HGI-Kolloquium

Jedes Semester wird das HGI-Kolloquium zu aktuellen Themen der IT-Sicherheit angeboten. Es wird von den Lehrstühlen des Institutes organisiert und ist für alle interessierten Personen offen, externe Gäste sind immer willkommen. Wenn Sie den HGI-Newsletter abonnieren, bekommen Sie die Vortragsankündigungen rechtzeitig per E-Mail.

Das Seminar findet in der Regel donnerstags um 11:00 Uhr im Gebäude ID auf Etage 04 in Raum 413 statt Wegbeschreibung.

Dieses Semester wird das Seminar vom Lehrstuhl für Systemsicherheit organisiert. Untenstehend finden Sie eine ­Liste der geplante­n Termine und Vorträge für das ganze Semester. Falls nicht anders angekündigt, finden alle Vorträge um 11.00 Uhr s.t. statt.

Datum Vortragende Person Zugehörigkeit Titel Raumnummer Beginn
25.04.2013 Oliver Mischke RUB Masking the AES Sbox - Implementation Aspects and Side-Channel Analysis ID 04/413 11.00 Uhr
02.05.2013 Michael Schneider TU Darmstadt Challenges in Lattice-Based Cryptography ID 04/413 11.00 Uhr
16.05.2013 Douglas Stebila Queensland University of Technology Double-authentication-preventing signatures ID 04/413 11.00 Uhr
20.06.2013 Kenny Paterson Royal Holloway College, University of London TLS Security - Where Do We Stand? ID 04/413 11.00 Uhr
27.06.2013 Johann Heyszl Fraunhofer AISEC Impact of Localized Electromagnetic Field Measurements on Implementations of Asymmetric Cryptography ID 04/413 11.00 Uhr
11.07.2013 Christina Pöpper RUB Security in GPS & more: Where we are ID 04/413 11.00 Uhr

Masking the AES Sbox - Implementation Aspects and Side-Channel Analysis

While in todays world most cryptographic algorithm are secure from a mathematical point of view considering a black-box scenario, the implementations of many of them can easily be broken if attacked by side-channel analysis (SCA). This talk will focus on the security of a masked AES Sbox, using the masking scheme of Canright as a case study. While it should in theory be able to resist against a certain type of SCA, glitches in the underlying hardware circuit cause an exploitable leakage. Different methods to increase the resistance of the implementation against power analysis attackes are analyzed and compared. First we will add shuffling as a hiding-based countermeasure and evaluate how it complements the chosen masking scheme. Second we will present a new implementation technique which utilizes the special way FPGA elements are constructed to minimize or completely eliminate the effect of glitches.

Challenges in Lattice-Based Cryptography

Lattice-based cryptography is one of the most promising candidates for future cryptography. The security of lattice-based schemes relies on the hardness of lattice problems that remain secure even in the presence of large-scale quantum computers. But so far, lattice-based cryptosystems come with a few issues that have to be addressed before a real-world rollout can take place.

In the area of cryptanalysis, there is still no common approach of assessing the practical security of lattice-based schemes. In addition, there are new heuristic improvements to the strongest algorithms for cryptanalysis that have to be taken into account.

From the implementation point of view, lattice-based schemes are supposed to be easy to implement. They only apply simple operations like matrix or polynomial multiplication and addition. A closer look reveals the necessity to implement these operations in a fast and clever manner, in order to make the schemes comparable to classical cryptosystems.

We give an overview of the challenges in both areas, cryptanalysis as well as practical implementations.

Double-authentication-preventing signatures

Digital signatures are often used by trusted authorities to make unique bindings between a subject and a digital object; for example, certificate authorities certify a public key belongs to a domain name, and time-stamping authorities certify that a certain piece of information existed at a certain time. Traditional digital signature schemes however impose no uniqueness conditions, so a malicious or coerced authority can make multiple certifications for the same subject but different objects. We propose the notion of a double-authentication-preventing signature, in which a value to be signed is split into two parts: a subject and a message. If a signer ever signs two different messages for the same subject, enough information is revealed to allow anyone to compute valid signatures on behalf of the signer. This double-signature forgeability property prevents, or at least strongly discourages, signers misbehaving. We give a generic construction using a new type of trapdoor functions with extractability properties, which we show can be instantiated using quadratic residues modulo a Blum integer.

TLS Security - Where Do We Stand?

TLS is the de facto secure protocol of choice on the Internet. In this talk, I'll give an overview of the state-of-the-art of TLS security, focusing mostly on the TLS Record Protocol which is responsible for providing the basic secure channel functionality in TLS. I'll focus on recently-discovered vulnerabilities in the TLS specification and its cryptographic algorithms. These lead to plaintext recovery attacks against TLS-protected traffic. I will reflect on why the deployment of secure cryptography is seemingly so hard, and what the barriers are to adopting better approaches than the current techniques used in TLS.

Impact of Localized Electromagnetic Field Measurements on Implementations of Asymmetric Cryptography

Implementations of cryptographic algorithms are threatened by side-channel analysis, which denotes the recovery of secret keys through observations of e.g., the current consumption of a device during cryptographic operations. In this thesis, I investigate the use of high-resolution electromagnetic field measurements for side-channel analysis. Contrary to previous contributions about precise electromagnetic field measurements in side-channel analysis, I specifically concentrate on localized aspects of such measurements, which means that the measurements are restricted to a certain spatial extent. Previous publications either conclude that localized measurements of electromagnetic fields are impossible, or show unconvincing, coarse localizations without dedicated exploitation of such localized measurements. In this thesis, I improve the current state of research by investigating the feasibility, quality and dedicated use of localized electromagnetic field measurements.

Security in GPS & more: Where we are

With the wide proliferation of wireless and often mobile devices, securing information sent over the wireless medium becomes vital. The wireless setting, however, introduces a number of challenges and limitations that cannot be fully resolved using traditional security solutions and cryptographic approaches. One interesting example is the broadcast of location information, e.g., in GPS. In this talk, I focus on communication interference attacks on GPS and other wireless settings where an attacker tries to interfere with the communication, trying to prevent the reception of the correct, timely information transmitted by the sender. I will show what an attacker can or cannot do and what possible countermeasures are.