 |
Quo vadis cryptology ?
Threat of Side-Channel Attacks
5th International Workshop on the state of the art in cryptology and new challenges
ahead
Warsaw, Poland
Monday, May 28th, 2007
LORD
Hotel (near the Warsaw Airport)
Street: Al. Krakowska 218
Warsaw, POLAND
Program:
|
8:00 - 9:00 |
- |
Registration |
|
9:00 - 9:05 |
- |
Welcome and the introduction of
the speakers |
|
9:05 - 10:20 |
- |
Overview of side-channel analysis
Marc Joye
Thomson R&D France, Security Lab |
|
10:20 -10:45 |
- |
Coffee break |
|
10:45 -12:00 |
- |
Side-channel attacks and countermeasures for curve based
cryptography
Tanja Lange
Technische Universiteit Eindhoven, the Netherlands |
|
12:00 - 13:30 |
- |
Lunch |
|
13:30 - 14:45 |
- |
Cache-based side channel attacks and their implications
Eran Tromer
Massachusetts Institute of Technology, USA |
|
14:45 -15:05 |
- |
Coffee break |
|
15:05-16:20 |
- |
The impact of side-channel attacks on
the design of cryptosystems
Daniel J. Bernstein
University of Illinois at Chicago, USA |
|
16:20-16:30 |
|
Short break |
|
16:30-18:00 |
|
Panel discussion with the
participation of all speakers
moderators:
Kris Gaj, George Mason University, USA,
Josef Pieprzyk, Macquarie University, Sydney, Australia
Arkadiusz Orlowski, Instytut Fizyki PAN &
Katedra Informatyki SGGW, Warsaw, Poland |
|
|
|
|
Location & fees:
Location:
LORD Hotel (near the Warsaw Airport)
Street: Al. Krakowska 218
WARSAW, POLAND
Workshop fee (including lecture notes):
640 PLN +22% VAT = 781 PLN
(approx. 185 Euro (incl. VAT), $244 US (incl. VAT))
Payment method:
by cash (only Polish currency accepted) at the workshop
Pre-registration
in order to pre-register, please send an e-mail including your
first name, last name, and affiliation to
kgaj@gmu.edu
Accommodation:
Please contact hotel LORD
tel: (48 22) 574 20 20,
fax: (48 22) 574 21 21,
e-mail: okecie@hotellord.com.pl
Approximate prices and on-line reservation
You can also consider other hotels in the Warsaw airport area.
Visas:
Citizens of the following countries may travel to Poland for tourism and
business purposes without a visa if the planned stay in Poland does not
exceed 90 days:
Andorra, Argentina, Austria, Australia, Belgium, Bolivia, Brazil,
Brunei, Bulgaria, Canada, Chile, Costa, Rica, Croatia, Czech Republic,
Cyprus, Denmark, Estonia, Finland, France, Greece, Germany, Guatemala,
Honduras, Hong Kong, Hungary, Iceland, Ireland, Israel, Italy, Japan,
Latvia, Liechtenstein, Lithuania, Luxembourg, Macao, Malaysia, Malta,
Mexico, Monaco, Netherlands, Nicaragua, Norway, New Zealand, Panama,
Portugal, Romania, Salvador, San Marino, Singapore, Slovakia, Slovenia,
South Korea, Spain, Sweden, Switzerland, United Kingdom, United States
of America, Uruguay, Vatican, Venezuela.
Citizens from other countries not enumerated on the list above need
to have a visa when visiting Poland.
Organizer:
ENIGMA Information Security Systems Sp. z o.o.
Cietrzewia Street, No. 8,
02-492 Warsaw, POLAND
http://www.enigma.com.pl (in Polish)
phone: (+48 22) 863 62 65, fax: (+48 22) 863 62 65 ext. 25
Program Committee:
Kris Gaj, George Mason University, U.S.A.
Karol Gorski, ENIGMA ISS Sp. z o.o., Warsaw, Poland
Arkadiusz Orlowski, Instytut Fizyki PAN & Katedra Informatyki SGGW,
Warsaw, Poland
Jozef Pieprzyk, Macquarie University, Sydney, Australia
Abstracts:
Overview of side-channel analysis
Marc Joye
Thomson R&D France, Security Lab
In this talk, we will give an overview of side-channel attacks.
Side-channel analysis is a powerful technique introduced by Paul Kocher.
The principle consists in collecting some extra information from one or
several side channels (e.g., running time, power consumption, or
electromagnetic radiation) and then in recovering secrets (or part
thereof) from the collected data. Several examples on a variety of
cryptographic algorithms will be presented.
Side Channel Attacks and Countermeasures for Curve Based
Cryptography
Tanja Lange
Technische Universiteit Eindhoven, the Netherlands
Since curve based cryptography is very attractive for embedded systems,
particular care has to be taken in the implementation to avoid side
channel leakages. We give an overview of the different types of
countermeasures introduced against simple and differential side-channel
attacks and show which of these are secure against Goubin type attacks
and which counteract fault attacks. Most of the ideas apply to elliptic
and hyperelliptic curves. One approach - which so far is only explored
for elliptic curves - is to thwart simple side-channel attacks is to use
unified group operations, i.e. one schedules the field operations needed
to compute an addition or a doubling so that the order is the same for
both cases. We recently introduced a new way of representing elliptic
curves which leads to the fastest unified group operations and which is
also very attractive for computing multi-scalar multiplications. Finally
we briefly comment on side-channel attacks and countermeasures for
pairing based cryptography.
Cache-based side channel attacks and their implications
Eran Tromer
Weizmann Institute of Science, Israel
Computer Science and Artificial Intelligence Laboratory, Massachusetts
Institute of Technology, USA
Modern processors employ virtualization and access control mechanisms
to protect the content of processes' memory. However, information about
the memory addresses being accessed is leaking through a shared
resource, namely the CPU memory cache. This talk will show how this
ubiquitous phenomenon can be practically exploited as a side channel,
and describe cryptanalytic applications to widely deployed ciphers and
systems. Consequences include violations of security boundaries in many
multi-user, sandboxed and virtualized systems.
The impact of side-channel attacks on the design of cryptosystems
Daniel J. Bernstein
University of Illinois at Chicago, USA
Authors of cryptographic software have to go to extra effort to
protect themselves against cache-timing attacks, branch-prediction
attacks, and other side-channel attacks. The extra effort depends on the
cryptosystem; side-channel resistance often makes an otherwise
attractive cryptosystem end up consuming far more resources than the
system designer had originally expected. This talk will explain how to
write cryptographic software that keeps secret information safely away
from all known software side channels, and how to design cryptosystems
that remain efficient when they are implemented in this way. Examples
will be drawn from several areas of secret-key and public-key
cryptography.
Speaker bios:
Marc Joye
Thomson R&D France, Security Lab
Dr. Marc Joye is with the Security Laboratory, Thomson R&D,
France. Before joining Thomson, he was a post-doctoral fellow of the
National Science Council, Republic of China, and a researcher in the
Card Security Group of Gemplus. His research interests include
cryptography, computer security, computational number theory, and
smart-card implementations. He is author and co-author of 70+ scientific
papers and holds several patents. He served in numerous program
committees and was program chair of CT-RSA 2003 and CHES 2004. He is a
member of the IACR and co-founder of the UCL Crypto Group.
Tanja Lange
Technische Universiteit Eindhoven, the Netherlands
Tanja Lange is professor at the Technische Universiteit Eindhoven, the
Netherlands. Before joining TUE she worked at the Technical University
of Denmark and the Ruhr-University Bochum, Germany. She is well-known
for her work on elliptic and hyperelliptic curves, making hyperelliptic
curves competitive with elliptic curves in speed and beating them for
special choices. She is one of the main authors of the Handbook of
Elliptic and Hyperelliptic Curve Cryptography (http://www.hyperelliptic.org/HEHCC/)
and wrote in particular the chapter on side-channel attacks on curves.
Together with Christof Paar she funded the "SHARCS -- Special-purpose
Hardware for Attacking Cryptographic Systems" (www.sharcs.org)
workshop series which is running in the third year. Together with Daniel
Bernstein she is running the eBATS (ECRYPT Benchmarking of Asymmetric
Systems) competition (www.ecrypt.eu.org/ebats)
and the "SPEED -- Software Performance Enhancement for Encryption and
Decryption" workshop (www.hyperelliptic.org/SPEED).
Eran Tromer
Massachusetts
Institute of Technology, USA
Eran Tromer is a postdoctoral fellow at the Massachusetts Institute
of Technology. His research focuses on side-channel cryptanalysis and
hardware-based cryptanalytic devices. He received the John F. Kennedy
award for his Ph.D. (pending) advised by Prof. Adi Shamir at the
Weizmann Institute of Science, Israel, and the Rothschild fellowship.
Daniel J. Bernstein
University of Illinois at Chicago, USA
Daniel J. Bernstein is Professor in the Department of Mathematics,
Statistics, and Computer Science at the University of Illinois at
Chicago. Professor Bernstein has received a U.S. National Science
Foundation CAREER award and a Sloan Research Fellowship for his research
in computational number theory, cryptography, and computer security. He
is the author of dozens of papers and two of the Internet's most popular
server software packages.
Related links:
Marc Joye - personal web
page
Tanja Lange - personal
web page
Eran Tromer -
personal web page
Daniel J. Bernstein - personal web page
Fourth Workshop “Quo vadis
cryptology? - The Future of Financial and Critical Data Security,
Warsaw, May 2006
Third Workshop “Quo vadis
cryptology? - Advances in cryptanalysis, Warsaw, May 2005
Second Workshop “Quo vadis cryptology? - AES Under Attack: Designing
Secure Ciphers and the Challenge of Algebraic Attacks, Warsaw, May 2004
|
 |