Worcester Polytechnic Institute

Past Seminars in 2015

Seminars in 2015

  • Monday, July 20 at 11am in AK 218:
    The Spy in the Sandbox: Practical Cache Attacks in Javascript and their Implications
    Presenter: Yossef Oren (Columbia University)

    Side channel analysis is a remarkably powerful cryptanalytic technique. It allows attackers to extract secret information hidden inside a secure device, by analyzing the physical signals (e.g., power, heat) that the device emits as it performs a secure computation. While the potency of side-channel attacks is established without question, their application to practical settings is debatable. The main limiting factor to the practicality of side-channel attacks is the problematic attack model they assume; with the exception of network-based timing attacks, most side-channel attacks require the attacker be in “close proximity” to the victim.In this work, we challenge this limiting assumption by presenting a successful side-channel attack that assumes a far more relaxed and practical attacker model. In our model, the victim merely has to *access a website* owned by the attacker using his personal computer. Despite this minimal model, we show how the attacker can still launch a side-channel attack in a practical time frame and extract meaningful information from the system under attack. Defending against this attack is possible, but the required countermeasures can exact an impractical cost on benign uses of the browser.Joint work with Vasileios P. Kemerlis, Angelos D. Keromytis and Simha Sethumadhavan.

  • Thursday, July 2 at 3pm in AK 218:
    Comparison of Multi-Purpose Cores of Keccak and AES on FPGAs
    Presenter: Jens-Peter Kaps (George Mason University)

    Most widely used security protocols, such as Internet Protocol Security (IPSec), Secure Socket Layer (SSL), and Transport Layer Security (TLS), provide several cryptographic services, which include authentication, confidentiality, integrity, and non-repudiation, which in turn require multiple dedicated cryptographic algorithms. A single cryptographic primitive for all secret key functions
    utilizing different mode of operations can overcome this constraint. This presentation investigates the possibility of using AES and the Keccak f-function as the underlying primitives for high-speed and resource constrained applications. The new secure hash standard SHA-3 and two candidates of the cryptographic Competition for Authenticated Encryption: Security, Applicability, and Robustness
    (CAESAR) namely Ketja and Keyak are built around the Keccak f-function. We are presenting two hardware implementations of each, a multi-purpose Keccak core and a multi-purpose Advanced Encryption Standard (AES) core, one targeting high-speed, the other low-area, which can provide Authenticated Encryption (AE), Message Authentication Code (MAC), generate pseudo-random numbers, and produce the hash of a message.The surprising result is that, even though a plain AES implementation is typically much smaller and has a better throughput to area ratio than a plain Keccak implementation, adding additional cryptographic services changes the results dramatically. Our multi-purpose Keccak outperforms our multi-purpose AES by a factor of 4 for throughput over area on average. This underlines the flexibility of the Keccak Sponge and Duplex functions. Our multi-purpose Keccak achieves a throughput of 23.2Gbps in AE-mode (Keyak) on a Xilinx Virtex-7 and 28.7Gbps on a Altera Stratix-IV.
    In order to study this further we also implemented two versions of a dedicated Keyak and dedicated AES-GCM. Our dedicated Keyak implementation outperforms our dedicated AES-GCM on average by a factor 6 in terms of throughput over area reaching a throughput of 28.9Gbps and 4.,Gbps respectively on a Xilinx Virtex-7.Bio:
    Jens-Peter Kaps is an associate professor of electrical and computer engineering at the Volgenau School of Engineering at George Mason University (GMU). He joined GMU after he received a PhD in Electrical and Computer Engineering from Worcester Polytechnic Institute in 2006. He is a co-director of the Cryptographic Engineering Research Group (CERG) at GMU. His research interests include ultra-low power cryptographic hardware design, side-channel analysis, computer arithmetic and efficient cryptographic algorithms. He was general co-chair for the Cryptographic Hardware and Embedded Systems conference (CHES) in 2008 and general chair for the Special-purpose Hardware for Attacking Cryptographic Systems (SHARCS) workshop in 2012.

  • Monday, May 25 at 2 pm in AK 218:
    Last-level cache side-channel attacks are practical
    Presenter: Yuval Yarom (University of Adelaide)

    System virtualisation increases hardware utilisation by sharing the hardware resources between several virtual machines. While these virtual machines are supposed to be isolated from each other, the shared use of the hardware creates side channels which allow malicious virtual machines to collect information about other virtual machines. Previous research has demonstrated techniques for exploiting side channel to steal sensitive information, such as cryptographic keys,. To mitigate against these attacks, virtualisation providers recommend not to share memory between non-trusting virtual machines and to avoid executing non-trusting virtual machines on the same execution core.
    In this talk we present a new technique for implementing a side-channel attack that bypasses both these countermeasures. The attack relies on access to the last-level cache which is shared between all the processor cores. Using the technique, a malicious virtual machine can steal the cryptographic keys from a recent version of GnuPG by observing the side channel over a period of a few minutes.
    The talk is based on a joint work with Fangfei Liu, Qian Ge, Gernot Heiser and Ruby Lee.

    Yuval Yarom is a Research Associate in the School of Computer Science at the University of Adelaide. His main research interests are computer security and cryptography, with a current focus on side-channel attacks and defenses. He obtained his M.Sc. from the Hebrew University, Jerusalem in 1993 and has just completed the requirements for a Ph.D. in Computer Science from the University of Adelaide. Prior to resuming his academic interests, he has spent several years in the industry, doing computer security research at Memco Software and co-founding Girafa.com.

  • Wednesday, April 29 at 11 am in AK 218:
    How to build Trojans
    Presenter: Christof Paar (Ruhr-Universität Bochum & UMASS Amherst)

    Countless systems ranging from consumer electronics to military equipment are dependent on integrated circuits (ICs). A surprisingly large number of such systems are already security critical, e.g., medical devices, automotive electronics, or SCASA systems. If the underlying ICs in such applications are maliciously manipulated through
    hardware Trojans, the security of the entire system can be compromised. In recent years, hardware Trojans have drawn the attention of governments and the scientific community. Initially, the primary attacker model of concern had been a malicious foundry that could alter the design, i.e., introduce hardware Trojans which could interfere with the (security-sensitive) functionality of a chip. Many other attacker models exist too. For instance, the legitimate owner of an IC, e.g., a consumer electronic company abroad, might be in cohort with a foreign intelligence agency and could decide to alter its products in a way that compromises its security. Even though hardware Trojans have drawn considerable attention by the scientific community, little is known about how they might look, especially those that are particularly designed to avoid detection. In this talk we introduce two recent research projects which deal with the Trojan insertion in two different types of hardware platforms, ASICs and FPGAs. Joint work with Georg Becker, Wayne Burleson, Marc Fybriak, Philipp Koppe, Franceso Regazzoni and Pawel Swierczynski.Bio:
    Christof Paar started his career at WPI, where he taught from 1995 to 2001. Since then he has the Chair for Embedded Security at the University of Bochum, Germany, and is affilated professor at the University of Massachusetts Amherst. He co-founded, with Cetin Koc, the CHES (Cryptographic Hardware and Embedded Systems) conference. Christof’s research interests include highly efficient software and hardware realizations of cryptography, physical security, penetration of real-world systems, trusted systems and cryptanalytical hardware. He also works on real-world applications of embedded security, e.g., in cars, consumer devices, smart cards and RFID.Christof has over 150 peer-reviewed publications and is co-author of the textbook Understanding Cryptography (Springer, 2009). He has given invited talks at MIT, Yale, Stanford University, IBM Labs and Intel. He has taught cryptography extensively in industry, including courses at General Dynamics, NASA, Motorola Research, and Philips Research. Christof is Fellow of the IEEE. He co-founded ESCRYPT Inc. – Embedded Security, a leading system provider in industrial security which was acquired by Bosch.

  • Thursday, March 5 at 3pm in AK 233:
    SLEAK: A Side-channel Leakage Evaluator and Analysis Kit
    Presenter: Dan Walters (MITRE)

    Side-channel attacks (SCA) present a major threat to secure embedded systems. Effective software countermeasures against SCA are well known in theory, but in practice are difficult to implement properly due to issues such as unexpected compiler transformations and/or platform-specific leakage sources. Although several recent examples from industry and academia show that SCA is becoming increasingly simple and inexpensive to perform as an attacker, evaluating the security of a system against SCA can still be expensive and time-consuming. Furthermore, most evaluation techniques must be performed near the end of the development schedule which adds significant risk.
    In this talk, a new technique for testing software for SCA vulnerabilities in a fast, inexpensive, and automated manner is presented. This testing could be applied to evaluate software-based SCA countermeasures even without access to source code, as may be the case with proprietary software libraries that are delivered pre-built, and without the use of side-channel collection equipment. The presented implementation of the SLEAK tool demonstrates the efficacy of this technique by detecting vulnerabilities in an AES implementation that utilizes a masking countermeasure. The advantages and limitations of our technique will be discussed, showing that it can be used to detect and understand the sources of many common SCA vulnerabilities early in the development schedule.Bio:
    Dan Walters is a Lead Digital/Micro HW Engineer at MITRE in Electronic Systems Development. Dan has worked in the area of embedded systems and security since arriving at MITRE in 2006. He helped to develop MITRE’s Secure Electronics Lab, which has advanced capabilities for researching implementation security issues such as side-channel leakage, fault induction, and trusted hardware. He is currently the principle investigator on a research project for developing tools to evaluate cryptographic software against implementation attacks.
  • Thursday, February 26 at 3pm in AK 233:
    SRAM-based Physical Unclonable Functions
    Presenter: Daniel Holcomb (UMass Amherst)

    This talk presents our research into SRAM-based Physical Unclonable Functions (PUFs). PUFs are circuits that use the inherent process variations of each chip to generate unique identifiers or secret keys. SRAM circuits are well-suited for use in PUFs because SRAM cells are small in area and have a differential structure that is insensitive to common mode noise. The talk will include three distinct approaches to SRAM PUFs: (1) the use of SRAM power-up state as an identifier, (2) the use of minimum data-retention voltages as an identifier, and (3) circuit modifications that enable native challenge-response operation from SRAM. These three approaches are published in IEEE Transactions on Computers 2009, RFIDSec 2012, and CHES 2014, respectively.

    Daniel Holcomb is an Assistant Professor of ECE at UMass Amherst. He received B.S and M.S. degrees in ECE from UMass Amherst, and a Ph.D. in EECS from UC Berkeley in 2013; his dissertation topic was formal verification of network-on-chip QoS properties using scalable model checking. In 2014 he was a research fellow at the University of Michigan working with Kevin Fu. His research focuses on methodologies for building secure, reliable, and efficient embedded systems.

  • Thursday, February 12 at 3pm in AK 233:
    Improving Uniqueness and Modeling Attack Resistance of Strong PUFs
    Presenter: Sandip Kundu (UMass Amherst)

    Abstract:Hardware authentication is fundamentally concerned with establishing the authenticity of smart tags or system components including the provenance of ICs throughout its lifecycle. Physically Unclonable Functions (PUFs) are promising for low-cost authentication since they are based on inherent random physical disorder that cannot be cloned – even by their manufacturer. In principle, a set of challenge-response pairs unique to a PUF characterizes its behavior that makes low-cost unique identification possible. Strong PUFs are a subclass of PUFs that possess an extremely large input-output space, potentially denying an adversary the ability to mount a cloning attack. Despite its promise, Strong PUFs currently do not live up to the expectations due to low uniqueness that arise from correlation in manufacturing process variations, ability of an attacker to model the behavior of a PUF from observing a limited set of challenge-response pairs, ability of multiple agents from manufacturer, distributor to system integrator to mine the CRP data at various points in the supply chain and unreliability of PUF responses over its range of operating conditions and over its lifetime.In this talk we will describe a solution to the low PUF uniqueness based on actual PUF testing, where non-unique parts will be identified and be subjected to ex post-facto recovery by repair, similar to memory repair techniques. The testing problem is complicated by the fact that a PUF response must be compared against all previous unique PUF responses without increasing test time or cost. We propose multi-index hashing to speed-up this process and show practicality of the solution. We address the modeling attack problem by a novel non-linear circuit design solution that simultaneously improves modeling attack resistance, reliability and uniqueness.

    Sandip Kundu is a Professor at the University of Massachusetts at Amherst. Prior to joining academia, he spent 17 years in industry: first as a Research Staff Member at IBM Research Division and then at Intel Corporation as a Principal Engineer. He has published over 200 research papers in VLSI Design and Test and holds several key patents including ultra-drowsy sleep mode in processors, and has given more than a dozen tutorials at various conferences.

Former Seminars:
2014 Security Seminars
2013 Security Seminars
2012 Security Seminars