Dagstuhl Seminar 16342
Foundations of Secure Scaling
( Aug 21 – Aug 26, 2016 )
Permalink
Organizers
- Lejla Batina (Radboud University Nijmegen, NL)
- Swarup Bhunia (University of Florida - Gainesville, US)
- Patrick Schaumont (Virginia Polytechnic Institute - Blacksburg, US)
- Jean-Pierre Seifert (TU Berlin, DE)
Contact
- Andreas Dolzmann (for scientific matters)
- Susanne Bach-Bernhard (for administrative matters)
In electronic system design, scaling is a fundamental force present at every abstraction level. Over time, chip feature sizes shrink; the length of cryptographic keys and the complexity of cryptographic algorithms grows; and the number of components integrated in a chip increases. While scaling is generally thought of as beneficial to the resulting implementations, this does not hold for secure electronic design. Larger and faster chips, for example, are not necessarily more secure. Indeed, the relations between scaling and the resulting security are poorly understood.
This Dagstuhl Seminar will host researchers in secure electronic system design, spanning all abstraction levels from cryptographic engineering over chip design to system integration. A 5-day program will highlight the benefits of scaling at each major abstraction level during the first three days, and subsequently discuss the scaling relationships during the next two days.
The mechanisms of secure scaling require investigation of the links between Cryptography, Technology, and Digital Integration. Cryptographers are concerned with novel and secure algorithms that remain secure even as cryptanalytic capabilities improve. Technologists are concerned with the next generation of transistors and their implementation into a reliable and stable process technology. Integrators are concerned with electronic design automation tools that can manage the rapidly increasing complexity of electronic design, and with the integration of components on a complex system-on-chip.
Through its participants, the seminar offers a unique opportunity to discuss cross-cutting topics in Secure Scaling. The following list are examples of such cross-cutting topics -- during the workshop, additional cross-cutting topics will be identified and added to the list.
- Power/Energy Efficient Crypto: Secure wireless devices and Secure RFID are two well known examples of applications that require security under severe power and/or energy constraints. Optimizing a cryptographic algorithm for power/energy efficiency needs to consider all abstraction levels of design.
- High-Performance Crypto: Information Technology is increasingly asymmetric, with larger, high-performance servers at one end, and a large population of tiny devices at the other side. Cryptographic designs must scale towards high-performance, high-throughput implementations while it must also accommodate small-footprint, low-latency designs.
- Secure Test: Complex chips utilize a number of testing strategies such as BIST and JTAG. When a chip includes a secure part, the test infrastructure carries a potential risk of abuse. Secure Test is a test strategy for complex chips that takes this risk fully into account.
- Implementation Attacks: In modern cryptographic designs, side-channel analysis, fault-analysis and physical tampering are an integral part of the threat model. This requires design techniques that fully integrate countermeasures as part of the design process. In addition, the design of a countermeasure effective against most forms of tampering is an open research issue.
The seminar will enable participants to learn about the state-of-the-art developments in the three different domains covered in the workshop (Cryptography, Integration, and Technology). The seminar will also support presentation of specific cross-cutting topics, as well as round-table (panel-style) discussions. The morning sessions of the first three days (Monday through Wednesday) will be used to highlight each of the three research domains. The afternoon sessions of the first three days will be used to discuss selected cross-cutting topics. After returning from an excursion on Thursday morning, we propose a series of round-table discussions to elaborate on selected topics that were brought up during the first three days.
In electronic system design, scaling is a fundamental force present at every abstraction level. Over time, chip feature sizes shrink; the length of cryptographic keys and the complexity of cryptographic algorithms grows; and the number of components integrated in a chip increases. While scaling is generally thought of as beneficial to the resulting implementations, this does not hold for secure electronic design. Larger and faster chips, for example, are not necessarily more secure. Indeed, the relations between scaling and the resulting security are poorly understood. This Dagstuhl Seminar hosted researchers in secure electronic system design, spanning all abstraction levels from cryptographic engineering over chip design to system integration.
Discussion Topics
The mechanisms of secure scaling require investigation of the links between Cryptography, Technology, and Digital Integration. Cryptographers are concerned with novel and secure algorithms that remain secure even as cryptanalytic capabilities improve. Technologists are concerned with the next generation of transistors and their implementation into a reliable and stable process technology. Integrators are concerned with electronic design automation tools that can manage the rapidly increasing complexity of electronic design, and the are concerned with the integration of components on a complex system-on-chip.
Through its participants, the seminar offered a unique opportunity to discuss cross-cutting topics in Secure Scaling. The following list are examples of such cross-cutting topics.
- Scaling effects in Privacy and Security. The massive amount of connected devices will create significant challenges towards security and privacy. Major questions involve data ownership and key ownership and management.
- Power/Energy Efficient Crypto: Secure wireless devices and Secure RFID are two well known examples of applications that require security under severe power and/or energy constraints. Optimizing a cryptographic algorithm for power/energy efficiency needs to consider all abstraction levels of design.
- High-Performance Crypto: Information Technology is increasingly asymmetric, with larger, high-performance servers at one end, and a large population of tiny devices at the other side. Cryptographic designs must scale towards high-performance, high-throughput implementations while it must also accommodate small-footprint, low-latency designs.
- Secure Test: Complex chips utilize a number of testing strategies such as BIST and JTAG. When a chip includes a secure part, the test infrastructure carries a potential risk of abuse. Secure Test is a test strategy for complex chips that takes this risk fully into account.
- Complexity Management in Secure SoC: Managing and integrating a secure module into system-on-chip context is challenging and creates a hard verification problem that cuts through multiple traditional layers of design. Furthermore, managing multiple stakeholders in a single chip design is extremely challenging and may result in conflicting design requirements.
- Implementation Attacks: In modern cryptographic designs, side-channel analysis, fault-analysis and physical tampering are an integral part of the threat model. This requires design techniques that fully integrate countermeasures as part of the design process. In addition, the design of a countermeasure effective against most forms of tampering is an open research issue.
- Technology effects on implementation attacks. Better insight the internal operation of secure implementations at all abstraction levels leads to novel implementation attacks, that work at finer granularity, and that use novel source of leakage such as optical leakage.
The seminar supported participants in learning about the state-of-the-art developments in the three different domains covered in the workshop (Cryptography, Integration, and Technology). The seminar also supported the presentation of specific cross-cutting topics, as well as round-table (panel-style) discussions.
- Debapriya Basu Roy (Indian Institute of Technology - Kharagpur, IN) [dblp]
- Lejla Batina (Radboud University Nijmegen, NL) [dblp]
- Guido Bertoni (ST Microelectronics - Agrate, IT) [dblp]
- Swarup Bhunia (University of Florida - Gainesville, US) [dblp]
- Christian Boit (TU Berlin, DE) [dblp]
- Chen-Mou Cheng (National Taiwan University - Taipei, TW) [dblp]
- Joan Daemen (STMicroelectronics - Diegem, BE) [dblp]
- Jia Di (University of Arkansas - Fayetteville, US) [dblp]
- Thomas Eisenbarth (Worcester Polytechnic Institute, US) [dblp]
- Naofumi Homma (Tohoku University, JP) [dblp]
- Yier Jin (University of Central Florida - Orlando, US) [dblp]
- Nele Mentens (KU Leuven, BE) [dblp]
- Debdeep Mukhopadhyay (Indian Institute of Technology - Kharagpur, IN) [dblp]
- Ventzislav Nikov (NXP Semiconductors - Leuven, BE) [dblp]
- Svetla Petkova-Nikova (KU Leuven, BE) [dblp]
- Bart Preneel (KU Leuven, BE) [dblp]
- Sandip Ray (NXP Semiconductors - Austin, US) [dblp]
- Francesco Regazzoni (University of Lugano, CH) [dblp]
- Kazuo Sakiyama (The University of Electro-Communications, JP) [dblp]
- Patrick Schaumont (Virginia Polytechnic Institute - Blacksburg, US) [dblp]
- Peter Schwabe (Radboud University Nijmegen, NL) [dblp]
- Georg Sigl (TU München, DE) [dblp]
- Shahin Tajik (TU Berlin, DE) [dblp]
- Ingrid Verbauwhede (KU Leuven, BE) [dblp]
- Hirotaka Yoshida (AIST - Tsukuba, JP) [dblp]
- Bilgiday Yuce (Virginia Polytechnic Institute - Blacksburg, US) [dblp]
Classification
- hardware
- security / cryptology
- verification / logic
Keywords
- Cryptographic Engineering
- Very Large Scale Integration
- Secure Hardware Design
- Technology Scaling
- Complexity Scaling
- Secure Evaluation.