REASSURE Robust and Efficient Approaches to Evaluating Side Channel and Fault Attack Resilience
•
1 j'aime•124 vues
Presentation by François Koeune, UCL Crypto Group
Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (6)
Similaire à REASSURE Robust and Efficient Approaches to Evaluating Side Channel and Fault Attack Resilience
Similaire à REASSURE Robust and Efficient Approaches to Evaluating Side Channel and Fault Attack Resilience (20)
Plus de Agence du Numérique (AdN)
Plus de Agence du Numérique (AdN) (20)
Dernier
Dernier (20)
REASSURE Robust and Efficient Approaches to Evaluating Side Channel and Fault Attack Resilience
- 1. 16-Nov-17 H2020 project 731591 http://www.reassure.eu/ REASSURE Robust and Efficient Approaches to Evaluating Side Channel and Fault Attack Resilience François Koeune UCL Crypto Group
- 2. 26-Nov-17 UCL Crypto Group Gathering people • 2 full-time professors • 9 post-docs • 9 PhD students with various backgrounds • Microelectronics • Computer science • (Applied) mathematics on cryptography and security-related research activities
- 3. 36-Nov-17 Electronic voting Privacy-preserving protocols Formal analysis of security protocols Secure multiparty computation Computer and network security Zero-knowledge identification schemes Block ciphers design and analysis Public key cryptosystems design and analysis Low power & low cost asymmetric crypto design Embedded implementations (FPGA, smart card…) Physically unclonable functions (PUFs) Side-channel attacks & countermeasures Protocol (design,formal verification,…) Implementation (efficiency,security aspects,…) Research fields
- 4. 46-Nov-17 Embedded devices • Cheap, low-power computing devices • Capable of performing crypto operations • Thus containing keys Attack targets And in the hands of the bad guy • Cost is critical • Customer is not willing to pay for security • Moore’s law in the embedded world: Devices do not become more powerful, they just get cheaper
- 5. 56-Nov-17 3 ≈+ Side-channel attacks [K96], [KJJ99], [QS01,GMO01] • Measuring physical effects (timing, power, EM,…) can reveal information • Attacks can be devastating • e.g. Keeloq, COMP128, … Taken very seriously by the smart card industry Huge investment in countermeasures, security evaluation…
- 7. 76-Nov-17 Problems with evaluation-certification • This process is a hide and seek game • Try known attacks… if they fail, device is deemed secure • But the list of potential attacks is only increasing • What is the safety margin? • How can we claim ~2100 security? • How can evaluations be compared to each other? • Building resistant devices is highly specialized work • The smart card industry has high-level experts • But how about all other emerging sensitive areas (IoT…)?
- 8. 86-Nov-17 REASSURE • A H2020 applied research project • Started in Jan. 2017 • Ending in Dec. 2019 • Funding: € 4 165 726 • Goal: Improve the efficiency and robustness of side-channel resilience
- 9. 96-Nov-17 REASSURE consortium Research institutions Manufacturers Certification body Evaluation lab
- 10. 106-Nov-17 REASSURE objectives • Improve efficiency and quality of evaluation • Develop a structured detect-map-exploit approach • Improve comparability of evaluations • Automate leakage assessment practice • Develop tools and practices allowing resistance assessment • Without direct access to a testing lab • With only “basic” training in side-channel security • Deliver tools to stakeholders (data sets, simulator) • Push results towards standards
- 11. 116-Nov-17 Questions ? • Visit www.reassure.eu • Or contact me: francois.koeune@uclouvain.be