Home
Overview
People
Publications
Jobs/Theses
Contact

Overview


Cryptography and security are two central and successful research disciplines: Millions of cryptoprotocols are executed every day, and protect their users against fraud, exposure of confidential data, or impersonation. Nevertheless, from a very fundamental perspective, the prevailing mathematical approaches in these two disciplines have two potential weak spots. First of all, their security often rests on unproven assumptions on the computational complexity of certain mathematical problems. One well-known example is the hypothesis that the factoring and the discrete logarithm problem are intractable for large numbers. Secondly, most current techniques rely on the concept of a secret binary key, i.e. on the assumption that the cryptographic devices can contain a secret number that is, and remains, unknown to an adversary.

These two weak spots may look irrelevant at first sight, but they do have a noticeable practical impact. Let us start our discussion with the impact of unproven number theoretic assumptions. Due to the dependency on unproven security assumptions, new algorithms and new hardware steadily diminish the security of earlier cryptoprotocols as time progresses. As of today, several experts believe that even carefully designed numeric cryptographic primitives have a finite security lifetime of only 5 to 20 years (see, for example, J. Buchmann et al., Perspectives for cryptographic long-term security, Communications of the ACM, 2006). This naturally affects the long-term confidentiality of encrypted data, or the long-term validity of digital signatures.

Secondly, the secrecy of binary keys can be difficult and costly to uphold in practice. Several well-known attacks may potentially extract such keys from cryptographic hardware. This includes physical attacks like invasive, semi-invasive, and side-channel analysis, or software-based approaches such as viruses or API attacks. The dangerousness of attacks of this type has been demonstrated several times in widespread, commercial systems. The fact that modern hardware should be mobile, cross-linked, and inexpensive, further aggravates the problem of effective key protection. As Ron Rivest put it in his keynote talk at CRYPTO 2011: “Calling a bit string a secret key does not make it secret, but rather identifies it as an interesting target for the adversary.”

Our project investigates a different approach to cryptography and security, which is called physical cryptography. The key idea of this emerging field is to use physical nanostructures with specifically designed properties in order to replace or complement standard cryptoschemes, and in order to avoid permanent digital keys in vulnerable hardware. This can potentially realize security systems which are more cost effective, lightweight, smaller, more lightweight, or more secure than their conventional counterparts.

Instead of relying on computational hypotheses, or on the assumption that digital keys stored in non-volatile memory cannot be accessed, our approach exploits the natural complexity of physical nanosystems for security purposes. It relies on the known difficulty of characterizing, modeling, emulating, or reproducing such systems with perfect precision. To name two examples, it is intuitively understandable that a randomly structured, three-dimensional nanosystem cannot be reproduced with perfect precision at low costs. Or that the whole, random information content of a disordered physical system with 1010 atoms, say, can hardly ever be read out. Concrete nano-structures considered by us include special photonic systems, randomly structured silicon systems, or suitable analog and digital circuits.

Our research can be applied to a number of well-established cryptographic and security problems, including:

  • Digital Rights Management and IP protection

  • Unforgeable labels for products, pharmaceuticals, passports, credit cards, banknotes

  • Secure communication, including encryption, identification, authentication

  • Tamper detecting hardware

  • Secure sensors, including security cameras, fingerprint sensors, etc.

Some of these problems have an extraordinary economic relevance: For example, the worldwide damage caused by faked branded products, for example, is estimated to be on the order of 500 billion Dollars per year.

Our project has an integrated approach to cryptography and security in the sense that it covers both the foundations and the hardware implementation of physical cryptography. In the former area, we deal with security proofs, formalization, protocol design, and cryptanalysis. In the latter field, we concentrate on the design and optimization of material systems and measurement set-ups, including concrete physical experiments, numerical simulations (e.g. SPICE), new circuit designs, and hardware prototypes. The project is interdisciplinary, and includes groups from the departments of physics, electrical engineering, and computer science at the TU München. Several national and international collaborations exist with researchers in the US, Germany, Israel and Hungary.

(c) 2009 Physical Cryptography Project, TU München | Imprint | Webdesign