Cryptography and information security in the real world


CALL: 2009

DOMAIN: IS - Information Security and Trust Management

FIRST NAME: Jean-Sébastien




HOST INSTITUTION: University of Luxembourg

KEYWORDS: Cryptography, e-commerce, public-key cryptography, security of implementations, implementation attacks

START: 2010-03-01

END: 2013-02-28


Submitted Abstract

Cryptography is only one component of information security, but it is a crucial component.Without cryptography, it would be impossible to establish secure communications betweenusers over insecure networks like the internet. In particular, public-key cryptography (inventedby Diffie and Hellmann in 1974) enables to establish secure communications between userswho have never met physically before. One can argue that companies like E-Bay or Amazoncould not exist without public-key cryptography.Since 30 years the theory of cryptography has developed considerably. However cryptographyis not only a theoretical science; namely at some point the cryptographic algorithms must beimplemented on physical devices, like PCs, smart-cards or RFIDs. Then problems arise: ingeneral smart-cards and RFIDs have limited computing power and leak information throughpower consumption and electro-magnetic radiations. A cryptographic algorithm which isperfectly secure in theory can be completely insecure in practice if improperly implemented.Therefore, the aim of this proposal is to take into account every aspect of the implementation ofsecure systems in the real world, from the mathematical algorithms to the cryptographicprotocols, and from the cryptographic protocols to their implementation in the real world. Thisallows creating a bridge between theoretical research in cryptography on the one side and itsapplications and the end users of the new technology on the other side.When dealing with cryptographic protocols, we will work in the framework of provable security:every security goal will be clearly defined, and every new cryptographic scheme or protocolshould have a proof that the corresponding security goal is achieved, based on some welldefined computational hardness assumption. When dealing with cryptographic implementations,we will try to cover all known side-channel attacks: timing attacks, power attacks, cache attack,etc.

This site uses cookies. By continuing to use this site, you agree to the use of cookies for analytics purposes. Find out more in our Privacy Statement