Modern hardware typically is characterized by a multitude of interacting physical components and software mechanisms. To address this complexity, security analysis should be modular: We would like to formulate and prove security properties of individual components, and then deduce the security of the overall design (encompassing hardware and software) from the security of the components. While this seems like an elusive goal, we argue that this is essentially the only feasible way to provide rigorous security analysis of modern hardware.This paper investigates the possibility of using the Universally Composable (UC) security framework towards this aim. The UC framework has been devised and successfully used in the theoretical cryptography community to study and formally prove security of arbitrarily interleaving cryptographic protocols. In particular, a sophisticated analytical toolbox has been developed using this framework. We provide an introduction to this frame-work, and investigate, via a number of examples, ways by which this framework can be used to facilitate a novel type of modular security analysis. This analysis applies to combined hardware and software systems, and investigates their security against attacks that combine both physical and digital steps.

, ,
Design, Automation and Test in Europe Conference and Exhibition
Computer Security

Canetti, R., van Dijk, M., Maleki, H., Rührmair, U., & Schaumont, P. (2020). Using Universal Composition to Design and Analyze Secure Complex Hardware Systems. In Proceedings of 2020 Design, Automation & Test in Europe Conference & Exhibition (DATE) (pp. 520–525). doi:10.23919/DATE48585.2020.9116295