Talks
Lejla Batina: Side-channel attacks in the wild: recent advances and countermeasures
Abstract:
Physical attacks are a continuous and present threat for embedded devices. In this talk I will survey relevant issues with side-channel and fault attacks on embedded crypto implementation and adequate countermeasures. I will also present some recent attacks on real-world implementations and in particular some attacks on ECC.
Bio:
Lejla Batina is a full professor at the Institute of Computer and Information
Sciences at the Radboud University in Nijmegen, the Netherlands. Her research
focuses on applied cryptography and hardware security. She received her Ph.D.
from Katholieke Universiteit Leuven, Belgium in 2005 where she worked as a
postdoc until 2009. Before that she has studied at the Eindhoven University of
Technology and worked in industry as a cryptographer.She has published more
than 100 refereed papers, served at 70+ program committees and gave more than
40 invited talks at conferences and summer schools. She has chaired CHES 2012
(as general co-chair) she was a program co-chair of CHES 2014. For more
information see: http://www.cs.ru.nl/~lejla/.
Craig Costello: Classical cryptanalysis of supersingular isogenies
Abstract:
SIDH is a popular post-quantum key exchange protocol whose security relies on
the problem of finding the unique shortest path between two nodes in the
supersingular isogeny graph. This talk will give a detailed overview of the
best known classical algorithm(s) for solving this problem, and will pay
particular attention to the subtleties that arise when trying to implement it
at a large scale. The good news is the algorithm is a generic collision finding
algorithm, meaning that no background on elliptic curves is needed to
understand the talk. This is joint work with Patrick Longa, Michael Naehrig,
Joost Renes, and Fernando Virdia.
Bio:
Craig Costello is a researcher in the Security and Cryptography Group at
Microsoft Research in Redmond, USA. He is primarily interested in cryptographic
applications of computational number theory; most recently he has focused on
post-quantum key exchange using isogenies.
Nadia Heninger: How to recover cryptographic keys from partial information
Tanja Lange: Code-Based Crypto
Abstract:
This tutorial will start with the basics of coding theory and
code-based cryptography and build up to explaining some of the
submissions to NIST's post-quantum project. This will include detailed
explanations of Goppa codes, generic attacks against code-based
cryptography and some more specialized attacks against concrete
systems.
Preknowledge: basic linear algebra and computations modulo 2
Nele Mentens: Configurable computing for cryptographic implementations
Abstract:
The security strength and the implementation security of cryptographic
algorithms are continuously analyzed and improved. Therefore, cryptographic
agility is desirable, i.e. the ability of cryptographic algorithms and
implementations to cope with changing attack scenarios and security
requirements. In this talk, cryptographic agility is addressed from the
implementation perspective, namely through configurable computing. The talk
will cover both commercial off-the-shelf and application-specific configurable
computing platforms. The differences in design approach and efficiency will be
discussed.
Bio:
Nele Mentens received her master and Ph.D. degree from KU Leuven in 2003 and
2007, respectively. Her Ph.D. focused on secure and efficient coprocessor
design for cryptographic applications on FPGAs. Currently, Nele is an associate
professor at KU Leuven in the COSIC group at the Electrical Engineering
Department (ESAT). Her research interests are in the domains of reconfigurable
platforms for security purposes, design automation for cryptographic hardware
and security in constrained environments. Nele was a visiting researcher for 3
months at the Ruhr University Bochum in 2013 and at EPFL in 2017. She was/is
the PI in around 15 finished and ongoing research projects with national and
international funding. She served as a reviewer for many international
conferences and journals and was/is part of the program committee of around 50
international conferences. Nele is (co-)author in approximately 100
publications in international journals, conferences and books.
Debdeep Mukhopadhyay: Micro-architectural Attacks: Where Architecture meets Cryptography
Abstract:
Cryptography plays a vital role in securing e-business and e-commerce
transactions. However, in spite of their mathematical robustness when these
algorithms are implemented they may leak sensitive information via unintended
side channels. The focus of this workshop is to delve into these side channels
which exist when these ciphers are executed on computers which are built
utilizing modern day computer architectures. It has been actively researched
that with the advancement of such architectures, which has primarily been
driven by performance, efficient attacks are possible leading to devastating
attacks. The workshop focusses on cache attacks and its influence on timing
side channels. Cache memories are a fast form of memory implemented widely in
modern day processors to bridge the memory wall between the CPU and the main
memory. We address the timing channels leakages possible on cryptographic
implementations due to the presence of cache memories. We also address the
effect of the presence in several contemporary architectural artefacts, which
includes out of order execution, hardware prefetchers, etc. Finally, we
conclude the talk with a discussion on an ideal quest for cipher
implementations and show that if studied well the influence of
micro-architecture on leakage can be capitalized to develop robust
implementations.
Bio:Bio: Debdeep Mukhopadhyay} is currently a full Professor at the
Department of Computer Science and Engineering, IIT-Kharagpur, India.
At IIT Kharagpur he initiated the Secured Embedded Architecture Laboratory
(SEAL), with a focus on Embedded Security and Side Channel Attacks
(http://cse.iitkgp.ac.in/resgrp/seal/)
. Prior to this he worked as Associate Professor at IIT Kharagpur, visiting
scientist at NTU Singapore, a visiting Associate Professor of NYU-Shanghai,
Assistant Professor at IIT-Madras, and as Visiting Researcher at NYU
Tandon-School-of-Engineering, USA. He holds a PhD, an MS, and a B. Tech from
IIT Kharagpur, India. Dr. Mukhopadhyay's research interests are Cryptography,
Hardware Security, and VLSI. His books include Fault Tolerant Architectures for
Cryptography and Hardware Security (Springer), Cryptography and Network
Security (Mc Graw Hills), Hardware Security: Design, Threats, and Safeguards
(CRC Press), and Timing Channels in Cryptography (Springer). He has written
more than 150 papers in peer-reviewed conferences and journals and has
collaborated with several Indian and Foreign Organizations. He has been in the
program committee of several top International conferences and is an Associate
Editor of the International Association of Cryptologic Research (IACR)
Transactions of CHES, Journal of Hardware and Systems Security, Journal of
Cryptographic Engineering, Springer. He has given several invited talks in
industry and academia, including tutorial talks at premier conferences like
CHES, WIFS, VLSID. Dr. Mukhopadhyay is the recipient of the prestigious
Swarnajayanti DST Fellowship 2015-16, Young Scientist award from the Indian
National Science Academy, the Young Engineer award from the Indian National
Academy of Engineers, and is a Young Associate of the Indian Academy of
Science. He was also awarded the Outstanding Young Faculty fellowship in 2011
from IIT Kharagpur, and the Techno-Inventor Best PhD award by the Indian
Semiconductor Association. He has recently incubated a start-up on Hardware
Security, ESP Pvt Ltd at IIT Kharagpur
(http://esp-research.com/).
Stjepan Picek: Machine Learning for Side-channel Analysis
Abstract:
Recent years showed that machine learning techniques can be a powerful paradigm
for side-channel attacks (SCA), especially profiling SCA. Still, despite all
the success, we are limited in our understanding when and how to select
appropriate machine learning techniques. Additionally, the results we can
obtain are empirical and valid for specific cases where generalization is often
difficult. We start this talk with a short introduction to side-channel
analysis and profiling attacks. Next, we discuss several well-known ML
techniques, the results obtained, and their limitations. We cover not only the
classification part of the attack but also topics like feature selection,
pre-processing of data, and hyper-parameter tuning. Finally, the last part of
the talk concentrates on deep learning techniques and potential benefits such
techniques can bring to SCA.
Bio:
Stjepan Picek is an assistant professor at the Cyber Security group of the
Faculty of Electrical Engineering, Mathematics and Computer Science, TU Delft,
The Netherlands. In July 2015, he completed his PhD at Radboud University
Nijmegen, The Netherlands, and Faculty of Electrical Engineering and Computing,
Zagreb, Croatia. Following that, he first worked as a postdoctoral researcher
at KU Leuven, Belgium and after that, at CSAIL/MIT, USA. Stjepan also worked
for a number of years in the industry. His research interests are at the
intersection of cryptography, cybersecurity, evolutionary computation, and
machine learning. He currently serves as a president of IEEE CIS Croatia
chapter and program committee member and reviewer for a number of conferences
and journals.
Francesco Regazzoni: Towards the Automatic Applications of Physical Attacks Countermeasures
Abstract:
Physical attacks exploit the physical weaknesses of cryptographic
devices to reveal the secret information stored on them. Countermeasures
against these attacks are often considered only in the later stages of
the full design flow, and applied manually by designers with strong
security expertise. This approach, however, negatively affects the
robustness, the cost, and the production time of secure devices.
A more effective way to implement secure cryptographic algorithms would
enable the automatic application of side channel countermeasures and
would support the verification of their correct application. This talk
will revise and summarize the research efforts in this important
research direction, from the first works implementing hardware design
flow for security to the initial steps of automatically driving design
tools using security variables, and it will highlight future research
direction in design automation for security.
Bio:
Dr. Francesco Regazzoni is a senior researcher at the ALaRI Institute of
University of Lugano. He received his Master of Science degree from
Politecnico di Milano and his PhD degree from University of Lugano. He
has been assistant researcher at the Université Catholique de Louvain
and at Technical University of Delft, and visiting researcher at several
institutions, including NEC Labs America, Ruhr University of Bochum, and
EPFL Lausanne. His research interests are mainly focused on secure IoT
devices and embedded systems, covering in particular design automation
for security, physical attacks and countermeasures, post-quantum
cryptography, and efficient implementation of cryptographic primitives.
Peter Schwabe: Optimizing cryptography on embedded microcontrollers
Abstract:
In my talk I will give a brief general introduction to
software development on embedded microcontrollers and then
explain specific issues and techniques relating to
implemeting cryptgraphic algorithms in a secure and efficient
way.
Bio:
Peter Schwabe is associate professor at Radboud University
Nijmegen, The Netherlands. He is working on secure and
efficient cryptographic software, targeting a broad range of
architectures ranging from small 8-bit microcontrollers to
high-end desktop and server CPUs and GPUs. His most recent
work is mainly focused on post-quantum cryptography. He is
co-submitter of 7 proposals to the NIST post-quantum
submission, which include lattice-based, code-based,
multivariate-based and hash-based constructions.