Theory of Implementation Security Workshop 2020

- Rescheduled to 15-19 February 2021 -

28 April - 1 May 2020

Venue: Lorentz Center@Oort

If you are invited or already registered for this workshop, you have received login details by email.

This workshop has been rescheduled to 15 - 19 February 2021

The more important information and communication technology becomes in our professional and private lives, the more important it is whether the underlying technology is trustworthy. Cryptography forms an essential building block for solutions that offer security and privacy. The traditional application of cryptography is the protection of communication lines. In this scenario it is assumed that both sender and receiver have equipment protected by physical means and hence are not subject to attacks. Given this assumption, there exist various well defined and standardized algorithms and protocols that can be used today. However, in modern applications like payment cards, set-top boxes, IoT devices, etc., this assumption is no longer true. The attacker often has physical access to the device on which the cryptographic algorithms are executed, and can conduct physical attacks by measuring the side channels (execution time, power consumption, electro-magnetic (EM) radiation) or injecting faults (glitching, laser injection, electro-magnetic perturbation).

With the deployment of the Internet of Things, the interest in physical attacks on embedded systems and the implementation security of these systems is rapidly increasing, both in academia and industry. Take for example a typical IoT device where a secure execution environment can only be guaranteed if device boot, firmware update, debug access and device attestation are secured. The security of these services heavily relies on secure implementation of cryptographic primitives. Protecting symmetric and private keys during encryption and signing as well as the protection of signature verification against physical attacks is of the utmost importance for guaranteeing a secure execution environment on IoT device.

Secure implementation of cryptographic primitives is possible only when the tools used for functional and security verification are part of the design process. Certification comes as the final ingredient, ensuring independent assessment of the implemented countermeasures. Theory of secure implementation,  its verification and certification are the three topics we are going to cover during the workshop. System aspects such as impact on performance, power consumption and silicon area are also going to be taken into account and carefully considered during our discussions.
Sophisticated security certification and evaluation methods (FIPS, CC, etc.) have been established to give assurance about the functionality and claimed security. The drawback is that currently there is no standardized methodology, let alone a clear theory of implementation security. This lack of formalization results in industry using time consuming, expensive and sometimes dubious methods to achieve and validate implementation security. Therefore, there is an emerging need on one side for further developing and deploying in industry provably secure protection methods and automated verification tools; and on the other side improving the efficiency and quality of certification by integrating these tools and methods which will allow assessment of the resilience of implementations to physical attacks with low cost and in a short time. All these challenges motivate even more research on the Theory of Implementation Security.

One of the goals of the workshop will be to discuss current and future challenges of implementation security when cost and performance metrics together with increasingly strong adversaries are considered. Along the same line, various novel attack vectors and methodologies to verify the security of a given implementation are of crucial importance, as development of countermeasures (as well as the verification tools) is not feasible without knowing the possible expertise and capability of the adversary. Another goal of the workshop is to propose possible alternatives to define recommendations based on the best practices for HW/SW implementations secure against physical attacks, which could serve as a base for future standard(s). We plan to devote special attention to the ongoing initiative of NIST to standardize threshold cryptography, in particular threshold circuits. 



    Tuesday 28 April

    09:0011:00 Arrival, office assignment, practicalities, etc.
    11:0011:15 Welcome by Lorentz Center
    11:1511:30 Welcome by Scientific Organizing committee
    11:3012:00 Defining the topics for the working-groups
    12:0013:30 Lunch

    Keynote lecture from NIST

    14:3015:30 Plenary discussion on the NIST draft for a standard on threshold cryptography in
    15:3016:00 Coffee break
    16:0017:00 Finalizing of the research groups on the defined topics and decide on leaders for the
    17:0019:00 Wine & Cheese

    Wednesday 29 April


    Keynote lecture (tbc)

    10:0010:30 Coffee break
    10:3012:00 Contributed Presentations on open problems
    12:0013:30 Lunch
    13:3014:30 Small research groups
    14:3015:00 Plenary discussion
    15:0015:30 Coffee break
    15:3017:30 Small research groups
    17:3018:00 Plenary intermediate evaluation of achievements
    18:0021:00 Workshop dinner

    Thursday 30 April

    09:0010:00 Contributed Presentations on open problems
    10:0010:30 Coffee break
    10:3011:30 Small research groups
    11:3012:00 Plenary discussion and presenting results achieved in the groups
    12:0013:30 Lunch

    Keynote lecture (Thomas Roche)

    14:3015:30 Small research groups
    15:3016:00 Coffee break
    16:0017:00 Plenary intermediate evaluation of achievements and working (towards the NIST guidelines document)

    Friday 1 May


    Keynote lecture (tbc)

    10:0010:30 Coffee break
    10:3011:00 Plenary discussion on the result from all research groups and setting-up the deadlines and procedures to collect the input to the NIST document.
    11:0012:00 Final conclusions and plans for deliverables after the workshop – input to the white paper
    12:0013:30 Lunch
    Please log in to view the participants information...

    Svetla Petkova-Nikova, KU Leuven  

    Emmanuel Prouff, ANSSI  

    Amir Moradi, Horst Görst Institute for IT-Security in Ruhr University Bochum  

    Miroslav Knezevic, NXP  

    Begül Bilgin, Rambus, NL  

Wendy van der Linden

+31 71 527 5542

Follow us on:

Niels Bohrweg 1 & 2

2333 CA Leiden

The Netherlands

+31 71 527 5400