I recently returned from Oulu, where Juha Röning and Thomas Schaberreiter organized the co-located Ninth International Crisis Management Workshop (CriM15) and Oulu Winter School. At a high level, the event focused on security, trust, privacy, risk, and cryptography. I caught part of the software security workshop and found it both practical and interesting. I personally consider the Oulu University Secure Programming Group (OUSPG) the leading academic experts on software security in Finland.
On the crypto side, they brought in two big name cryptographers to give talks. Svetla Nikova (KU Leuven, Belgium) spoke about Side Channel Analysis (SCA), including a masking countermeasure for the AES block cipher. Kaisa Nyberg (Aalto University, Finland) spoke about block cipher design and traditional, statistical cryptanalytic techniques.
Juha and Thomas invited me to hold the crypto workshop, with a purpose of giving the students a hands-on crypto task. Based on the background lectures from Svetla and Kaisa, I chose Differential Power Analysis (DPA) for the topic. The outline was roughly:
- I lectured the attendees with a review / intro to DPA techniques.
- Showed DPA pseudo-code for an AES key recovery algorithm.
- Provided a million (plaintext, ciphertext) pairs.
- Provided a million corresponding signals / traces for those pair executions.
- Provided skeleton software to parse the data.
I let the participants work in pairs, groups, alone, whatever they wanted. All in all, I was impressed with the effort the participants put in and the results they produced. Although I’ve lecture before on DPA, this is the first hands-on workshop I’ve held — I got some good constructive feedback for the next iteration.
On a side note, the buildings on University of Oulu campus are freaking huge! If anyone in the department is interested in potential collaboration with OUSPG, I’m happy to make introductions.