[TYPES/announce] PostDoc/Research Engineer at UCLouvain in resilient cryptography for IoT devices

Thomas Wilson tgivenwilson at hotmail.com
Mon Oct 22 05:59:59 EDT 2018



A one year PostDoc/research engineer position to work at UCLouvain with
Axel Legay and Thomas Given-Wilson. Net salary between 2300 and 2500
euro after taxes, social security included. Note that renewal for a
second year is possible.

Main Competences: Cryptography, software development for IoT devices.

Beneficial Competencies: side-channel analysis, information leakage,
hardware


Starting date: January or February 2019 (flexible)


Project Description
------------------------------

Any cryptographic hardware device containing secret data (cryptographic
keys) is vulnerable to an adversary. Hardware
attacks are a very powerful class of attacks which exploit or fault
physical properties of the device. Side-channel attacks
are capable to break cryptographic secrets by capturing additional
physical information while the device is processing
sensitive data. For example, an adversary could monitor the running
time, the cache behaviour, the power
consumption, and/or the electromagnetic radiation of the device.
In order to protect cryptographic secret data against side-channel
attacks, the most investigated countermeasure
is masking that may results in provable security against a certain type
of restricted attacker. Besides that hiding
and shuffling are effective countermeasures in practice which cannot
hinder possible attacks but rather raise their
complexity. However, in practise the most challenging problem is the
upcoming of unexpected leakage information
due to hardware properties. Therefore, while using the mentioned
implementation level countermeasures designers
are able to build “secure" chips (withstanding standard practical
security evaluation processes), it is still not well
understood when certain security levels are reached and which properties
need to hold in practise.
To overcome these limitations, recently, theoretical treatments of
physical attacks have attracted the attention of the
cryptographic community. Instead of preventing any kind of leakage
source, in these works, the
adversary is modelled with abilities of monitoring side-channel
information or inserting faults. These leakage resilient
schemes generally aim to move from the traditional empirical ad-hoc
analysis of the attack towards stronger and more
systematic security arguments or even proofs. Naturally, these more
general approaches suffer from limitations that are
mainly caused by the restriction to particular meaningful adversaries as
it is not feasible to consider an all powerful
physical adversary.


Project Objectives
-----------------------------

In the new area of the Internet of Things (IoT) billions of connected of
devices will operate in domains that address
wearables, smart homes, automotives, smart cities, the workspace and
industrial applications. Most attention for
IoT has been given on the applications for the home (consumer),
transport (mobility), health (body), buildings
(infrastructure), factory (industrial) and cities (utilities, security).
Many of these (if not all) domains require a reasonable
amount of security and/or privacy protection such as cryptographic
encryption and authentication. In this context,
symmetric cryptographic primitives such as block ciphers are of utmost
importance, because of their low cost and
efficiency on a wide range of platforms. However, these aspects also
makes them a target of choice for physical attackers.
In this project we aim to investigate if leakage resilient
authentication and encryption schemes can be utilised in
the context of IoT where we particularly concentrate on side-channel
attacks using electromagnetic emanation. For
this, we pre-select two state-of-the-art schemes and investigate if
these schemes are suitable for resource restricted IoT
devices and furthermore which requirements have to be met. As a next
step in this project, we will empirically analyse the chosen IoT device
against hardware attacks (use of templates, machine learning, ...).
Furthermore, despite the assumed attacker model of the leakage resilient
schemes,
we will investigate which attacker models are possible in general in the
context of IoT. Using these general attacker
models we determine the security resistance of the investigated schemes
and derive which extra resources are needed
to provide a sufficient security level.
 


How to apply:
------------------

Contact Axel Legay at axel.legay at uclouvain.be with a CV and, if
possible, a letter of recommendation

 
For more information:
------------------

Contact Axel Legay at axel.legay at uclouvain.be




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://LISTS.SEAS.UPENN.EDU/pipermail/types-announce/attachments/20181022/ce0a0677/attachment.asc>


More information about the Types-announce mailing list