Fraunhofer-Institut für Angewandte und Integrierte Sicherheit AISEC

Filters

1
Reset filters

Settings
Now showing 1 - 10 of 436
  • Publication
    Uniform instruction set extensions for multiplications in contemporary and post-quantum cryptography
    ( 2024)
    Oberhansl, Felix Fritz
    ;
    Fritzmann, Tim
    ;
    Pöppelmann, Thomas
    ;
    Basu Roy, Debapriya
    ;
    Sigl, Georg
    Hybrid key encapsulation is in the process of becoming the de-facto standard for integration of post-quantum cryptography (PQC). Supporting two cryptographic primitives is a challenging task for constrained embedded systems. Both contemporary cryptography based on elliptic curves or RSA and PQC based on lattices require costly multiplications. Recent works have shown how to implement lattice-based cryptography on big-integer coprocessors. We propose a novel hardware design that natively supports the multiplication of polynomials and big integers, integrate it into a RISC-V core, and extend the RISC-V ISA accordingly. We provide an implementation of Saber and X25519 to demonstrate that both lattice- and elliptic-curve-based cryptography benefits from our extension. Our implementation requires only intermediate logic overhead, while significantly outperforming optimized ARM Cortex M4 implementations, other hardware/software codesigns, and designs that rely on contemporary accelerators.
  • Publication
    Cybersecurity risk analysis of an automated driving system
    ( 2023-10-25)
    Wagner, Patrick orcid-logo
    ;
    Puch, Nikolai
    ;
    Emeis, David
    New laws and technologies, but also persistent problems like truck driver shortage, have led to advances in the field of autonomous driving and consequently to new cyber risks. We present the results of our cyber security risk analysis for a Control Center-supervised Level 4 Automated Driving System (ADS), whose system model we created through expert interviews with a global truck manufacturer. Example damage scenarios with high impact rating include Disclosure of video data, Loss of ADS function in motion, Dangerous driving maneuvers, and Activation outside of Operational Design Domain. We have identified over 200 threat scenarios, consisting of a combination of main attack steps that threaten specific parts of the item and preparation steps that determine how these parts are accessed and by which type of attacker. Without taking controls into account, the realization of these threat scenarios results in 65 significant risks. We propose to treat the threat scenarios, on the one hand, by claims concerning implementation-relevant aspects as Detection of system failure and security controls such as Authentic transmission of data. We conclude by detailing principles we have extracted from our analysis that can be applied to other cyber security risk analyses of automated driving systems.
  • Publication
    CompaSeC: A Compiler-Assisted Security Countermeasure to Address Instruction Skip Fault Attacks on RISC-V
    ( 2023-01-31)
    Geier, Johannes
    ;
    Auer, Lukas orcid-logo
    ;
    Mueller-Gritschneder, Daniel
    ;
    Sharif, Uzair
    ;
    Schlichtmann, Ulf
    Fault-injection attacks are a risk for any computing system executing security-relevant tasks, such as a secure boot process. While hardware-based countermeasures to these invasive attacks have been found to be a suitable option, they have to be implemented via hardware extensions and are thus not available in most Commonly used Off-The-Shelf (COTS) components. Software Implemented Hardware Fault Tolerance (SIHFT) is therefore the only valid option to enhance a COTS system’s resilience against fault attacks. Established SIHFT techniques usually target the detection of random hardware errors for functional safety and not targeted attacks. Using the example of a secure boot system running on a RISC-V processor, in this work we first show that when the software is hardened by these existing techniques from the safety domain, the number of vulnerabilities in the boot process to single, double, triple, and quadruple instruction skips cannot be fully closed. We extend these techniques to the security domain and propose Compiler-assisted Security Countermeasure (CompaSeC). We demonstrate that CompaSeC can close all vulnerabilities for the studied secure boot system. To further reduce performance and memory overheads we additionally propose a method for CompaSeC to selectively harden individual vulnerable functions without compromising the security against the considered instruction skip faults.
  • Publication
    Enabling Lattice-Based Post-Quantum Cryptography on the OpenTitan Platform
    ( 2023)
    Stelzer, Tobias
    ;
    Oberhansl, Felix Fritz
    ;
    Schupp, Jonas
    ;
    Karl, Patrick
    The first generation of post-quantum cryptography (PQC) standards by the National Institute of Standards and Technology (NIST) is just around the corner. The need for secure implementations is therefore increasing. In this work, we address this need and investigate the integration of lattice-based PQC into an open-source silicon root of trust (RoT), the OpenTitan. RoTs are important security building blocks that need to be future-proofed with PQC. The OpenTitan features multiple cryptographic hardware accelerators and countermeasures against physical attacks, but does not offer dedicated support for lattice-based PQC. Thus, we propose instruction set extensions for the OpenTitan Big Number Accelerator (OTBN) to improve the efficiency of polynomial arithmetic and sampling. As a case study we analyze the performance of signature verification of digital signature scheme Dilithium. Our implementation verifies signatures within 997,722 cycles for security level II, pushing this RoT functionality below 10 ms for the OpenTitan s target frequency of 100 MHz. With an overhead of 242 kGE, our hardware extensions make up only about 5 % of the total RoT area. All our extensions integrate seamlessly with countermeasures against physical attacks and comply with the adversary model chosen by the OpenTitan project.
  • Publication
    Confidential Quantum Computing
    ( 2023)
    Hrdá, Barbora
    ;
    Wessel, Sascha
    Quantum computing is becoming more accessible with increasing numbers of quantum platforms. The confidentiality and integrity of data and algorithms running on these systems are important assets that need to be protected from untrusted parties. Previous approaches focus on the encryption of individual sub-areas, often using at least hybrid clients, and do not take the entire path from the classical client via a platform to the quantum computing hardware into consideration. Based on the classification of quantum algorithms we show the assets worth protecting, evolve the data flow on third-party quantum hardware and quantum computing platforms, and propose a concept architecture addressing confidentiality and integrity of processed data and code. Our approach shows that confidentiality can already be achieved for data with classical clients, while code confidentiality remains an open question. Our approach covers integrity for most complexity classes.
  • Publication
    Adapting Belief Propagation to Counter Shuffling of NTTs
    ( 2023)
    Hermelink, Julius
    ;
    Streit, Silvan
    ;
    Strieder, Emanuele orcid-logo
    ;
    Thieme, Katharina
    The Number Theoretic Transform (NTT) is a major building block in recently introduced lattice based post-quantum (PQ) cryptography. The NTT was target of a number of recently proposed Belief Propagation (BP)-based Side Channel Attacks (SCAs). Ravi et al. have recently proposed a number of countermeasures mitigating these attacks. In 2021, Hamburg et al. presented a chosen-ciphertext enabled SCA improving noise-resistance, which we use as a starting point to state our findings. We introduce a pre-processing step as well as a new factor node which we call shuffle node. Shuffle nodes allow for a modified version of BP when included into a factor graph. The node iteratively learns the shuffling permutation of fine shuffling within a BP run. We further expand our attacker model and describe several matching algorithms to find inter-layer connections based on shuffled measurements. Our matching algorithm allows for either mixing prior distributions according to a doubly stochastic mix matrix or to extract permutations and perform an exact un-matching of layers. We additionally discuss the usage of sub-graph inference to reduce uncertainty and improve un-shuffling of butterflies. Based on our results, we conclude that the proposed countermeasures of Ravi et al. are powerful and counter Hamburg et al., yet could lead to a false security perception-a powerful adversary could still launch successful attacks. We discuss on the capabilities needed to defeat shuffling in the setting of Hamburg et al. using our expanded attacker model. Our methods are not limited to the presented case but provide a toolkit to analyze and evaluate shuffling countermeasures in BP-based attack scenarios.
  • Publication
    Butterfly Transforms for Efficient Representation of Spatially Variant Point Spread Functions in Bayesian Imaging
    ( 2023)
    Eberle, Vincent
    ;
    Frank, Philipp
    ;
    Stadler, Julia
    ;
    Streit, Silvan
    ;
    Enßlin, Torsten A.
    Bayesian imaging algorithms are becoming increasingly important in, e.g., astronomy, medicine and biology. Given that many of these algorithms compute iterative solutions to high-dimensional inverse problems, the efficiency and accuracy of the instrument response representation are of high importance for the imaging process. For efficiency reasons, point spread functions, which make up a large fraction of the response functions of telescopes and microscopes, are usually assumed to be spatially invariant in a given field of view and can thus be represented by a convolution. For many instruments, this assumption does not hold and degrades the accuracy of the instrument representation. Here, we discuss the application of butterfly transforms, which are linear neural network structures whose sizes scale sub-quadratically with the number of data points. Butterfly transforms are efficient by design, since they are inspired by the structure of the Cooley–Tukey fast Fourier transform. In this work, we combine them in several ways into butterfly networks, compare the different architectures with respect to their performance and identify a representation that is suitable for the efficient representation of a synthetic spatially variant point spread function up to a (Formula presented.) error. Furthermore, we show its application in a short synthetic example.
  • Publication
    AbsIntIO: Towards Showing the Absence of Integer Overflows in Binaries using Abstract Interpretation
    ( 2023)
    Küchler, Alexander
    ;
    Wenning, Leon
    ;
    Wendland, Florian
    In the past years, the CWE-190 integer overflow led to many vulnerabilities. Program verification techniques such as Abstract Interpretation can show that no such bug is present in a given program. To date, such techniques often aim to verify the correctness of source code. However, as the source code is not always available or might not have been subject to such an analysis, it is advisable to apply abstract integer range analysis to the binary. However, analyzing binaries imposes other challenges which are not always addressed accurately by existing analysis tools. As an example, some tools fail to model bitwise operators, recover type information or do not account for compiler optimizations. We propose techniques to address these limitations and illustrate their effects in our configurable reference implementation AbsIntIO. AbsIntIO applies abstract integer range analysis to binaries with the goal to show that no integer overflow is possible. We evaluate the effects of the improvements and observed a reduction of the error rates. Hence, the improvements provide a step towards verifying the correctness of binaries.
  • Publication
    Der Wandel von Vertrauen in eine digitale Identität? - Einblicke in eine Nutzerstudie
    ( 2023)
    Kostic, Sandra
    ;
    Poikela, Maija
    Ausweisdokumente ermögliche es Personen vor Ort eindeutig zu identifizieren. Um bestimmte online Dienste wahrzunehmen zu können, bedarf es auch einer Identifikation im Internet. Hierfür wird eine digitale Identität benötigt. Dieser Beitrag stellt die Ergebnisse von zwei Studien mit Nutzenden (mit jeweils 16 und 12 Teilnehmenden) vor, die auf einem neu entwickelten Konzept einer sogenannten Identity Wallet basieren. Dieses Konzept veranschaulicht, wie Nutzende selbstständig diverse digitale Identitäten, sowohl hoheitliche wie der Personalausweis als auch nicht-hoheitliche wie der Bibliotheksausweis, in einer einzigen App speichern. Somit ist es den Nutzenden möglich ihre Identität mit einer einzigen App bei Dienstanbietern mit unterschiedlichsten Anforderungen an das Ausweisdokument nachzuweisen. Neben der Speicherung von Ausweisen oder auch Nachweisdokumenten, zeigt dieses Identity Wallet Konzept ebenso die Option auf Schlüssel (Fahrzeugschlüssel, Hotelzimmer, etc.) in derselben App zu hinterlegen. Das Konzept wurde 2020 ausgearbeitet und mit 16 Studienteilnehmenden getestet, um nicht nur die Einsatzbereitschaft der Nutzenden, sondern auch das Vertrauen in solch ein Konzept zu evaluieren. Die Teilnehmenden waren offen für den Einsatz der Wallet und vom Konzept überzeugt. In Bezug auf das Thema Vertrauen wiesen die Ergebnisse der Studie daraufhin, dass der Anbieter der Wallet Anwendung Einfluss darauf nimmt, inwieweit Nutzende beschließen, der Anwendung zu vertrauen. Etwa die Hälfte der Teilnehmenden bevorzugten den Staat als Betreiber der Wallet, während die übrigen Teilnehmenden ein privates Unternehmen präferierten. Ein überarbeitetes Konzept der Identity Wallet wurde 2022 erneut mit 12 Studienteilnehmenden getestet. Auch hier wurde die Frage der Einsatzbereitschaft der Nutzenden sowie des Vertrauens evaluiert. Die Studienteilnehmenden zeigten weiterhin eine große Bereitschaft zum Einsatz der Wallet. Allerdings veränderten sich die Ergebnisse zum Thema Vertrauen. Sie weisen darauf hin, dass nur eine Person ein privates Unternehmen als Betreiber der Wallet bevorzugt, während die übrigen Teilnehmenden den Staat favorisieren.