SILENT: Side channels---theory and implications for society
Lead Research Organisation:
University of Bristol
Department Name: Computer Science
Abstract
Cryptology has developed out of mathematics and theoretical computer science and is often discussed in purely theoretical and abstract terms. However cryptographic algorithms are a vital part of all modern communication systems. Clearly, this demands additional practical considerations. This realisation has come slowly but steadily over the last decade and lead to a whole new field in cryptography called side channel analysis. Side channels silently leak information about confidential data (e.g. cryptographic keys, user data, etc.) and are hence a serious threat to the trustworthiness of information systems. This fellowship intends to establish a centre of excellence, in which we aim to scrutinize the theory of side channels, the methods used to analyse and exploit them, and the impact of such information leakage on systems used by the wider public.
Planned Impact
An emerging trend in research into side channel analysis is that of finding formal description for side channel attacks. As argued in the case of support, some of the less well investigated side channels will become increasingly important because they directly impact on all people who use the Internet. Clearly, side channel expertise is becoming a 'must have' for industries, and side channel awareness is important also for end user. The novel centre of excellence (as envisaged in this fellowship) will greatly contribute to building up this expertise here in the UK. Hence it will contribute to strengthening the position of the UK in the global field of cryptographic engineering. Companies developing or evaluating cryptographic devices will benefit from having a better understanding of the fundamental properties of side channel attacks. Further they will benefit from being able to recruit from a larger pool of side channel aware engineers. The support offered by my collaborators (Dr. Danezis from Microsoft, Dr. Mangard from Infineon, and RFI Global) is evidence for the keen interest of some of the major industry players in this area. The wider public who uses cryptographic devices (e.g. bank cards, mobile phones, etc.) and the Internet on a daily basis will too benefit from a greater awareness of information leakage: awareness of a potential danger is a basic prerequisite for protecting oneself. The main tool to ensure that the research outcomes of this fellowship impact on beneficiaries is the establishing of a centre of excellence in side channel research as outlined by aim 1 in the case of support. This centre of excellence capitalises on my ability as a mathematician and cryptographic engineer to work at the interface between these two disciplines. This, coupled with strong interpersonal skills, enable me to cooperate with and coordinate work between researchers from a wide range of backgrounds, as demonstrated in my leadership roles within ECRYPT2, but also via the invitations to deliver consultancy on side channel analysis for the Scientific and Technological Research Council of Turkey (T_BITAK), and for the defence industries and ministries of European countries. This work consisted of designing and delivering tailored training in the application of and defence against power analysis attacks.
People |
ORCID iD |
Maria Oswald (Principal Investigator) |
Publications
Ali S
(2012)
Differential fault analysis of AES: towards reaching its limits
in Journal of Cryptographic Engineering
Avanzi R
(2011)
Side-channel attacks on the McEliece and Niederreiter public-key cryptosystems
in Journal of Cryptographic Engineering
Avanzi R
(2012)
Erratum to: Side-channel attacks on the McEliece and Niederreiter public-key cryptosystems
in Journal of Cryptographic Engineering
Banciu V
(2014)
Constructive Side-Channel Analysis and Secure Design
Gierlichs B
(2012)
Progress in Cryptology - LATINCRYPT 2012
Hanley N
(2011)
Using templates to distinguish multiplications from squaring operations
in International Journal of Information Security
Jarvinen K
(2012)
Harnessing Biased Faults in Attacks on ECC-Based Signature Schemes
Mangard S
(2011)
One for all - all for one: unifying standard differential power analysis attacks
in IET Information Security
Martin D
(2015)
Cryptography and Coding
Mather L
(2013)
Advances in Cryptology - ASIACRYPT 2013
McEvoy R
(2013)
All-or-Nothing Transforms as a countermeasure to differential side-channel analysis
in International Journal of Information Security
Moss A
(2012)
Cryptographic Hardware and Embedded Systems - CHES 2012
Oswald E
(2012)
Fault Analysis in Cryptography
Tunstall M
(2011)
Practical complexity differential cryptanalysis and fault analysis of AES
in Journal of Cryptographic Engineering
Tunstall M
(2014)
The distributions of individual bits in the output of multiplicative operations
in Cryptography and Communications
Whitnall C
(2014)
Topics in Cryptology - CT-RSA 2014
Whitnall C
(2011)
Smart Card Research and Advanced Applications
Whitnall C
(2011)
Advances in Cryptology - CRYPTO 2011
Whitnall C
(2011)
A fair evaluation framework for comparing side-channel distinguishers
in Journal of Cryptographic Engineering
Description | We developed a successful prototype for a highly parallel infrastructure to conduct advanced types of side channel research (i.e. more elaborate experiments than what we could previously do). We made some progress towards practical leakage resilient cryptography and key implementation considerations for its practical deployment. |
Exploitation Route | We are working towards releasing tools and methods for advanced side channel research, which could be integrated into existing tool chains to evaluate side channel resistance. |
Sectors | Digital/Communication/Information Technologies (including Software) Electronics Government Democracy and Justice |
Description | Industrial players use findings to speed up security evaluations as well as avoid implementation pitfalls. Industry as well as governmental institutions benefited via an increase of suitably trained graduates, and therefore we contributed to the generation of future cyber security leaders. |
Sector | Digital/Communication/Information Technologies (including Software),Electronics,Government, Democracy and Justice |
Impact Types | Economic |
Description | ACE-CSR Studentships 2012 round |
Amount | £68,648 (GBP) |
Organisation | Government Communications Headquarters (GCHQ) |
Sector | Public |
Country | United Kingdom |
Start | 09/2013 |
End | 03/2017 |
Description | ACE-CSR Studentships 2014 round |
Amount | £69,524 (GBP) |
Funding ID | 14440011 |
Organisation | Government Communications Headquarters (GCHQ) |
Sector | Public |
Country | United Kingdom |
Start |
Description | DPA Workstation funding scheme |
Amount | $270,000 (USD) |
Organisation | Cryptography Research |
Sector | Private |
Country | United States |
Start | 06/2014 |
End | 08/2014 |
Description | GCHQ Equipment fund |
Amount | £67,697 (GBP) |
Organisation | Government Communications Headquarters (GCHQ) |
Sector | Public |
Country | United Kingdom |
Start | 02/2014 |
End | 03/2014 |
Description | Invited presentation at IGGY Conference |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Schools |
Results and Impact | 10 pupils (who were identified as gifted) attended my slot on crypto research, which initiated a good discussion and lots of questions. Not aware of any impact? |
Year(s) Of Engagement Activity | 2013 |
URL | https://www.iggy.net/globalandgifted/programme |
Description | SILENT website |
Form Of Engagement Activity | A magazine, newsletter or online publication |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Professional Practitioners |
Results and Impact | We publicised the website at CHES 2014 during the rump session which sparked increased interest in our research activities. None as of yet. |
Year(s) Of Engagement Activity | 2014 |
URL | http://silent.cs.bris.ac.uk/ |