., editor, and Gennaro, Rosario, editor

Published
2014
Full Text
View/download PDF

13. Computer-Aided Cryptographic Proofs

Author

Barthe, Gilles, Crespo, Juan Manuel, Grégoire, Benjamin, Kunz, César, Zanella Béguelin, Santiago, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Beringer, Lennart, editor, and Felty, Amy, editor

Published
2012
Full Text
View/download PDF

14. Probabilistic Relational Hoare Logics for Computer-Aided Security Proofs

Author

Barthe, Gilles, Grégoire, Benjamin, Zanella Béguelin, Santiago, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Gibbons, Jeremy, editor, and Nogueira, Pablo, editor

Published
2012
Full Text
View/download PDF

15. Verified Indifferentiable Hashing into Elliptic Curves

Author

Barthe, Gilles, Grégoire, Benjamin, Heraud, Sylvain, Olmedo, Federico, Zanella Béguelin, Santiago, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Degano, Pierpaolo, editor, and Guttman, Joshua D., editor

Published
2012
Full Text
View/download PDF

16. Beyond Provable Security Verifiable IND-CCA Security of OAEP

Author

Barthe, Gilles, Grégoire, Benjamin, Lakhnech, Yassine, Zanella Béguelin, Santiago, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, and Kiayias, Aggelos, editor

Published
2011
Full Text
View/download PDF

17. Programming Language Techniques for Cryptographic Proofs

Author

Barthe, Gilles, Grégoire, Benjamin, Zanella Béguelin, Santiago, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Kaufmann, Matt, editor, and Paulson, Lawrence C., editor

Published
2010
Full Text
View/download PDF

18. Formal Certification of ElGamal Encryption : A Gentle Introduction to CertiCrypt

Author

Barthe, Gilles, Grégoire, Benjamin, Heraud, Sylvain, Zanella Béguelin, Santiago, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Degano, Pierpaolo, editor, Guttman, Joshua, editor, and Martinelli, Fabio, editor

Published
2009
Full Text
View/download PDF

19. A Formal Specification of the MIDP 2.0 Security Model

Author

Zanella Béguelin, Santiago, Betarte, Gustavo, Luna, Carlos, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Dimitrakos, Theo, editor, Martinelli, Fabio, editor, Ryan, Peter Y. A., editor, and Schneider, Steve, editor

Published
2007
Full Text
View/download PDF

20. Automation in Computer-Aided Cryptography: Proofs, Attacks and Designs

Author

Barthe, Gilles, Grégoire, Benjamin, Kunz, César, Lakhnech, Yassine, Zanella Béguelin, Santiago, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Hawblitzel, Chris, editor, and Miller, Dale, editor

Published
2012
Full Text
View/download PDF

21. Proving the TLS Handshake Secure (As It Is)

Author

Bhargavan, Karthikeyan, primary, Fournet, Cédric, additional, Kohlweiss, Markulf, additional, Pironti, Alfredo, additional, Strub, Pierre-Yves, additional, and Zanella-Béguelin, Santiago, additional

Published
2014
Full Text
View/download PDF

25. Imperfect forward secrecy.

Author

Adrian, David, Bhargavan, Karthikeyan, Durumeric, Zakir, Gaudry, Pierrick, Green, Matthew, Halderman, J. Alex, Heninger, Nadia, Springall, Drew, Thomé, Emmanuel, Valenta, Luke, VanderSloot, Benjamin, Wustrow, Eric, Zanella-Béguelin, Santiago, and Zimmermann, Paul

Subjects
COMPUTER network protocols, PUBLIC key cryptography, CRYPTOGRAPHY, CRYPTOSYSTEMS, DATA encryption, COMPUTER network security, VIRTUAL private networks
Abstract

We investigate the security of Diffie-Hellman key exchange as used in popular Internet protocols and find it to be less secure than widely believed. First, we present Logjam, a novel flaw in TLS that lets a man-in-the-middle downgrade connections to "export-grade" Diffie-Hellman. To carry out this attack, we implement the number field sieve discrete logarithm algorithm. After a week-long precomputation for a specified 512-bit group, we can compute arbitrary discrete logarithms in that group in about a minute. We find that 82% of vulnerable servers use a single 512-bit group, and that 8.4% of Alexa Top Million HTTPS sites are vulnerable to the attack. In response, major browsers have changed to reject short groups. We go on to consider Diffie-Hellman with 768- and 1024-bit groups. We estimate that even in the 1024-bit case, the computations are plausible given nation-state resources. A small number of fixed or standardized groups are used by millions of servers; performing precomputation for a single 1024-bit group would allow passive eavesdropping on 18% of popular HTTPS sites, and a second group would allow decryption of traffic to 66% of IPsec VPNs and 26% of SSH servers. A close reading of published NSA leaks shows that the agency's attacks on VPNs are consistent with having achieved such a break. We conclude that moving to stronger key exchange methods should be a priority for the Internet community. [ABSTRACT FROM AUTHOR]

Published
2019
Full Text
View/download PDF

30. A Monadic Framework for Relational Verification

Author

Grimm , Niklas, Maillard , Kenji, Fournet , Cédric, Hriţcu , Cătălin, Maffei , Matteo, Protzenko , Jonathan, Ramananandro , Tahina, Rastogi , Aseem, Swamy , Nikhil, Zanella‐Béguelin , Santiago, Vienna University of Technology (TU Wien), École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL), Programming securely with cryptography (PROSECCO ), Inria de Paris, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), Microsoft Research [Cambridge] (Microsoft), Microsoft Research, European Project: 715753,H2020,SECOMP(2017), École normale supérieure - Paris (ENS-PSL), Programming securely with cryptography (PROSECCO), Technische Universität Wien ( TU Wien ), École normale supérieure - Paris ( ENS Paris ), Programming securely with cryptography ( PROSECCO ), Inria Paris-Rocquencourt, Institut National de Recherche en Informatique et en Automatique ( Inria ) -Institut National de Recherche en Informatique et en Automatique ( Inria ), Microsoft Research [Cambridge] ( Microsoft ), and European Project : 715753,H2020,SECOMP ( 2017 )

Subjects
Program Verification, Weakest Preconditions, Information-Flow Control, Relational Verification, [INFO.INFO-PL]Computer Science [cs]/Programming Languages [cs.PL], Program Equivalence and Refinement, ACM : I.: Computing Methodologies/I.2: ARTIFICIAL INTELLIGENCE/I.2.2: Automatic Programming/I.2.2.4: Program verification, ACM: I.: Computing Methodologies/I.2: ARTIFICIAL INTELLIGENCE/I.2.2: Automatic Programming/I.2.2.4: Program verification, [ INFO.INFO-CR ] Computer Science [cs]/Cryptography and Security [cs.CR], ACM : D.: Software/D.4: OPERATING SYSTEMS/D.4.6: Security and Protection/D.4.6.3: Information flow controls, SMT-based Automation, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Monadic Effects, Certified Optimizations, [ INFO.INFO-PL ] Computer Science [cs]/Programming Languages [cs.PL], Proof Assistants, ACM: D.: Software/D.4: OPERATING SYSTEMS/D.4.6: Security and Protection/D.4.6.3: Information flow controls
Abstract

International audience; Relational properties describe multiple runs of one or more programs. They characterize many useful notions of security, program refinement, and equivalence for programs with diverse computational effects, and they have received much attention in the recent literature. Rather than developing separate tools for special classes of effects and relational properties, we advocate using a general purpose proof assistant as a unifying framework for the relational verification of effectful programs. The essence of our approach is to model effectful computations using monads and to prove relational properties on their monadic representations, making the most of existing support for reasoning about pure programs.We apply this method in F* and evaluate it by encoding a variety of relational program analyses, including information flow control, program equivalence and refinement at higher order, correctness of program optimizations and game-based cryptographic security. By relying on SMT-based automation, unary weakest preconditions, user-defined effects, and monadic reification, we show that, compared to unary properties, verifying relational properties requires little additional effort from the F* programmer.

Published
2018
Full Text
View/download PDF

31. Everest: Towards a Verified, Drop‐in Replacement of HTTPS

Author

Bhargavan, Karthikeyan, Bond, Barry, Delignat‐lavaud, Antoine, Fournet, Cédric, Hawblitzel, Chris, Hritcu, Catalin, Ishtiaq, Samin, Kohlweiss, Markulf, Leino, Rustan, Lorch, Jay, Maillard, Kenji, Pain, Jianyang, Parno, Bryan, Protzenko, Jonathan, Ramananandro, Tahina, Rane, Ashay, Rastogi, Aseem, Swamy, Nikhil, Thompson, Laure, Wang, Perry, Zanella‐béguelin, Santiago, Zinzindohoué, Jean Karim, Programming securely with cryptography (PROSECCO ), Inria de Paris, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), Microsoft Research, Programming securely with cryptography (PROSECCO), Inria Paris-Rocquencourt, Microsoft Research [Cambridge] (Microsoft), École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL), Herbstritt, Marc, and École normale supérieure - Paris (ENS-PSL)

Subjects
060201 languages & linguistics, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], 000 Computer science, knowledge, general works, [INFO.INFO-PL]Computer Science [cs]/Programming Languages [cs.PL], 0602 languages and literature, Computer Science, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, 06 humanities and the arts, 02 engineering and technology
Abstract

International audience; The HTTPS ecosystem is the foundation on which Internet security is built. At the heart of this ecosystem is the Transport Layer Security (TLS) protocol, which in turn uses the X.509 public-key infrastructure and numerous cryptographic constructions and algorithms. Unfortunately, this ecosystem is extremely brittle, with headline-grabbing attacks and emergency patches many times a year. We describe our ongoing efforts in Everest (The Everest VERified End-to-end Secure Transport) a project that aims to build and deploy a verified version of TLS and other components of HTTPS, replacing the current infrastructure with proven, secure software. Aiming both at full verification and usability, we conduct high-level code-based, game-playing proofs of security on cryptographic implementations that yield efficient, deployable code, at the level of C and assembly. Concretely, we use F*, a dependently typed language for programming, meta-programming, and proving at a high level, while relying on low-level DSLs embedded within F* for programming low-level components when necessary for performance and, sometimes, side-channel resistance. To compose the pieces, we compile all our code to source-like C and assembly, suitable for deployment and integration with existing code bases, as well as audit by independent security experts. Our main results so far include (1) the design of Low*, a subset of F* designed for C-like imperative programming but with high-level verification support, and KreMLin, a compiler that extracts Low* programs to C; (2) an implementation of the TLS-1.3 record layer in Low*, together with a proof of its concrete cryptographic security; (3) Vale, a new DSL for verified assembly language, and several optimized cryptographic primitives proven functionally correct and side-channel resistant. In an early deployment, all our verified software is integrated and deployed within libcurl, a widely used library of networking protocols.

Published
2017
Full Text
View/download PDF

32. Imperfect forward secrecy

Author

Adrian, David, primary, Bhargavan, Karthikeyan, additional, Durumeric, Zakir, additional, Gaudry, Pierrick, additional, Green, Matthew, additional, Halderman, J. Alex, additional, Heninger, Nadia, additional, Springall, Drew, additional, Thomé, Emmanuel, additional, Valenta, Luke, additional, VanderSloot, Benjamin, additional, Wustrow, Eric, additional, Zanella-Béguelin, Santiago, additional, and Zimmermann, Paul, additional

Published
2018
Full Text
View/download PDF

34. Verified low-level programming embedded in F*

Author

Protzenko, Jonathan, primary, Zinzindohoué, Jean-Karim, additional, Rastogi, Aseem, additional, Ramananandro, Tahina, additional, Wang, Peng, additional, Zanella-Béguelin, Santiago, additional, Delignat-Lavaud, Antoine, additional, Hriţcu, Cătălin, additional, Bhargavan, Karthikeyan, additional, Fournet, Cédric, additional, and Swamy, Nikhil, additional

Published
2017
Full Text
View/download PDF

35. Everest: Towards a Verified, Drop-in Replacement of HTTPS

Author

Karthikeyan Bhargavan and Barry Bond and Antoine Delignat-Lavaud and Cédric Fournet and Chris Hawblitzel and Catalin Hritcu and Samin Ishtiaq and Markulf Kohlweiss and Rustan Leino and Jay Lorch and Kenji Maillard and Jianyang Pan and Bryan Parno and Jonathan Protzenko and Tahina Ramananandro and Ashay Rane and Aseem Rastogi and Nikhil Swamy and Laure Thompson and Peng Wang and Santiago Zanella-Béguelin and Jean-Karim Zinzindohoué, Bhargavan, Karthikeyan, Bond, Barry, Delignat-Lavaud, Antoine, Fournet, Cédric, Hawblitzel, Chris, Hritcu, Catalin, Ishtiaq, Samin, Kohlweiss, Markulf, Leino, Rustan, Lorch, Jay, Maillard, Kenji, Pan, Jianyang, Parno, Bryan, Protzenko, Jonathan, Ramananandro, Tahina, Rane, Ashay, Rastogi, Aseem, Swamy, Nikhil, Thompson, Laure, Wang, Peng, Zanella-Béguelin, Santiago, Zinzindohoué, Jean-Karim, Karthikeyan Bhargavan and Barry Bond and Antoine Delignat-Lavaud and Cédric Fournet and Chris Hawblitzel and Catalin Hritcu and Samin Ishtiaq and Markulf Kohlweiss and Rustan Leino and Jay Lorch and Kenji Maillard and Jianyang Pan and Bryan Parno and Jonathan Protzenko and Tahina Ramananandro and Ashay Rane and Aseem Rastogi and Nikhil Swamy and Laure Thompson and Peng Wang and Santiago Zanella-Béguelin and Jean-Karim Zinzindohoué, Bhargavan, Karthikeyan, Bond, Barry, Delignat-Lavaud, Antoine, Fournet, Cédric, Hawblitzel, Chris, Hritcu, Catalin, Ishtiaq, Samin, Kohlweiss, Markulf, Leino, Rustan, Lorch, Jay, Maillard, Kenji, Pan, Jianyang, Parno, Bryan, Protzenko, Jonathan, Ramananandro, Tahina, Rane, Ashay, Rastogi, Aseem, Swamy, Nikhil, Thompson, Laure, Wang, Peng, Zanella-Béguelin, Santiago, and Zinzindohoué, Jean-Karim

Abstract

The HTTPS ecosystem is the foundation on which Internet security is built. At the heart of this ecosystem is the Transport Layer Security (TLS) protocol, which in turn uses the X.509 public-key infrastructure and numerous cryptographic constructions and algorithms. Unfortunately, this ecosystem is extremely brittle, with headline-grabbing attacks and emergency patches many times a year. We describe our ongoing efforts in Everest (The Everest VERified End-to-end Secure Transport) a project that aims to build and deploy a verified version of TLS and other components of HTTPS, replacing the current infrastructure with proven, secure software. Aiming both at full verification and usability, we conduct high-level code-based, game-playing proofs of security on cryptographic implementations that yield efficient, deployable code, at the level of C and assembly. Concretely, we use F*, a dependently typed language for programming, meta-programming, and proving at a high level, while relying on low-level DSLs embedded within F* for programming low-level components when necessary for performance and, sometimes, side-channel resistance. To compose the pieces, we compile all our code to source-like C and assembly, suitable for deployment and integration with existing code bases, as well as audit by independent security experts. Our main results so far include (1) the design of Low*, a subset of F* designed for C-like imperative programming but with high-level verification support, and KreMLin, a compiler that extracts Low* programs to C; (2) an implementation of the TLS-1.3 record layer in Low*, together with a proof of its concrete cryptographic security; (3) Vale, a new DSL for verified assembly language, and several optimized cryptographic primitives proven functionally correct and side-channel resistant. In an early deployment, all our verified software is integrated and deployed within libcurl, a widely used library of networking protocols.

Published
2017
Full Text
View/download PDF

36. Formal Verification of Smart Contracts

Author

Bhargavan, Karthikeyan, primary, Delignat-Lavaud, Antoine, additional, Fournet, Cédric, additional, Gollamudi, Anitha, additional, Gonthier, Georges, additional, Kobeissi, Nadim, additional, Kulatova, Natalia, additional, Rastogi, Aseem, additional, Sibut-Pinote, Thomas, additional, Swamy, Nikhil, additional, and Zanella-Béguelin, Santiago, additional

Published
2016
Full Text
View/download PDF

37. Verified Security of Merkle-Damgaard

Author

Backes, Michael, Barthe, Gilles, Berg, Matthias, Grégoire, Benjamin, Kunz, Cesar, Skoruppa, Malte, Zanella-Béguelin, Santiago, Max Planck Institute for Software Systems (MPI-SWS), Institute IMDEA Software [Madrid], Mathematical, Reasoning and Software (MARELLE), Inria Sophia Antipolis - Méditerranée (CRISAM), Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), Microsoft Research [Cambridge] (Microsoft), and Microsoft Research

Subjects
[INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR]
Abstract

International audience; Cryptographic hash functions provide a basic data authentication mechanism and are used pervasively as building blocks to realize many cryptographic functionalities, including block ciphers, message authentication codes, key exchange protocols, and encryption and digital signature schemes. Since weaknesses in hash functions may imply vulnerabilities in the constructions that build upon them, ensuring their security is essential. Unfortunately, many widely used hash functions, including SHA-1 and MD5, are subject to practical attacks. The search for a secure replacement is one of the most active topics in the field of cryptography. In this paper we report on the first machine-checked and independently-verifiable proofs of collision-resistance and indifferentiability of Merkle-Damg{å}rd, a construction that underlies many existing hash functions. Our proofs are built and verified using an extension of the EasyCrypt framework, which relies on state-of-the-art verification tools such as automated theorem provers, SMT solvers, and interactive proof assistants.

Published
2012
Full Text
View/download PDF

38. Dependent types and multi-monadic effects in F*

Author

Swamy, Nikhil, primary, Hriţcu, Cătălin, additional, Keller, Chantal, additional, Rastogi, Aseem, additional, Delignat-Lavaud, Antoine, additional, Forest, Simon, additional, Bhargavan, Karthikeyan, additional, Fournet, Cédric, additional, Strub, Pierre-Yves, additional, Kohlweiss, Markulf, additional, Zinzindohoue, Jean-Karim, additional, and Zanella-Béguelin, Santiago, additional

Published
2016
Full Text
View/download PDF

39. Certification formelle de preuves cryptographiques basées sur les séquences de jeux

Author

Zanella-Béguelin, Santiago, Mathematical, Reasoning and Software (MARELLE), Inria Sophia Antipolis - Méditerranée (CRISAM), Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), École Nationale Supérieure des Mines de Paris, Gilles Barthe, and MINES ParisTech, Bibliothèque

Subjects
[INFO.INFO-GT]Computer Science [cs]/Computer Science and Game Theory [cs.GT], Preuves formelles, Assistant à la preuve Coq, Langages de Programmation, Complexity, Programming languages, Coq proof assistant, Formal proofs, Program verification, [INFO.INFO-GT] Computer Science [cs]/Computer Science and Game Theory [cs.GT], Cryptography, Cryptographie, Complexité, Vérification de programmes
Abstract

The game-based approach is a popular methodology for structuring cryptographic proofs as sequences of games. Game-based proofs can be rigorously formalized by taking a code-centric view of games as probabilistic programs and relying on programming language techniques to justify proof steps. In this dissertation we present CertiCrypt, a framework that enables the machine-checked construction and verification of game-based cryptographic proofs. CertiCrypt is built upon the general-purpose proof assistant Coq, from which it inherits the ability to provide independently verifiable evidence that proofs are correct, and draws on many areas, including probability and complexity theory, algebra, and semantics of programming languages. The framework provides certified tools to reason about the equivalence of probabilistic programs, including a relational Hoare logic, a theory of observational equivalence, verified program transformations, and ad-hoc programming language techniques of particular interest in cryptographic proofs, such as reasoning about failure events. We validate our framework through the formalization of several significant case studies, including proofs of security of the Optimal Asymmetric Encryption Padding scheme against adaptive chosen-ciphertext attacks, and of existential unforgeability of Full-Domain Hash signatures., Les séquences de jeux sont une méthodologie établie pour structurer les preuves cryptographiques. De telles preuves peuvent être formalisées rigoureusement en regardant les jeux comme des programmes probabilistes et en utilisant des méthodes de vérification de programmes. Cette thèse décrit CertiCrypt, un outil permettant la construction et vérification automatique de preuves basées sur les jeux. CertiCrypt est implémenté dans l'assistant à la preuve Coq, et repose sur de nombreux domaines, en particulier les probabilités, la complexité, l'algèbre, et la sémantique des langages de programmation. CertiCrypt fournit des outils certifiés pour raisonner sur l'équivalence de programmes probabilistes, en particulier une logique de Hoare relationnelle, une théorie équationnelle pour l'équivalence observationnelle, une bibliothèque de transformations de programme, et des techniques propres aux preuves cryptographiques, permettant de raisonner sur les évènements. Nous validons l'outil en formalisant les preuves de sécurité de plusieurs exemples emblématiques, notamment le schéma de chiffrement OAEP et le schéma de signature FDH.

Published
2010

40. Imperfect Forward Secrecy

Author

Adrian, David, primary, Bhargavan, Karthikeyan, additional, Durumeric, Zakir, additional, Gaudry, Pierrick, additional, Green, Matthew, additional, Halderman, J. Alex, additional, Heninger, Nadia, additional, Springall, Drew, additional, Thomé, Emmanuel, additional, Valenta, Luke, additional, VanderSloot, Benjamin, additional, Wustrow, Eric, additional, Zanella-Béguelin, Santiago, additional, and Zimmermann, Paul, additional

Published
2015
Full Text
View/download PDF

41. A formal specification of the MIDP 2.0 security model

Author

Zanella Béguelin, Santiago, Betarte Guidi, Gustavo, and Luna, Carlos

Subjects
Calculus of Inductive Constructions, MIDP 2.0, Security, Coq, Formal specification
Abstract

This paper overviews a formal specification, using the Calculus of Inductive Constructions, of the application security model defined by the Mobile Information Device Profile 2.0 for Java 2 Micro Edition. We present an abstract model of the state of the device and security-related events that allows to reason about the security properties of theplatform where the model is deployed. We then state and sketch the proof of some desirable properties of this model.

Published
2006

48. Full proof cryptography

Author

Bacelar Almeida, José, primary, Barbosa, Manuel, additional, Bangerter, Endre, additional, Barthe, Gilles, additional, Krenn, Stephan, additional, and Zanella Béguelin, Santiago, additional

Published
2012
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results