You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The catalogue of security tools, methods and libraries developed and extended during AI-SecTools project (VJ02010010) by Masaryk University (CRoCS) partner.
Results from VUT partner are summarized here. Side-channel acquisition and processing tool called TraceXpert from CVUT partner is available here.
An automated toolkit to analyze secure hardware, and build user-verifiable hardware profiles. SCRUTINY provides high-level frameworks to verify profiles against its reference values.
Physical Response Emulation System for Secure Testing Operations is a low-cost, fully automated, and reproducible hardware analysis platform. It enables precise and repeatable testing of devices by simulating human interaction such as button presses and screen reading without compromising cryptographic security assumptions.
Automated testing tool for algorithms from JavaCard API supported by particular smart card. Performance testing of almost all available methods. The results for more than 100+ cards available at https://jcalgtest.org.
An automated scanner for JavaCard packages installed and supported by target card. Evaluates all packages from JavaCard API specification up to JC API 3.0.5.
The SCRUTINY analyzer for power traces of cryptographic operations captured from smartcards with three main modules implemented: Traces comparer, Trace classifier and CO template finder.
Supplementary materials (source code, example traces and simulations) for the Breaking DPA-protected Kyber via the pair-pointwise multiplication paper. The attack uses the mkm4 Kyber implementation.
Provides software re-implementation of low-level operations like ECPoint or BigInteger without any use of proprietary API. Used for JavaCard capabilities testing.
This repository contains three implementations of X25519 in C and assembly for the Cortex-M4 with countermeasures against side-channel and fault injection attacks. The first implementation is unprotected, the second implementation contains countermeasure required for the case of ephemeral scalar multiplication, and the third implementation contains the most countermeasures for the case of static scalar multiplication.
Ed25519 signature generation implementation on Cortex-M4 with extensive side-channel protections. This implementation is built on Sca25519 scalar multiplication and modular arithmetics. Masked SHAKE256 is used from Masked Kyber, therefore our implementation is not compliant with standardized Ed25519-SHA512 variant, but this choice provides additional side-channel countermeasures.
This project implements countermeasures against Side-Channel Attacks (SCA) and Fault Injection Attacks in the RSA implementation from BearSSL cryptographic library.
ECTester: Reverse-engineering side-channel countermeasures of ECC implementations. Vojtech Suchanek, Jan Jancar, Jan Kvapil, Petr Svenda and Lukasz Chmielewski.
sec-certs: Examining the security certification practice for better vulnerability mitigation. Adam Janovsky, Jan Jancar, Petr Svenda, Lukasz Chmielewski, Jiri Michalik and Vashek Matyas.
Chain of Trust: Unraveling References Among Common Criteria Certified Products. Adam Janovsky, Lukasz Chmielewski, Petr Svenda, Jan Jancar and Vashek Matyas.
TPMScan: A wide-scale study of security-relevant properties of TPM 2.0 chips. Petr Svenda, Antonin Dufka, Milan Broz, Roman Lacko, Tomas Jaros, Daniel Zatovic and Josef Pospisil.
pyecsca: Reverse engineering black-box elliptic curve cryptography via side-channel analysis. Jan Jancar, Vojtech Suchanek, Petr Svenda, Vladimir Sedlacek and Lukasz Chmielewski.
“These results must be false”: A usability evaluation of constant-time analysis tools. Marcel Fourné, Daniel De Almeida Braga, Jan Jancar, Mohamed Sabt, Peter Schwabe, Gilles Barthe, Pierre-Alain Fouque and Yasemin Acar.
Breaking DPA-protected Kyber via the pair-pointwise multiplication. Estuardo Alpirez Bock, Gustavo Banegas, Chris Brzuska, Lukasz Chmielewski, Kirthivaasan Puniamurthy and Milan Šorf
“They’re not that hard to mitigate”: What Cryptographic Library Developers Think About Timing Attacks. Jan Jancar, Marcel Fourné, Daniel De Almeida Braga, Mohamed Sabt, Peter Schwabe, Gilles Barthe, Pierre-Alain Fouque and Yasemin Acar.
