Dr. Martin Schaffer | June 28, 2016 | 12:00 | E.1.42

Abstract

Though cryptographic algorithms like AES are crypto-analytically secure, real implementations must at least be analyzed versus logical attacks like API misuse. Smart Cards and similar devices in addition face fault- and side channel analysis attacks. Such attacks exploit physical effects to manipulate the device or learn information about secret information. As these attacks are very critical, customers in the Smart Card world ask for third party evaluation (e.g. Common Criteria or EMVCo) to high assurance levels. If passed, a certificate is issued by a trusted party. With the rise of the IoT, physical attacks and the respective third-party witnessing of resistance soon get relevant there as well. This talk will give an overview of physical attacks and respective countermeasures in HW and SW. Moreover, it introduces how such devices are evaluated and certified and how much do attacks “cost”.

Dr. Schaffer studied computer science at Klagenfurt University and Swiss Federal Institute of Technology, focusing on security, privacy and cryptography. While conducting research in these fields, he received his PhD from Klagenfurt University. In 2001 he also worked for IBM Research Zurich Lab. 2008, Dr. Schaffer joined NXP Semiconductors where he held several positions in the security area over the last years, such as Security Architect and Cryptographer. Since 2014, Dr. Schaffer is Head of Security Maturity & Certification.