E3 - Secure Refinement of Cryptographic Algorithms

E3 – Secure Refinement of Cryptographic Algorithms

Download

Cryptographic algorithms often become insecure because vulnerabilities are introduced while refining these algorithms to implementations. Side-channels, like differences in running time of a program depending on secrets, constitute an infamous class of implementation-level vulnerabilities. Our overall objective is to improve the trustworthiness of cryptography on the level of implementations, and, in particular, to detect and mitigate side-channel vulnerabilities. The results will include novel program analyses, a security analysis tool, accompanying soundness results and guidelines for implementing cryptographic algorithms securely.

Researchers

Yuri Dantas
Modeling and Analysis of Information Systems

Research Interests:

  • Security Information.
  • Computer Networks.

Görkem Kilinç
Modeling and Analysis of Information Systems

Research Interests:

  • Formal Methods.
  • Non-interference.
  • Liveness.
  • Concurrency.
  • Petri nets.
  • Games on graphs.

Alexandra Weber
Modeling and Analysis of Information Systems

Research Interests:

  • Formal methods.
  • Semantics
  • Program analysis.
  • Software security.
  • Interactive theorem proving.

Publications

Dantas, Yuri Gil ; Hamann, Tobias ; Mantel, Heiko :
A Comparative Study across Static and Dynamic Side-Channel Countermeasures.
[Online-Edition: http://fps2018.encs.concordia.ca/]
In: The 11th International Symposium on Foundations & Practice of Security (FPS), 13, 14 and 15 November 2018, Montreal, Canada. In: LNCS . Springer
[Conference or workshop item] , (2018) ((Noch) nicht publiziert)

Nikiforov, Oleg ; Sauer, Alexander ; Schickel, Johannes ; Weber, Alexandra ; Alber, Gernot ; Mantel, Heiko ; Walther, Thomas :
Side-Channel Analysis of Privacy Amplification in Postprocessing Software for a Quantum Key Distribution System.

[Report] , (2018)

Mantel, Heiko ; Schickel, Johannes ; Weber, Alexandra ; Weber, Friedrich :
How Secure is Green IT? The Case of Software-Based Energy Side Channels.
In: Proceedings of the 23rd European Symposium on Research in Computer Security (ESORICS).
[Conference or workshop item] , (2018)

Li, Ximeng ; Mantel, Heiko ; Schickel, Johannes ; Tasch, Markus ; Weber, Alexandra ; Toteva, Iva :
SPASCA: Secure-Programming Assistant and Side-Channel Analyzer.

[Report] , (2017)

Mantel, Heiko ; Schickel, Johannes ; Weber, Alexandra ; Weber, Friedrich :
Vulnerabilities Introduced by Features for Software-based Energy Measurement.

[Report] , (2017)

Cremer, Manuel :
Test Cases for Detecting the Lucky 13 Vulnerability with SPASCA.
TU Darmstadt
[Bachelorarbeit] , (2017)

Dantas, Yuri Gil ; Hamann, Tobias ; Mantel, Heiko ; Schickel, Johannes :
An Experimental Study of a Bucketing Approach.
Quantitative Aspects of Programming Languages and Systems
[Conference or workshop item] , (2017)

Pascoal, Túlio A. ; Dantas, Yuri Gil ; Fonseca, Iguatemi E. ; Nigam, Vivek :
Slow TCAM Exhaustion DDoS Attack.
IFIP SEC 2017 - 32nd International Conference on ICT Systems Security and Privacy Protection Springer
[Conference or workshop item] , (2017)

Toteva, Iva :
Advancing Tool Support for the Detection of Side-Channel.
TU Darmstadt
[Masterarbeit] , (2017)

Lemos, Marcilio O. O. ; Dantas, Yuri Gil ; Fonseca, Iguatemi E. ; Nigam, Vivek :
On the Accuracy of Formal Verification of Selective Defenses for TDoS Attacks.
In: Journal of Logical and Algebraic Methods in Programming
[Article] , (2017)

Mantel, Heiko ; Starostin, Artem :
Transforming Out Timing Leaks, More or Less.
In: LNCS (9326). Springer
[Conference or workshop item] , (2015)

Bollmann, Dominik ; Lortz, Steffen ; Mantel, Heiko ; Starostin, Artem :
An Automatic Inference of Minimal Security Types.
Proceedings of the 11th International Conference on Information Systems Security (ICISS)
[Conference or workshop item] , (2015)

go to TU-biblio search on ULB website