Analysis of threats and design flaws in hardware and software cryptographic systems

In the past two decades the use of cryptography in computer systems has constantly increased. Ranging from personal devices to critical infrastructures, cryptography is pervasive and variegated. It is crucial to perform the security evaluation of existing cryptographic design and implementations. In this thesis we first investigate on Java keystores, the standard password-protected facility to securely store keys in Java. We define a threat model, distil a set of security properties and disclose unpublished attacks and weaknesses in keystores that do not adhere to state-of-the-art standards or use ad-hoc cryptographic mechanisms. Typically, security sensitive applications employ dedicated cryptographic hardware. We study the low-level APDU protocol used to communicate with PKCS#11 devices such as smartcards. We describe a threat model and discuss new attacks that exploit proprietary implementation weaknesses enabling attackers to leak sensitive keys as cleartext. Complex cryptography can also be found in the firmware of embedded and Internet-Of-Things devices. The research for security flaws in the firmware by reverse-engineering can be blocked by mechanisms preventing memory content readout to protect the IPs. We present novel firmware extraction attacks from six microcontrollers and we introduce a new voltage fault injection technique for improving the attack performance. Then we conduct a thorough evaluation of the results against the voltage glitching state-of-the-art.