Overview 1. Intro VAMPIRE (3) CHRISTOF 2. Workshops (3) Christof - - PDF document

overview
SMART_READER_LITE
LIVE PREVIEW

Overview 1. Intro VAMPIRE (3) CHRISTOF 2. Workshops (3) Christof - - PDF document

Mar 08, 2023 260 likes •456 views

VAMPIRE Virtual Application and Implementation Research Lab ECRYPT: Achievements and Perspectives Antwerp, May 27-28, 2008 Tanja Lange (Technical University of Eindhoven) Christof Paar (Ruhr University Bochum) Overview 1. Intro VAMPIRE (3)

slide-1
SLIDE 1

1

VAMPIRE Virtual Application and Implementation Research Lab

ECRYPT: Achievements and Perspectives Antwerp, May 27-28, 2008 Tanja Lange (Technical University of Eindhoven) Christof Paar (Ruhr University Bochum)

Overview

1. Intro VAMPIRE (3) CHRISTOF 2. Workshops (3) Christof

  • SHARCS
  • RFID
  • SECSI

3. Summer Schools (3) Tanja

  • ECC,
  • HW Summer school,
  • TC

4. Selected Research Activities (3) Tanja

  • eBATS
  • SCA Lounge
  • PRESENT

5. Interactions with other VL (1): Tanja eSTREAM, PRESENT, CASE, ??? , am besten nur ein Bild mit VAMPIRE in der

Mitte

6. Major Outcomes (1-2): SHARCS, RFID, eBats, CACE , PRESENT, SCA lounges, (Bem: Ist natürlich redundant mit den anderen Folien, brauchen wir vielleicht nicht)

Legende: (Zahl) = Anzahl Folien, ca. Name = Hauptverantwortlicher, Input vom geschätzten Co-Leader willkommen

slide-2
SLIDE 2

2

Overview

  • 1. Introduction to VAMPIRE
  • 2. Workshops
  • 3. Summer Schools
  • 4. Selected Research Activities
  • 5. Outlook

Why do we need Implementation Research? (or: Why do we need VAMPIRE?)

1. Many real-world attacks exploit implementation weaknesses

– Ex: Side channel attack, fault injection attack

2. Often, new schemes are only practical if efficiently implemented

– Ex: early days of elliptic curves & (until recently) hyperelliptic curves

3. Interaction between implementation and cipher design

– Ex: Lightweight ciphers are crucial for RFID security

⇒ Crypto engineering is integral part of IT security

slide-3
SLIDE 3

3

VAMPIRE Working Groups

  • VAM 1: Software Implementation

WP leader: Bristol, D. Page; co-leader Gemplus, C. Clavier

  • VAM 2: Hardware Implementation

WP leader: IAIK TU Graz, S. Tillich; T. Popp

  • VAM 3: Side-channel Attacks

WP leader: UCL, J.-J. Quisquater, F.X. Standaert VAM 1 Software VAM 2 Hardware VAM 3

Sidechannel

http://www.rub.de/itsc/tanja/vampire/

VAMPIRE Topics

VAM1 – SW – general implementation techniques & automation – benchmarking of public-key cryptography – curve based cryptography; pairings VAM2 – HW – RFID and lightweight algorithms and implementations – instruction set extensions – special purpose hardware for cryptanalysis – stream cipher performance analysis VAM3 – Side Channel Resistance – power analysis attacks against FPGA implementations – masking method as countermeasure – particular side-channel attacks and countermeasures – theoretical models of side-channel attacks

http://www.rub.de/itsc/tanja/vampire/

slide-4
SLIDE 4

4

VAMPIRE Partners VAMPIRE Partners and leader

EDI Master card Axa lto IAIK TUE LUND IEM UCL G+ BRIS INRIA RHUL RUB KUL

  • 14 partners: 10 universities + 4 companies
  • 44% of all ECRYPT partners,
  • 44% of all industry partners

V A M 2 V A M 3 V A M 1

http://www.rub.de/itsc/tanja/vampire/

slide-5
SLIDE 5

5

Workshops

Christof

  • SHARCS (done?)
  • RFID - Christof?
  • SECSI - Christof?
  • we should also include SPEED and CRASH
  • Speed (done)
  • CRASH - Christof?

Overview

  • 1. Introduction to VAMPIRE
  • 2. Workshops
  • 3. Summer Schools
  • 4. Selected Research Activities
  • 5. Outlook
slide-6
SLIDE 6

6

SHARCS: Special-Purpose Hardware for Attacking Cryptographic Systems

  • First workshop ever on breaking crypto with

special-purpose computers.

  • Topics covered:
  • FPGAs for cryptanalysis
  • clusters of standard computers
  • factoring circuits
  • specific symmetric and asymmetric

attacks

  • optical devices for cryptanalysis

SHARCS: Special-Purpose Hardware for Attacking Cryptographic Systems

  • SHARCS 05 – Paris

– 8 invited speakers (Bernstein, Lenstra, Quisquarter, Sale, Shamir, Steinwandt,Tromer, Wiener) – very positive feedback; stimulation of new research

  • SHARCS 06 – Cologne

– 4 invited speakers (Franke, Gaj, Gara, Leblebici) – COPCAOBANA

  • SHARCS 2007,Vienna

– FPGA Implementation of the Sieving Step

slide-7
SLIDE 7

7

SHARCS

Special-Purpose Hardware for Attacking Cryptographic Systems

  • Topics:
  • FPGAs for cryptanalysis
  • clusters of standard computers
  • routing protocols
  • index calculus attacks
  • factoring circuits
  • specific block and stream ciphers
  • optical devices for cryptanalysis
  • analog computers for cryptanalysis

http://www.sharcs.org

Brief History of SHARCS

  • SHARCS 2005, Paris

– 8 invited speakers (Bernstein, Lenstra, Quisquarter, Sale, Shamir, Steinwandt,Tromer, Wiener) – very positive feedback; stimulation of new research

http://www.sharcs.org

–SHARCS 2007,Vienna

  • FPGA Implementation of the Sieving Step

–SHARCS 2006, Cologne

  • 4 invited speakers (Franke,

Gaj, Gara, Leblebici)

  • Copacobana, 80-bit stream

cipher analysis (eSTREAM)

slide-8
SLIDE 8

8

Copacobana

http://www.copacobana.org/

RFIDSec

  • First workshop addressing cryptographic issues of

RFID

  • Topics covered:
  • New applications for secure RFID systems
  • Privay-enhancing techniques for RFID
  • Cryptographic protocols forFID
  • Resource-efficient implementation
  • Workshops:
  • RFIDSec 05 & 06 – Graz
  • RFIDSec 07 – Malaga
  • RFIDSec 08 – Budapest
  • Some major outcomes:
  • New security protocols
  • much better understanding of low-cost crypto
  • to be continued
slide-9
SLIDE 9

9

SECSI – Secure Component and System Identification

  • First workshop ever addressing component ID
  • Why?
  • Anti-counterfiting of pharmaceuticals, textiles, ICs, …
  • Spare-part controls of machines, cars, …
  • Topics covered:
  • Physical Unclonable Functions (PUFs)
  • Cryptographic protocols and algorithms
  • RFID and component identification
  • Non-technical aspects of device identification
  • SECSI 2008 in Berlin, www.secsi-workshop.org
  • Some major outcomes:
  • Bringing together of people with diverse backgrounds
  • Many open challenges identified

SPEED 2007: Software Performance Enhancement for Encryption and Decryption

http://www.hyperelliptic.org/SPEED

  • Topics covered:
  • Software implementation of hash functions, public and

symmetric-key systems

  • Algorithmic speed-ups
  • CPU specific speed-ups
  • Benchmarking
  • Cryptographic software engineering tools
  • Compilers for efficient code and executables
  • Compilers to introduce cryptographic security
  • Workshops:
  • SPEED 2007, Amsterdam
slide-10
SLIDE 10

10

Single Workshops

CRASH – CRyptographic Advances in Secure Hardware – KU Leuven, 2005 – Topics: Secure and efficient cryptographic hardware – Most of the leading European players present Workshop on Secure Embedded Implementations – co-located with DATE (Design, Automation and Test in Europe) – Nice, 2007 – Secure implementation, efficient implementation, evaluation

Overview

  • 1. Introduction to VAMPIRE
  • 2. Workshops
  • 3. Summer Schools
  • 4. Selected Research Activities
  • 5. Outlook
slide-11
SLIDE 11

11

VAMPIRE Summer Schools

  • School on Elliptic Curve Cryptography, 2004, Bochum

– co-located with ECC Workshop – has become annual event – www.rub.de/itsc/tanja/summerschool/

  • School on Cryptographic Hardware, Side-Channel and

Fault Attacks, 2006, Louvain-la-Neuve – first ever summer school on this topic – co-located with SCARD event (important IP project) – www.dice.ucl.ac.be/crypto/sumschool.htm

  • School on Trusted Computing, 2007, Bochum

– joint event of PROVILAB and VAMPIRE – major industry interest – www.softeng.ox.ac.uk/etiss/

Overview

  • 1. Introduction to VAMPIRE
  • 2. Workshops
  • 3. Summer Schools
  • 4. Selected Research Activities
  • 5. Interactions with other VL
  • 6. Major Outcomes
slide-12
SLIDE 12

12

Overview

  • 1. Introduction to VAMPIRE
  • 2. Workshops
  • 3. Summer Schools
  • 4. Selected Research Activities
  • 5. Outlook

Selected Research Activities

Tanja

  • eBATS (done)
  • SCA Lounge (done)
  • PRESENT – Christof, kannst Du das bitte

erledigen

  • noch dazugefuegt: results (CACE;
  • Christof, bitte ergaenzen!
slide-13
SLIDE 13

13

eBATS: ECRYPT Benchmarking

  • f Asymmetric Systems

http://www.ecrypt.eu.org/ebats/

  • 17 Benchmarkable Asymmetric Tools (BATs) submitted
  • with parametrization: 116 different public key systems
  • 451,13 lines of (written) code in BATs
  • Timings obtained on 22 computers, covering 5 different architectures:

amd64, ia64, ppc32, sparcv9, x86

  • Measurements:
  • time to generate public-secret key pair
  • time to encrypt/decrypt
  • time to sign/verify
  • time to share a secret
  • lengths of public/secret keys
  • lengths of Ciphertext
  • length of signed message
  • length of shared secret

Raw eBATS Data

  • 8 out of the 3227696 lines of BATMAN output:

http://www.ecrypt.eu.org/ebats/

slide-14
SLIDE 14

14 Graph of timings

  • n Pentium M

laptop.

  • cf. D.VAM9, p 51

Example of eBATS Output

VAMPIRE Lounge (1)

AES Lounge (maintained by IAIK)

– Implementation of AES in software and hardware – special architectures for high-speed or low-cost – instruction set extensions – side-channel and fault attacks on AES – general security considerations – lots of references to research papers on AES http://www.iaik.tu- t/ h/k t /AES/i d h

slide-15
SLIDE 15

15

VAMPIRE Lounge (2)

Side-Channel Lounge (maintained by RUB)

– definition of active and passive attacks; of simple and differential attacks – extensive glossary – grouped by type of attack & by algorithm – presents attacks as well as countermeasures – lots of references with links to papers and reports on SCA; extensive bibliography http://www.crypto.rub.de/en_sclounge.html

PRESENT – A New Block Cipher for RFID

  • An agressively hardware-
  • ptimized block cipher
  • joint work of France Telekom,

TU Denmark, Ruhr Uni Bochum

  • pure substitution-permutation

network

  • 64 bit block
  • 80/128 bit key

Register S Permutation

Key Schedule

S P C Key …

slide-16
SLIDE 16

16

Results – PRESENT

gates

3595

AES128 1016 clk

  • TA product 1-2 orders of magnitude better than smallest AES

architecture

  • serial implementation approaches theoretical complexity limit
  • smaller than all known stream ciphers

1570

PRESENT80 32 clk

996

PRESENT80 563clk

Overview

  • 1. Introduction to VAMPIRE
  • 2. Workshops
  • 3. Summer Schools
  • 4. Selected Research Activities
  • 5. Outlook
slide-17
SLIDE 17

17

VAMPIRE – the Future

1. VAMPIRE is part of ECRYPT II (FP7) with 2 working groups

– Efficient Implementation of Security Systems – Physical Security

2. Several workshop series will continue

  • RFIDSec
  • SHARCS (cryptanalytical hardware)
  • SECSI (secure component identification)

3. VAM1 lead to independent EU project CACE - Computer Aided Cryptography Engineering (FP7) – http://www.cace-project.eu

4. eBATS will be extended to cover hash function

benchmarking

Interactions with other VL

  • I don't think we need this – in particular

after all the other labs presented their work

slide-18
SLIDE 18

18

Major Outcomes

  • r: Why has the world become a better

place due to VAMPIRE

  • Brauchen wir evt nicht.
  • ;-) ja, das sollte nach den anderen

Folien klar sein