Investigation of Implementation Attacks (IIA)

IIA is a basic research project funded by the Austrian Science Fund (FWF) (contract number P22241-N23). The primary goals of IIA are the analysis of existing cryptographic devices in terms of their susceptibility to implementation attacks as well as the development of new countermeasures against these attacks. A special focus of the research is on the combination of different attack methods, so-called combined implementation attacks.

In order to provide security for sensitive data on smart cards and embedded systems, cryptographic algorithms are used. Unfortunately, even if such an algorithm has been evaluated in a mathematical model, the realization might leak information due to physical aspects of its implementation. Methods that use these aspects are called implementation attacks. They range from side-channel analysis, which exploits unintentionally leaking information during a critical operation, to fault attacks, which try to manipulate the behavior of a device.

Side-channel analysis as well as fault attacks have been widely researched in the cryptographic community. While side-channel analysis has been considered in theory and practice, a lot of publications on fault attacks are theoretical. Thus, there are still open questions in the field of practical fault injection. Furthermore, side-channel analysis and fault attacks are mostly considered separated. Recent research in combined attacks indicates that there are various possibilities to develop new attacks and appropriate countermeasures.

The first goal is to investigate different methods to influence the behavior of a device. Based on the possibilities of such a manipulation, fault attacks as well as countermeasures against them are developed. Our second goal is to expand the research on fault attacks by combining them with side-channel analysis. Our third goal is to continue our study on side-channels, which has been conducted within the FWF-funded project Investigation of Side-Channel Attacks (P18321-N15).

Cooperations: In the context of the proposed research we plan to continue our existing cooperation with the COSIC (COmputer Security and Industrial Cryptography) research group at the Katholieke Universiteit Leuven, Belgium. The COSIC research group is actively researching side-channel attacks since 1998. Our cooperation has resulted in joint publications and research visits.
Furthermore, we want to intensify our research cooperation with the University of Bristol. We have started this cooperation with several joint master theses. Around our former colleague Elisabeth Oswald a research group focusing on side-channel attacks has been built up within the Department of Computer Science at the University of Bristol. We plan to perform joint research as well as short research visits and joint publications.