Deprecated: The each() function is deprecated. This message will be suppressed on further calls in /home/zhenxiangba/zhenxiangba.com/public_html/phproxy-improved-master/index.php on line 456 Sergei Skorobogatov's Home Page
My name is Sergei Skorobogatov (Сергей Скоробогатов), I was born and grew up in Moscow,
Russia. I received a graduate degree (M.Sc.) in Automatics and
Electronics (Engineering Diploma) from the Moscow Engineering
Physics Institute (MEPhI) in March 1997. Then I worked (part time)
as an Engineer in MEPhI and as a contractor for the Ophthalmic Centre
"Prozrenie" in Moscow, where I designed several electronic devices
for eye sight diagnostic and correction.
I won a Computer Laboratory Research Assistantship at Cambridge
and since April 2000 I have been working on a Ph.D. project in the Security Group
at the Computer Laboratory of
the University of Cambridge in the
UK. As a part of this research I participated in EU funded G3Card project aimed to design a new
generation of smartcard chips. This project was finished in January
2003 and since that I had an independent research grant. I submitted
my
Ph.D. thesis in September 2004, defended my dissertation in
November 2004 and graduated in February 2005. In October 2004 I was
promoted to the Research Associate position for my postdoctoral
research here and in July 2006 I was promoted to the Senior Research
Associate position. My research grant was extended several times and
it is currently until the end of 2006, but it will be extended until
the end of 2008 soon.
I work in the Hardware
Security Group on tamper-resistant processors. Here is the list of
some of my current ongoing projects:
I am giving a talk as invited speaker at the IPAM Workshop on
Special purpose hardware for cryptography: Attacks and Applications,
December 4 - 8, 2006, Los Angeles. The abstract of the talk is
available here
I gave a four-hour talk as invited lecturer at the ECRYPT Summer
School on Cryptography in Louvain-la-Neuve (Belgium) 12-15 June
2006. I gave an introduction to hardware security and presented my
achievements in hardware security analysis in the last six years. The
abstract of the talk and references are available here. Slides
for Part
1, Part 2,
Part
3 and Part 4
of my talk are now available.
My Ph.D. thesis, which discusses the area of my research and
achievements up until the end of 2003, has been out since April 2005
and exists in forms of hardbound copy and
on-line Technical
Report version. No part of my thesis or correspondent Technical
Report may be used to produce any other reports or publications. It
can be viewed on a computer or printed out for reference and
consultation purposes only. You must contact me and obtain my
permission in writing if you want to reproduce or use any images or
diagrams from my thesis. I do not provide or authorise any translation
of my thesis into other languages.
Advanced power analysis techniques. Power analysis has been
used for years to monitor the processes taking place inside
microcontrollers and smartcards. It is possible to figure out what
instruction is currently being executed and number of bits set/reset
in arithmetic operaton, as well as the states for status
flags. However, as chips become more and more complex with
instruction/data caches and pipelining mechanisms used inside their
CPUs, it becomes more and more difficult to observe their operation
through power consumption. One approach is to use semi-invasive and
invasive attacks so that the power consumption of a relatively small
area will be monitored thus eliminating the influence of the rest of
the chip circuit. I already published some results. As it is the
ongoing research, more results were achieved and will be published
later as well as any new achievements.
Status: ongoing research. Publications to come in 2007
Practical use of fault-injection
attacks. We introduced these attacks in 2002. Unfortunately
they have still not been properly investigated. Research is needed to
estimate the requirements on these attacks for each chip manufacturing
technology and possible success rate. We are currently setting up the
equipment necessary for this research. Some of the results are very
likely to be published in 2007 once new special equipment has arrived.
Status: ongoing research.
Using nanotechnologies for hardware security analysis.
Current trends in the miniaturisation of electronic devices demand the
ability to understand the structure and properties on the deep
submicron level (latest technology is 90nm, and 65nm is already
proposed). Recent achievements in scanning probe microscopy allow us
to observe many characteristics of semiconductor chip surface such as
landscape (with atomic force microscopy), doping concentration (with
scanning capacitance microscopy), resistance (with scanning spreading
resistance microscopy), magnetic field (with magnetic force
microscopy), temperature (with scanning thermal microscopy), and many
others. We need research to estimate how much information could be
extracted from silicon chips by using such technologies. This research
might involve designing and building some special microscopes. As such
research requires large investments in equipment, it is difficult to
predict when it will be started.
Status: estimating the initial requirements.
My first security-related research project was an analysis of the
copy
protection mechanisms in modern microcontrollers. I still work in
this area and I occasionally provide penetration testing and
consulting services for old and new microcontroller designs. My work
aims at understanding the detailed mechanism of how protection
can be broken and how the security of new designs can be improved.
My ongoing research is more about a general evaluation of
different memory structures against all kind of attacks, rather than
testing any particular samples. As I expected long time ago (it was
announced by me in 1999) Flash and EEPROM memories are not very good
candidates for hardware security on their own, unless special
attention was taken into data flow control and interface protocols. It
was also suggested in my popular article on copy protection in
microcontrollers with its first edition in year 2000. Much more
information about various problems in EPROM, EEPROM and Flash memories
will be in my Ph.D. thesis which I already submitted and it will be
available for public soon after I passed the exam. My further research
will involve detailed investigation in different Flash/EEPROM memory
cells as well as in antifuse cells which believed to be highly secure
and my personal opinion is that it was not properly proved and
tested. The next step would be learning and testing FRAM and MRAM
memory structures as they are considered to be a highly secure
replacement to Flash and EEPROM memories.
Optical Fault Induction Attacks. Cryptographic Hardware
and Embedded Systems Workshop (CHES-2002), San Francisco, USA,
13-15 August 2002. LNCS 2523, Springer-Verlag, ISBN 3-540-00409-2, pp 2-12
(slides).
I always reply to personal emails. But sometimes due to server
problems or spam filters mail could be lost. Therefore please resend
your message if I have not replied within one week. In case of
important messages I would prefer you to forward a copy of your letter
to my HushMail address. Please avoid using HTML format in your emails
(such messages are very likely to be filtered out) and ask my
permission if you want to attach any files to your emails.
Please do not copy any of my publications onto your own Internet
server for public access without explicit permission. If you want to
refer to any of my texts, please use a hyperlink to my original and
not a copy. I update these texts frequently and I want to prevent the
confusion that arises if people read somewhere else obsolete versions
that are not under my control.
Tamper resistance and physical attacks (Part 1,
Part
2, Part 3
and Part
4). Summer School on Cryptographic Hardware, Side-Channel and
Fault Attacks (ECRYPT-2006), 12-15 June, Louvain-la-Neuve