Project Areas

E – Engineering

E3 – Secure Refinement of Cryptographic Algorithms

When refining cryptographic algorithms to implementations, vulnerabilities are often introduced. Side-channel vulnerabilities constitute an infamous class of such vulnerabilities that can be exploited by attackers. The overall objective of the project is to improve the trustworthiness of cryptography on the implementation level. The results will include novel techniques for detecting and assessing side-channel vulnerabilities, automatic side-channel-analysis tools, and guidelines for mitigating and avoiding side channels.

Plugin required: in order to see this object, your browser has to support files of type text/html. Download

Principal Investigators

  Name Working area(s) Contact
Prof. Marc Fischlin
Cryptography & Complexity Theory
P2, S4, E3
+49 6151 16-25730
S2|20 105
Prof. Heiko Mantel
Modeling & Analysis of Information Systems
E3
+49 6151 16-25252
S2|02 E317

Researchers

  Name Contact
Yuri Gil Dantas
Modeling & Analysis of Information Systems
+49 6151 16-25254
S2|02 E302
Dr. Görkem Kılınç
Modeling & Analysis of Information Systems
+49 6151 16-25253
S2|02 E312
Alexandra Weber
Modeling & Analysis of Information Systems
+49 6151 16-25253
S2|02 E312

Publications

Mantel, Heiko and Scheidel, Lukas and Schneider, Thomas and Weber, Alexandra and Weinert, Christian and Weißmantel, Tim (2020):
RiCaSi: Rigorous Cache Side Channel Mitigation via Selective Circuit Compilation.
19. International Conference on Cryptology And Network Security (CANS'20), virtual Conference, 14.-16.12., [Conference or Workshop Item]

Mantel, Heiko and Probst, Christian (2019):
On the Meaning and Purpose of Attack Trees.
The 32nd IEEE Computer Security Foundations Symposium (CSF), Hoboken, NJ, USA, Jun 25, 2019 - Jun 28, 2019, [Conference or Workshop Item]

Dantas, Yuri Gil and Hamann, Tobias and Mantel, Heiko (2018):
A Comparative Study across Static and Dynamic Side-Channel Countermeasures.
In: LNCS, In: The 11th International Symposium on Foundations & Practice of Security (FPS),
Springer, The 11th International Symposium on Foundations & Practice of Security (FPS), Montreal, Canada, 13, 14 and 15 November 2018, [Conference or Workshop Item]

Gil Dantas, Yuri and Hamann, Tobias and Mantel, Heiko (2018):
A Comparative Study across Static and Dynamic Side-Channel Countermeasures.
In: The 11th International Symposium on Foundations & Practice of Security (FPS), Springer, [Article]

Dix, Isabella (2018):
A Type System and an Implementation for Detecting the Lucky13 Vulnerability with SPASCA.
TU Darmstadt, [Master Thesis]

Earley, Timothy (2018):
Extending the Language Coverage of Side-Channel Finder AVR.
TU Darmstadt, [Bachelor Thesis]

Nikiforov, Oleg and Sauer, Alexander and Schickel, Johannes and Weber, Alexandra and Alber, Gernot and Mantel, Heiko and Walther, Thomas (2018):
Side-Channel Analysis of Privacy Amplification in Postprocessing Software for a Quantum Key Distribution System.
[Report]

Gil Dantas, Yuri and Gay, Richard and Hamann, Tobias and Mantel, Heiko and Schickel, Johannes (2018):
An Evaluation of Bucketing in Systems with Non-Deterministic Timing Behavior.
33rd IFIP TC-11 SEC 2018 International Conference on Information Security and Privacy Protection (IFIP SEC), [Conference or Workshop Item]

Lemos, Marcilio O. O. and Dantas, Yuri Gil and Fonseca, Iguatemi E. and Nigam, Vivek (2018):
On the Accuracy of Formal Verification of Selective Defenses for TDoS Attacks.
In: Journal of Logical and Algebraic Methods in Programming, 94, pp. 45-67. Elsevier, ISSN 2352-2216,
[Article]

Mantel, Heiko and Schickel, Johannes and Weber, Alexandra and Weber, Friedrich (2018):
How Secure is Green IT? The Case of Software-Based Energy Side Channels.
Proceedings of the 23rd European Symposium on Research in Computer Security (ESORICS), [Conference or Workshop Item]

Li, Ximeng and Mantel, Heiko and Schickel, Johannes and Tasch, Markus and Weber, Alexandra and Toteva, Iva (2017):
SPASCA: Secure-Programming Assistant and Side-Channel Analyzer.
[Report]

Mantel, Heiko and Schickel, Johannes and Weber, Alexandra and Weber, Friedrich (2017):
Vulnerabilities Introduced by Features for Software-based Energy Measurement.
[Report]

Cremer, Manuel (2017):
Test Cases for Detecting the Lucky 13 Vulnerability with SPASCA.
TU Darmstadt, [Bachelor Thesis]

Dantas, Yuri Gil and Hamann, Tobias and Mantel, Heiko and Schickel, Johannes (2017):
An Experimental Study of a Bucketing Approach.
In: Quantitative Aspects of Programming Languages and Systems,
Uppsala, Sweden, [Conference or Workshop Item]

Pascoal, Túlio A. and Dantas, Yuri Gil and Fonseca, Iguatemi E. and Nigam, Vivek (2017):
Slow TCAM Exhaustion DDoS Attack.
In: IFIP SEC 2017 - 32nd International Conference on ICT Systems Security and Privacy Protection, pp. 17-31,
Springer, [Conference or Workshop Item]

Toteva, Iva (2017):
Advancing Tool Support for the Detection of Side-Channel.
Darmstadt, Technische Universität, [Master Thesis]

Bindel, Nina and Buchmann, Johannes and Krämer, Juliane and Mantel, Heiko and Schickel, Johannes and Weber, Alexandra (2017):
Bounding the cache-side-channel leakage of lattice-based signature schemes using program semantics.
pp. 225-241, Proceedings of the 10th International Symposium on Foundations & Practice of Security (FPS), [Conference or Workshop Item]

Dewald, Florian and Mantel, Heiko and Weber, Alexandra (2017):
AVR Processors as a Platform for Language-Based Security.
pp. 427-445, Proceedings of the 22nd European Symposium on Research in Computer Security (ESORICS), [Conference or Workshop Item]

Gay, Richard and Hu, Jinwei and Mantel, Heiko and Schickel, Johannes (2017):
Towards Accelerated Usage Control based on Access Correlations.
pp. 245-261, Proceedings of the 22nd Nordic Conference on Secure IT Systems (NordSec), [Conference or Workshop Item]

Mantel, Heiko and Weber, Alexandra and Köpf, Boris (2017):
A Systematic Study of Cache Side Channels across AES Implementations.
pp. 213-230, Proceedings of the 9th International Symposium on Engineering Secure Software and Systems (ESSoS), [Conference or Workshop Item]

Mantel, Heiko and Starostin, Artem (2015):
Transforming Out Timing Leaks, More or Less.
In: LNCS, In: Proceedings of the 20th European Symposium on Research in Computer Security (ESORICS 2015) - Part I, p. 20,
Springer, Vienna, Austria, [Conference or Workshop Item]

Bollmann, Dominik and Lortz, Steffen and Mantel, Heiko and Starostin, Artem (2015):
An Automatic Inference of Minimal Security Types.
In: Proceedings of the 11th International Conference on Information Systems Security (ICISS),
[Conference or Workshop Item]