Over the last two decades a new type of attack against embedded security devices has emerged, exposing cryptographic keys from unwanted “side channel” data leaked by implementations, such as running time, power or EM signals…
To account for such attacks, sophisticated security certification and evaluation methods (Common Criteria, EMVCo…) have been established to give assurance that security claims received independent evaluation. However, recent events (attacks against Taiwanese citizen cards, Snowden’s revelation on NSA tampering with FIPS…) came into the spotlight and eroded public confidence.
REASSURE aims to improve the efficiency and quality of certification, as well as the comparability of independent evaluations.
Who is the project designed for?
REASSURE targets all actors along the design and evaluation chain of embedded security devices:
How is your project benefitting the end-user?
Embedded cryptographic devices are a fundamental component in modern security applications. Smart cards (e-ID, bank and credit cards), access tokens, secure USB drives, are only a few examples of contexts requiring such a portable, trusted cryptography-enabled device. With the advent of the Internet of Things, we will experience a great increase in the number of small, connected elements performing critical operations or handling sensitive data (e-Health, home appliances, vehicle control equipment…). Considering the value of the operations and the ease of access to most embedded devices, side-channel attacks are definitely a dangerous attack vector.
A sound, unified resistance evaluation process, yielding comparable results among designers and independent evaluators is required to achieve standardized security assessments.
Please briefly describe the results your project achieved so far
During the first year of the project, we performed an inventory of all steps of a security evaluation process, confronting the viewpoints of academics and industry experts, in order to identify the most critical factors and opportunities for improvement.
We also analyzed existing and potential shortcut formulas reducing the effort needed to assess the security of an implementation, which is useful for early assessment, both for experts and non-experts, during the design phases, as well as to increase confidence in the evaluation outcome, by providing supporting evidence (e.g. on reduced versions).
Finally, we started developing automated evaluation methods, i.e. methods requiring a minimum amount of user input and interaction. Such tools will limit the need for expert intervention, making evaluation processes faster and accessible to non-specialists.
What are the next steps for your project?
This autumn, we plan to organize a tutorial and a walk-and-explore session. The tutorial will focus on the first important step of side-channel resistance assessment, namely leakage detection. Based on practical examples, we will discuss the test methodologies, the proper parameter settings, result interpretation and potential traps leading to false conclusions. During the walk-and-explore session, participants will get the opportunity to test some of the analysis tools developed by the project.
In parallel, REASSURE will continue to improve evaluation processes, confronting findings to real-life situations, developing tools, and contributing to standards.