post

35th Chaos Communication Congress: PHYSEC presents details on the application of their technology

35th Chaos Communication Congress: PHYSEC presents details on the application of their technology

At the 35th annual conference of the Chaos Computer Club (35C3), the largest international hacker meeting in Europe, Christian Zenger, David Holin and Lars Steinschulte presented PHYSEC’s Enclosure-PUF technology.

This year’s Chaos Com­mu­ni­ca­tion Con­gress attract­ed more than 16,000 vis­i­tors to the exhi­bi­tion halls in Leipzig on three days. Under the mot­to “Refresh­ing Mem­o­ries” it was the venue for impor­tant debates, lec­tures and work­shops on tech­ni­cal and socio-polit­i­cal top­ics.

It was the first time that we gave insights into the PHYSEC tech­nol­o­gy. With Enclo­sure-PUF we pre­sent­ed an inno­v­a­tive tech­nol­o­gy that makes it pos­si­ble to ver­i­fy the authen­tic­i­ty, integri­ty and phys­i­cal state of a phys­i­cal object and to prove cor­re­spond­ing state­ments via dig­i­tal chan­nels.

In pub­lic envi­ron­ments, data extrac­tion from or manip­u­la­tion of com­put­er sys­tems is easy to per­form as it requires only phys­i­cal access. The aim of the talk was there­fore to demon­strate exem­plary tam­per resis­tance by means of a (very inex­pen­sive) self-built test bed in order to pro­tect secret infor­ma­tion with­out attack detec­tion or data era­sure cir­cuit. The use of elec­tro­mag­net­ic waves (or their prop­a­ga­tion behav­iour) enables the pro­tec­tion of indi­vid­ual small com­po­nents to be extend­ed to the entire periph­ery of a sys­tem. This in turn leads to the detec­tion of manip­u­la­tions so that suit­able coun­ter­mea­sures can be tak­en in good time. The pro­tec­tion can be used flex­i­bly with regard to size and appli­ca­tion.

In 2018, we were award­ed the Ger­man IT Secu­ri­ty Prize of the Horst Görtz Foun­da­tion for the devel­op­ment of the Enclo­sure PUF.

David Holin, Lars Steinschulte and Christian Zenger (f.l.t.r.) from PHYSEC during the talk at the 35C3 in Leipzig

Missed the talk? Click here for the record­ing.

post

Novel technology for monitoring nuclear weapons

Novel technology for monitoring nuclear weapons

In the future, this technology might help verify if countries abide by disarmament treaties.

An inter­na­tion­al IT research team from Bochum, Prince­ton, and Har­vard has devel­oped a tech­nol­o­gy that facil­i­tates the mon­i­tor­ing of changes in nuclear silos with­out hav­ing to reveal secret infor­ma­tion about the stored weapons. In future, it is expect­ed to help ver­i­fy if coun­tries abide by dis­ar­ma­ment treaties. The rooms are phys­i­cal­ly mon­i­tored with radio waves; a sophis­ti­cat­ed cryp­to­graph­ic tech­nique ensures that the process can­not be manip­u­lat­ed.

As far as researchers are con­cerned, no chal­lenge is greater than mon­i­tor­ing nuclear weapons: poten­tial attack­ers in this case are entire nations, rather than small groups of hack­ers or oth­er crim­i­nals. The coun­tries have almost unlim­it­ed finan­cial resources at their dis­pos­al and have access to state-of-the-art offen­sive tech­nol­o­gy.

In the inter­dis­ci­pli­nary project, mem­bers of the Bochum-based Horst Görtz Insti­tute for IT Secu­ri­ty (HGI) col­lab­o­rate close­ly with US-Amer­i­can col­leagues from Prince­ton Uni­ver­si­ty and Har­vard Uni­ver­si­ty. A report about the work has been pub­lished in the sci­ence mag­a­zine Rubin.

Radio wave map indi­cates changes

In order to iden­ti­fy changes in a nuclear silo, researchers deploy elec­tro­mag­net­ic waves in the radio fre­quen­cy range. As they are reflect­ed by walls and objects, a unique radio wave map of the room can be gen­er­at­ed. Every change – for exam­ple if a war­head were to be removed from the stor­age facil­i­ty – would change the reflex­ion pat­tern and could thus be detect­ed. As a result, coun­try A could mon­i­tor the nuclear silos of coun­try B by request­ing radio wave maps of the room in reg­u­lar inter­vals.

How­ev­er, we must make sure that a coun­try can­not gen­er­ate a radio wave map of a ful­ly stocked nuclear silo in advance and then con­tin­ues to send it to coun­try A, even after the weapons had long been removed,” explains Dr Dr Ulrich Rührmair from HGI. To this end, the researchers have inte­grat­ed a so-called chal­lenge into the sys­tem, i.e. a vari­a­tion in the request for a radio wave map between the coun­tries.

Pre­vent­ing decep­tion

In the room that has to be mon­i­tored, 20 rotat­ing mir­rors are installed, which can be remote­ly adjust­ed. The mir­rors reflect the radio waves, thus chang­ing the reflex­ion pat­tern in the room, with each mir­ror set­ting cre­at­ing an indi­vid­ual pat­tern. Pri­or to send­ing the request, coun­try A would arrange the mir­rors in a cer­tain way. In reply, coun­try B would have to send the radio wave map of the room with the exact same mir­ror arrange­ment to coun­try A. This can be done only if coun­try B mea­sures the room live with radio waves and the cur­rent mir­ror set­ting every time. Pre­vi­ous­ly record­ed radio wave maps would be use­less.

Coun­try A can ver­i­fy the reply only if the reflex­ion pat­terns for a num­ber of dif­fer­ent mir­ror set­tings were mea­sured and saved when the tech­nol­o­gy was first imple­ment­ed.

Mir­ror arrange­ment must not be pre­dictable

The IT secu­ri­ty researchers are cur­rent­ly test­ing the sys­tem in a con­tain­er at Ruhr-Uni­ver­sität, using dum­my war­heads and 20 mir­rors. This set­ting enables them to cre­ate bil­lions of sex­til­lions dif­fer­ent mir­ror arrange­ments. “The chal­lenge is to make sure that the mon­i­tored coun­try doesn’t learn to pre­dict the next mir­ror set­ting over time,” says HGI researcher Prof Dr Christof Paar. Were this the case, the coun­try could gen­er­ate the required radio wave map with­out scan­ning the room anew.

In order to pre­vent this sce­nario, the IT experts from Bochum deploy an unpre­dictable cryp­to­graph­ic pro­to­col to align the mir­rors. “The impor­tant thing is to ensure that the cor­re­la­tion between the chal­lenge and the reply can­not be described by a sys­tem of lin­ear equa­tion,” says Zenger. “This is because such sys­tems are rel­a­tive­ly easy to fig­ure out in math­e­mat­i­cal terms.” The same applies to the physics, i.e. the mir­ror mate­ri­als: their reflex­ion prop­er­ties shouldn’t be lin­ear either.