LSV Seminar

The LSV seminar takes place on Tuesday at 11:00 AM. The usual location is the conference room at Pavillon des Jardins (venue). If you wish to be informed by e-mail about upcoming seminars, please contact Stéphane Le Roux and Matthias Fuegger.

The seminar is open to public and does not require any form of registration.

Past Seminars

Towards provable security against side-channel attacks

 Boris Köpf
Tuesday, December 15 2009 at 11:00AM
Salle de Conférence (Pavillon des Jardins)
Boris Köpf (University of Saarbrücken)

Side-channel attacks threaten the security of cryptographic algorithms by exploiting information that is revealed by the physical characteristics of the algorithm's execution, for example through variations in the running time or power consumption. In distributed environments such as the Internet, timing attacks are the most daunting kind of side-channel attack: Timing can be measured and exploited remotely, opening the door for a potentially large number of attackers. Unfortunately, there have been no countermeasures against timing attacks that are practical and provably secure at the same time. In this talk, I present work on novel methods for reasoning about the security of countermeasures against side-channel attacks. The basis for this work is a model that enables one to express bounds for the amount of information that can be extracted from a system in a side-channel attack. I present algorithms for computing such bounds, and I report on experimental results where we apply these algorithms to analyze concrete implementations of cryptographic algorithms. One finding is that the state-of-the-art countermeasure against timing attacks reduces the rate at which an implementation leaks information about the key, but that the entire key information is still eventually revealed. Finally, I present recent work where we propose a novel countermeasure against timing attacks that is provably secure in our model. A case study shows that this countermeasure is also practical in that it leads to implementations with minor performance overhead.

About LSV