Upcoming Seminar: Yuval Yarom

  • Monday, May 25 at 2pm in AK 218:

    Last-level cache side-channel attacks are practical
    Presenter: Yuval Yarom (University of Adelaide)

    Abstract:
    System virtualisation increases hardware utilisation by sharing the hardware resources between several virtual machines. While these virtual machines are supposed to be isolated from each other, the shared use of the hardware creates side channels which allow malicious virtual machines to collect information about other virtual machines. Previous research has demonstrated techniques for exploiting side channel to steal sensitive information, such as cryptographic keys,. To mitigate against these attacks, virtualisation providers recommend not to share memory between non-trusting virtual machines and to avoid executing non-trusting virtual machines on the same execution core.
    In this talk we present a new technique for implementing a side-channel attack that bypasses both these countermeasures. The attack relies on access to the last-level cache which is shared between all the processor cores. Using the technique, a malicious virtual machine can steal the cryptographic keys from a recent version of GnuPG by observing the side channel over a period of a few minutes.
    The talk is based on a joint work with Fangfei Liu, Qian Ge, Gernot Heiser and Ruby Lee.

  • Applied Cryptology Seminar
    The seminar features presentations of hot topics within the
    interdisciplinary field of cyber-security.

    All are welcome!

    For current information on the seminar, please visit:
    http://ecewp.ece.wpi.edu/wordpress/vernam/seminars/

    Upcoming Seminar: Christof Paar

  • Wednesday, April 29 at 11 am in AK 218:

    How to build Trojans
    Presenter: Christof Paar (Ruhr-Universität Bochum & UMASS Amherst)

    Abstract:
    Countless systems ranging from consumer electronics to military equipment are dependent on integrated circuits (ICs). A surprisingly large number of such systems are already security critical, e.g., medical devices, automotive electronics, or SCASA systems. If the underlying ICs in such applications are maliciously manipulated through
    hardware Trojans, the security of the entire system can be compromised. In recent years, hardware Trojans have drawn the attention of governments and the scientific community. Initially, the primary attacker model of concern had been a malicious foundry that could alter the design, i.e., introduce hardware Trojans which could interfere with the (security-sensitive) functionality of a chip. Many other attacker models exist too. For instance, the legitimate owner of an IC, e.g., a consumer electronic company abroad, might be in cohort with a foreign intelligence agency and could decide to alter its products in a way that compromises its security. Even though hardware Trojans have drawn considerable attention by the scientific community, little is known about how they might look, especially those that are particularly designed to avoid detection. In this talk we introduce two recent research projects which deal with the Trojan insertion in two different types of hardware platforms, ASICs and FPGAs. Joint work with Georg Becker, Wayne Burleson, Marc Fybriak, Philipp Koppe, Franceso Regazzoni and Pawel Swierczynski.

    Bio:
    Christof Paar started his career at WPI, where he taught from 1995 to 2001. Since then he has the Chair for Embedded Security at the University of Bochum, Germany, and is affilated professor at the University of Massachusetts Amherst. He co-founded, with Cetin Koc, the CHES (Cryptographic Hardware and Embedded Systems) conference. Christof’s research interests include highly efficient software and hardware realizations of cryptography, physical security, penetration of real-world systems, trusted systems and cryptanalytical hardware. He also works on real-world applications of embedded security, e.g., in cars, consumer devices, smart cards and RFID.

    Christof has over 150 peer-reviewed publications and is co-author of the textbook Understanding Cryptography (Springer, 2009). He has given invited talks at MIT, Yale, Stanford University, IBM Labs and Intel. He has taught cryptography extensively in industry, including courses at General Dynamics, NASA, Motorola Research, and Philips Research. Christof is Fellow of the IEEE. He co-founded ESCRYPT Inc. – Embedded Security, a leading system provider in industrial security which was acquired by Bosch.

  • Applied Cryptology Seminar
    The seminar features presentations of hot topics within the
    interdisciplinary field of cyber-security.

    All are welcome!

    For current information on the seminar, please visit:
    http://ecewp.ece.wpi.edu/wordpress/vernam/seminars/

    Upcoming Seminar: Dan Walters

  • Thursday, March 5 at 3pm in AK 233:

    SLEAK: A Side-channel Leakage Evaluator and Analysis Kit
    Presenter: Dan Walters (MITRE)

    Abstract:
    Side-channel attacks (SCA) present a major threat to secure embedded systems. Effective software countermeasures against SCA are well known in theory, but in practice are difficult to implement properly due to issues such as unexpected compiler transformations and/or platform-specific leakage sources. Although several recent examples from industry and academia show that SCA is becoming increasingly simple and inexpensive to perform as an attacker, evaluating the security of a system against SCA can still be expensive and time-consuming. Furthermore, most evaluation techniques must be performed near the end of the development schedule which adds significant risk.
    In this talk, a new technique for testing software for SCA vulnerabilities in a fast, inexpensive, and automated manner is presented. This testing could be applied to evaluate software-based SCA countermeasures even without access to source code, as may be the case with proprietary software libraries that are delivered pre-built, and without the use of side-channel collection equipment. The presented implementation of the SLEAK tool demonstrates the efficacy of this technique by detecting vulnerabilities in an AES implementation that utilizes a masking countermeasure. The advantages and limitations of our technique will be discussed, showing that it can be used to detect and understand the sources of many common SCA vulnerabilities early in the development schedule.

    Bio:
    Dan Walters is a Lead Digital/Micro HW Engineer at MITRE in Electronic Systems Development. Dan has worked in the area of embedded systems and security since arriving at MITRE in 2006. He helped to develop MITRE’s Secure Electronics Lab, which has advanced capabilities for researching implementation security issues such as side-channel leakage, fault induction, and trusted hardware. He is currently the principle investigator on a research project for developing tools to evaluate cryptographic software against implementation attacks.

  • Applied Cryptology Seminar
    The seminar features presentations of hot topics within the
    interdisciplinary field of cyber-security.

    All are welcome!

    For current information on the seminar, please visit:
    http://ecewp.ece.wpi.edu/wordpress/vernam/seminars/

    Upcoming Seminar: Daniel Holcomb

    Thursday, February 26 at 3pm in AK 233:

    SRAM-based Physical Unclonable Functions
    Presenter: Daniel Holcomb (UMass Amherst)

    Abstract:
    This talk presents our research into SRAM-based Physical Unclonable Functions (PUFs). PUFs are circuits that use the inherent process variations of each chip to generate unique identifiers or secret keys. SRAM circuits are well-suited for use in PUFs because SRAM cells are small in area and have a differential structure that is insensitive to common mode noise. The talk will include three distinct approaches to SRAM PUFs: (1) the use of SRAM power-up state as an identifier, (2) the use of minimum data-retention voltages as an identifier, and (3) circuit modifications that enable native challenge-response operation from SRAM. These three approaches are published in IEEE Transactions on Computers 2009, RFIDSec 2012, and CHES 2014, respectively.

    Bio:
    Daniel Holcomb is an Assistant Professor of ECE at UMass Amherst. He received B.S and M.S. degrees in ECE from UMass Amherst, and a Ph.D. in EECS from UC Berkeley in 2013; his dissertation topic was formal verification of network-on-chip QoS properties using scalable model checking. In 2014 he was a research fellow at the University of Michigan working with Kevin Fu. His research focuses on methodologies for building secure, reliable, and efficient embedded systems.

    Applied Cryptology Seminar
    The seminar features presentations of hot topics within the
    interdisciplinary field of cyber-security.

    All are welcome!

    For current information on the seminar, please visit:
    http://ecewp.ece.wpi.edu/wordpress/vernam/seminars/

    Upcoming Seminar: Sandip Kundu

    Thursday, February 12 at 3pm in AK 233:

    Improving Uniqueness and Modeling Attack Resistance of Strong PUFs
    Presenter: Sandip Kundu (UMass Amherst)

    Abstract:

    Hardware authentication is fundamentally concerned with establishing the authenticity of smart tags or system components including the provenance of ICs throughout its lifecycle. Physically Unclonable Functions (PUFs) are promising for low-cost authentication since they are based on inherent random physical disorder that cannot be cloned – even by their manufacturer. In principle, a set of challenge-response pairs unique to a PUF characterizes its behavior that makes low-cost unique identification possible. Strong PUFs are a subclass of PUFs that possess an extremely large input-output space, potentially denying an adversary the ability to mount a cloning attack. Despite its promise, Strong PUFs currently do not live up to the expectations due to low uniqueness that arise from correlation in manufacturing process variations, ability of an attacker to model the behavior of a PUF from observing a limited set of challenge-response pairs, ability of multiple agents from manufacturer, distributor to system integrator to mine the CRP data at various points in the supply chain and unreliability of PUF responses over its range of operating conditions and over its lifetime.

    In this talk we will describe a solution to the low PUF uniqueness based on actual PUF testing, where non-unique parts will be identified and be subjected to ex post-facto recovery by repair, similar to memory repair techniques. The testing problem is complicated by the fact that a PUF response must be compared against all previous unique PUF responses without increasing test time or cost. We propose multi-index hashing to speed-up this process and show practicality of the solution. We address the modeling attack problem by a novel non-linear circuit design solution that simultaneously improves modeling attack resistance, reliability and uniqueness.

    Bio:
    Sandip Kundu is a Professor at the University of Massachusetts at Amherst. Prior to joining academia, he spent 17 years in industry: first as a Research Staff Member at IBM Research Division and then at Intel Corporation as a Principal Engineer. He has published over 200 research papers in VLSI Design and Test and holds several key patents including ultra-drowsy sleep mode in processors, and has given more than a dozen tutorials at various conferences.

    Applied Cryptology Seminar
    The seminar features presentations of hot topics within the
    interdisciplinary field of cyber-security.

    All are welcome!

    For current information on the seminar, please visit:
    http://ecewp.ece.wpi.edu/wordpress/vernam/seminars/

    Upcoming Seminar: Mostafa Taha

    Thursday, July 3 at 11am in AK 218:

    Advances in the Side-Channel Analysis of Symmetric Cryptography
    Presenter: Mostafa Taha (Worcester Polytechnic Institute)

    Abstract:
    Practical countermeasures against Side-Channel Attacks (Hiding and Masking) typically require at least doubling the implementation area or the computation time. Yet, they do not provide perfect protection. They only make it harder for an adversary to recover the secret key. On the other hand, Leakage Resiliency can provide provable security against SCA by designing new primitives with inherent resiliency against information leak. However, Leakage Resiliency comes with excessive implementation overhead that makes it unacceptable for embedded devices.

    In this talk we highlight a generic framework for lightweight and efficient leakage resiliency through key-updating. Then, we propose two complete solutions that are compatible with any AES mode of operation. One solution uses a dedicated circuit for key-updating, while the other uses the underlying AES block cipher itself. Also, we address the problem of designing a single core for all the applications of hashing functions: unkeyed applications e.g. regular hashing and keyed applications e.g. generating MACs. We observed that, running unkeyed application on an SCA-protected core will involve a huge loss of resources (3 to 4x). Hence, we propose a novel SCA-protected core for hashing following the concepts of Leakage Resiliency. Our core has no overhead in unkeyed applications, and negligible overhead in keyed ones.

    Bio:
    Mostafa Taha is a Post Doctoral Fellow in the Vernam Group of WPI. He received his Ph.D. degree from the Secure Embedded Systems Lab at Virginia Polytechnic Institute and State University, better known as Virginia Tech. His research focus on implementation attacks and side-channel analysis.

    Applied Cryptology Seminar
    The seminar features presentations of hot topics within the
    interdisciplinary field of cyber-security.

    All are welcome!

    For current information on the seminar, please visit:

    http://ecewp.ece.wpi.edu/wordpress/vernam/seminars/

    Upcoming Seminar: Murat Kantarcioglu

    Friday, April 30 at 11am in AK 108:

    Access Pattern Disclosure Attacks against Searchable Encryption Schemes
    Presenter: Murat Kantarcioglu (University of Texas at Dallas)

    Abstract:
    With the advent of cloud computing, outsourcing data to cloud providers is becoming more popular due to the lower cost and increased flexibility. At the same time, concerns related to security of the outsourced data are increasing. To address these concerns, various protocols have been proposed in the literature to outsource data in an encrypted format and execute queries over encrypted data. Oblivious RAM protocols allow access to remote encrypted data without revealing access pattern even to the remote server. Unfortunately, even the most efficient Oblivious RAM protocol is too expensive to be used in most practical applications. Alternatively, a lot of efficient protocols have been proposed in the literature that allow query execution over encrypted data. There are practical Searchable Symmetric Encryption (SSE) techniques that allow keyword search over remote encrypted data. Database-As-a-Service (DAS), on the other hand, allows SQL queries to be executed over remote encrypted data. All these efficient techniques purposefully reveal data access pattern to an adversary for the sake of efficiency.

    Bio:
    Dr. Murat Kantarcioglu is an Associate Professor in the Computer Science Department and Director of the UTD Data Security and Privacy Lab at the University of Texas at Dallas. He holds a B.S. in Computer Engineering from Middle East Technical University, and M.S. and Ph.D degrees in Computer Science from Purdue University. He is a recipient of NSF CAREER award and Purdue CERIAS Diamond Award for Academic excellence. Currently, he is a visiting scholar at Harvard Data Privacy Lab.
    Dr. Kantarcioglu’s research focuses on creating technologies that can efficiently extract useful information from any data without sacrificing privacy or security. His research has been supported by grants from NSF, AFOSR, ONR, NSA, and NIH. He has published over 100 peer reviewed papers.
    Some of his research work has been covered by the media outlets such as Boston Globe, ABC News etc. and has received two best paper awards.

    Applied Cryptology Seminar
    The seminar features presentations of hot topics within the
    interdisciplinary field of cyber-security.
    All are welcome!
    For current information on the seminar, please visit:

    http://ecewp.ece.wpi.edu/wordpress/vernam/seminars/

    Upcoming Seminar: Adam Ding

    On Friday, April 18 at 12noon in SL 104:

    Algorithmic Confusion Analysis of Higher Order DPA against Masking Protected Devices
    Presenter: Adam Ding (Northeastern University)

    Abstract:
    Masking the internal operations with random numbers is a popular countermeasure to protect cryptographic systems against differential power analysis (DPA). Higher order DPA can be used to break the masking protection. We apply the algorithmic confusion analysis (Fei et al. 2012 CHES) on higher order DPA. We derive an analytic success rate formula that explicitly shows the effect of the algorithmic properties, the implementation singal-noise-ratio, and masking. We also formally prove that, in the very noisy scenarios, the centered product combination function is optimal for the higher-order attacks.

    Bio:
    Adam Ding is an associate professor in the Mathematics Department of Northeastern University. He received his Ph.D. degree from Cornell University. His research focus on statistical methodology and applications in biostatistics, engineering and finance. He had hold summer visiting faculty positions in the Biostatistics Departments of Harvard University and University of Rochester. Recently, he is building statistical models for evaluating side-channel-attacks against cryptosystems.

    Applied Cryptology Seminar
    The seminar features presentations of hot topics within the
    interdisciplinary field of cyber-security.

    All are welcome!

    For current information on the seminar, please visit:

    http://ecewp.ece.wpi.edu/wordpress/vernam/seminars/

    Sub-Transistor Level Hardware Trojans

    On Wednesday, April 16 at 11 am in AK 219:

    Sub-Transistor Level Hardware Trojans

    Presenter: Christof Paar (Ruhr-Universität Bochum & UMASS Amherst)

    Abstract:
    Countless systems ranging from consumer electronics to military equipment are dependent on integrated circuits (ICs). A surprisingly large number of such systems are already security critical, e.g., medical devices, automotive electronics, or SCASA systems. If the underlying ICs in such applications are maliciously manipulated through hardware Trojans, the security of the entire system can be compromised. In recent years, hardware Trojans have drawn the attention of governments and industry as well as the scientific community. Initially, the primary attacker model of concern had been that a malicious foundry could alter the design, i.e., introduce hardware Trojans that could interfere with the (security-sensitive) functionality of a chip. Many other attacker models exist too. For instance, the legitimate owner of an IC, e.g., a consumer electronic company abroad, might be in cohort with a foreign intelligence agency and could decide to alter its products in a way that compromises its security. Even though hardware Trojans have drawn considerable attention by the scientific community, little is known about how Trojans might look, especially those that are particularly designed to avoid detection.

    In this talk we propose an extremely stealthy approach for realizing hardware Trojans below the gate level, and we evaluate their impact on the security of the target device. Instead of adding additional circuitry to the target design, we insert our hardware Trojans by changing the dopant polarity of existing transistors. Since the modified circuit appears legitimate on all wiring layers (including all metal and polysilicon), our family of Trojans is resistant to many detection techniques, including fine-grain optical inspection and checking against “golden chips”. We demonstrate the effectiveness of our approach by inserting Trojans into the digital post-processing used in Intel’s cryptographically secure random number generator used in the Ivy Bridge processors.

    Bio:
    Christof Paar started his career at WPI, where he taught from 1995 to 2001. Since then he has the Chair for Embedded Security at the University of Bochum, Germany, and is affilated professor at the University of Massachusetts Amherst. He co-founded, with Cetin Koc, the CHES (Cryptographic Hardware and Embedded Systems) conference. Christof’s research interests include highly efficient software and hardware realizations of cryptography, physical security, penetration of real-world systems, trusted systems and cryptanalytical hardware. He also works on real-world applications of embedded security, e.g., in cars, consumer devices, smart cards and RFID.

    Christof has over 150 peer-reviewed publications and is co-author of the textbook Understanding Cryptography (Springer, 2009). He has given invited talks at MIT, Yale, Stanford University, IBM Labs and Intel. He has taught cryptography extensively in industry, including courses at General Dynamics, NASA, Motorola Research, and Philips Research. Christof is Fellow of the IEEE. He co-founded ESCRYPT Inc. – Embedded Security, a leading system provider in industrial security which was acquired by Bosch.

    Applied Cryptology Seminar
    The seminar features presentations of hot topics within the
    interdisciplinary field of cyber-security.

    All are welcome!

    For current information on the seminar, please visit:

    http://ecewp.ece.wpi.edu/wordpress/vernam/seminars/