CHES 2024

September 4-7, 2024

Halifax, Canada

The tutorials and affilated events take place on:

Wednesday, September 4, 2024.

Affilated Events

Wednesday, September 4, 2024
Argyle Level
A1
Ballroom Level
B2
Ballroom Level
B3
Ballroom Level
501/502
Ballroom Level
506/507
09:00 - 10:30
Coffee Break
11:00 - 12:30
TASER
and
ORSHSEC
PROOFS
Lunch Break
FDTC
OPTIMIST
ZTHA
13:30 - 15:00
Coffee Break
15:30 - 17:00
Sunburst

4th Topics in hArdware SEcurity and RISC-V (TASER)

Time:

9:00 — 12:30, Wednesday, September 4, 2024

Location:

Argyle Level — A1

Organizers:

  • Andy Dellow, Forfender Limited
  • Benedikt Gierlichs, KU Leuven
  • Dan Page, University of Bristol
  • Elke De Mulder, Google
  • Colin O'Flynn, NewAE Technology Inc.
  • Markku-Juhani Saarinen, Tampere University

Abstract:

The open nature of RISC-V and the associated community and eco-system have arguably led to a "golden era" of research and innovation within the field of computer architecture. This, in turn, has positively impacted the associated area of hardware security, where significant existing challenges remain and new challenges continue to emerge. RISC-V offers opportunities for academic and industrial research and development that stem from the ISA's extensible, configurable nature and the transparency afforded by access to high-quality HDL implementations. Established in 2021 as a CHES forum, TASER aims to 1) establish and solidify RISC-V as a topic of interest for CHES, and 2) act as an interface between the RISC-V and CHES communities.

Further information is available here.

OPTIMIST (Open Tools, Interfaces and Metrics for Implementation Security Testing)

Time:

9:00 — 17:00, Wednesday, September 4, 2024

Location:

Ballroom Level — B3

Organizers:

  • Aydin Aysu, North Carolina State University
  • Fatemeh Ganji, Worcester Polytechnic Institute
  • Patrick Schaumont, Worcester Polytechnic Institute

Abstract:

The OPTIMIST workshop is a forum to present and discuss new efforts that enable open and reproducible research in implementation security. The OPTIMIST emphasis is not on the artifacts themselves, but on the interfaces, components, libraries, hardware, and software tools that enable reproducibility and quality in implementation security testing.

Topics of interest:

Topics of interest for OPTIMIST include:

  • Datasets pertaining to Side-channel Analysis and Fault Analysis
  • Standard Libraries for Metrics in Implementation Security
  • Standard Application Programming Interfaces for Security Measurement Instrumentation
  • Standard Hardware Interfaces for Security Measurement Instrumentation
  • Standard Firmware Libraries and Hardware Targets for Security Evaluation

Further information is available here.

Zero Trust Hardware Architectures (ZTHA) Workshop

Time:

9:00 — 17:00, Wednesday, September 4, 2024

Location:

Ballroom Level — 506/507

Organizers:

  • Sandhya Koteshwara, IBM Research, USA
  • Mengmei Ye, IBM Research, USA
  • Hubertus Franke, IBM Research, USA

Abstract:

With an ever-increasing number of attacks on the software, firmware and hardware stacks of systems, there is an urgent need to adopt a zero-trust model for cybersecurity. The zero-trust model is based on the principle of “never trust, always verify” and is aimed at eliminating all implicit trust in a system. While adopting a zero-trust model for network security generally involves authenticating the credentials of users in the network, authorizing access, and continuously validating the credentials, these measures need to be modified and extended to create underlying hardware and firmware that is trusted and secure. Cryptography to perform authentication, verification and provide confidentiality are core technologies to enable the foundations of zero trust. Addressing the implementation challenges of cryptography is central to bringing zero-trust principles to the cloud/edge computing environments. Thus, devising novel approaches for building zero-trust architectures with efficient cryptographic implementations, from systems all the way down to silicon, is one of the big challenges for next generation hardware design.
Traditionally, research on establishing trust and security in hardware has primarily focused on the host CPU and its associated memory subsystems. These include principles of trusted execution environments, silicon roots of trust, Trusted Platform Modules, encryption at rest, etc. In addition, these techniques have primarily been focused on “boot time” verification. For firmware in continuously running systems, there is also a need to periodically reverify or continuously verify. Thus, in modern embedded and non-embedded system architectures, such as edge/cloud computing, composable systems, and chiplet based integrated circuits, trust needs to be extended beyond the host to incorporate other hardware devices and the intellectual property (IP) models used to design them. In view of threats such as compromised supply chain integrity, counterfeit chips, hardware trojan implants, malicious firmware, malware, etc., it is important to establish trust in hardware components and to communicate trust between different components of a system. This could include communication between different IPs inside an SoC, between a host and its attached peripherals, as well as between chiplets inside a multi-chip module. Trust also needs to be established and revoked in a dynamic manner, with the ability to handle large number of subcomponents in the design. Thus, a new set of protocols that can work to establish trust and security in these new types of system architectures has become necessary. While some of these protocols are being developed as industry and government standards, large-scale effort is required to bring them to adoption. It is equally important to develop open source and verifiable hardware designs that can be secure while balancing requirements for size, weight, power, performance, and functionality. The focus of this workshop will be on all aspects of security and trust required to create zero-trust hardware architectures for traditional and embedded systems, and their components.

Topics of interest:

The areas of interest include but are not limited to:

  • Extending confidential computing or Trusted Execution Environments to embedded devices, components and peripherals
  • Building security and trust through cryptography in novel computing architectures such as composable processors/composable systems
  • Enabling security and trust through cryptography in novel packaging technologies such as Heterogeneous Integration/System-in-Package/Chiplets
  • Secure and trusted integration of AI cores or AI chiplets in heterogeneous systems/circuits
  • Dynamic or runtime verification/reverification.
  • Trusted computing and cryptographic implementation challenges of real-time hardware for IoT and autonomous vehicles
  • Supply chain security of hardware and firmware
  • Threat models for applications of zero-trust architecture
  • Hardware-Enabled security for Cloud and Edge computing
  • Role of open-source designs and standards for security and trust
  • Other emerging topics in security and trust such as post-quantum cryptography, homomorphic encryption, secure multi-party computation etc.

Further information is available here.

Fault Diagnosis and Tolerance in Cryptography 2024 (FDTC 2024) Workshop

Time:

9:00 — 17:00, Wednesday, September 4, 2024

Location:

Ballroom Level — B2

Organizers:

  • Michael Tunstall, Google, USA
  • Luca Breveglieri, Politecnico di Milano, Itlay
  • Israel Koren, University of Massachusetts, USA
  • Guido Marco Bertoni, Security Pattern, Italy
  • Fabrizio De Santis, Siemens, Germany
  • Francesco Regazzoni, University of Amsterdam and UNISI, the Netherlands
  • David Naccache, Ecole Normale SupĂ©rieure, France
  • Jean-Pierre Seifert, Technische Universität Berlin & Telekom Innovation Laboratories, Germany

Abstract:

The Fault Diagnosis and Tolerance in Cryptography (FDTC) workshop brings together researchers and engineers from academia and industry who have an interest in the effect of faults, accidental or malicious, on digital devices that implement cryptographic algorithms. The FDTC workshop includes topics such as: modeling the reliability of cryptographic systems and protocols, reliable cryptographic systems and algorithms, fault models for HW and SW cryptographic devices, fault injection attacks on cryptographic systems and protocols, classical and novel techniques of fault diagnosis and tolerance for cryptographic systems, and case studies. Since 2004, the workshop has become an annual event that travels through Europe, America and Asia. The whole series of the FDTC workshops, including the current one, can be found here.

Further information is available here.

ORSHSEC — ORSHIN components’ Secure Development Life Cycle workshop

Time:

9:00 — 12:30, Wednesday, September 4, 2024

Location:

Argyle Level — A1

Organizers:

  • Guido Bertoni, Security Pattern, Italy
  • Benedikt Gierlichs, KULeuven, Belgium
  • Daniele Antonioli, Eurecom, France
  • Maria Chiara Molteni, Security Pattern, Italy

Abstract:

ORSHSEC is a workshop affiliated to CHES, held in-person as a half-day event. It will include a mixture of invited and submitted presentations.

The workshop is focused on the Secure Development Life Cycles (SDLCs) for open-source software and hardware. This approach involves integrating security practices into every phase of the development process, from design and coding to testing and deployment, thus ensuring that security is not an afterthought but a fundamental aspect of the product's development. Beside that, open source hardware, from silicon to electronic devices, has gained increasing traction in the last few years; it enables a new paradigm and allows a complete transparency of the final product.

We will also present the Trusted Life Cycle (TLC), a methodology to develop secure and privacy-preserving (I)IoT devices taking advantage of open-source hardware (and software). With this methodology it is possible to support and improve the formal verification of security properties of open source components, to devise effective security audits for them and to develop efficient, secure and privacy preserving protocols for embedded connected devices.

Then, the main topics discussed in ORSHSEC will be:

  • Open-source software and hardware
  • Secure development life cycles
  • Secure and privacy preserving protocols (inter and intra devices)
  • Formal verification of security properties
  • Security audits and tests

Further information is available here.

International Workshop on Security Proofs for Embedded Systems (PROOFS) 2024

Time:

9:00 — 12:30, Wednesday, September 4, 2024

Location:

Ballroom Level — 501/502

Organizers:

  • Stjepan Picek, Radboud University, The Netherlands
  • Maria Mushtaq, TĂ©lĂ©com Paris, France

Abstract:

The goal of the PROOFS workshop is to promote methodologies that increase the confidence in the security of embedded systems, especially those which contain cryptographic algorithms. Concretely, the PROOFS workshop seeks contributions in both theory and practice of methods and tools applied to the security of embedded systems. Examples include formal and semi-formal methods, novel side-channel or fault attacks, simulation-based leakage evaluation and security checks, protocol verification techniques, test and verification of secure embedded systems (software and hardware), provable security for physical attacks, and design tools for early security assessment.

Further information is available here.

Sunburst — Sonata Tutorial session

Time:

13:30 — 17:00, Wednesday, September 4, 2024

Location:

Ballroom Level — 501/502

Organizers:

  • John Thomson, lowRISC

Abstract:

At this event we’ll go through how to work with the Sonata board, a prototyping platform for the evaluation of CHERIoT, a CHERI derived capability architecture providing major memory safety improvements targeted at Embedded, IoT and Operational Technology applications. We’ll cover the nuts and bolts of building and running software on Sonata and introduce CHERIoT RTOS and compartmentalization. Some prerequisite setup on your laptop will be required. Registration to this affiliated event is mandatory.

Further information is available here.