Security Through Hardware
We can use hardware to make systems more secure, however adding extra hardware can be costly and can make the system inflexible. Inflexibility can be a real issue as security is an evolving problem, where attackers compete to find flaws and vulnerabilities in defensive mechanisms.
In SCCS, we are working to design security mechanisms—including cryptographic algorithms and protocols—that provide some flexibility and can still be cheaply implemented in hardware. As part of this research, we are also developing techniques for the formal modelling and analysis of hardware security (including physical attacks), and of secure systems that include hardware components.
Such hardware will provide tamper-resistance and can often help maintain some level of security even after catastrophic compromise, but it must also be cost effective if it is to become pervasive. One example of hardware-enhanced security is provided by the Trusted Platform Module (TPM) designed by the Trusted Computing Group (TCG), which has been embedded in many computer platforms and is now a required part of any platform designed for Windows 10. In other application areas, hardware can be used to provide enhanced security, and support privacy-friendly applications. For example, the use of secure hardware for these purposes is being investigated in smart vehicles, device authentication, e-payment and electronic voting. Designing and proving cryptographic algorithms and protocols for the next generation of secure hardware is a key area of work for SCCS. This provides foundations for the construction of secure systems using trusted computing.
We have previously been involved in the development of cryptographic functions which have been incorporated in both TPM specifications (TPM 1.2 and TPM 2.0). In this research area, we are now working on quantum-resistant algorithms which can be implemented in a TPM-like environment in order to maintain security after the first quantum computer. We have also been working on proving security against side channel analysis and fault attacks.
Overall, we are focusing on developing and formally proving cryptographic algorithms and protocols for the next generation of secure hardware. At the same time, we are working on various applications where these can be used.