EMMY NOETHER-GROUP CAVE
DR.-ING. PASCAL SASDRICH
Junior Research Group Leader
Faculty of Computer Science
Chair for Security Engineering
Room: ID 2/645
Telephone: +49 234-32-25734
Office hours: By arrangement
The Emmy Noether junior research group CAVE, funded by the German Research Foundation (DFG), investigates the following open challenges and issues of Computer-Aided Verification of Physical Security Properties to pave the way for next-generation, security-oriented Electronic Design Automation (EDA) flows.
MODELING ADVERSARIES AND PHYSICAL SECURITY PROPERTIES
State-of-the-art adversary and security models for information leakage or information tampering are primarily considered in isolation. In practice, these limits are not imposed on attackers but the combination of different threats and attacks can be explicitly used to bypass isolated physical security mechanisms.
For this, transformation of existing security definitions and models into a unified system, particularly illuminating and addressing potential reciprocal effects, is an on-going research challenge. For continuous validation of theoretical findings and generation new insights, enabling further advancement of the theoretical models, computer-aided verification tools need to be continuously extended and improved to keep up with progress and developments on the theoretical model side.
IMPLEMENTATION OF AUTOMATIC VERIFICATION TOOLING
Current security concepts and models are often only applicable to smallest systems, while verification complexity increases exponentially in their size and the accuracy of the adversary models.
To counteract such increasing complexity in a targeted manner, new methodologies and hierarchical models must be developed to accelerate verification by orders of magnitude and enable evaluation of complex systems. Consequently, algorithms and applications must be improved and refined continuously to enable efficient and high-performance security verification, reduce the duration of modern hardware development cycles, and increase the quality of the developed systems.
INTEGRATION INTO ELECTRONIC DESIGN AUTOMATION
Existing security verification solutions primarily provide stand-alone applications that focus on generic, simple, and abstract target platforms and predominantly target symmetric cryptographic primitives. Consequently, micro-architectural details, asymmetric cryptography, or non-cryptographic components are often excluded even though they are integral parts of the security architecture.
Nonetheless, security verification forms the foundation of modern security-oriented EDA, hence, should support the entire flow of the full system. For this, next-generation security verification solutions should be directly embedded into modern EDA frameworks to enable hierarchical, modular, and extensive security verification.
We are currently looking for applications of outstanding and highly motivated PhD students!
If you are interested, please reach out to email@example.com (subject "[CAVE Application]") and include:
- A one/two page motivation letter, stating your background, motivation, and research topics you are interested in.
- A CV, including a list of publications (if available) and two references (if available).
- A Transcript of Records and copies of relevant certificates.
- A copy of your Master's thesis (if available).
- David Knichel, Pascal Sasdrich, Amir Moradi: SILVER – Statistical Independence and Leakage Verification. ASIACRYPT 2020.
- Jan Richter-Brockmann, Aein Rezaei Shahmirzadi, Pascal Sasdrich, Amir Moradi, Tim Güneysu: FIVER – Robust Verification of Countermeasures against Fault Injections. IACR TCHES 2021.
- Nicolai Müller, David Knichel, Pascal Sasdrich, Amir Moradi: Transitional Leakage in Theory and Practice Unveiling Security Flaws in Masked Circuits. IACR TCHES 2022.
- Jan Richter-Brockmann, Jakob Feldtkeller, Pascal Sasdrich, Tim Güneysu: VERICA – Verification of Combined Attacks Automated formal verification of security against simultaneous information leakage and tampering. IACR TCHES 2022.
- Jakob Feldtkeller, Jan Richter-Brockmann, Pascal Sasdrich, Tim Güneysu: CINI MINIS: Domain Isolation for Fault and Combined Security. CCS 2022.
- Jan Richter-Brockmann, Pascal Sasdrich, Tim Güneysu: Revisiting Fault Adversary Models – Hardware Faults in Theory and Practice. IEEE TC 2023.