Description du projet
Analyse de canal auxiliaire sur l’informatique in-memory pour la rétro-ingénierie
L’analyse de canal auxiliaire (SCA) est une technique cryptoanalytique qui vise l’implémentation d’une primitive cryptographique. Les exemples de canaux concernent notamment la consommation d’énergie, les rayonnements électromagnétiques, les émanations acoustiques et différentes temporisations. Le projet SCARE, financé par l’UE, s’efforcera de développer une nouvelle génération de SCA qui s’étendra aux véritables attaques de bout en bout. Il identifiera les vulnérabilités spécifiques des bibliothèques logicielles de cryptographie largement déployées, telles qu’OpenSSL, et des technologies de sécurité assistées par le matériel, telles que les environnements d’exécution fiables. En fournissant une nouvelle méthodologie pour l’assurance de la sécurité de la SCA, il introduira une approche non invasive de la rétro-ingénierie qui exploite la SCA pour extraire l’IP mise en œuvre dans l’informatique in-memory émergente.
Objectif
"As the recent ""HeartBleed"" bug in OpenSSL demonstrates, the security of cryptographic software and devices cannot be understated. They build the foundation for basic security guarantees such as confidentiality and authentication, enabling technologies such as secure communication. For example, Transport Layer Security enables e-commerce, a 1.9 trillion USD global industry in 2016.
The more modern trend, especially in the embedded space, is towards hardware-assisted security. Here the aim is to leverage hardware to accomplish security goals that are simply unrealistic in software-only solutions. One example is Trusted Execution Environments (TEE) that provide a secure sandbox to execute security-critical software. TEEs, often driven by ARM TrustZone Technology, are present in the majority of smartphones on the market today.
Side-channel analysis (SCA) is a cryptanalytic technique that targets not the formal description of a cryptographic primitive but the implementation of it. Examples of side-channels include power consumption, electro-magnetic radiation, acoustic emanations, and various timings. Attackers then use this auxiliary signal to recover critical algorithm state and, in combination with cryptanalytic techniques, secret key material. This is a young but very active field within security and cryptography stemming from covert channels.
SCA is the focus of SCARE. Objectives include the discovery of next generation covert channels, paving the way for novel SCA classes, and extending these to full-fledged end-to-end SCA attacks by identifying specific vulnerabilities in widely-deployed cryptography software libraries such as OpenSSL and hardware-assisted security technologies such as TEEs. In turn, SCARE will deliver a methodology for SCA security assurance: not just development, evaluation, and deployment of acute countermeasures, but bringing SCA into the product life cycle as part of continuous integration."
Champ scientifique
- natural sciencescomputer and information sciencessoftware
- natural sciencescomputer and information sciencesinternettransport layer
- natural sciencescomputer and information sciencescomputer securitycryptography
- social scienceseconomics and businessbusiness and managementcommercee-commerce
- engineering and technologyelectrical engineering, electronic engineering, information engineeringinformation engineeringtelecommunicationsmobile phones
Mots‑clés
Programme(s)
Thème(s)
Régime de financement
ERC-STG - Starting GrantInstitution d’accueil
33100 Tampere
Finlande