CAREER: Practical Leakage Resilience: Provable Side-Channel Resistance for Embedded Systems

职业：实用漏电恢复能力：嵌入式系统可证明的侧沟道电阻

• 批准号: 1054776
• 负责人: Thomas Eisenbarth
• 金额: $ 51.33万
• 依托单位: Florida Atlantic University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2011
• 资助国家: 美国
• 起止时间: 2011-01-15 至 2012-11-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1054776&HistoricalAwards=false
• 关键词: CAREER; Practical; Leakage; Resilience; Provable

The security of pervasive computing devices relies on cryptographic engines which are usually considered the most trusted part of the system. An immanent threat to embedded cryptographic engines are physical attacks. Practical countermeasures against physical attacks are not completely fail-safe and overly expensive for most applications. Theoretical approaches, however, still tend to have imperfect leakage models and wrong or impractical assumptions about the abilities of cryptographic sub-primitives. Yet, the theoretical concepts of leakage resilience, which have been mostly disregarded by practitioners, carry a great potential to construct cryptographic primitives that resist physical attacks and allow for more resource-efficient implementations.The project investigates solutions for basic cryptographic services that are (i) secure in the presence of physical attacks and (ii) are comparable in performance and costs to state-of-the-art implementations of cryptography. This is achieved by enhancing the concepts of leakage resilience to make them applicable in the constrained regimes of embedded pervasive systems. Theoretical concepts are advanced and brought into practice by actual implementation. Practical evaluation uncovers remaining weaknesses in the currently used leakage models. By combining the advantages of both approaches ? a thorough practical evaluation of the applied methods and the well-defined leakage-resilience of the theoretical approaches ? stronger, more reliable, and practical solutions are derived. Besides an increased security for the wide range of embedded products, the findings give valuable feedback to both theoretic cryptographers and practical security architects. Only security solutions that are leakage resilient, withstand practical evaluation and match economic expectations guarantee a widespread use and hence more secure pervasive systems.

普适计算设备的安全性依赖于密码引擎，密码引擎通常被认为是系统中最可信的部分。对嵌入式加密引擎的一个直接威胁是物理攻击。针对物理攻击的实际对策对于大多数应用来说不是完全故障安全的并且过于昂贵。然而，理论方法仍然倾向于具有不完美的泄漏模型和关于密码子原语的能力的错误或不切实际的假设。然而，渗漏复原力的理论概念大多被实践者忽视，具有很大的潜力，可以构建抵抗物理攻击的加密原语，并允许更资源有效的实现。该项目研究了基本加密服务的解决方案，这些解决方案（i）在物理攻击的存在下是安全的，（ii）在性能和成本方面与最先进的加密服务相当。密码学的艺术实现。这是通过增强泄漏弹性的概念，使它们适用于嵌入式普适系统的约束制度。通过实际执行，提出理论概念并付诸实践。实际评价揭示了目前使用的渗漏模型中仍然存在的弱点。通过结合两种方法的优点？一个彻底的实际评价的应用方法和明确界定的泄漏弹性的理论方法？得到更强、更可靠和更实用的解决方案。除了增加了广泛的嵌入式产品的安全性，研究结果提供了宝贵的反馈，理论密码学家和实际的安全架构师。 只有具有泄漏弹性、经得起实际评估并符合经济预期的安全解决方案才能保证广泛使用，从而使系统更加安全。