The goal of the MARSHAL project is to design and realize a mobile security object that withstands all known reverse-engineering attacks by means of software and hardware countermeasures.
Who can I contact?
Give us the instruction set of your microcontroller and we do the rest.
We have more than 20 years of experience in developing and delivering cycle-accurate optimized cryptographic libraries. Our software is available on a variety of hardware platforms and supports standard and advanced cryptographic algorithms.
Use white-box software in lieu of a secure element.
White-box cryptography turns a keyed cryptographic algorithm into an unintelligible program with the same functionality. The white-box secure program can then be executed in an untrusted environment without fear of exposing the underlying keys. The code itself is tamper-proof, just as a secure element.
Related research projects
Formally proving that your crypto libs are side-channel resistant.
The PRINCE research project addresses the challenge of building leakage-resilient primitives and leakage-resilient implementations for standard algorithms. Through an appropriate security modelling, the embedded security industry has never been closer to fill in the gap between empirically secure cryptographic implementations and built-in, provably perfect resistance against side-channels.
Boosting Elliptic Curves in the Embedded World.
Many business cases and user experiences could be improved or made more profitable if specific ECC-supporting hardware existed that would speedup security protocols by an order of magnitude at minimal cost. The main purpose of Eclipses is to accelerate progress towards such hardware solutions and subsequently boost low-cost public-key and pairing-based cryptography in embedded secure applications.
Mobile security devices – such as smart cards, payment terminals, SIM cards, USB tokens – have become more and more widespread in the past years. They aim to provide some security features (authentication, payment, …) to users by means of cryptographic algorithms. These products must resist a large variety of practical attacks, from the simplest ones such as power consumption based attacks, to the most invasive ones based on microscope observation and probing.
Most of the time, specifications of commercial security products are not made publicly available in order to restrict the advance of effective attacks. But quite often these products are reverse-engineered, which results in a total disclosing of their internal secrets. Reverse-engineering consists in understanding how a system has been designed and in extracting the binary code of its running programs, in order to extract its secrets and/or to clone the system. A typical example is the case of pay-TV systems. Some hackers get to reverse-engineer the full system including hardware memories and processors as well as embedded software code. Once the application is understood, the hackers create a clone of the system without access control management and that enables fraudulently access to some protected multimedia content (pay-TV, video games, …). Cloned systems are then sold on a black market. The hacking of protected multimedia content has given rise to a real informal economy.
OBJECTIVES AND EXPECTED OUTCOMES
The main outcome of the project is the design and realization of a prototype for a portable security product (e.g. a smart card) that resists all forms of reverse-engineering attacks. The prototype will be conceived for providing secure access control to digital content, but the proposed solutions must be portable to further security services (banking authentication, e-wallet, …). The prototype will include a module for access control management with a deciphering unit based on the AES block-cipher, as well as a data decompression module. It will enable to decipher and read some protected digital content available on the Internet.
The prototype will have to withstand two types of attacks. First, it will resist reverse-engineering attacks against the access control module that aim to recover the deciphering keys. Namely, the data stored in the device must remain confidential even for an attacker who is able to recover the memory content as well as the software code running on the device. Secondly, the prototype will be secure against reverse-engineering attacks that aim to recover the design of the data decompression module, in a consideration for protection of the intellectual property.
In order to achieve such a prototype, three main directions will be investigated:
- Protections against reverse-engineering at the hardware level. We will develop effective hardware countermeasures against reverse-engineering, and in particular against SCARE attacks (Side Channel Analysis for Reverse Engineering) and FIRE attacks (Fault Injection for Reverse Engineering).
- Protection against reverse-engineering at the software level. We will develop effective methods to overcome the reverse-engineering of software code and in particular new solutions of obfuscation for cryptographic algorithms.
- Legality of reverse-engineering. We will develop a theory for the legality of reverse-engineering to define what can be legally done or not in terms of reverse-engineering.