E3 - Secure Refinement of Cryptographic Algorithms

E3 – Secure Refinement of Cryptographic Algorithms

Download

When refining cryptographic algorithms to implementations, vulnerabilities are often introduced. Side-channel vulnerabilities constitute an infamous class of such vulnerabilities that can be exploited by attackers. The overall objective of the project is to improve the trustworthiness of cryptography on the implementation level. The results will include novel techniques for detecting and assessing side-channel vulnerabilities, automatic side-channel-analysis tools, and guidelines for mitigating and avoiding side channels.

Researchers

Yuri Dantas
Modeling and Analysis of Information Systems

Research Interests:

  • Security Information.
  • Computer Networks.

Görkem Kilinç
Modeling and Analysis of Information Systems

Research Interests:

  • Formal Methods.
  • Non-interference.
  • Liveness.
  • Concurrency.
  • Petri nets.
  • Games on graphs.

Alexandra Weber
Modeling and Analysis of Information Systems

Research Interests:

  • Formal methods.
  • Semantics
  • Program analysis.
  • Software security.
  • Interactive theorem proving.

Publications

Dantas, Yuri Gil ; Hamann, Tobias ; Mantel, Heiko :
A Comparative Study across Static and Dynamic Side-Channel Countermeasures.
[Online-Edition: http://fps2018.encs.concordia.ca/]
In: The 11th International Symposium on Foundations & Practice of Security (FPS), 13, 14 and 15 November 2018, Montreal, Canada. In: LNCS . Springer
[ Konferenzveröffentlichung] , (2018) ((Noch) nicht publiziert)

Dix, Isabella :
A Type System and an Implementation for Detecting the Lucky13 Vulnerability with SPASCA.
TU Darmstadt
[Masterarbeit] , (2018)

Earley, Timothy :
Extending the Language Coverage of Side-Channel Finder AVR.
TU Darmstadt
[Bachelorarbeit] , (2018)

Nikiforov, Oleg ; Sauer, Alexander ; Schickel, Johannes ; Weber, Alexandra ; Alber, Gernot ; Mantel, Heiko ; Walther, Thomas :
Side-Channel Analysis of Privacy Amplification in Postprocessing Software for a Quantum Key Distribution System.

[Report] , (2018)

Mantel, Heiko ; Schickel, Johannes ; Weber, Alexandra ; Weber, Friedrich :
How Secure is Green IT? The Case of Software-Based Energy Side Channels.
In: Proceedings of the 23rd European Symposium on Research in Computer Security (ESORICS).
[ Konferenzveröffentlichung] , (2018)

Li, Ximeng ; Mantel, Heiko ; Schickel, Johannes ; Tasch, Markus ; Weber, Alexandra ; Toteva, Iva :
SPASCA: Secure-Programming Assistant and Side-Channel Analyzer.

[Report] , (2017)

Mantel, Heiko ; Schickel, Johannes ; Weber, Alexandra ; Weber, Friedrich :
Vulnerabilities Introduced by Features for Software-based Energy Measurement.

[Report] , (2017)

Cremer, Manuel :
Test Cases for Detecting the Lucky 13 Vulnerability with SPASCA.
TU Darmstadt
[Bachelorarbeit] , (2017)

Dantas, Yuri Gil ; Hamann, Tobias ; Mantel, Heiko ; Schickel, Johannes :
An Experimental Study of a Bucketing Approach.
Quantitative Aspects of Programming Languages and Systems
[ Konferenzveröffentlichung] , (2017)

Pascoal, Túlio A. ; Dantas, Yuri Gil ; Fonseca, Iguatemi E. ; Nigam, Vivek :
Slow TCAM Exhaustion DDoS Attack.
IFIP SEC 2017 - 32nd International Conference on ICT Systems Security and Privacy Protection Springer
[ Konferenzveröffentlichung] , (2017)

Toteva, Iva :
Advancing Tool Support for the Detection of Side-Channel.
TU Darmstadt
[Masterarbeit] , (2017)

Lemos, Marcilio O. O. ; Dantas, Yuri Gil ; Fonseca, Iguatemi E. ; Nigam, Vivek :
On the Accuracy of Formal Verification of Selective Defenses for TDoS Attacks.
In: Journal of Logical and Algebraic Methods in Programming
[Article] , (2017)

Mantel, Heiko ; Starostin, Artem :
Transforming Out Timing Leaks, More or Less.
In: LNCS (9326). Springer
[ Konferenzveröffentlichung] , (2015)

Bollmann, Dominik ; Lortz, Steffen ; Mantel, Heiko ; Starostin, Artem :
An Automatic Inference of Minimal Security Types.
Proceedings of the 11th International Conference on Information Systems Security (ICISS)
[ Konferenzveröffentlichung] , (2015)

go to TU-biblio search on ULB website