DarkMatter, the international cyber security firm headquartered in the UAE, has announced a joint research project with Dutch institution, Radboud University, to focus on protocol-based side channel attack analysis and countermeasures.
The research project, which will initially run for a year, will conduct research on side channel attacks at a cryptographic protocol level, studying the impact of combining multiple cryptographic primitives across different inter-platform and intra-platform components.
The research will centre on the presentation of countermeasures at the level of system design as well as algorithm implementation aspects.
It will explore the often overlooked protocol-level leakages. In particular this portion of the research will focus on:
· Unbounded (continuous) computational-leakage and its impact on data confidentiality and privacy
· Internal state and memory (cache) leakage and its impact on data confidentiality and privacy
· Analysis of leakage introduced through the authentication process
· Analysis of leakage introduced through multi-threaded crypto, i.e., crypto operations running as multiple threads or on parallel processors / co-processors
The side channel attack analysis will include simulation over several different platforms and environments, including a processor emulation environment; Android and iOS devices; server components; and sensors.
In all, various protocols will be simulated during the life-span of the research project, with all tested environments being compliant to new Federal Information Processing Standards (FIPS).
Commenting on the commencement of the research project, Faisal Al Bannai, DarkMatter Founder and Chief Executive Officer said, “This engagement fulfils another strategic pillar of DarkMatter’s drive to be at the forefront of cyber security innovation and develop our own intellectual property, either in our own right, or in partnership with leading technology providers and research institutions globally. We are pleased to be partnering with an institution as prestigious as Radboud University, which has an outstanding reputation as a research institution and I wish the combined research team from DarkMatter and Radboud University every success.”
The research project will also incorporate investigation of side channel attack countermeasures, which will be based on the findings from the initial analysis at the start of the project. During this stage, the research team will undertake a comprehensive analysis of the characteristics of security commands and crypto primitives while running on a processor; identify performance hotspots; and propose several countermeasures/optimisations to reduce source of leakage (power and electromagnetic emanations).
These enhancements would include theoretical and implementation-level countermeasures to address leakage (side channel attacks) as identified in the initial research. Proposals of countermeasures for both uniprocessor and multiprocessor architecture will be provided, as well as outcomes on randomisation of in-algorithm structures between rounds either pre-set or exchanged between users.
Dr. Najwa Aaraj, Senior Vice President of Special Projects at DarkMatter said, “Cryptographic primitives and protocols are typically treated as mathematical components that are theoretically secure with an established formal security proof. However, in real-world applications, provable security is more often than not weakened by the actual implementation, and the properties of the device/system on which cryptographic primitives and protocols are deployed are often exploitable by a side channel attacker.”
Dr. Najwa Aaraj continued, “While significant efforts have been made in developing “leakage-resistant cryptography”, most research has been restricted to an algorithm level. Hence this project is important and significant in researching side channel attacks at a cryptographic protocol level, and developing countermeasures at a system design level, while also considering algorithmic modifications.”
Professor Joan Daemen, co-inventor of AES algorithm and Dr. Lejla Batina of the Digital Security Group at Radboud University said, “We are excited to do research with real-world impact and with a constructive goal: to improve security and privacy in actual implementations. We are aware that this is a very challenging project requiring expertise from the physical layer up to the application level and all abstraction levels in between. This ambitious endeavour will allow the Digital Security Group to showcase the expertise we have in house.”