Keynote Speakers

We are very happy to announce the following keynote speakers (in alphabetical order):

Ross Anderson, Cambridge University

Title: Tamper Resistance 20 Years On

Abstract: TBA.

Short Biography: Ross Anderson is a Professor of Security Engineering at the Computer Laboratory at Cambridge University, and a Fellow of Churchill College.  He was appointed to the Royal Academy of Sciences and the Royal Academy of Engineering in 2009, and won the 2016 Lovelace medal, the 2016 Electronic Frontier Foundation Award, and the 2015 ACM SIGSAC Outstanding Innovation Award.  Furthermore, he has been the chair of the Foundation for Information Policy Research since 1998, and served on Council, Cambridge University’s governing body, 2003–10 and from 2015–18.  He is the author of the classic textbook “Security Engineering” at Wiley.

Francois-Xavier Standaert, UC Louvain

Title: Towards an Open Approach to Side-Channel Resistant Authenticated Encryption

Abstract: In this talk, I will discuss how recent advances in side-channel analysis and leakage-resilience could lead to both stronger security properties and improved confidence in cryptographic implementations. For this purpose, I will start by describing how side-channel attacks exploit physical leakages such as an implementation’s power consumption or electromagnetic radiation. I will then discuss the definitional challenges that these attacks raise, and argue why heuristic hardware-level countermeasures are unlikely to solve the problem convincingly. Based on these premises, and focusing on the symmetric setting, securing cryptographic implementations can be viewed as a tradeoff between the design of modes of operation, underlying primitives and countermeasures. Regarding modes of operation, I will describe a general design strategy for leakage-resilient authenticated encryption, propose models and assumptions on which security proofs can be based, and show how this design strategy encourages so-called leveled implementations, where only a part of the computation needs strong (hence expensive) protections against side-channel attacks. Regarding underlying primitives and countermeasures, I will first emphasize the formal and practically-relevant guarantees that can be obtained thanks to masking (i.e., secret sharing at the circuit level), and how considering the implementation of such countermeasures as an algorithmic design goal (e.g., for block ciphers) can lead to improved performances. I will then describe how limiting the leakage of the less protected parts in a leveled implementations can be combined with excellent performances, for instance with respect to the energy cost. I will conclude by putting forward the importance of sound evaluation practices in order to empirically validate (by lack of falsification) the assumptions needed both for leakage-resilient modes of operation and countermeasures like masking, and motivate the need of an open approach for this purpose. That is, by allowing adversaries and evaluators to know implementation details, we can expect to enable a better understanding of the fundamentals of physical security, therefore leading to improved security and efficiency in the long term.

Short Biography: Francois-Xavier Standaert is a professor at the UCL Institute of Information and Communication Technologies, Electronics and Applied Mathematics (ICTEAM). He was a Fulbright visiting researcher at Columbia University, Department of Computer Science, Crypto Lab, and at the MIT Medialab, Center for Bits and Atoms. In 2011, he was awarded a Starting Independent Research Grant by the European Resaerch Council. In 2016, he has been awarded a Consolidator Grant by the European Research Council. From 2017 to 2020, he will be board member (director) of the International Association for Cryptologic Research (IACR). His research interests include cryptographic hardware and embedded systems, low power implementations for constrained environments, the design and cryptanalysis of symmetric cryptographic primitives, as well as physical security issues in general and side-channel analysis in particular.