Side-channel attacks, a special class of attacks against breaking the security that is used by or stored in electronic devices like smart cards or RFID chips, are becoming a major problem. Scientists have recently discovered the starting point of what may be fundamental approaches to defend against side-channel attacks. At the workshop ‘Provable Security against Physical Attacks’, that started today at the Lorentz Center in Leiden, cryptographers and hardware engineers gather to develop new methods and tools. The Centrum Wiskunde & Informatica (CWI), Leiden University, MIT, the Catholic University of Leuven and ENS Paris are organizing the event.
In our daily life we use a number of mobile electronic devices, like banking cards to withdraw money from an ATM, the OV-chip card, a smart card or electronic car keys. To make those devices secure, strong cryptography (like encryption and authentication schemes) is implemented on them. In theory this should prevent any misuse. However in practice such devices are nonetheless often successfully compromised by so called side-channel attacks. In such attacks, the weaknesses in the physical implementation of the device are exploited rather than breaking the strong cryptography directly.
For certain implementations of a number of cryptographic methods it has been demonstrated that by measuring the physical properties, like the power consumption of a chip on a banking card, the secrets stored on the chip can be extracted. This breaks the security of the card. Also by measuring the electromagnetic radiation emitted by the chips, the security of RFID chips that are used in electronic (car) keys can be broken.
Side-channel attacks are a major problem in practice and much research is being done to find countermeasures. Hardware engineers mostly do this research as it has been believed that side-channel attacks are a practical problem. However, recently new cryptographic principles were discovered that contribute in making implementations secure against any known or unknown side-channel attack. Thereby making only minimal assumptions on the hardware on which the scheme is implemented. The first cryptographic systems that are based on these principles have recently been developed and offer a high level of assurance.
The "Provable Security against Physical Attacks" workshop will bring together cryptographers, applied researchers and people from the industry interested in this new line of research from all over the world. Scientists from over 40 universities and institutes will participate. This is the first time that a meeting in this format is being organised in Europe. The first one took place as recently as August 2009 at MIT (USA).
In the media: Ronald Cramer, Krzysztof Pietrzak and Eike Kiltz in Automatisering Gids