Worcester Polytechnic Institute

Upcoming Seminar: Dan Walters

  • Thursday, March 5 at 3pm in AK 233:

    SLEAK: A Side-channel Leakage Evaluator and Analysis Kit
    Presenter: Dan Walters (MITRE)

    Abstract:
    Side-channel attacks (SCA) present a major threat to secure embedded systems. Effective software countermeasures against SCA are well known in theory, but in practice are difficult to implement properly due to issues such as unexpected compiler transformations and/or platform-specific leakage sources. Although several recent examples from industry and academia show that SCA is becoming increasingly simple and inexpensive to perform as an attacker, evaluating the security of a system against SCA can still be expensive and time-consuming. Furthermore, most evaluation techniques must be performed near the end of the development schedule which adds significant risk.
    In this talk, a new technique for testing software for SCA vulnerabilities in a fast, inexpensive, and automated manner is presented. This testing could be applied to evaluate software-based SCA countermeasures even without access to source code, as may be the case with proprietary software libraries that are delivered pre-built, and without the use of side-channel collection equipment. The presented implementation of the SLEAK tool demonstrates the efficacy of this technique by detecting vulnerabilities in an AES implementation that utilizes a masking countermeasure. The advantages and limitations of our technique will be discussed, showing that it can be used to detect and understand the sources of many common SCA vulnerabilities early in the development schedule.

    Bio:
    Dan Walters is a Lead Digital/Micro HW Engineer at MITRE in Electronic Systems Development. Dan has worked in the area of embedded systems and security since arriving at MITRE in 2006. He helped to develop MITRE’s Secure Electronics Lab, which has advanced capabilities for researching implementation security issues such as side-channel leakage, fault induction, and trusted hardware. He is currently the principle investigator on a research project for developing tools to evaluate cryptographic software against implementation attacks.

  • Applied Cryptology Seminar
    The seminar features presentations of hot topics within the
    interdisciplinary field of cyber-security.

    All are welcome!

    For current information on the seminar, please visit:
    http://v.wpi.edu/seminars/