Cryptography Secured against Physical Attacks

As electronic devices become ubiquitous, the attacker often has physical access to the device that is the implementation of cryptographic primitives. One class of physical attack is side-channel analysis (SCA), a non-invasive attack that measures side-channel leakages from a device such as execution time, power consumption, electromagnetic radiation. Another class is fault attacks (FA), in which the attacker introduce computational errors by physically inject failures on device interconnections and transistors. With the advent of the Internet-of-Things, the interest in building embedded cryptographic systems against SCA/FA on these systems is steadily increasing. Masking is a popular and established countermeasure against SCA, that randomize any sensitive data manipulated during cryptographic computations. Protection against FA is typically done either by duplication or by using infection, i.e., ensuring that any induced fault results in garbage output. The research direction of combined countermeasures against both SCA and FA is young and experimental. The application of the countermeasures can significantly increase the implementation cost. The countermeasures also require a large number of true random number generators (TRNG), which further increase the implementation cost. Thus, This Ph.D. program can be conducted on these research problems. Against combined attacks, the security notions can be formalized and a more realistic adversary model can be developed so that the secure countermeasure can be improved in performance. On masking, the implementation cost of latency, area, and energy consumption can be further reduced by proposing new masking schemes. On the design process of such implementations, the robust automated verification tools can be extended to handle larger circuits and practical security notions, or to new metrics and procedures for combined security.