2023 Fiscal Year Final Research Report
Analysis and Evaluation of Publicly Verifiable Algorithm based Tamper Resistance Technology
| Project/Area Number |
20K11821
|
|---|
| Research Category |
Grant-in-Aid for Scientific Research (C)
|
| Allocation Type | Multi-year Fund |
|---|
| Section | 一般 |
|---|
| Review Section |
Basic Section 60070:Information security-related
|
|---|
| Research Institution | Shizuoka Institute of Science and Technology |
|---|
Principal Investigator |
Oishi Kazuomi 静岡理工科大学, 情報学部, 准教授 (20635213)
|
|---|
| Project Period (FY) |
2020-04-01 – 2024-03-31
|
| Keywords | 耐タンパーソフトウェア / indirect jump / データメモリ / Intel CET / TEE / White-Box Cryptography / iO |
|---|
| Outline of Final Research Achievements |
We had two results: 1) a study on the detailed specification of indirect jumps and ROP based self-destructive tamper resistant software (SDTRS), 2) a survey of underlying technologies such as TEE. Since vulnerability mitigation technology Intel CET appeared, it was necessary to confirm that the proposed SDTRS can co-exist with Intel CET. So, the results were restricted than expected.
As to 1, we showed a possibility of the coexistence by carefully crafting assembly program of ROP-based SDTRS so that it can co-exist with Intel CET, and studied utilizations of indirect jumps, etc. As to 2, we studied TEE specification and showed that loss of tamper resistance with respect to the REE outside TEE is a disadvantage of TEE, and proposed utilization of tamper resistant software for programs in REE as a countermeasure.
|
| Free Research Field |
情報セキュリティ
|
| Academic Significance and Societal Importance of the Research Achievements |
indirect jumpやReturn-Oriented Programming (ROP) を用いるアルゴリズム公開型の自己破壊的耐タンパーソフトウェアを実現する方法について具体的な仕様を検討した.脆弱性緩和技術Intel CETの登場を踏まえてROPとの共存可能性を検討して示すことができた.特別なハードウェアを利用する耐タンパー技術TEEの欠点はREE内の耐タンパー性の欠如であることと対策を示した.理論的な研究のindistinguishable ObfuscationとWhite-Box Cryptographyの最新研究動向を把握した.これらは安全・安心なプログラムの実現に貢献する.
|
