Graduate School and Research Center In communication systems

Security of Security hardware

[HWSec]
T Technical Teaching


Abstract

  • Embedded applications with strong security requirements use sophisticated cryptographic algorithms and protocols. These algorithms and protocols are usually considered resistant against cryptanalysis. Inside the complete system they are implemented either in software or hardware form. Unfortunately, at least for the designers of such systems, any computation is eventually performed by a piece of hardware (microprocessor or hardware dedicated accelerator) and every hardware device leaks symptoms of its activity (power consumption, electromagnetic emanations, computation time, etc.) An attacker can use such side channels to retrieve embedded secrets. She can also inject and exploit faults by modifying the power supply, the clock frequency, using a laser or even by modifying the structure of the device. Other attack classes target communication busses on electronic board and have already been successfully used against game consoles and other consumer equipments.
  • This course offers a survey of several known hardware attacks. For each of them the conditions of success are explained and some counter measures are proposed.
  • The main goal is to initiate the students into such threats, give them hints about the possible counter measures and prepare them to design more secure systems.
  • Lectures are complemented by two lab sessions dedicated to timing and power consumption attacks. During the labs the students will experiment the impressive efficiency of these attacks and will try to protect the security target with counter measures.

Bibliography

  • Cryptography : theory and practice, Stinson, Douglas R, CRC Press - 11/2005 - 616 p.
  • Handbook of applied cryptography, Menezes, Alfred J ; Van Oorschot, Paul C ; Vanstone, Scott A CRC Press - 1997 - 780 p.
  • Power analysis attacks : Revealing the secrets of smart cards, Mangard, Stefan ; Oswald, Elisabeth ; Popp, Thomas Springer-Verlag - 04/2007 - 338 p.

Description

  • Timing attack
  • Simple power attack
  • Differential power attack
  • Electromagnetic attacks
  • Fault injection
  • Destructive attacks
  • Active and passive bus probing
Nb hours: 21.00