Event > Invited speakers

Invited Speaker n°1: Frank Piessens (https://distrinet.cs.kuleuven.be/people/frank)
Title: Security specifications for the hardware/software interface

The recent software-based micro-architectural attacks like Spectre, Meltdown and Foreshadow have shown that performance optimizations in hardware can lead to dangerous vulnerabilities that can be exploited in practice. An important lesson learned from these attacks is that the current specification of the hardware/software interface, i.e. the instruction set architecture (ISA), is insufficient to reason about the security of software. While current functional specifications of the ISA have been great for reasoning about software functionality and correctness, and have  enabled portability of software for many years, they are lacking from the point of view of security. The same software program can be secure while running on one processor and insecure when running on another processor, even if both processors correctly implement the same ISA.

So an important question is how one can extend the specification of the hardware/software interface with a security specification. How can one make it possible to reason about the security of software, without having to take into account all the micro architectural details of the processor on which the software will run?

This talk will first illustrate the relevance of software-based micro-architectural attacks for hardware ranging from high-end multi-core processors for the cloud to low-end micro-processors for embedded systems. Then it will explore some potential directions for the definition of security specifications for the hardware/software interface.
Invited Speaker n°2: Wyseur Brecht (https://www.linkedin.com/in/bwyseur/?originalSubdomain=ch)
Title: Challenges in Securing Industrial IoT and Critical Infrastructure

There's a big paradigm shift going on in security for Industry and Critical Infrastructure, from having disconnected or air-gapped systems to connected systems sometimes even using public networks. This shift is driven from an economical perspective, and obviously impacts the security model. For example, it increasingly expressed that it is better to monitor the state of a system or process and act accordingly, than to isolate them and hope that attackers are unable to bridge the air gaps. Indeed, only when you know the state of a system and the threats it faces, you can respond appropriately.

This increased connectivity enables new business models for system and process control. It allows process optimization through automation, or increasing business efficiency through predictive maintenance. In some cases, such automation has even become a necessity due to the complexity of modern industrial processes and the specialization of the workforce. For example, the smart grid can only be managed efficiently through substation automation. Connectivity in such systems is often referred to as Industrial IoT, and is tightly bound to cyber-physical systems to enable smart infrastructures, smart factories, smart grid, or Industry 4.0.

Information exchange and processing lies at the heart of Industrial IoT, feeding into a continuous cycle of data aggregation, decision making, and actions. This paradigm shift is disrupting industries, as was seen in recent news with telecom operators racing to roll out the next generation communication networks to facilitate IoT data exchange, and technology companies vying for leadership positions in selling the technologies such as low-power communication modules that underpin this transformation.

In this talk, we elaborate on this paradigm shift and the challenges that it presents. In particular, we will zoom into the security challenges and focus on the cryptographic algorithms, protocols, and implementations that are necessary for securing critical infrastructure and industrial IoT. These challenges include cryptography for low-power, low-cost embedded devices, protocols for efficient communication over cellular connectivity, new security architectures for enabling concepts such as local decision making, and key management systems that facilitate complex operational use cases.
Invited Speaker n°3 :  Benoit Feix (https://www.eshard.com/)
Title: Exploiting a new dimension in side-channel analysis: scatter on symmetric and asymmetric embedded cryptography
Side-channel analysis techniques are nowadays a threat on both software implementation and hardware devices. Indeed since 2015 and the publication from Bos et al. side-channel analysis has been used to defeat White-Box cryptography implementations in combination of reverse engineering. HCE based Payments applications contributed to the wider use of White-box cryptography.
In both hardware and software domains, aligning the measured (collected) traces is a crucial aspect of the analysis. Some signal processing techniques can be performed. However, it may happen that traces are not aligned and consequently the attack is no longer effective.
Thiebeauld et al. presented at COSADE 2018, a side-channel technique named scatter. It opened the opportunity to new investigation paths. Indeed, scatter turns out to be efficient attack when facing traces misalignment issues. Furthermore, further exploitations can be done by combining different points of leakage available in the same trace. The authors applied the technique to symmetric implementations. In this talk, this will be tested on asymmetric implementations. A new technique will be introduced for combining different point: the aggregation.
In this talk, scatter technique will be presented for symmetric and asymmetric cryptographic implementations on simulated traces and real products. An illustration of the aggregation and its interest will be developed on a public key. Finally we will also show that scatter may offer a strong interest when targeting White-Box cryptographic implementations.
Online user: 1