SPACE 2020: Tenth International Conference on
Security, Privacy and Applied Cryptographic Engineering
December 17-20, 2020, Virtual Conference
SPACE-2020
Virtual Conference
Registration
Check previous SPACE proceedings on SpringerLink
Program Chairs
Lejla Batina, Radboud University
Stjepan Picek, TU Delft
Mainack Mondal,IIT Kharagpur
General Chairs
Indranil Sengupta, IIT Kharagpur
Debdeep Mukhopadhyay, IIT Kharagpur
COVID 19 advisory
Given the current uncertainty with travel and event organization restrictions caused by COVID-19, SPACE 2020 will be a virtual conference. SPACE 2020 will allow the online presentation of accepted papers, and the conference registration fee for the accepted paper is adjusted accordingly.
Industry Partners
Keynote Speakers
Speaker : Ahmad-Reza Sadeghi
Affiliation : TU Darmstadt, Germany
Title : Digital Contact Tracing: Utopia, Dystopia, or Surveillance Capitalism ?
Abstract : Numerous countries have recently introduced digital contact tracing apps to fight the COVID-19 pandemic. While some countries deployed a centralized approach for digital contact tracing and even extensively collected sensitive user information (e.g., name, address, mobile phone numbers, location), a widespread debate on privacy broke out in other countries, particularly in Europe. It then became a matter of academic competition and national pride who will deploy the first or/and the best privacy-preserving solution. As the turmoil of contact tracing approaches started to evolve, Google and Apple discovered an unprecedented friendship and agreed on developing their own very special decentralized contact tracing, the Exposure Notification API (GAEN), that they quickly integrated into their mobile operating systems. This API is heavily controlled by corporate policy: In each country, access to the API is granted only to one single health organization as approved by the corresponding national government. Due to this, a number of governments contracted local companies (some with millions of Euros) to develop an app that specifically uses the GAP API. In this talk, we first systematize different contract tracing approaches and instantiations and focus on their privacy, security and effectiveness aspects. In particular, we point out the crucial privacy and security risks of GAEN, and discuss the threatening corporate dominance. Finally, we discuss what measures we believe are needed to make more flexible and effective use of digital contact tracing against pandemic.
Biography : Ahmad-Reza Sadeghi is a professor of Computer Science at the TU Darmstadt, Germany. He is the head of the Systems Security Lab at the Cybersecurity Research Center of TU Darmstadt. He is also the director of the Intel Research Institute for Collaborative Autonomous Resilient Systems (ICRI-CARS) at TU Darmstadt. He holds a Ph.D. in Computer Science from the University of Saarland, Germany. Prior to academia, he worked in R&D of Telecommunications enterprises, amongst others Ericsson Telecommunications. He has been continuously contributing to security and privacy research. He was Editor-In-Chief of IEEE Security and Privacy Magazine, served 5 years on the editorial board of the ACM Transactions on Information and System Security (TISSEC), and is currently on the editorial boards of ACM Books, ACM TODAES, ACM TIOT and ACM DTRAP. For his influential research on Trusted and Trustworthy Computing he received the renowned German “Karl Heinz Beckurts” award. This award honors excellent scientific achievements with high impact on industrial innovations in Germany. In 2018 Prof. Sadeghi received the ACM SIGSAC Outstanding Contributions Award for dedicated research, education, and management leadership in the security community and for pioneering contributions in content protection, mobile security and hardware-assisted security. SIGSAC is ACM’s Special Interest Group on Security, Audit and Control.
Speaker : Ingrid Verbauwhede
Affiliation : KU Leuven, Belgium
Title : Hardware roots of trust: down to the essentials
Abstract : Electronics are shrinking and penetrating all aspects of our lives. IOT devices fill our homes, cars are driving autonomously, body area networks monitor our health. Our data is store on cloud and edge computers. Adding security and cryptography to these highly complex and often very resource constraint systems is a challenge. We would like the security solutions to be lightweight and at the same time resistant to a broad range of attacks. Attacker models can vary wildly including remote as well as local physical manipulation attacks. The most difficult part for the designer is to decide which parts of such a complex system need protection. This includes defining the essential roots of trust. A system designer will use strong cryptography and well established security protocols. The cryptographic algorithm in this case is a root of trust building block for the security protocol. When designing a secure protocol, the designer makes abstraction of the security of cryptographic keys, random initial values, nonces, freshness, and more details at a lower abstraction layer. The protocol designer assumes that hardware isolation, or secure storage is simply available. Thus software and cryptographic security protocols rely on hardware roots of trust. Indeed, the solution will run on a hardware platform. At this circuit and silicon level, two essential roots of trust are physically unclonable functions (PUFs) and True Random Number Generators (TRNGs). In this presentation, we will describe different design options, and put special attention the security evaluation and test.
Biography : Dr. Ir. Ingrid Verbauwhede is a Professor in the research group COSIC at the KU Leuven. She is a Member of IACR and a fellow of IEEE. She was elected as member of the Royal Academy of Belgium in 2011. She is a recipient of an ERC Advanced Grant in 2016 and received the IEEE 2017 Computer Society Technical Achievement Award. She is a pioneer in the field of efficient and secure implementations of cryptographic algorithms on many different platforms: ASIC, FPGA, embedded, cloud. With her research she bridges the gaps between electronics, the mathematics of cryptography and the security of trusted computing, including Physically Unclonable Functions and True Random Number Generators. Her group owns and operates an advanced electronic security evaluation lab.
Tutorial Speakers
Speaker : Joan Daemen
Affiliation : Radboud University, The Netherlands
Title : On deck functions
Abstract : Modern symmetric encryption and/or authentication schemes consist of modes of block ciphers. Often these schemes have a proof of security on the condition that the underlying block cipher is PRP or SPRP-secure: keyed with a fixed and unknown key it shall be hard to distinguish from a random permutation. The PRP and SPRP security notions have become so accepted that they are referred to as the standard model. (S)PRP security cannot be proven but thanks to this nice split in primitives and modes, the assurance of block-cipher based cryptographic schemes relies on public scrutiny of the block cipher in the simple standard scenario. Security proofs of modes can become quite complicated and errors have been made. This complexity can be reduced if we add an input to the block cipher, a so-called tweak. The resulting primitive is called a tweakable block cipher and its (S)PRP security is tweakable (S)PRP. The presence of the tweak makes these primitives costlier for the same target security strength due to the increase in degrees of freedom for the adversary. Another approach is to abandon block ciphers altogether and replace them by permutations. During the last decade a field of permutation-based cryptography has appeared that defines modes on top of these primitives and many new permutations are proposed. At their core these modes often have a duplex-like construction and its parallel nephew, farfalle. However, while it is reasonable to assume one can build a block cipher that is (S)PRP secure it is impossible to formalize what it means for a permutation to behave like an ideal permutation. We show that permutation-based crypto can have its own standard model with (keyed) duplex functions or farfalle-based functions at their center, both instances of what we call deck functions and the standard model is the pseudorandom function (PRF) security of deck functions. Modes can be defined in terms of deck functions and can be proven secure in the setting where the keyed deck function is hard to distinguish from a random oracle. The PRF security of the deck function is the subject of public scrutiny. In this talk I will discuss modes on top of deck functions, some concrete deck functions and their security properties.
Biography : After graduating in electromechanical engineering Joan Daemen was awarded his PhD in symmetric cryptography in 1995 from KU Leuven. After his contract ended at COSIC, he privately continued his crypto research and contacted Vincent Rijmen to continue their collaboration that would lead to the Rijndael block cipher, and this was selected by NIST as the new Advanced Encryption Standard in 2000. After over 20 years of security industry experience, including work as a security architect and cryptographer for STMicroelectronics, he is now a professor in the Digital Security Group at Radboud University Nijmegen. He co-designed the Keccak cryptographic hash function that was selected as the SHA-3 hash standard by NIST in 2012 and is one of the founders of the permutation-based cryptography movement and co-inventor of the sponge, duplex and farfalle constructions. In 2017 he won the Levchin Prize for Real World Cryptography "for the development of AES and SHA3". In 2018 he was awarded an ERC advanced grant for research on the foundations of security in symmetric cryptography called ESCADA and an NWO TOP grant for the design of symmetric crypto in the presence of efficient multipliers called SCALAR.
Speaker : Lejla Batina
Affiliation : Radboud University, The Netherlands
Title : Profiling Side-channel Analysis: From Template Attacks to Deep Learning
Abstract : Side-channel attacks (SCAs) are recognized as powerful attacks on implementations of cryptographic algorithms. Commonly, one divides side-channel attacks into direct attacks and two-stage (profiling) attacks. Direct attacks have an advantage that they do not require access to an identical copy of the device under attack, but such attacks might require tens of thousands of measurements. On the other hand, two-stage attacks assume an ``open'' device, but the actual key recovery stage requires only a few measurements or, in some cases, a single trace. In recent years, machine learning-based attacks positioned themselves as a strong direction for profiling SCA. Additionally, the deep learning domain's rapid improvements also advanced SCA as deep learning methods showed capable of breaking even protected implementations. In the first part of this tutorial, we give introduction to SCAs and cover more "traditional" profiling techniques like template attacks. Next, we concentrate on the recent advances in the deep learning-based SCAs. Here, we give a particular emphasis on the challenges we are facing when using deep learning and interesting future research directions. Finally, we give a practical hands-on exercise where the participants will use deep learning to break a software implementation of Elliptic Curve Cryptography (ECC) on ARMCortex microcontrollers.
Biography : Lejla Batina is a Full Professor in the Institute for Computer and Information Sciences (iCIS) at Radboud University and the Director of education of the Institute. She received her PhD degree from KU Leuven, Belgium (2005). Prior to joining Radboud University in 2009 she was a postdoctoral researcher with the COSIC group at KU Leuven (2006-2009). She spent 3 years working in industry as a cryptographer at Pijnenburg Securealink (later SafeNet B.V.) in The Netherlands (2001-2003). Her research interests include cryptographic implementations and physical attacks and countermeasures. She was a program co-chair of CHES 2014 (the IACR flagship conference on cryptographic hardware and embedded systems). She currently serves as a general co-chair of EUROCRYPT 2021 and RWC 2021. She was the PI in several research projects with national and EU funding. She leads a group of 10 researchers at Radboud Uni. and 8 PhD students have so far graduated under her supervision.
Speaker : Stjepan Picek
Affiliation : TU Delft, The Netherlands
Title : Profiling Side-channel Analysis: From Template Attacks to Deep Learning
Abstract : Side-channel attacks (SCAs) are recognized as powerful attacks on implementations of cryptographic algorithms. Commonly, one divides side-channel attacks into direct attacks and two-stage (profiling) attacks. Direct attacks have an advantage that they do not require access to an identical copy of the device under attack, but such attacks might require tens of thousands of measurements. On the other hand, two-stage attacks assume an ``open'' device, but the actual key recovery stage requires only a few measurements or, in some cases, a single trace. In recent years, machine learning-based attacks positioned themselves as a strong direction for profiling SCA. Additionally, the deep learning domain's rapid improvements also advanced SCA as deep learning methods showed capable of breaking even protected implementations. In the first part of this tutorial, we give introduction to SCAs and cover more "traditional" profiling techniques like template attacks. Next, we concentrate on the recent advances in the deep learning-based SCAs. Here, we give a particular emphasis on the challenges we are facing when using deep learning and interesting future research directions. Finally, we give a practical hands-on exercise where the participants will use deep learning to break a software implementation of Elliptic Curve Cryptography (ECC) on ARMCortex microcontrollers.
Biography : Stjepan Picek is an assistant professor in the Cybersecurity group at TU Delft, The Netherlands. His research interests are security/cryptography, machine learning, and evolutionary computation. Before the assistant professor position, Stjepan was a postdoctoral researcher at MIT, USA, and at KU Leuven, Belgium. Stjepan finished his PhD in 2015 with a topic on cryptology and evolutionary computation techniques. Stjepan also has several years of experience working in industry and government. Stjepan is a member of the organization committee for International Summer School in Cryptography and president of the Croatian IEEE CIS Chapter. He is a general co-chair for Eurocrypt 2020 and 2021, program committee member and reviewer for several conferences and journals, and a member of several professional societies.
Speaker : Patrick Longa
Affiliation : MSR Redmond, USA
Title : Software Implementation of (Post-Quantum) Public-Key Cryptography
Abstract : this tutorial will cover implementation aspects of public-key schemes with special focus on modern, post-quantum protocols that are believed to be secure against classical and quantum computer attacks. We plan to describe algorithmic as well as software related aspects for the secure and efficient implementation of the underlying field arithmetic and curve operations that are the basis of elliptic curve-based schemes and the more recent isogeny-based schemes. Time permitting, we also plan to cover some of the building blocks of lattice-based schemes.
Biography : Dr. Patrick Longa is a senior cryptography researcher with the MSR Security and Cryptography group at Microsoft Research, USA. He is co-designer of several cryptographic primitives and protocols including FourQ, SIKE and FrodoKEM, and has written numerous high-performance cryptographic libraries such as FourQlib and SIDH. His research interests mainly involve post-quantum and elliptic curve cryptography, cryptanalysis, algorithmic design and high-performance implementation of cryptographic primitives. Patrick obtained his Ph.D. in Electrical and Computer Engineering from the University of Waterloo, Canada, in 2011. During his time at Waterloo, he was a member of the Centre for Applied Cryptographic Research (CACR) and the Laboratory for Side-Channel Security of Embedded Systems. He was awarded with the NSERC Alexander Graham Bell Canada Graduate Scholarship. For more information visit https://www.patricklonga.com/.
Speaker : Peter Schwabe
Affiliation : Radboud University, The Netherlands
Title : An introduction to lattice-based KEMs
Abstract : In the NIST post-quantum project the largest category of submissions was lattice-based key-encapsulation mechanisms. In this tutorial I will explain the basic idea underlying all of these schemes and sketch the design decisions and tradeoffs from a cryptographic-engineering point of view. We will then go into a hands-on exercise, where we implement a simple lattice-based KEM ourselves.
Biography : Peter Schwabe is research group leader at MPI-SP and professor at Radboud University. He graduated from RWTH Aachen University in computer science in 2006 and received a Ph.D. from the Faculty of Mathematics and Computer Science of Eindhoven University of Technology in 2011. He then worked as a postdoctoral researcher at the Institute for Information Science and the Research Center for Information Technology Innovation of Academia Sinica, Taiwan and at National Taiwan University. His research area is cryptographic engineering; in particular the security and performance of cryptographic software. He published more than 50 articles in journals and at international conferences presenting, for example, fast software for a variety of cryptographic primitives including AES, hash functions, elliptic-curve cryptography, and cryptographic pairings. He has also published articles on fast cryptanalysis, in particular attacks on the discrete-logarithm problem. In recent years he has focused in particular on post-quantum cryptography. He co-authored the "NewHope" and "NTRU-HRSS" lattice-based key-encapsulation schemes which were used in post-quantum TLS experiments by Google and is co-submitter of seven proposals to the NIST post-quantum crypto project, all of which made it to the second round and five of which made it to the third round.
Speaker : Yuval Yarom
Affiliation : University of Adelaide, Australia
Title : An Introduction to Microarchitectural Attacks
Abstract : Over the last decade, sharing of computer hardware has increased in popularity. This includes both sharing of cloud servers between clients, and the use of the same end-user device for several purposes, each served by a program from different providers. Microarchitectural attacks exploit this sharing to leak sensitive information between non-trusting security domains. The aim of this tutorial is to explain some of the core concepts behind microarchitectural attacks. It first explores traditional side-channel attacks that exploit the limed capacity of microarchitectural components to leak information, and follows with a discussion of transient-execution attacks that exploit out-of-order execution.
Biography : Yuval Yarom is senior lecturer the School of Computer Science at the University of Adelaide and a Researcher at Data61, CSIRO. His main research interests are computer security and cryptography, with a current focus on microarchitectural attacks and their mitigation. He received his PhD from the University of Adelaide and an M.Sc. and a B.Sc. from the Hebrew University of Jerusalem.