-HGI News- New Emmy Noether Group Aims to Make Hardware Chips Provable Secure

[English Newsletter of the Horst Goertz Institute for IT Security]

Bochum, January 12, 2023

 

New Emmy Noether Group Aims to Make Hardware Chips Provable Secure

Dr. Pascal Sasdrich (Chair of Security Engineering) will be funded by the
DFG with 1.3 million euros for his project CAVE.

 

In 2023, the German Research Foundation (DFG) funds a new Emmy Noether group
in the field of IT security at Ruhr-Universität Bochum. Dr. Pascal Sasdrich,
Chair of Security Engineering/Faculty of Computer Science is the research
group leader. With his project “COMPUTER-AIDED VERIFICATION OF PHYSICAL
SECURITY PROPERTIES“, CAVE for short, he wants to advance the protection of
security-critical implementations, such as those used in hardware chips,
against physical attacks. Within the Emmy-Noether program, CAVE is funded
with 1.3 million euros over six years, which qualifies for a university
professorship.

 

Many Chips Are not Verifiably Secure

 

In our digital environment, we use numerous objects that contain embedded
chips. These hardware elements are nowadays quite small but hold important
functions. “To put it simply, a chip encrypts or decrypts data by
cryptographic processes“, explains Sasdrich. From EC cards to IoT devices
for the smart home: concerning sensitive data, users rely on trusting the
technology. The more surprising it seems is that many chips are not
verifiably secure. That means they cannot withstand all kinds of attacks,
Sasdrich says. “Pen-Testing is often done in the commercial world using best
practices. If the prototype can withstand the tested attacks, it might be
promoted as secure“, Sasdrich said. 

 

But there are many ways to attack, and testing exhaustively is often
impossible. For example, an attacker uses the power consumption of the chips
to infer information about security-critical data. In IT security, this is
called a side-channel attack. It could be used to break the encryption of
secret information.

 

CAVE May Ease Developers' Workload

 

Implementation of security in technical components, however, costs time and
money - and requires technical expertise. Tasks such as protection against
side-channel analysis (SCA) or fault injection analysis (FIA) are
sophisticated and error-prone, even with years of experience, Sasdrich said.
In contrast, some attacks targeting these chips don't require much effort.
This makes them a real threat.

 

That's why Sasdrich's project aims to develop methods that can be used
during the design process to verify components' ability to withstand
attacks. They can ease the developers' workload by enabling automated and
computer-aided testing even before the prototype is created. These
procedures have the potential to increase the security of future
developments.

 

Long-Term Goal: Provable Security for an Entire Processor

 

The research group's work is based on two principles. The first is based on
scientifically formalizing the attacker models. By doing so, they can prove
the security of their assumptions. The other is to develop tools and
programs based on the formalized attacker models that can be used during the
chip design process.

 

Initially, Sasdrich's research group will focus on cryptographic functions.
The long-term goal, he says, remains to work toward provable security for an
entire processor. This would be a valuable contribution by the Bochum
scientists to the protection of our sensitive data.

 

 

Press Contact

Dr.-Ing. Pascal Sasdrich

Faculty of Computer Science

Universitätsstr. 150

D-44801 Bochum

T.: (+49)(0)234 / 32 - 25734

E-Mail: Pascal.Sasdrich at rub.de

 

General note: In case of using gender-assigning attributes we include all
those who consider themselves in this gender regardless of their own
biological sex.

 

For more news about IT Security Research in Bochum, please visit
<https://hgi.rub.de/en/news> our website.

 

 

 

Kind regards

 

Christina Scholten

 

RUHR-UNIVERSITÄT BOCHUM

Horst Görtz Institut for IT Security/ Cluster of Excellence CASA 

Marketing and Public Relations

MC EG 78, Post Box MC 3

Universitätsstr. 150

44780 Bochum, Germany

Tel: +49-(0)234-32-29274

E-Mail:  <mailto:christina.scholten at rub.de> christina.scholten at rub.de

 

 <http://www.hgi.rub.de/> www.hgi.rub.de 

 <http://www.casa.rub.de/> www.casa.rub.de

 

To unsubscribe from any further information from the Horst Görtz Institute
for IT Security, follow
<https://lists.ruhr-uni-bochum.de/mailman/listinfo/hgi-news-international>
this link.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ruhr-uni-bochum.de/pipermail/hgi-news-international/attachments/20230112/e609dabb/attachment.htm>