Research
Research Context:As embedded systems are being massively deployed in the automotive industry, intelligent healthcare, Internet-of-Things (IoT) and smart infrastructure, developing security-aware designs became a vital research area. These systems are not only highly-constrained design environments, but are also vulnerable to implementation attacks. Implementation attacks are practical attacks that target the underlying implementation of a cryptographic algorithm rather than its mathematical foundation. The power consumption, electromagnetic radiation, execution time and response to injected faults are side-channel outputs that can leak information about the internal secret key, an attack that is commonly called Side-Channel Analysis (SCA). SCA is a passive, noninvasive attack that can not be detected by the underlying system (other than fault injection, which is active) and can break an AES implementation after a single execution. For instance, an adversary can apply SCA over a legitimate sensor or control unit that he owns in order to reveal the secret key used for communication. Then, he can put this sensor in a target system in order to cause physical damage. Summary: My research seeks a deeper and more quantified understanding of implementation attacks against critical IoT systems and proposes novel, security-aware designs that are protected against these attacks without violating usability, cost or real-time constraints.LR-Keymill: a new crypto structures with inherent security against SCAIn the crypto community, it is widely acknowledged that any cryptographic scheme that is built with no special countermeasure against side-channel attacks (SCA) can be easily broken. Our new research challenges this intuition. Lets introduce LR-Keymill. LR-Keymill, or Leakage Resilient Keymill, is an SCA-secured keystream generator. It accepts 128-bits of secret key and 128-bits of Initialization Vector (IV) to generate a pseudorandom binary output stream of any length. LR-Keymill consists of four NLFSRs where the feedback functions are connected together through a rotating cross-connect, as shown in the figure. The rotating cross-connect mixes the feedback functions, so that, the internal state of any register depends on the internal state of all the other register. More details about LR-Keymill can be found in these two papers, here and here. LR-Keymill is secured against passive SCA attacks without incorporating any special SCA countermeasures. The reason for this claim is that (very briefly), for every secret key, there is a large set of other keys that generate the exact same power signature, mandating a post-attack search phase with large time-complexity. On average, the required time-complexity after an SCA attack against the LR-Keymill is 67.9 bits. This time-complexity exceeds the birthday-boundary of AES (64 bits), and is considered safe for practical applications. Attacking Block-Ciphers:
Protecting Block-Ciphers:
Attacking Hashing Functions:
Protecting Hashing Functions:
MSc Research:During the MSc degree, we proposed a reliable broadcasting protocol for life-safety messages in Vehicular Ad-Hoc Networks (VANETs). Results of this research were presented in ISSPIT’07 and VTC’08. My MSc research was cited more than 99 times.
|