Visible to the public International Conferences: Cryptography and Security in Computing Systems, Amsterdam, 2015

SoS Newsletter- Advanced Book Block


SoS Newsletter Logo

Cryptography and Security in Computing Systems


The Second Workshop on Cryptography and Security in Computing Systems was held in conjunction with the HiPEAC 2015 Conference, Amsterdam on 19 January 2015. Topics of interest included compiler and runtime support for security, cryptography in embedded and reconfigurable systems design automation and verification of security, efficient cryptography through multi/many core systems, fault attacks and countermeasures, including interaction with fault tolerance, passive side channel attacks and countermeasures, hardware architecture and extensions for cryptography, hardware/software security techniques, hardware Trojans and reverse engineering, physical unclonable functions, privacy in embedded systems, security of embedded and cyber-physical systems, security of networks-on-chips and multi-core architectures, and trusted computing. 


Wei He, Alexander Herrmann; Placement Security Analysis for Side-Channel Resistant Dual-Rail Scheme in FPGA;  CS2 '15 Proceedings of the Second Workshop on Cryptography and Security in Computing Systems, January 2015, Pages 39. Doi: 10.1145/2694805.2694813

Abstract: Physical implementations have significant impacts to the security level of hardware cryptography, mainly due to the fact that the bottom-layer logic fundamentals typically act as the exploitable SCA leakage sources. As a widely studied countermeasure category, dual-rail precharged logic theoretically withstands side-channel analysis by compensating the data-dependent variations between two rails. In this paper, different placement schemes, considering dual-rail framework in Xilinx FPGA, are investigated concerning silicon process variations. The presented work is based on the practical implementation of a light-weight crypto coprocessor. Stochastic Approach [9] based SNR estimation is used as a metric to quantify the measurable leakage, over a series of EM traces acquired by surface scanning over a decapsulated Virtex-5 device. Experimental results show that by employing a highly interleaved and identical dual-rail style in diagonal direction, the routing symmetry can be further optimized. This improvement results in less influence from process variation between the dual rails, which in turn yields a higher security grade in terms of signal-to-noise ratio.

Keywords: Dual-rail Precharge Logic, EM Surface Scan, FPGA, Side-Channel Analysis, Signal-to-Noise Ratio (SNR), Stochastic Approach (ID#: 15-3928)



Alexander Herrmann, Marc Stöttinger;   Evaluation Tools for Multivariate Side-Channel Analysis; CS2 '15 Proceedings of the Second Workshop on Cryptography and Security in Computing Systems, January 2015, Pages 1. Doi: 10.1145/2694805.2694806

Abstract: The goal of side-channel evaluation is to estimate the vulnerability of an implementation against the most powerful attacks. In this paper, we present a closed equation for the success rate computation in a profiling-based side-channel analysis scenario. From this equation, we derive a metric that can be used for optimizing the attack scenario by finding the best set of considered points in time. Practical experiments demonstrate the advantages of this new method against other previously used feature selection algorithms.

Keywords:  Feature Selection, Multivariate Side-Channel Analysis (ID#: 15-3929)



Rainer Plaga, Dominik Merli;  A new Definition and Classification of Physical Unclonable Functions; CS2 '15 Proceedings of the Second Workshop on Cryptography and Security in Computing Systems, January 2015, Pages  7. Doi: 10.1145/2694805.2694807

Abstract: A new definition of "Physical Unclonable Functions" (PUFs), the first one that fully captures its intuitive idea among experts, is presented. A PUF is an information-storage system with a security mechanism that is 1. meant to impede the duplication of a precisely described storage-functionality in another, separate system and 2. remains effective against an attacker with temporary access to the whole original system.  A novel classification scheme of the security objectives and mechanisms of PUFs is proposed and its usefulness to aid future research and security evaluation is demonstrated. One class of PUF security mechanisms that prevents an attacker to apply all addresses at which secrets are stored in the information-storage system, is shown to be closely analogous to cryptographic encryption. Its development marks the dawn of a new fundamental primitive of hardware-security engineering: cryptostorage. These results firmly establish PUFs as a fundamental concept of hardware security.

Keywords: ACM proceedings, Physical Unclonable Functions (ID#: 15-3930)




Harris E. Michail, Lenos Ioannou, Artemios G. Voyiatzis; Pipelined SHA-3 Implementations on FPGA: Architecture and Performance Analysis; CS2 '15 Proceedings of the Second Workshop on Cryptography and Security in Computing Systems, January 2015, Pages 13. Doi: 10.1145/2694805.2694808

Abstract: Efficient and high-throughput designs of hash functions will be in great demand in the next few years, given that every IPv6 data packet is expected to be handled with some kind of security features.  In this paper, pipelined implementations of the new SHA-3 hash standard on FPGAs are presented and compared aiming to map the design space and the choice of the number of pipeline stages. The proposed designs support all the four SHA-3 modes of operation. They also support processing of multiple messages each comprising multiple blocks. Designs for up to a four-stage pipeline are presented for three generations of FPGAs and the performance of the implementations is analyzed and compared in terms of the throughput/area metric.  Several pipeline designs are explored in order to determine the one that achieves the best throughput/area performance. The results indicate that the FPGA technology characteristics must also be considered when choosing an efficient pipeline depth. Our designs perform better compared to the existing literature due to the extended optimization effort on the synthesis tool and the efficient design of multi-block message processing.

Keywords:  Cryptography, FPGA, Hash function, Pipeline, Security (ID#: 15-3931)



Paulo Martins, Leonel Sousa; Stretching the limits of Programmable Embedded Devices for Public-key Cryptography; CS2 '15 Proceedings of the Second Workshop on Cryptography and Security in Computing Systems, January 2015, Pages  19. Doi: 10.1145/2694805.2694809

Abstract:  In this work, the efficiency of embedded devices when operating as cryptographic accelerators is assessed, exploiting both multithreading and Single Instruction Multiple Data (SIMD) parallelism. The latency of a single modular multiplication is reduced, by splitting computation across multiple cores, and the technique is applied to the Rivest-Shamir-Adleman (RSA) cryptosystem, reducing its central operation execution time by up to 2.2 times, on an ARM A15 4-core processor. Also, algorithms are proposed to simultaneously perform multiple modular multiplications. The parallel algorithms are used to enhance the RSA and Elliptic Curve (EC) cryptosystems, obtaining speedups of upto 7.2 and 3.9 on the ARM processor, respectively. Whereas the first approach is most beneficial when a single RSA exponentiation is required, the latter provides a better performance when multiple RSA exponentiations have to be computed.

Keywords: Embedded Systems, Parallel Algorithms, Public-key Cryptography, Single Instruction Multiple Data (ID#: 15-3932)



Loïc Zussa, Ingrid Exurville, Jean-Max Dutertre, Jean-Baptiste Rigaud, Bruno Robisson, Assia Tria, Jessy Clédière; Evidence Of An Information Leakage Between Logically Independent Blocks;  CS2 '15 Proceedings of the Second Workshop on Cryptography and Security in Computing Systems, January 2015, Pages 25. Doi: 10.1145/2694805.2694810

Abstract: In this paper we study the information leakage that may exist, due to electrical coupling, between logically independent blocks of a secure circuit as a new attack path to retrieve secret information. First, an aes-128 has been implemented on a fpga board. Then, this aes implementation has been secured with a delay-based countermeasure against fault injection related to timing constraints violations. The countermeasure's detection threshold was supposed to be logically independent from the data handled by the cryptographic algorithm. Thus, it theoretically does not leak any information related to sensitive values. However experiments point out an existing correlation between the fault detection threshold of the countermeasure and the aes's calculations. As a result, we were able to retrieve the secret key of the aes using this correlation. Finally, different strategies were tested in order to minimize the number of triggered alarm to retrieve the secret key.

Keywords:  'DPA-like' analysis, Delay-based countermeasure, information leakage, side effects (ID#: 15-3933)



Mohsen Toorani; On Continuous After-the-Fact Leakage-Resilient Key Exchange; CS2 '15 Proceedings of the Second Workshop on Cryptography and Security in Computing Systems, January 2015, Pages 31. Doi: 10.1145/2694805.2694811

Abstract: Recently, the Continuous After-the-Fact Leakage (CAFL) security model has been introduced for two-party authenticated key exchange (AKE) protocols. In the CAFL model, an adversary can adaptively request arbitrary leakage of long-term secrets even after the test session is activated. It supports continuous leakage even when the adversary learns certain ephemeral secrets or session keys. The amount of leakage is limited per query, but there is no bound on the total leakage. A generic leakage-resilient key exchange protocol π has also been introduced that is formally proved to be secure in the CAFL model. In this paper, we comment on the CAFL model, and show that it does not capture its claimed security. We also present an attack and counterproofs for the security of protocol π which invalidates the formal security proofs of protocol π in the CAFL model.

Keywords: Cryptographic protocols, Key exchange, Leakage-resilient cryptography, Security models (ID#: 15-3934)



Mathieu Carbone, Yannick Teglia, Philippe Maurine, Gilles R. Ducharme; Interest Of MIA In Frequency Domain?; CS2 '15 Proceedings of the Second Workshop on Cryptography and Security in Computing Systems, January 2015, Pages 35. Doi: 10.1145/2694805.2694812

Abstract: Mutual Information Analysis (MIA) has a main advantage over Pearson's correlation Analysis (CPA): its ability in detecting any kind of leakage within traces. However, it remains rarely used and less popular than CPA; probably because of two reasons. The first one is related to the appropriate choice of hyperparameters involved in MIA, choice that determines its efficiency and genericity. The second one is surely the high computational burden associated to MIA. The interests of applying MIA in the frequency domain rather than in the time domain are discussed. It is shown that MIA running into the frequency domain is really effective and fast when combined with the use of an accurate frequency leakage model.

Keywords: (not provided) (ID#: 15-3935)




Apostolos P. Fournaris, Nicolaos Klaoudatos, Nicolas Sklavos, Christos Koulamas; Fault and Power Analysis Attack Resistant RNS based Edwards Curve Point Multiplication; CS2 '15 Proceedings of the Second Workshop on Cryptography and Security in Computing Systems, January 2015, Pages 43. Doi: 10.1145/2694805.2694814

Abstract: In this paper, a road-map toward Fault (FA) and Power Analysis Attack (PA) resistance is proposed that combines the Edwards Curves innate PA resistance and a base point randomization Montgomery Power Ladder point multiplication (PM) algorithm, capable of providing broad FA and PA resistance, with the Residue number system (RNS) representation for all GF(p) operations in an effort to enhance the FA-PA resistance of point multiplication algorithms and additional provide performance efficiency in terms of speed and hardware resources. The proposed methodology security is analyzed and its efficiency is verified by designing a PM hardware architecture and FPGA implementation.

Keywords:  (not provided) (ID#: 15-3936)



Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.