MAIS

Form:	Seminar - 3 CP (2 SWS)
Organizer:	Prof. Dr. Heiko Mantel
Contact:	Tobias Hamann, Alexandra Weber
Time and place:	Block seminar on 1 or 2 days, tentative dates: Monday, 01.02.2021 and Tuesday, 02.02.2021 (please reserve both days, the exact schedule will be determined depending on the actual number of participants)
Language:	English
Registration:	via TUCaN, course id 20-00-0798-se
Max. participants:	TBA
Preparation Meeting:	Friday, 06.11.2020, 14:25
Literature:	You can find relevant articles here. More details will be provided in the preparation meeting.

Information regarding the Corona pandemic:
This course will happen. In the beginning of the winter semester 2020/2021, this course will be taught online. We closely monitor the situation and adapt the format of this course accordingly throughout the semester. The official start of this course is the online preparation meeting on Friday, 6.11.2020, at 14:25, in which you will receive more information about this course's format. We will provide more information how to join the preparation meeting via e-mail before. To receive this e-mail, please register for this course via TUCaN or write an e-mail to kickoff-2020@mais.informatik.tu-darmstadt.de.

Please register for the preparation meeting by Friday, 6.11.2020, 8:00

On-line participation in the preparation meeting is required for all labs and seminars. The registration in the courses gets only effective after steps explained in the preparation meeting.

Material

Materials for the seminar, including the list of articles that we discuss, will be available in moodle.

Content

In this seminar we will discuss research articles on different aspects of side-channel attacks on software as well as countermeasures against them. Exemplary topics include:

side-channel attacks on cryptographic software,
side-channel attacks on web applications,
side-channel attacks on operating systems,
side-channel attacks on mobile devices,
side-channel attacks in the cloud.

Side channels are unintended indirect flows of information revealed by physical executions of a computer program. Examples of side channels include program's running time, cache behavior, power consumption, electromagnetic or acoustic emanation, etc. Such unintended flows of information can be correlated to secrets e.g., private cryptographic keys, and this makes side channels a severe security vulnerability. During a side-channel attack the hacker collects the information revealed through side channels, carefully analyzes this information, and recovers the secrets from it. Due to improvements in security protection mechanisms traditional security vulnerabilities like programming bugs are getting harder to exploit, and that is why side channels are becoming now more and more attractive to hackers.

Read how you can exploit acoustic side channels to extract private keys from RSA!

Learning Objectives

After successfully participating in this seminar you will know the concept and examples of side-channel attacks on software. You will understand the severity of side-channel vulnerabilities, their pervasiveness, and how to protect selected systems against them. You will have improved you skills in reading and understanding scientific articles, in presenting scientific results, and in discussing and comparing of approaches.

Prerequisites

Knowledge of Computer Science equivalent to the first four semesters in the Computer Science Bachelor program.

Last modified on 6 November 2020.