DevToSCA

Developer-Centric Tools for Side-Channel Analysis

Motivation

Companies face enormous challenges both in protecting cryptographic implementations against side-channel attacks and in maintaining security features on different hardware platforms. Side-channel attacks do not target the cryptographic algorithms themselves, but target the compromise of the implementation. These types of attacks take place, for example, via a characteristic runtime behavior of measured computations, differences in power consumption, or electromagnetic radiation.

Approach and goals

The objective of the DevToSCA project is to enable developers to automatically test and optimize their software and hardware products for side-channel resistance, based on crypto and security functions that are already available but also those they have developed themselves. For this purpose, the DevToSCA project develops innovative verification tools for side channel analysis. These tools are intended to enable software developers to check the resistance of their own implementations – even without in-depth expertise in side channels. In order to achieve a high level of user acceptance, usability is also specifically taken into account in the design. Thus, we can increase developer awareness and sensitivity to cryptographic side-channel attacks and reduce the occurrence of such vulnerabilities.

Rohde & Schwarz Cybersecurity is particularly involved in the project with the integration of side-channel analysis tools into productive development and test environments – especially for use in crypto libraries and IT security products. To create appealing and efficient environments for professional developers and testers, several work steps are usually interconnected in an automated and configurable way for the purpose of Continuous Integration (CI). An important quality criterion is the reliability and comprehensibility of the tools, e.g. the comprehensibility of test results in order to be able to recognize, comprehend and eliminate side channels. The appropriate integrability and configurability of the tools in integrated development environments (IDEs) and automation scripts is also essential for acceptance by the addressed target group.

Project organization

DevToSCA is a joint research project funded by the German Federal Ministry of Education and Research (BMBF). Various specialist partners from both research and industry are involved in the project. The Hochschule Bonn-Rhein-Sieg, University of Applied Sciences, is responsible for the project lead.

Project management: VDI/VDE-IT Berlin
Consortium: Hochschule Bonn-Rhein-Sieg University of Applied Sciences, Ruhr University Bochum, Kasper & Oswald GmbH, Rohde & Schwarz Cybersecurity GmbH
Project duration: 07/2022 – 06/2025

More information

Nous contacter

Vous avez des questions ou besoin d'informations supplémentaires ? Remplissez simplement ce formulaire et nous vous recontacterons rapidement.

Formule de politesse*

Prénom*

Nom*

Courrier électronique*

Téléphone (ex : +1 400 123 5678)*

Entreprise*

Pays*

Rue*

Numéro*

Code postal*

Ville*

Demande d'informations*

Email confirmation*

Marketing de permission

Je souhaite recevoir des informations de Rohde & Schwarz via

courrier électronique
courrier postal

Je souhaite recevoir des informations marketing ou publicitaires (par exemple sur des offres spéciales et des remises promotionnelles) de la part de Rohde & Schwarz GmbH & Co. KG et des entités ou filiales de Rohde & Schwarz mentionnées dans le Imprint de ce site internet via courriel ou voie postale. D'autres détails sur l'utilisation des données personnelles et sur la procédure de rétractation sont fournies dans la Déclaration de confidentialité et L'autorisation Marketing.

Votre demande a bien été envoyée ! Nous vous contacterons dans les plus brefs délais.

An error has occurred, please try again later.