Security of cryptographic implementations

Description

Cryptography plays a pivotal role in digital security. Its utilization enables the deployment of complex systems whose security properties are proven to rely on problems recognized as challenging. However, these assurances obtained in theoretical models quickly face challenges when these systems are practically implemented. Incorrect configurations, implementation errors, or the presence of unaccounted auxiliary channels in the proof model make the vast majority of supposedly secure systems vulnerable, even though they are theoretically cryptographically sound. The objective of this course is to shed light on the complexity of implementing cryptography in real-world scenarios. It addresses various vulnerabilities that can arise from poor cryptographic implementation and provides principles and best practices to mitigate these errors. To achieve this, all aspects of building a secure system are explored, starting from a system-level perspective and delving into the implementation details of cryptographic primitives on a component.

Keywords

cryptography, implementation, vulnerabilities, auxiliary channels

Prerequisites

Basic cryptography knowledge, familiarity with the C programming language

Contents

Firstly, the course focuses on the specification of systems and products (secret management, deployment, security APIs, etc.). It then shifts attention to actual implementations, beginning with classical vulnerabilities unrelated to cryptography but potentially disastrous in code handling secrets (e.g., Heartbleed). Regarding cryptography-related vulnerabilities, the approach starts with vulnerabilities exploitable by a remote attacker (e.g., timing attacks), followed by non-invasive local vulnerabilities (e.g., DPA), and finally, local (semi-)invasive vulnerabilities (e.g., fault attacks). Practical sessions allow students to apply some of the attacks covered in the course on poorly designed code examples.

Acquired skills

A broader understanding of the practical aspects of cryptography, awareness of various existing threats, and the development of methodological best practices.

Instructors

  1. Benoît Gerard
  2. Rubén Salvador
  3. Damien Marion (supervisor)