Securing Cryptographic Modules: A Shades of Gray Story (P20a)
A cryptographic module is often thought as a black box delivering a cryptographic service (e.g. encryption/decryption, authentication, key generation): it is implicitly assumed that what happens inside the cryptographic module is unintelligible from the outside. Yet, it was shown in the late 90’s that simple physical protections were insufficient to ensure this black-box model because of side-channel information leaking from computing devices. This leakage and other tampering techniques enable a wide range of gray-box attacks which strongly impact the security of cryptographic modules. These attacks and possible countermeasures have been deeply studied and improved during the past two decades by an active research and engineering community. One legacy of this progress is a set of concrete evaluation procedures to assess the security of cryptographic modules in this gray-box model. While we have reached a certain maturity in the security assessment of hardware cryptographic modules (e.g. smart cards, secure elements) the ICT industry is more and more moving towards software cryptographic components integrated in rich execution environment (smart devices). This trend paves the way to further threats where an attacker might have (partial) control of the execution environment a.k.a. the white-box security model. In this keynote, I will give an overview of these different threats, security models, and security assessment methods, and I will share my view of the future challenges and directions for the security of cryptographic modules.