Top

HECTOR

Press & News


Public Deliverables

Submitted and accepted in Period 1:

D2.1 "Report on Selected TRNG and PUF Principles"
This report represents the final version of Deliverable 2.1 of the HECTOR work package WP2. It is a result of discussions and work on Task 2.1 of all HECTOR partners involved in WP2. The aim of the Deliverable 2.1 is to select principles of random number generators (RNGs) and physical unclonable functions (PUFs) that fulfill strict technology, design and security criteria. For example, the selected RNGs must be suitable for implementation in logic devices according to the German AIS20/31 standard. Correspondingly, the selected PUFs must be suitable for applying similar security approach. A standard PUF evaluation approach does not exist, yet, but it should be proposed in the framework of the project. Selected RNGs and PUFs should be then thoroughly evaluated from the point of view of security and the most suitable principles should be implemented in logic devices, such as Field Programmable Logic Arrays (FPGAs) and Application Specific Integrated Circuits (ASICs) during the next phases of the project.

D5.1 "Internal and External IT Communication Infrastructure and Project Website"
This deliverable briefly describes the website and its functionality. Further, it describes the tools provided within the IT infrastructure to facilitate cooperation and coordination.

D5.2 "Data Management Plan (DMP)
The purpose of the DMP is to provide an analysis of the main elements of the data management policy that will be used by the applications with regard to all the datasets that will be generated by the project. The DMP should ensure that most important aspects regarding data management, like metadata generation, data preservation, and responsibilities, are identified in an early stage of the project. This ensures that data is well-managed during the project and also beyond the end of the project. Data which will be generated in the course of the project include output data of random number generators, PUF output data, measurement data, and source code. As the DMP is an incremental tool, it will be adapted in the course of the project.

D6.1 "Risk Assessment Plan"
The risk assessment plan shows how potential risks are assessed and mitigated in order to avoid any negative influence on the HECTOR project objectives. The interrelated risk assessment plan, risk identification, risk handling and monitoring were established.

D6.2 "Project Quality Plan"
This Project Quality Plan shows how quality aspects are taken into account in a variety of processes and activities within the HECTOR project. The interrelated quality processes – planning, assurance and control – were established.

Submitted in Period 2:

D2.2 “ASIC and FPGA Designs”
HECTOR deliverable D2.2 consists in the delivery of FPGA and ASIC designs for selected TRNG(s) and PUF(s). Considering that the main deliverable is of type “Demonstrator”, and that its dissemination level is “Confidential”, this accompanying report provides a short, publically-available document to summarize the D2.2 design deliveries.

D2.4 "Report on Attacks"
This report describes the joint effort of the HECTOR partners on evaluation of security characteristics of selected TRNG and PUF designs as researched during the HECTOR project.

D3.1 "Report on the Efficient Implementations of Crypto Algorithms and Building Blocks and on Cost and Benefits of Countermeasures Against Physical Attacks"
This report represents the final version of Deliverable 3.1 of the HECTOR work package WP3. It covers two main activities. First, the definition of cryptographic primitives, with a special focus on authenticated encryption and their efficient implementations in hardware. Second, the study of side-channel attacks and countermeasure for those cryptographic primitives. In this context our contribution is twofold. We analyze the attacks and propose countermeasure from the system-level viewpoint. Then we introduce a methodology for the evaluation at design-time of the sidechannel robustness of hardware implementations.

D3.3 "Report on the Security Evaluation of Cryptographic Algorithms and Countermeasures when non Ideal Hardware Building Blocks are Used"
This report is one of the main scientific outcomes of the HECTOR project and represents the final version of deliverable D3.3 of work package WP3. Together with deliverable D3.1, it is part of the WP3 proceedings and extensively discusses the research results of WP3. It covers four main activities. First, the cryptanalysis of cryptographic primitives with respect to non-ideal keys. Second, it proposes an optimization strategy for cryptographic post-processing of PUFs and TRNGs, based on a duplex-sponge construction. Third, the study of the security degradation of countermeasures in the presence of non-ideal random numbers. Fourth, it reports several new results on side channel countermeasures and the evaluation of side channel robustness at design-time, which not yet have been reported in deliverables D3.1 and D3.2.

D4.1 "Demonstrator Specification"
This deliverable contains detailed software and hardware specifications of the HECTOR demonstrator platforms as an output of task T4.1. The specifications are derived from selected applicative scenarios defined in deliverable D1.2. In particular, they concern the implementation of true random number generators, physically unclonable functions, and authenticated encryption with associated data algorithms as the main HECTOR outcomes.

D4.2 "Demonstrator Platform"
This deliverable contains the complete setup of the three HECTOR demonstrators designed in the framework of work package WP4. The specifications of each demonstrator are those described in D4.1. This document accompanying the demonstrators gives a full description of each demonstrator from motivation to user manual guide. Compliances to requirements are completed and key performance indicators highlighted.

D4.3 "Demonstrator Security Evaluation"
This report describes the security assessment of the three HECTOR demonstrators. For each demonstrator it consists of a description, evaluation scoping, a vulnerability analysis and – when applicable – a description of tests that have been done to get sufficient assurance on the security of the devices. The approach and results of selected tests are described.

D5.5 “Final Report on Data Management”
The purpose of the final report on data management is to provide an update of the analysis of the main elements of the data management policy used by the applications with regards to all the datasets that were generated by the project. The datasets collected in HECTOR include samples and statistical test results of TRNGs and PUFs, VHDL code of building blocks, measurements of passive and active physical attacks, and software to reproduce the cryptanalytic and system-level analysis conducted in HECTOR. Most important aspects regarding data management, like metadata generation, data preservation, and responsibilities, were updated compared to the initial report D5.2 (Data Management Plan) according to the outcome of the project.



2018:

The impact of pulsed Electromagnetic Fault Injection on true random number generators M. Madau, M. Agoyan, J. Balash, M. Grujic, P.Haddad, P. Maurine, V. Rozic, D. Singelee, B. Yang, I. Verbauwhede
DOI Research data
Fault Diagnosis and Tolerance in Cryptography (FDTC 2018), Amsterdam/Netherlands, 13 September 2018

[ More ]

Abstract: andom number generation is a key function oftoday’s secure devices. Commonly used for key generation,random number streams are more and more frequently usedas the anchor of trust of several countermeasures such asmasking. True Random Number Generators (TRNGs) thusbecome a relevant entry point for attacks that aim at loweringthe security of integrated systems. Within this context, thispaper investigates the robustness of TRNGs based on RingOscillators (focusing on the delay chain TRNG) againstpulsed electromagnetic fault injection. Indeed, weaknesses ingenerating random bits for masking scheme degenerate the SideChannel resistance. Finally by exploiting fault results on delaychain TRNG some general guidelines to harden them are derived.


Evaluation and monitoring of free running oscillators serving as source of randomness E. Noumon Allini, M. Skórski, O. Petura, F. Bernard, M. Laban, V. Fischer
Conference on Cryptographic Hardware and Embedded Systems 2018 (CHES 2018), Amsterdam/Netherlands, 9-12 September 2018

[ More ]

Abstract: this paper, we evaluate clock signals generated in ring oscillators andself-timed rings and the way their jitter can be transformed into random numbers. Weshow that counting the periods of the jittery clock signal produces random numbersof significantly better quality than the methods in which the jittery signal is simplysampled (the case in almost all current methods). Moreover, we use the counter valuesto characterize and continuously monitor the source of randomness. However, insteadof using the widely used statistical variance, we propose to use Allan variance to doso. There are two main advantages: Allan variance is insensitive to low frequencynoises such as flicker noise that are known to be autocorrelated and significantlyless circuitry is required for its computation than that used to compute commonlyused variance. We also show that it is essential to use a differential principle ofrandomness extraction from the jitter based on the use of two identical oscillatorsto avoid autocorrelations originating from external and internal global jitter sourcesand that this fact is valid for both kinds of rings. Last but not least, we propose amethod of statistical testing based on high order Markov model to show the reduceddependencies when the proposed randomness extraction is applied.


Modular Evaluation Platform for Evaluation and Testing of Physically Unclonable Functions Marek Laban, Milos Drutarovsky, Viktor Fischer, Michal Varchola
Radioelektronika 2018

[ More ]

Abstract: Physical unclonable functions in field programmable arrays are always linked to the used hardware. Therefore, it is necessary to have high amount of simple devices for evaluation purposes. One of the suitable platform for such evaluation is HECTOR Evaluation Platform. The following paper describes this platform, compares it with existing solutions, and shows several examples of its using. The proposed platform consists of a motherboard and exchangeable daughter board modules. These are designed to be as simple as possible to allow cheap and independent evaluation across many devices. In comparison to similar existing solutions, proposed platform excels in its simple architecture, which allows remote using of module. The platform is also suitable for evaluation of other cryptographic primitives like true random number generators, encryption systems, and etc. Platform's components are adjusted for side channel attacks measurements. HECTOR evaluation platform was designed and optimized to fulfil the European HECTOR project (H2020) requirements.


A Unified Masking Approach Hannes Gross, Stefan Mangard
Journal of Cryptographic Engineering / CHES 2017

[ More ]

Abstract: The continually growing number of security-related autonomous devices requires efficient mechanisms to counteract low-cost side-channel analysis (SCA) attacks. Masking provides high SCA resistance at an adjustable level of security. A high level of resistance, however, goes hand in hand with an increasing demand for fresh randomness which drastically increases the implementation costs. Since hardware-based masking schemes have other security requirements than software masking schemes, the research in these two fields has been conducted quite independently over the last 10 years. One important practical difference is that recently published software schemes achieve a lower randomness footprint than hardware masking schemes. In this work we combine existing software and hardware masking schemes into a unified masking algorithm. We demonstrate how to protect software and hardware implementations using the same masking algorithm, and for lower randomness costs than the separate schemes. Especially for hardware implementations, the randomness costs can in some cases be halved over the state of the art. Theoretical considerations as well as practical implementation results are then used for a comparison with existing schemes from different perspectives and at different levels of security.


Another Flip in the Wall of Rowhammer Defenses Daniel Gruss, Moritz Lipp, Michael Schwarz, Daniel Genkin, Jonas Juffinger, Sioli O'Connell, Wolfgang Schoechl, Yuval Yarom
S&P 2018

[ More ]

Abstract: The Rowhammer bug allows unauthorized modification of bits in DRAM cells from unprivileged software, enabling powerful privilege-escalation attacks. Sophisticated Rowhammer countermeasures have been presented, aiming at mitigating the Rowhammer bug or its exploitation. However, the state of the art provides insufficient insight on the completeness of these defenses. In this paper, we present novel Rowhammer attack and exploitation primitives, showing that even a combination of all defenses is ineffective. Our new attack technique, one-location hammering, breaks previous assumptions on requirements for triggering the Rowhammer bug, i.e., we do not hammer multiple DRAM rows but only keep one DRAM row constantly open. Our new exploitation technique, opcode flipping, bypasses recent isolation mechanisms by flipping bits in a predictable and targeted way in userspace binaries. We replace conspicuous and memory-exhausting spraying and grooming techniques with a novel reliable technique called memory waylaying. Memory waylaying exploits system-level optimizations and a side channel to coax the operating system into placing target pages at attacker-chosen physical locations. Finally, we abuse Intel SGX to hide the attack entirely from the user and the operating system, making any inspection or detection of the attack infeasible. Our Rowhammer enclave can be used for coordinated denial-of-service attacks in the cloud and for privilege escalation on personal computers. We demonstrate that our attacks evade all previously proposed countermeasures for commodity systems.


From Physical to Stochastic Modeling of a TERO-Based TRNG Florent Bernard, Patrick Haddad, Viktor Fischer, and Jean Nicolai
Journal of Cryptology

[ More ]

Abstract: Security in random number generation for cryptography is closely related to the entropy rate at the generator output. This rate has to be evaluated using an appropriate stochastic model. The stochastic model proposed in this paper is dedicated to the transition effect ring oscillator (TERO)-based true random number generator (TRNG) proposed by Varchola and Drutarovsky (in: Cryptographic hardware and embedded systems (CHES), 2010, Springer, 2010). The advantage and originality of this model are that it is derived from a physical model based on a detailed study and on the precise electrical description of the noisy physical phenomena that contribute to the generation of random numbers. We compare the proposed electrical description with data generated in two different technologies: TERO TRNG implementations in 40 and 28 nm CMOS ASICs. Our experimental results are in very good agreement with those obtained with both the physical model of TERO’s noisy behavior and the stochastic model of the TERO TRNG, which we also confirmed using the AIS 31 test suites.


Design and Testing Methodologies for True Random Number Generators Towards Industry Certification Josep Balasch, Florent Bernard, Viktor Fischer, Milos Grujic, Marek Laban, Oto Petura, Vladimir Rozic, Gerard van Battum, Ingrid Verbauwhede, Marnix Wakker, Bohan Yang
Embedded Tutorial at the IEEE European Test Symposium (ETS 2018)

[ More ]

Abstract: he objective of this paper is to provide insighton the design, evaluation and testing of modern True RandomNumber Generators (TRNGs) aimed towards certification. Wediscuss aspects related to each of these stages by means of twoillustrative TRNG designs: PLL-TRNG and DC-TRNG. Topicscovered in the paper include: the importance of formal securityevaluations based on a stochastic model of the entropy source, thedevelopment of suitable and lightweight embedded tests to detectfailures, the implementation and testing of TRNGs in dedicatedFPGA platforms, and a robustness assessment to environmentaland/or physical modifications.


A Closer Look at the Delay-Chain based TRNG Milos Grujic, Vladimir Rozic, Bohan Yang and Ingrid Verbauwhede
ISCAS 2018

[ More ]

Abstract: This paper presents a refined stochastic model of the delay-chain based true random number generator (DC-TRNG) and its application. DC-TRNG is a true random number generator for FPGAs that utilizes time-to-digital conversion (TDC) to accurately determine the position of the ring-oscillator jittery signal edge. Our stochastic model employs precise time characterization of the carry-chains that are used for TDC in the DC-TRNG. In order to determine lower bounds of the estimated min-entropy, the binary probabilities are calculated by applying the stochastic model. Based on these computed probabilities, we perform optimizations of the DC-TRNG parameters on two different FPGAs — Xilinx Spartan 6 and Intel Cyclone IV, in order to achieve the highest possible throughput of the DC-TRNG.


Two Methods of the Clock Jitter Measurement Aimed at Embedded TRNG Testing Oto Petura, Marek Laban, Elie Noumon Allini, Viktor Fischer
TRUDEVICE 2018

[ More ]

Abstract: In modern cryptographic systems, security is basedon quality and unpredictability of confidential keys. These keysare generated in random number generators using randomphysical phenomena appearing inside the cryptographic systemon chip. The most frequently used source of randomness in digitaldevices is the jitter of clock signals generated inside the devicein ring oscillators, self-timed rings, RC oscillators, phase-lockedloops (PLLs), etc. The quality and unpredictability of generatednumbers depends on the quality and the size of the clock jitter.It is therefore a good practice to monitor this jitter continuouslyusing some embedded jitter measurement method. The measuredjitter parameters can be then used as input parameters of thestochastic model used to estimate entropy, which characterizesunpredictability of generated numbers. In this paper, we presentand compare two methods of embedded jitter assessment basedon the measurement of the variance of counter values, obtainedby counting the periods of the jittery clock during a time intervaldefined by a reference clock generated in the same device. Besidescomparing obvious design results such as area, speed, and powerconsumption, we observe and discuss the impact of the twoembedded variance measurement methods on the clock jitteritself, and compare the behavior of the two clock generatorsused as sources of randomness with and without clock variancemeasurement circuitry, and with and without additional logicsuch as an AES cipher, which perturbs the variance computation,as it is the case in most cryptographic embedded systems. Thiscomparison is very important for a good estimation of the lowentropy bound from the measurement result


Differential Cryptanalysis of Symmetric Primitives Maria Eichlseder
PhD Thesis TU Graz

[ More ]

Abstract: We cryptanalyze several symmetric encryption and hashing algorithms. Acentral factor in the security of symmetric cryptographic algorithms is theresistance of their core building block, the primitive, against cryptanalyticattacks such as di erential, linear, and algebraic cryptanalysis. The funda-mental idea of di erential cryptanalysis is to extract secret information orforge malicious messages by investigating the behavior of the primitive fortwo related, slightly di erent inputs, and has proven both very powerfuland highly versatile since its inception in the 1990s. Resistance againstsuch attacks is thus one of the cornerstones in the design of block ciphers.More recently, alternative symmetric primitives have risen to generalattention: Permutations and tweakable block ciphers in particular haveshown the potential to rival block ciphers in their role as the ideal primitivefor ecient and elegant schemes. However, the available cryptanalytictools and theory on the design and analysis of these alternative primitivesare arguably less mature than for block ciphers.We investigate the security of these primitives against di erential crypt-analysis. Compared to classic block ciphers, adversaries who target permu-tations or tweakable block ciphers can take advantage of known, chosen,or related round-key material. We nd that in some cases, the designers'block-cipher-based design strategies do not suciently protect againstvariations of the classical di erential strategy. In particular, we breakthe full security claims of the tweakable block cipherMANTIS-5andthe permutationSimpira v1. We provide a key recovery attack for theround-reduced block cipherLowMCand analyze the authenticated cipherPrstin a related-key setting. We also develop techniques to improve thecomputer-aided di erential analysis of unkeyed primitives, leading to thebest practical collision attacks on the round-reduced hash standardSHA-2.


Clustering Related-Tweak Characteristics: Application to MANTIS-6 Maria Eichlseder, Daniel Kales
FSE 2019 / Transactions on Symmetric Cryptology 2018/02

[ More ]

Abstract: The TWEAKEY/STK construction is an increasingly popular approach for designing tweakable block ciphers that notably uses a linear tweakey schedule. Several recent attacks have analyzed the implications of this approach for differential cryptanalysis and other attacks that can take advantage of related tweakeys. We generalize the clustering approach of a recent differential attack on the tweakable block cipher MANTIS5 and describe a tool for efficiently finding and evaluating such clusters. More specifically, we consider the set of all differential characteristics compatible with a given truncated characteristic, tweak difference, and optional constraints for the differential. We refer to this set as a semi-truncated characteristic and estimate its probability by analyzing the distribution of compatible differences at each step. We apply this approach to find a semi-truncated differential characteristic for MANTIS6 with probability about 2−67.73 and derive a key-recovery attack with a complexity of about 255.09 chosen-plaintext queries and 255.52 computations. The data-time product is 2110.61 << 2126.


Exploiting Ineffective Fault Inductions on Symmetric Cryptography Christoph Dobraunig, Maria Eichlseder, Thomas Korak, Stefan Mangard, Florian Mendel, Robert Primas
CHES 2018 / TCHES Issue 3

[ More ]


The impact of pulsed Electromagnetic Fault Injection on true random number generators Maxime Madau, Michel Agoyan, Josep Balash, Milos Grujic, Patrick Haddad, Philippe Maurine, Vladimir Rozic, Dave Singelee, Bohan Yang, Ingrid Verbauwhede Fault Diagnosis and Tolerance in Cryptography (FDTC 2018)
Amsterdam/Netherlands, 13 September 2018

[ More ]

Abstract: andom number generation is a key function oftoday’s secure devices. Commonly used for key generation,random number streams are more and more frequently usedas the anchor of trust of several countermeasures such asmasking. True Random Number Generators (TRNGs) thusbecome a relevant entry point for attacks that aim at loweringthe security of integrated systems. Within this context, thispaper investigates the robustness of TRNGs based on RingOscillators (focusing on the delay chain TRNG) againstpulsed electromagnetic fault injection. Indeed, weaknesses ingenerating random bits for masking scheme degenerate the SideChannel resistance. Finally by exploiting fault results on delaychain TRNG some general guidelines to harden them are derived.
keywords:Pulse Electromagnetic fault Injection, True RandomNumber Generator, security guidelines


ES-TRNG: A High-throughput, Low-area True Random Number Generator based on Edge Sampling Bohan Yang; Vladimir Rozic; Milos Grujic; Nele Mentens; Ingrid Verbauwhede Conference on Cryptographic Hardware and Embedded Systems 2018 (CHES 2018)
, Amsterdam/Netherlands, 9-12 September 2018

[ More ]

Abstract: n this paper we present a novel true random number generator based onhigh-precision edge sampling. We use two novel techniques to increase the throughputand reduce the area of the proposed randomness source: variable-precision phaseencoding and repetitive sampling. The first technique consists of encoding theoscillator phase with high precision in the regions around the signal edges and withlow precision everywhere else. This technique results in a compact implementation atthe expense of reduced entropy in some samples. The second technique consists ofrepeating the sampling at high frequency until the phase region encoded with highprecision is captured. This technique ensures that only the high-entropy bits are sentto the output. The combination of the two proposed techniques results in a secureTRNG, which suits both ASIC and FPGA implementations. The core part of theproposed generator is implemented with 10 look-up tables (LUTs) and 5 flip-flops(FFs) of a Xilinx Spartan-6 FPGA, and achieves a throughput of1.15M bpswith0.997bits of Shannon entropy. On Intel Cyclone V FPGAs, this implementation uses10 LUTs and 6 FFs, and achieves a throughput of1.07M bps. This TRNG design issupported by a stochastic model and a formal security evaluation.
Keywords: Hardware random number generators ring oscillators entropy FPGA stochastic mode


Robustness Analysis of a TRNG Based on Coherent Sampling With Self-Timed Rings Adriaan Peetermans, Milos Grujic, Bohan Yang, Josep Balasch, Vladimir Rozic and Ingrid Verbauwhede
CARDIS 2018, 12th-14th November, 2018

[ More ]


Evaluation and monitoring of free running oscillators serving as source of randomness E. Noumon Allini, M. Skórski, O. Petura, F. Bernard, M. Laban, V. Fischer
Conference on Cryptographic Hardware and Embedded Systems 2018 (CHES 2018), Amsterdam/Netherlands, 9-12 September 2018

[ More ]


Optimization of the PLL Configuration in a PLL-based TRNG Design Elie Noumon Allini, Oto Petura, Florent Bernard, Viktor Fischer
Design, Automation and Test in Europe (DATE), 2018.

[ More ]

Abstract: Several recent designs show that the phase locked-loops (PLLs) are well suited for building true random number generators (TRNG) in logic devices and especially in FPGAs, in which PLLs are physically isolated from the rest of the device. However, the setup of the PLL configuration for the PLL-based TRNG is a challenging task. Indeed, the designer has to take into account physical constraints of the hardwired block, when trying to achieve required performance (bit rate) and security (entropy rate per bit). In this paper, we introduce a method aimed at choosing PLL parameters (e.g. input frequency, multiplication and division factors of the PLL) that satisfy hardware constraints, while achieving the highest possible bit rate or entropy rate according to application requirements. The proposed method is fast enough to produce all possible configurations in a short time. Comparing to the previous method based on a genetic algorithm, which was able to find only a locally optimized solution and only for one PLL in tens of seconds, the new method finds exhaustive set of feasible configurations of one- or two-PLL TRNG in few seconds, while the found configurations can be ordered depending on their performance or sensitivity to jitter.


Towards Inter-Vendor Compatibility of True Random Number Generators for FPGAs Milos Grujic, Bohan Yang, Vladimir Rozic and Ingrid Verbauwhede
Design, Automation and Test in Europe (DATE), 2018.

[ More ]

Abstract: True random number generators (TRNGs) are fundamental constituents of secure embedded cryptographic systems. In this paper, we introduce a general methodology for porting TRNG across different FPGA vendor families. In order to demonstrate our methodology, we applied it to the delay-chain based TRNG (DC-TRNG) on Intel Cyclone IV and Cyclone V FPGAs. We examine vendor-agnostic generality of the underlying DCTRNG principle and propose modifications to address differences in structure of FPGAs. Implementation of the DC-TRNG on Cyclone IV uses 149 LEs and has a throughput of 5Mbps, while on Cyclone V it occupies 230 ALMs with an output rate of 12.5 Mbps. The quality of the random bits produced by the DC-TRNG on Intel Cyclone IV and V is further confirmed by using NIST statistical test suite.


Spectral features of higher-order side-channel countermeasures Vittorio Zaccaria, Filippo Melzani, Guido Bertoni
IEEE Transactions on Computers, 2018.

[ More ]

Abstract: This brief deals with the problem of mathematically formalizing hardware circuits' vulnerability to side-channel attacks. We investigate whether spectral analysis is a useful analytical tool for this purpose by building a mathematically sound theory of the vulnerability phenomenon. This research was originally motivated by the need for deeper, more formal knowledge around vulnerable nonlinear circuits. However, while building this new theoretical framework, we discovered that it can consistently integrate known results about linear ones as well. Eventually, we found it adequate to formally model side-channel leakage in several significant scenarios. In particular, we have been able to find the vulnerability perimeter of a known cryptographic primitive (i.e., Keccak \cite{Bertoni:2010ug}) and thus tackle the analysis of vulnerability when signal glitches are present. We believe the conceptual framework we propose will be useful for researchers and practitioners in the field of applied cryptography and side-channel attacks.


Systematic Classification of Side-Channel Attacks: A Case Study for Mobile Devices Raphael Spreitzer, Veelasha Moonsamy, Thomas Korak, Stefan Mangard
IEEE Communications Surveys and Tutorials, 2018.

[ More ]

Abstract: Side-channel attacks on mobile devices have gained increasing attention since their introduction in 2007. While traditional side-channel attacks, such as power analysis attacks and electromagnetic analysis attacks, required physical presence of the attacker as well as expensive equipment, an (unprivileged) application is all it takes to exploit the leaking information on modern mobile devices. Given the vast amount of sensitive information that are stored on smartphones, the ramifications of side-channel attacks affect both the security and privacy of users and their devices. In this paper, we propose a new categorization system for side-channel attacks, which is necessary as side-channel attacks have evolved significantly since their scientific investigations during the smart card era in the 1990s. Our proposed classification system allows to analyze side-channel attacks systematically, and facilitates the development of novel countermeasures. Besides this new categorization system, the extensive survey of existing attacks and attack strategies provides valuable insights into the evolving field of side-channel attacks, especially when focusing on mobile devices. We conclude by discussing open issues and challenges in this context and outline possible future research directions.


KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks Michael Schwarz, Moritz Lipp, Daniel Gruss, Samuel Weiser, Clémentine Maurice, Raphael Spreitzer, Stefan Mangard
The Network and Distributed System Security Symposium (NDSS), 2018.

[ More ]

Abstract: coming soon



2017:

Security Analysis of PUF-Based Key Generation and Entity Authentication Jeroen Delvaux
Dissertation presented in partial fulfillment of the requirements for the degree of Doctor of Engineering Science (PhD): Electrical Engineering, 2017.

[ More ]

Abstract: No two physical objects are exactly the same, even when manufactured with a nominally identical process. For example, two sheets of paper that are indistinguishable with the naked eye, still differ considerably in their nanoscale fiber structures. Although manufacturing variability is usually undesired, the associated ability to uniquely identify a physical object, which is constrained to an integrated circuit (IC) in this thesis, can be leveraged for security purposes. To facilitate the registration of unique features, a so-called physically unclonable function (PUF) can be implemented on the IC. A PUF circuit is designed to be sensitive to process variations, i.e., challenged with a binary input, it provides a binary, device-unique response. This building block can hence be understood as the silicon equivalent of human biometrics. PUFs can augment the security architecture of an ever-increasing number of electronic devices that access our personal data and/or represent our identities. This includes but is not limited to smartphones, credit cards, access badges, the sensors and actuators of automated home, and medical implants. PUFs usually need to team up with other building blocks, e.g., true random number generators (TRNGs), cryptographic algorithms, error-correcting codes, nonvolatile memory (NVM), etc. We analyze the security of such multi-component systems in a format that allows for comparisons among proposals that have similar or identical objectives. Numerous newly revealed flaws and attacks are presented throughout this thesis. On the bright side, the lessons learned can help improve the quality of future PUF-based systems.


Fast Leakage Assessment Oscar Reparaz, Benedikt Gierlichs and Ingrid Verbauwhede
Conference on Cryptographic Hardware and Embedded Systems (CHES), 2017.

[ More ]

Abstract: We describe a fast technique for performing the computationally heavy part of leakage assessment, in any statistical moment (or other property) of the leakage samples distributions. The proposed technique outperforms by orders of magnitude the approach presented at CHES 2015 by Schneider and Moradi. We can carry out evaluations that before took 90 CPU-days in 4 CPU-hours (about a 500-fold speed-up). As a bonus, we can work with exact arithmetic, we can apply kernel-based density estimation methods, we can employ arbitrary pre-processing functions such as absolute value to power traces, and we can perform information-theoretic leakage assessment. Our trick is simple and elegant, and lends itself to an easy and compact implementation. We fit a prototype implementation in about 130 lines of C code.


On-chip jitter measurement for true random number generators Bohan Yang, Vladimir Rozic, Milos Grujic, Nele Mentens and Ingrid Verbauwhede
Asian Hardware Oriented Security and Trust Symposium (AsianHOST), 2017.

[ More ]

Abstract: Applications of true random number generators (TRNGs) span from art to numerical computing and system security. In cryptographic applications, TRNGs are used for generating new keys, nonces and masks. For this reason, a TRNG is an essential building block and often a point of failure for embedded security systems. One type of primitives that are widely used as source of randomness are ring oscillators. For a ring-oscillator-based TRNG, the true randomness originates from its timing jitter. Therefore, determining the jitter strength is essential to estimate the quality of a TRNG. In this paper, we propose a method to measure the jitter strength of a ring oscillator implemented on an FPGA. The fast tapped delay chain is utilized to perform the on-chip measurement with a high resolution. The proposed method is implemented on both a Xilinx FPGA and an Intel FPGA. Fast carry logic components on different FPGAs are used to implement the fast delay line. This carry logic component is designed to be fast and has dedicated routing, which enables a precise measurement. The differential structure of the delay chain is used to thwart the influence of undesirable noise from the measurement. The proposed methodology can be applied to other FPGA families and ASIC designs.


The Monte Carlo PUF Vladimir Rozic, Bohan Yang, Jo Vliegen, Nele Mentens and Ingrid Verbauwhede
27th International Conference on Field-Programmable Logic and Applications (FPL), 2017.

[ More ]

Abstract: Physically unclonable functions are used for IP protection, hardware authentication and supply chain security. While many PUF constructions have been put forward in the past decade, only few of them are applicable to FPGA platforms. Strict constraints on the placement and routing are the main disadvantages of the existing PUFs on FPGAs, because they place a high effort on the designer. In this paper we propose a new delay-based PUF construction called Monte Carlo PUF, that does not require low-level placement and routing control. This construction relies on the on-chip Monte Carlo method that is applied for measuring the delays of logic elements in order to extract a unique device fingerprint. The proposed construction allows a trade-off between the evaluation time and the error rate. The Monte Carlo PUF is implemented and evaluated on Xilinx Spartan-6 FPGAs.


Reconciling d + 1 Masking in Hardware and Software Hannes Gross, Stefan Mangard
Conference on Cryptographic Hardware and Embedded Systems (CHES), 2017.

[ More ]

Abstract: The continually growing number of security-related autonomous devices requires efficient mechanisms to counteract low-cost side-channel analysis (SCA) attacks. Masking provides high resistance against SCA at an adjustable level of security. A high level of SCA resistance, however, goes hand in hand with an increasing demand for fresh randomness which drastically increases the implementation costs. Since hardware based masking schemes have other security requirements than software masking schemes, the research in these two fields has been conducted quite independently over the last ten years. One important practical difference is that recently published software schemes achieve a lower randomness footprint than hardware masking schemes. In this work we combine existing software and hardware masking schemes into a unified masking algorithm. We demonstrate how to protect software and hardware implementations using the same masking algorithm, and for lower randomness costs than the separate schemes. Especially for hardware implementations the randomness costs can in some cases be halved over the state of the art. Theoretical considerations as well as practical implementation results are then used for a comparison with existing schemes from different perspectives and at different levels of security.


Efficient design of Oscillator based Physical Unclonable Functions on Flash FPGAs Ugo Mureddu, Oto Petura, Nathalie Bochard, Lilian Bossuet, Viktor Fischer
Second International Verification and Security Workshop (IVSW 2017), 2017.

[ More ]

Abstract: With the scaling down of electronic devices and the boom of wireless communications, more and more smart devices are interconnected in what we call the Internet of Things. Connecting devices of everyday use can greatly improve our comfort, but it can also introduce unprecedented security problems. With billions of devices connected there is a huge risk of unauthorized use. In this context, Physical Unclonable Functions (PUFs) are a promising solution since they extract device intrinsic fingerprint that can be used for hardware identification and authentication. Here we present the first fully functional implementation of Oscillator based PUFs on Flash based FPGA. The implementation is presented for the Ring Oscillator based PUF and the Transient Effect Ring Oscillatory based PUF. After explaining those two PUF principles, we give all the necessary design practices to follow to obtain an efficient PUF implementation on Flash FPGA. Finally, we present the characterization of the PUFs and compare it to previous work. To the best of our knowledge, it is the first work which deals with the implementation of Oscillator based PUF on Flash FPGAs. Moreover, all design files are available online to ensure repeatability.


Practical Key Recovery Attack on MANTIS-5 Christoph Dobraunig, Maria Eichlseder, Daniel Kales, Florian Mendel
International Conference on Fast Software Encryption (TOSC-FSE 2017), 2017.

[ More ]

Abstract: MANTIS is a lightweight tweakable block cipher published at CRYPTO 2016. In addition to the full 14-round version, MANTIS-7, the designers also propose an aggressive 10-round version, MANTIS-5. The security claim for MANTIS-5 is resistance against “practical attacks”, defined as related-tweak attacks with data complexity 2d less than 230 chosen plaintexts (or 240 known plaintexts), and computational complexity at most 2126-d. We present a key-recovery attack against MANTIS-5 with 228 chosen plaintexts and a computational complexity of about 238 block cipher calls, which violates this claim. Our attack is based on a family of differential characteristics and exploits several properties of the lightweight round function and tweakey schedule. To verify the validity of the attack, we also provide a practical implementation which recovers the full key in about 1 core hour using 230 chosen plaintexts.


An Efficient Side-Channel Protected AES Implementation with Arbitrary Protection Order Hannes Gross; Stefan Mangard; Thomas Korak
RSA Conference Cryptographers’ Track (CT-RSA 2017), 2017.

[ More ]

Abstract: Passive physical attacks, like power analysis, pose a serious threat to the security of digital circuits. In this work, we introduce an efficient sidechannel protected Advanced Encryption Standard (AES) hardware design that is completely scalable in terms of protection order. Therefore, we revisit the private circuits scheme of Ishai et al. [13] which is known to be vulnerable to glitches. We demonstrate how to achieve resistance against multivariate higher-order attacks in the presence of glitches for the same randomness cost as the private circuits scheme. Although our AES design is scalable, it is smaller, faster, and less randomness demanding than other side-channel protected AES implementations. Our first-order secure AES design, for example, requires only 18 bits of randomness per S-box operation and 6 kGE of chip area. We demonstrate the flexibility of our AES implementation by synthesizing it up to the 15th protection order.


Complete activation scheme for IP design protection Brice Colombier, Ugo Mureddu, Marek Laban, Oto Petura, Lilian Bossuet, Viktor Fischer
IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 2017.

[ More ]

Abstract: Intellectual Property (IP) illegal copying is a major threat in today’s integrated circuits industry which is massively based on a design-and-reuse paradigm. In order to fight this threat, a designer must track how many times an IP has been instantiated. Moreover, illegal copies of an IP must be unusable. We propose a hardware/software scheme which allows a designer to remotely activate an IP with minimal area overhead. The software modifies the IP efficiently and can handle very large netlists. Unique identification of hardware instances is achieved by integrating a TERO-PUF along with a lightweight key reconciliation module. A cryptographic core guarantees security and triggers a logic locking/masking module which makes the IP unusable unless the correct encrypted activation word is applied. The hardware side is implemented on several FPGAs.


Key Reconciliation Protocols for Error Correction of Silicon PUF Responses Brice Colombier, Lilian Bossuet, David Hély, Viktor Fischer
IEEE Transactions on Information Forensics and Security, 2017.

[ More ]

Abstract: Physical Unclonable Functions (PUFs) are promising primitives for the lightweight authentication of an integrated circuit (IC). Indeed, by extracting an identifier from random process variations, they allow each instance of a design to be uniquely identified. However, the extracted identifiers are not stable enough to be used as is, and hence need to be corrected first. This is currently achieved using error-correcting codes in secure sketches, that generate helper data through a one-time procedure. As an alternative, we propose key reconciliation protocols. This interactive method, originating from quantum key distribution, allows two entities to correct errors in their respective correlated keys by discussing over a public channel. We believe that this can also be used by a device and a remote server to agree on two different responses to the same challenge from the same PUF obtained at different times. This approach has the advantage of requiring very few logic resources on the device side. The information leakage caused by the key reconciliation process is limited and easily computable. Results of implementation on FPGA targets are presented, showing that it is the most lightweight error-correction module to date.


Optimization of the PLL Based TRNG Design Using the Genetic Algorithm Oto Petura, Ugo Mureddu, Nathalie Bochard, Viktor Fischer
IEEE International Symposium on Circuits and Systems (ISCAS), 2017.

[ More ]

Abstract: Phase-locked loop (PLL) based true random number generator (TRNG) is very well suited for security applications using field programmable gate arrays (FPGAs) because most of FPGAs feature hardwired PLL blocks. PLL based TRNGs (PLL-TRNGs) are easy to implement and do not require manual placement or routing. The design of such TRNGs is also highly portable within the same device family. This is not the case in many other TRNG designs. However, the design of a PLLTRNGs is not a trivial task. Due to many PLL parameters, which need to be fine tuned to achieve required security and speed requirements, an exhaustive design space exploration is practically not feasible. Thus, the designers are required to go through many trial and error cycles of manual parameter tweaking and the results are still not guaranteed to be optimal. In this paper, we use a genetic algorithm (GA) based optimization to generate a suitable configuration of the PLL-TRNG, such that it is secure and reaches high output bit rate. GA optimization allows to take into account physical limits of the PLL, such as input/output frequency, and maximum voltage controlled oscillator (VCO) frequency, which avoids invalid configurations and reduces the development time. The method has proven to be very efficient and it significantly reduces the design time without compromising the security. All the presented configurations were tested on recent FPGA families and the statistical quality of the resulting TRNG configurations was verified using the AIS 31 test suite.


ISAP - Towards Side-Channel Secure Authenticated Encryption Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer
24th International Conference on Fast Software Encryption (TOSC-FSE 2017), 2017.

[ More ]

Abstract: Side-channel attacks and in particular differential power analysis (DPA) attacks pose a serious threat to cryptographic implementations. One approach to counteract such attacks are cryptographic schemes based on fresh re-keying. In settings of pre-shared secret keys, such schemes render DPA attacks infeasible by deriving session keys and by ensuring that the attacker cannot collect side-channel leakage on the session key during cryptographic operations with different inputs. While these schemes can be applied to secure standard communication settings, current re-keying approaches are unable to provide protection in settings where the same input needs to be processed multiple times. In this work, we therefore adapt the re-keying approach and present a symmetric authenticated encryption scheme that is secure against DPA attacks and that does not have such a usage restriction. This means that our scheme fully complies with the requirements given in the CAESAR call and hence, can be used like other noncebased authenticated encryption schemes without loss of side-channel protection. Its resistance against side-channel analysis is highly relevant for several applications in practice, like bulk storage settings in general and the protection of FPGA bitfiles and firmware images in particular.


Symbolic Analysis of Higher-Order Side Channel Countermeasures Elia Bisi, Filippo Melzani, Vittorio Zaccaria
IEEE Transactions on Computers, 2017.

[ More ]

Abstract: In this paper, we deal with the problem of efficiently assessing the higher order vulnerability of a hardware cryptographic circuit. Our main concern is to provide methods that allow a circuit designer to detect early in the design cycle if the implementation of a Boolean-additive masking countermeasure does not hold up to the required protection order. To achieve this goal, we promote the search for vulnerabilities from a statistical problem to a purely symbolical one and then provide a method for reasoning about this new symbolical interpretation. Eventually we show, with a synthetic example, how the proposed conceptual tool can be used for exploring the vulnerability space of a cryptographic primitive.


Physically Unclonable Function using CMOS Breakdown Position Kai-Hsin Chuang, Erik Bury, Robin Degraeve, Ben Kaczer, Guido Groeseneken, Ingrid Verbauwhede and Dimitri Linten
54th International Reliability Physics Symposium (IRPS 2017), 2017.

[ More ]

Abstract: A novel physically unclonable function (PUF) utilizing the intrinsic randomness of oxide breakdown (BD) positions in CMOS transistors is presented. The advantages of this approach are studied and validated by measurements on test-chips fabricated in a commercial 40nm CMOS process. Experiments show that the required soft BDs can be reliably generated in a sufficiently short period. The randomness of the utilized mechanism shows excellent properties, required for PUF applications: an overall bias of 0.498 and inter-chip hamming distance (HD) of 0.501. Further analysis of the current distributions reveals a dependence of operating voltage on readout resolution and window. Finally, dedicated experiments with external heating and embedded poly-heaters show that these soft BDs are stable and show no read-out errors up to operating temperatures of 600K.


2016:

Cryptanalysis of Simpira v1 Christoph Dobraunig, Maria Eichelseder, Florian Mendel
23rd Conference on Selected Areas in Cryptography (SAC 2016), 2016.

[ More ]

Abstract: Simpira v1 is a recently proposed family of permutations, based on the AES round function. The design includes recommendations for using the Simpira permutations in block ciphers, hash functions, or authenticated ciphers. The designers' security analysis is based on computer-aided bounds for the minimum number of active S-boxes. We show that the underlying assumptions of independence, and thus the derived bounds, are incorrect. For family member Simpira-4, we provide differential trails with only 40 (instead of 75) active S-boxes for the recommended 15 rounds. Based on these trails, we propose full-round collision attacks on the proposed Simpira-4 Davies-Meyer hash construction, with complexity 282.62 for the recommended full 15 rounds and a truncated 256-bit hash value, and complexity 22110.16 for 16 rounds and the full 512-bit hash value. These attacks violate the designers' security claims that there are no structural distinguishers with complexity below 22128.


Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR Daniel Gruss, Clementine Maurice, Anders Fogh, Moritz Lipp, Stefan Mangard
23rd ACM Conference on Computer and Communications Security (ACM CCS), 2016.

[ More ]

Abstract: Modern operating systems use hardware support to protect against control-flow hijacking attacks such as code-injection attacks. Typically, write access to executable pages is prevented and kernel mode execution is restricted to kernel code pages only. However, current CPUs provide no protection against code-reuse attacks like ROP. ASLR is used to prevent these attacks by making all addresses unpredictable for an attacker. Hence, the kernel security relies fundamentally on preventing access to address information. We introduce Prefetch Side-Channel Attacks, a new class of generic attacks exploiting major weaknesses in prefetch instructions. This allows unprivileged attackers to obtain address information and thus compromise the entire system by defeating SMAP, SMEP, and kernel ASLR. Prefetch can fetch inaccessible privileged memory into various caches on Intel x86. It also leaks the translation-level for virtual addresses on both Intel x86 and ARMv8-A. We build three attacks exploiting these properties. Our first attack retrieves an exact image of the full paging hierarchy of a process, defeating both user space and kernel space ASLR. Our second attack resolves virtual to physical addresses to bypass SMAP on 64-bit Linux systems, enabling ret2dir attacks. We demonstrate this from unprivileged user programs on Linux and inside Amazon EC2 virtual machines. Finally, we demonstrate how to defeat kernel ASLR on Windows 10, enabling ROP attacks on kernel and driver binary code. We propose a new form of strong kernel isolation to protect commodity systems incuring an overhead of only 0.06-5.09%.


Drammer: Deterministic Rowhammer Attacks on Mobile Platforms Victor van der Veen, Yanick Fratantonio, Martina Lindorfer, Daniel Gruss, Clementne Maurice, Giovanni Vigna, Herbert Bos, Kaveh Razavi, Cristiano Giuffrida
23rd ACM Conference on Computer and Communications Security (ACM CCS), 2016.

[ More ]

Abstract: Recent work shows that the Rowhammer hardware bug can be used to craft powerful attacks and completely subvert a system. However, existing efforts either describe probabilistic (and thus unreliable) attacks or rely on special (and often unavailable) memory management features to place victim objects in vulnerable physical memory locations. Moreover, prior work only targets x86 and researchers have openly wondered whether Rowhammer attacks on other architectures, such as ARM, are even possible. We show that deterministic Rowhammer attacks are feasible on commodity mobile platforms and that they cannot be mitigated by current defenses. Rather than assuming special memory management features, our attack, Drammer, solely relies on the predictable memory reuse patterns of standard physical memory allocators. We implement Drammer on Android/ARM, demonstrating the practicability of our attack, but also discuss a generalization of our approach to other Linux-based platforms. Furthermore, we show that traditional x86-based Rowhammer exploitation techniques no longer work on mobile platforms and address the resulting challenges towards practical mobile Rowhammer attacks. To support our claims, we present the first Rowhammer-based Android root exploit relying on no software vulnerability, and requiring no user permissions. In addition, we present an analysis of several popular smartphones and find that many of them are susceptible to our Drammer attack. We conclude by discussing potential mitigation strategies and urging our community to address the concrete threat of faulty DRAM chips in widespread commodity platforms.


Upper Bounds on The Min-Entropy of RO Sum, Arbiter, Feed-Forward Arbiter, and S-ArbRO PUFs Jeroen Delvaux, Dawu Gu and Ingrid Verbauwhede
IEEE Asian Hardware Oriented Security and Trust Symposium (AsianHOST), 2016.

[ More ]

Abstract: The focus and novelty of this work is the derivation of tight upper bounds on the min-entropy of several physically unclonable funcions (PUFs), i.e., Ring Oscillator Sum, Arbiter, Feed-Forward Arbiter, and S-ArbRO PUFs. This constrains their usability for the fuzzy extraction of a secret key, as an alternative to storing keys in non-volatile memory. For example, it is shown that an ideal Arbiter PUF with 64 stages cannot provide more than 197 bits of min-entropy. At Financial Cryptography 2012, Van Herrewege et al. assume that 1785 bits of min-entropy can be extracted, which renders their 128-bit key generator instantly insecure. We also derive upper bounds that comply with nonideal PUFs, attributed to, e.g., manufacturing in silicon. As a side contribution hereby, we refute the claim that S-ArbRO PUFs are highly resistant against machine learning.


A Methodology for the Characterization of Leakages in Combinatorial Logic Guido Bertoni, Marco Martinoli
6th International Conference on Security, Privacy and Applied Cryptographic Engineering (SPACE 2016), 2016.

[ More ]

Abstract: Glitches represent a great danger for hardware implementations of cryptographic schemes. Their intrinsic random nature makes them difficult to tackle and their occurrence threatens side-channel protections. Although countermeasures aiming at structurally solving the problem already exist, they usually require some effort to be applied or introduce non-negligible overhead in the design. Our work addresses the gap between such countermeasures and the naive implementation of schemes being vulnerable in the presence of glitches. Our contribution is twofold: (1) we expand the mathematical framework proposed by Brzozowski and Ésik (FMSD 2003) by meaningfully adding the notion of information leakage, (2) thanks to which we define a formal methodology for the analysis of vulnerabilities in combinatorial circuits when glitches are taken into account.


A Survey of AIS-20/31 Compliant TRNG Cores Suitable for FPGA Devices Oto Petura, Ugo Mureddu, Nathalie Bochard, Viktor Fischer, Lilian Bossuet
26th International Conference on Field-Programmable Logic and Applications (FPL 2016), 2016.

[ More ]

Abstract: FPGAs are widely used to integrate cryptographic primitives, algorithms, and protocols in cryptographic systems-on-chip (CrySoC). As a building block of CrySoCs, True Random Number Generators (TRNGs) exploit analog noise sources in electronic devices to generate confidential keys, initialization vectors, challenges, nonces, and random masks in cryptographic protocols. TRNGs aimed at cryptographic applications must fulfill the security requirements defined in the German Federal Bureau for Information Security’s (BSI) recommendations AIS-20/31, which has become a de facto standard in Europe. Many TRNG cores have already been published, only a few of which are suitable for FPGAs and even fewer comply with AIS-20/31. Here we present the results of the implementation of AIS-20/31 compliant TRNG cores in three FPGA families: Xilinx Spartan 6, Altera Cyclone V and Microsemi SmartFusion 2. In addition to common design parameters like area, bit rate and power/energy consumption, we compare and discuss the feasibility of generator cores in different FPGAs and the statistical quality of their output. These results will help designers select the best generator and the device family to match the requirements of the data security application. To ensure reproducibility of the results, the open source VHDL code of all generators adapted to individual families can be downloaded from the dedicated web page.


Statistical Fault Attacks on Nonce-Based Authenticated Encryption Schemes Christoph Dobraunig, Maria Eichlseder, Thomas Korak, Victor Lomne and Florian Mendel
22nd Annual International Conference on the Theory and Applications of Cryptology and Information Security (Asiacrypt2016), 2016.

[ More ]

Abstract: Since the first demonstration of fault attacks by Boneh et al. on RSA, a multitude of fault attack techniques on various cryptosystems have been proposed. Most of these techniques, like Differential Fault Analysis, Safe Error Attacks, and Collision Fault Analysis, have the requirement to process two inputs that are either identical or related, in order to generate pairs of correct/faulty ciphertexts. However, when targeting authenticated encryption schemes, this is in practice usually precluded by the unique nonce required by most of these schemes. In this work, we present the first practical fault attacks on several noncebased authenticated encryption modes for AES. This includes attacks on the ISO/IEC standards GCM,CCM, EAX, and OCB, as well as several second-round candidates of the ongoing CAESAR competition. All attacks are based on the Statistical Fault Attacks by Fuhr et al., which use a biased fault model and just operate on collections of faulty ciphertexts. Hereby, we put e ort in reducing the assumptions made regarding the capabilities of an attacker as much as possible. In the attacks, we only assume that we are able to influence some byte (or a larger structure) of the internal AES state before the last application of MixColumns, so that the value of this byte is afterwards non-uniformly distributed. In order to show the practical relevance of Statistical Fault Attacks and for evaluating our assumptions on the capabilities of an attacker, we perform several fault-injection experiments targeting real hardware. For instance, laser fault injections targeting an AES co-processor of a smartcard microcontroller, which is used to implement modes like GCM or CCM, show that 4 bytes (resp. all 16 bytes) of the last round key can be revealed with a small number of faulty ciphertexts.


Exploring active manipulation attacks on the TERO random number generator Yang Cao, Vladimir Rozic, Bohan Yang, Josep Balasch and Ingrid Verbauwhede
59th IEEE International Midwest Symposium on Circuits and Systems (MWSCAS), 2016.

[ More ]

Abstract: True random number generators (TRNGs) are critical components in security systems used to generate session keys, challenges for authentication protocols and masks for secret sharing. Unfortunately, TRNGs are vulnerable to a wide class of physical attacks ranging from passive observation of generated numbers to active manipulation. In this work we investigate the susceptibility of the Transition Effect Ring Oscillator (TERO) TRNG to active manipulation attacks. In particular we perform underpower and low temperature attacks on an implementation of the TERO running on a Xilinx Spartan 6 FPGA and experimentally evaluate the effectiveness of four online tests as countermeasure.


ARMageddon: Cache Attacks on Mobile Devices Moritz Lipp, Daniel Gruss, Raphael Spreitzer, Clémentine Maurice and Stefan Mangard
25th Annual USENIX Security Symposium (USENIX Security 2016), 2016.

[ More ]

Abstract: In the last 10 years, cache attacks on Intel x86 CPUs have gained increasing attention among the scientific community and powerful techniques to exploit cache side channels have been developed. However, modern smartphones use one or more multi-core ARM CPUs that have a different cache organization and instruction set than Intel x86 CPUs. So far, no cross-core cache attacks have been demonstrated on non-rooted Android smartphones. In this work, we demonstrate how to solve key challenges to perform the most powerful cross-core cache attacks Prime+Probe, Flush+Reload, Evict+Reload, and Flush+Flush on non-rooted ARM-based devices without any privileges. Based on our techniques, we demonstrate covert channels that outperform state-of-the-art covert channels on Android by several orders of magnitude. Moreover, we present attacks to monitor tap and swipe events as well as keystrokes, and even derive the lengths of words entered on the touchscreen. Eventually, we are the first to attack cryptographic primitives implemented in Java. Our attacks work across CPUs and can even monitor cache activity in the ARM TrustZone from the normal world. The techniques we present can be used to attack hundreds of millions of Android devices.


TOTAL: TRNG On-the-fly Testing for Attack detection using Lightweight hardware Bohan Yang, Vladimir Rozic, Nele Mentens, Wim Dehaene and Ingrid Verbauwhede
Design, Automation & Test in Europe Conference & Exhibition (DATE), 2016.

[ More ]

Abstract: We present a design methodology for embedded tests of entropy sources. These tests are necessary to detect attacks and failures of true random number generators. The central idea of this work is to use an empirical design methodology consisting of two phases: collecting the data under attack and finding a useful statistical feature. In this work we focus on statistical features that are implementable in lightweight hardware. This is the first paper to address the design of on-the-fly tests based on the attack effects. The presented design methodology is illustrated with 2 examples: an elementary ring-oscillator based TRNG and a carry-chain based TRNG. The effectiveness of the tests was confirmed on FPGA prototypes.


Iterating Von Neumann’s Post-Processing under Hardware Constraints Vladimir Rozic, Bohan Yang, Wim Dehaene and Ingrid Verbauwhede
IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 2016.

[ More ]

Abstract: In this paper we present a design methodology and hardware implementations of lightweight post-processing modules for debiasing random bit sequences. This work is based on the iterated Von Neumann procedure (IVN). We present a method to maximize the efficiency of IVN for applications with area and throughput constraints. The resulting hardware modules can be applied for post-processing raw numbers in random number generators.


Efficient Fuzzy Extraction of PUF-Induced Secrets: Theory and Applications Jeroen Delvaux, Dawu Gu, Ingrid Verbauwhede, Matthias Hiller and Meng-Day Yu
Conference on Cryptographic Hardware and Embedded Systems (CHES), 2016.

[ More ]

Abstract: The device-unique response of a physically unclonable function (PUF) can serve as the root of trust in an embedded cryptographic system. Fuzzy extractors transform this noisy non-uniformly distributed secret into a stable high-entropy key. The overall efficiency thereof, typically depending on error-correction with a binary [n; k; d] block code, is determined by the universal and well-known (n - k) bound on the min-entropy loss. We derive new considerably tighter bounds for PUF-induced distributions that suffer from, e.g., bias or spatial correlations. The bounds are easy-to-evaluate and apply to large non-trivial codes, e.g., BCH, Hamming and Reed-Muller codes. Apart from an inherent reduction in implementation footprint, the newly developed theory also facilitates the analysis of state-of-the-art error-correction methods for PUFs. As such, we debunk the reusability claim of the reverse fuzzy extractor. Moreover, we provide proper quantitative motivation for debiasing schemes, as this was missing in the original proposals.


Analysis of the Kupyna-256 Hash Function Christoph Dobraunig, Maria Eichlseder and Florian Mendel
24th ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE), 2016.

[ More ]

Abstract: The hash function Kupyna was recently published as the Ukrainian standard DSTU 7564:2014. It is structurally very similar to the SHA-3 finalist GrØstl, but differs in details of the round transformations. Most notably, some of the round constants are added with a modular addition, rather than bitwise xor. This change prevents a straightforward application of some recent attacks, in particular of the rebound attacks on the compression function of similar AES-like hash constructions. However, we show that it is actually possible to mount rebound attacks, despite the presence of modular constant additions. More specifically, we describe collision attacks on the compression function for 6 (out of 10) rounds of Kupyna-256 with an attack complexity of 270, and for 7 rounds with complexity 2125:8. In addition, we have been able to use the rebound attack for creating collisions for the round-reduced hash function itself. This is possible for 4 rounds of Kupyna-256 with complexity 267 and for 5 rounds with complexity 2120.


Square Attack on 7-Round Kiasu-BC Christoph Dobraunig, Maria Eichlseder and Florian Mendel
14th International Conference on Applied Cryptography and Network Security (ACNS), 2016.

[ More ]

Abstract: Kiasu-BC is a tweakable block cipher presented within the TWEAKEY framework at AsiaCrypt 2014. Kiasu-BC is almost identical to AES-128, the only difference to AES-128 is the tweak addition, where the 64-bit tweak is xored to the first two rows of every round-key. The security analysis of the designers focuses primarily on related-key related-tweak differential characteristics and meet-in-the-middle attacks. For other attacks, they conclude that the security level of Kiasu-BC is similar to AES-128. In this work, we provide the first third-party analysis of Kiasu-BC. We show that we can mount Square attacks on up to 7-round Kiasu-BC with a complexity of about 248:5 encryptions, which improves upon the best published 7-round attacks for AES-128. Furthermore, we show that such attacks are applicable to the round-reduced JCB3-like mode of the CAESAR candidate Kiasu6=. To be specific, we show a key-recovery attack on 7-round Kiasu6= with a complexity of about 282 encryptions.


Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript Daniel Gruss, Clémentine Maurice and Stefan Mangard
13th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2016.

[ More ]

Abstract: A fundamental assumption in software security is that a memory location can only be modified by processes that may write to this memory location. However, a recent study has shown that parasitic effects in DRAM can change the content of a memory cell without accessing it, but by accessing other memory locations in a high frequency. This so-called Rowhammer bug occurs in most of today's memory modules and has fatal consequences for the security of all affected systems, e.g., privilege escalation attacks. All studies and attacks related to Rowhammer so far rely on the availability of a cache flush instruction in order to cause accesses to DRAM modules at a sufficiently high frequency. We overcome this limitation by defeating complex cache replacement policies. We show that caches can be forced into fast cache eviction to trigger the Rowhammer bug with only regular memory accesses. This allows to trigger the Rowhammer bug in highly restricted and even scripting environments. We demonstrate a fully automated attack that requires nothing but a website with JavaScript to trigger faults on remote hardware. Thereby we can gain unrestricted access to systems of website visitors. We show that the attack works on off-the-shelf systems. Existing countermeasures fail to protect against this new Rowhammer attack.


Flush+Flush: A Fast and Stealthy Cache Attack Daniel Gruss, Clémentine Maurice, Klaus Wagner and Stefan Mangard
13th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2016.

[ More ]

Abstract: Research on cache attacks has shown that CPU caches leak signi_cant information. Proposed detection mechanisms assume that all cache attacks cause more cache hits and cache misses than benign applications and use hardware performance counters for detection. In this article, we show that this assumption does not hold by developing a novel attack technique: the Flush+Flush attack. The Flush+Flush attack only relies on the execution time of the ush instruction, which depends on whether data is cached or not. Flush+Flush does not make any memory accesses, contrary to any other cache attack. Thus, it causes no cache misses at all and the number of cache hits is reduced to a minimum due to the constant cache ushes. Therefore, Flush+Flush attacks are stealthy, i.e., the spy process cannot be detected based on cache hits and misses, or state-of-the-art detection mechanisms. The Flush+Flush attack runs in a higher frequency and thus is faster than any existing cache attack. With 496 KB/s in a cross-core covert channel it is 6:7 times faster than any previously published cache covert channel.


Canary Numbers: Design for Light-weight Online Testability of True Random Number Generators Vladimir Rozic, Bohan Yang, Nele Mentens and Ingrid Verbauwhede
NIST Random Bit Generation Workshop, 2016.

[ More ]

Abstract: We introduce the concept of canary numbers, to be used in health tests for true random number generators. Health tests are essential components of true random number generators because they are used to detect defects and failures of the entropy source. These tests need to be lightweight, low-latency and highly reliable. The proposed solution uses canary numbers which are an extra output of the entropy source of lower quality. This enables an early-warning attack detection before the output of the generator is compromised. We illustrate the idea with 2 case studies of true random number generators implemented on aXilinx Spartan-6 FPGA.


2015:

Higher-Order Threshold Implementation of the AES S-Box De Cnudde Thomas, Bilgin Begül, Reparaz Oscar, Nikov Ventzislav, Nikova Svetla,
14th Smart Card Research and Advanced Application Conference (CARDIS), 2015.

[ More ]

Abstract: In this paper we present a threshold implementation of the Advanced Encryption Standard’s S-box which is secure against first- and second-order power analysis attacks. This security guarantee holds even in the presence of glitches, and includes resistance against bivariate attacks. The design requires an area of 7849 Gate Equivalents and 126 bits of randomness per S-box execution. The implementation is tested on an FPGA platform and its security claim is supported by practical leakage detection tests.


On the Impact of Known-Key Attacks on Hash Functions Bart Mennink and Bart Preneel,
21st Annual International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT), 2015.

[ More ]

Abstract: Hash functions are often constructed based on permutations or blockciphers, and security proofs are typically done in the ideal permutation or cipher model. However, once these random primitives are instantiated, vulnerabilities of these instantiations may nullify the security. At ASIACRYPT 2007, Knudsen and Rijmen introduced known-key security of blockciphers, which gave rise to many distinguishing attacks on existing blockcipher constructions. In this work, we analyze the impact of such attacks on primitive-based hash functions. We present and formalize the weak cipher model, which captures the case a blockcipher has a certain weakness but is perfectly random otherwise. A specific instance of this model, considering the existence of sets of B queries whose XOR equals 0 at bit-positions C, where C is an index set, covers a wide range of known-key attacks in literature. We apply this instance to the PGV compression functions, as well as to the Grøstl (based on two permutations) and Shrimpton-Stam (based on three permutations) compression functions, and show that these designs do not seriously succumb to any differential known-key attack known to date.


Forgery and Subkey Recovery on CAESAR candidate iFeed Willem Schroé, Bart Mennink, Elena Andreeva and Bart Preneel,
22nd International Conference on Selected Areas in Cryptography (SAC), 2015.

[ More ]

Abstract: iFeed is a blockcipher-based authenticated encryption design by Zhang, Wu, Sui, and Wang and a first round candidate to the CAESAR competition. iFeed is claimed to achieve confidentiality and authenticity in the nonce-respecting setting, and confidentiality in the nonce-reuse setting. Recently, Chakraborti et al. published forgeries on iFeed in the RUP and nonce-reuse settings. The latter attacks, however, do not invalidate the iFeed designers' security claims. In this work, we consider the security of iFeed in the nonce-respecting setting, and show that a valid forgery can be constructed after only one encryption query. Even more, the forgery leaks both subkeys EK(0128) and EK(PMN||1), where K is the secret key and PMN the nonce used for the authenticated encryption. Furthermore, we show how at the price of just one additional forgery one can learn EK(P*) for any freely chosen plaintext P*. These design weaknesses allow one to decrypt earlier iFeed encryptions under the respective nonces, breaking the forward secrecy of iFeed, and leading to a total security compromise of the iFeed design.


A Physical Approach for Stochastic Modeling of TERO-based TRNG, Patrick Haddad, Viktor Fischer, Florent Bernard and Jean Nicolai,
Workshop on Cryptographic Hardware and Embedded Systems (CHES), 2015.

[ More ]

Abstract: Security in random number generation for cryptography is closely related to the entropy rate at the generator output. This rate has to be evaluated using an appropriate stochastic model. The stochastic model proposed in this paper is dedicated to the transition effect ring oscillator (TERO) based true random number generator (TRNG) proposed by Varchola and Drutarovsky in 2010. The advantage and originality of this model is that it is derived from a physical model based on a detailed study and on the precise electrical description of the noisy physical phenomena that contribute to the generation of random numbers. We compare the proposed electrical description with data generated in a 28 nm CMOS ASIC implementation. Our experimental results are in very good agreement with those obtained with both the physical model of TERO’s noisy behavior and with the stochastic model of the TERO TRNG, which we also confirmed using the AIS 31 test suites.


Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches Daniel Gruss, Raphael Spreitzer and Stefan Mangard,
24th USENIX Security Symposium, 2015.

[ More ]

Abstract: Recent work on cache attacks has shown that CPU caches represent a powerful source of information leakage. However, existing attacks require manual identification of vulnerabilities, i.e., data accesses or instruction execution depending on secret information. In this paper, we present Cache Template Attacks. This generic attack technique allows us to profile and exploit cachebased information leakage of any program automatically, without prior knowledge of specific software versions or even specific system information. Cache Template Attacks can be executed online on a remote system without any prior offline computations or measurements. Cache Template Attacks consist of two phases. In the profiling phase, we determine dependencies between the processing of secret information, e.g., specific key inputs or private keys of cryptographic primitives, and specific cache accesses. In the exploitation phase, we derive the secret values based on observed cache accesses. We illustrate the power of the presented approach in several attacks, but also in a useful application for developers. Among the presented attacks is the application of Cache Template Attacks to infer keystrokes and—even more severe—the identification of specific keys on Linux and Windows user interfaces. More specifically, for lowercase only passwords, we can reduce the entropy per character from log2(26) = 4.7 to 1.4 bits on Linux systems. Furthermore, we perform an automated attack on the T-table-based AES implementation of OpenSSL that is asefficient as state-of-the-art manual cache attacks.


Practical Memory Deduplication Attacks in Sandboxed Javascript Daniel Gruss, David Bidner and Stefan Mangard,
20th European Symposium on Research in Computer Security (ESORICS), 2015.

[ More ]

Abstract: Page deduplication is a mechanism to reduce the memory footprint of a system. Identical physical pages are identified across borders of virtual machines and programs and merged by the operating system or the hypervisor. However, this enables side-channel information leakage through cache or memory access time. Therefore, it is considered harmful in public clouds today, but it is still considered safe to use in a private environment, i.e., private clouds, personal computers, and smartphones. We present the first memory-disclosure attack in sandboxed Javascript which exploits page deduplication. Unlike previous attacks, our attack does not require the victim to execute an adversary’s program, but simply to open a website which contains the adversary’s Javascript code. We are not only able to determine which applications are running, but also specific user activities, for instance, whether the user has specific websites currently opened. The attack works on servers, personal computers and smartphones, and across the borders of virtual machines.


 

The WP2 Kick-off Meeting occurred on 13th May 2015 in Lyon / France.

 

Results and Material


This section is dedicated to the output and results of research activities within the HECTOR project. The data can be downloaded and used under the conditions of Creative Commons CC BY-NC-ND 3.0. For any requests or questions, please contact the This email address is being protected from spambots. You need JavaScript enabled to view it..



Final Publishable Summary:


Summary of the context and overall objectives of the project

Security has become a critical requirement for most applications. Robust security typically requires strong hardware foundations. HECTOR’s objective was to bridge the gap between the mathematical heaven of theoretically secure cryptographic algorithms and the challenges when it comes to implementing them securely and efficiently into hardware. The project focused on how to improve the hardware efficiency and robustness of 3 elementary security building blocks, namely crypto algorithms, random numbers generators, and physically unclonable functions (PUFs), as well as opportunities to optimize their interactions.

For true random number generators (TRNGs), the requirement is to fulfil demanding security requirements such as specified by the AIS20/31 standard in order to guarantee the generation of enough entropy, and/or detect and report when this is no longer the case. Besides designing hardware-efficient TRNG cell(s), the main ambition was to propose a process allowing to meet the requirements while minimizing the necessary expertise, design-iterations, and efforts.

Compared to TRNGs, so far there is no AIS20/31-like framework for PUFs. The objective was therefore to research if such an approach could be proposed.

Cryptography relies on good random numbers for keys, protocols and side-channels protection. On one hand, the project was assuming the availability of good random numbers, and researching more hardware-efficient crypto approaches. Efficiency has been addressed both from the design-process point of view, researching how to minimize the path towards a validated, protected crypto implementation, as well as from a crypto building block and system efficiency point of view, with research on authenticated encryption and hardware-friendlier crypto algorithms. The project has also been investigating if there are efficiency gains to be made by relaxing TRNG quality requirements and through more random-tolerant crypto designs.

Work performed from the beginning of the project to the end of the period covered by the report and main results achieved so far

The project was structured around 6 work packages.

WP1 captured, studied and specified requirements for the work that needed to be performed within the technical work packages: 1) The demonstration scenarios have been refined. This allowed defining the hardware platforms to be developed for the demonstrators as well as the required building blocks from WP2 and WP3.
2) Opportunities, requirements and constraints from the consortium’s commercial partners have been studied in order to try to align developments with exploitation opportunities.
3) A common evaluation platform has been defined and distributed to partners, together with sample firmware and FPGA-designs. It consists in an FPGA-based motherboard with features to ease security characterization, and a set of low-cost daughter modules allowing to evaluate HECTOR primitives implemented in different FPGA families or ASICs.

WP2 focused on TRNG and PUFs. Several candidate principles have been proposed. A set of comparison and evaluation criteria have been defined. Preliminary implementations helped compare and rank the candidates. Selected TRNG and PUF principles together with dedicated embedded tests and post-processing have been designed for both FPGAs and ASICs. Several hick-ups and manufacturing delays (external factors) repeatedly pushed-out silicon availability and forced to limit physical evaluations to FPGA implementations. HECTOR ASIC test chips will still be used and characterized but after the official completion of the project.

WP3 focused on cryptographic algorithms and countermeasures. Since these rely heavily on random numbers (cryptographic keys, random IVs, masking), a first line of research has been to study the effect of non-ideal randomness on cryptography and on the effectiveness of countermeasures. Known-key and related-key attacks have been studied. Matlab scripts to generate standardized sets of degraded random numbers have been developed to test the effect of weak random numbers on commonly used side-channel countermeasures. The second line of research has been focusing on efficient cryptography and countermeasures. The consortium has been very active in the CAESAR authentication encryption competition. Five of the fifteen candidates of the third round of the competition were proposals from consortium members and 3 proposals remain among the 7 finalists. An important improvement in the usage of the sponge construction for Authenticated Encryption has been introduced, easing the interface between a TRNG/PUF, its crypto post-processing and the cryptographic algorithm itself. HECTOR also worked on design-process efficiency with bottom-up and top-down methodologies for design-time evaluation of side-channel protection.

WP4 focused on the development of demonstrators to illustrate how the technical developments from WP2 and WP3 can be combined for relevant applicative use cases. Three demonstrators have been developed: A dedicated, high-throughput random numbers generators, a secure USB storage, as well as a secure messaging system.

WP5 focused on dissemination, communication, exploitation, standardization and training. The project generated 59 articles and publications, participated to 48 conferences and workshops, as well as 12 other dissemination activities (web site, newsletters, etc.). HECTOR also participated to key cryptography and TRNG related standardization efforts and events, most notably the CAESAR authenticated encryption competition and the NIST TRNG workshop.

WP6 has been the project management work package providing the necessary processes and tools and to ensure proper execution.

Progress beyond the state of the art and expected potential impact (including the socio-economic impact and the wider societal implications of the project so far)

HECTOR enabled stronger European knowledge integration through collaboration among key security actors. In particular:

  • We proposed TRNGs designs with provable entropy guarantees and robustness to physical attacks, paving the way for more robust products and lower cost security certification. We discussed about the AIS20/31 with the BSI and participated to the second NIST RBG workshop, providing feedback on the draft and influencing the content of the final NIST SP800-90B TRNG specification.
  • By researching and proposing an approach similar to AIS31 for PUFs we hope to have shown the way forward for tackling the challenges related to PUF-security specification and assessment.
  • Through our contributions on sponges, Authenticated-Encryption schemes and to the CAESAR competition we hope to have contributed to what could become tomorrow’s hardware-friendlier, easier-to-secure (side-channels) and more-hardware-efficient cryptography standards.

Adoptions (over time) of HECTOR technologies into partner products should provide a first way to propagate the benefits to a wide range of applications and actors of the partner’s respective value chains. For example HECTOR’s pre-evaluated, AIS31-compliant TRNGs are already being adopted by two commercial members of the consortium, for the benefit and improved protection of their respective customers and end-users.

Dissemination of HECTOR results through teaching, publications and other dissemination events and through inputs to standardization will broaden the propagation of those benefits beyond the project’s commercial partners’ respective value chains.



DOWNLOAD: TRNG and PUF examples

HECTOR project consortium uses a HECTOR evaluation platform for evaluation of TRNG and PUF functions. There are several versions of software for the platform. Following archive contains two template projects for evaluation of TRNG and PUF (firmware for motherboard, daughter board, and TCL scripts). [ZIP] 27 MB


VIDEO: TRNG video of KU Leuven


VIDEO: Demonstrator 3: secure messaging device

VIDEO: Demonstrator 2: secure portable USB storage

VIDEO: Demonstrator 1: High Performance Secure TRNG

DOWNLOAD: Advanced Encryption Standard: AES-128

According to the requirements in AIS 20/31 PTG.2 it is not allowed to use the same cryptographic primitive for RNG post-processing and data encryption/decryption. Therefore, the HECTOR consortium will not reuse Ascon/Ketje in demonstrator D2: Secure USB Stick and D3: Secure Messaging Device for the post processing of the RNG output. Therefore, the AES-128 has been implemented. It is now available for download. [ZIP] 200 KB

DOWNLOAD: Authenticated Encryption Algorithms: KETJE

Ketje is a family of algorithms for authenticated encryption, which share the same permutation-based structure. All instantiations of Ketje are aimed at memory-constrained devices and strongly rely on nonce uniqueness for security. Ketje was designed and submitted by Guido Bertoni, Joan Daemen, Michael Peeters, Gilles Van Assche, Ronny Van Keer and is now available for download. [ZIP] 14 MB

DOWNLOAD: Authenticated Encryption Algorithms: ASCON

Ascon is a family of authenticated encryption algorithms, currently participating in round 3 of the CAESAR competition. The Ascon family was designed to be lightweight and easy to implement, even with added countermeasures against side-channel attacks. Ascon was designed by a team of cryptographers from Graz University of Technology (Christoph Dobraunig, Maria Eichlseder, Florian Mendel and Martin Schläffer) and is now available for download. [ZIP] 19 MB

DOWNLOAD: Workshop on the HECTOR Evaluation Platform

From 23 to 24 May, 2016 there was a project internal workshop held in Leuven, Belgium related to the HECTOR evaluation platform. Objectivies of this tutorial was to share knowlegde about the evaluation platform and to simplify the developments by providing reference designs of the mother- and daughterboards. Helpful user guides and supporting material are now available for download via [ZIP] 81 MB

 



SAFEcrypto  

SAFECRYPTO – Secure Architectures of Future Emerging Cryptography


SAFEcrypto will provide a new generation of practical, robust and physically secure post-quantum cryptographic solutions that ensure long-term security for future ICT systems, services and applications. Novel public-key cryptographic schemes (digital signatures, authentication, identity-based encryption (IBE), attribute-based encryption (ABE)) will be developed using lattice problems as the source of computational hardness.

SAFECRYPTO Homepage: www.safecrypto.eu


HEAT  

HEAT – Homomorphic Encryption Applications and Technology


The HEAT project will develop advanced cryptographic technologies to process sensitive information in ecrypted form, without needing to compromise on the privacy and security of the citizens and organizations that provide the input data. The core technology is based on homomorphic cryptography, which allows to perform computations on encrypted information without decrypting it. The main goal of HEAT is to produce a step change in the efficiency and applicability of this technology.

HEAT Homepage: www.heat-project.eu



ecrypt  

ECRYPT-CSA – European Coordination and Support Action in Cryptology


ECRYPT-CSA is a Coordination & Support Action sponsored by the European Union's H2020 programme. The project consists of four academic and one industrial partner. The goal of this CSA is to strengthen European excellence in the area of cryptology and to build on the Network of Excellence ECRYPT and ECRYPT II to achieve a durable integration and structuring of the European cryptography community, involving academia, industry, law enforcement and defence agencies. The project has the following concrete objectives:

  • Provide technology watch, joint research agendas and foresight studies for 15 specific cryptographic technologies and topics;
  • Identify technology gaps, market and implementation opportunities for five key application domains;
  • Provide technical expertise to the cybersecurity and privacy communities through white papers, standardisation overviews and a study on the evaluation of implementations;
  • Contribute on the evaluation and verification of cryptographic protocols and algorithms;
  • Contribute to the ongoing open cryptographic competitions (CAESAR for authenticated encryption and password hashing) with security and implementation benchmarking, study methodologies for benchmarking and plan future open competitions;
  • Contribute to the development of European standards, including for the public sector;
  • Solve training needs and skill shortage of academia and industry by making an inventory of existing training programs and organizing each year an intensive course in an area of strategic importance; in addition a training will be organized on the societal elements of cryptography and on cryptography and innovation;
  • Dissemination and outreach to broad range of communities and strengthening the link with institutional stakeholders such as the European Commission.


ECRYPT-CSA Homepage: www.ecrypt.eu.org/csa/



Hint  

HINT – Holistic Approaches for Integrity of ICT-Systems


The mission of the HINT project ist o develop a solution to implement a common framework for a system’s integrity checking based on Trusted Computing technologies. HINT further aims to demonstrate the capabilities of the devloped technologies on real-life applications and prepare the adoption oft he proposed technologies by future Common Criteria evaluation schemes.

HINT Homepage: www.hint-project.eu



Matthoew  

MATTHEW – Multi-entitiy-security using active Transmission Technology for improved Handling of Exportable security credentials without privacy restrictions


The mission of the MATTHEW project is to enable new applications and services on mobile devices. It will overcome the limitation of current passive NFC transmission technologies by active modulation and offer new ways of exchanging roles from one secure entity like a nanoSIM or a microSDTM card to another with novel security and privacy approaches.

Matthew Homepage: www.matthew-project.eu



 
 
tensunitdepot.com