Skip to main content

Securing Software against Physical Attacks

Cel

More than 15 years ago, several seminal publications showed that cryptographic keys can be revealed by analysing the power consumption or by inducing faults to devices like smart cards. The publication of these so-called physical attacks sparked off research on all kinds of attack techniques and countermeasures to secure implementations of cryptographic schemes.

However, a system can still be attacked easily if only the execution of cryptographic schemes is secured. An attacker can for example induce a fault to bypass an authentication or to jump to a privileged function directly. The system might also leak the key before the execution of a cryptographic scheme starts.

Today, there is almost no research on securing systems and software execution against physical attacks. Products like smart cards rely on proprietary best-practice countermeasures. Also countless devices of the Internet of Things are exposed to physical attacks and lack protection.

Our goal is to close this fundamental gap in system security and to establish the scientific foundation for executing software securely and efficiently in the presence of physical attacks. We aim to address research questions that range from the modelling of the attacks at the hardware level up to system-level questions like how changing properties of programming languages can support achieving protection against physical attacks.

This project brings together research on physical attacks, cryptography, system architectures, fault tolerant design as well as formal methods. Combining the fields, we pursue novel approaches to securing the control flow, CPU computations and memories. We in particular aim to find efficient methods in hardware and software that allow building systems where critical parts of the overall software can be secured against physical attacks without affecting or trusting the rest of the system. Our research also includes automated generation and verification techniques for the secured software.

Zaproszenie do składania wniosków

ERC-2015-CoG
Zobacz inne projekty w ramach tego zaproszenia

System finansowania

ERC-COG - Consolidator Grant

Instytucja przyjmująca

TECHNISCHE UNIVERSITAET GRAZ
Adres
Rechbauerstrasse 12
8010 Graz
Austria
Rodzaj działalności
Higher or Secondary Education Establishments
Wkład UE
€ 1 964 750

Beneficjenci (1)

TECHNISCHE UNIVERSITAET GRAZ
Austria
Wkład UE
€ 1 964 750
Adres
Rechbauerstrasse 12
8010 Graz
Rodzaj działalności
Higher or Secondary Education Establishments