Securing Critical Infrastructures

1noL'abstract è presente nell'allegato / the abstract is in the attachmentopen677. INGEGNERIA INFORMATInoopenCarelli, Albert

SEkey: a distributed hardware-based key management system

4Cryptography plays a key role in all the aspects of today cybersecurity and any cryptographic approach relies on cryptographic keys, i.e., series of bits that determine how a plain text is encrypted and decrypted, according to an agreed algorithm. The secrecy and security of an encryption key are thus crucial and fundamental: if the cryptographic key is compromised and known, everyone can decrypt a text encrypted according to the strongest encryption algorithm. As a consequence, several Key Management Systems (KMS) have been developed to easily support the management of cryptographic keys, whose number is constantly increasing, due to the amount of devices and communications that take place today, even in very restricted contexts. SEkey is a key management system developed targeting a distributed environment, where it is possible to identify a single central manager that acts as a Key Distribution Center (KDC) and many users that locally store and manage their own keys. Users, to a certain extent, can also work ‘offline’ without being always in direct communication with the central manager. SEkey is built leveraging the functionalities and physical properties of the SEcubeTM Hardware Security Module (HSM). All the key values and critical information are stored inside the SEcubeTM and never leave the device in clear, and all the cryptographic operations are performed by the SEcubeTM itself. The guidelines provided by NIST where followed during the whole development process, guaranteeing all the most important security features and principles.partially_openopenFornero, Matteo; Maunero, Nicolò; Prinetto, Paolo; Varriale, AntonioFornero, Matteo; Maunero, Nicolò; Prinetto, Paolo; Varriale, Antoni

Hardware-based capture-the-flag challenges

In a world where cybersecurity is becoming increasingly important and where the lack of workforce is estimated in terms of millions of people, gamification is getting a more and more significant role in leading to excellent results in terms of both training and recruitment. Within cybersecurity gamification, the so-called Capture-The-Flag (CTF) challenges are definitely the corner stones, as proved by the high number of events, competitions, and training courses that rely on them. In these events, the participants are confronted directly with games and riddles related to practical problems of hacking, cyber-attack, and cyber-defense. Although hardware security and hardware-based security already play a key role in the cybersecurity arena, in the worldwide panorama of CTF events hardware-based challenges are unfortunately still very marginal. In the present paper, we focus on hardware-based challenges, providing first a formal definition and then proposing, for the first time, a comprehensive taxonomy. We eventually share experiences gathered in preparing and delivering several hardware-based challenges in significant events and training courses that involved hundreds of attendees

Side-channel analysis of SEcube™ platform

Cryptography provides techniques to cypher and de-cypher sensitive information through a token called key in order to store and transmit it across insecure networks. The goal of cryptography is to protect information from potential attackers and to enable access to authorized users only. Several hardware cryptographic devices are entering the market. However, these devices can be subject to passive attacks that consist in retrieving secret data by observing the side-channel behaviour of the device (i.e. execution time, power consumption, electromagnetic field). This work studies the robustness of SEcube™, an innovative secure hardware product against Differential Power Analysis attacks. SEcube™ is a system-on-chip equipped with three devices interconnected and embedded in a single chip: an ARM Cortex M4 low-power processor, a Lattice MachXO2-7000 FPGA and a SmartCard SLJ52G (EAL5+ certified). Moreover, in order to examine the security enhancement of this platform, we perform the same analysis with a similar board equipped with the same microprocessor and then compare the results. Experimental results show that the number of correct bits is similar between the two platform