The PRINCE research project addresses the challenge of building leakage-resilient primitives and leakage-resilient implementations for standard algorithms. Through an appropriate security modelling, the embedded security industry has never been closer to fill in the gap between empirically secure cryptographic implementations and built-in, provably perfect resistance against side-channels.
Who can I contact?
Related research projects
Exploring the reverse-engineering taboo.
The goal of the MARSHAL project is to design and realize a mobile security object that withstands all known reverse-engineering attacks by means of software and hardware countermeasures.
Boosting Elliptic Curves in the Embedded World.
Many business cases and user experiences could be improved or made more profitable if specific ECC-supporting hardware existed that would speedup security protocols by an order of magnitude at minimal cost. The main purpose of Eclipses is to accelerate progress towards such hardware solutions and subsequently boost low-cost public-key and pairing-based cryptography in embedded secure applications.
Verifying side-channel countermeasures with automatic tools.
Cryptographic implementations are often vulnerable to side-channel attacks, which exploit the physical emanations of the underlying component to retrieve the manipulated secrets. They are very powerful and easy to implement. The most widely used countermeasure today is masking, which aims to randomize the manipulated data. The VERISICC project aims to build new methods to automatically verify and generate proven masked cryptographic implementations. VERISICC relies on the multidisciplinarity of its consortium, ranging from researchers specializing in formal methods and side-channel attacks (INRIA, University of Luxembourg) to end-users (IDEMIA), to design innovative software tools with the support of SMEs (CryptoExperts and NinjaLab). These tools will allow on the one hand industrial people to develop safe and effective protected implementations by reaching a high level of certification and on the other hand to certification bodies (represented in the consortium by ANSSI) to quickly and accurately verify the implementations submitted to an evaluation. In particular, the project will focus on the evaluation of existing techniques, the choice of more efficient techniques, and the design of tools dedicated to equipment actually used on the market.
Cryptography is only one component of information security, but it is a crucial component. Without cryptography, it would be impossible to establish secure communications between users over insecure networks like the Internet. In particular, public-key cryptography (invented by Diffie and Hellman in 1976) enables to establish secure communications between users who have never met physically before. One can argue that companies like E-Bay or Amazon could not exist without public-key cryptography.
Since 30 years the theory of cryptography has developed considerably. However cryptography is not only a theoretical science; namely at some point the cryptographic algorithms must be implemented on physical devices, such as PCs, smart cards or RFIDs. Then problems arise: in general smart cards and RFIDs have limited computing power and leak information through power consumption and electro-magnetic radiations. Similarly a PC can be exposed to various computer viruses which can leak private informations to a remote attacker. Such information leakage can be exploited by an attacker; this is called a side-channel attack. It is well known that a cryptographic algorithm which is perfectly secure in theory can be completely insecure in practice if improperly implemented.
In general, countermeasures against side-channel attacks are heuristic and can only make a particular implementation resist particular attacks. Instead of relying on ad-hoc security patches, a better approach consists in working in the framework of provable security. The goal is to prove that a cryptosystem does not only resist specific attacks but can resist any possible side-channel attack. As already demonstrated with cryptographic protocols, this approach has the potential to significantly increase the security level of cryptographic products. For the industrial partners, a higher certification level in Common Criteria evaluations can then be targeted.
Recently the cryptography research community has developed new security models to take into account these practical implementation attacks; the most promising such model is called the leakage-resilient model. However, this field of research is still in infancy: the leakage-resilient model does not necessarily capture any possible real-world attack, and the recent schemes that have been proven secure under this model are not necessarily fully secure against all kind of side-channel attacks (and most of them are still impractical).
OBJECTIVES AND EXPECTED OUTCOMES
The cryptography and security community (from research and industry alike) is well aware of this critical issue. Very recently a workshop on Provable security against physical attacks has taken place at Lorentz Center (The Netherlands, February 15-19, 2010) in the explicit intention for experts in the theory of cryptography to share knowledge and solve issues with experts in the embedded security industry. Our proposal is along the same line and is intended to foster concrete scientific advances to keep the French smart card industry one step ahead of international competition. We aim to undertake research in the field of leakage-resilient cryptography with a practical point of view. Our goal is to design efficient leakage-resilient cryptographic algorithms and invent new countermeasures for non-leakage-resilient cryptographic standards. These outcomes shall realize a provable level of security against side-channel attacks and come with a formally verified implementation. For this every practical aspect of the secure implementation of cryptographic schemes must be taken into account, ranging from the high-level security protocols to the cryptographic algorithms and from these algorithms to their implementation on specific devices which hardware design may feature different leakage models.
PRINCE is an industrial research initiative that brings together theoretical cryptographers and industrial experts from the embedded security arena. The public laboratory partners are Ecole Normale Supérieure and Université de Versailles. Industrial partners are Oberthur, Gemalto, Ingenico and Tranef.