Search

Publications

● PPREW, paper "System-Level Methods to Prevent Reverse-Engineering, Cloning, and Trojan Insertion", March 28-30, 2012, Grenoble, France.

● DATE'2012, paper "RSM: a Small and Fast Countermeasure for AES, Secure against First- and Second-order Zero-Offset SCAs", March 12-16, 2012, Dresden, Germany.

● CT-RSA'2012, twain papers "Towards Different Flavors of Combined Side Channel Attacks" and "A First-Order Leak-Free Masking Countermeasure", February 27 - March 2, 2012, San Francisco, CA, USA.

● JFFoE'2012 : ICT session "Next Generation, Low power, Systems/Smart networks", February 25-28, Kyoto, Japan.

Scientific advisor Sylvain Guilley has been invited at the JFFoE'2012 Franco-Nippon conference to present the French researchers' Know-How on electronic designs security.
In his talk, Sylvain will review the current collaborative projects related to security, within France and also with other partners (such as Japan). The emphasis will then be placed on future challenges the embedded system community faces: as attacks develop and vary, the defense side must adapt accordingly. Formal modeling of the threat and proactive defense are key preventive countermeasures useful in such an uncertain context. But despite the polymorphic nature of the opponent, trustworthy solutions do exist, and simply require more R&D and advances in standardization to spread wider.

● INDOCRYPT'2011, "Formal Analysis of the Entropy / Security Trade-off in First-Order Masking Countermeasures against Side-Channel Attacks" (presentation slides), December 11-14, 2011, Chennai, India.

It is trivial that more security incurs more cost overheads. But to what extent can security be traded for cost savings? This topic is of special importance in the security market: the objective is to deliver products envoying the adequate level of security at the best cost. Scientific adviser Sylvain Guilley will be presenting at INDOCRYPT a formal study of security/cost tradeoffs for cryptographic implementations protections based on masking. This is the first study of this kind in the domain; it is especially useful as it is based on sound and realistic metrics for both security and cost.

● ReConFig'2011, "Efficient Dual-Rail Implementations in FPGA using Block RAMs", November 30 - December 2nd 2011, Cancun, Mexico.

● IET-IFS, "Security evaluation of application-specific integrated circuits and field programmable gate arrays against setup time violation attacks", IET Information Security, Vol. 5(4), December 2011.

● WIFS'11, oral presentation "“Re-synchronization by Moments”: an efficient solution to align Side-Channel traces" and poster presentation "A Multiresolution Time-Frequency Analysis Based Side-Channel Attack", November 29 - December 2nd 2011, Foz do Iguaçu, Brazil.

Alignement of electromagnetic or power traces is a critical issue in side-channel analysis.
At WIFS'2011, a new method called "Re-synchronization by Moments" (and known informally as the "RM" method) will be presented to experts in forensics of secure systems.
The RM method is of linear complexity, whereas other correlation-based methods operate in O(n log n) time.
Thus this method is extremely well suited for online resynchronization, which is a decisive advantage for timed fault attack triggering.
At the poster session of the same conference, an optimization in the processing of side-channel traces is also presented. It consists in employing a multiresolution time-frequency analysis, inspired from the wavelets decomposition, a recent research topic in hardware security evaluation.

● HST'11, "Common Framework to Evaluate Modern Embedded Systems against Side-Channel Attacks", November 15-17, 2011. Waltham, MA, USA.

● DASIP'11, "Embedded Systems Security: An Evaluation Methodology Against Side Channel Attacks", (IEEE Signal Processing Society), November 2-4, 2011. Tampere, Finland.

● InfoSecHiComNet'11, "Rank Correction: A New Side-Channel Approach For Secret Key Recovery", October 19-22, 2011. Haldia, Purba Medinipur, West Bengal, India.

● FDTC'11, "Fault Diagnosis and Tolerance in Cryptography" (8th edition), September 28, 2011. Nara, Japan.

● NIAT'11, (program) "Efficient FPGA Implementation of dual-rail countermeasures using Stochastic Models" and "Novel Applications of Wavelet Transforms based Side-Channel Analysis", September 26-27, 2011. Nara, Japan.

● e-SMART'11, "Cryptographic protocols resilient to physical level attacks", September 21-23, 2011. Sophia Antipolis, France.

● TrustED'11, "DPL Implementations in FPGA using Embedded BRAM", September 15-16, 2011. Leuven, Belgium.

● EMC'11, "Practical Results of EM Cartography on a FPGA-based RSA Hardware Implementation" and "Identification of Information Leakage Points on a Cryptographic Device with an RSA Processor", at the IEEE International Symposium on Electromagnetic Compatibility (EMC), August 14-19, 2011. Long Beach, CA, USA.

Side channel attacks are powerful techniques for extracting secret keys from cryptographic applications of embedded systems. Best results are obtained by placing a small electromagnetic probe just over areas of an integrated circuit which are leaking the most. To find out such locations, Scientific Advisor Laurent Sauvage has proposed some cartography methods in the past. Whereas they theoretically could locate any part of an integrated circuit, his methods had only been experimentally evaluated against symmetric-key cryptosystems. In this presentation, he will be demonstrating some practical results showing that they are also efficient in locating the RSA crypto processor of a FPGA-based hardware implementation.

● CryptArchi'11, "Smart-SIC Analyzer: the advanced evaluation platform for cryptographic embedded systems", "BCDL Logic design with the best Trade-off Complexity/Robustness" and "Exotic Leakage Models", June 15-18, 2011. Bochum, Ruhr, Germany.

● The book "Security Trends for FPGAS — From Secured to Secure Reconfigurable Systems" is available from Springer (196 pages, ISBN: 978-94-007-1337-6). It is the outcome of the collaborative project "ICTER" (Les technologies reconfigurables - Intégrité et confidentialité des informations), funded by the French ANR.

● SSTIC'11, "Attaque d'implentations cryptographiques par canaux cachés", June 8-10, 2011. Rennes, France.

● HOST'11, "Performance Evaluation of Protocols Resilient to Physical Attacks" (poster) and "Formal Security Evaluation of Hardware Boolean Masking against Second-Order Attacks" (poster), June 5-6, 2011. San Diego, CA, USA.

● WISTP'11, "Leakage Squeezing Countermeasure Against High-Order Attacks" (best paper award), June 1-3, 2011. Heraklion, Greece.

● WISTP'11, "Formal Framework for the Evaluation of Waveform Resynchronization Algorithms", June 1-3, 2011. Heraklion, Greece.

Scientific Advisor Sylvain Guilley will be presenting a formal framework that enables rating of waveforms resynchronization algorithms. These algorithms are employed on a daily basis by security evaluation labs as preliminary step to both fault injection attacks and side-channel attacks. They aim respectively at ensuring that the fault is inserted in a timely manner, and that side-channel measurements are properly aligned. Two state-of-the-art resynchronization algorithms are confronted in terms of efficiency and complexity against unprotected, masked and balanced cryptographic implementations. A third one named "threshold phase-only correlation" is introduced, it fixes some shortcomings and better appears under some experimental conditions.

● DTIS'11, "Vade Mecum on Side-Channels Attacks and Countermeasures for the Designer and the Evaluator", April 6-8, 2011. Athens, Greece.

A special session on hardware security is scheduled at DTIS 2011. Scientific advisor Sylvain Guilley is invited to present the state-of-the-art of side-channel attacks and countermeasures.
The talk consists in a vade mecum, where attacks and countermeasures are classified in formal categories. The adequation between protection techniques and known vulnerabilities is sketched. In particular, masking and hiding -- two competing countermeasures against observation attacks -- are compared in terms of performance and in terms of leakage. A decision diagram is introduced and shows that the most relevant countermeasure depends on the experimental conditions and of the designer skills.

● DATE'11, "Enhancement of Simple Electro-Magnetic Attacks by Pre-characterization in Frequency Domain and Demodulation Techniques", March 14-18, 2011. Grenoble, France.

At DATE this year, Olivier Meynard from Scientific Advisor Jean-Luc Danger's Lab will be doing the above presentation. This work shows that hardware demodulation techniques allow the recording of an electro-magnetic (EM) signal with more information on the leakage than a raw recording. The core contribution of this presentation is a generic and fast method to find out demodulation frequencies. Notably a case study is shown where only demodulated signal permits to defeat RSA with one single measurement. Furthermore the outcome of these results demonstrates that both unintentional and direct EM emanations can be exploited.

● COSADE'11, "Quantifying the Quality of Side Channel Acquisitions", February 24-25, 2011. Darmstadt, Germany.

Scientific Advisor Jean-Luc Danger will be presenting at the COSADE international workshop a practice-oriented methodology to quantifify the quality of side-channel measurement campaigns. Up to now, comparing acquisitions garnered from different setups was indeed an open question. In his talk Prof. Jean-Luc Danger will be providing the theoretical tools and experimental results to unravel this plot.

● COSADE'11, "Time Samples Correlation Attack", February 24-25, 2011. Darmstadt, Germany.

● COSADE'11, "Software Implementation of Dual-Rail Representation", February 24-25, 2011. Darmstadt, Germany.

● ReConFig'10, "Cross-Correlation Cartography", December 13-15 2010, Cancún, Quintana Roo, México.

Based on an innovative cross-correlation technique, Scientific Advisor Laurent Sauvage presented a new EM cartography method at the 2010 International Conference on ReConFigurable Computing and FPGAs. This preliminary characterization makes it possible to fine-tune subsequent EMA (ElectroMagnetic Analysis) or EMI (ElectroMagnetic Injection) attacks.

● ReConFig'10, "Evaluation of white-box and grey-box Noekeon implementations in FPGA", December 13-15 2010, Cancún, Quintana Roo, México.

● ICISC'10, "First Principal Components Analysis: A New Side Channel Distinguisher", December 1-3, 2010, Seoul, Korea.

● ESWEEK'10 / WESS'10, "Countering Early Evaluation: An Approach Towards Robust Dual-Rail Precharge Logic", October 24-28, 2010.

● InsCrypt'10, "Characterization of the Electro-Magnetic Side Channel in Frequency Domain", October 2010, Shanghai, China.

● IJRC'10, "Exploiting Dual-Output Programmable Blocks to Balance Secure Dual-Rail Logics", October 2010.

● DATE'10 in track A4 (Dresden, Germany): Twain presentations entitled "BCDL: A High Performance Balanced DPL with Global Precharge and Without Early Evaluation" and "Far Correlation-based EMA with a precharacterized leakage model".●