MIL OSI Translation. Region: Germany / Deutschland –
Source: Federal Office for Information Security, Bonn, Date 09.10.2020 From September 14th to 18th, 2020, the International Association for Cryptologic Research (IACR) hosted the Conference on Cryptographic Hardware and Embedded Systems (CHES). The CHES is the world’s largest and most renowned hardware-related cryptography conference. This year, due to the Covid 19 pandemic, it took place purely virtually. Beijing was originally intended as the venue. Every year in the run-up to CHES, an international, prestigious scientific competition takes place: The CHES Challenge. With a team of eight employees, the BSI once again took part in the side-channel competition in 2020 and won all the prizes that were ultimately awarded Cyber security in digitization – in Germany and internationally. Because algorithms in hardware and software change constantly and quickly, Germany needs competent thought leaders who shape, establish and promote information security in digitization with a large national and international network. This networking enables us to bundle know-how and expand our position as a competence center for cyber security. As part of such competitions and events, we share important findings and the information gained from them with the professional communities and established personalities in the industry. In addition, we enrich each other through the continuous dialogue, ”said BSI President Arne Schönbohm about this success. The task of the BSI team as part of the CHES Challenge 2020 was to test several specially protected implementations of a new cryptographic algorithm for side-channel resistance. Participation in the competition has thus provided a number of new findings in the field of side channel analysis, which will also be incorporated into future evaluation processes. The topic of “side channel resistance”, for example, also plays a major role in the certification of IT products according to Common Criteria (CC). This year’s side channel challenge was more demanding than the previous one from 2018: Instead of the established Advanced Encryption Standard ( AES) a previously relatively unknown cipher called Clyde was considered. Clyde is part of the Spook algorithm, which is one of the candidates in the second round of the Lightweight Cryptography competition of the National Institute of Standards and Technology (NIST). Lightweight algorithms are specially designed for use in environments with limited resources and are used, for example, in the Internet of Things (IoT) or smartphones environment. Side channels play a special role in connection with security implementations: modern, technical measuring devices allow highly precise time – and make current or electromagnetic emissions measurements while a device is performing encryption operations. Such measurements can be used to draw conclusions about sensitive information in the context of a side channel analysis – such as parts of the secret key (see photo). The less well protected the device, the easier it is to do it. The security of encryption methods therefore depends not only on the cryptographic security of the algorithms and protocols used, but also on their practical implementation, which should reveal as little side-channel information as possible. The implementation of (lightweight) algorithms is therefore often – as in competition – particularly protected against side-channel attacks. In order to break this nonetheless, attack methods were used that had to be specially adapted to the present implementation and are based on methods of artificial intelligence. And the competition, which consisted of a software and a hardware part, continues: Since none of the team has solved the hardware challenges, the organizers of the CHES-Challenge have extended the deadline to December. Further information on the CHES and the CHES-Challenge can be accessed via the links below. Experimental setup for recording side channel measurements Source: BSI Security in information technologyPostfach 20036353133 BonnTelephone: +49 228 99 9582-5777Telefax: +49 228 99 9582-5455E-Mail: email@example.com
EDITOR’S NOTE: This article is a translation. Apologies should the grammar and / or sentence structure not be perfect.