Prof. Ing. Tomáš Hruška, CSc.

Information system security - research of attacks on tamper-resistant cryptographic hardware

Research leader:Hanáček Petr
Team leaders:Cvrček Daniel, Hrubý Martin, Hruška Tomáš, Peringer Petr, Rábová Zdeňka
Agency:Czech Science Foundation
Code:GA102/04/0871
Start:2004-01-01
End:2006-12-31
Keywords:cryptography;tamper resistant hardware;attacks
Annotation:
The main goal of the project is a research of security aspects of hardware implementations of cryptographic mechanisms. The implementations are called tamper-proof devices and they are typically smart cards or cryptographic coprocessors. The design of majority of available tamper-proof devices does not deal with various forms of side effects of cryptographic algorithms execution. A side-channel is the term commonly used for places where such undesirable information appears. The volume and usefulness of information we are able to extract depends on the form of the side-channel. However, number of scientific papers proves that it is possible to effectively analyse information from side-channels and use the results for compromise of tamper-proof devices.The project consists of three main areas. We will design and build laboratory instruments for implementation of attacks exploiting side-channels. The attacks will produce experimental data. The second area consists of a design of analytic methods for effective processing of experimental data in such a form that allows reconstruction of sensitive data. The proposed methods will be checked on real devices. The last area deals with the design of countermeasures against side-channel attacks. We will use already known approaches as well as the principles of our analytic methods. The goal is to decrease the amount of useful information in side-channels and determine minimum amount necessary for successful attack.

Publications

2007BLAHÁK Petr and CVRČEK Daniel. Alternativní zabezpečení WiFi sití. IT System. Brno: CCB ltd., 2007, vol. 2007, no. 2, pp. 1-6. ISSN 1212-4567.
2006BLAHÁK Petr and CVRČEK Daniel. Alternativní zabezpečení pro WiFi sítě. In: DATAKON 2006. Brno, 2006, pp. 1-8.
 CVRČEK Daniel and PECHO Peter. Systém prihlasovania čipovými kartami v OS Linux. In: DATAKON 2006. Brno, 2006, pp. 1-8.
 CVRČEK Daniel and SEDLÁK Michal. Zabezpečení systémů VoIP. In: DATAKON 2006. Brno, 2006, pp. 1-8.
 CVRČEK Daniel, DANEZIS George, KUMPOŠT Marek and MATYÁŠ Václav. A Study on The Value of Location Privacy. In: Workshop on Privacy in Electronic Society 2006. Washington, 2006, p. 10.
 CVRČEK Daniel, DANEZIS George, KUMPOŠT Marek and MATYÁŠ Václav. The Value of Location Information. In: not yet known. Berlin, 2006, pp. 1-4.
 CVRČEK Daniel, KOUŘIL Daniel, LORENC Václav and MATYÁŠ Václav. Autentizační hardwarový token nové generace. In: DATAKON 2006. Brno: Masaryk University, 2006, pp. 229-238. ISBN 80-210-4102-1.
 CVRČEK Daniel, KUMPOŠT Marek and MATYÁŠ Václav. A Privacy Classification Model Based on Linkability Valuation. In: Security and Embedded Systems. NL: Kluwer Academic Publishers, 2006, pp. 91-98. ISBN 978-1-58603-580-8.
 HANÁČEK Petr. Bezpečnost informačních systémů a chyby při návrhu - jsme schopni jim zabránit?. In: Sborník příspěvků MKB06. Brno: TNS, 2006, pp. 89-94. ISBN 978-80-903083-7-4.
 PERINGER Petr. Open Source Simulation and Data Analysis Tools. In: Proceedings of ASIS 2006. Ostrava, 2006, pp. 109-112. ISBN 80-86840-26-3.
 RÁBOVÁ Zdeňka, HANÁČEK Petr and HRUBÝ Martin. Prostředí pro modelování bezpečných systémů. In: Proceedings of NETSS06. Ostrava, 2006, pp. 39-42. ISBN 80-86840-06-9.
 SAMEK Jan. Security Model of Information Systems. In: Proceedings of XXVIIIth International Autumn Colloquium ASIS 2006. Ostrava, 2006, pp. 101-105. ISBN 80-86840-26-3.
2005BOND Mike and CVRČEK Daniel. Penetration to Secure Hardware. In: SPI 2005. Brno, 2005, p. 1.
 CVRČEK Daniel and LATISLAV Richard. TCP - resetovací útok. In: DATAKON 2005, Proceedings of the Annual Database Conference. Brno: Masaryk University, 2005, pp. 301-310. ISBN 8021038136.
 CVRČEK Daniel and MATYÁŠ Václav. PIN (&Chip) or signature - beating or cheating?. In: SPW 05 Proceedings - The System Likes You and Wants To Be Your Friend. Berlin: University of Hertfordshire, 2005, p. 5.
 CVRČEK Daniel, KUMPOŠT Marek and MATYÁŠ Václav. On Privacy Classification in Ubiquitous Computing Systems. International Scientific Journal of Computing. 2005, vol. 4, no. 2, pp. 26-35. ISSN 1727-6209.
 CVRČEK Daniel. RFID - přeceněné ambice?. In: SmartWorld 2005 - soubor prezentací. Zlín, 2005, p. 7.
 DAO Anh Minh and ZBOŘIL František V. Partition of Fuzzy Parameters in Neuro-Fuzzy System for Monochrome Images Classification. In: Proceedings of the NETSS2005. Ostrava, 2005, pp. 56-62. ISBN 80-86840-07-7.
 HANÁČEK Petr and STAUDEK Jan. Správa identity. In: Sborník konference DATAKON 2005. Brno: Masaryk University, 2005, pp. 123-146. ISBN 80-210-3813-6.
 HANÁČEK Petr, HRUBÝ Martin and RÁBOVÁ Zdeňka. Heterogeneous Modelling Applied in System Security. In: Proceedings of the International Workshop MOSMIC'2005. Žilina: Faculty of management science and Informatics of Zilina University, 2005, pp. 30-36. ISBN 80-8070-139-3.
 HANÁČEK Petr, PERINGER Petr and RÁBOVÁ Zdeňka. Získávání vstupních dat pro modely bezpečnosti. In: Proceedings of ASIS 2005. Ostrava, 2005, pp. 68-73. ISBN 80-86840-16-6.
 HANÁČEK Petr. Problems of Security in Ad Hoc Sensor Network. In: Proceedings of MOSIS'05. Ostrava, 2005, pp. 79-84. ISBN 80-86840-10-7.
 HRUŠKA Tomáš, ed. DATAKON 2005 -Proceedings of the Annual Database Conference (ed. Tomáš Hruška). Brno: Masaryk University, 2005. ISBN 80-210-3813-6.
 KUNOVSKÝ Jiří and ZEMAN David. Experimental Simulation Computations. In: ASIS 2005. Ostrava, 2005, pp. 211-215. ISBN 80-86840-16-6.
 KUNOVSKÝ Jiří, TOMICA Petr and PETŘEK Jiří. Parasitic Effects in Electronic Circuits Simulations. In: Proceedings of 39th International Conference MOSIS '05. Ostrava, 2005, pp. 128-134. ISBN 80-86840-10-7.
 MARTINEK David, KUNOVSKÝ Jiří and ZACIOS Dalibor. Taylor Series in Control and Simulation. In: Proceedings of 39th International Conference MOSIS '05. Ostrava, 2005, pp. 56-60. ISBN 80-86840-10-7.
 MARTINEK David. Modelling of a Waste Incinerator. In: Proceedings of XXVII International Autumn Colloquium ASIS 2005 Advanced Simulation of Systems. Ostrava, 2005, pp. 62-67. ISBN 80-86840-16-6.
 ONDRÁČEK Tomáš and ZBOŘIL František V. Constructive Gradient Neural Network. In: MOSIS '05. Ostrava, 2005, pp. 196-201. ISBN 80-86840-10-7.
 ONDRÁČEK Tomáš and ZBOŘIL František V. System Time Coefficients Identification by Constructive Gradient Neural Network. In: ASIS 2005. Ostrava, 2005, pp. 29-36. ISBN 80-86840-16-6.
 ZBOŘIL František V. Trilobot Robot Control. In: MOSMIC'2005. Žilina: Zilina University Publisher, 2005, pp. 47-52. ISBN 80-8070-468-6.
 ZBOŘIL František and ZBOŘIL František V. Inteligentní systémy. In: Proceedings of the I&IT '04. Banská Bystrica: Faculty of Natural Sciences of Matej Bel University, 2005, pp. 20-25. ISBN 80-8083-017-7.
 ZBOŘIL František. Development of a New Simulation Tool for Intelligent Distributed Systems. In: Proceedings of the International Workshop MOSMIC'2005. Žilina: Faculty of management science and Informatics of Zilina University, 2005, pp. 67-72. ISBN 80-8070-468-6.
 ZBOŘIL František. Low Level Language for Agent Behaviour Control. In: Proceedings of XXVIIth International Autumn Colloquium ASIS 2005. Ostrava, 2005, pp. 138-143. ISBN 80-86840-16-6.
 ŠVENDA Petr and CVRČEK Daniel. Smart dust security - key infection revisited. In: STM 2005. Milano, 2005, pp. 11-25. ISSN 1571-0661.
2004BOND Mike, CVRČEK Daniel and MURDOCH Steven J. Unwrapping the Chrysalis. Technical report. Cambridge: Computer Laboratory, Cambridge University, 2004, no. 592. ISSN 1476-2986.
 BOND Mike, CVRČEK Daniel and MURDOCH Steven J. Bezpečný hardware, který není zase tak bezpečný. DSM Data Security Management. 2004, vol. 2004, no. 5, pp. 44-47. ISSN 1211-8737.
 BOND Mike, CVRČEK Daniel and MURDOCH Steven J. Reverse-engineering kryptografického modulu. Crypto-world. Praha: 2004, vol. 2004, no. 9, pp. 8-14. ISSN 1801-2140.
 CVRČEK Daniel and KRHOVJÁK Jan. Útoky na a přes API: PIN Recovery Attacks. In: Mikulášská kryptobesídka - Sborník přednášek. Brno: Trusted Network Solutions, a.s., 2004, pp. 55-62. ISBN 80-903083-4.
 CVRČEK Daniel and MATYÁŠ Václav. Informační soukromí a jeho měřitelnost. DSM Data Security Management. 2004, vol. 2004, no. 6, pp. 10-14. ISSN 1211-8737.
 CVRČEK Daniel and MATYÁŠ Václav. On the role of contectual information for privacy attacks and classification. In: Workshop on Privacy and Security Aspects of Data Mining. Brighton, 2004, pp. 31-39.
 CVRČEK Daniel and MATYÁŠ Václav. Privacy - what do you mean?. In: UBICOMP Privacy Workshop. Nottingham, 2004, pp. 12-18.
 CVRČEK Daniel and MATYÁŠ Václav. Pseudonymity in the light of evidence-based trust. Lecture Notes in Computer Science. 2004, vol. 2006, no. 3957, pp. 267-274. ISSN 0302-9743.
 CVRČEK Daniel, KRHOVJÁK Jan and MATYÁŠ Václav. Hardwarové bezpečnostní moduly - API a útoky. In: Europen, XXV. konference, sborník příspěvků. Plzeň: ECOM-MONITOR, 2004, pp. 91-114. ISBN 80-86583-07-4.
 CVRČEK Daniel, KRHOVJÁK Jan and MATYÁŠ Václav. Útoky a kryptografie v hardwarovém provedení. DSM Data Security Management. 2004, vol. 2004, no. 5, pp. 16-19. ISSN 1211-8737.
 CVRČEK Daniel. Dynamics of Reputation. In: NordSec'04. Helsinki: Helsinki University of Technology, 2004, pp. 1-7. ISSN 1455-9749.
 FLORIÁN Vladimír, HANÁČEK Petr and SLAVÍČEK Pavel. Analysing methods for modelling attacks on security devices. In: Proceedings of 38th International Conference MOSIS'04. Ostrava, 2004, pp. 261-265. ISBN 80-85988-98-4.
 HANÁČEK Petr and LASOŇ Martin. Securing Web Services. In: Proceedings of ISIM04 - Tutorial. Ostrava, 2004, pp. 1-20. ISBN 80-86840-01-8.
 HANÁČEK Petr, PERINGER Petr and RÁBOVÁ Zdeňka. Analýza simulačních dat získaných z kryptografického modulu. In: Proceedings of ASIS 2004. Ostrava, 2004, p. 6. ISBN 80-86840-03.
 HANÁČEK Petr, PERINGER Petr and RÁBOVÁ Zdeňka. Využití modelů při analýze bezpečnosti kryptografických modulů. In: NETSS2004. Ostrava, 2004, pp. 115-120. ISBN 80-85988-92-5.
 HANÁČEK Petr, ZBOŘIL František and ZBOŘIL František V. Bezpečná komunikace autonomních agentů-robotů v nepřátelském prostředí. In: NETSS2004. Ostrava, 2004, pp. 91-95. ISBN 80-85988-92-5.
 HANÁČEK Petr. Informační systémy podle norem ISO. e-biz. Brno: Computer Press, s.r.o, 2004, vol. 2004, no. 2, pp. 57-58. ISSN 1213-063X.
 HRUBÝ Martin, PERINGER Petr and RÁBOVÁ Zdeňka. Modelling of Tamper-Proof Devices. In: Proceedings of 38th International Conference MOSIS'04. Ostrava, 2004, p. 6. ISBN 80-85988-98-4.
 KUNOVSKÝ Jiří, ZACIOS Dalibor and TOMICA Petr. Modern Taylor Series Method and Coefficients of Fourier Transform Series. In: Proceedings of 38th International Conference MOSIS '04. Ostrava, 2004, pp. 87-92. ISBN 80-85988-98-4.
 KUNOVSKÝ Jiří, ŘEZÁČ David and MELKES František. Modern Taylor Series Method. In: Proceedings of 38th International Conference MOSIS '04. Ostrava, 2004, pp. 9-20. ISBN 80-85988-98-4.
 KUNOVSKÝ Jiří, ŘEZÁČ David and TOMICA Petr. Non-autonomous Example of Stiff System. In: Proceedings of the sixth international scientific conference Electronic Computers and Informatics ECI 2004. Košice: The University of Technology Košice, 2004, pp. 81-85. ISBN 80-8073-150-0.
 ZBOŘIL František and ZBOŘIL František V. Building of Multiagent Models. In: Proceedings of the ECI2004. Košice: The University of Technology Košice, 2004, pp. 388-393. ISBN 80-8073-150.

Your IPv4 address: 3.81.28.94
Switch to https