Leakage Aware Design Automation (LADA): Tools & Techniques for Software Crypto Implementations

Information leakage via side channels is a widely recognised threat to cyber security: in particular small devices are known to leak information via physical channels (power consumption, electromagnetic radiation, and timing behaviour). Side channel leakage provides skilled adversaries with information about otherwise secret internal variables, which can ultimately lead to complete security breaches in the form of secret key (or data) recovery. For small embedded devices, which feature architectures of limited complexity (i.e. a small number of pipeline stages, few data and/or address buses), the nature of the leakages can be appropriately modelled using statistical tools such as regression analysis or by estimating (multivariate) normal distributions. Our research hypothesis is that one can make meaningful statements about the leakage behaviour of new implementations on such devices by utilising a priori derived (instruction level) leakage models.

Aiming to allow engineers with limited domain-specific knowledge to do just this, and hence improve the quality of software they develop, our overarching goal is: based on the development of a suitable instruction-level leakage model (for a device) plus specification of cryptographic primitives, we will explore techniques that allow sound assessment of leakage-related attacks on associated implementations without the need for a fully equipped side channel lab.

Strategic: Within the UK there are very few adequately equipped academic side channel laboratories, and of these we are (arguably) the one with the strongest academic credentials. We have developed an important relationship with the National Technical Authority for Information Assurance, whose work will directly benefit from our research.

National crypto policies tend to be heavily influenced by international policies. In partnership with the COSIC group at KU Leuven, the Bristol Crypto group is contracted by the European Union Agency for Network and Information Security (ENISA) to produce the 'Algorithms, key size and parameters report', the basis for standardising cryptographic parameters in Europe. One of our key aims for impact will be to expand the report's coverage of side-channels, currently only dealt with in broad, unspecific terms.

Economic: The knowledge-based nature of the UK Information security market demands innovation via research to remain globally competitive. The specific nature of our main aim will benefit all engineers/developers/researchers who are concerned with cryptography in the real world, irrespective of whether they are academic or industrial. With regards to the latter, it can be noted that the UK has a healthy ecosystem of SMEs who contribute to the evolving market around the `Internet of Things' (IoT). Undoubtedly, privacy and security is a concern in IoT. Consequently, our research will be of particular use to companies who need to implement cost effective cryptography on resource constrained devices with minimal overhead during design (irrespective of whether or not they have a security lab for testing).

The people pipeline: We aim to deliver long-lived impact through human capital, which is aligned with the national remit of increased capability in cyber security. Our group has a good track record in this respect, with alumni positioned in a variety of high-ranking roles, ranging from full Professors in Universities across the EU, through to technical and managerial roles in both large and small companies. We aim to 'produce' engineers who are not only security aware, but have had exposure to the problem of side channel attacks that they can carry into and use in future careers.