Billy Brumley
Associate Professor
Tampere University, Finland
Title:
Side Channel Analysis and the gap between research and practice
Abstract:
During the last 15 years, constant-time cryptographic software has transitioned from an academic construct to a concrete security requirement for real-world libraries. From the engineering perspective, we have quality sets of programming guidelines to avoid these pitfalls leading to security advisories and immense downstream effort to patch fielded systems. We even have automated tools to assist in the development and testing processes. Yet SCA-related security advisories persist — why? This talk covers over a decade of SCA attacks and mitigations against OpenSSL, one of the most security-critical FOSS libraries. The focus is on SCA mitigation engineering challenges across a large, necessarily stable monolithic codebase over time, looking at why the cryptographer’s mantra “just make it constant-time” is often harder than it seems for established software projects.
Biography:
Billy Brumley is an Associate Professor in the Computing Sciences Unit at Tampere University, Finland where he co-leads the Network and Information Security (NISEC) group. He is a 2018 ERC Starting Grant laureate. He is former Staff Engineer for Qualcomm’s Product Security Initiative (QPSI) insane Diego, California. He specializes in cryptography engineering and side-channel analysis.