Pascal Sasdrich heads an Emmy Noether Group at the Faculty of Computer Science. © Caroline Schreer

IT Security A new Emmy Noether group aims to make hardware chips provably secure

Pascal Sasdrich will be funded by the Deutsche Forschungsgemeinschaft with 1.3 million euros for his project CAVE.

In 2023, the German Research Foundation funds a new Emmy Noether group in the field of IT security at Ruhr University Bochum, Germany. Dr. Pascal Sasdrich, Chair of Security Engineering/Faculty of Computer Science is the research group leader. With his project “Computer-aided verification of physical security poperties”, CAVE for short, he wants to advance the protection of security-critical implementations, such as those used in hardware chips, against physical attacks. Within the Emmy-Noether program, CAVE is funded with 1.3 million euros over six years, which qualifies for a university professorship.

Users rely on trusting the technology

In our digital environment, we use numerous objects that contain embedded chips. These hardware elements are nowadays quite small but hold important functions.“To put it simply, a chip encrypts or decrypts data by cryptographic processes,” explains Sasdrich. From EC cards to IoT (internet of tings) devices for the smart home: concerning sensitive data, users rely on trusting the technology. The more surprising it seems that many chips are not verifiably secure. That means they cannot withstand all kinds of attacks, Sasdrich says. “Pen-Testing is often done in the commercial world using best practices. If the prototype can withstand the tested attacks, it might be promoted as secure,” Sasdrich says. But there are many ways to attack, and testing exhaustively is often impossible. For example, an attacker uses the power consumption of the chips to infer information about security-critical data. In IT security, this is called a side-channel attack. It could be used to break the encryption of secret information.

Implementation of security in technical components, however, costs time and money – and requires technical expertise. Tasks such as protection against side-channel analysis or fault injection analysis are sophisticated and error-prone, even with years of experience, Sasdrich says. In contrast, some attacks targeting these chips don’t require much effort. This makes them a real threat.

Verify components’ ability to withstand attacks during the design process

That’s why Sasdrich’s project aims to develop methods that can be used during the design process to verify components’ ability to withstand attacks. They can ease the developers’ workload by enabling automated and computer-aided testing even before the prototype is created. These procedures have the potential to increase the security of future developments.

The research group’s work is based on two principles. The first is based on scientifically formalizing the attacker models. By doing so, they can prove the security of their assumptions. The other is to develop tools and programs based on the formalized attacker models that can be used during the chip design process.

Initially, Sasdrich’s research group will focus on cryptographic functions. The long-term goal, he says, remains to work toward provable security for an entire processor. This would be a valuable contribution by the Bochum scientists to the protection of our sensitive data.

Press contact

Dr. Pascal Sasdrich
Faculty of Computer Science
Ruhr University Bochum
Germany
Phone: +49 234 32 25734
Email: pascal.sasdrich@rub.de

Download high-resolution images
Der Download der gewählten Bilder erfolgt als ZIP-Datei. Bildzeilen und Bildnachweise finden Sie nach dem Entpacken in der enthaltenen HTML-Datei.
Nutzungsbedingungen
Die Verwendung der Bilder ist unter Angabe des entsprechenden Copyrights für die Presse honorarfrei. Die Bilder dürfen ausschließlich für eine Berichterstattung mit Bezug zur Ruhr-Universität Bochum verwendet werden, die sich ausschließlich auf die Inhalte des Artikels bezieht, der den Link zum Bilderdownload enthält. Mit dem Download erhalten Sie ein einfaches Nutzungsrecht zur einmaligen Berichterstattung. Eine weitergehende Bearbeitung, die über das Anpassen an das jeweilige Layout hinausgeht, oder eine Speicherung der Bilder für weitere Zwecke, erfordert eine Erweiterung des Nutzungsrechts. Sollten Sie die Fotos daher auf andere Weise verwenden wollen, kontaktieren Sie bitte redaktion@ruhr-uni-bochum.de

Published

Friday
13 January 2023
9:01 am

By

Christina Scholten

Translated by

Christina Scholten

Share