International Association for Cryptologic Research

Ph.D. Database

The aim of the IACR Ph.D. database is twofold. On the first hand, we want to offer an overview of Ph.D. already completed in the domain of cryptology. Where possible, this should also include a subject classification, an abstract, and access to the full text. On the second hand, it deals with Ph.D. subjects currently under investigation. This way, we provide a timely map of contemporary research in cryptology. All entries or changes need to be approved by an editor. You can contact them via phds (at)


Josep Balasch (#1009)
Name Josep Balasch
Personal Homepage
Topic of his/her doctorate. Implementation Aspects of Security and Privacy in Embedded Design
Category implementation
Ph.D. Supervisor(s) Ingrid Verbauwhede, Bart Jacobs
Year of completion 2014
Abstract Embedded devices are nowadays largely represented across the compute continuum. From mobile phones to smart cards and RFID tags, digital devices are becoming increasingly ubiquitous, mobile and integrated with their environment. This gradual shift towards pervasive computing envisions many benefits in sectors as diverse as financial, entertainment, health care, information access, or automotive. Along with these possibilities however, there are also inherent risks to be addressed. It is in this context that this dissertation is situated. It provides contributions to the security of embedded devices and the privacy of the humans interacting with them. The first part of the thesis is devoted to physical security. Many existing and future applications have built-in security capabilities which rely on keeping cryptographic keys secret. Typical examples include payment tokens, digital identity documents, or access control cards. As these devices operate in hostile environments, they need protection against physical attacks. Among these, side channel attacks and fault attacks represent two of the major threats in the security of embedded devices. Our contributions in this area encompass three different but related aspects. First, we provide an in-depth analysis of vulnerabilities that lead to physical attacks. In particular, we characterize the effects of fault injections based on setup-time violations on a low-end microcontroller. Second, we show how physical attacks are still a prominent threat for secure devices by successfully attacking a widely used family of secure memories. And third, we devise and thoroughly evaluate a high-level mitigation against side channel attacks. More specifically, we employ the inner product construction to design a masking-based countermeasure implementable at any order. The second part of the thesis deals with privacy aspects. Systems such as location-based services, health-care monitoring, or smart homes rely on the collection and processing of fine-grained information about users. Hazards derived from mining, sharing or misusing collected data are numerous, e.g. from discrimination, persecution or reputation damage for end users to large scale surveillance of individuals. Privacy-preserving methods to minimize the processing and/or disclosure of personal data is paramount for the acceptance of these systems. We select Electronic Toll Pricing (ETP) as case study, a major representative of location-based services. This envisioned system allows governments to levy taxes on the use of public roads by deploying in-vehicle On-Board Units (OBUs). Our main contribution is the design, analysis and implementation of PrETP, a privacy-preserving ETP solution. The privacy guarantees of our system are achieved by letting OBUs compute their road fees locally. At the same time, we provide means for service providers to ensure that OBUs carry out correct computations.
E-Mail Address jbalasch (at)
Last Change 2014-05-22 10:37:30
To provide an update on this entry, please click .

Contact: phds (at)

[ IACR home page ] [ IACR PhDs page ] © IACR