The Chair for Embedded Security is interested in all aspects of cryptography and security in “devices”, e.g., handhelds such as the iPod or Blackberry, smart cards, RFID tags but also larger systems like cars. Our research can be divided in the following general areas:
- Implementation attacks
- Security analysis of real-world systems
- High-speed cryptography
- Lightweight cryptography
- Cryptanalytical machines
- Emerging embedded security applications (GPS, cars, …)
Since the late 1990s it has become obvious that it is not sufficient that a cryptographic algorithm is merely mathematically secure. It is often fairly easy to break (i.e., to extract secret keys) crypto applications using physical attacks, for instance by monitoring the power consumption of a smart card, or by injecting faults via the power supply. Our work deals with the theory and experimental realization of implementation attacks, including passive side channel attacks and fault injection attacks. Representative publications include:
- Timo Kasper, David Oswald, Christof Paar, "New Methods for Cost-Effective Side-Channel Attacks on Cryptographic RFIDs". RFIDSec 2009.
- Kerstin Lemke-Rust, Christof Paar, "Gaussian Mixture Models for Higher-Order Side Channel Analysis". CHES 2007.
In order to design a highly secure system, it is indispensable that an application is investigated with respect to vulnerabilities. Hence, attempting to “break” a system is an important part of modern security engineering. We systematically research whether real-world systems can be broken, and with which effort. The methods we use include implementation attacks as well as classical cryptanalysis. The lessons we learn from those investigate greatly help to improve further products and systems. Representative publications include:
- Thomas Eisenbarth, Timo Kasper, Amir Morai, Christof Paar, Mahmoud Salmasizadeh, Mohammad T. Manzuri Shalmani, "On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoq Code Hopping Scheme". CRYPTO 2008. Santa Barbara, USA.
- Yifei Liu, Timo Kasper, Kerstin Lemke-Rust, Christof Paar, "E-Passport: Cracking Basic Access Control Keys with Copacobana". SHARCS Workshop 2007, Vienna, Austria.
Highly efficient implementations of crypto algorithms are often required in practice, for instance in high-speed computer networks or in mobile networks with tight real-time requirements (e.g., for car2car communication). Because public-key algorithms such as RSA or elliptic curves are extremely arithmetic intensive, high performance implementations are a challenging research problem. In addition to widely used ciphers, we also investigate the implementation properties of future algorithms, e.g., hyperelliptic curves or post-quantum cryptography.
One focus of our research is on hardware architectures for symmetric and public-key algorithms. In addition to computer architectures for ASICs, we have extensive research efforts related to FPGAs and crypto algorithms. The other focus is on high-speed realizations in software. In addition to general-purpose CPUs (e.g., from Intel or AMD), we also investigate crypto algorithms on “unconventional” processors such as graphic cards (GPUs) or the Cell Processor which can be found in Sony’s PlayStation. Representative publications include:
- Robert Szerwinski, Tim Güneysu, "Exploiting the Power of GPUs for Asymmetric Cryptography".CHES 2008, Washington, USA.
- Tim Güneysu, Christof Paar, "Ultra High Performance ECC over NIST Primes on Commercial FPGAs". CHES 2008, Washington, USA.
Security is needed in an ever increasing number of embedded devices. Examples are RFID tags, smart cards, PDAs, and even medical implants. Many of these pervasive applications are tightly costs constrained, e.g., RFID tags as bar code replacement or contactless payment cards for public transportation. Our research looks in extremely low-cost symmetric ciphers, public-key algorithms and hash functions. A very successful research effort was the design of the PRESENT block cipher, which can be realized with 1000 gates and is currently being standardized by ISO. We also investigate highly optimized software implementations on embedded processors. Representative publications include:
- T. Eisenbarth, S. Kumar, C. Paar, A. Poschmann, L. Uhsadel "A Survey of Lightweight Cryptography Implementations", IEEE Design & Test of Computers, November 2007.
- A. Bogdanov, L.R. Knudsen, G. Leander, C. Paar, A. Poschmann, M.J.B. Robshaw, Y. Seurin, and C. Vikkelsoe "PRESENT: An Ultra-Lightweight Block Cipher". CHES 2007, Vienna, Austria.
- Markus Vogt, Axel Poschmann, Christof Paar, "Cryptography is Feasible on 4-Bit Microcontrollers - A Proof of Concept". International IEEE Conference on RFID 2009, Florida, USA.
Crypto algorithms are designed such that they are not breakable with current computers. However, ciphers can become vulnerable with special-purpose cryptanalytical machines. An early example of such a machine is the Bombe used by the British intelligence agencies to break the German Enigma during World War II.
Our research is concerned with both the computer engineering aspects and the cryptanalytical methods needed for cryptanalytical machines. Together with the University of Kiel we designed COPACOBANA (Cost-Optimized Parallel Code Breaker), which consists of 120 parallel FPGAs. COPACOBANA is first programmable code-breaking machine outside government agencies. It can break algorithms such as DES or the A5/1 cipher used for encrypting GSM voice communications. We also investigate special-purpose hardware for factoring attacks against RSA. Representative publications include:
- Tim Güneysu, Timo Kasper, Martin Novotný, Christof Paar, Andy Rupp, "Cryptanalysis with COPACOBANA". IEEE Trans. Computers, November 2008.
- J. Pelzl, M. Simka, T. Kleinjung, J. Franke, C. Priplata, C. Stahlke, M. Drutarovsky, V. Fischer, and C. Paar, "Area-Time Efficient Hardware Architecture for Factoring Integers with the Elliptic Curve Method", IEE Proceedings on Information Security, October, 2005.
In the past, the use of cryptography and security was mainly confined to specific applications such as banking or government communication. Nowadays, due to the advent of ubiquitous computing, many, many new applications and systems have security needs. Examples include cars, medical devices or heavy machinery. We research security for such applications from a systems level and from a crypto-algorithm level. We have major efforts in the area of IT security in cars. For instance, in 2003 we started the conference series escar – Embedded Security in Cars. Representative publications include:
- Marko Wolf, "Security Engineering for Vehicular Systems -- Improving Trustworthiness and Dependability of Automotive IT Applications", Dissertation, Ruhr-Universität-Bochum, Deutschland, April 2008.
- Kerstin Lemke, Christof Paar, Marko Wolf (Eds.), "Embedded Security in Cars", Springer Monograph Series, 2006.