Conferences and supporting programme
Cryptography Engineering for Embedded Devices
With the emerging applications of IoT and Industry 4.0, a growing number of manufacturers of embedded devices is confronted with the problem of secure communication, firmware update and device authentication. Based on these main use cases, this workshop gives an overview of the cryptographic concepts and technologies which can be used to address these challenges. In the course of the workshop, besides the theoretical and conceptual background, common approaches, practical examples, known vulnerabilities and typical pitfalls are given for each topic. Starting from the basics of symmetric and public-key cryptography, the scope is expanded to public-key infrastructures together with the data structures for public-key certificates and the TLS protocol for secure communication. Specifically, the basics of symmetric cryptography, block ciphers, together with their modes of operation, hash functions and message authentication codes are introduced. Next, RSA, elliptic-curve-based public-key algorithms and subsequently X.509 certificates, revocation lists and related public-key-infrastructure topics are explained. Based on these prerequisites, the TLS protocol is explained, mainly from an developer perspective. For the implementation of security mechanisms on an embedded system, the basic choice is between a pure software solution running on a general purpose MCU or the use of a dedicated security controller. Both types of platforms are compared with respect to performance and their resistance to different types of attacks. When it comes to dedicated security controllers, there exist two main variants: open programmable MCUs and closed ones with an external serial communication interface. While the first kind allows the developer to implement his own operating system and applications on the secure controller, the second kind typically serves the purpose of securely storing cryptographic keys and carrying out certain cryptographic operations in a performant and secure way. The suitability and requirements for these two solutions are explained. With respect to security aspects of cryptographic implementations, software-based and physical attacks such as fault injection and side-channel attacks and corresponding countermeasures are introduced. Furthermore, we explain approaches to the problem of the generation of secure random numbers for cryptographic purposes. The emerging topic of quantum computers and their effect on cryptographic practice is also addressed. In order to determine which cryptographic concepts and technologies are necessary in a specific use case, asset and threat modelling is necessary, the fundamentals of which are briefly introduced. Concluding, all the aforementioned aspects are integrated into a schematic development life cycle, ranging from the conceptual phase of a project up to field maintenance of a product.
--- Date: 27.02.2018 Time: 9:30 AM - 12:30 PM Location: Conference Counter NCC Ost