Three Distinguished Paper Awards at the IEEE S&P '23

The conference took place in San Francisco from 22 - 25 May.

(l.t.r.) Johannes Willbold, Steffen Becker and Moritz Schlögel celebrate their Distinguished Paper Awards. Copyright: privat

Scientists from the Horst Görtz Institute for IT Security and the Cluster of Excellence CASA received three Distinguished Paper Awards at this year's IEEE Symposium on Security and Privacy. The conference took place from 22 - 25 May in San Francisco and is one of the top conferences (A*) in the field.


About the papers

Red Team vs. Blue Team: A Real-World Hardware Trojan Detection Case Study Across Four Modern CMOS Technology Generations

Endres Puschner (Max Planck Institute for Security and Privacy), Thorben Moos (UCLouvain), Christian Kison (Bundeskriminalamt), Steffen Becker (Ruhr University Bochum & Max Planck Institute for Security and Privacy), Amir Moradi (Ruhr University Bochum), Christof Paar (Max Planck Institute for Security and Privacy)

Abstract: Verifying the absence of maliciously inserted Trojans in ICs is a crucial task – especially for security-enabled products. Depending on the concrete threat model, different techniques can be applied for this purpose. Assuming that the original IC layout is benign and free of backdoors, the primary security threats are usually identified as the outsourced manufacturing and transportation. To ensure the absence of Trojans in commissioned chips, one straightforward solution is to compare the received semiconductor devices to the design files that were initially submitted to the foundry. Clearly, conducting such a comparison requires advanced laboratory equipment and qualified experts. Nevertheless, the fundamental techniques to detect Trojans which require evident changes to the silicon layout are nowadays well-understood. Despite this, there is a glaring lack of public case studies describing the process in its entirety while making the underlying datasets publicly available. In this work, we aim to improve upon this state of the art by presenting a public and open hardware Trojan detection case study based on four different digital ICs using a Red Team vs. Blue Team approach. Hereby, the Red Team creates small changes acting as surrogates for inserted Trojans in the layouts of 90 nm, 65 nm, 40 nm, and 28 nm ICs. The quest of the Blue Team is to detect all differences between digital layout and manufactured device by means of a GDSII–vs–SEM-image comparison. Can the Blue Team perform this task efficiently? Our results spark optimism for the Trojan seekers and answer common questions about the efficiency of such techniques for relevant IC sizes. Further, they allow to draw conclusions about the impact of technology scaling on the detection performance.

You can access the full paper via this -> link.


Space Odyssey: An Experimental Software Security Analysis of Satellites

Johannes Willbold (Ruhr-Universität Bochum), Moritz Schloegel (Ruhr-Universität Bochum) Manuel Vögele (Ruhr-Universität Bochum), Maximilian Gerhardt (Ruhr-Universität Bochum), Thorsten Holz (CISPA Helmholtz Center for Information Security), Ali Abbasi (CISPA Helmholtz Center for Information Security)

Abstract. Satellites are an essential aspect of our modern society and have contributed significantly to the way we live today, most notable through modern telecommunications, global positioning, and Earth observation. In recent years, and especially in the wake of the New Space Era, the number of satellite deployments has seen explosive growth. Despite its critical importance, little academic research has been con- ducted on satellite security and, in particular, on the security of onboard firmware. This lack likely stems from by now outdated assumptions on achieving security by obscurity, effectively preventing meaningful research on satellite firmware. In this paper, we first provide a taxonomy of threats against satellite firmware. We then conduct an experimental security analysis of three real-world satellite firmware images. We base our analysis on a set of real-world attacker models and find several security-critical vulnerabilities in all analyzed firmware images. The results of our experimental security assessment show that modern in-orbit satellites suffer from different software security vulnerabilities and often a lack of proper access protection mechanisms. They also underline the need to overcome prevailing but obsolete assumptions. To substantiate our observations, we also performed a survey of 19 professional satellite developers to obtain a comprehensive picture of the satellite security landscape.

You can access the full paper via this -> link.

Typing High-Speed Cryptography against Spectre v1

Basavesh Ammanaghatta Shivakumar (Max Planck Institute for Security and Privacy), Gilles Barthe (Max Planck Institute for Security and Privacy, IMDEA Software), Benjamin Grégoire (Inria Sophia Antipolis - Méditerranée), Vincent Laporte (Inria Nancy - Grand Est, Université de Lorraine), Tiago Oliveira (Max Planck Institute for Security and Privacy), Swarn Priya (Inria Sophia Antipolis - Méditerranée), Peter Schwabe (Max Planck Institute for Security and Privacy, Radboud University), Lucas Tabary-Maujean (École Normale Supérieure Paris-Saclay)

Abstract. The current gold standard of cryptographic software is to write efficient libraries with systematic protections against timing attacks. In order to meet this goal, cryptographic engineers increasingly use high-assurance cryptography tools. These tools guide programmers and provide rigorous guarantees that can be verified independently by library users. However, high-assurance tools reason about overly simple execution models that elide micro-architectural leakage. Thus, implementations validated by high-assurance cryptography tools remain potentially vulnerable to micro-architectural attacks such as Spectre or Meltdown.  Moreover, proposed countermeasures are not used in practice due to performance overhead.

We propose, analyze, implement and evaluate an approach for writing efficient cryptographic implementations that are protected against Spectre v1 attacks. Our approach ensures speculative constant-time, an information flow property which guarantees that programs are protected against Spectre v1. Speculative constant-time is enforced by means of a (value-dependent) information flow type system. The type system tracks security levels depending on whether execution is misspeculating.
We implement our approach in the Jasmin framework for  high assurance cryptography, and use it for protecting all  implementations of an experimental cryptographic library that includes highly optimized implementations of symmetric primitives, of elliptic-curve cryptography, and of Kyber, a lattice-based KEM  recently selected by NIST for standardization.  The performance impact of our protections is very low; for example, less than 1% for Kyber and essentially zero for X25519.

You can access the full paper via this -> link.

General note: In case of using gender-assigning attributes we include all those who consider themselves in this gender regardless of their own biological sex.