CHES 2024

Time:

Wednesday, September 4, 2023

Organizers:

• Andy Dellow, Forfender Limited
• Benedikt Gierlichs, KU Leuven
• Dan Page, University of Bristol
• Elke De Mulder, Google
• Colin O'Flynn, NewAE Technology Inc.
• Markku-Juhani Saarinen, Tampere University

Abstract:

The open nature of RISC-V and the associated community and eco-system have arguably led to a "golden era" of research and innovation within the field of computer architecture. This, in turn, has positively impacted the associated area of hardware security, where significant existing challenges remain and new challenges continue to emerge. RISC-V offers opportunities for academic and industrial research and development that stem from the ISA's extensible, configurable nature and the transparency afforded by access to high-quality HDL implementations. Established in 2021 as a CHES forum, TASER aims to 1) establish and solidify RISC-V as a topic of interest for CHES, and 2) act as an interface between the RISC-V and CHES communities.

Further information is available here.

Time:

Wednesday, September 4, 2023

Organizers:

• Aydin Aysu, North Carolina State University
• Fatemeh Ganji, Worcester Polytechnic Institute
• Patrick Schaumont, Worcester Polytechnic Institute

Abstract:

The OPTIMIST workshop is a forum to present and discuss new efforts that enable open and reproducible research in implementation security. The OPTIMIST emphasis is not on the artifacts themselves, but on the interfaces, components, libraries, hardware, and software tools that enable reproducibility and quality in implementation security testing. In recent years, the demand for cost-effective, low-latency encryption has significantly increased, particularly for applications such as memory encryption. The processing time required by a cryptographic primitive implemented in hardware is a crucial performance metric in these scenarios.

Further information is available here.

Time:

Wednesday, September 4, 2023

Organizers:

• Sandhya Koteshwara, IBM Research, USA
• Mengmei Ye, IBM Research, USA
• Hubertus Franke, IBM Research, USA

Abstract:

With an ever-increasing number of attacks on the software, firmware and hardware stacks of systems, there is an urgent need to adopt a zero-trust model for cybersecurity. The zero-trust model is based on the principle of “never trust, always verify” and is aimed at eliminating all implicit trust in a system. While adopting a zero-trust model for network security generally involves authenticating the credentials of users in the network, authorizing access, and continuously validating the credentials, these measures need to be modified and extended to create underlying hardware and firmware that is trusted and secure. Cryptography to perform authentication, verification and provide confidentiality are core technologies to enable the foundations of zero trust. Addressing the implementation challenges of cryptography is central to bringing zero-trust principles to the cloud/edge computing environments. Thus, devising novel approaches for building zero-trust architectures with efficient cryptographic implementations, from systems all the way down to silicon, is one of the big challenges for next generation hardware design.
Traditionally, research on establishing trust and security in hardware has primarily focused on the host CPU and its associated memory subsystems. These include principles of trusted execution environments, silicon roots of trust, Trusted Platform Modules, encryption at rest, etc. In addition, these techniques have primarily been focused on “boot time” verification. For firmware in continuously running systems, there is also a need to periodically reverify or continuously verify. Thus, in modern embedded and non-embedded system architectures, such as edge/cloud computing, composable systems, and chiplet based integrated circuits, trust needs to be extended beyond the host to incorporate other hardware devices and the intellectual property (IP) models used to design them. In view of threats such as compromised supply chain integrity, counterfeit chips, hardware trojan implants, malicious firmware, malware, etc., it is important to establish trust in hardware components and to communicate trust between different components of a system. This could include communication between different IPs inside an SoC, between a host and its attached peripherals, as well as between chiplets inside a multi-chip module. Trust also needs to be established and revoked in a dynamic manner, with the ability to handle large number of subcomponents in the design. Thus, a new set of protocols that can work to establish trust and security in these new types of system architectures has become necessary. While some of these protocols are being developed as industry and government standards, large-scale effort is required to bring them to adoption. It is equally important to develop open source and verifiable hardware designs that can be secure while balancing requirements for size, weight, power, performance, and functionality. The focus of this workshop will be on all aspects of security and trust required to create zero-trust hardware architectures for traditional and embedded systems, and their components.

Topics of interest:

The areas of interest include but are not limited to:

• Extending confidential computing or Trusted Execution Environments to embedded devices, components and peripherals
• Building security and trust through cryptography in novel computing architectures such as composable processors/composable systems
• Enabling security and trust through cryptography in novel packaging technologies such as Heterogeneous Integration/System-in-Package/Chiplets
• Secure and trusted integration of AI cores or AI chiplets in heterogeneous systems/circuits
• Dynamic or runtime verification/reverification.
• Trusted computing and cryptographic implementation challenges of real-time hardware for IoT and autonomous vehicles
• Supply chain security of hardware and firmware
• Threat models for applications of zero-trust architecture
• Hardware-Enabled security for Cloud and Edge computing
• Role of open-source designs and standards for security and trust
• Other emerging topics in security and trust such as post-quantum cryptography, homomorphic encryption, secure multi-party computation etc.

Further information is available here.

Time:

Wednesday, September 4, 2023

Organizers:

• Michael Tunstall, Google, USA
• Luca Breveglieri, Politecnico di Milano, Itlay
• Israel Koren, University of Massachusetts, USA
• Guido Marco Bertoni, Security Pattern, Italy
• Fabrizio De Santis, Siemens, Germany
• Francesco Regazzoni, University of Amsterdam and UNISI, the Netherlands
• David Naccache, Ecole Normale Supérieure, France
• Jean-Pierre Seifert, Technische Universität Berlin & Telekom Innovation Laboratories, Germany

Abstract:

The Fault Diagnosis and Tolerance in Cryptography (FDTC) workshop brings together researchers and engineers from academia and industry who have an interest in the effect of faults, accidental or malicious, on digital devices that implement cryptographic algorithms. The FDTC workshop includes topics such as: modeling the reliability of cryptographic systems and protocols, reliable cryptographic systems and algorithms, fault models for HW and SW cryptographic devices, fault injection attacks on cryptographic systems and protocols, classical and novel techniques of fault diagnosis and tolerance for cryptographic systems, and case studies. Since 2004, the workshop has become an annual event that travels through Europe, America and Asia. The whole series of the FDTC workshops, including the current one, can be found here.

Further information is available here.

Time:

Wednesday, September 4, 2023

Organizers:

• Guido Bertoni, Security Pattern, Italy
• Benedikt Gierlichs, KULeuven, Belgium
• Daniele Antonioli, Eurecom, France
• Maria Chiara Molteni, Security Pattern, Italy

Abstract:

ORSHSEC is a workshop affiliated to CHES, held in-person as a half-day event. It will include a mixture of invited and submitted presentations.

The workshop is focused on the Secure Development Life Cycles (SDLCs) for open-source software and hardware. This approach involves integrating security practices into every phase of the development process, from design and coding to testing and deployment, thus ensuring that security is not an afterthought but a fundamental aspect of the product's development. Beside that, open source hardware, from silicon to electronic devices, has gained increasing traction in the last few years; it enables a new paradigm and allows a complete transparency of the final product.

We will also present the Trusted Life Cycle (TLC), a methodology to develop secure and privacy-preserving (I)IoT devices taking advantage of open-source hardware (and software). With this methodology it is possible to support and improve the formal verification of security properties of open source components, to devise effective security audits for them and to develop efficient, secure and privacy preserving protocols for embedded connected devices.

Then, the main topics discussed in ORSHSEC will be:

• Open-source software and hardware
• Secure development life cycles
• Secure and privacy preserving protocols (inter and intra devices)
• Formal verification of security properties
• Security audits and tests

Further information is available here.

Time:

Wednesday, September 4, 2023

Organizers:

• Stjepan Picek, Radboud University, The Netherlands
• Maria Mushtaq, Télécom Paris, France

Abstract:

The goal of the PROOFS workshop is to promote methodologies that increase the confidence in the security of embedded systems, especially those which contain cryptographic algorithms. Concretely, the PROOFS workshop seeks contributions in both theory and practice of methods and tools applied to the security of embedded systems. Examples include formal and semi-formal methods, novel side-channel or fault attacks, simulation-based leakage evaluation and security checks, protocol verification techniques, test and verification of secure embedded systems (software and hardware), provable security for physical attacks, and design tools for early security assessment.

Further information is available here.