IT Security A new Emmy Noether group aims to make hardware chips provably secure
Pascal Sasdrich will be funded by the Deutsche Forschungsgemeinschaft with 1.3 million euros for his project CAVE.
In 2023, the German Research Foundation funds a new Emmy Noether group in the field of IT security at Ruhr University Bochum, Germany. Dr. Pascal Sasdrich, Chair of Security Engineering/Faculty of Computer Science is the research group leader. With his project “Computer-aided verification of physical security poperties”, CAVE for short, he wants to advance the protection of security-critical implementations, such as those used in hardware chips, against physical attacks. Within the Emmy-Noether program, CAVE is funded with 1.3 million euros over six years, which qualifies for a university professorship.
Users rely on trusting the technology
In our digital environment, we use numerous objects that contain embedded chips. These hardware elements are nowadays quite small but hold important functions.“To put it simply, a chip encrypts or decrypts data by cryptographic processes,” explains Sasdrich. From EC cards to IoT (internet of tings) devices for the smart home: concerning sensitive data, users rely on trusting the technology. The more surprising it seems that many chips are not verifiably secure. That means they cannot withstand all kinds of attacks, Sasdrich says. “Pen-Testing is often done in the commercial world using best practices. If the prototype can withstand the tested attacks, it might be promoted as secure,” Sasdrich says. But there are many ways to attack, and testing exhaustively is often impossible. For example, an attacker uses the power consumption of the chips to infer information about security-critical data. In IT security, this is called a side-channel attack. It could be used to break the encryption of secret information.
Implementation of security in technical components, however, costs time and money – and requires technical expertise. Tasks such as protection against side-channel analysis or fault injection analysis are sophisticated and error-prone, even with years of experience, Sasdrich says. In contrast, some attacks targeting these chips don’t require much effort. This makes them a real threat.
Verify components’ ability to withstand attacks during the design process
That’s why Sasdrich’s project aims to develop methods that can be used during the design process to verify components’ ability to withstand attacks. They can ease the developers’ workload by enabling automated and computer-aided testing even before the prototype is created. These procedures have the potential to increase the security of future developments.
The research group’s work is based on two principles. The first is based on scientifically formalizing the attacker models. By doing so, they can prove the security of their assumptions. The other is to develop tools and programs based on the formalized attacker models that can be used during the chip design process.
Initially, Sasdrich’s research group will focus on cryptographic functions. The long-term goal, he says, remains to work toward provable security for an entire processor. This would be a valuable contribution by the Bochum scientists to the protection of our sensitive data.
