- Talks by industry representatives who, in the majority, outlined open research problems and
- talks by VAM 2 researchers giving brief overviews of some of the work done within the VAM 2 research group.
The day was started by Stefan Mangard (Infineon Technologies, Germany) giving an impressive argument that the "system" perspective for secure hardware modules requires further work. While a lot of research has been done to secure (as well as attack) cryptographic implementations, those always require services from the system that they're part of. For example, keys have to be stored somewhere, randomness has to be generated by the system and confidentiality and integrity of the keys and the randomness has to be provided within the system. The second big problem he mentioned is the lack of a more systematic approach towards leakage resilient embedded systems. Prompted by a question from the audience he also briefly outlined a final open problem, namely the integration of security modules into bigger embedded systems such as modern multi- and many-core System-on-Chips (SoCs) and how to use them as sort of a "trust anchor" to extend trust onto other parts of the SoC.
Somewhat related to the second point, Christophe Giraud (Oberthur Technologies) spoke on the difficulty of protecting a system against side-channel attacks without creating new leakages in a different leakage model and of the difficulty to keep track of different leakage models that apply to different parts of a system. Also related, Tony Boswell (Siventure) addressed challenges for the Common Criteria framework by which the security of systems (and especially security tokens such as smart cards) is tested and certified.
In the second line of talks, Lejla Batina and Carolyn Whitnall first presented some work done within the VAM 2 group that introduced Mutual Information Analysis to the tool box used for side-channel analysis and made an important contribution to improve our understanding of statistical side-channel distinguishers. Finally, Jörn-Marc Schmidt and Mike Tunstall presented VAM 2 work that improved the state of art in Fault Injection Attacks and countermeasures against these.