Advertisement

Using Compilers to Enhance Cryptographic Product Development

  • E. Bangerter
  • M. Barbosa
  • D. Bernstein
  • I. Damgård
  • D. Page
  • J. I. Pagter
  • A.-R. Sadeghi
  • S. Sovio

Abstract

Developing high-quality software is hard in the general case, and it is significantly more challenging in the case of cryptographic software. A high degree of new skill and understanding must be learnt and applied without error to avoid vulnerability and inefficiency. This is often beyond the financial, manpower or intellectual resources avail-able. In this paper we present the motivation for the European funded CACE (Computer Aided Cryptography Engineering) project The main objective of CACE is to provide engineers (with limited or no expertise in cryptography) with a toolbox that allows them to generate robust and efficient implementations of cryptographic primitives. We also present some preliminary results already obtained in the early stages of this project, and discuss the relevance of the project as perceived by stakeholders in the mobile device arena.

Keywords

Trusted Platform Module Cryptographic Primitive Trust Computing Group Direct Anonymous Attestation Secure Function Evaluation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. D. Agrawal, B. Archambeault, J.R. Rao and P. Rohatgi. The EM Side-Channel(s). In Cryptographic Hardware and Embedded Systems (CHES), Springer-Verlag LNCS 2523, 29-45, 2002.Google Scholar
  2. O. Acriçmez, J-P. Seifert and Ç.K. Koç. Predicting Secret Keys via Branch Prediction. In Topics in Cryptology (CT-RSA), Springer-Verlag LNCS 4377, 225-242, 2007.CrossRefGoogle Scholar
  3. P. Bogetoft, D. L. Christensen, I. Damgård, M. Geisler, T. Jakobsen, M. Krigaard, J. D. Nielsen, J. B. Nielsen, K. Nielsen, J. Pagter, M. Schwartzbach, T. Toft. Multiparty Computation Goes Live. To appear in Financial Cryptography and Data Security (FC), 2009. Available as ePrint Archive, Report 2008/069 at http://eprint.iacr.org.
  4. D.J. Bernstein. Cache-timing attacks on AES. Available from: http://cr.yp.to/antiforgery/cachetim-ing-20050414.pdf
  5. E. Brickell, J. Camenisch, and L. Chen. Direct anonymous attestation. In Proc. ACM CCS 2004, pages 132-145. ACM, 2004.Google Scholar
  6. J. Camenisch and E. V. Herreweghen. Design and implementation of the idemix anonymous credential system. In Proc. ACM CCS 2002, pages 21{30. ACM, 2002. http://www.zurich.ibm.com/security/idemix/.
  7. The Common Criteria Recognition Agreement Members. Common criteria for information technology security evaluation. Available from: http://www.commoncriteriaportal.org/, September 2006.
  8. J.-E. Ekberg and M. Kylänpää. Mobile trusted module, 2007. NRC report NRC-TR-2007-015 http://research.nokia.com/flles/NRCTR2007015.pdf
  9. T Eisenbarth, T Kasper, A. Moradi, C. Paar, M. Salmasizadeh, M.T Manzuri Shalmani. On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoqCode Hopping Scheme. In Advances in Cryptology (CRYPTO), Springer-Verlag LNCS 5157, 203-220, 2008.MathSciNetGoogle Scholar
  10. F.D. Garcia, G. de Koning Gans, R. Muijrers, P. van Rossum, R. Verdult, R. Wichers Schreur and B. Jacobs. Dismantling MIFARE Classic. In European Symposium on Research in Computer Security (ESORICS), LNCS 5283, 97-117, 2008.Google Scholar
  11. J.A. Halderman, S.D. Schoen, N. Heninger, W Clarkson, W Paul, J.A. Calandrino, A.J. Feldman, J. Appelbaum and E.W. Felten. Lest We Remember: Cold Boot Attacks on Encryption Keys. In 17th USENIX Security Symposium, 45-60, 2008.Google Scholar
  12. M. Joye and Ç.K. Koç. Side-channel attacks against OpenSSL. In The Security Newsletter, 5:5-6, 2007.Google Scholar
  13. P.C. Kocher. Timing Attacks on Implementations of Diffe-Hellman, RSA, DSS, and Other Systems. In Advances in Cryptology (CRYPTO), Springer-Verlag LNCS 1109, 104-113, 1996.Google Scholar
  14. P.C. Kocher, J. Jaffe and B. Jun. Differential Power Analysis. In Advances in Cryptology (CRYPTO), Springer-Verlag LNCS 1666, 388-397, 1999.Google Scholar
  15. Y Lindell, B. Pinkas, N. Smart. Implementing two-party computation effciently with security against malicious adversaries. In Security and Cryptography for Networks (SCN), Springer-Verlag LNCS 5229, 2-20, 2008.CrossRefGoogle Scholar
  16. PQ. Nguyen. Can We Trust Cryptographic Software? Cryptographic Flaws in GNU Privacy Guard v1.2.3. In Advances in Cryptology (EUROCRYPT), Springer-Verlag LNCS 3027, 555-570, 2004.Google Scholar
  17. National Institute of Standards and Technology (NIST). Software Errors Cost U.S. Economy $59.5 Billion Annually. Available from: http://www.nist.gov/public_affairs/releases/n02-10.htm, 2002.
  18. A. Shamir, E. Tromer. Factoring Large Numbers with the TWIRL Device In Advances in Cryptology (Crypto), Springer-Verlag LNCS 2729, 1-26, 2003.CrossRefMathSciNetGoogle Scholar
  19. The Standish Group. The CHAOS Report. In http://www.standishgroup.com/, 1994.
  20. Trusted Computing Group (TCG). TPM Specification Version 1.2 Revision 103. October 2006. http://www.trustedcomputinggroup.org/developers/trusted_platform_module/

Copyright information

© Vieweg+Teubner | GWV Fachverlage GmbH 2010

Authors and Affiliations

  • E. Bangerter
  • M. Barbosa
  • D. Bernstein
  • I. Damgård
  • D. Page
  • J. I. Pagter
  • A.-R. Sadeghi
  • S. Sovio
    • 1
  1. 1.Nokia Research CenterHelsinki

Personalised recommendations