Search

Your search keyword '"Gu, Dawu"' showing total 662 results
Start Over Author "Gu, Dawu"
662 results on '"Gu, Dawu"'

1. Armored Core of PKI: Removing Signing Keys for CA via Efficient and Trusted Physical Certification

Author

Zhang, Xiaolin, Chen, Chenghao, Qin, Kailun, Wang, Yuxuan, Qu, Shipei, Wang, Tengfei, Zhang, Chi, and Gu, Dawu

Subjects
Computer Science - Cryptography and Security
Abstract

The signing key protection for Certificate Authorities (CAs) remains a critical concern in PKI. These keys can be exposed by carefully designed attacks or operational errors even today. Traditional protections fail to eliminate such risk since attackers always manage to find an exploit path to capture the digital key leakage. Even a single successful attack can compromise the security. This everlasting dilemma motivates us to consider removing CA's signing keys and propose Armored Core, a PKI security extension using the trusted binding of Physically Unclonable Function (PUF) for certificate operations. By eliminating explicit signing keys, it makes key exposure attacks impossible. In Armored Core, we design a set of PUF-based X.509v3 TLS certificate functions for CAs, where they generate physically trusted "signatures" without using a fixed key. We formally prove the existential unforgeability of the certificates. We propose the first PUF transparency mechanism to effectively monitor the calling behaviors of PUF. We also provide an open-sourced implementation where Armored Core is integrated into real-world PKI systems like Let's Encrypt Pebble CA and Certbot. The results show that it achieves key removal without any additional performance overhead. It offers a more trusted basis for PKI security through efficient physical operations with compatible functions.

Published
2024

2. Teamwork Makes TEE Work: Open and Resilient Remote Attestation on Decentralized Trust

Author

Zhang, Xiaolin, Qin, Kailun, Qu, Shipei, Wang, Tengfei, Zhang, Chi, and Gu, Dawu

Subjects
Computer Science - Cryptography and Security
Abstract

Remote Attestation (RA) enables the integrity and authenticity of applications in Trusted Execution Environment (TEE) to be verified. Existing TEE RA designs employ a centralized trust model where they rely on a single provisioned secret key and a centralized verifier to establish trust for remote parties. This model is however brittle and can be untrusted under advanced attacks nowadays. Besides, most designs only provide fixed functionalities once deployed, making them hard to adapt to different needs on availability, Quality of Service (QoS), etc. Therefore, we propose JANUS, an open and resilient TEE RA scheme. To decentralize trust, we, on one hand, introduce Physically Unclonable Function (PUF) as an intrinsic root of trust (RoT) in TEE to provide additional measurements and cryptographic enhancements. On the other hand, we use blockchain and smart contract to realize decentralized verification and result audit. Furthermore, we design an automated turnout mechanism that allows JANUS to remain resilient and offer flexible RA services under various situations. We provide a UC-based security proof and demonstrate the scalability and generality of JANUS by implementing an open-sourced prototype., Comment: 18 pages, 10 figures

Published
2024

3. Abusing Processor Exception for General Binary Instrumentation on Bare-metal Embedded Devices

Author

Qu, Shipei, Zhang, Xiaolin, Zhang, Chi, and Gu, Dawu

Subjects
Computer Science - Cryptography and Security
Abstract

Analyzing the security of closed-source drivers and libraries in embedded systems holds significant importance, given their fundamental role in the supply chain. Unlike x86, embedded platforms lack comprehensive binary manipulating tools, making it difficult for researchers and developers to effectively detect and patch security issues in such closed-source components. Existing works either depend on full-fledged operating system features or suffer from tedious corner cases, restricting their application to bare-metal firmware prevalent in embedded environments. In this paper, we present PIFER (Practical Instrumenting Framework for Embedded fiRmware) that enables general and fine-grained static binary instrumentation for embedded bare-metal firmware. By abusing the built-in hardware exception-handling mechanism of the embedded processors, PIFER can perform instrumentation on arbitrary target addresses. Additionally, We propose an instruction translation-based scheme to guarantee the correct execution of the original firmware after patching. We evaluate PIFER against real-world, complex firmware, including Zephyr RTOS, CoreMark benchmark, and a close-sourced commercial product. The results indicate that PIFER correctly instrumented 98.9% of the instructions. Further, a comprehensive performance evaluation was conducted, demonstrating the practicality and efficiency of our work., Comment: This paper has been accepted by the 61st ACM/IEEE Design Automation Conference (DAC '24), June 23--27, 2024, San Francisco, CA, USA

Published
2023
Full Text
View/download PDF

5. HODOR: Shrinking Attack Surface on Node.js via System Call Limitation

Author

Wang, Wenya, Lin, Xingwei, Wang, Jingyi, Gao, Wang, Gu, Dawu, Lv, Wei, and Wang, Jiashui

Subjects
Computer Science - Cryptography and Security
Abstract

Node.js provides Node.js applications with system interaction capabilities using system calls. However, such convenience comes with a price, i.e., the attack surface of JavaScript arbitrary code execution (ACE) vulnerabilities is expanded to the system call level. There lies a noticeable gap between existing protection techniques in the JavaScript code level (either by code debloating or read-write-execute permission restriction) and a targeted defense for emerging critical system call level exploitation. To fill the gap, we design and implement HODOR, a lightweight runtime protection system based on enforcing precise system call restrictions when running a Node.js application. HODOR achieved this by addressing several nontrivialial technical challenges. First, HODOR requires to construct high-quality call graphs for both the Node.js application (in JavaScript) and its underlying Node.js framework (in JavaScript and C/C++). Specifically, HODOR incorporates several important optimizations in both the JavaScript and C/C++ level to improve the state-of-the-art tools for building more precise call graphs. Then, HODOR creates the main-thread whitelist and the thread-pool whitelist respectively containing the identified necessary system calls based on the call graphs mappings. Finally, with the whitelists, HODOR implements lightweight system call restriction using the Linux kernel feature Secure Computing Mode (seccomp) to shrink the attack surface. We utilize HODOR to protect 83 real-world Node.js applications compromised by arbitrary code/command execution attacks. HODOR could reduce the attack surface to 16.75% on average with negligible runtime overhead (i.e., <3%).

Published
2023

8. A Refined Hardness Estimation of LWE in Two-Step Mode

Author

Xia, Wenwen, Wang, Leizhang, Wang, Geng, Gu, Dawu, Wang, Baocang, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Tang, Qiang, editor, and Teague, Vanessa, editor

Published
2024
Full Text
View/download PDF

9. Efficient KZG-Based Univariate Sum-Check and Lookup Argument

Author

Zhang, Yuncong, Sun, Shi-Feng, Gu, Dawu, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Tang, Qiang, editor, and Teague, Vanessa, editor

Published
2024
Full Text
View/download PDF

10. FaBFT: Flexible Asynchronous BFT Protocol Using DAG

Author

Song, Yu, Long, Yu, Xu, Xian, Gu, Dawu, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, and Ge, Chunpeng, editor

Published
2024
Full Text
View/download PDF

11. On the (In)Security of Manufacturer-Provided Remote Attestation Frameworks in Android

Author

Zhou, Ziyi, Xiao, Xuangan, Hou, Tianxiao, Hu, Yikun, Gu, Dawu, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Tsudik, Gene, editor, Conti, Mauro, editor, Liang, Kaitai, editor, and Smaragdakis, Georgios, editor

Published
2024
Full Text
View/download PDF

14. Polynomial IOPs for Memory Consistency Checks in Zero-Knowledge Virtual Machines

Author

Zhang, Yuncong, Sun, Shi-Feng, Zhang, Ren, Gu, Dawu, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, van Leeuwen, Jan, Series Editor, Hutchison, David, Editorial Board Member, Kanade, Takeo, Editorial Board Member, Kittler, Josef, Editorial Board Member, Kleinberg, Jon M., Editorial Board Member, Kobsa, Alfred, Series Editor, Mattern, Friedemann, Editorial Board Member, Mitchell, John C., Editorial Board Member, Naor, Moni, Editorial Board Member, Nierstrasz, Oscar, Series Editor, Pandu Rangan, C., Editorial Board Member, Sudan, Madhu, Series Editor, Terzopoulos, Demetri, Editorial Board Member, Tygar, Doug, Editorial Board Member, Weikum, Gerhard, Series Editor, Vardi, Moshe Y, Series Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Guo, Jian, editor, and Steinfeld, Ron, editor

Published
2023
Full Text
View/download PDF

17. Fine-Grained Verifier NIZK and Its Applications

Author

Liu, Xiangyu, Liu, Shengli, Han, Shuai, Gu, Dawu, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Boldyreva, Alexandra, editor, and Kolesnikov, Vladimir, editor

Published
2023
Full Text
View/download PDF

19. EKE Meets Tight Security in the Universally Composable Framework

Author

Liu, Xiangyu, Liu, Shengli, Han, Shuai, Gu, Dawu, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Boldyreva, Alexandra, editor, and Kolesnikov, Vladimir, editor

Published
2023
Full Text
View/download PDF

21. Grape: Efficient Hybrid Consensus Protocol Using DAG

Author

Song, Yu, Fan, Guoshun, Long, Yu, Liu, Zhen, Xu, Xian, Gu, Dawu, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Garcia-Alfaro, Joaquin, editor, Navarro-Arribas, Guillermo, editor, and Dragoni, Nicola, editor

Published
2023
Full Text
View/download PDF

28. Towards a Multi-Chain Future of Proof-of-Space

Author

Tang, Shuyang, Zheng, Jilai, Deng, Yao, Wang, Ziyu, Liu, Zhiqiang, and Gu, Dawu

Subjects
Computer Science - Cryptography and Security
Abstract

Proof-of-Space provides an intriguing alternative for consensus protocol of permissionless blockchains due to its recyclable nature and the potential to support multiple chains simultaneously. However, a direct shared proof of the same storage, which was adopted in the existing multi-chain schemes based on Proof-of-Space, could give rise to newborn attack on new chain launching. To fix this gap, we propose an innovative framework of single-chain Proof-of-Space and further present a novel multi-chain scheme which can resist newborn attack effectively by elaborately combining shared proof and chain-specific proof of storage. Moreover, we analyze the security of the multi-chain scheme and prove that it is incentive-compatible. This means that participants in such multi-chain system can achieve their greatest utility with our proposed strategy of storage resource partition., Comment: This paper is accepted by 15th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2019)

Published
2019

29. A Semantics-Based Hybrid Approach on Binary Code Similarity Comparison

Author

Hu, Yikun, Wang, Hui, Zhang, Yuanyuan, Li, Bodong, and Gu, Dawu

Subjects
Computer Science - Cryptography and Security
Abstract

Binary code similarity comparison is a methodology for identifying similar or identical code fragments in binary programs. It is indispensable in fields of software engineering and security, which has many important applications (e.g., plagiarism detection, bug detection). With the widespread of smart and IoT (Internet of Things) devices, an increasing number of programs are ported to multiple architectures (e.g. ARM, MIPS). It becomes necessary to detect similar binary code across architectures as well. The main challenge of this topic lies in the semantics-equivalent code transformation resulting from different compilation settings, code obfuscation, and varied instruction set architectures. Another challenge is the trade-off between comparison accuracy and coverage. Unfortunately, existing methods still heavily rely on semantics-less code features which are susceptible to the code transformation. Additionally, they perform the comparison merely either in a static or in a dynamic manner, which cannot achieve high accuracy and coverage simultaneously. In this paper, we propose a semantics-based hybrid method to compare binary function similarity. We execute the reference function with test cases, then emulate the execution of every target function with the runtime information migrated from the reference function. Semantic signatures are extracted during the execution as well as the emulation. Lastly, similarity scores are calculated from the signatures to measure the likeness of functions. We have implemented the method in a prototype system designated as BinMatch and evaluate it with nine real-word projects compiled with different compilation settings, on variant architectures, and with commonly-used obfuscation methods, totally performing over 100 million pairs of function comparison., Comment: arXiv admin note: text overlap with arXiv:1808.06216

Published
2019
Full Text
View/download PDF

30. BinMatch: A Semantics-based Hybrid Approach on Binary Code Clone Analysis

Author

Hu, Yikun, Zhang, Yuanyuan, Li, Juanru, Wang, Hui, Li, Bodong, and Gu, Dawu

Subjects
Computer Science - Software Engineering
Abstract

Binary code clone analysis is an important technique which has a wide range of applications in software engineering (e.g., plagiarism detection, bug detection). The main challenge of the topic lies in the semantics-equivalent code transformation (e.g., optimization, obfuscation) which would alter representations of binary code tremendously. Another chal- lenge is the trade-off between detection accuracy and coverage. Unfortunately, existing techniques still rely on semantics-less code features which are susceptible to the code transformation. Besides, they adopt merely either a static or a dynamic approach to detect binary code clones, which cannot achieve high accuracy and coverage simultaneously. In this paper, we propose a semantics-based hybrid approach to detect binary clone functions. We execute a template binary function with its test cases, and emulate the execution of every target function for clone comparison with the runtime information migrated from that template function. The semantic signatures are extracted during the execution of the template function and emulation of the target function. Lastly, a similarity score is calculated from their signatures to measure their likeness. We implement the approach in a prototype system designated as BinMatch which analyzes IA-32 binary code on the Linux platform. We evaluate BinMatch with eight real-world projects compiled with different compilation configurations and commonly-used obfuscation methods, totally performing over 100 million pairs of function comparison. The experimental results show that BinMatch is robust to the semantics-equivalent code transformation. Besides, it not only covers all target functions for clone analysis, but also improves the detection accuracy comparing to the state-of-the-art solutions.

Published
2018

31. Privacy-Preserving Authenticated Key Exchange in the Standard Model

Author

Lyu, You, Liu, Shengli, Han, Shuai, Gu, Dawu, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Agrawal, Shweta, editor, and Lin, Dongdai, editor

Published
2022
Full Text
View/download PDF

32. A Universally Composable Non-interactive Aggregate Cash System

Author

Jia, Yanxue, Sun, Shi-Feng, Zhou, Hong-Sheng, Gu, Dawu, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Agrawal, Shweta, editor, and Lin, Dongdai, editor

Published
2022
Full Text
View/download PDF

33. Further Cryptanalysis of a Type of RSA Variants

Author

Shi, Gongyu, Wang, Geng, Gu, Dawu, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Susilo, Willy, editor, Chen, Xiaofeng, editor, Guo, Fuchun, editor, Zhang, Yudi, editor, and Intan, Rolly, editor

Published
2022
Full Text
View/download PDF

34. DeChain: A Blockchain Framework Enhancing Decentralization via Sharding

Author

Chen, Shenwei, Liu, Zhen, Long, Yu, Gu, Dawu, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Nguyen, Khoa, editor, Yang, Guomin, editor, Guo, Fuchun, editor, and Susilo, Willy, editor

Published
2022
Full Text
View/download PDF

35. UCC: Universal and Committee-based Cross-chain Framework

Author

Zhang, Yi, Ge, Zhonghui, Long, Yu, Gu, Dawu, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Su, Chunhua, editor, Gritzalis, Dimitris, editor, and Piuri, Vincenzo, editor

Published
2022
Full Text
View/download PDF

36. More Efficient Verifiable Functional Encryption

Author

Wang, Geng, Wan, Ming, Gu, Dawu, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Ge, Chunpeng, editor, and Guo, Fuchun, editor

Published
2022
Full Text
View/download PDF

37. MixCT: Mixing Confidential Transactions from Homomorphic Commitment

Author

Du, Jiajun, Ge, Zhonghui, Long, Yu, Liu, Zhen, Sun, Shifeng, Xu, Xian, Gu, Dawu, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Atluri, Vijayalakshmi, editor, Di Pietro, Roberto, editor, Jensen, Christian D., editor, and Meng, Weizhi, editor

Published
2022
Full Text
View/download PDF

38. Fuzzy Authenticated Key Exchange with Tight Security

Author

Jiang, Mingming, Liu, Shengli, Han, Shuai, Gu, Dawu, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Atluri, Vijayalakshmi, editor, Di Pietro, Roberto, editor, Jensen, Christian D., editor, and Meng, Weizhi, editor

Published
2022
Full Text
View/download PDF

42. Re-Check Your Certificates! Experiences and Lessons Learnt from Real-World HTTPS Certificate Deployments

Author

Wang, Wenya, Li, Yakang, Wang, Chao, Yan, Yuan, Li, Juanru, Gu, Dawu, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Yang, Min, editor, Chen, Chao, editor, and Liu, Yang, editor

Published
2021
Full Text
View/download PDF

43. Key Encapsulation Mechanism with Tight Enhanced Security in the Multi-user Setting: Impossibility Result and Optimal Tightness

Author

Han, Shuai, Liu, Shengli, Gu, Dawu, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Tibouchi, Mehdi, editor, and Wang, Huaxiong, editor

Published
2021
Full Text
View/download PDF

44. Fully Secure Lattice-Based ABE from Noisy Linear Functional Encryption

Author

Wang, Geng, Wan, Ming, Liu, Zhen, Gu, Dawu, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, and Yu, Yu, editor

Published
2021
Full Text
View/download PDF

45. Authentication System Based on Fuzzy Extractors

Author

Jiang, Mingming, Liu, Shengli, Han, Shuai, Gu, Dawu, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Liu, Zhe, editor, Wu, Fan, editor, and Das, Sajal K., editor

Published
2021
Full Text
View/download PDF

46. Revisiting the Security of DbHtS MACs: Beyond-Birthday-Bound in the Multi-user Setting

Author

Shen, Yaobin, Wang, Lei, Gu, Dawu, Weng, Jian, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Malkin, Tal, editor, and Peikert, Chris, editor

Published
2021
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results