E3 - Secure Refinement of Cryptographic Algorithms

E3 – Secure Refinement of Cryptographic Algorithms

Download

When refining cryptographic algorithms to implementations, vulnerabilities are often introduced. Side-channel vulnerabilities constitute an infamous class of such vulnerabilities that can be exploited by attackers. The overall objective of the project is to improve the trustworthiness of cryptography on the implementation level. The results will include novel techniques for detecting and assessing side-channel vulnerabilities, automatic side-channel-analysis tools, and guidelines for mitigating and avoiding side channels.

Researchers

Yuri Dantas
Modeling and Analysis of Information Systems

Research Interests:

  • Security Information.
  • Computer Networks.

Görkem Kilinç
Modeling and Analysis of Information Systems

Research Interests:

  • Formal Methods.
  • Non-interference.
  • Liveness.
  • Concurrency.
  • Petri nets.
  • Games on graphs.

Alexandra Weber
Modeling and Analysis of Information Systems

Research Interests:

  • Formal methods.
  • Semantics
  • Program analysis.
  • Software security.
  • Interactive theorem proving.

Publications

Mantel, Heiko ; Probst, Christian (2019):
On the Meaning and Purpose of Attack Trees.
In: The 32nd IEEE Computer Security Foundations Symposium (CSF), Hoboken, NJ, USA, Jun 25, 2019 - Jun 28, 2019, [Konferenzveröffentlichung]

Dantas, Yuri Gil ; Hamann, Tobias ; Mantel, Heiko (2018):
A Comparative Study across Static and Dynamic Side-Channel Countermeasures.
In: The 11th International Symposium on Foundations & Practice of Security (FPS), Springer, In: The 11th International Symposium on Foundations & Practice of Security (FPS), Montreal, Canada, 13, 14 and 15 November 2018, In: LNCS, [Online-Edition: http://fps2018.encs.concordia.ca/],
[Konferenzveröffentlichung]

Gil Dantas, Yuri ; Hamann, Tobias ; Mantel, Heiko (2018):
A Comparative Study across Static and Dynamic Side-Channel Countermeasures.
In: The 11th International Symposium on Foundations & Practice of Security (FPS), Springer, [Article]

Dix, Isabella (2018):
A Type System and an Implementation for Detecting the Lucky13 Vulnerability with SPASCA.
TU Darmstadt, [Masterarbeit]

Earley, Timothy (2018):
Extending the Language Coverage of Side-Channel Finder AVR.
TU Darmstadt, [Bachelorarbeit]

Nikiforov, Oleg ; Sauer, Alexander ; Schickel, Johannes ; Weber, Alexandra ; Alber, Gernot ; Mantel, Heiko ; Walther, Thomas (2018):
Side-Channel Analysis of Privacy Amplification in Postprocessing Software for a Quantum Key Distribution System.
[Report]

Gil Dantas, Yuri ; Gay, Richard ; Hamann, Tobias ; Mantel, Heiko ; Schickel, Johannes (2018):
An Evaluation of Bucketing in Systems with Non-Deterministic Timing Behavior.
In: 33rd IFIP TC-11 SEC 2018 International Conference on Information Security and Privacy Protection (IFIP SEC), [Konferenzveröffentlichung]

Lemos, Marcilio O. O. ; Dantas, Yuri Gil ; Fonseca, Iguatemi E. ; Nigam, Vivek (2018):
On the Accuracy of Formal Verification of Selective Defenses for TDoS Attacks.
In: Journal of Logical and Algebraic Methods in Programming, Elsevier, S. 45-67, 94, ISSN 2352-2216,
[Article]

Mantel, Heiko ; Schickel, Johannes ; Weber, Alexandra ; Weber, Friedrich (2018):
How Secure is Green IT? The Case of Software-Based Energy Side Channels.
In: Proceedings of the 23rd European Symposium on Research in Computer Security (ESORICS), [Konferenzveröffentlichung]

Li, Ximeng ; Mantel, Heiko ; Schickel, Johannes ; Tasch, Markus ; Weber, Alexandra ; Toteva, Iva (2017):
SPASCA: Secure-Programming Assistant and Side-Channel Analyzer.
[Report]

Mantel, Heiko ; Schickel, Johannes ; Weber, Alexandra ; Weber, Friedrich (2017):
Vulnerabilities Introduced by Features for Software-based Energy Measurement.
[Report]

Cremer, Manuel (2017):
Test Cases for Detecting the Lucky 13 Vulnerability with SPASCA.
TU Darmstadt, [Bachelorarbeit]

Dantas, Yuri Gil ; Hamann, Tobias ; Mantel, Heiko ; Schickel, Johannes (2017):
An Experimental Study of a Bucketing Approach.
In: Quantitative Aspects of Programming Languages and Systems, Uppsala, Sweden, [Konferenzveröffentlichung]

Pascoal, Túlio A. ; Dantas, Yuri Gil ; Fonseca, Iguatemi E. ; Nigam, Vivek (2017):
Slow TCAM Exhaustion DDoS Attack.
In: IFIP SEC 2017 - 32nd International Conference on ICT Systems Security and Privacy Protection, Springer, [Konferenzveröffentlichung]

Toteva, Iva (2017):
Advancing Tool Support for the Detection of Side-Channel.
TU Darmstadt, [Masterarbeit]

Bindel, Nina ; Buchmann, Johannes ; Krämer, Juliane ; Mantel, Heiko ; Schickel, Johannes ; Weber, Alexandra (2017):
Bounding the cache-side-channel leakage of lattice-based signature schemes using program semantics.
In: Proceedings of the 10th International Symposium on Foundations & Practice of Security (FPS), [Konferenzveröffentlichung]

Dewald, Florian ; Mantel, Heiko ; Weber, Alexandra (2017):
AVR Processors as a Platform for Language-Based Security.
In: Proceedings of the 22nd European Symposium on Research in Computer Security (ESORICS), [Konferenzveröffentlichung]

Gay, Richard ; Hu, Jinwei ; Mantel, Heiko ; Schickel, Johannes (2017):
Towards Accelerated Usage Control based on Access Correlations.
In: Proceedings of the 22nd Nordic Conference on Secure IT Systems (NordSec), [Konferenzveröffentlichung]

Mantel, Heiko ; Weber, Alexandra ; Köpf, Boris (2017):
A Systematic Study of Cache Side Channels across AES Implementations.
In: Proceedings of the 9th International Symposium on Engineering Secure Software and Systems (ESSoS), [Konferenzveröffentlichung]

Mantel, Heiko ; Starostin, Artem (2015):
Transforming Out Timing Leaks, More or Less.
In: Proceedings of the 20th European Symposium on Research in Computer Security (ESORICS 2015) - Part I, Springer, Vienna, Austria, In: LNCS, [Konferenzveröffentlichung]

Bollmann, Dominik ; Lortz, Steffen ; Mantel, Heiko ; Starostin, Artem (2015):
An Automatic Inference of Minimal Security Types.
In: Proceedings of the 11th International Conference on Information Systems Security (ICISS), [Konferenzveröffentlichung]

go to TU-biblio search on ULB website