University of Bristol puts HASLab/INESC TEC work in the limelight

In a press release the University of Bristol in the UK highlighted work by the High Assurance Software Laboratory (HASLab), an INESC TEC Privileged Partner and three foreign researchers (from Finland, Belgium and the UK) for its contribution to high assurance software.

The title of the work is “Practical Realisation and Elimination of an ECC-Related Software Bug Attack” and it focuses on the cryptographic components that play a fundamental role in protecting information in IT systems. Correctly implementing these cryptographic components in both hardware and software is a critical factor in maintaining information secure. Since 2008 the potential impact that even a subtle implementation error can have on the security of cryptographic algorithms used in IT systems has been known. This type of attack is typically known as a “bug attack”.

According to Manual Barbosa, the project leader at HASLab, “until recently, there had been no known attack of this type on a real system, there had been no actual “bug attacks” and the emphasis was generally on the risks associated with malicious implementation attempts on hardware where an implementation error could be purposely included by the manufacturer”, he explains.

In this article the authors changed the perspective on “bug attacks”. They demonstrated the first attack on an actual system and explored the implementation error using a version of the openSSL library. At the same time, the fact that this error is accidental and resides in software implementation shows the need to adopt rigorous approaches to correct implementations in the development processes of critical components. This area is HASLab’s main area of study.

The work by these researchers was also recently presented at the RSA Conference, one of the largest and most important events for IT security in the world.