Worcester Polytechnic Institute

On Thursday, Sept. 19 at 10 am in AK 233,
Christof Paar (Ruhr-Universität Bochum & UMASS Amherst) will talk on:

Embedded Security for the Internet of Things

Through the prevalence of interconnected embedded systems, the vision of ubiquitous computing has become reality over the last few years. As part of this development, embedded security has become an increasingly important issue in a multitude of applications. Examples include the Stuxnet virus, which has allegedly delayed the Iranian nuclear program, killer applications in the consumer area like iTunes or Amazon’s Kindle (the business models of which rely heavily on IP protection) and even medical implants like pace makers and insulin pumps that allow remote configuration. These examples show the destructive and constructive aspects of modern embedded security. In this presentation I will talk about some of our research projects over the last few years which dealt with both the constructive and “penetration testing” aspect of embedded security applications.

The first case study addresses a new and increasingly important area of embedded security research, namely lightweight cryptography. PRESENT is one of the smallest known ciphers which can be realized with as few as 1000 gates. The cipher was designed for extremely cost and power constrained applications such as RFID tags which can be used, e.g., as a tool for anti-counterfeiting of spare parts, or for other low-power applications. PRESENT is currently being standardized as ISO/IEC 29192.

As “destructive” examples of our research we will show how two devices with very large deployment in the real world can be broken. First, we show how a combination of embedded reverse engineering and classical symmetric cryptanalysis lead to the break of two widely deployed satellite standards. The second attack breaks the bit stream encryption of current FPGAs. These are reconfigurable hardware devices which are popular in many embedded systems, ranging from set-top boxes to high-speed routers. We were able to extract AES and 3DES key from a single power-up of the reconfiguration process. Once the key has been recovered, an attacker can clone, reverse engineer and alter a presumingly secure hardware design.

Christof Paar was with WPI’s ECE department from 1995 until 2001. Since then he has the Chair for Embedded Security at the University of Bochum, Germany, and is affiliated professor at the University of Massachusetts Amherst. He co-founded, with Cetin Koc, the CHES (Cryptographic Hardware and Embedded Systems) conference. Christof’s research interests include highly efficient software and hardware realizations of cryptography, physical security, penetration of real-world systems, trusted systems and cryptanalytical hardware. He also works on real-world applications of embedded security, e.g., in cars, consumer devices, smart cards and RFID.

Christof has over 150 peer-reviewed publications and is co-author of the textbook Understanding Cryptography (Springer, 2009). He has given invited talks at MIT, Yale, Stanford University, IBM Labs, and Intel. He has taught cryptography extensively in industry, including courses at GTE, Motorola Research, NASA and Philips Research. Christof is Fellow of the IEEE. He co-founded ESCRYPT Inc. – Embedded Security, a leading system provider in industrial security which was acquired by Bosch in 2012.

Applied Cryptology Seminar
The seminar features presentations of hot topics within the
interdisciplinary field of cyber-security.

All are welcome!

For current information on the seminar, please visit: