2. 26-Nov-17
UCL Crypto Group
Gathering people
• 2 full-time professors
• 9 post-docs
• 9 PhD students
with various backgrounds
• Microelectronics
• Computer science
• (Applied) mathematics
on cryptography and security-related research activities
3. 36-Nov-17
Electronic voting
Privacy-preserving protocols
Formal analysis of security protocols
Secure multiparty computation
Computer and network security
Zero-knowledge identification schemes
Block ciphers design and analysis
Public key cryptosystems design and analysis
Low power & low cost asymmetric crypto design
Embedded implementations (FPGA, smart card…)
Physically unclonable functions (PUFs)
Side-channel attacks & countermeasures
Protocol
(design,formal
verification,…)
Implementation
(efficiency,security
aspects,…)
Research fields
4. 46-Nov-17
Embedded devices
• Cheap, low-power computing devices
• Capable of performing crypto operations
• Thus containing keys
Attack targets
And in the hands of the bad guy
• Cost is critical
• Customer is not willing to pay for security
• Moore’s law in the embedded world:
Devices do not become more powerful, they just get cheaper
5. 56-Nov-17
3
≈+
Side-channel attacks [K96], [KJJ99], [QS01,GMO01]
• Measuring physical effects (timing, power, EM,…) can reveal information
• Attacks can be devastating
• e.g. Keeloq, COMP128, …
Taken very seriously by the smart card industry
Huge investment in countermeasures, security evaluation…
7. 76-Nov-17
Problems with evaluation-certification
• This process is a hide and seek game
• Try known attacks… if they fail, device is deemed secure
• But the list of potential attacks is only increasing
• What is the safety margin?
• How can we claim ~2100 security?
• How can evaluations be compared to each other?
• Building resistant devices is highly specialized work
• The smart card industry has high-level experts
• But how about all other emerging sensitive areas (IoT…)?
8. 86-Nov-17
REASSURE
• A H2020 applied research project
• Started in Jan. 2017
• Ending in Dec. 2019
• Funding: € 4 165 726
• Goal:
Improve the efficiency and robustness
of side-channel resilience
10. 106-Nov-17
REASSURE objectives
• Improve efficiency and quality of evaluation
• Develop a structured detect-map-exploit approach
• Improve comparability of evaluations
• Automate leakage assessment practice
• Develop tools and practices allowing resistance
assessment
• Without direct access to a testing lab
• With only “basic” training in side-channel security
• Deliver tools to stakeholders (data sets, simulator)
• Push results towards standards