The tutorials and the affiliated event take place on:
Sunday, September 18, 2022.
Kaveh Razavi and Patrick Jattke, Computer Security Group, ETH Zurich
This tutorial takes the students through the steps of a Rowhammer attack on modern systems. We will start by introducing the Rowhammer problem and how it can be abused to compromise the security of systems in different scenarios. We will then discuss the protections that are deployed on modern DDR4 devices against Rowhammer and show new techniques that can be used to bypass these protections. The students will then try out these techniques using a Rowhammer fuzzer that will trigger your first Rowhammer bit flip(s). We then look at the building blocks that are necessary for the operation of such a fuzzer, starting from the architecture of DRAM and the steps that are necessary for reverse engineering the physical to DRAM addressing functions.
Stjepan Picek, associate professor, Digital Security Group, Radboud University, Nijmegen, The Netherlands.
Side-channel attacks (SCAs) have represented a realistic and serious threat to the security of embedded devices for already three decades. A variety of attacks and targets they can be applied to have been introduced, and while the area of side-channel attacks and their mitigation is very well-researched, it is yet to be consolidated.
Among various SCA types, profiling side-channel attacks received significant attention as this type of attack defines the worst-case security assumptions. In profiling attacks, machine (and deep) learning-based attacks represent an extremely vibrant research direction.
Deep learning-based side-channel attacks entered the field in recent years with the promise of more competitive performance and enlarged attackers' capabilities compared to other techniques. Indeed, such attacks are very powerful as they can break targets protected with countermeasures but are also "easier" to deploy as they do not require pre-processing and feature selection. At the same time, those new attacks bring new challenges and complexities to the domain.
This tutorial will provide an overview of the developments in deep learning-based side-channel attacks. We will cover relevant topics like data augmentation, neural network selection, hyperparameter tuning, evaluation of the attack performance, explainability, and custom neural network elements (loss functions, activation functions).
The tutorial will cover both the theoretical and the practical aspects. The attendees will have the opportunity to run the code on their laptops and tweak some of the well-known approaches presented in the last few years, including those from the CHES conference.
Besides covering the "success" stories, we will also discuss the challenges to be addressed in the next years.
Since the tutorial runs for half a day, we will also provide scripts that the participants can run at home to increase the value of the tutorial and the depth of the topics covered.
Matthieu Rivain (CryptoExperts)
Aleksei Udovenko (University of Luxembourg)
The goal of white-box cryptography is to protect secret keys embedded in cryptographic softwares against adversaries that have full access to the underlying execution environment. The development of applications running on untrusted smart devices or on IoT devices with low hardware security is appealing for white-box cryptography as a building block of wider security solutions. Despite the industrial need, the advances in terms of secure white-box designs have been limited from the scientific point of view. This state of affairs has driven the development of practical solutions, mixing different types of countermeasures and obfuscation techniques, whose security partly relies on obscurity (i.e. secrecy of the underlying techniques). In this paradigm, attackers aim to develop automatic attacks (a.k.a. gray-box attacks, e.g. adapting known side-channel and fault attacks to the white-box context) to avoid costly reverse engineering while designers aim to design practically-secure implementations which resist a wide class of such attacks. This tutorial will aim at giving an overview of the field of white-box cryptography with a practical session to experiment with designing and attacking white-box implementation in this "gray-box paradigm”.
The first part of the tutorial will consist of a presentation giving a general introduction of white-box cryptography. We will cover theoretical / definitional aspects by introducing several notions and their relations. We will review early designs of white-box implementations and see why they fail to meet their security goals. We will finally have a closer look at gray-box attacks and countermeasures applied to white-box cryptography and what we learned from the WhibOx contests.
The second part of this tutorial will consist of a practical hands-on lesson on generating simple white-box implementations with basic protections and cryptanalysing them with different generic methods. We will learn how to create circuit-based white-box implementations (on the classic example of the AES block cipher), including protections such as (non)linear masking and (dummy) shuffling. Then, we will illustrate strengths and weaknesses of these protections by applying generic attacks such as exact matching, correlation / DCA, (differential) algebraic / LDA.