SILENT: Side channels---theory and implications for society

Lead Research Organisation: University of Bristol
Department Name: Computer Science

Abstract

Cryptology has developed out of mathematics and theoretical computer science and is often discussed in purely theoretical and abstract terms. However cryptographic algorithms are a vital part of all modern communication systems. Clearly, this demands additional practical considerations. This realisation has come slowly but steadily over the last decade and lead to a whole new field in cryptography called side channel analysis. Side channels silently leak information about confidential data (e.g. cryptographic keys, user data, etc.) and are hence a serious threat to the trustworthiness of information systems. This fellowship intends to establish a centre of excellence, in which we aim to scrutinize the theory of side channels, the methods used to analyse and exploit them, and the impact of such information leakage on systems used by the wider public.

Planned Impact

An emerging trend in research into side channel analysis is that of finding formal description for side channel attacks. As argued in the case of support, some of the less well investigated side channels will become increasingly important because they directly impact on all people who use the Internet. Clearly, side channel expertise is becoming a 'must have' for industries, and side channel awareness is important also for end user. The novel centre of excellence (as envisaged in this fellowship) will greatly contribute to building up this expertise here in the UK. Hence it will contribute to strengthening the position of the UK in the global field of cryptographic engineering. Companies developing or evaluating cryptographic devices will benefit from having a better understanding of the fundamental properties of side channel attacks. Further they will benefit from being able to recruit from a larger pool of side channel aware engineers. The support offered by my collaborators (Dr. Danezis from Microsoft, Dr. Mangard from Infineon, and RFI Global) is evidence for the keen interest of some of the major industry players in this area. The wider public who uses cryptographic devices (e.g. bank cards, mobile phones, etc.) and the Internet on a daily basis will too benefit from a greater awareness of information leakage: awareness of a potential danger is a basic prerequisite for protecting oneself. The main tool to ensure that the research outcomes of this fellowship impact on beneficiaries is the establishing of a centre of excellence in side channel research as outlined by aim 1 in the case of support. This centre of excellence capitalises on my ability as a mathematician and cryptographic engineer to work at the interface between these two disciplines. This, coupled with strong interpersonal skills, enable me to cooperate with and coordinate work between researchers from a wide range of backgrounds, as demonstrated in my leadership roles within ECRYPT2, but also via the invitations to deliver consultancy on side channel analysis for the Scientific and Technological Research Council of Turkey (T_BITAK), and for the defence industries and ministries of European countries. This work consisted of designing and delivering tailored training in the application of and defence against power analysis attacks.
 
Description We developed a successful prototype for a highly parallel infrastructure to conduct advanced types of side channel research (i.e. more elaborate experiments than what we could previously do). We made some progress towards practical leakage resilient cryptography and key implementation considerations for its practical deployment.
Exploitation Route We are working towards releasing tools and methods for advanced side channel research, which could be integrated into existing tool chains to evaluate side channel resistance.
Sectors Digital/Communication/Information Technologies (including Software),Electronics,Government, Democracy and Justice

 
Description Industrial players use findings to speed up evaluations as well as avoid implementation pitfalls. Governmental institutions benefit from our ability to transfer research to teaching and hence increase the capabilities of the future generation of cyber security experts.
First Year Of Impact 2011
Sector Digital/Communication/Information Technologies (including Software),Electronics,Government, Democracy and Justice
Impact Types Economic

 
Description ACE-CSR Studentships 2012 round
Amount £68,648 (GBP)
Organisation Government Communications Headquarters (GCHQ) 
Sector Public
Country United Kingdom
Start 10/2013 
End 03/2017
 
Description ACE-CSR Studentships 2014 round
Amount £69,524 (GBP)
Funding ID 14440011 
Organisation Government Communications Headquarters (GCHQ) 
Sector Public
Country United Kingdom
Start  
 
Description DPA Workstation funding scheme
Amount $270,000 (USD)
Organisation Cryptography Research 
Sector Private
Country United States
Start 07/2014 
End 08/2014
 
Description GCHQ Equipment fund
Amount £67,697 (GBP)
Organisation Government Communications Headquarters (GCHQ) 
Sector Public
Country United Kingdom
Start 02/2014 
End 03/2014
 
Description Invited presentation at IGGY Conference 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Schools
Results and Impact 10 pupils (who were identified as gifted) attended my slot on crypto research, which initiated a good discussion and lots of questions.

Not aware of any impact?
Year(s) Of Engagement Activity 2013
URL https://www.iggy.net/globalandgifted/programme
 
Description SILENT website 
Form Of Engagement Activity A magazine, newsletter or online publication
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact We publicised the website at CHES 2014 during the rump session which sparked increased interest in our research activities.

None as of yet.
Year(s) Of Engagement Activity 2014
URL http://silent.cs.bris.ac.uk/