Hardening the Value Chain through Open Source, Trusted EDA Tools and Processors (VE-HEP) (2021-2024)

The goal of the project "Hardening the Value Chain through Open Source, Trusted EDA Tools and Processors (VE-HEP)" is to realize, for the first time, essential parts of the entire value chain in the area of development and production of security-relevant chips (hardware security modules) in open source. This refers to both the development of the hardware and the implementation of hardening mechanisms, i.e. protection against attacks. Furthermore, vulnerabilities of the hardware value chain will be analyzed and disclosed. Specifically, a RISC-V processor protected against physical attacks will be developed. The execution of cryptographic operations accelerated by hardware will be considered as a use case for evaluating the developed solution. For the first time, hardening measures against side-channel attacks will be automated in an open-source software for microelectronics design - a so-called Electronic Design Automation (EDA) tool. The researchers will adopt open solutions and approaches to enable verifiability of the developed hardware. Through this, a fully transparent certifiability will be achieved. At the end of the project, a demonstrator will be produced to show the results in the context of industrial practice.

mINDFUL: ML-based Attack Detection for IT-Security in the Industry 4.0 (2020-2023)

QuantumRISC Modern solutions for cyber security mainly deal with digital aspects such as cryptographic algorithms, network protocols and software security. In practice, however, the physical transmission channels also offer numerous weak points that allow attackers to damage a complex, industrial system. In particular, common intrusion detection systems (IDS) cannot secure all aspects of a system because the wealth of information of the physical transmission channels is not included in the detection routine. Due to the increasing networking and dynamic reconfiguration of production plants within Industry 4.0 applications, attack detection for industrial plants is becoming more and more complex and important.

The goal of the project is to develop a precise intrusion detection system that delivers a high attack detection rate and few false alarms despite the dynamically changing configurations of Industry 4.0. For this purpose, two main components are being researched: First, physical data will be collected, which will be compressed for practical processing. At the same time, an in-house IDS will use machine learning (AI) methods to merge various sensor data and detect attacks on this basis. Secondly, the collected data will be cleansed, e.g. blackening procedures will be developed for data protection compliant processing. The cleansed data is then forwarded to a common cross-company, cooperative aggregation platform. In this way, information about attacks can be used in several companies, which improves the training of the in-house IDS.

SAU­BER - phy­Si­cAl­ly se­cU­re re­con­fi­gura­BlE plat­foRm (2020-2023)

QuantumRISC With increasing digitization, which means that many aspects of everyday life are handled solely by means of information technology, security concerns are more important than ever before. While the security of software is constantly increasing, hardware attacks are becoming easier to realize, making hardware the Achilles heel of system security. In modern, complex System-on-a-Chips (SoCs), reconfigurable hardware, in the form of Field Programmable Gate Arrays (FPGAs), plays an important role, as it enables shorter product development time, more flexibility and subsequent updates. FPGAs are promising building blocks for many secure platforms because they allow security updates of hardware configuration and system properties that are otherwise only possible in software. Despite the promising properties of FPGAs for safety-critical applications, there are many safety aspects that must be considered when using an FPGA, since commercially available FPGAs are not designed for safety-critical applications. Among the challenges of applying known countermeasures against physical access attackers to FPGAs are the large area, low throughput, high power consumption, high energy consumption and high latency of the resulting design. The implementation and adaptation of such countermeasures on the FPGA is ad-hoc, i.e. the countermeasures have to be adapted for each cryptographic algorithm and architecture. The main goal of this project is to design a secure, reconfigurable platform (CLEAN) that can withstand various threats from physical access attacks. It will serve as a trust center for the SoC to implement cryptographic algorithms and security critical functions. The new platform would provide strong protection against side-channel attacks, fault injection attacks, temperature-based attacks, and power supply disruptive attacks, while enabling modifiable security primitives, e.g. PRNG, which are necessary to implement algorithmic countermeasures against side-channel measurements. We will investigate how current ASIC-based countermeasures that reduce the signal-to-noise ratio can be adapted or newly developed so that their implementation in reconfigurable hardware leads to a strong protection against attacks with physical access. We will design a secure reconfigurable platform and develop a toolchain for secure customization based on existing open source FPGA mapping tools to automatically adapt the user's application to the target platform, embedding security features in a systematic and automatic way.

EPICC: Evaluation and Implementation of Privacy-Preserving Cryptography for the Cloud

RAINCOAT In the recent years cloud-based services have raised increasing interest. With private and potentially sensitive data being stored or processed in remote computers, there is a rising demand for privacy-preserving solutions. In the context of processing private data, advanced cryptographic procedures such as homomorphic encryption, secure multiparty encryption and functional encryption already have been proposed. In practice, however, many implementations still are inefficient. This project collaboration with the Technology Innovation Institute aims to contribute to this topic by analyzing, implementing and evaluating promising cryptographic constructions for cloud services.

RAINCOAT: Randomization in Secure Nano-Scale Microarchitectures (2020 – 2023)

RAINCOAT In order to maintain the increasing chip performance while simultaneously advancing miniaturization, manufactures of modern memory- and processing units are increasingly relying on highly optimized, parallelized microarchitectures. With recent microarchitectural attacks like Rowhammer, Spectre and Meltown, it has been demonstrated, that such optimizations may cause unforeseen security risks. With the introduction of novel nano-technology, this trend towards miniaturization of hardware components will continue. The aim of the project is to investigate the security-relevant implications of new technology building blocks, such as NRAM, and to develop countermeasures for possible attack vectors. At the same time, existing security gaps, induced e.g. by branch predictors, are to be closed. Such measures must not cancel out the performance advantage of the new technologies. Therefore, the special focus lies on randomization-based countermeasures. These methods have already proven to be particularly suitable in the area of runtime attacks (e.g., buffer overflows).

QuantumRISC - Cryptography for next generation embedded devices (2019-2022)

QuantumRISC The security of currently deployed cryptographic schemes may be broken with efficient quantum computers that are available potentially in the near future. Alternative algorithms have been developed in recent years which are also secure against attacks by quantum computers. Practical limitations include higher resource requirements (e.g. program memory or runtime). In this project we investigate how embedded systems, which usually offer only very limited resources, can be secured by means of these novel, so-called post-quantum methods. The Chair of Security Engineering is responsible for the development of secure hardware components and the side channel analysis of these components.

CASA - Cyber Security in the Age of Large-Scale Adversaries (2019-2026)

QuantumRISC The Cluster of Excellence "Cyber Security in the Age of Large-Scale Adversaries" (CASA) pursues the goal of enabling sustainable security against large-scale, especially nation-state attacks. An interdisciplinary approach is deliberately chosen in which researchers from the fields of cryptography, hardware and software security and user-friendliness work together. The project is being funded by the German federal government and the state of North Rhine-Westphalia with a total of 35 million euros as part of the excellence strategy.

Specifically, the chair researches the further development of secure implementations in hardware. The goal is to ensure both the secure execution of software and the resistance against implementation attacks. Therefore, verifiably secure tools are developed to support hardware designers in their work.

SymmetriC CiphEr design with inherent phySical Security (SuCCESS) (2019-2022)

QuantumRISC Our goal is to consider countermeasures against a variety of physical attacks during the design process of symmetric ciphers such that they do not forestall the performance optimizations. Particularly in the design of new cryptographic primitives we will consider protection against side-channel analysis and fault-injection attacks. We will develop novel countermeasures dedicated to our constructed primitives in such a way that the integration of such countermeasures into the corresponding implementations becomes straightforward and efficient. From the efficiency point of view, we will consider area, latency, energy consumption, and required randomness as the most important metrics. This will avoid the problem of classical design process, where equipping the implementation with countermeasures against physical attacks leads to significantly inefficient designs.

Aged but Fit: Long Lasting Security for Trusted Platforms (2019-2021)

QuantumRISC With the aggressive scaling of process technology, time-dependent reliability degradations, so-called aging is becoming more severe in CMOS nanotechnologies. Aging changes the specifications of transistors during the time and in turn, the timing and power consumption of the underlying devices. For cryptographic devices, aging is not only crucial from the reliability point of view but also needs a thorough consideration from security perspective as aging-related degradations may benefit the adversaries in leaking sensitive information through side-channel analysis and fault-injection attacks or via Trojan insertion. Although aging-related reliability degradation has been extensively addressed in recent years, the impact of aging on the security of cryptographic devices has remained largely unexplored. Cryptographic devices have a broad range of applications dealing with confidentail data. Due to sensitivity of such applications, there is a thorough need to address the security of these devices with respect to aging. To alleviate this problem, this proposal is structured around the following topics: (i) leveraging the security of cryptographic devices via designing aging-aware countermeasures that circumvent active and passive physical attacks, (ii) revisiting Trojan detection schemes in cryptographic devices with respect to aging effects, (iii) novel developments with respect to aging-aware PUF constructions.Deploying the state-of-the-art aging mitigation schemes can enhance device reliability by prolonging its lifetime and postponing observation of aging-related malfunction, yet these schemes cannot thoroughly address security concerns of cryptographic devices, as even small aging-induced imbalances can compromise the countermeasures leveraged to protect against physical attacks. As a consequence, an adversary may maliciously accelerate aging to thwart the protection schemes. On the other hand, aging may be beneficail to harden particular physical attacks or to weaken certain Trojan activation mechanisms. As an example, we can refer to profiling SCA attacks, where side-channel signature of different devices are compared. This project will address the shortcoming of existing schemes by developing aging-aware solutions. The outcome of this research will be evaluated on FPGA fabrics and ASIC prototypes.

Security for Internet of Things with Low Energy and Low Power Consumption (GreenSec) (2018-2021)

GreenSec Digital embedded systems are becoming integrated into our daily life. Many of such systems are tied with security and privacy concepts, e.g., electronic payments, smart homes, electronic toll collection and smart phones. A majority of them as portable devices, which are carried by us in a daily base, can be categorized into two groups: i) battery-operated ones, and ii) contactless passive ones. Battery life is obviously amongst the major issues of the first group, the same as proximity of the second group. Hence, low-energy designs are essential for the battery-operated applications, and low-power designs for the contactless in-field applications. Interestingly, the crypto community offers a large toolbox of advanced algorithms to achieve a strong level of security. The cryptographic primitives have been designed based on the principle cryptanalyses. However, very limited attention has been paid with respect to the energy and power consumption of their implementations leading to the fact that most of the current cryptographic solutions are not truly suitable for low-power and low-energy applications. Further, such security-enabled devices, that are in hand and control of the legitimate users, can be operated in hostile environments. Hence, the implementation attacks, as serious threats for pervasive applications, can turn a theoretically-robust system into a completely-broken setup. As demonstrated by numerous side-channel analysis (SCA) attacks, securing ubiquitous systems is a must as well as a non-trivial task. Although several SCA countermeasures have already been developed and introduced, almost none of them focuses on the power and energy overheads. In fact, resistance against SCA attacks with low-power and/or low-energy feature has barely been considered by the side-channel community. In short, most of the cryptographic devices, equipped with sound SCA countermeasures, fail to fulfill the requirements to be a part of a low-power (or low-energy) system. Indeed, the result of our preliminary study in this area supports this statement, where we examined the latency and power consumption of SCA-protected implementation of low-latency ciphers. Nevertheless, it would be a great benefit to develop cryptographic primitives as well as protection solutions considering low-energy and low-power features. In this project we will investigate power and energy consumption of cryptographic primitives and SCA countermeasures for ASIC platforms. Based on this, cryptographic algorithms as well as SCA countermeasures will be (re-)designed to match the certain requirements resulting in cryptographically-robust and SCA-resistant schemes with limited power and energy consumption. We will develop dedicated and provably-Secure SCA countermeasures (for ASIC platforms) based on the result of our practical analyses. Hence, an interdisciplinary effort based on symmetric cryptography and cryptographic engineering is required to cope with these challenges.

ICRI-CARS Intel Research Institute for Collaborative - Autonomous and Resilient Systems (2017-2020)

ICRI-CARS “Collaborative Autonomous & Resilient Systems (CARS)”, i.e., the study of security, privacy, and safety of auto­no­mous systems that collaborate with each other. Examples include drones, self-driving vehicles, or collaborative systems in industrial automation. CARS introduce a new paradigm to computing that is different from conventional systems in a very important way: they must learn, adapt, and evolve with minimal or no supervision. A fundamental question therefore, is what rules and principles should guide the evolution of CARS? In natural life forms, this is achieved via natural selection – a random trial and error method that, over time, ensures that only the fittest survive. That approach, however, may not be acceptable for man-made CARS. Alternate approaches to guide the evolution of CARS are necessary.
The key research goal is how to ensure the “Do no Harm” principle.

SysKit - A Development Tool for Secure Communications in Industry 4.0 (2017-2020)

SysKit In the project, a development tool called SysKit will be implemented. With this tool, secure communication solutions tailored to specific industry 4.0 applications can be designed and implemented very efficiently. Based on a library of communication modules and other secure hardware and software components, SysKit can be used to optimize and test communication systems. Various requirements such as reliability, real-time behavior and energy consumption are taken into account.

For the implementation of the communication solution, the project also researches and develops new secure and attack-resistant communication technologies. These include multi-antenna radio technology, which can be used to transmit bundled signals in the direction of the receiver. This makes it much more difficult to intercept the signals. By dynamically changing the communication parameters, the system should also be robust against active signal interference. In addition to safety, energy efficiency is also of crucial importance in Industry 4.0, as many of the components used there do not have a continuous power supply. For this purpose, the project will research and implement technologies of power-saving lightweight cryptography.

PROMETHEUS: PRivacy preserving pOst-quantuM systEms from advanced crypTograpHic mEchanisms (2018-2022)

VeriSec Cryptographic protocols that protect the privacy ensure, enable users to make the most of the following in their daily lives carry out online activities (e.g. purchases, reservations or electoral votes), without any confidential personal information are lost. They usually combine different tools such as digital signatures, homomorphic encryption or zero knowledge Evidence. There are practical solutions under RSA or discrete logarithmic assumptions, however, they are vulnerable to attack by quantum algorithms, so that functioning quantum computers would render them insecure.

To counter this threat, the PROMETHEUS project will improve user privacy in the post-quantum world by a complete collection of innovative, efficient and quantum safe cryptographic techniques, which are adapted to modern services. There will be new building blocks in relation to international competitions and standardization processes and advanced features for offer the design of sophisticated protocols.

VeriSec - Computergestützte Erzeugung und Verifikation von Maskierungen in kryptographischen Implementierungen (2017-2019)

VeriSec Masking tries to break the connection between the secret protected data and the side-channel information obtained by an attacker. To this end, all intermediate values of a cryptographic operation will be masked with a random value. The goal of the project VeriSec is to develop tools that can automatically mask an unprotected implementation and further, tools that can automatically analyze a masked implementation regarding possible side-channels. Opposed to solely theoretical approaches known in literature, we ensure the functionality of the tools by a practical modeling of the side-channel information through concrete measurements.

NaS­CA- Na­no-Sca­le Si­de-Chan­nel Ana­ly­sis: Phy­si­cal Se­cu­ri­ty for Next-Ge­ne­ra­ti­on CMOS ICs (2016-2020)

QuantumRISC We are surrounded by a constantly growing number of cyber-physical systems such as electronic payment systems/tolling, traffic management systems and smart homes. Besides the advantages of this development, more and more devices are falling into the hands of legitimate users who are also potential attackers. This represents a great risk for system security, which is not only due to weaknesses in cryptographic algorithms. Physical attacks like side channel analysis (SCA) can break theoretically secure systems in a very short time. The SCA research community has developed many countermeasures against physical attacks in the past, all of which are based on the assumption that only dynamic power consumption is relevant. However, with the increasing miniaturization of semiconductor process technology, static power consumption is becoming increasingly important and reveals dangerous weaknesses in current countermeasures. In the future, even protected systems will therefore not achieve the promised safety level, as their safety model does not include static leakage currents. Our preliminary investigation of the vulnerability of FPGA implementation against attacks on static power consumption confirms this assessment. It is therefore necessary to develop protection measures that include both dynamic and static power consumption, and we strongly believe that this can be achieved by careful analysis, improvement, and combination of the known countermeasures. In this project, we will perform side channel analysis on the static power consumption of ASIC and FPGA platforms. We will analyze the efficiency of the known countermeasures for cryptographic primitives like AES with special attention to static leakage currents. Based on the results we will develop dedicated and provably secure countermeasures for the special requirements and implement them prototypically on FPGAs as well as ASICs. This allows us to effectively evaluate the robustness and resilience of the newly developed countermeasures in practice, and an interdisciplinary cooperation between the fields of applied cryptography and cryptographic engineering is therefore essential to meet the challenges ahead. In contrast to our holistic approach, previous work only covered attacks and countermeasures considering the dynamic power consumption, simple heuristic physical security techniques, and insufficient theoretical models that do not take into account the special properties of the target devices. In fact, static power consumption as a side channel has hardly been considered by the research community.