SCALAS - High Security for the Smallest
Currently there are hundreds of millions of low cost contactless devices out in the field, for ticketing or micro-payment applications, having been sold under the assumption that they would help to protect assets like access to public transport or mass rallies, cars or payment credentials.
Weaknesses in those systems suffering from pricing pressure had been assumed a while ago, but it was only in 2008 when two prominent and widely spread systems got broken. Successful attacks on proprietary protocols are ongoing, as shown in recent publications on digital locking systems. Besides reverse engineering, attackers are making use of the well-known methods Side Channel Analysis (SCA) and Fault Attacks (FA).
On the other hand high security products with certification levels EAL5+ and even higher have been developed for government ID and banking applications; the ever increasing complexity of countermeasures employed in these products - like encrypted calculation and dual-CPU architectures for data integrity checking at runtime – is bringing them price-wise out of reach for the low cost application areas with their need for cost-efficient security.
Recently upcoming research on leakage-resilient protocols started to justify hope that the gap between ever-rising security requirements and the costs for countermeasures may for the first time after a long period get smaller, thus enabling use of extremely optimized countermeasures against wide spread attacks, even in low-cost applications. This is where the SCALAS project comes in: it will bring together first class researchers from academia and industry to fit the missing mosaic stones to the so far incomplete puzzle picture of low-cost security systems.
The goals of the SCALAS project are to improve analysis techniques and measurement setups to an extent that - together with theoretical research - the quantization of secrecy leakage for any individual attack trial may be characterized. It further aims to research optimized low-cost SCA countermeasures, based on accurate knowledge of secrecy leakage each time a protocol is performed, and design them explicitly with a focus on small critical portions of the newly improved protocols. Finally, new leakage-resilient protocols and new protection mechanisms for key derivation functions as well as dedicated control-flow protection mechanisms supported by corresponding tools are proposed. Since stronger SCA-countermeasures always focus attacks to the “source of secrecy”, an additional goal is to provide novel leastcost high quality True Random Number Generator (TRNG) concepts for key generation and other security mechanisms.