Cryptographic Protocols and Algorithms for 5G. Elena Dubrova School of Information and Communication Techonology, KTH
|
|
- Stuart Gibson
- 6 years ago
- Views:
Transcription
1 Cryptographic Protocols and Algorithms for 5G Elena Dubrova School of Information and Communication Techonology, KTH
2 Overview PROTOCOLS ALGORITHMS IMPLEMENTATIONS OBJECTIVES TO IMPROVE ATTACK RESISTANCE OF 5G RADIO ACCESS NETWORKS TO IMPROVE EFFICIENCY OF CRYPTOGRAPHIC ALGORITHMS TO PROTECT HARDWARE FROM TAMPERING RESULTS RANDOM ACCESS PROCEDURE BASED ON TUNABLE PUZZLES ENERGY- EFFICIENT ENCRYPTION AND AUTHENTICATION ALGORITHMS METHODS FOR SECURE KEY STORAGE COUNTERMEASURES AGAINST HARDWARE TROJANS 2
3 Random- Access Procedure Based on Tunable Puzzles
4 Background: Computational Puzzles Developed for IP-based network protocols Delay access to server resources Cryptographic hash function F Solution requires ~2 p hash function computations Verification requires 1 hash function computation Client Request Puzzle p = F(s) Solve puzzle Solution s Grant Server 4
5 Our contributions 1. We have shown usability of puzzles for radio networks, as a means of balancing the load on base station [1] 2. We generalized puzzles to enable prioritization Access preambles are partitioned into two sub-sets 3. We introduced a way to encode auxiliary information into puzzle s solution without making puzzles harder to create Auxiliary information specifies on which radio resource the next message should be sent 5
6 Proposed Random Access Procedure Step 1: Access request according to device priority type Step 2: Response contains computational puzzle based on priority Step 3: Solution specifies radio resource to be used in subsequent signaling to the base station Device Request (priority i) Solve puzzle Puzzle p(i) [Radio resource determined by solution s(i)] Grant Base Station 6
7 Mitigation of false claims A malicious device may falsely claim to have priority by using a preamble from the set of prioritized preambles, P P However, in return it will receive a puzzle which cannot be solved without a key Malicious Device? Request (preamble in P P ) Puzzle p for prioritized devices If device doesn t have the key, it cannot solve the puzzle Base Station 7
8 Energy-Efficient Cryptographic Algorithms
9 Background: Cyclic Redundancy Check (CRC) n-bit CRC detects: all burst errors up to length n CRC does not withstand crafted error, only random An injection attack in which the injected error is a multiple of the CRC generator polynomial will not be detected PHY Layer HEADER BODY CRC LTE uses 24-bit CRC ZigBee uses 16-bit CRC 9
10 Cryptographic CRC Proposed by Krawczyk in 1994 [2] Uses irreducible generator polynomials which are selected pseudo-randomly and changed periodically Compared to other Message Authentication Codes (MACs): (+) Detects burst errors (+) Can be computed with less resources (+) Provably secure with a quantifiable failure probability ε (-) ε > 1/2 n (-) Requires irreducibility test 10
11 Drawbacks of existing methods Crypto-CRC of Krawczyk and other MACs used in wireless communication standards cannot correct errors If MAC verification fails, the message is discarded and a retransmission is requested Re-transmissions waste energy and increase average packet latency Excessive re-transmissions may lead to network congestion 11
12 Our contribution We introduced a MAC which efficiently combines integrity protection with single-bit error correction [3] (+) Preserves all advantages of Krawczyk s CRC (+) Does not require irreducibility test (-) ε our > ε Krawczyk Good candidate for simpler 5G radio types and use cases with constrained resources such as machinetype communications 12
13 Energy-efficient encryption We designed a stream cipher Espresso [4] Fastest among the ciphers below 3000 µm 2, including Grain-128 and Trivium (winners of ECRYPT competition) Area (µm 2 ) Throughput (bits/s) Energy per bit (pj) AES-ECB Espresso times smaller 9.5 times more energy efficient 13
14 Hardware Security
15 What will 5G bring? More not so well protected wirelessly connected devices will contain sensitive data or be involved in services related to sensitive data E-health Wearable devices Smart home Connected cars source: [5] 15
16 Side-channel attacks become cheaper The equipment to do side-channel attacks becomes cheaper continuously With a $2,000 piece of equipment one can extract practically any data from a chip if the chip is not hardened against side-channel attacks [6] 16
17 Is the sensitive data well protected? Sensitive data is typically stored in a non-volatile memory a volatile memory with a battery programmable fuses Various mechanisms are used to protect sensitive data from readback or tampering Anti-tamper switches, sensors, wire meshes,... source: uk.farnell.com source: [7] source: /12/02/lm75b-temperature-sensor/ source: /robust-hardware-security-devices-madepossible-laser-direct-structuring 17
18 Memory zeroization Erasing critical parts of memory in response to tampering is called zeroization However, zeroization mechanisms often require a continuous power supply an attacker can disable them before powering up a chip Another problem is data remanence residuals of data remain after erasure 18
19 Data remanence in volatile memories Contrary to conventional belief, volatile memories (SRAM, DRAM) do not entirely lose their contents when power is turned off [8] for SRAM, at room temperature the data retention time varies from 0.1 to 10 sec cooling SRAM to -20ºC increases the retention time to 1 sec to 17 min at -50ºC the retention time is 10 sec to 10 hours source: revision3.com 19
20 Data remanence in non-volatile memories It may take many cycles to erase data from a nonvolatile memory (EEPROM, Flash, etc.) Data was successfully recovered from the Flash memory PIC16F84 after 10 erase cycles [9] To overcome this problem, it is recommended to erase data by writing all-0, all-1, and random data in the memory source: [7] 20
21 Are security fuses secure? Security fuses can be set to protects on-chip memories from non-authorized access Modification or readback of sensitive regions of memory is prevented
22 Defeating security fuses Some security fuses can be reset with UV light [10] Metal shields over the security fuses can be surpassed by placing the chip at an angle To prevent the erasure of data from the Flash memory, a piece of electrical tape can be placed over the Flash With fuses disabled, the content of the Flash can be read out PIC 18F1320 microcontroller
23 Our countermeasures source: vt.edu/puf/main.html The attack presented in [10] can be mitigated using more secure methods for key storage, including Encode a key in a Finite State Machine (FSM) and implement the FSM on-chip by a sequential circuit [11] Store a key using a Physical Unclonable Function (PUF) [12] PUF is a silicon fingerprint unique for each chip due to random physical factors introduced during manufacturing 23
24 Anti-tamper measures may backfire 24
25 Becker s attack on Intel s RNG [15] (a) CMOS Inverter [15] (b) Trojan inverter with output = V DD [15] A hardware Trojan was implanted in Intel s RNG by modifying dopant masks of selected transistors to shorten their outputs to V SS or V DD Practically impossible to detect by visual inspection Modifications do not trigger Built- In Self Test (BIST) 25
26 Out countermeasure The attack presented in [15] can be mitigated by making BIST test patterns (and hence the expected signature) unknown at the manufacturing stage [16] BIST initial test pattern are made dependent on a key which is programmed into a chip after the manufacturing stage 26
27 Conclusions It is important to assure security at all levels: Protocols, algorithms, implementation Do not assume hardware to be trustworthy Instead, design your system to be tamper-resistant Training of security designers is important Countermeasures against one attack can backfire and enable other attacks 27
28 References [1] Dubrova, E., Näslund, M., Selander, G., Lindqvist, F., A Random Access Procedure Based on Tunable Puzzles, IEEE Conference on Communications and Network Security, 2015, pp , available at random-access-procedure.pdf [2] Krawczuk, H., LFSR-Based Hashing and Authentication, CRYPTO 94, pp [3] Dubrova, E., Näslund, M., Selander, G., Norrman, K., Error-Correcting Message Authentication for 5G, submitted to IEEE International Workshop on 5G Security, 2016 [4] Dubrova, E., Hell, M, Espresso: A Stream Cipher for 5G Wireless Communication Systems, Cryptography and Communications, available at [5] M. Ford, Lead Generation Tips Things You Do Not Tell Prospects, sales-management/lead-generation-tips-things-you-do-not-tellprospects #OMBu1jkkPAmByVsp. 99 [6] E. Worthman, ChaoLogix: Integrated Security, Semiconductor Engineering, 13 April 2015 [7] Physical Protection: Anti-Tamper Mechanisms in CC Security Evaluations, ALVARO_ORTEGA_EPOCHE&ESPRI_Physical_protection_Anti_tamper_mechanisms.pdf [8] S. Skorobogatov, Physical Attacks on Tamper Resistance: Progress and Lessons, Special Workshop on HW Assurance,
29 References, cont. [9] S. Skorobogatov, Data Remanence in Flash Memory Devices, CHES 2005 [10] Hacking the PIC18F1320, [11] N. Li, S. Mansouri, E. Dubrova, Secure Key Storage Using State Machines, Proceedings of ISMVL'2013, pp [12] S. Tao, E. Dubrova, An Ultra-Energy-Efficient Temperature-Stable Physical Unclonable Function in 65nm CMOS, Electronics Letters, 2016 [13] Joe Grand, Practical Secure Hardware Design for Embedded Systems, [14] O. Kömmerling, Design Principles for Tamper Resistant Smartcard Processors, Smartcard 99 [15] Becker, G., et al., Stealthy dopant-level hardware Trojans, Cryptographic Hardware and Embedded Systems (CHES 2013), LNCS 8086 pp , 2013 [16] E. Dubrova, M. Näslund, G. Carlsson, J. Fornehed, B. Smeets, Two Countermeasures Against Hardware Trojans Exploiting Non-Zero Aliasing Probability of BIST, Journal of Signal Processing Systems, 2016 [17] S. Skorobogatov, Fault Attacks on Secure Chips: From Glitch to Flash, ECRYPT II,
Optical Fault Masking Attacks. Sergei Skorobogatov
Sergei Skorobogatov http://www.cl.cam.ac.uk/~sps32 email: sps32@cam.ac.uk Introduction Memory modification attacks were actively used in mid 90s to circumvent the security in microcontrollers In old chips
More informationFlash Memory Bumping Attacks
Flash Memory Bumping Attacks Sergei Skorobogatov http://www.cl.cam.ac.uk/~sps32 email: sps32@cam.ac.uk Introduction Data protection with integrity check verifying memory integrity without compromising
More informationOptical Fault Masking Attacks
Optical Fault Masking Attacks Sergei Skorobogatov Computer Laboratory University of Cambridge Cambridge, United Kingdom e-mail: sps32@cam.ac.uk Abstract This paper introduces some new types of optical
More informationInformation Security Theory vs. Reality
Information Security Theory vs. Reality 0368-4474, Winter 2015-2016 Lecture 8: Hardware security (2/2), Leakage/tamper resilience (1/2) Lecturer: Eran Tromer 1 Hardware security Invasive attacks (continued)
More informationOutline. Trusted Design in FPGAs. FPGA Architectures CLB CLB. CLB Wiring
Outline Trusted Design in FPGAs Mohammad Tehranipoor ECE6095: Hardware Security & Trust University of Connecticut ECE Department Intro to FPGA Architecture FPGA Overview Manufacturing Flow FPGA Security
More information6.857 L17. Secure Processors. Srini Devadas
6.857 L17 Secure Processors Srini Devadas 1 Distributed Computation Example: Distributed Computation on the Internet (SETI@home, etc.) Job Dispatcher Internet DistComp() { x = Receive(); result = Func(x);
More informationSecuring IoT devices with STM32 & STSAFE Products family. Fabrice Gendreau Secure MCUs Marketing & Application Managers EMEA Region
Securing IoT devices with STM32 & STSAFE Products family Fabrice Gendreau Secure MCUs Marketing & Application Managers EMEA Region 2 The leading provider of products and solutions for Smart Driving and
More information$263 WHITE PAPER. Flexible Key Provisioning with SRAM PUF. Securing Billions of IoT Devices Requires a New Key Provisioning Method that Scales
WHITE PAPER Flexible Key Provisioning with SRAM PUF SRAM PUF Benefits Uses standard SRAM Device-unique keys No secrets reside on the chip No key material programmed Flexible and scalable Certifications:
More informationConnecting Securely to the Cloud
Connecting Securely to the Cloud Security Primer Presented by Enrico Gregoratto Andrew Marsh Agenda 2 Presentation Speaker Trusting The Connection Transport Layer Security Connecting to the Cloud Enrico
More informationSecurity Policy for FIPS KVL 3000 Plus
Security Policy for FIPS 140-2 KVL 3000 Plus Version 01.01.19 Motorola General Business Information 1 of 21 Motorola General Business Information 2 of 21 1 INTRODUCTION... 4 1.1 SCOPE... 4 1.2 OVERVIEW...
More informationECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria. Stefan Mangard.
Building Secure Hardware ECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria Stefan Mangard Infineon Technologies, Munich, Germany Stefan.Mangard@infineon.com Outline Assets and Requirements
More informationSecure Cryptographic Module (SCM)
Page 1 of 11 FIPS 140 2 Cryptographic Module Security Policy Secure Cryptographic Module (SCM) Document Version 3.0.4 FIPS 140 2 Non Proprietary JVC KENWOOD Corporation Page 2 of 11 Revision History Date
More informationMM23SC8128RM Flash Security Turbo Microcontroller Smart Card Chip With 1024 bit RSA & Maths Co-processor
Flash Security Turbo Microcontroller Smart Card Chip With 1024 bit RSA & Maths Co-processor 08 September 2009 This document is property of My-MS and My-MS has the right to make any changes to the contents
More informationHardware Security: Present challenges and Future directions
Hardware Security: Present challenges and Future directions Dr Sergei Skorobogatov http://www.cl.cam.ac.uk/~sps32 email: sps32@cam.ac.uk Dept of Computer Science and Technology Outline Introduction History
More informationHow Safe is Anti-Fuse Memory? IBG Protection for Anti-Fuse OTP Memory Security Breaches
How Safe is Anti-Fuse Memory? IBG Protection for Anti-Fuse OTP Memory Security Breaches Overview A global problem that impacts the lives of millions daily is digital life security breaches. One of the
More informationInformation Security Theory vs. Reality
Information Security Theory vs. Reality 0368-4474, Winter 2015-2016 Lecture 5: Side channels: memory, taxonomy Lecturer: Eran Tromer 1 More architectural side channels + Example of a non-cryptographic
More informationIBG Protection for Anti-Fuse OTP Memory Security Breaches
IBG Protection for Anti-Fuse OTP Memory Security Breaches Overview Anti-Fuse Memory IP is considered by some to be the gold standard for secure memory. Once programmed, reverse engineering methods will
More informationBasic Organization Memory Cell Operation. CSCI 4717 Computer Architecture. ROM Uses. Random Access Memory. Semiconductor Memory Types
CSCI 4717/5717 Computer Architecture Topic: Internal Memory Details Reading: Stallings, Sections 5.1 & 5.3 Basic Organization Memory Cell Operation Represent two stable/semi-stable states representing
More informationHow microprobing can attack encrypted memory
How microprobing can attack encrypted memory Sergei Skorobogatov http://www.cl.cam.ac.uk/~sps32 email: sps32@cam.ac.uk Introduction Hardware Security research since 1995 testing microcontrollers and smartcards
More informationHow Do We Make Designs Insecure?
How Do We Make Designs Insecure? Gang Qu University of Maryland, College Park gangqu@umd.edu Design Automation Summer School Austin, TX June 5, 2016 Modular Exponentiation: a e (mod n) What is modular
More informationTrojan-tolerant Hardware & Supply Chain Security in Practice
Trojan-tolerant Hardware & Supply Chain Security in Practice Who we are Vasilios Mavroudis Doctoral Researcher, UCL Dan Cvrcek CEO, Enigma Bridge George Danezis Professor, UCL Petr Svenda CTO, Enigma Bridge
More informationFIPS SECURITY POLICY FOR
FIPS 140-2 SECURITY POLICY FOR SPECTRAGUARD ENTERPRISE SENSOR August 26, 2011 FIPS 140-2 LEVEL-2 SECURITY POLICY FOR AIRTIGHT NETWORKS SPECTRAGUARD ENTERPRISE SENSOR 1. Introduction This document describes
More informationSecurity Requirements for Crypto Devices
Security Requirements for Crypto Devices Version 1.0 02 May 2018 Controller of Certifying Authorities Ministry of Electronics and Information Technology 1 Document Control Document Name Security Requirements
More informationImplementation Tradeoffs for Symmetric Cryptography
Implementation Tradeoffs for Symmetric Cryptography Télécom ParisTech, LTCI Page 1 Implementation Trade-offs Security Physical attacks Cryptanalysis* Performance energy Throughput Latency Complexity *
More informationChapter 5 Internal Memory
Chapter 5 Internal Memory Memory Type Category Erasure Write Mechanism Volatility Random-access memory (RAM) Read-write memory Electrically, byte-level Electrically Volatile Read-only memory (ROM) Read-only
More informationPARAMETRIC TROJANS FOR FAULT-BASED ATTACKS ON CRYPTOGRAPHIC HARDWARE
PARAMETRIC TROJANS FOR FAULT-BASED ATTACKS ON CRYPTOGRAPHIC HARDWARE Raghavan Kumar, University of Massachusetts Amherst Contributions by: Philipp Jovanovic, University of Passau Wayne P. Burleson, University
More informationSecurity Policy: Astro Subscriber Encryption Module Astro Spectra, Astro Saber, Astro Consolette, and Astro XTS3000. Version
Security Policy: Astro Subscriber Encryption Module Astro Spectra, Astro Saber, Astro Consolette, and Astro XTS3000 Version 02.00.07 3/22/2004 1.0 Introduction 3 1.1 Scope 3 1.2 Overview 3 1.3 Astro Subscriber
More informationSecurity in sensors, an important requirement for embedded systems
Security in sensors, an important requirement for embedded systems Georg Sigl Institute for Security in Information Technology Technical University Munich sigl@tum.de Fraunhofer AISEC Institute for Applied
More informationCybersecurity Solution in Hardware
Cybersecurity Solution in Hardware Ujjwal Guin Department of Electrical and Computer Engineering Auburn University, AL, USA Cybersecurity Solution in Hardware 2 2/55 Outline Motivation Counterfeiting and
More informationSECURITY OF CPS: SECURE EMBEDDED SYSTEMS AS A BASIS
SECURITY OF CPS: SECURE EMBEDDED SYSTEMS AS A BASIS Christoph Krauß, christoph.krauss@aisec.fraunhofer.de Dagstuhl Seminar 11441: Science and Engineering of CPS, November 2011 Overview Introduction Securing
More informationCoSign Hardware version 7.0 Firmware version 5.2
CoSign Hardware version 7.0 Firmware version 5.2 FIPS 140-2 Non-Proprietary Security Policy Level 3 Validation July 2010 Copyright 2009 AR This document may be freely reproduced and distributed whole and
More informationSafeNet LUNA EFT FIPS LEVEL 3 SECURITY POLICY
SafeNet LUNA EFT FIPS 140-2 LEVEL 3 SECURITY POLICY DOCUMENT NUMBER: CR-2786 AUTHOR(S): Brian Franklin / Terry Fletcher / Chris Brych DEPARTMENT: Engineering LOCATION OF ISSUE: Ottawa DATE ORIGINATED:
More informationA systematic approach to eliminating the vulnerabilities in smart cards evaluation
A systematic approach to eliminating the vulnerabilities in smart cards evaluation Hongsong Shi, Jinping Gao, Chongbing Zhang hongsongshi@gmail.com China Information Technology Security Evaluation Center
More informationTamper Resistance - a Cautionary Note Ross Anderson Markus Kuhn
Tamper Resistance - a Cautionary Note Ross Anderson University of Cambridge Computer Laboratory Markus Kuhn University of Erlangen/ Purdue University Applications of Tamper Resistant Modules Security of
More informationSEL-3021 Serial Encrypting Transceiver Security Policy Document Version 1.9
SEL-3021 Serial Encrypting Transceiver Security Policy Document Version 1.9 Schweitzer Engineering Laboratories, Inc. May 21, 2007 Copyright 2005-2007 Schweitzer Engineering Laboratories, Inc. May be reproduced
More informationTinySec: A Link Layer Security Architecture for Wireless Sensor Networks. Presented by Paul Ruggieri
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry,, David Wagner Presented by Paul Ruggieri 1 Introduction What is TinySec? Link-layer security architecture
More informationIntegral Memory PLC. Crypto Dual (Underlying Steel Chassis) and Crypto Dual Plus (Underlying Steel Chassis) FIPS Security Policy
Integral Memory PLC. Chassis) and Crypto Dual Plus (Underlying FIPS 140-2 Security Policy Table of Contents 1. INTRODUCTION... 1 1.1 Purpose....1 1.2 References... 1 1.3 Document History... 1 2. PRODUCT
More informationSecure Set Intersection with Untrusted Hardware Tokens
Secure Set Intersection with Untrusted Hardware Tokens Thomas Schneider Engineering Cryptographic Protocols Group, TU Darmstadt http://encrypto.de joint work with Marc Fischlin (TU Darmstadt) Benny Pinkas
More informationSecurity of Biometric Passports ECE 646 Fall Team Members : Aniruddha Harish Divya Chinthalapuri Premdeep Varada
Security of Biometric Passports ECE 646 Fall 2013 Team Members : Aniruddha Harish Divya Chinthalapuri Premdeep Varada CONTENTS Introduction to epassports Infrastructure required for epassports Generations
More informationAn Improved Hardware Implementation of the Quark Hash Function
An Improved Hardware Implementation of the Quark Hash Function Shohreh Sharif Mansouri and Elena Dubrova Department of Electronic Systems Royal Institute of Technology (KTH), Stockholm Email:{shsm,dubrova}@kth.se
More informationGrundlagen Microcontroller Memory. Günther Gridling Bettina Weiss
Grundlagen Microcontroller Memory Günther Gridling Bettina Weiss 1 Lecture Overview Memory Memory Types Address Space Allocation 2 Memory Requirements What do we want to store? program constants (e.g.
More informationIntroducing the PIC24F GB2 MCU Family: extreme Low Power with Hardware Crypto Engine
Introducing the PIC24F GB2 MCU Family: extreme Low Power with Hardware Crypto Engine Alexis Alcott, Product Marketing Manager, MCU16 Division June 24, 2014 2 Announcing at Sensors Expo PIC24F GB2 MCUs
More informationSystem-Level Failures in Security
System-Level Failures in Security Non linear offset component (ms) 0.0 0.5 1.0 1.5 2.0 Variable skew De noised Non linear offset Temperature 26.4 26.3 26.2 26.1 26.0 25.9 25.8 Temperature ( C) Fri 11:00
More informationTitan silicon root of trust for Google Cloud
Scott Johnson Dominic Rizzo Secure Enclaves Workshop 8/29/2018 Titan silicon root of trust for Google Cloud 1 Cloud Perspective: We need a silicon root of trust Software infrastructure Datacenter equipment
More informationWHAT FUTURE FOR CONTACTLESS CARD SECURITY?
WHAT FUTURE FOR CONTACTLESS CARD SECURITY? Alain Vazquez (alain.vazquez@louveciennes.sema.slb.com) 1/27 AV Contents Major contactless features : summary Contactless major constraints Major security issues
More informationOrganization. 5.1 Semiconductor Main Memory. William Stallings Computer Organization and Architecture 6th Edition
William Stallings Computer Organization and Architecture 6th Edition Chapter 5 Internal Memory 5.1 Semiconductor Main Memory 5.2 Error Correction 5.3 Advanced DRAM Organization 5.1 Semiconductor Main Memory
More informationWilliam Stallings Computer Organization and Architecture 6th Edition. Chapter 5 Internal Memory
William Stallings Computer Organization and Architecture 6th Edition Chapter 5 Internal Memory Semiconductor Memory Types Semiconductor Memory RAM Misnamed as all semiconductor memory is random access
More informationProgrammable Logic Devices Introduction CMPE 415. Programmable Logic Devices
Instructor: Professor Jim Plusquellic Programmable Logic Devices Text: The Design Warrior s Guide to FPGAs, Devices, Tools and Flows, Clive "Max" Maxfield, ISBN: 0-7506-7604-3 Modeling, Synthesis and Rapid
More informationHardware Design with VHDL PLDs I ECE 443. FPGAs can be configured at least once, many are reprogrammable.
PLDs, ASICs and FPGAs FPGA definition: Digital integrated circuit that contains configurable blocks of logic and configurable interconnects between these blocks. Key points: Manufacturer does NOT determine
More informationThe Xirrus Wi Fi Array XS4, XS8 Security Policy Document Version 1.0. Xirrus, Inc.
The Xirrus Wi Fi Array XS4, XS8 Security Policy Document Version 1.0 Xirrus, Inc. March 8, 2011 Copyright Xirrus, Inc. 2011. May be reproduced only in its original entirety [without revision]. Page 1 TABLE
More informationComputer Organization. 8th Edition. Chapter 5 Internal Memory
William Stallings Computer Organization and Architecture 8th Edition Chapter 5 Internal Memory Semiconductor Memory Types Memory Type Category Erasure Write Mechanism Volatility Random-access memory (RAM)
More informationCOMP3221: Microprocessors and. and Embedded Systems. Overview. Lecture 23: Memory Systems (I)
COMP3221: Microprocessors and Embedded Systems Lecture 23: Memory Systems (I) Overview Memory System Hierarchy RAM, ROM, EPROM, EEPROM and FLASH http://www.cse.unsw.edu.au/~cs3221 Lecturer: Hui Wu Session
More informationEM Analysis in the IoT Context: Lessons Learned from an Attack on Thread
EM Analysis in the IoT Context: Lessons Learned from an Attack on Thread Daniel Dinu 1, Ilya Kizhvatov 2 1 Virginia Tech 2 Radboud University Nijmegen CHES 2018 Outline 1 Introduction 2 Side-Channel Vulnerability
More informationA hash function is strongly collision-free if it is computationally infeasible to find different messages M and M such that H(M) = H(M ).
CA4005: CRYPTOGRAPHY AND SECURITY PROTOCOLS 1 5 5.1 A hash function is an efficient function mapping binary strings of arbitrary length to binary strings of fixed length (e.g. 128 bits), called the hash-value
More informationCSC 774 Advanced Network Security
Computer Science CSC 774 Advanced Network Security Topic 4.3 Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks 1 Wireless Sensor Networks (WSN) A WSN consists of a potentially
More informationCS408 Cryptography & Internet Security
CS408 Cryptography & Internet Security Lecture 18: Cryptographic hash functions, Message authentication codes Functions Definition Given two sets, X and Y, a function f : X Y (from set X to set Y), is
More informationTrojan-tolerant Hardware
Trojan-tolerant Hardware + Supply Chain Security in Practice Vasilios Mavroudis Doctoral Researcher, UCL Dan Cvrcek CEO, Enigma Bridge Who we are Vasilios Mavroudis Doctoral Researcher, UCL George Danezis
More information8051 INTERFACING TO EXTERNAL MEMORY
8051 INTERFACING TO EXTERNAL MEMORY Memory Capacity The number of bits that a semiconductor memory chip can store Called chip capacity It can be in units of Kbits (kilobits), Mbits (megabits), and so on
More informationUltra-Lightweight Cryptography
Ultra-Lightweight Cryptography F.-X. Standaert UCL Crypto Group European brokerage event, Cryptography Paris, September 2016 Outline Introduction Symmetric cryptography Hardware implementations Software
More informationVineet Kumar Sharma ( ) Ankit Agrawal ( )
- A new approach to hardware security analysis - Copy Protection in Modern Microcontrollers Vineet Kumar Sharma (200601093) Ankit Agrawal (200601003) Presentation Flow Why a need of Secure of Microcontrollers?
More informationCryptography for Resource Constrained Devices: A Survey
Cryptography for Resource Constrained Devices: A Survey Jacob John Dept. of Computer Engineering Sinhgad Institute of Technology Pune, India. jj31270@yahoo.co.in Abstract Specifically designed and developed
More informationAutomotive Security An Overview of Standardization in AUTOSAR
Automotive Security An Overview of Standardization in AUTOSAR Dr. Marcel Wille 31. VDI/VW-Gemeinschaftstagung Automotive Security 21. Oktober 2015, Wolfsburg Hackers take over steering from smart car driver
More informationSecurity Policy: Astro Subscriber Motorola Advanced Crypto Engine (MACE)
Security Policy: Astro Subscriber Motorola Advanced Crypto Engine (MACE) Cryptographic module used in Motorola Solutions Astro XTL5000, XTS5000, APX2000, SRX2200, APX4000, APX6000, APX6000XE, APX6500,
More informationReliable Physical Unclonable Function based on Asynchronous Circuits
Reliable Physical Unclonable Function based on Asynchronous Circuits Kyung Ki Kim Department of Electronic Engineering, Daegu University, Gyeongbuk, 38453, South Korea. E-mail: kkkim@daegu.ac.kr Abstract
More information2/13/2014. What is Tamper Resistance? IBM s Attacker Categories. Protection Levels. Classification Of Physical Attacks.
What is Tamper Resistance? Physical and Tamper Resistance Mohammad Tehranipoor Updated/Modified by Siavash Bayat Sarmadi Resistance to tampering the device by either normal users or systems or others with
More informationUsing Error Detection Codes to detect fault attacks on Symmetric Key Ciphers
Using Error Detection Codes to detect fault attacks on Symmetric Key Ciphers Israel Koren Department of Electrical and Computer Engineering Univ. of Massachusetts, Amherst, MA collaborating with Luca Breveglieri,
More informationNew Embedded NVM architectures
New Embedded NVM architectures for Secure & Low Power Microcontrollers Jean DEVIN, Bruno LECONTE Microcontrollers, Memories & Smartcard Group STMicroelectronics 11 th LETI Annual review, June 24th, 2009
More informationNew STM32WB Series MCU with Built-in BLE 5 and IEEE
New STM32WB Series MCU with Built-in BLE 5 and IEEE 802.15.4 Make the Choice of STM32WB Series The 7 keys points to make the difference 2 Open 2.4 GHz radio Multi-protocol Dual-core / Full control Ultra-low-power
More informationXV International PhD Workshop OWD 2013, October Applications of control in intelligent house via ZigBee technology
XV International PhD Workshop OWD 2013, 19 22 October 2013 Applications of control in intelligent house via ZigBee technology Ján Ďurech, Mária Franeková, University of Žilina Abstract In the paper the
More informationDatabase Management Systems, 2nd edition, Raghu Ramakrishnan, Johannes Gehrke, McGraw-Hill
Lecture Handout Database Management System Lecture No. 34 Reading Material Database Management Systems, 2nd edition, Raghu Ramakrishnan, Johannes Gehrke, McGraw-Hill Modern Database Management, Fred McFadden,
More informationThe Design and Evaluation Methodology of Dependable VLSI for Tamper Resistance
2013.12.7 DLSI International Symposium The Design and Evaluation Methodology of Dependable VLSI for Focusing on the security of hardware modules - Tamper resistant cryptographic circuit - Evaluation tools
More informationSecure Device Manager for Intel Stratix 10 Devices Provides FPGA and SoC Security
white paper FPGA Secure Device Manager for Intel Stratix 10 Devices Provides FPGA and SoC Security The Secure Device Manager for Intel Stratix 10 devices provides a failsafe, strongly authenticated, programmable
More informationChapter 5. Internal Memory. Yonsei University
Chapter 5 Internal Memory Contents Main Memory Error Correction Advanced DRAM Organization 5-2 Memory Types Memory Type Category Erasure Write Mechanism Volatility Random-access memory(ram) Read-write
More informationMemory Overview. Overview - Memory Types 2/17/16. Curtis Nelson Walla Walla University
Memory Overview Curtis Nelson Walla Walla University Overview - Memory Types n n n Magnetic tape (used primarily for long term archive) Magnetic disk n Hard disk (File, Directory, Folder) n Floppy disks
More informationMore Course Information
More Course Information Labs and lectures are both important Labs: cover more on hands-on design/tool/flow issues Lectures: important in terms of basic concepts and fundamentals Do well in labs Do well
More informationSemiconductor Memories: RAMs and ROMs
Semiconductor Memories: RAMs and ROMs Lesson Objectives: In this lesson you will be introduced to: Different memory devices like, RAM, ROM, PROM, EPROM, EEPROM, etc. Different terms like: read, write,
More informationOn-Line Self-Test of AES Hardware Implementations
On-Line Self-Test of AES Hardware Implementations G. Di Natale, M. L. Flottes, B. Rouzeyre Laboratoire d Informatique, de Robotique et de Microélectronique de Montpellier Université Montpellier II / CNRS
More informationHitachi Virtual Storage Platform (VSP) Encryption Board. FIPS Non-Proprietary Cryptographic Module Security Policy
Hitachi Virtual Storage Platform (VSP) Encryption Board FIPS 140-2 Non-Proprietary Cryptographic Module Security Policy Version: 4.0 Date: July 27, 2016 Copyright Hitachi, 2016 Version 4.0 Page 1 of 19
More informationThis Security Policy describes how this module complies with the eleven sections of the Standard:
Vormetric, Inc Vormetric Data Security Server Module Firmware Version 4.4.1 Hardware Version 1.0 FIPS 140-2 Non-Proprietary Security Policy Level 2 Validation May 24 th, 2012 2011 Vormetric Inc. All rights
More informationSecure Smartcard Design against Laser Fault Injection. FDTC 2007, September 10 th Odile DEROUET
Secure Smartcard Design against Laser Fault Injection FDTC 2007, September 10 th Odile DEROUET Agenda Fault Attacks on Smartcard Laser Fault Injection Our experiment Background on secure hardware design
More informationSecure Routing in Wireless Sensor Networks: Attacks and Countermeasures
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures By Chris Karlof and David Wagner Lukas Wirne Anton Widera 23.11.2017 Table of content 1. Background 2. Sensor Networks vs. Ad-hoc
More informationFault Injection Attacks and Countermeasures
Fault Injection Attacks and Countermeasures Brněnské bezpečnostní setkávání, FEKT VUT Brno Jakub Breier 28 March 2018 Physical Analysis and Cryptographic Engineering Nanyang Technological University Singapore
More informationBluefly Processor. Security Policy. Bluefly Processor MSW4000. Darren Krahn. Security Policy. Secure Storage Products. 4.0 (Part # R)
Bluefly Processor Security Policy PRODUCT NAME: PROJECT NUMBER: AUTHOR: Bluefly Processor MSW4000 Darren Krahn REVISION : 1.16 DOCUMENT REFERENCE : SP-MSW4000-01 DOCUMENT TYPE: DEPARTMENT: Security Policy
More informationSecuring IoT devices with Hardware Secure Element. Fabrice Gendreau EMEA Secure MCUs Marketing & Application Manager
Securing IoT devices with Hardware Secure Element Fabrice Gendreau EMEA Secure MCUs Marketing & Application Manager 2 A global semiconductor leader 2016 revenues of $6.97B Listed: NYSE, Euronext Paris
More informationSecure Design Methodology and The Tree of Trust
Secure Design Methodology and The Tree of Trust Secure Embedded Systems Group ECE Department Virginia Tech The new Cool: Reverse Engineering... Microsoft Zune (http://bunniestudios.com) Under the Hood
More informationHardware Security Challenges and Solutions. Mike Bartley TVS, Founder and CEO
Hardware Security Challenges and Solutions Mike Bartley TVS, Founder and CEO Agenda Some background on your speaker and testing safety related systems Threats and solutions Verifying those solutions Bare
More informationKEY-UP Cryptographic Module Security Policy Document Version 0.5. Ian Donnelly Systems (IDS)
KEY-UP Cryptographic Module Security Policy Document Version 0.5 Ian Donnelly Systems (IDS) December 29, 2005 Copyright Ian Donnelly Systems 2005. May be reproduced only in its original entirety [without
More informationSecurity of Embedded Hardware Systems Insight into Attacks and Protection of IoT Devices
Security of Embedded Hardware Systems Insight into Attacks and Protection of IoT Devices Dr. Johann Heyszl, Head of Hardware Security Department Fraunhofer-Institute for Applied and Integrated Security
More informationHardware Security. A Presentation by Eli Clampett and James Carey
Hardware Security A Presentation by Eli Clampett and James Carey Agenda Introduction to Hardware Security History of Hardware Security Why do we need it? Types of Conventional Hardware Security o Cryptoprocessors
More informationA Countermeasure Circuit for Secure AES Engine against Differential Power Analysis
A Countermeasure Circuit for Secure AES Engine against Differential Power Analysis V.S.Subarsana 1, C.K.Gobu 2 PG Scholar, Member IEEE, SNS College of Engineering, Coimbatore, India 1 Assistant Professor
More informationLink Layer and LANs 안상현서울시립대학교컴퓨터 통계학과.
Link Layer and LANs 안상현서울시립대학교컴퓨터 통계학과 ahn@venus.uos.ac.kr Data Link Layer Goals: understand principles behind data link layer services: error detection, correction sharing a broadcast channel: multiple
More informationSIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017
SIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017 WHAT WE DO What we do Robust and Efficient Cryptographic Protocols Research in Cryptography and
More informationIDCore. Flexible, Trusted Open Platform. financial services & retail. Government. telecommunications. transport. Alexandra Miller
IDCore Flexible, Trusted Open Platform financial services & retail enterprise > SOLUTION Government telecommunications transport Trusted Open Platform Java Card Alexandra Miller >network identity >smart
More informationMessage Authentication Codes and Cryptographic Hash Functions
Message Authentication Codes and Cryptographic Hash Functions Readings Sections 2.6, 4.3, 5.1, 5.2, 5.4, 5.6, 5.7 1 Secret Key Cryptography: Insecure Channels and Media Confidentiality Using a secret key
More informationHughes Network Systems, LLC Hughes Crypto Kernel Firmware Version: FIPS Non-Proprietary Security Policy
Hughes Network Systems, LLC Hughes Crypto Kernel Firmware Version: 3.1.0.4 FIPS 140-2 Non-Proprietary Security Policy FIPS Security Level: 1 Document Version: 0.5 Prepared for: Prepared by: Hughes Network
More informationFlash Bootloader. Product Information
Product Information Table of Contents 1 Flash Memory Programming... 3 2 Flash Bootloader - ECU programming via CAN, LIN, FlexRay, MOST and Ethernet... 3 2.1 Overview of Advantages... 3 2.2 Application
More informationSecurity Policy. 10 th March 2005
DCAP Security Module FIPS 140-2 Level 3 Security Policy 10 th March 2005 Thales e-security Limited, Meadow View House, Long Crendon, Aylesbury, BUCKS HP18 9EQ United Kingdom Tel. +44 (0) 1844 201800 Fax.
More informationFIPS Non-Proprietary Security Policy
Pitney Bowes ibutton Postal Security Device (PSD) Hardware Version: MAXQ1959B-F50# Firmware Version: 9.01.00 Indicia Type: 0, 1, 2, 5, 7 and 8 FIPS 140-2 Non-Proprietary Security Policy Level 3 Validation
More informationInformation Security Theory vs. Reality
Information Security Theory vs. Reality 0368-4474, Winter 2013-2014 Lecture 5: Hardware security and invasive attacks Eran Tromer Slides credit: Sergei Skorobogatov (University of Cambridge) 1 Talk Outline
More informationSeagate Secure TCG Enterprise SSC Pulsar.2 Self-Encrypting Drive FIPS 140 Module Security Policy
Seagate Secure TCG Enterprise SSC Pulsar.2 Self-Encrypting Drive FIPS 140 Module Security Policy Security Level 2 Rev. 0.9 November 12, 2012 Seagate Technology, LLC Page 1 Table of Contents 1 Introduction...
More information