Low Power Embedded Security
|
|
- Dale Bailey
- 5 years ago
- Views:
Transcription
1 Low Power Embedded Security Ingrid Verbauwhede K.U.Leuven - ESAT - SCD/COSIC With thanks to: EMSEC and COSIC/HW team members E: ingrid.verbauwhede@esat.kuleuven.be Ingrid Verbauwhede 1 December 2006 Outline Embedded security Extra optimization goal: time area energy security Security as strong as the weakest link Bottom-up: Circuits & logic styles Micro-architecture HW & SW Algorithms & protocols Ingrid Verbauwhede 2 December 2006 Page 1
2 Embedded Security: Motivation Ambient intelligence PDA s, cell phones, smart cards, gadgets.. Distributed, communicating, devices Secure? Low Energy? Distributed security? New York Times (1/24/05): A Virus Writer Tests the Limits in Cell phones LosAngeles Times (10/14/06): Federal Data Theft Found to Affect Millions: Data Theft at Agencies Not as Uncommon as Hoped Ingrid Verbauwhede 3 December 2006 Embedded Security Pyramid Security is as strong as the weakest link! SIM Confidentiality Integrity Identification Cipher Design, Biometrics Java JCA JVM KVM Protocol: Wireless authentication protocol design Algorithm:Embedded fingerprint matching algorithms, crypto algorithms Architecture:Co-design, HW/SW, SOC CPU MEM Vcc Crypto Micro-Architecture: co-processor design D Q CLK Circuit: Circuit techniques to combat side channel analysis attacks Ingrid Verbauwhede 4 December 2006 Page 2
3 Side Channel Attacks Ingrid Verbauwhede 5 December 2006 Side channel attacks Based on observation of the embedded device: smart-card, RFID tag, FGPA, ASIC, embedded micro-controllers,. Observe: timing, power (= current), electro magnetic variations Simple attacks: one or a few measurements, visual inspection often sufficient Differential attacks: build a model of the behavior (e.g. the timing or current consumption) and correlate the measurement(s) with the model Higher order attacks, template attacks, combined attacks: as countermeasures improve, attacks become more complex Countermeasures: At circuit & logic level Micro-architecture level SW level Algorithm level Ingrid Verbauwhede 6 December 2006 Page 3
4 Consumes power when output makes a 0 to 1 transition Foundation: Intro to Static CMOS IN OUT 0 discharge charge transition Ingrid Verbauwhede 7 December 2006 As suggested by famous cryptographers... Duplicate logic 1-0 transition 0-1 transition IN IN OUT OUT discharge charge charge discharge Ingrid Verbauwhede 8 December 2006 Page 4
5 Dynamic logic Dynamic logic breaks input sequence or hamming distance IN 0 0 OUT Pre 1 OUT EV 1 Charge 0 in Pr(echarge) Ev(aluation) out discharge PDN discharge [Side note: no need to do the reset/precharge with a clock. Can also be done in asynchronous logic or with explicit reset data.] Ingrid Verbauwhede 9 December 2006 Transition independent power consumption doesn t create any side channel information When logic values are measured by charging and discharging capacitances, we need to use a fixed amount of energy for every transition switch a constant load capacitance switch once every cycle [Side note: in principle can also be obtained by current mode logic. But extremely hard to realize in practice.] Ingrid Verbauwhede 10 December 2006 Page 5
6 Dynamic and Differential logic is necessary but not sufficient Balance differential output nodes (Dis)charge all internal nodes (0,0) input clk E.g. DCVSL is not sufficient NAND A B A AND B (1,1) input clk Ingrid Verbauwhede 11 December 2006 Sense Amplifier Based Logic charges each cycle a constant load Balanced input and output nodes All internal nodes connect to an output clk NAND VDD clk AND A M1 A B B clk Ingrid Verbauwhede 12 December 2006 Page 6
7 Sense Amplifier Based Logic C tot=19.32ff NAND AND C tot=19.38ff NAND AND Ingrid Verbauwhede 13 December 2006 DPA on module of last round DES Experimental setup 4 6 P L CL 4 clk S1 substitution box clk P R 6 clk K Selection function D(K,C) predicts 1 st bit of P L. K guessed. C known. DPA: Power measurements are partitioned over 2 sets based on guess of secret key. Difference between typical supply currents of sets has noticeable peaks if guess was correct. Ingrid Verbauwhede 14 December 2006 Page 7
8 Implementation details Same circuit; two implementations. Difference in logic style: static CMOS SABL 0.18µm, 1.8V CMOS technology 5000 encryptions Hspice with 10ps simulation step Ingrid Verbauwhede 15 December 2006 Supply current profile irregular input dependent regular input independent [Tiri CHESS2003] Ingrid Verbauwhede 16 December 2006 Page 8
9 DPA differential trace secret key stands out secret key does not stand out [Tiri CHESS2003] Ingrid Verbauwhede 17 December 2006 Measurements to disclosure 200 cycles sufficient to disclose key transient response has died out Ingrid Verbauwhede 18 December 2006 Page 9
10 Standard building blocks A B Z 1 De-Morgan s Law A B A B Z Z 2 AND-ing with precharge signal A B A B prch Z Z false output with false inputs precharge 1: outputs are 0 precharge 0 - evaluation: 1 output is 1 Ingrid Verbauwhede 19 December 2006 Wave Dynamic Differential Logic Restrict library to AND, OR gate input 0 output 0 no precharge operator precharge inputs AND gate register prch OR gate clk clk prch. eval. Encryption Module Ingrid Verbauwhede 20 December 2006 Page 10
11 WDDL library All functions of and2, or2 operator In addition: inverted input, output signals XOR2X4: OAI221X2: Our WDDL library: 128 cells A0 AOI221X1 INVX2 A A AOI22X1 INVX4 Y A1 B0 B1 C0 Y OAI22X1 INVX4 A0 A1 OAI221X1 INVX2 B Y B0 B1 Y B C0 Ingrid Verbauwhede 21 December 2006 Experimental results Measurement results for FPGA test circuit out single ended out out WDDL Ingrid Verbauwhede 22 December 2006 Page 11
12 For constant power consumption: constant load capacitance. Match loads at differential outputs. Unbalanced capacitive loads Ingrid Verbauwhede 23 December 2006 Load capacitance breakdown gate R w,a C w,a C o,a C o,a C w,a R w,a C i,i2 gate 2 C o : intrinsic output capacitance C w : interconnect capacitance C i,i2 C i : input capacitance CA = CA Co,A + Cw,A + Ci,I1 + Ci,Ik = Co,A + Cw,A + Ci,I1 + Ci,Ik Cw,A = Cw,A C i,i1 gate 1 C i,i1 Intrinsic caps.: matched Interconnect: dominant (Moore s law) Balancing interconnect: crucial Ingrid Verbauwhede 24 December 2006 Page 12
13 Place & Route approach Parallel routes (adjacent tracks, same layer) balance geometric distances, parasitic effects Resistance: equal vias, wire segments Capacitance (to other layers): ideally same environment exact if every other layer is a power plane Metal x Metal y Via xy Ingrid Verbauwhede 25 December 2006 Differential pair routing Available via gridless/shape-based routers. only few critical signals (e.g. clock) experiment with 200 pairs: 8 hours CPU, 1000 conflicts, 100 open nets. Gridded routers avoid wires in parallel. We propose fat -wire routing. Abstract differential pair as one single fat wire. Route with fat wire; then decompose into pair. Ingrid Verbauwhede 26 December 2006 Page 13
14 1. Duplicate fat wire. 2. Slide apart copies. 3. Reduce to normal width. Fat wire decomposition DY -DY -DX DX Ingrid Verbauwhede 27 December 2006 Design example Two normal wires replace each fat wire. Ingrid Verbauwhede 28 December 2006 Page 14
15 AES, controller, fingerprint processor. Prototype IC ThumbPodII secure WDDL differential route insecure single-ended Ingrid Verbauwhede 29 December 2006 Circuit techniques to address SCA Standard cells: break AES with 8000 encryptions Special cells (build from standard cells): over 1.5M encryptions and still not broken STD CELL WDDL Ingrid Verbauwhede 30 December 2006 Page 15
16 DPA attack on AES key bytes- SCMOS Ingrid Verbauwhede 31 December 2006 DPA attack on WDDL Ingrid Verbauwhede 32 December 2006 Page 16
17 Security at circuit level: Back-end flow automated creates secure circuits But: Area + energy cost Security partitioning Security partitioning Ingrid Verbauwhede 33 December 2006 Security in an embedded system Embedded Security Server Non-secure/secure Interface distrusted environment Secure Embedded System root-of-trust Authentication Confidentiality Data Integrity Non-repudiation Ingrid Verbauwhede 34 December 2006 Page 17
18 Systematic Design Method: tree of trust Protocol, Application Server Client root-of -trust Architecture-level attacks Algorithm Noncritical software Crypto SW Microarchitecture-level attacks Architecture Non-secure HW Secure HW Micro-Architecture Circuit-level attacks Technology Regular CMOS DPA-resistant HW Ingrid Verbauwhede 35 December 2006 Example Application: ThumbPod Intelligent secure keychain device that recognizes owner biometrically Components: Microcontroller with memory Fingerprint sensor Biometric signal processing Security processing Communication: IR and USB Applications: Secure credit cards, secure memory, access control, etc. [UCLA work] Ingrid Verbauwhede 36 December 2006 Page 18
19 Security Partitioning Minutiae Extraction Secret Key Unprotected Template Matching Algorithm Algorithm Load Key Load Bogus Crypto Module Protected Only the sensitive template and the corresponding processes need to be protected. Fuzzy vault avoids storage of sensitive material but also a price in terms of performance and cost Ingrid Verbauwhede 37 December 2006 Security partitioning for Thumpod-II Thumbpod-II Processor & coprocessor Security partitioning Secure ASIC Regular processor ASIC NON-DPA LEON Processor AHB I/F Integer Unit AHB Controller Memory Controller Cache DCache -2KB I- Cache 2KB Boot PROM I/F Boot ROM ASIC DPA AHB/APB 32bits Memory Bus 2MB SRAM Bridge AES Coprocessor UART1 RS232 Comparator Template AMBA Peripheral Bus UART2 Fingerprint Sensor Storage Ingrid Verbauwhede 38 December 2006 Page 19
20 Support for security partitioning Hardware Software co-design SOC = embedded CPU with programmable co-processors SW Modem Security ISS Application dependent glue FSMD CPU/MEM Baseband Crypto Interconnect GEZEL Ingrid Verbauwhede 39 December 2006 Example of a GEZEL codesign Crypttext 128 aes_decoder done rst ld aes_top (AES/ECB) Key Plaintext instructions (0x ) data_in (0x ) data_out (0x ) Addr Data Embedded Software Driver µp Core FSMD model of hardware HW/SW Interfaces Library Blocks GEZEL Model Power Profile Cycle Performance VHDL SW Simulation (Instruction-Set Simulation) Ingrid Verbauwhede 40 December 2006 Page 20
21 Public Key: ECC/HECC HW/SW co-design HECC Scalar multiplication Point or divisor operations Combination of GF(2 n ) operations Basic GF(2 n ) operations C code assembly routines µcode sequences SW datapath HW P CPU P1 GF(2 n ) Coprocessor GEZEL based design [CHES 2005] Ingrid Verbauwhede 41 December 2006 HW/SW for HECC bit micro controller With/without hardware acceleration From the Tiny 8051 Core 3300 LUTs 820Bytes RAM 12KBytes ROM 8 84 GF(2 83 ) Mult/add unit LUTs + 100Bytes RAM MHz X MHz [Ches2005] Ingrid Verbauwhede 42 December 2006 Page 21
22 HW/SW for superscalar co-processor Superscalar ARM CPU 32-bit data Main CPU Memory Mapped I/O DBC Data Bus 32-bit instruction s Buffer Full µ-code RAM SRAM Program ROM FSM Instruction Bus IQB To the fancy Coprocessor IBC MALU 83 MALU 83 MALU 83 MALU 83 Coprocessor Memory [Ches2006] Ingrid Verbauwhede 43 December 2006 Crypto Heaven Embedded Security Protocol: Security Communication Computation trade-off Algorithm:Security partitioning Architecture:RINGS & Gezel, HW/SW Co-design Embedded Security is NOT a point solution! Micro-Architecture: co-processor design Circuit:WDDL & Diff routing, Secure memory Deep Submicron Hell Ingrid Verbauwhede 44 December 2006 Page 22
Design methods and tools for side channel attack resistant circuits
Design methods and tools for side channel attack resistant circuits Ingrid Verbauwhede ingrid.verbauwhede-at-esat.kuleuven.be K.U.Leuven, COSIC Computer Security and Industrial Cryptography www.esat.kuleuven.be/cosic
More informationCost of cryptography in hardware
Cost of cryptography in hardware Ingrid Verbauwhede ingrid.verbauwhede-at-esat.kuleuven.be K.U.Leuven, ESAT- SCD - COSIC Computer Security and Industrial Cryptography Acknowledgements: Current and former
More informationLow budget cryptography to enable wireless security
Low budget cryptography to enable wireless security Ingrid Verbauwhede ingrid.verbauwhede-at-esat.kuleuven.be K.U.Leuven, COSIC Computer Security and Industrial Cryptography www.esat.kuleuven.be/cosic
More informationBlind Differential Cryptanalysis for Enhanced Power Attacks
Blind Differential Cryptanalysis for Enhanced Power Attacks Bart Preneel COSIC K.U.Leuven - Belgium bart.preneel(at)esat.kuleuven.be Joint work with Helena Handschuh Concept Differential cryptanalysis
More informationSystem Level Design Methods for Secure Embedded Systems
System Level Design Methods for Secure Embedded Systems Patrick Schaumont Center for Embedded Systems in Critical Applications Secure Embedded Systems Mobile Biometrics Mobile Authentication Access Control
More informationInterfacing a High Speed Crypto Accelerator to an Embedded CPU
Interfacing a High Speed Crypto Accelerator to an Embedded CPU Alireza Hodjat ahodjat @ee.ucla.edu Electrical Engineering Department University of California, Los Angeles Ingrid Verbauwhede ingrid @ee.ucla.edu
More informationThe embedded security challenge: Protecting bits at rest
The embedded security challenge: Protecting bits at rest Patrick Schaumont schaum@vt.edu Acknowledgements: Eric Simpson, Pengyuan Yu Secure Embedded Systems Group ECE Department Secret bits-at-rest Hi-Res
More informationPrototype IC with WDDL and Differential Routing DPA Resistance Assessment
Prototype IC with WDDL and Differential Routing DPA Resistance Assessment Kris Tiri, David Hwang, Alireza Hodjat, Bo-Cheng Lai, Shenglin Yang, Patrick Schaumont, and Ingrid Verbauwhede,2 Electrical Engineering
More informationA physical level perspective
UMass CS 660 Advanced Information Assurance Spring 2011Guest Lecture Side Channel Analysis A physical level perspective Lang Lin Who am I 5 th year PhD candidate in ECE Advisor: Professor Wayne Burleson
More informationThe Use Of Virtual Platforms In MP-SoC Design. Eshel Haritan, VP Engineering CoWare Inc. MPSoC 2006
The Use Of Virtual Platforms In MP-SoC Design Eshel Haritan, VP Engineering CoWare Inc. MPSoC 2006 1 MPSoC Is MP SoC design happening? Why? Consumer Electronics Complexity Cost of ASIC Increased SW Content
More informationBreaking the Bitstream Decryption of FPGAs
Breaking the Bitstream Decryption of FPGAs 05. Sep. 2012 Amir Moradi Embedded Security Group, Ruhr University Bochum, Germany Acknowledgment Christof Paar Markus Kasper Timo Kasper Alessandro Barenghi
More informationA Countermeasure Circuit for Secure AES Engine against Differential Power Analysis
A Countermeasure Circuit for Secure AES Engine against Differential Power Analysis V.S.Subarsana 1, C.K.Gobu 2 PG Scholar, Member IEEE, SNS College of Engineering, Coimbatore, India 1 Assistant Professor
More informationHardware/Software Co-design for Hyperelliptic Curve Cryptography (HECC) on the 8051 µp
Hardware/Software Co-design for Hyperelliptic Curve Cryptography (HECC) on the 8051 µp Lejla Batina, David Hwang, Alireza Hodjat, Bart Preneel and Ingrid Verbauwhede Outline Introduction and Motivation
More informationSIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017
SIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017 WHAT WE DO What we do Robust and Efficient Cryptographic Protocols Research in Cryptography and
More informationSide channel attack: Power Analysis. Chujiao Ma, Z. Jerry Shi CSE, University of Connecticut
Side channel attack: Power Analysis Chujiao Ma, Z. Jerry Shi CSE, University of Connecticut Conventional Cryptanalysis Conventional cryptanalysis considers crypto systems as mathematical objects Assumptions:
More informationIEEE TRANSACTIONS ON COMPUTER-AIDED DESIGN OF INTEGRATED CIRCUITS AND SYSTEMS, VOL. 25, NO. 7, JULY
IEEE TRANSACTIONS ON COMPUTER-AIDED DESIGN OF INTEGRATED CIRCUITS AND SYSTEMS, VOL. 25, NO. 7, JULY 2006 1197 A Digital Design Flow for Secure Integrated Circuits Kris Tiri, Member, IEEE, and Ingrid Verbauwhede,
More informationFPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs, suitable for DFA on AES
, suitable for DFA on AES Jonas Krautter, Dennis R.E. Gnad, Mehdi B. Tahoori 10.09.2018 INSTITUTE OF COMPUTER ENGINEERING CHAIR OF DEPENDABLE NANO COMPUTING KIT Die Forschungsuniversität in der Helmholtz-Gemeinschaft
More informationDesign and Implementation of an AHB SRAM Memory Controller
Design and Implementation of an AHB SRAM Memory Controller 1 Module Overview Learn the basics of Computer Memory; Design and implement an AHB SRAM memory controller, which replaces the previous on-chip
More informationSecure Design Methodology and The Tree of Trust
Secure Design Methodology and The Tree of Trust Secure Embedded Systems Group ECE Department Virginia Tech The new Cool: Reverse Engineering... Microsoft Zune (http://bunniestudios.com) Under the Hood
More informationEmbedded Systems: Hardware Components (part I) Todor Stefanov
Embedded Systems: Hardware Components (part I) Todor Stefanov Leiden Embedded Research Center Leiden Institute of Advanced Computer Science Leiden University, The Netherlands Outline Generic Embedded System
More informationTechniques for Optimizing Performance and Energy Consumption: Results of a Case Study on an ARM9 Platform
Techniques for Optimizing Performance and Energy Consumption: Results of a Case Study on an ARM9 Platform BL Standard IC s, PL Microcontrollers October 2007 Outline LPC3180 Description What makes this
More informationNew Embedded NVM architectures
New Embedded NVM architectures for Secure & Low Power Microcontrollers Jean DEVIN, Bruno LECONTE Microcontrollers, Memories & Smartcard Group STMicroelectronics 11 th LETI Annual review, June 24th, 2009
More informationFault Sensitivity Analysis
Fault Sensitivity Analysis Yang Li, Kazuo Sakiyama, Shigeto Gomisawa, Kazuo Ohta The University of Electro-Communications liyang@ice.uec.ac.jp Toshinori Fukunaga, Junko Takahashi NTT Information Sharing
More informationEnergy Estimation Based on Hierarchical Bus Models for Power-Aware Smart Cards
Energy Estimation Based on Hierarchical Bus Models for Power-Aware Smart Cards U. Neffe, K. Rothbart, Ch. Steger, R. Weiss Graz University of Technology Inffeldgasse 16/1 8010 Graz, AUSTRIA {neffe, rothbart,
More informationPOWER ANALYSIS RESISTANT SRAM
POWER ANALYSIS RESISTANT ENGİN KONUR, TÜBİTAK-UEKAE, TURKEY, engin@uekae.tubitak.gov.tr YAMAN ÖZELÇİ, TÜBİTAK-UEKAE, TURKEY, yaman@uekae.tubitak.gov.tr EBRU ARIKAN, TÜBİTAK-UEKAE, TURKEY, ebru@uekae.tubitak.gov.tr
More informationAbbas El Gamal. Joint work with: Mingjie Lin, Yi-Chang Lu, Simon Wong Work partially supported by DARPA 3D-IC program. Stanford University
Abbas El Gamal Joint work with: Mingjie Lin, Yi-Chang Lu, Simon Wong Work partially supported by DARPA 3D-IC program Stanford University Chip stacking Vertical interconnect density < 20/mm Wafer Stacking
More informationMicrocoded Coprocessor for Embedded Secure Biometric Authentication Systems
Microcoded Coprocessor for Embedded Secure Biometric Authentication Systems Shenglin Yang UCLA Dept of EE Los Angeles, CA 90095 +1-310-267-4940 shengliny@ee.ucla.edu Patrick Schaumont UCLA Dept of EE Los
More informationHVSoCs: A Framework for Rapid Prototyping of 3-D Hybrid Virtual System-on-Chips
on introducing a new design paradigm HVSoCs: A Framework for Rapid Prototyping of 3-D Hybrid Virtual System-on-Chips D. Diamantopoulos, K. Siozios, E. Sotiriou-Xanthopoulos, G. Economakos and D. Soudris
More informationPower Analysis Attacks
Power Analysis Attacks Elisabeth Oswald Computer Science Department Crypto Group eoswald@cs.bris.ac.uk Elisabeth.Oswald@iaik.tugraz.at Outline Working principle of power analysis attacks DPA Attacks on
More informationEvaluating the Duplication of Dual-Rail Logics on FPGAs
Horst Görtz Institute for IT-Security Evaluating the Duplication of Dual-Rail Logics on FPGAs Alexander Wild, Amir Moradi, Tim Güneysu April 13. 2015 Motivation Dual-rail precharge logic 1 Motivation Dual-rail
More informationMM23SC8128RM Flash Security Turbo Microcontroller Smart Card Chip With 1024 bit RSA & Maths Co-processor
Flash Security Turbo Microcontroller Smart Card Chip With 1024 bit RSA & Maths Co-processor 08 September 2009 This document is property of My-MS and My-MS has the right to make any changes to the contents
More informationRad-Hard Microcontroller For Space Applications
The most important thing we build is trust ADVANCED ELECTRONIC SOLUTIONS AVIATION SERVICES COMMUNICATIONS AND CONNECTIVITY MISSION SYSTEMS Rad-Hard Microcontroller For Space Applications Fredrik Johansson
More informationVLSI Design Automation. Maurizio Palesi
VLSI Design Automation 1 Outline Technology trends VLSI Design flow (an overview) 2 Outline Technology trends VLSI Design flow (an overview) 3 IC Products Processors CPU, DSP, Controllers Memory chips
More informationCMPEN 411 VLSI Digital Circuits Spring Lecture 22: Memery, ROM
CMPEN 411 VLSI Digital Circuits Spring 2011 Lecture 22: Memery, ROM [Adapted from Rabaey s Digital Integrated Circuits, Second Edition, 2003 J. Rabaey, A. Chandrakasan, B. Nikolic] Sp11 CMPEN 411 L22 S.1
More informationHOST Differential Power Attacks ECE 525
Side-Channel Attacks Cryptographic algorithms assume that secret keys are utilized by implementations of the algorithm in a secure fashion, with access only allowed through the I/Os Unfortunately, cryptographic
More informationImplementing Virtual Secure Circuit Using A Custom-Instruction Approach
Implementing Virtual Secure Circuit Using A Custom-Instruction Approach Zhimin Chen Virginia Tech. Blacksburg, VA 246 chenzm@vt.edu Ambuj Sinha Virginia Tech. Blacksburg, VA 246 ambujs87@vt.edu Patrick
More informationIntroduction to Embedded Systems
Introduction to Embedded Systems Outline Embedded systems overview What is embedded system Characteristics Elements of embedded system Trends in embedded system Design cycle 2 Computing Systems Most of
More informationPart 2: Principles for a System-Level Design Methodology
Part 2: Principles for a System-Level Design Methodology Separation of Concerns: Function versus Architecture Platform-based Design 1 Design Effort vs. System Design Value Function Level of Abstraction
More informationFPGA for Complex System Implementation. National Chiao Tung University Chun-Jen Tsai 04/14/2011
FPGA for Complex System Implementation National Chiao Tung University Chun-Jen Tsai 04/14/2011 About FPGA FPGA was invented by Ross Freeman in 1989 SRAM-based FPGA properties Standard parts Allowing multi-level
More information! Memory Overview. ! ROM Memories. ! RAM Memory " SRAM " DRAM. ! This is done because we can build. " large, slow memories OR
ESE 57: Digital Integrated Circuits and VLSI Fundamentals Lec 2: April 5, 26 Memory Overview, Memory Core Cells Lecture Outline! Memory Overview! ROM Memories! RAM Memory " SRAM " DRAM 2 Memory Overview
More informationThe Design and Evaluation Methodology of Dependable VLSI for Tamper Resistance
2013.12.7 DLSI International Symposium The Design and Evaluation Methodology of Dependable VLSI for Focusing on the security of hardware modules - Tamper resistant cryptographic circuit - Evaluation tools
More informationCS310 Embedded Computer Systems. Maeng
1 INTRODUCTION (PART II) Maeng Three key embedded system technologies 2 Technology A manner of accomplishing a task, especially using technical processes, methods, or knowledge Three key technologies for
More informationPower Reduction Techniques in the Memory System. Typical Memory Hierarchy
Power Reduction Techniques in the Memory System Low Power Design for SoCs ASIC Tutorial Memories.1 Typical Memory Hierarchy On-Chip Components Control edram Datapath RegFile ITLB DTLB Instr Data Cache
More informationECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria. Stefan Mangard.
Building Secure Hardware ECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria Stefan Mangard Infineon Technologies, Munich, Germany Stefan.Mangard@infineon.com Outline Assets and Requirements
More informationMinimum Area Cost for a 30 to 70 Gbits/s AES Processor
Minimum Area Cost for a 30 to 70 Gbits/s AE Processor Alireza Hodjat and Ingrid Verbauwhede Electrical Engineering Department University of California, Los Angeles {ahodjat, ingrid} @ ee.ucla.edu Abstract
More informationInvestigation of DPA Resistance of Block RAMs in Cryptographic Implementations on FPGAs
Investigation of DPA Resistance of Block RAMs in Cryptographic Implementations on FPGAs Shaunak Shah Corsec Security, Inc Fairfax, VA, USA Email: sshah@corsec.com Rajesh Velegalati, Jens-Peter Kaps, David
More informationLow-Power SRAM and ROM Memories
Low-Power SRAM and ROM Memories Jean-Marc Masgonty 1, Stefan Cserveny 1, Christian Piguet 1,2 1 CSEM, Neuchâtel, Switzerland 2 LAP-EPFL Lausanne, Switzerland Abstract. Memories are a main concern in low-power
More informationA Lightweight AES Implementation Against Bivariate First-Order DPA Attacks Weize Yu and Selçuk Köse
A Lightweight AES Implementation Against Bivariate First-Order DPA Attacks Weize Yu and Selçuk Köse Department of Electrical Engineering University of South Florida 1 Presentation Flow p Side-channel attacks
More informationTrojan-tolerant Hardware & Supply Chain Security in Practice
Trojan-tolerant Hardware & Supply Chain Security in Practice Who we are Vasilios Mavroudis Doctoral Researcher, UCL Dan Cvrcek CEO, Enigma Bridge George Danezis Professor, UCL Petr Svenda CTO, Enigma Bridge
More informationAnand Raghunathan
ECE 695R: SYSTEM-ON-CHIP DESIGN Module 2: HW/SW Partitioning Lecture 2.26: Example: Hardware Architecture Anand Raghunathan raghunathan@purdue.edu ECE 695R: System-on-Chip Design, Fall 2014 Fall 2014,
More informationA Design Methodology for Secured ICs Using Dynamic Current Mode Logic
A Design Methodology for Secured ICs Using Dynamic Current Mode Logic Mace F., Standaert F.-X., Quisquater J.-J., Legat J.-D. UCL Crypto Group Microelectronics Laboratory Universite Catholique de Louvain
More informationThe Davies-Murphy Power Attack. Sébastien Kunz-Jacques Frédéric Muller Frédéric Valette DCSSI Crypto Lab
The Davies-Murphy Power Attack Sébastien Kunz-Jacques Frédéric Muller Frédéric Valette DCSSI Crypto Lab Introduction Two approaches for attacking crypto devices traditional cryptanalysis Side Channel Attacks
More informationThe Memory Hierarchy Part I
Chapter 6 The Memory Hierarchy Part I The slides of Part I are taken in large part from V. Heuring & H. Jordan, Computer Systems esign and Architecture 1997. 1 Outline: Memory components: RAM memory cells
More informationCalibrating Achievable Design GSRC Annual Review June 9, 2002
Calibrating Achievable Design GSRC Annual Review June 9, 2002 Wayne Dai, Andrew Kahng, Tsu-Jae King, Wojciech Maly,, Igor Markov, Herman Schmit, Dennis Sylvester DUSD(Labs) Calibrating Achievable Design
More informationProduct Technical Brief S3C2412 Rev 2.2, Apr. 2006
Product Technical Brief S3C2412 Rev 2.2, Apr. 2006 Overview SAMSUNG's S3C2412 is a Derivative product of S3C2410A. S3C2412 is designed to provide hand-held devices and general applications with cost-effective,
More informationUCLA 3D research started in 2002 under DARPA with CFDRC
Coping with Vertical Interconnect Bottleneck Jason Cong UCLA Computer Science Department cong@cs.ucla.edu http://cadlab.cs.ucla.edu/ cs edu/~cong Outline Lessons learned Research challenges and opportunities
More informationIntel Research mote. Ralph Kling Intel Corporation Research Santa Clara, CA
Intel Research mote Ralph Kling Intel Corporation Research Santa Clara, CA Overview Intel mote project goals Project status and direction Intel mote hardware Intel mote software Summary and outlook Intel
More informationZynq-7000 All Programmable SoC Product Overview
Zynq-7000 All Programmable SoC Product Overview The SW, HW and IO Programmable Platform August 2012 Copyright 2012 2009 Xilinx Introducing the Zynq -7000 All Programmable SoC Breakthrough Processing Platform
More informationBinary decision diagram to design balanced secure logic styles
Binary decision diagram to design balanced secure logic styles Hyunmin Kim, Seokhie Hong, Bart Preneel and Ingrid Verbauwhede Center for Information Security Technologies Korea University, Seoul, South
More informationProcessor and Peripheral IP Cores for Microcontrollers in Embedded Space Applications
Processor and Peripheral IP Cores for Microcontrollers in Embedded Space Applications Presentation at ADCSS 2010 MESA November 4 th, 2010 www.aeroflex.com/gaisler Presentation outline Microcontroller requirements
More informationFault Sensitivity Analysis
Fault Sensitivity Analysis Yang Li 1, Kazuo Sakiyama 1, Shigeto Gomisawa 1, Toshinori Fukunaga 2, Junko Takahashi 1,2, and Kazuo Ohta 1 1 Department of Informatics, The University of Electro-Communications
More informationImplementation Tradeoffs for Symmetric Cryptography
Implementation Tradeoffs for Symmetric Cryptography Télécom ParisTech, LTCI Page 1 Implementation Trade-offs Security Physical attacks Cryptanalysis* Performance energy Throughput Latency Complexity *
More informationSecurity of Biometric Passports ECE 646 Fall Team Members : Aniruddha Harish Divya Chinthalapuri Premdeep Varada
Security of Biometric Passports ECE 646 Fall 2013 Team Members : Aniruddha Harish Divya Chinthalapuri Premdeep Varada CONTENTS Introduction to epassports Infrastructure required for epassports Generations
More informationARM Processors for Embedded Applications
ARM Processors for Embedded Applications Roadmap for ARM Processors ARM Architecture Basics ARM Families AMBA Architecture 1 Current ARM Core Families ARM7: Hard cores and Soft cores Cache with MPU or
More informationECE 448 Lecture 15. Overview of Embedded SoC Systems
ECE 448 Lecture 15 Overview of Embedded SoC Systems ECE 448 FPGA and ASIC Design with VHDL George Mason University Required Reading P. Chu, FPGA Prototyping by VHDL Examples Chapter 8, Overview of Embedded
More informationThe Next Steps in the Evolution of Embedded Processors
The Next Steps in the Evolution of Embedded Processors Terry Kim Staff FAE, ARM Korea ARM Tech Forum Singapore July 12 th 2017 Cortex-M Processors Serving Connected Applications Energy grid Automotive
More informationThe Xilinx XC6200 chip, the software tools and the board development tools
The Xilinx XC6200 chip, the software tools and the board development tools What is an FPGA? Field Programmable Gate Array Fully programmable alternative to a customized chip Used to implement functions
More informationXynergy It really makes the difference!
Xynergy It really makes the difference! STM32F217 meets XILINX Spartan-6 Why Xynergy? Very easy: There is a clear Synergy achieved by combining the last generation of the most popular ARM Cortex-M3 implementation
More informationWHAT FUTURE FOR CONTACTLESS CARD SECURITY?
WHAT FUTURE FOR CONTACTLESS CARD SECURITY? Alain Vazquez (alain.vazquez@louveciennes.sema.slb.com) 1/27 AV Contents Major contactless features : summary Contactless major constraints Major security issues
More informationPhysical Implementation
CS250 VLSI Systems Design Fall 2009 John Wawrzynek, Krste Asanovic, with John Lazzaro Physical Implementation Outline Standard cell back-end place and route tools make layout mostly automatic. However,
More informationPower Analysis of Atmel CryptoMemory Recovering Keys from Secure EEPROMs
Power Analysis of Atmel CryptoMemory Recovering Keys from Secure EEPROMs Josep Balasch 1, Benedikt Gierlichs 1, Roel Verdult 2, Lejla Batina 1,2, and Ingrid Verbauwhede 1 1 ESAT/COSIC, KU Leuven 2 ICIS/Digital
More informationMemory-Mapped SHA-1 Coprocessor
19-5870; Rev 0; 5/11 Memory-Mapped SHA-1 Coprocessor General Description The coprocessor with 64-byte RAM is a synthesizable register transfer level (RTL) implementation of the FIPS 180-3 Secure Hash Algorithm
More informationECE 485/585 Microprocessor System Design
Microprocessor System Design Lecture 4: Memory Hierarchy Memory Taxonomy SRAM Basics Memory Organization DRAM Basics Zeshan Chishti Electrical and Computer Engineering Dept Maseeh College of Engineering
More informationRevolutioni W zi h Wn e hgn e n F a Mi i s liu lsir u e ro e Cri I ti s Ic N al o t V A e n ri n O fi p c ti a o ti n oo
Formal Verification Revolutionizing Mission Critical Verification When Failure Is Not An Option Formal-based Security Verification www.onespin.com March 2016 HW Security Issues More Common Than Thought
More informationSynthesis of Fault-Attack Countermeasures for Cryptographic Circuits
Synthesis of Fault-Attack Countermeasures for Cryptographic Circuits Hassan Eldib, Meng Wu, and Chao Wang CAV, July 23, 2016 Cryptographic Algorithm: an example Plaintext Chip Ciphertext 0110 1001 1011
More informationARM Security Solutions and Numonyx Authenticated Flash
ARM Security Solutions and Numonyx Authenticated Flash How to integrate Numonyx Authenticated Flash with ARM TrustZone* for maximum system protection Introduction Through a combination of integrated hardware
More informationMicrosemi Secured Connectivity FPGAs
IoT Solutions Microsemi Secured Connectivity FPGAs SmartFusion2 SoC FPGAs Low Power Small Form Factors Scalable Security Secured Connectivity FPGAs Best in Class for IoT Infrastructure The IoT Infrastructure
More informationCopyright 2016 Xilinx
Zynq Architecture Zynq Vivado 2015.4 Version This material exempt per Department of Commerce license exception TSU Objectives After completing this module, you will be able to: Identify the basic building
More informationEmbedded Systems: Hardware Components (part II) Todor Stefanov
Embedded Systems: Hardware Components (part II) Todor Stefanov Leiden Embedded Research Center, Leiden Institute of Advanced Computer Science Leiden University, The Netherlands Outline Generic Embedded
More informationPlatform-based Design
Platform-based Design The New System Design Paradigm IEEE1394 Software Content CPU Core DSP Core Glue Logic Memory Hardware BlueTooth I/O Block-Based Design Memory Orthogonalization of concerns: the separation
More informationEE382V: System-on-a-Chip (SoC) Design
EE382V: System-on-a-Chip (SoC) Design Lecture 10 Task Partitioning Sources: Prof. Margarida Jacome, UT Austin Prof. Lothar Thiele, ETH Zürich Andreas Gerstlauer Electrical and Computer Engineering University
More informationASIC Logic. Speaker: Juin-Nan Liu. Adopted from National Chiao-Tung University IP Core Design
ASIC Logic Speaker: Juin-Nan Liu Adopted from National Chiao-Tung University IP Core Design Goal of This Lab Prototyping Familiarize with ARM Logic Module (LM) Know how to program LM Outline Introduction
More informationContents Part I Basic Concepts The Nature of Hardware and Software Data Flow Modeling and Transformation
Contents Part I Basic Concepts 1 The Nature of Hardware and Software... 3 1.1 Introducing Hardware/Software Codesign... 3 1.1.1 Hardware... 3 1.1.2 Software... 5 1.1.3 Hardware and Software... 7 1.1.4
More informationMemory in Digital Systems
MEMORIES Memory in Digital Systems Three primary components of digital systems Datapath (does the work) Control (manager) Memory (storage) Single bit ( foround ) Clockless latches e.g., SR latch Clocked
More informationHardware-Software Codesign. 1. Introduction
Hardware-Software Codesign 1. Introduction Lothar Thiele 1-1 Contents What is an Embedded System? Levels of Abstraction in Electronic System Design Typical Design Flow of Hardware-Software Systems 1-2
More informationMidterm Exam. Solutions
Midterm Exam Solutions Problem 1 List at least 3 advantages of implementing selected portions of a design in hardware, and at least 3 advantages of implementing the remaining portions of the design in
More information«Safe (hardware) design methodologies against fault attacks»
«Safe (hardware) design methodologies against fault attacks» Bruno ROBISSON Assia TRIA SESAM Laboratory (joint R&D team CEA-LETI/EMSE), Centre Microélectronique de Provence Avenue des Anémones, 13541 Gardanne,
More informationDesign Techniques for Implementing an 800MHz ARM v5 Core for Foundry-Based SoC Integration. Faraday Technology Corp.
Design Techniques for Implementing an 800MHz ARM v5 Core for Foundry-Based SoC Integration Faraday Technology Corp. Table of Contents 1 2 3 4 Faraday & FA626TE Overview Why We Need an 800MHz ARM v5 Core
More informationThe extreme Adaptive DSP Solution to Sensor Data Processing
The extreme Adaptive DSP Solution to Sensor Data Processing Abstract Martin Vorbach PACT XPP Technologies Leo Mirkin Sky Computers, Inc. The new ISR mobile autonomous sensor platforms present a difficult
More informationIntegrated Circuits & Systems
Federal University of Santa Catarina Center for Technology Computer Science & Electronics Engineering Integrated Circuits & Systems INE 5442 Lecture 23-1 guntzel@inf.ufsc.br Semiconductor Memory Classification
More informationDesign and Technology Trends
Lecture 1 Design and Technology Trends R. Saleh Dept. of ECE University of British Columbia res@ece.ubc.ca 1 Recently Designed Chips Itanium chip (Intel), 2B tx, 700mm 2, 8 layer 65nm CMOS (4 processors)
More informationHardware/Software Co-design
Hardware/Software Co-design Zebo Peng, Department of Computer and Information Science (IDA) Linköping University Course page: http://www.ida.liu.se/~petel/codesign/ 1 of 52 Lecture 1/2: Outline : an Introduction
More informationDietary Recommendations for Lightweight Block Ciphers: Power, Energy and Area Analysis of Recently Developed Architectures
Dietary Recommendations for Lightweight Block Ciphers: Power, Energy and Area Analysis of Recently Developed Architectures Lejla Batina, Amitabh Das, Barış Ege, Elif Bilge Kavun, Nele Mentens, Christof
More informationEnergy and Performance Evaluation of an FPGA-Based SoC Platform with AES and PRESENT Coprocessors
Energy and Performance Evaluation of an FPGA-Based SoC Platform with AES and PRESENT Coprocessors Xu Guo, Zhimin Chen, and Patrick Schaumont Virginia Tech, Blacksburg VA 24061, USA {xuguo,chenzm,schaum}@vt.edu
More informationSystem-On-Chip Design with the Leon CPU The SOCKS Hardware/Software Environment
System-On-Chip Design with the Leon CPU The SOCKS Hardware/Software Environment Introduction Digital systems typically contain both, software programmable components, as well as application specific logic.
More informationAge nda. Intel PXA27x Processor Family: An Applications Processor for Phone and PDA applications
Intel PXA27x Processor Family: An Applications Processor for Phone and PDA applications N.C. Paver PhD Architect Intel Corporation Hot Chips 16 August 2004 Age nda Overview of the Intel PXA27X processor
More informationECE 471 Embedded Systems Lecture 2
ECE 471 Embedded Systems Lecture 2 Vince Weaver http://web.eece.maine.edu/~vweaver vincent.weaver@maine.edu 7 September 2018 Announcements Reminder: The class notes are posted to the website. HW#1 will
More informationCONTACT: ,
S.N0 Project Title Year of publication of IEEE base paper 1 Design of a high security Sha-3 keccak algorithm 2012 2 Error correcting unordered codes for asynchronous communication 2012 3 Low power multipliers
More informationDate: 13 June Location: Sophia Antipolis. Integrating the SIM. Dr. Adrian Escott. Qualcomm Technologies, Inc.
Date: 13 June 2018 @qualcomm Location: Sophia Antipolis Integrating the SIM Dr. Adrian Escott Qualcomm Technologies, Inc. Agenda 1 2 3 4 5 6 Path to isim isim Size benefit Hardware Architecture Certification
More informationEmbedded Fingerprint Verification and Matching System
Signal Theory and Communications Group Department of Electronics University of Mondragon Fifth Workshop on Intelligent Solutions in Embedded Systems WISES 07, June 21-22, Madrid A Low-Cost FPGA-based Embedded
More information