Theory of Implementation Security Workshop 2020

This workshop has been rescheduled to 15 - 19 February 2021

Description
The more important information and communication technology becomes in our professional and private lives, the more important it is whether the underlying technology is trustworthy. Cryptography forms an essential building block for solutions that offer security and privacy. The traditional application of cryptography is the protection of communication lines. In this scenario it is assumed that both sender and receiver have equipment protected by physical means and hence are not subject to attacks. Given this assumption, there exist various well defined and standardized algorithms and protocols that can be used today. However, in modern applications like payment cards, set-top boxes, IoT devices, etc., this assumption is no longer true. The attacker often has physical access to the device on which the cryptographic algorithms are executed, and can conduct physical attacks by measuring the side channels (execution time, power consumption, electro-magnetic (EM) radiation) or injecting faults (glitching, laser injection, electro-magnetic perturbation).

With the deployment of the Internet of Things, the interest in physical attacks on embedded systems and the implementation security of these systems is rapidly increasing, both in academia and industry. Take for example a typical IoT device where a secure execution environment can only be guaranteed if device boot, firmware update, debug access and device attestation are secured. The security of these services heavily relies on secure implementation of cryptographic primitives. Protecting symmetric and private keys during encryption and signing as well as the protection of signature verification against physical attacks is of the utmost importance for guaranteeing a secure execution environment on IoT device.

Secure implementation of cryptographic primitives is possible only when the tools used for functional and security verification are part of the design process. Certification comes as the final ingredient, ensuring independent assessment of the implemented countermeasures. Theory of secure implementation,  its verification and certification are the three topics we are going to cover during the workshop. System aspects such as impact on performance, power consumption and silicon area are also going to be taken into account and carefully considered during our discussions.
 
Sophisticated security certification and evaluation methods (FIPS, CC, etc.) have been established to give assurance about the functionality and claimed security. The drawback is that currently there is no standardized methodology, let alone a clear theory of implementation security. This lack of formalization results in industry using time consuming, expensive and sometimes dubious methods to achieve and validate implementation security. Therefore, there is an emerging need on one side for further developing and deploying in industry provably secure protection methods and automated verification tools; and on the other side improving the efficiency and quality of certification by integrating these tools and methods which will allow assessment of the resilience of implementations to physical attacks with low cost and in a short time. All these challenges motivate even more research on the Theory of Implementation Security.

One of the goals of the workshop will be to discuss current and future challenges of implementation security when cost and performance metrics together with increasingly strong adversaries are considered. Along the same line, various novel attack vectors and methodologies to verify the security of a given implementation are of crucial importance, as development of countermeasures (as well as the verification tools) is not feasible without knowing the possible expertise and capability of the adversary. Another goal of the workshop is to propose possible alternatives to define recommendations based on the best practices for HW/SW implementations secure against physical attacks, which could serve as a base for future standard(s). We plan to devote special attention to the ongoing initiative of NIST to standardize threshold cryptography, in particular threshold circuits.