Bei der diesjährigen „Conference on Cryptographic Hardware and Embedded Systems 2019“ (CHES) in Atlanta, USA, wurden mehrere HGI-Wissenschaftler geehrt. Dr. Amir Moradi und der Doktorand Thorben Moos (Lehrstuhl Embedded Security) erhielten für ihr Paper „Glitch-Resistant Masking Revisited or Why Proofs in the Robust Probing Model are Needed“ den Best Paper Award der Konferenz. Die Arbeit ist in einer Kooperation mit Forschern der Université catholique de Louvain entstanden.
Außerdem wurde Prof. Christof Paar für sein Engagement für die CHES geehrt: Vor 20 Jahren gründete er die Konferenz zusammen mit Çetin Kaya Koç. Inzwischen ist die CHES mit über 400 Teilnehmern jährlich die weltweit wichtigste Konferenz im Bereich der angewandten Kryptografie. Sie findet rotierend auf drei Kontinenten (Europa, Nordamerika, Asien) statt.
Mehr Informationen erhalten Sie hier.
Abstract zum Paper:
Moos, T., Moradi, A., Schneider, T., & Standaert, F.-X. (2019). Glitch-Resistant Masking Revisited. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2019(2), 256-292
Implementing the masking countermeasure in hardware is a delicate task. Various solutions have been proposed for this purpose over the last years: we focus on Threshold Implementations (TIs), Domain-Oriented Masking (DOM), the Unified Masking Approach (UMA) and Generic Low Latency Masking (GLM). The latter generally come with innovative ideas to cope with physical defaults such as glitches. Yet, and in contrast to the situation in software-oriented masking, these schemes have not been formally proven at arbitrary security orders and their composability properties were left unclear. So far, only a 2-cycle implementation of the seminal masking scheme by Ishai, Sahai and Wagner has been shown secure and composable in the robust probing model – a variation of the probing model aimed to capture physical defaults such as glitches – for any number of shares.
In this paper, we argue that this lack of proofs for TIs, DOM, UMA and GLM makes the interpretation of their security guarantees difficult as the number of shares increases. For this purpose, we first put forward that the higher-order variants of all these schemes are affected by (local or composability) security flaws in the (robust) probing model, due to insufficient refreshing. We then show that composability and robustness against glitches cannot be analyzed independently. We finally detail how these abstract flaws translate into concrete (experimental) attacks, and discuss the additional constraints robust probing security implies on the need of registers. Despite not systematically leading to improved complexities at low security orders, e.g., with respect to the required number of measurements for a successful attack, we argue that these weaknesses provide a case for the need of security proofs in the robust probing model (or a similar abstraction) at higher security orders.
Download-Link zum Paper.
Allgemeiner Hinweis: Mit einer möglichen Nennung von geschlechtszuweisenden Attributen implizieren wir alle, die sich diesem Geschlecht zugehörig fühlen, unabhängig vom biologischen Geschlecht.