Diese Website verwendet Cookies, um das Angebot nutzerfreundlicher und effektiver zu machen. Mit der Nutzung dieser Website stimmen Sie der Verwendung von Cookies zu. Weitere Informationen über die Verwendung von Cookies und die Möglichkeit der Verwendung von Cookies zu widersprechen, finden Sie hier.

26. - 28. Februar 2019 // Nürnberg, Germany

Konferenzen und Rahmenprogramm

Zurück zur Tagesansicht
Class 04 - Cryptography - Basics

Cryptography Engineering for Embedded Devices Vortragssprache Englisch

With the emerging applications of IoT and Industry 4.0, a growing number of manufacturers of embedded devices is confronted with the problem of secure communication, firmware update and device authentication. Based on these main use cases, this workshop gives an overview of the cryptographic concepts and technologies which can be used to address these challenges. In the course of the workshop, besides the theoretical and conceptual background, common approaches, practical examples, known vulnerabilities and typical pitfalls are given for each topic. Starting from the basics of symmetric and public-key cryptography, the scope is expanded to public-key infrastructures together with the data structures for public-key certificates and the TLS protocol for secure communication. Specifically, the basics of symmetric cryptography, block ciphers, together with their modes of operation, hash functions and message authentication codes are introduced. Next, RSA, elliptic-curve-based public-key algorithms and subsequently X.509 certificates, revocation lists and related public-key-infrastructure topics are explained. Based on these prerequisites, the TLS protocol is explained, mainly from an developer perspective. For the implementation of security mechanisms on an embedded system, the basic choice is between a pure software solution running on a general purpose MCU or the use of a dedicated security controller. Both types of platforms are compared with respect to performance and their resistance to different types of attacks. When it comes to dedicated security controllers, there exist two main variants: open programmable MCUs and closed ones with an external serial communication interface. While the first kind allows the developer to implement his own operating system and applications on the secure controller, the second kind typically serves the purpose of securely storing cryptographic keys and carrying out certain cryptographic operations in a performant and secure way. The suitability and requirements for these two solutions are explained. With respect to security aspects of cryptographic implementations, software-based and physical attacks such as fault injection and side-channel attacks and corresponding countermeasures are introduced. Furthermore, we explain approaches to the problem of the generation of secure random numbers for cryptographic purposes. The emerging topic of quantum computers and their effect on cryptographic practice is also addressed. In order to determine which cryptographic concepts and technologies are necessary in a specific use case, asset and threat modelling is necessary, the fundamentals of which are briefly introduced. Concluding, all the aforementioned aspects are integrated into a schematic development life cycle, ranging from the conceptual phase of a project up to field maintenance of a product.

--- Datum: 27.02.2018 Uhrzeit: 09:30 Uhr - 12:30 Uhr Ort: Conference Counter NCC Ost

Sprecher

Dr. Falko Strenzke

Dr. Falko Strenzke

cryptosource GmbH

top

Der gewählte Eintrag wurde auf Ihre Merkliste gesetzt!

Wenn Sie sich registrieren, sichern Sie Ihre Merkliste dauerhaft und können alle Einträge selbst unterwegs via Laptop oder Tablett abrufen.

Hier registrieren Sie sich, um Daten der Aussteller- und Produkt-Plattform sowie des Rahmenprogramms dauerhaft zu speichern. Die Registrierung gilt nicht für den Ticket- und AusstellerShop.

Jetzt registrieren

Ihre Vorteile auf einen Blick

  • Vorteil Sichern Sie Ihre Merkliste dauerhaft. Nutzen Sie den sofortigen Zugriff auf gespeicherte Inhalte: egal wann und wo - inkl. Notizfunktion.
  • Vorteil Erhalten Sie auf Wunsch via Newsletter regelmäßig aktuelle Informationen zu neuen Ausstellern und Produkten - abgestimmt auf Ihre Interessen.
  • Vorteil Rufen Sie Ihre Merkliste auch mobil ab: Einfach einloggen und jederzeit darauf zugreifen.