DFG: SSIMA (2024-2026)

Scalable Side-Channel Immune Micro-Architecture

This research focuses on addressing the limitations of current embedded micro-architectures in providing comprehensive protection against combined passive and active physical attacks, such as side-channel analysis (SCA) and fault injection (FI). The objective is to explore the construction of composable architectures that can maintain security against these attacks in a combined setting. The study aims to achieve scalability in constructing these architectures, allowing for SCA security at arbitrary orders using a single hardware design. The primary objective is to develop methodologies for scalable physically secure software using customized embedded platforms without micro-architectural leakage. Scalability involves adapting implementations to different adversary models and fault tolerance requirements while maintaining theoretical and practical security guarantees. It is planned to design and develop a RISC-V platform, including the corresponding Instruction Set Architecture (ISA) and dedicated Instruction Set Extensions (ISE), that enables software designers to effortlessly convert unprotected software written in high-level languages (e.g., C) into machine code for our developed platform. The resulting implementation should provide security against defined adversaries while upholding theoretical security arguments in practice. The successful outcome would represent a significant advancement in the development of ISAs with provable security for executing arbitrary software.

EU: enCRYPTON (2022-2025)

Twinning towards excellence for Privacy Enhancing Technologies leveraging Homomorphic Encryption

The main objective of enCRYPTON is to increase the innovation capacity of the project’s partners and enhance the consortium’s scientific quality and research excellence within privacy enhancing technologies. The objectives will be achieved by building scientific capacity, management capacity and technical capacity. To enhance scientific competences, staff exchanges, visits of international experts, workshops and summer schools are organized for researchers and early-stage researchers. To enhance management and administration, idea generation workshops, impact creation courses, proposal preparation workshops, project management workshops, staff exchanges and participation in trade-shows and business fairs are organized mainly for the administration unit. Moreover, the partners will collaborate to develop a prototype server in an exploratory research project that will provide solutions for data privacy problems. enCRYPTON’s activities enhance networking between the partners, through knowledge transfer and exchange of best practice. enCRYPTON has a scientific strategy for stepping up and stimulating scientific excellence and innovation capacity and focuses on strengthening the research management and administration skills.

BMBF: ProPair (2022-2025)

Context-based Trust Initialization of Telemedicine Micro Devices

The ongoing digitalization is making itself present in almost all areas of public life, but has not yet been fully accepted in the medical field due to the high demands on data protection and security requirements. Within the scope of this project, we want to create new possibilities to enable secure communication between medical sensors and to combine simple usability with high security requirements. In doing so, we will perform extensive analyses of the proximity-based authentication capabilities of the new Bluetooth standard, check its integration into the future demonstrator and re-evaluate its security as a whole. A high level of usability and security must be ensured in particular during the setup of new sensors must be ensured, the so-called „pairing“. This process is particularly complex in cryptography, since the devices do not know each other and trust can only be derived from the context of the intended communication. To increase usability, it should not be necessary to enter complex passwords. This makes the protection of the process even more difficult.

BMBF: DevToSCA (2022-2025)

Developer-Centric Tools for Side-Channel Analysis

The number of (micro) computers involved in daily life is increasing rapidly due to rapid technical development. The digitalization of the smallest components is particularly evident in the area of IoT devices, which ranges from smart light switches to networked toasters. However, this also opens up to attackers a wide range of targets, who often have access to the entire network infrastructure if they successfully compromise a device. Most often, such attacks originate from insecure implementations, because many developers and manufacturers do not have the capacity to carry out extensive security tests. The goal of this project is to find vulnerabilities without the need for such tests by automatically checking the machine code for side channel leakages using symbolic analysis. Comparable approaches have so far only existed for cryptographic hardware implementations, whereas the security of software implementations could only be checked with the help of complex tests. The new approach is intended to provide all developers and manufacturers with the software and avoid the need for a complex evaluation process in the laboratory. In the long term, this should make it possible to prevent large-scale as well as targeted attacks on specific victims.

BMBF: KOSEF (2022-2025)

Cost-optimized and Effective Protection against Electromagnetic Fault Injection to Ensure Data and Operational Reliability in loT Systems

The overall goal of this project is to find countermeasures against electromagnetic fault injection attacks (EMFI) at the algorithmic level of cryptographic primitives, which will lead to a sufficient level of protection in practice in software and also in hardware. The cost of these countermeasures should be minimized to such an extent that they can be used on resource-constraint end devices in the Internet of Things (IoT). The cost reduction refers to minimizing the latency and area consumption of the protected implementations. These goals are to be achieved through a deep practical analysis of the physical mechanisms of EMFI at the circuit level and the subsequent theoretical modeling of these mechanisms. Through the developed countermeasures for the protection of cryptographic primitives and ciphers, the underlying secret keys are sufficiently protected, thus ensuring the data security and privacy in the IoT environment.

DFG: SecFS­ha­re (2021-2023)

Se­cu­re Sharing of FPGAs in Clouds

FPGAs are becoming increasingly popular as flexible re-programmable accelerators in the cloud for server applications such as Artificial Intelligence (AI), big data analytics or online searches. To empower these new applications and new usage mechanisms in the cloud, FPGA vendors are integrating FPGAs ever more tightly with existing software and CPU infrastructure to enable easy and efficient exchange of large amounts of data. Cloud service providers now offer FPGAs for rent on their shared server platforms.The tight integration of FPGAs into classic CPU-based systems in the cloud infrastructure leads to an increasing level of platform sharing. Yet, right now, FPGAs are not shared due to security concerns. Shared FPGA-powered services and true FPGA multi-tenancy–which are normal in the server world–are highly desirable features, as sharing can provide the maximum flexibility, performance and yet reduced costs. Exploring technology to allow secure sharing of FPGAs is thus essential for FPGA technology as it becomes more tightly coupled into CPU systemsThe goal of this project is to provide new security mechanisms to enable secure FPGA sharing in the could. We will investigate security challenges and countermeasures for combined CPU and FPGA platforms where both the FPGA and CPU may be shared by numerous processes and users remotely. We propose a rigorous analysis of the new combined architecture with respect to novel risks that stem from the close coupling of the FPGA and CPU platform and their shared operation at electrical, logical and microarchitectural levels. We will investigate new countermeasures, with a combination of static checking and dynamic detection and protection, to mitigate these security threats, at both electrical and logical levels. This project will have a transformative impact on the entire reconfigurable hardware and microarchitecture security community and pave the way toward flexible and secure sharing of combined FPGA CPU systems in the cloud. As a team with complementing skills, we will pioneer this emerging area of hardware security at a critical time of deployment.

DFG: SAU­BER (2020-2023)

phy­Si­cAl­ly se­cU­re re­con­fi­gura­BlE plat­foRm

In the growing digital world, where many aspects of daily life are solely performed by the information technology infrastructure, their security concerns are greater than ever before. With software becoming more secure on one hand, and compromising hardware becoming easier on the other hand, the hardware becomes the Achilles heel for the system security. In complex systems on chip (SoCs) of today, the reconfigurable fabric, in the form of field programmable gate array (FPGA), plays an important role due to its rapid time to market, flexibility, and updatability. FPGAs are also very promising for many secure platforms, since they allow “security patches” to the hardware and the system, as it is normally done in software. Despite such promising prospects of FPGAs for secure applications, there are still many security issues to be resolved for the FPGA fabric since the existing commercially-available reconfigurable technology is not made for secure applications. There exist challenges in applying the currently-known countermeasures to physical attacks in FPGA platforms, due to high area, low throughput, high power/energy, high latency, etc. The implementation and mapping of such security schemes to the FPGA is “ad hoc”, meaning for every cryptographic algorithm and every design architecture, the countermeasures should be readjusted. In addition, the existing FPGA technology is vulnerable to many security attacks and side-channel analysis, even enabling adversaries to attack the system remotely.The main objective of this project is to design a secure reconfigurable platform (SAUBER), which is resilient to various malicious physical attacks and can act as the center of trust in SoCs, in order to implement cryptographic algorithms and other highly secure functions. The new platform would provide strong protection against side-channel analysis attacks, fault-injection attacks, thermal attacks, power supply noise attacks and at the same time enable adjustable security primitives, e.g., PRNG, necessary for algorithmic countermeasures against physical attacks. We will investigate how to adopt and re-design currently available ASIC-based hiding countermeasures so that their realization in a reconfigurable platform would lead to strong protection against physical attacks. We will design the secure reconfigurable fabric and develop the secure mapping toolchain, on top of existing open source FPGA mapping tools, to automatically map user applications to this platform and embed security features in a systematic and automated manner.

BMBF: mIND­FUL (2020-2023)

In­tru­si­on De­tec­tion in In­dus­try 4.0 via Fu­si­on of Phy­si­cal Chan­nels using Ar­ti­fi­ci­al In­tel­li­gence

Modern cybersecurity solutions are predominantly concerned with digital aspects such as cryptographic algorithms, network protocols and software security. In practice, however, physical transmission channels offer just as many vulnerabilities that allow attackers to harm a complex, industrial system. In particular, common intrusion detection systems (IDS) cannot secure all aspects of a system because the wealth of information of the physical transmission channels is not included in the detection routine. Due to the increasing networking and dynamic reconfiguration of production systems within Industrie 4.0 applications, attack detection for industrial systems is becoming more complex and important.
The goal of the project is to develop a precise intrusion detection system that delivers a high attack detection rate and few false alarms despite the dynamically changing configurations of Industrie 4.0. To this end, research is being conducted on two main components: first, physical data is to be collected, which will be compressed for practical processing reasons. At the same time, an in-house IDS will use machine learning (AI) techniques to combine various sensor data and detect attacks on this basis. Second, the collected data will be cleaned; for example, redaction procedures will be developed for data protection-compliant processing. The cleansed data will be forwarded to a common cross-enterprise collaborative aggregation platform. In this way, information about attacks can be used in several companies, which improves the training of the in-house IDS.

DFG: Aged but Fit (2020-2022)

Long Las­ting Se­cu­ri­ty for Trusted Plat­forms

With the aggressive scaling of process technology, time-dependent reliability degradations, so-called aging is becoming more severe in CMOS nanotechnologies. Aging changes the specifications of transistors during the time and in turn, the timing and power consumption of the underlying devices. For cryptographic devices, aging is not only crucial from the reliability point of view but also needs a thorough consideration from security perspective as aging-related degradations may benefit the adversaries in leaking sensitive information through side-channel analysis and fault-injection attacks or via Trojan insertion. Although aging-related reliability degradation has been extensively addressed in recent years, the impact of aging on the security of cryptographic devices has remained largely unexplored. Cryptographic devices have a broad range of applications dealing with confidentail data. Due to sensitivity of such applications, there is a thorough need to address the security of these devices with respect to aging. To alleviate this problem, this proposal is structured around the following topics: (i) leveraging the security of cryptographic devices via designing aging-aware countermeasures that circumvent active and passive physical attacks, (ii) revisiting Trojan detection schemes in cryptographic devices with respect to aging effects, (iii) novel developments with respect to aging-aware PUF constructions.Deploying the state-of-the-art aging mitigation schemes can enhance device reliability by prolonging its lifetime and postponing observation of aging-related malfunction, yet these schemes cannot thoroughly address security concerns of cryptographic devices, as even small aging-induced imbalances can compromise the countermeasures leveraged to protect against physical attacks. As a consequence, an adversary may maliciously accelerate aging to thwart the protection schemes. On the other hand, aging may be beneficail to harden particular physical attacks or to weaken certain Trojan activation mechanisms. As an example, we can refer to profiling SCA attacks, where side-channel signature of different devices are compared. This project will address the shortcoming of existing schemes by developing aging-aware solutions. The outcome of this research will be evaluated on FPGA fabrics and ASIC prototypes.

DFG: SuC­CESS (2019-2023)

Sym­me­triC Ci­phEr de­sign with in­herent phy­Si­cal Se­cu­ri­ty

Our goal is to consider countermeasures against a variety of physical attacks during the design process of symmetric ciphers such that they do not forestall the performance optimizations. Particularly in the design of new cryptographic primitives we will consider protection against side-channel analysis and fault-injection attacks. We will develop novel countermeasures dedicated to our constructed primitives in such a way that the integration of such countermeasures into the corresponding implementations becomes straightforward and efficient. From the efficiency point of view, we will consider area, latency, energy consumption, and required randomness as the most important metrics. This will avoid the problem of classical design process, where equipping the implementation with countermeasures against physical attacks leads to significantly inefficient designs.

DFG: Green­Sec (2018-2023)

Se­cu­ri­ty for In­ter­net of Things with Low En­er­gy and Low Power Con­sump­ti­on

Digital embedded systems are becoming integrated into our daily life. Many of such systems are tied with security and privacy concepts, e.g., electronic payments, smart homes, electronic toll collection and smart phones. A majority of them as portable devices, which are carried by us in a daily base, can be categorized into two groups: i) battery-operated ones, and ii) contactless passive ones. Battery life is obviously amongst the major issues of the first group, the same as proximity of the second group. Hence, low-energy designs are essential for the battery-operated applications, and low-power designs for the contactless in-field applications. Interestingly, the crypto community offers a large toolbox of advanced algorithms to achieve a strong level of security. The cryptographic primitives have been designed based on the principle cryptanalyses. However, very limited attention has been paid with respect to the energy and power consumption of their implementations leading to the fact that most of the current cryptographic solutions are not truly suitable for low-power and low-energy applications. Further, such security-enabled devices, that are in hand and control of the legitimate users, can be operated in hostile environments. Hence, the implementation attacks, as serious threats for pervasive applications, can turn a theoretically-robust system into a completely-broken setup. As demonstrated by numerous side-channel analysis (SCA) attacks, securing ubiquitous systems is a must as well as a non-trivial task. Although several SCA countermeasures have already been developed and introduced, almost none of them focuses on the power and energy overheads. In fact, resistance against SCA attacks with low-power and/or low-energy feature has barely been considered by the side-channel community. In short, most of the cryptographic devices, equipped with sound SCA countermeasures, fail to fulfill the requirements to be a part of a low-power (or low-energy) system. Indeed, the result of our preliminary study in this area supports this statement, where we examined the latency and power consumption of SCA-protected implementation of low-latency ciphers. Nevertheless, it would be a great benefit to develop cryptographic primitives as well as protection solutions considering low-energy and low-power features. In this project we will investigate power and energy consumption of cryptographic primitives and SCA countermeasures for ASIC platforms. Based on this, cryptographic algorithms as well as SCA countermeasures will be (re-)designed to match the certain requirements resulting in cryptographically-robust and SCA-resistant schemes with limited power and energy consumption. We will develop dedicated and provably-Secure SCA countermeasures (for ASIC platforms) based on the result of our practical analyses. Hence, an interdisciplinary effort based on symmetric cryptography and cryptographic engineering is required to cope with these challenges.

BMBF: Ve­ri­Sec (2017-2020)

Com­pu­ter-As­sis­ted In­te­gra­ti­on and Ve­ri­fi­ca­ti­on of Mas­king in Cryp­to­gra­phic Im­ple­men­ta­ti­ons

Masking blurs the connection between the real data to be protected and the side-channel information measured by the attacker. For this purpose, intermediate results of cryptographic computations are randomized with a secret mask value. The goal of the joint project VeriSec is to design and develop software tools that are able to automatically protect an unprotected implementation by means of masking and to automatically examine a given implementation with respect to possible vulnerabilities. In contrast to known theoretical methods, the project has a special focus on the practice-oriented modeling of existing side channels by means of concrete measurements.

BMBF: SysKit (2017-2020)

A De­ve­lop­ment Tool for Se­cu­re Com­mu­ni­ca­ti­ons in In­dus­try 4.0

A development tool called SysKit is being realized in the project. With this tool, secure communication solutions tailored to specific Industrie 4.0 applications can be designed and implemented very efficiently. Based on a library of communication modules and other secured hardware and software components, SysKit can be used to optimize and test communication systems. Various requirements such as reliability, real-time behavior and energy consumption are taken into account.
For the implementation of the communication solution, the project also researches and develops new secure and attack-resistant communication technologies. This includes multi-antenna radio technology, which can be used to send bundled signals in the direction of the receiver. This makes it much more difficult to intercept the signals. By dynamically changing the communication parameters, the system is also said to be robust against active signal interference. In addition to security, energy efficiency is also crucial in Industrie 4.0, as many components used there do not have a continuous power supply. To this end, technologies for power-saving lightweight cryptography are to be researched and implemented in the project.

DFG: NaS­CA (2016-2020)

Na­no-Sca­le Si­de-Chan­nel Ana­ly­sis: Phy­si­cal Se­cu­ri­ty for Next-Ge­ne­ra­ti­on CMOS ICs

Currently we are being surrounded by an ever-growing number of cyber-physical systems e.g., electronic toll collection, traffic management, electronic payments, smart homes etc. Although this offers many benefits, the embedded security-enabled devices are in control of legitimate users, who can play the role of an adversary. It enables serious risks with respect to system security, not only due to the flaws of crypto algorithms. Also, the implementation attacks, as serious threats for pervasive applications, can turn a theoretically-robust system into a completely-broken setup. As demonstrated by numerous side-channel analysis (SCA) attacks, securing ubiquitous systems is a must as well as a non-trivial task. Interestingly, the SCA community offers a large toolbox of advanced countermeasures for protecting the crypto devices against such physical attacks. The power analysis countermeasures have been designed based on the principle of dynamic power consumption. However, by fast technology shrinking static power consumption of nano-scale CMOS circuits is becoming a major concern. Hence, the known countermeasures have serious shortcomings when static power consumption is considered by an SCA adversary. In the near future the cryptographic devices, equipped with theoretically-sound countermeasures, will fail to provide the desired level of protection as their security is provable excluding the concept of static power. Indeed, the result of our preliminary study in this area, where we examined the SCA vulnerability of FPGA platforms through static power, supports this statement. Nevertheless, it would be a great benefit to develop protection solutions considering both dynamic and static power. We believe that this is possible, at least to a certain extent, by carefully re-designing, extending, and composing the known countermeasures. In this project we will investigate SCA through static power for FPGA and ASIC platforms. We will analyze the efficiency of the known countermeasures to protect crypto devices (e.g., an AES coprocessor) against static power analysis attacks. Based on this, countermeasures will be (re-)designed to match the certain requirements resulting in more robust schemes with enhanced functionality. We will develop dedicated and provably-secure countermeasures (for FPGA and ASIC platforms) based on the result of our practical analyses. The fabricated ASIC samples and the FPGA modules will be practically evaluated to ensure the robustness of our developed countermeasures. Hence, an interdisciplinary effort based on applied cryptography and cryptographic engineering is required to cope with these challenges.In contrast to our approach, previous works usually deal with solely dynamic power side channel, use heuristic physical security techniques or basic obfuscation schemes, and lack sound proof to prove the security. In fact, resistance against SCA attacks through static power has barely been considered by the SCA community.