Side-Channel Secure Designs and Implementations of Cryptographic Algorithms in Embedded Systems

嵌入式系统中密码算法的侧通道安全设计和实现

• 批准号: RGPIN-2020-06492
• 负责人: Taha, Mostafa
• 金额: $ 2.04万
• 依托单位: Carleton University
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2020
• 资助国家: 加拿大
• 起止时间: 2020-01-01 至 2021-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=717680
• 关键词: Side; Channel; Secure; Designs; Implementations

The widespread deployment of embedded systems and the Internet of Things (IoT), in our homes, cars, workplaces, manufacturing lines, hospitals, and power plants rely critically on their secure operation. Although the underlying mathematical foundations of the popular cryptographic algorithms are sound and well-understood, their actual realizations as cryptographic chips are not secure. Recent research has shown that the typical implementations of cryptographic algorithms can leak sensitive information through several side and covert channels. These channels include variations in the power consumption, electromagnetic radiation, execution time, photonic emissions, acoustic waves, response to induced faults, along with others. This group of attacks is called Implementation Attacks, where the adversary exploits weaknesses in the underlying implementation of a cryptographic algorithm rather than its mathematical structure. Implementation Attacks can be passive (known as Side-Channel Analysis) or active (known as Fault Attacks). The proposed research program seeks a deeper and more quantified understanding of side channel analysis and implementation attacks against critical embedded and IoT systems and proposes novel design methodologies and robust implementations that are secured against these attacks without violating usability, cost or real-time constraints. The objectives of this program include: 1- Building a fair, uniform and standardized evaluation platform for the analysis and quantification of information leakage in the cryptographic chips of embedded and IoT systems. This evaluation platform is essential not only to the security assessment of the new designs and implementations to be proposed in this research program, but also to analyze cryptographic chips used by government services and the industry. 2- Proposing new, more efficient, implementations of the currently used standard cryptographic algorithms. This is an ongoing research topic, where all the current implementations, both in hardware and software, are being rebuilt to incorporate security against implementation attacks. 3- Developing secure implementations for the new Quantum Resistant Cryptography (QRC), also called Post-Quantum Cryptography (PQC), as a research goal of the Government of Canada. Currently, there are 26 new PQC algorithms that are being evaluated, each with several target security levels. These algorithms need to be analyzed within the framework of implementation attacks, and secure implementations need to be proposed. 4- Proposing novel design methodologies toward having new cryptographic algorithms that are side-channel-aware. In this research objective, we will propose tools to prevent information leakage in the design phase of new algorithms, rather than addressing the problem as an aftermath. This research program is multidisciplinary as it overlaps between science and engineering fields.

嵌入式系统和物联网（IoT）在我们的家庭、汽车、工作场所、生产线、医院和发电厂中的广泛部署严重依赖其安全运行。虽然流行的加密算法的底层数学基础是健全的和很好理解的，但它们作为加密芯片的实际实现并不安全。最近的研究表明，密码算法的典型实现可以通过多个侧面和隐蔽通道泄漏敏感信息。这些通道包括功耗、电磁辐射、执行时间、光子发射、声波、对诱发故障的响应等方面的变化。这组攻击被称为实现攻击，其中对手利用加密算法的底层实现中的弱点，而不是其数学结构。实施攻击可以是被动的（称为侧通道分析）或主动的（称为故障攻击）。 拟议的研究计划旨在更深入、更量化地了解针对关键嵌入式和物联网系统的侧信道分析和实施攻击，并提出新颖的设计方法和强大的实施方案，以防止这些攻击，而不违反可用性、成本或实时限制。 该计划的目标包括：1-为嵌入式和物联网系统的加密芯片中的信息泄漏分析和量化建立一个公平，统一和标准化的评估平台。该评估平台不仅对本研究计划中提出的新设计和实施的安全评估至关重要，而且对分析政府服务和行业使用的加密芯片也至关重要。2-提出新的，更有效的，目前使用的标准加密算法的实现。这是一个正在进行的研究主题，其中所有当前的实现，无论是在硬件和软件中，都正在重建，以纳入针对实现攻击的安全性。3-开发新的量子抵抗密码学（QRC）的安全实现，也称为后量子密码学（PQC），作为加拿大政府的研究目标。目前，有26个新的PQC算法正在评估中，每个算法都有几个目标安全级别。这些算法需要在实现攻击的框架内进行分析，并提出安全的实现。4-提出新的设计方法，以获得新的加密算法，是侧信道感知。在本研究目标中，我们将提出在新算法的设计阶段防止信息泄漏的工具，而不是将问题作为后果来解决。该研究计划是多学科的，因为它在科学和工程领域之间重叠。