Upcoming Seminar: Yossef Oren

  • Monday, July 20 at 11am in AK 218:

    The Spy in the Sandbox: Practical Cache Attacks in Javascript and their Implications
    Presenter: Yossef Oren (Columbia University)

    Abstract:
    Side channel analysis is a remarkably powerful cryptanalytic technique. It allows attackers to extract secret information hidden inside a secure device, by analyzing the physical signals (e.g., power, heat) that the device emits as it performs a secure computation. While the potency of side-channel attacks is established without question, their application to practical settings is debatable. The main limiting factor to the practicality of side-channel attacks is the problematic attack model they assume; with the exception of network-based timing attacks, most side-channel attacks require the attacker be in “close proximity” to the victim.

    In this work, we challenge this limiting assumption by presenting a successful side-channel attack that assumes a far more relaxed and practical attacker model. In our model, the victim merely has to *access a website* owned by the attacker using his personal computer. Despite this minimal model, we show how the attacker can still launch a side-channel attack in a practical time frame and extract meaningful information from the system under attack. Defending against this attack is possible, but the required countermeasures can exact an impractical cost on benign uses of the browser.

    Joint work with Vasileios P. Kemerlis, Angelos D. Keromytis and Simha Sethumadhavan.

  • Applied Cryptology Seminar
    The seminar features presentations of hot topics within the
    interdisciplinary field of cyber-security.

    All are welcome!

    For current information on the seminar, please visit:
    http://ecewp.ece.wpi.edu/wordpress/vernam/seminars/

    Upcoming Seminar: Jens-Peter Kaps

  • Thursday, July 2 at 3pm in AK 218:

    Comparison of Multi-Purpose Cores of Keccak and AES on FPGAs
    Presenter: Jens-Peter Kaps (George Mason University)

    Abstract:
    Most widely used security protocols, such as Internet Protocol Security (IPSec), Secure Socket Layer (SSL), and Transport Layer Security (TLS), provide several cryptographic services, which include authentication, confidentiality, integrity, and non-repudiation, which in turn require multiple dedicated cryptographic algorithms. A single cryptographic primitive for all secret key functions
    utilizing different mode of operations can overcome this constraint. This presentation investigates the possibility of using AES and the Keccak f-function as the underlying primitives for high-speed and resource constrained applications. The new secure hash standard SHA-3 and two candidates of the cryptographic Competition for Authenticated Encryption: Security, Applicability, and Robustness
    (CAESAR) namely Ketja and Keyak are built around the Keccak f-function. We are presenting two hardware implementations of each, a multi-purpose Keccak core and a multi-purpose Advanced Encryption Standard (AES) core, one targeting high-speed, the other low-area, which can provide Authenticated Encryption (AE), Message Authentication Code (MAC), generate pseudo-random numbers, and produce the hash of a message.

    The surprising result is that, even though a plain AES implementation is typically much smaller and has a better throughput to area ratio than a plain Keccak implementation, adding additional cryptographic services changes the results dramatically. Our multi-purpose Keccak outperforms our multi-purpose AES by a factor of 4 for throughput over area on average. This underlines the flexibility of the Keccak Sponge and Duplex functions. Our multi-purpose Keccak achieves a throughput of 23.2Gbps in AE-mode (Keyak) on a Xilinx Virtex-7 and 28.7Gbps on a Altera Stratix-IV.
    In order to study this further we also implemented two versions of a dedicated Keyak and dedicated AES-GCM. Our dedicated Keyak implementation outperforms our dedicated AES-GCM on average by a factor 6 in terms of throughput over area reaching a throughput of 28.9Gbps and 4.,Gbps respectively on a Xilinx Virtex-7.

  • Applied Cryptology Seminar
    The seminar features presentations of hot topics within the
    interdisciplinary field of cyber-security.

    All are welcome!

    For current information on the seminar, please visit:
    http://ecewp.ece.wpi.edu/wordpress/vernam/seminars/

    Upcoming Seminar: Yuval Yarom

  • Monday, May 25 at 2pm in AK 218:

    Last-level cache side-channel attacks are practical
    Presenter: Yuval Yarom (University of Adelaide)

    Abstract:
    System virtualisation increases hardware utilisation by sharing the hardware resources between several virtual machines. While these virtual machines are supposed to be isolated from each other, the shared use of the hardware creates side channels which allow malicious virtual machines to collect information about other virtual machines. Previous research has demonstrated techniques for exploiting side channel to steal sensitive information, such as cryptographic keys,. To mitigate against these attacks, virtualisation providers recommend not to share memory between non-trusting virtual machines and to avoid executing non-trusting virtual machines on the same execution core.
    In this talk we present a new technique for implementing a side-channel attack that bypasses both these countermeasures. The attack relies on access to the last-level cache which is shared between all the processor cores. Using the technique, a malicious virtual machine can steal the cryptographic keys from a recent version of GnuPG by observing the side channel over a period of a few minutes.
    The talk is based on a joint work with Fangfei Liu, Qian Ge, Gernot Heiser and Ruby Lee.

  • Applied Cryptology Seminar
    The seminar features presentations of hot topics within the
    interdisciplinary field of cyber-security.

    All are welcome!

    For current information on the seminar, please visit:
    http://ecewp.ece.wpi.edu/wordpress/vernam/seminars/

    Upcoming Seminar: Christof Paar

  • Wednesday, April 29 at 11 am in AK 218:

    How to build Trojans
    Presenter: Christof Paar (Ruhr-Universität Bochum & UMASS Amherst)

    Abstract:
    Countless systems ranging from consumer electronics to military equipment are dependent on integrated circuits (ICs). A surprisingly large number of such systems are already security critical, e.g., medical devices, automotive electronics, or SCASA systems. If the underlying ICs in such applications are maliciously manipulated through
    hardware Trojans, the security of the entire system can be compromised. In recent years, hardware Trojans have drawn the attention of governments and the scientific community. Initially, the primary attacker model of concern had been a malicious foundry that could alter the design, i.e., introduce hardware Trojans which could interfere with the (security-sensitive) functionality of a chip. Many other attacker models exist too. For instance, the legitimate owner of an IC, e.g., a consumer electronic company abroad, might be in cohort with a foreign intelligence agency and could decide to alter its products in a way that compromises its security. Even though hardware Trojans have drawn considerable attention by the scientific community, little is known about how they might look, especially those that are particularly designed to avoid detection. In this talk we introduce two recent research projects which deal with the Trojan insertion in two different types of hardware platforms, ASICs and FPGAs. Joint work with Georg Becker, Wayne Burleson, Marc Fybriak, Philipp Koppe, Franceso Regazzoni and Pawel Swierczynski.

    Bio:
    Christof Paar started his career at WPI, where he taught from 1995 to 2001. Since then he has the Chair for Embedded Security at the University of Bochum, Germany, and is affilated professor at the University of Massachusetts Amherst. He co-founded, with Cetin Koc, the CHES (Cryptographic Hardware and Embedded Systems) conference. Christof’s research interests include highly efficient software and hardware realizations of cryptography, physical security, penetration of real-world systems, trusted systems and cryptanalytical hardware. He also works on real-world applications of embedded security, e.g., in cars, consumer devices, smart cards and RFID.

    Christof has over 150 peer-reviewed publications and is co-author of the textbook Understanding Cryptography (Springer, 2009). He has given invited talks at MIT, Yale, Stanford University, IBM Labs and Intel. He has taught cryptography extensively in industry, including courses at General Dynamics, NASA, Motorola Research, and Philips Research. Christof is Fellow of the IEEE. He co-founded ESCRYPT Inc. – Embedded Security, a leading system provider in industrial security which was acquired by Bosch.

  • Applied Cryptology Seminar
    The seminar features presentations of hot topics within the
    interdisciplinary field of cyber-security.

    All are welcome!

    For current information on the seminar, please visit:
    http://ecewp.ece.wpi.edu/wordpress/vernam/seminars/

    Upcoming Seminar: Dan Walters

  • Thursday, March 5 at 3pm in AK 233:

    SLEAK: A Side-channel Leakage Evaluator and Analysis Kit
    Presenter: Dan Walters (MITRE)

    Abstract:
    Side-channel attacks (SCA) present a major threat to secure embedded systems. Effective software countermeasures against SCA are well known in theory, but in practice are difficult to implement properly due to issues such as unexpected compiler transformations and/or platform-specific leakage sources. Although several recent examples from industry and academia show that SCA is becoming increasingly simple and inexpensive to perform as an attacker, evaluating the security of a system against SCA can still be expensive and time-consuming. Furthermore, most evaluation techniques must be performed near the end of the development schedule which adds significant risk.
    In this talk, a new technique for testing software for SCA vulnerabilities in a fast, inexpensive, and automated manner is presented. This testing could be applied to evaluate software-based SCA countermeasures even without access to source code, as may be the case with proprietary software libraries that are delivered pre-built, and without the use of side-channel collection equipment. The presented implementation of the SLEAK tool demonstrates the efficacy of this technique by detecting vulnerabilities in an AES implementation that utilizes a masking countermeasure. The advantages and limitations of our technique will be discussed, showing that it can be used to detect and understand the sources of many common SCA vulnerabilities early in the development schedule.

    Bio:
    Dan Walters is a Lead Digital/Micro HW Engineer at MITRE in Electronic Systems Development. Dan has worked in the area of embedded systems and security since arriving at MITRE in 2006. He helped to develop MITRE’s Secure Electronics Lab, which has advanced capabilities for researching implementation security issues such as side-channel leakage, fault induction, and trusted hardware. He is currently the principle investigator on a research project for developing tools to evaluate cryptographic software against implementation attacks.

  • Applied Cryptology Seminar
    The seminar features presentations of hot topics within the
    interdisciplinary field of cyber-security.

    All are welcome!

    For current information on the seminar, please visit:
    http://ecewp.ece.wpi.edu/wordpress/vernam/seminars/

    Upcoming Seminar: Daniel Holcomb

    Thursday, February 26 at 3pm in AK 233:

    SRAM-based Physical Unclonable Functions
    Presenter: Daniel Holcomb (UMass Amherst)

    Abstract:
    This talk presents our research into SRAM-based Physical Unclonable Functions (PUFs). PUFs are circuits that use the inherent process variations of each chip to generate unique identifiers or secret keys. SRAM circuits are well-suited for use in PUFs because SRAM cells are small in area and have a differential structure that is insensitive to common mode noise. The talk will include three distinct approaches to SRAM PUFs: (1) the use of SRAM power-up state as an identifier, (2) the use of minimum data-retention voltages as an identifier, and (3) circuit modifications that enable native challenge-response operation from SRAM. These three approaches are published in IEEE Transactions on Computers 2009, RFIDSec 2012, and CHES 2014, respectively.

    Bio:
    Daniel Holcomb is an Assistant Professor of ECE at UMass Amherst. He received B.S and M.S. degrees in ECE from UMass Amherst, and a Ph.D. in EECS from UC Berkeley in 2013; his dissertation topic was formal verification of network-on-chip QoS properties using scalable model checking. In 2014 he was a research fellow at the University of Michigan working with Kevin Fu. His research focuses on methodologies for building secure, reliable, and efficient embedded systems.

    Applied Cryptology Seminar
    The seminar features presentations of hot topics within the
    interdisciplinary field of cyber-security.

    All are welcome!

    For current information on the seminar, please visit:
    http://ecewp.ece.wpi.edu/wordpress/vernam/seminars/

    Upcoming Seminar: Sandip Kundu

    Thursday, February 12 at 3pm in AK 233:

    Improving Uniqueness and Modeling Attack Resistance of Strong PUFs
    Presenter: Sandip Kundu (UMass Amherst)

    Abstract:

    Hardware authentication is fundamentally concerned with establishing the authenticity of smart tags or system components including the provenance of ICs throughout its lifecycle. Physically Unclonable Functions (PUFs) are promising for low-cost authentication since they are based on inherent random physical disorder that cannot be cloned – even by their manufacturer. In principle, a set of challenge-response pairs unique to a PUF characterizes its behavior that makes low-cost unique identification possible. Strong PUFs are a subclass of PUFs that possess an extremely large input-output space, potentially denying an adversary the ability to mount a cloning attack. Despite its promise, Strong PUFs currently do not live up to the expectations due to low uniqueness that arise from correlation in manufacturing process variations, ability of an attacker to model the behavior of a PUF from observing a limited set of challenge-response pairs, ability of multiple agents from manufacturer, distributor to system integrator to mine the CRP data at various points in the supply chain and unreliability of PUF responses over its range of operating conditions and over its lifetime.

    In this talk we will describe a solution to the low PUF uniqueness based on actual PUF testing, where non-unique parts will be identified and be subjected to ex post-facto recovery by repair, similar to memory repair techniques. The testing problem is complicated by the fact that a PUF response must be compared against all previous unique PUF responses without increasing test time or cost. We propose multi-index hashing to speed-up this process and show practicality of the solution. We address the modeling attack problem by a novel non-linear circuit design solution that simultaneously improves modeling attack resistance, reliability and uniqueness.

    Bio:
    Sandip Kundu is a Professor at the University of Massachusetts at Amherst. Prior to joining academia, he spent 17 years in industry: first as a Research Staff Member at IBM Research Division and then at Intel Corporation as a Principal Engineer. He has published over 200 research papers in VLSI Design and Test and holds several key patents including ultra-drowsy sleep mode in processors, and has given more than a dozen tutorials at various conferences.

    Applied Cryptology Seminar
    The seminar features presentations of hot topics within the
    interdisciplinary field of cyber-security.

    All are welcome!

    For current information on the seminar, please visit:
    http://ecewp.ece.wpi.edu/wordpress/vernam/seminars/

    Upcoming Seminar: Mostafa Taha

    Thursday, July 3 at 11am in AK 218:

    Advances in the Side-Channel Analysis of Symmetric Cryptography
    Presenter: Mostafa Taha (Worcester Polytechnic Institute)

    Abstract:
    Practical countermeasures against Side-Channel Attacks (Hiding and Masking) typically require at least doubling the implementation area or the computation time. Yet, they do not provide perfect protection. They only make it harder for an adversary to recover the secret key. On the other hand, Leakage Resiliency can provide provable security against SCA by designing new primitives with inherent resiliency against information leak. However, Leakage Resiliency comes with excessive implementation overhead that makes it unacceptable for embedded devices.

    In this talk we highlight a generic framework for lightweight and efficient leakage resiliency through key-updating. Then, we propose two complete solutions that are compatible with any AES mode of operation. One solution uses a dedicated circuit for key-updating, while the other uses the underlying AES block cipher itself. Also, we address the problem of designing a single core for all the applications of hashing functions: unkeyed applications e.g. regular hashing and keyed applications e.g. generating MACs. We observed that, running unkeyed application on an SCA-protected core will involve a huge loss of resources (3 to 4x). Hence, we propose a novel SCA-protected core for hashing following the concepts of Leakage Resiliency. Our core has no overhead in unkeyed applications, and negligible overhead in keyed ones.

    Bio:
    Mostafa Taha is a Post Doctoral Fellow in the Vernam Group of WPI. He received his Ph.D. degree from the Secure Embedded Systems Lab at Virginia Polytechnic Institute and State University, better known as Virginia Tech. His research focus on implementation attacks and side-channel analysis.

    Applied Cryptology Seminar
    The seminar features presentations of hot topics within the
    interdisciplinary field of cyber-security.

    All are welcome!

    For current information on the seminar, please visit:

    http://ecewp.ece.wpi.edu/wordpress/vernam/seminars/

    Upcoming Seminar: Murat Kantarcioglu

    Friday, April 30 at 11am in AK 108:

    Access Pattern Disclosure Attacks against Searchable Encryption Schemes
    Presenter: Murat Kantarcioglu (University of Texas at Dallas)

    Abstract:
    With the advent of cloud computing, outsourcing data to cloud providers is becoming more popular due to the lower cost and increased flexibility. At the same time, concerns related to security of the outsourced data are increasing. To address these concerns, various protocols have been proposed in the literature to outsource data in an encrypted format and execute queries over encrypted data. Oblivious RAM protocols allow access to remote encrypted data without revealing access pattern even to the remote server. Unfortunately, even the most efficient Oblivious RAM protocol is too expensive to be used in most practical applications. Alternatively, a lot of efficient protocols have been proposed in the literature that allow query execution over encrypted data. There are practical Searchable Symmetric Encryption (SSE) techniques that allow keyword search over remote encrypted data. Database-As-a-Service (DAS), on the other hand, allows SQL queries to be executed over remote encrypted data. All these efficient techniques purposefully reveal data access pattern to an adversary for the sake of efficiency.

    Bio:
    Dr. Murat Kantarcioglu is an Associate Professor in the Computer Science Department and Director of the UTD Data Security and Privacy Lab at the University of Texas at Dallas. He holds a B.S. in Computer Engineering from Middle East Technical University, and M.S. and Ph.D degrees in Computer Science from Purdue University. He is a recipient of NSF CAREER award and Purdue CERIAS Diamond Award for Academic excellence. Currently, he is a visiting scholar at Harvard Data Privacy Lab.
    Dr. Kantarcioglu’s research focuses on creating technologies that can efficiently extract useful information from any data without sacrificing privacy or security. His research has been supported by grants from NSF, AFOSR, ONR, NSA, and NIH. He has published over 100 peer reviewed papers.
    Some of his research work has been covered by the media outlets such as Boston Globe, ABC News etc. and has received two best paper awards.

    Applied Cryptology Seminar
    The seminar features presentations of hot topics within the
    interdisciplinary field of cyber-security.
    All are welcome!
    For current information on the seminar, please visit:

    http://ecewp.ece.wpi.edu/wordpress/vernam/seminars/