ISI Logo

SPACE 2019
December 3 - 7
Gandhinagar, India
9th International Conference on Security, Privacy and Applied Cryptographic Engineering

SPACE 2019

Dr. Francesco Regazzoni

Talk Title

Towards Automatic Application of Side Channel Countermeasures

Abstract

Security is one of the most important extra functional requirements that a system should provide. The importance of security will certainly grow in the near future, when IoT devices will pervade every aspect of our lives, including sensitive ones, and when cyber-physical systems will be massively deployed in our critical infrastructure.

Securing all these devices is however a complex tasks that goes beyond the simple inclusion of cryptographic primitives. These devices often have a limited amount of resources available for implementing security. Additionally, they are often deployed in an environment accessible to the attacker, making thus necessary the use of protections against physical attacks. Furthermore, CPSs and IoT devices often needs to fulfill other design requirements, such as reliability, real-time, low power, and low energy, that could be in contrast with security requirements.

So far, the problems involved in designing secure CPSs and IoT devices have been analyzed and addressed independently, by expert designers that were also in charge of the integration of the whole system. This approach however is not optimal, since it does not scale with the complexity of the systems and it does not allow, at least in a simple way, to capture potential security weaknesses introduced by the integration of countermeasures against different attacks.

Security can be achieved only with an holistic design methodology, addressing the problem at each level of the design flow with the necessary inclusion of a verification step. In turn, such a design approach can be effectively put in practice only if supported by adequate toolchains, capable of automatically apply countermeasures against known attacks and capable of automatically verify their correct application.

This tutorial concentrates on this problem from a side channel attacks perspective. Starting from the first works implementing hardware design flow for security [1], the initial steps towards automatically driving design tools using security variables [2] and the proposal of evaluation methodologies based on state of the art design tools [3], we will revise and summarize the research efforts toward the goal of automatic design of IoTs and CPSs secure against physical attacks and we will highlight future research direction in this important field of research.

Acknowledgment

This tutorial was partially supported by European Union’s Horizon 2020 research and innovation program under grant agreement No 732105 (CERBERO).

References

  1. Kris Tiri and Ingrid Verbauwhede. A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation. pages 246–51, Paris, February 2004.
  2. Francesco Regazzoni, Alessandro Cevrero, François-Xavier Standaert, Stephane Badel, Theo Kluter, Philip Brisk, Yusuf Leblebici, and Paolo Ienne. A design flow and evaluation framework for DPA-resistant instruction set extensions. volume 5747, pages 205–19. Springer, September 2009.
  3. Danilo Sijacic, Josep Balasch, Bohan Yang, Santosh Ghosh, and Ingrid Verbauwhede. Towards efficient and automated side channel evaluations at design time. Kalpa Publications in Computing, pages 16–31, 2018.

Short Bio

Francesco Regazzoni is a senior researcher at the Faculty of Informatics of Università della Svizzera italiana. He received the MSc degree in Computer Engineering from Politecnico di Milano and the PhD in Computer Science from Università della Svizzera italiana. Francesco has been an assistant researcher at the Crypto Group of the Université Catholique de Louvain and at Delft University of Technology, and visiting researcher at NEC Labs America, EPFL, and NTU Singapore. His research interests focuses in particular on embedded and cyber-physical systems security, physical-attacks, post-quantum cryptography, EDA for security, and hardware trojans.


Contact webmaster Arghya Bhattacharjee at bhattacharjeearghya29@gmail.com
Based on the ASK 2015 website, original template designed by KU Leuven - COSIC