Conference on Cryptographic Hardware and Embedded Systems 2018

Amsterdam, The Netherlands, September 9–12, 2018

Posters and Tutorials

Download the call for posters in pdf format.
Download the call for tutorials in pdf format.

Tutorials

On Sunday, September 9, there will be two tutorials running in parallel:

Domenic J. Forte and Rajat Subhra Chakraborty: Counterfeit Integrated Circuits: Threats, Detection, and Avoidance

The business of counterfeit electronics, of which counterfeit integrated circuits (ICs) constitute a major component, is one of the largest illegal trades in the world. It is estimated that over 30% of all ICs currently in circulation are counterfeit, and additionally 1% of all ICs sold annually are counterfeit. How is this possible? The economics of the modern semiconductor industry has created an atmosphere that is very convenient for electronic counterfeiting and hardware intellectual property (IP) piracy. In the good old days, IC design companies were in complete control of their entire supply chain, including IC fabrication, packaging, testing, and distribution. Today, prohibitive costs associated with owning and operating IC fabrication facilities (or "fabs") has made this infeasible for all but a few companies. As a result, the model followed today is "fabless" or "fab-lite" where many of the aforementioned tasks are outsourced to facilities in a handful of countries. With lesser oversight of their supply chains, design houses are vulnerable to IP theft and counterfeiting. In addition, the new upgrade cycle associated with laptops, mobile devices, etc. is increasing the rate of IC obsolescence. This is a serious concern for legacy electronic systems that exist throughout civil and government infrastructure. Unable to go to the original chip manufacturers (OCMs), those tasked with maintaining legacy systems must pay exorbitant prices for obsolete chips from untrustworthy distributors - well known sources of counterfeits.

The widespread penetration of counterfeit ICs is of great concern for a variety of reasons, including but not limited to (i) the threat they pose to critical systems and cyber infrastructure, the welfare of society, and the environment, (ii) the substantial resources that their sale channels into groups that disrupt and corrupt society, such as organized crime and terrorism, (iii) the loss of business and market reputation of semiconductor and electronics companies, (iv) the negative impact they have on innovation, economic growth, and employment.

In this tutorial, we shall cover the following (a) threats and impacts of electronic counterfeiting and hardware IP piracy; (b) adversarial models including the supply chain vulnerabilities (from the nation state to do-it-yourself), counterfeit type taxonomy (recycled, remarked, overproduced, cloned, etc.), and counterfeit defect taxonomy; (c) the complete taxonomy of counterfeit detection and avoidance approaches (physical inspection, electrical tests, and design-for-anti-counterfeit) and their challenges/limitations; (d) cutting-edge microscopy, image processing, pattern recognition, and classification techniques for automated physical inspection; (e) advanced electrical tests aimed at detecting counterfeit commercial-off-the-shelf memories (SRAM, Flash, DRAM) and FPGAs; (f) novel primitives, sensors, and frameworks for end-to-end protection of new designs and IP; (g) IP encryption and the cryptographic flaws uncovered in the IEEE P1735 standard; (h) a summary of open problems and future research directions including formal treatment of counterfeit electronics in the tradition of modern cryptography, the feasibility of remote initialization and testing of chips, development of detection/avoidance techniques suitable for analog and mixed signal (AMS) chips, out-of-the-box methodologies for replacing legacy systems, and recommendations for benchmarking and standardization.

Sonia Belaïd and Benjamin Grégoire: Formal Verification of Masked Implementations

Masking is a popular countermeasure to protect implementations against differential power analysis. The security guarantees of software and also hardware masking can advantageously be captured through formal models. The existence of such models has been instrumental to the emergence of fully automated methods for analyzing masked implementations.

The tutorial will present an overview of formal analysis techniques and tools for masked implementations. We will start with a brief introduction on differential power analysis and masking and quickly get to a survey of existing models for evaluating the security of masked software and hardware implementations. It will include the threshold probing model, and its variants to support transitions and glitches, the noisy leakage model, and the bounded moment model. We shall then give a unified framework that captures all these settings. We will then give an overview of the different techniques and tools for proving security of concrete implementations in these models. We shall discuss their respective strengths based on a series of case studies including hardware and software implementations implemented at different masking orders. This first part of the tutorial will conclude with a demonstration of the maskverif tool, which can be used to verify gadgets at reasonably high orders.

The second part of the tutorial will discuss the problem of secure composition. It has been shown that popular security notions used in the context of masking do not compose if used without care. However, recent work provides solutions to this problem. We will describe available methods for achieving secure composition. In particular, we will define strong non-interference, and illustrate how it can be used for compositional proofs for larger gadgets such as S-boxes. This second part of the tutorial will conclude with two demonstrations. Namely, we shall give a demonstration of the maskcomp tool, which can be used to generate masked implementations at arbitrary orders, and we will give a demonstration of a very recent tool that also generates masked implementations at arbitrary orders but with less refreshing.

The last part of the tutorial will describe succinctly the problem of improving randomness complexity of masked implementations, and present an overview of existing works. Namely, recent improvements in the randomness complexity of strong gadgets like non-linear multiplications and refreshings will be presented.

Call for Posters

Following their success in previous events, the technical program at CHES 2018 will be supplemented by various additional activities. To this end, we invite proposals of interest for a poster presentation session to be held during the conference:

  • At the (informal) poster presentation session, authors display a prepared poster outlining, e.g., work in progress; this offers an ideal means of discussing and getting feedback on said work, and engaging with the wider CHES community.
  • Proposals are welcomed on {\em any} topic of broad interest to the CHES community: the stated topics of interest for CHES 2018 should not be interpreted as a limit.
  • Rather than a poster, the proposal should be a 1-page PDF clearly stating the following information:
    • a title,
    • an author (or list thereof), including name, affiliation, and email address,
    • an abstract of up to 500 words.
  • Proposals (and/or any questions) should be submitted by email to Sonia Belaïd <sonia.belaid@cryptoexperts.com> (Poster Session Chair), noting the following deadlines:

    Submission: 30 June 2018
    Notification: 30 Jule 2018

  • Although the deadline has now passed, we will continue to accept poster submissions on a first- come, first-served basis until the venue capacity is reached.

  • The notification of acceptance will specify any further logistical details required. However, note that
    • at least one author for each poster must be available for discussion during the CHES 2018 poster session,
    • to match the display boards available, each poster must have an A0 portrait format,
    • the author(s) of each poster are responsible for printing and and shipping it.