Worcester Polytechnic Institute

Past Seminars in 2014

  • Thursday, July 3 at 11am in AK 218:Advances in the Side-Channel Analysis of Symmetric Cryptography
    Presenter: Mostafa Taha (Worcester Polytechnic Institute)Abstract:
    Practical countermeasures against Side-Channel Attacks (Hiding and Masking) typically require at least doubling the implementation area or the computation time. Yet, they do not provide perfect protection. They only make it harder for an adversary to recover the secret key. On the other hand, Leakage Resiliency can provide provable security against SCA by designing new primitives with inherent resiliency against information leak. However, Leakage Resiliency comes with excessive implementation overhead that makes it unacceptable for embedded devices.

    In this talk we highlight a generic framework for lightweight and efficient leakage resiliency through key-updating. Then, we propose two complete solutions that are compatible with any AES mode of operation. One solution uses a dedicated circuit for key-updating, while the other uses the underlying AES block cipher itself. Also, we address the problem of designing a single core for all the applications of hashing functions: unkeyed applications e.g. regular hashing and keyed applications e.g. generating MACs. We observed that, running unkeyed application on an SCA-protected core will involve a huge loss of resources (3 to 4x). Hence, we propose a novel SCA-protected core for hashing following the concepts of Leakage Resiliency. Our core has no overhead in unkeyed applications, and negligible overhead in keyed ones.

    Mostafa Taha is a Post Doctoral Fellow in the Vernam Group of WPI. He received his Ph.D. degree from the Secure Embedded Systems Lab at Virginia Polytechnic Institute and State University, better known as Virginia Tech. His research focus on implementation attacks and side-channel analysis.

  • Friday, April 30 at 11am in AK 108:
    Talk: Access Pattern Disclosure Attacks against Searchable Encryption Schemes
    Presenter: Murat Kantarcioglu (University of Texas at Dallas)

    With the advent of cloud computing, outsourcing data to cloud providers is becoming more popular due to the lower cost and increased flexibility. At the same time, concerns related to security of the outsourced data are increasing. To address these concerns, various protocols have been proposed in the literature to outsource data in an encrypted format and execute queries over encrypted data. Oblivious RAM protocols allow access to remote encrypted data without revealing access pattern even to the remote server. Unfortunately, even the most efficient Oblivious RAM protocol is too expensive to be used in most practical applications. Alternatively, a lot of efficient protocols have been proposed in the literature that allow query execution over encrypted data. There are practical Searchable Symmetric Encryption (SSE) techniques that allow keyword search over remote encrypted data. Database-As-a-Service (DAS), on the other hand, allows SQL queries to be executed over remote encrypted data. All these efficient techniques purposefully reveal data access pattern to an adversary for the sake of efficiency.Bio:
    Dr. Murat Kantarcioglu is an Associate Professor in the Computer Science Department and Director of the UTD Data Security and Privacy Lab at the University of Texas at Dallas. He holds a B.S. in Computer Engineering from Middle East Technical University, and M.S. and Ph.D degrees in Computer Science from Purdue University. He is a recipient of NSF CAREER award and Purdue CERIAS Diamond Award for Academic excellence. Currently, he is a visiting scholar at Harvard Data Privacy Lab.

    Dr. Kantarcioglu’s research focuses on creating technologies that can efficiently extract useful information from any data without sacrificing privacy or security. His research has been supported by grants from NSF, AFOSR, ONR, NSA, and NIH. He has published over 100 peer reviewed papers.
    Some of his research work has been covered by the media outlets such as Boston Globe, ABC News etc. and has received two best paper awards.

  • Friday, April 18 at 12noon in SL 104:Algorithmic Confusion Analysis of Higher Order DPA against Masking Protected Devices
    Presenter: Adam Ding (Northeastern University)Abstract:
    Masking the internal operations with random numbers is a popular countermeasure to protect cryptographic systems against differential power analysis (DPA). Higher order DPA can be used to break the masking protection. We apply the algorithmic confusion analysis (Fei et al. 2012 CHES) on higher order DPA. We derive an analytic success rate formula that explicitly shows the effect of the algorithmic properties, the implementation singal-noise-ratio, and masking. We also formally prove that, in the very noisy scenarios, the centered product combination function is optimal for the higher-order attacks.

    Adam Ding is an associate professor in the Mathematics Department of Northeastern University. He received his Ph.D. degree from Cornell University. His research focus on statistical methodology and applications in Biostatistics, engineering and finance. He had hold summer visiting faculty positions in the Biostatistics Departments of Harvard University and University of Rochester. Recently, he is building statistical models for evaluating side-channel-attacks against cryptosystems.

  • Wednesday, April 16 at 11 am in AK 219:Sub-Transistor Level Hardware Trojans
    Presenter: Christof Paar (Ruhr-Universität Bochum & UMASS Amherst)Abstract:
    Countless systems ranging from consumer electronics to military equipment are dependent on integrated circuits (ICs). A surprisingly large number of such systems are already security critical, e.g., medical devices, automotive electronics, or SCASA systems. If the underlying ICs in such applications are maliciously manipulated through hardware Trojans, the security of the entire system can be compromised. In recent years, hardware Trojans have drawn the attention of governments and industry as well as the scientific community. Initially, the primary attacker model of concern had been that a malicious foundry could alter the design, i.e., introduce hardware Trojans that could interfere with the (security-sensitive) functionality of a chip. Many other attacker models exist too. For instance, the legitimate owner of an IC, e.g., a consumer electronic company abroad, might be in cohort with a foreign intelligence agency and could decide to alter its products in a way that compromises its security. Even though hardware Trojans have drawn considerable attention by the scientific community, little is known about how Trojans might look, especially those that are particularly designed to avoid detection.

    In this talk we propose an extremely stealthy approach for realizing hardware Trojans below the gate level, and we evaluate their impact on the security of the target device. Instead of adding additional circuitry to the target design, we insert our hardware Trojans by changing the dopant polarity of existing transistors. Since the modified circuit appears legitimate on all wiring layers (including all metal and polysilicon), our family of Trojans is resistant to many detection techniques, including fine-grain optical inspection and checking against “golden chips”. We demonstrate the effectiveness of our approach by inserting Trojans into the digital post-processing used in Intel’s cryptographically secure random number generator used in the Ivy Bridge processors.

    Christof Paar started his career at WPI, where he taught from 1995 to 2001. Since then he has the Chair for Embedded Security at the University of Bochum, Germany, and is affilated professor at the University of Massachusetts Amherst. He co-founded, with Cetin Koc, the CHES (Cryptographic Hardware and Embedded Systems) conference. Christof’s research interests include highly efficient software and hardware realizations of cryptography, physical security, penetration of real-world systems, trusted systems and cryptanalytical hardware. He also works on real-world applications of embedded security, e.g., in cars, consumer devices, smart cards and RFID.

    Christof has over 150 peer-reviewed publications and is co-author of the textbook Understanding Cryptography (Springer, 2009). He has given invited talks at MIT, Yale, Stanford University, IBM Labs and Intel. He has taught cryptography extensively in industry, including courses at General Dynamics, NASA, Motorola Research, and Philips Research. Christof is Fellow of the IEEE. He co-founded ESCRYPT Inc. – Embedded Security, a leading system provider in industrial security which was acquired by Bosch.

Former Seminars:
2013 Security Seminars
2012 Security Seminars