2016 Workshop on Cryptographic Hardware and Embedded Systems

2016 Workshop on Cryptographic Hardware and Embedded Systems

Patrick Schaumont bio photo By Patrick Schaumont

Over the past week, the halls at UC Santa Barbara hosted an exciting series of presentations on secure system design. The co-located conferences included CRYPTO 2016 (main venue on cryptologic research), CHES 2016 (main venue on cryptographic hardware), as well as a series of workshops including FDTC 2016, WhIbOx 2016, PROOFS 2016. It’s a great opportunity to meet peers and former students (cfr above picture).

FDTC 2016, a workshop on fault attacks and countermeasures, attracted approximately 100 attendees for a program of 10 papers. The workshop received 16 submissions, which makes for a 62% accept rate (!) Yet, this did not imply a low publication quality – the topic of FDTC is specialized, and submissions run 12 pages in 2-column IEEE format. That makes an FDTC paper almost a Journal paper. It’s also remarkable that FDTC gathers 100 attendees for just 10 presentations and 2 invited talks.

In fact, the publication output in the field on fault attacks and countermeasures is small compared to the publication output in side-channel analysis. I don’t have specific numbers, but it’s easy to confirm this by scanning through the technical program of more ‘generic’ venues like CHES or HOST. Yet, there is no obvious technical reason why fault attacks would be less relevant than side-channel attacks, and I heard this confirmed by industry folks more than once. Looking at our FAME project – a fault-attack aware processor – I think that there are many opportunities for improvement and innovation left in the field of fault attacks and countermeasures.

CHES 2016 attracts approximately 400 attendees in a single-track presentation format. Some of the highlights of the conference were the invited talk by Paul Kocher on the future of Embedded Security (Wednesday), the ‘New Directions’ Session on Thursday, and the panel on Thursday.

A key point in Paul Kocher’s talk was that the algorithms have won, and that modern cryptography has outpaced modern cryptanalysis. But that doesn’t mean that we have won and all is fine. On the contrary, the upcoming Internet of Things will bring tremendous challenges in embedded security. Device lifetimes increase from a few years to decades; energy and power budgets sink into the energy-scavenging region; the number of devices to manage increases from a few to thousands; and the risks rise from a virus in your word processor to a virus in your car (ie. security risks become a real safety issue). So the stakes will be high. We need cryptography for fallible humans, and cryptography that is not only 10 times faster but that also makes devices 10 times safer.

The New Directions session included the CHES best-paper on whitebox cryptography (by Bos, Hubain, Michiels, and Teuwen), and a presentation on a distributed system architecture called Antikernel (work by Zonenberg and Yener). The distinguishing feature of the Antikernel was its absence of ring-0 software, i.e. software that runs at the highest privilege level. Both if these talks are indicative of the novel research directions in embedded security.

The panel on Friday, led by Axel Poschmann, gathered several industry experts (Gemma Clavell (Eticas Research); Alex Gantman (Qualcomm); Daniele Perito (Square); and Davide Uze (Trillium)). The emphasis of the discussion was on the abstraction level above the typical ‘CHES topic’ - instead of covering crypto processors and hardware, the panel focused on aspects of privacy, policy, ethics, and regulation. As we’re automating and computerizing everything around us, such a discussion was really quite appropriate. I would hope that the future CHES would consider the importance and potential impact of such non-engineering aspects on embedded crypto.