PresentationPDF Available

Securely implementing cryptography on embedded targets

October 2022

Conference: Digital Tech Summit 2022

Authors:

Diego F. Aranha

Aarhus University

Content uploaded by Diego F. Aranha

Content may be subject to copyright.

DE PART MEN T OF ENG INEER ING

28 JUN E 2019 ASSIST ANT PRO FESSOR

DIEGO F. ARAN HA

AARHUS

UNIVERSITY

SECURELY IMPLEMENTING

CRYPTOGRAPHY ON

EMBEDDED

TARGETS

DIEGO F. ARANHA

@DFARANHA

DFARANHA@CS.AU.DK

DIEGO F. ARAN HA

28 JUN E 2019 ASSIST ANT PRO FESSOR

DE PART MEN T OF ENG INEER ING

AARHUS

UNIVERSITY

MOTIVATION

Secure infrastructure is crucial for modern society.

DIEGO F. ARAN HA

28 JUN E 2019 ASSIST ANT PRO FESSOR

DE PART MEN T OF ENG INEER ING

AARHUS

UNIVERSITY

MOTIVATION

Software is eating the world!”

 (Marc Andreessen, 2011)

Essentially every industry is undergoing

some form of digitalization.

Unfortunately, such efforts rarely are conducted with

security and privacy in mind.

DIEGO F. ARAN HA

28 JUN E 2019 ASSIST ANT PRO FESSOR

DE PART MEN T OF ENG INEER ING

AARHUS

UNIVERSITY

MANY CHALLENGES

Providing

security properties

in embedded systems is

challenging:

1. Complexity and time-to-market

2. Broad attack surface (attacker has

physical access

)

3. Resource-constrained devices

4. Sensitive applications

Critical: Proper

threat modelling

DIEGO F. ARAN HA

28 JUN E 2019 ASSIST ANT PRO FESSOR

DE PART MEN T OF ENG INEER ING

AARHUS

UNIVERSITY

POSSIBLE FUTURE!

Cryptography can

mitigate

or even

solve

security and

privacy issues in the Internet of Things:

Main advantage: formal guarantees!

Secure software

Install/update/

execution

Data protection

(at rest, in

transit, during

computation)

Security services

(device auth,

secure log/debug)

Privacy-preserving

computation

DIEGO F. ARAN HA

28 JUN E 2019 ASSIST ANT PRO FESSOR

DE PART MEN T OF ENG INEER ING

AARHUS

UNIVERSITY

WHY SOFTWARE?

DIEGO F. ARAN HA

28 JUN E 2019 ASSIST ANT PRO FESSOR

DE PART MEN T OF ENG INEER ING

AARHUS

UNIVERSITY

WHAT CAN GO WRONG?

Traditional attackers always bypassed cryptography.

Modern

rational attackers

target weak cryptography:

1. Key generation/storage/distribution

2. Choice of algorithms, key lengths, parameters

3. Public-key certificate validation

4. Side-channel leakage

DIEGO F. ARAN HA

28 JUN E 2019 ASSIST ANT PRO FESSOR

DE PART MEN T OF ENG INEER ING

AARHUS

UNIVERSITY

WHAT CAN GO WRONG?

Elliptic Curve Cryptography (ECC) is currently king:

1. Short parameters and short keys (see below)

2. Fast/compact implementation (ePrint 2022/748)

3. Pairings give flexibility at performance cost

Future quantum attackers complicate matters.

Algorithm / Security level

80 bits 128 bits 256 bits

Integer factoring (RSA)

1024 3072 15360

Elliptic Curves (ECC)

160 256 512

DIEGO F. ARAN HA

28 JUN E 2019 ASSIST ANT PRO FESSOR

DE PART MEN T OF ENG INEER ING

AARHUS

UNIVERSITY

WHY SOFTWARE?

Traditional

cryptographic implementation:

1. Code written in unsafe low-level language (C/ASM)

2. Experimentally validated

performance

/security claims

3. Hope for the best during deployment

Problem 1: Cryptographic software is rarely the

weakest

link, but

concentrates

risk

Problem 2: What if compiler/architecture breaks

assumptions

DIEGO F. ARAN HA

28 JUN E 2019 ASSIST ANT PRO FESSOR

DE PART MEN T OF ENG INEER ING

AARHUS

UNIVERSITY

IMPLEMENTATION SECURITY

DIEGO F. ARAN HA

28 JUN E 2019 ASSIST ANT PRO FESSOR

DE PART MEN T OF ENG INEER ING

AARHUS

UNIVERSITY

OVERVIEW OF HIGH-ASSURANCE CRYPTO

Goal: Improve security without losing performance.

Formal verification of cryptography works as below:

Main advantage: formal guarantees!

Formalization of

mathematical

concepts in a

proof assistant

Specification of

cryptographic

algorithms and

protocols

Synthesis of correct

implementation in

some language

Functional

correctness

of existing code

DIEGO F. ARAN HA

28 JUN E 2019 ASSIST ANT PRO FESSOR

DE PART MEN T OF ENG INEER ING

AARHUS

UNIVERSITY

FRAMEWORKS

There are multiple languages/frameworks already, some

running in production:

1. Fiat-Crypto for finite field arithmetic (based on Coq)

•Synthesizes many languages (relies on compiler)

•Easy to extend with new parameters

2. Project Everest (based on F*)

•TLS/QUIC as secure transport layers; verified parsers

•Evercrypt (HACL* and VALE) as a library

3. Jasmin (based on EasyCrypt) for verified x86/Assembly

DIEGO F. ARAN HA

28 JUN E 2019 ASSIST ANT PRO FESSOR

DE PART MEN T OF ENG INEER ING

AARHUS

UNIVERSITY

PERFORMANCE NUMBERS

DIEGO F. ARAN HA

28 JUN E 2019 ASSIST ANT PRO FESSOR

DE PART MEN T OF ENG INEER ING

AARHUS

UNIVERSITY

CONCLUSION

Security is hard to

implement and deploy

. Many things can go

wrong and undermine security.

But progress can be made through hard work and rigorous

theory+engineering:

•Sound hardness assumptions, algorithms and protocols

•Efficient and robust implementation of algorithms

•Lessons learned from security analysis of real-world systems

Cryptography is not enough, but it is a great starting point.

AARHUS

UNIVERSITY

ResearchGate has not been able to resolve any citations for this publication.

ResearchGate has not been able to resolve any references for this publication.

Securely implementing cryptography on embedded targets

Recommended publications

International conference on Zero Greenhouse Gas Emission in High Productive Agriculture

Embedded Cryptography: Side Channel Attacks

Security and privacy challenges in modern embedded systems

Optimized implementation of QC-MDPC code-based cryptography

Leave crypto alone! Myths, challenges and opportunities

Efficient binary field arithmetic and applications to curve-based cryptography (handout for CHES 201...

O que é criptografia fim-a-fim e o que devemos fazer a respeito