Cryptographic implementations are traditionally evaluated based on a trade-off between security and efficiency. However, when it comes to physical security against attacks exploiting side-channel leakages or fault insertions, this approach is limited by the difficulty to define the adversaries (e.g., their knowledge about the target implementation) and to specify sound physical assumptions. Quite naturally, the problem becomes even more challenging in contexts where implementations can be maliciously modified during design or fabrication via so-called hardware Trojans. To a large extent, these vulnerabilities echo the general challenge of restoring trust that is faced by cryptographic research in view of the recent Snowden revelations. In this context, we believe that the design of small components able to perform secure computations locally will be an important building block of future information systems. For this purpose, the SWORD project envisions a paradigm shift in embedded security, by adding trust as an essential element in the evaluation of physically secure objects. Our two main ingredients to reach this ambitious goal are a good separation between mathematics and physics, and improved transparency in security evaluations. That is, we want cryptographic implementations to rely on physical assumptions that can be empirically verified, in order to obtain sound security guarantees based on mathematical proofs or arguments. And we want to make the empirical verification of physical assumptions more transparent, by considering open source hardware and software. By allowing adversaries and evaluators to know implementation details, we expect to enable a better understanding of the fundamentals of physical security, therefore leading to improved security, efficiency and trust in the longer term. That is, we hope to establish security guarantees based on a good understanding of the physics, rather than the (relative) misunderstanding caused by closed systems.
Side-channel attacks are an important threat against cryptographic implementations,
in which an adversary takes advantage of physical information leakages (such as the power
consumption or the electromagnetic radiation of a smart card) in order to recover secret information.
By allowing to circumvent the models in which standard security proofs are obtained, they can lead to
powerful (e.g., key recovery) attacks against a large class of devices. Therefore, such attacks exhibit
a gap between the mathematical abstractions of modern cryptography and the concrete peculiarities of
actual electronic circuits. By considering physical and algorithmic issues in a unified way,
the goal of the CRASH project was to get rid of the incompatibilities between the different models
that can be used to explain the information leakage in cryptographic implementations.
For this purpose, we first focused on the development of sound evaluation methods. Namely, since cryptographic implementations are physical objects, we developed tools and methodologies allowing designers to ensure that the security levels they claim for their implementations are (sufficiently) accurate, which implies understanding the various errors that could bias these claims. Next, and based on sound evaluation methods, we analyzed heuristic constructions (i.e., countermeasures) and formal models (of leakage-resilience) in order to establish the best ingredients (assumptions and constructions) allowing the design of efficient and side-channel resistant implementations. In this respect, an important conclusion of the project was the increasing importance of open source (hardware and software) design in order to facilitate the exploitation of formal tools, security proofs and design automation in the field of physical security. In more details, the results of the ERC project CRASH have been described in two invited talks, at SPACE 2016 and INDOCRYPT 2016. Thanks to the ICTEAM institute, we also made a short research video summarizing the outcomes of the project in less technical terms.