Skip to main content

Securing Software against Physical Attacks

Objectif

More than 15 years ago, several seminal publications showed that cryptographic keys can be revealed by analysing the power consumption or by inducing faults to devices like smart cards. The publication of these so-called physical attacks sparked off research on all kinds of attack techniques and countermeasures to secure implementations of cryptographic schemes.

However, a system can still be attacked easily if only the execution of cryptographic schemes is secured. An attacker can for example induce a fault to bypass an authentication or to jump to a privileged function directly. The system might also leak the key before the execution of a cryptographic scheme starts.

Today, there is almost no research on securing systems and software execution against physical attacks. Products like smart cards rely on proprietary best-practice countermeasures. Also countless devices of the Internet of Things are exposed to physical attacks and lack protection.

Our goal is to close this fundamental gap in system security and to establish the scientific foundation for executing software securely and efficiently in the presence of physical attacks. We aim to address research questions that range from the modelling of the attacks at the hardware level up to system-level questions like how changing properties of programming languages can support achieving protection against physical attacks.

This project brings together research on physical attacks, cryptography, system architectures, fault tolerant design as well as formal methods. Combining the fields, we pursue novel approaches to securing the control flow, CPU computations and memories. We in particular aim to find efficient methods in hardware and software that allow building systems where critical parts of the overall software can be secured against physical attacks without affecting or trusting the rest of the system. Our research also includes automated generation and verification techniques for the secured software.

Appel à propositions

ERC-2015-CoG
Voir d’autres projets de cet appel

Régime de financement

ERC-COG - Consolidator Grant

Institution d’accueil

TECHNISCHE UNIVERSITAET GRAZ
Adresse
Rechbauerstrasse 12
8010 Graz
Autriche
Type d’activité
Higher or Secondary Education Establishments
Contribution de l’UE
€ 1 964 750

Bénéficiaires (1)

TECHNISCHE UNIVERSITAET GRAZ
Autriche
Contribution de l’UE
€ 1 964 750
Adresse
Rechbauerstrasse 12
8010 Graz
Type d’activité
Higher or Secondary Education Establishments