PhD / MSc Internship project
Fuzzy Extractor side-channel analysis
Location: Eindhoven, The Netherlands
Within a research project at Intrinsic ID we are looking for a motivated student (Electrical Engineering, Computer Science, Mathematics), who is currently working towards a PhD degree, or who is ready to start his/her graduation project for a MSc degree. The goal of the project is to analyze the side-channel security of cryptographic key generators based on Physically Unclonable Functions (PUFs), as deployed in Intrinsic ID’s Quiddikey® products.
PUFs, which can be considered as “biometrics of a device” or a device-specific fingerprint, can be used to generate secure keys when combined with an error-correction and entropy extraction module, also called a fuzzy extractor. Side-channel attacks are a powerful class of physical attacks on cryptographic systems which derive information on internal secrets from externally measurable signals, such as a chip’s power consumption or electromagnetic radiation, by applying advanced digital signal processing and statistical analysis on them. These attacks are well-understood for common cryptographic components like encryption modules, but less well studied for other security systems such as key generators and fuzzy extractors in particular.
The first step of this project consists of measuring clean power traces with an oscilloscope from a fuzzy extractor implementation which is running on a side-channel evaluation board (SASEBO), first manually and later in an automated manner. Once this measurement setup is in place, a side-channel analysis (DPA, SPA, CPA, …) on collected traces can be carried out in a Matlab/Octave environment, attempting to recover internal secrets of the fuzzy extractor. Next, the attack success rate and required effort can be evaluated with different side-channel countermeasures enabled, in order to assess their effectiveness. Finally, a recommendation of existing and optionally new countermeasures for PUF-based key generators could be formulated.
Responsibilities include, but are not limited to
- Setting up and learning to use an automated power trace measurement environment consisting of a SASEBO (FPGA) board running a fuzzy extractor implementation, a network oscilloscope and Matlab/Octave;
- Getting familiar with the methodology of well-known side-channel analysis techniques (DPA, SPA, CPA, …) and using and developing Matlab/Octave scripts to execute these;
- Setting up and fine-tuning a complete side-channel attack suite based on the measurement environment and the analysis scripts, and applying this attack suite on the fuzzy extractor implementation, first unprotected and later with various countermeasures enabled;
- Assessing the effectiveness of existing countermeasures and possible investigating new ones;
- Writing a summarising report.
Required experience and appreciated qualities
- Student (Electrical Engineering (preferred), Computer Science, or Mathematics), working towards a PhD degree, or ready to start working on final thesis project for MSc degree;
- Experience with hardware design and FPGAs;
- Experience with Matlab/Octave;
- Prior experience with side-channel analysis is certainly a plus;
- Basic knowledge of cryptography and cryptographic primitives is a plus;
- Basic knowledge of error-correction coding is a plus;
- High degree of hands-on mentality and ability to think outside the box;
- Good organisational skills and excellent problem solving abilities.
About Intrinsic ID
Intrinsic ID is a high tech security company that spun out from Philips. We develop, market and sell truly unique security products based on the unique silicon fingerprint of a chip. As a leader in this field we provide the root of trust, authentication and key management solutions to blue chip semiconductor companies and OEMs in the mobile, IoT, embedded and government markets. Our headquarters are in Silicon Valley but our R&D office is in Eindhoven (The Netherlands). Currently we are seeking highly motivated individuals to help us grow our company and further expand our product portfolio to provide ubiquitous security for the connected world.
Intrinsic ID B.V.
High Tech Campus 9
5656 AE Eindhoven