In our modern society, embedded systems performing cryptographic operations are everywhere, from credit cards or electronic access control systems to a large magnitude of IoT devices. Even when utilizing a theoretically secure cryptographic primitive, such a device can still be vulnerable to a large variety of attacks in practice. Sensitive information might be leaked through various side-channels, like execution time, power consumption, or electromagnetic emanations. To protect implementations against these sophisticated attack vectors, we research possible attacks as well as appropriate countermeasures.
Side-Channel Analysis
One of the most important areas of physical implementation security, that deals with passive observation attacks, is called side-channel analysis. At our chair, we particularly focus on the development of efficient and effective countermeasures.
In recent years, with the emergence of new post-quantum cryptography schemes, a new field of research opened up, dealing with the side-channel secure implementation of these new constructions.
We not only focus on commonly needed components, like polynomial inversion or fixed-weight polynomial sampling, but also on attacking and protecting complete PQC schemes, such as ML-DSA / Dilithium.
Fault-Injection Attacks
Attacks in which the attacker actively interferes with the execution of an algorithm to alter the program flow or produce incorrect results are known as fault-injection attacks.
At the Security Engineering Chair, we analyze both how these kinds of attack can be used to break implementations of cryptographic schemes as well as how such threats can be mitigated. To this end, we showed how fault attacks can be used to to recover the key of ML-DSA / Dilithium implementations.
Combined Attacks
A more recent field of study deals with a stronger attacker model that combines both passive observation of side-channel information and active fault injection capabilities. At the Chair for Security Engineering, we research the feasability of performing these high-complexity attacks in practice as well as theoretical foundations to model such scenarios.