Secure Design Methodology and The Tree of Trust
|
|
- Norma Sparks
- 5 years ago
- Views:
Transcription
1 Secure Design Methodology and The Tree of Trust Secure Embedded Systems Group ECE Department Virginia Tech The new Cool: Reverse Engineering... Microsoft Zune ( Under the Hood ( 2 1
2 ... in a complete curriculum. Learn hacking tricks.. ( and write papers on it ( 3 It's fun to break things.. but this presentation is about making things. How to handle 'secrets' in a design? Systematic side-channel-resistant design? Jumping forward, we will conclude: Secure design of systems needs a methodology. Ad-hoc security is doomed to fail. Perfect security does not exist (zero-power design doesn't exist either) Low-risk security does exist (low-power design does exist) 4 2
3 The starting point: Root of Trust A secret in a box by itself is useless (useless like a key without a matching door-lock) So a secure system contains at least two parts: distrusted environment secure system security policy authentication integrity confidentiality non-repudiation availability root-of-trust The part that always works as expected (or so you think!) 5 Design Step: Secure partitioning distrusted environment secure system distrusted subsystem secure subsystem 6 3
4 What drives secure partitioning? Minimize footprint of the root-of-trust Reduce the physical size of the root-of-trust Make the root-of-trust dynamic and short-lived Minimize the risk for side-channel-attacks A side-channel-attack is an interface into the root-of-trust around the security policy distrusted environment secure system side-channel-attack 7 Side Channel Attaxonomy Abstraction Level Attacker Proximity Countermeasure Example Math Off-line Algorithm Cryptanalysis Interpreter Connected Protected Partition Software Tampering [vanoorschot] Time Constant-time Cache [Osvik] Branch Prediction [Aciimez] Power Close-range Constant-power Masked-power DPA [Oswald/Mangard] + Higher-order EM Aluminium foil DPA [De Mulder] Implementation Physical Shielding Faults [Joye] Semi-Invasive [Skorobogatov] 8 4
5 Example 1: Cache timing attack MEMORY (20 cycle/acces) data in round keys CACHE (1 cycle/acces) sbox shift rows mix columns add roundkey data out (last round) Execution time dependency due to cache conflicts Software Solution: constant-time crypto (hard) 9 Example 1: Cache timing attack Timing Side-Channel Root-of-Trust Top-level Policy MEMORY (20 cycle/acces) data in round keys CACHE (1 cycle/acces) sbox shift rows mix columns (last round) add roundkey data out Execution time dependency due to cache conflicts Software Solution: constant-time crypto (hard) 10 5
6 Moving Sbox into Hardware SBOX regs (16 byte + 4 byte rkey) register file instruction fetch/ decode DCACHE sbox (AES32) ALU ICACHE 128 Hardware Sbox with ASIP interface CPU AES driver code RAM 11 Moving Sbox into Hardware SBOX regs (16 byte + 4 byte rkey) register file instruction fetch/ decode Cache miss rate per encryption sbox (AES32) 128 Hardware Sbox with ASIP interface Constant Execution Timing ALU CPU DCACHE ICACHE AES driver code RAM Software Sbox: 159 Dcache 138 Icache Hardware Sbox 0 Dcache 52 Icache StrongARM arch 1K I, 1K D cache, 16 byte/line direct Timing Side-channel fixed, but others remain
7 The Tree of Trust distrusted environment secure system Interpreter Side-channels non-critical software crypto software Timing Side-channels non-critical hardware/ software crypto hardware Power Side-channels non-critical circuit crypto circuit Physical Tamper-resistance 13 Where does it end? A hacker's view
8 Where does it end? A designer's view It doesn't - the tree of trust solves a turtle problem Deploy countermeasures systematically and analyze vulnerabilities at each level Software-only is insufficient (eg. Fairplay itunes) Hardware-only is insufficient (eg. Hardware keys in DVD, Xbox, HDCP) Working in our favor are: Moore's law Distribution of trust across the tree 15 The Tree of Trust distrusted environment secure system Deploy Countermeasures non-critical software non-critical hardware/ software crypto software crypto hardware Distributed, dynamic secrets non-critical circuit crypto circuit 16 8
9 Example #2: Chain-of-trust D/A & Amplify Side-channel: Probe and extract DRM-free high-quality music Download copy-righted multimedia into player Decode Decrypt (DRM) Flash Memory 17 Chain-of-trust for Video Messaging CF-card FPGA-unique encryption Display SW Trivium Key incorrect authentication incomplete chain-of-trust correct authentication complete chain-of-trust SAM key Trivium Stream Cipher VGA FPGA Program Memory [Simpson, Yu, Schaumont] 18 9
10 Chain-of-trust for Video Messaging FPGA-unique encryption CF-card Display SW Trivium Key SAM key Trivium Stream Cipher VGA FPGA Program Memory 19 Chain-of-trust for Video Messaging CF-card FPGA-unique encryption Display SW Trivium Key Compact Flash Data Baseline Config FPGA bitstream decryption (keys) SAM key Trivium Stream Cipher VGA FPGA Program Memory 20 10
11 Chain-of-trust for Video Messaging CF-card FPGA-unique encryption Display SW SAM key Trivium Key Trivium Stream Cipher VGA Compact Flash Data Secure SW & Data Download Baseline Config Configure VGA Display SAM decryption (PUF) FPGA Program Memory 21 Chain-of-trust for Video Messaging CF-card FPGA-unique encryption Display SW Trivium Key Compact Flash Data Baseline Config SAM key Trivium Stream Cipher VGA Secure SW & Data Download Configure VGA Display FPGA Program Memory Load Encrypted Display Video Trivium Stream Cipher (key) 22 11
12 Conclusions Secure design of systems needs a methodology. Ad-hoc security is doomed to fail. The Tree-of-Trust advocates stepwise partitioning of an system to achieve trustworthy operation Perfect security does not exist (zero-power design doesn't exist either) Low-risk security does exist (low-power design does exist) 23 12
The embedded security challenge: Protecting bits at rest
The embedded security challenge: Protecting bits at rest Patrick Schaumont schaum@vt.edu Acknowledgements: Eric Simpson, Pengyuan Yu Secure Embedded Systems Group ECE Department Secret bits-at-rest Hi-Res
More informationHOST Differential Power Attacks ECE 525
Side-Channel Attacks Cryptographic algorithms assume that secret keys are utilized by implementations of the algorithm in a secure fashion, with access only allowed through the I/Os Unfortunately, cryptographic
More informationSECURITY OF CPS: SECURE EMBEDDED SYSTEMS AS A BASIS
SECURITY OF CPS: SECURE EMBEDDED SYSTEMS AS A BASIS Christoph Krauß, christoph.krauss@aisec.fraunhofer.de Dagstuhl Seminar 11441: Science and Engineering of CPS, November 2011 Overview Introduction Securing
More informationSIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017
SIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017 WHAT WE DO What we do Robust and Efficient Cryptographic Protocols Research in Cryptography and
More informationSide channel attack: Power Analysis. Chujiao Ma, Z. Jerry Shi CSE, University of Connecticut
Side channel attack: Power Analysis Chujiao Ma, Z. Jerry Shi CSE, University of Connecticut Conventional Cryptanalysis Conventional cryptanalysis considers crypto systems as mathematical objects Assumptions:
More informationIBG Protection for Anti-Fuse OTP Memory Security Breaches
IBG Protection for Anti-Fuse OTP Memory Security Breaches Overview Anti-Fuse Memory IP is considered by some to be the gold standard for secure memory. Once programmed, reverse engineering methods will
More informationThe Design and Evaluation Methodology of Dependable VLSI for Tamper Resistance
2013.12.7 DLSI International Symposium The Design and Evaluation Methodology of Dependable VLSI for Focusing on the security of hardware modules - Tamper resistant cryptographic circuit - Evaluation tools
More informationSynthesis of Fault-Attack Countermeasures for Cryptographic Circuits
Synthesis of Fault-Attack Countermeasures for Cryptographic Circuits Hassan Eldib, Meng Wu, and Chao Wang CAV, July 23, 2016 Cryptographic Algorithm: an example Plaintext Chip Ciphertext 0110 1001 1011
More informationHow Safe is Anti-Fuse Memory? IBG Protection for Anti-Fuse OTP Memory Security Breaches
How Safe is Anti-Fuse Memory? IBG Protection for Anti-Fuse OTP Memory Security Breaches Overview A global problem that impacts the lives of millions daily is digital life security breaches. One of the
More informationSecurity in ECE Systems
Lecture 11 Information Security ECE 197SA Systems Appreciation Security in ECE Systems Information security Information can be very valuable Secure communication important to protect information Today
More informationBreaking Korea Transit Card with Side-Channel Attack
Breaking Korea Transit Card with Side-Channel Attack -Unauthorized Recharging- Black Hat Asia 2017 Tae Won Kim, Tae Hyun Kim, and Seokhie Hong Outline 1. Attack Goal & Scenario 2. Target Device Details
More informationBreaking the Bitstream Decryption of FPGAs
Breaking the Bitstream Decryption of FPGAs 05. Sep. 2012 Amir Moradi Embedded Security Group, Ruhr University Bochum, Germany Acknowledgment Christof Paar Markus Kasper Timo Kasper Alessandro Barenghi
More informationBlock Ciphers. Secure Software Systems
1 Block Ciphers 2 Block Cipher Encryption function E C = E(k, P) Decryption function D P = D(k, C) Symmetric-key encryption Same key is used for both encryption and decryption Operates not bit-by-bit but
More informationConnecting Securely to the Cloud
Connecting Securely to the Cloud Security Primer Presented by Enrico Gregoratto Andrew Marsh Agenda 2 Presentation Speaker Trusting The Connection Transport Layer Security Connecting to the Cloud Enrico
More informationSecurity against Timing Analysis Attack
International Journal of Electrical and Computer Engineering (IJECE) Vol. 5, No. 4, August 2015, pp. 759~764 ISSN: 2088-8708 759 Security against Timing Analysis Attack Deevi Radha Rani 1, S. Venkateswarlu
More informationFlash Memory Bumping Attacks
Flash Memory Bumping Attacks Sergei Skorobogatov http://www.cl.cam.ac.uk/~sps32 email: sps32@cam.ac.uk Introduction Data protection with integrity check verifying memory integrity without compromising
More informationCOSADE Conference Series
COSADE Conference Series Past, Present, and Future Sorin A. Huss 1 / 24 Initiators Werner Schindler Sorin Alexander Huss 2 / 24 Constructive Side-Channel Analysis and Secure Design Time Period 2010 to
More informationA Key Management Scheme for DPA-Protected Authenticated Encryption
A Key Management Scheme for DPA-Protected Authenticated Encryption Mostafa Taha and Patrick Schaumont Virginia Tech DIAC-2013 This research was supported in part by the VT-MENA program of Egypt, and by
More informationFault injection attacks on cryptographic devices and countermeasures Part 1
Fault injection attacks on cryptographic devices and countermeasures Part 1 Israel Koren Department of Electrical and Computer Engineering University of Massachusetts Amherst, MA Outline Introduction -
More informationSide-Channel Cryptanalysis. Joseph Bonneau Security Group
Side-Channel Cryptanalysis Joseph Bonneau Security Group jcb82@cl.cam.ac.uk Rule 0: Attackers will always cheat xkcd #538 What is side channel cryptanalysis? Side Channels: whatever the designers ignored
More informationPASSWORDS & ENCRYPTION
PASSWORDS & ENCRYPTION Villanova University Department of Computing Sciences D. Justin Price Fall 2014 CRYPTOGRAPHY Hiding the meaning of a message from unintended recipients. Open source algorithms are
More informationHardware Security Challenges and Solutions. Mike Bartley TVS, Founder and CEO
Hardware Security Challenges and Solutions Mike Bartley TVS, Founder and CEO Agenda Some background on your speaker and testing safety related systems Threats and solutions Verifying those solutions Bare
More information6.857 L17. Secure Processors. Srini Devadas
6.857 L17 Secure Processors Srini Devadas 1 Distributed Computation Example: Distributed Computation on the Internet (SETI@home, etc.) Job Dispatcher Internet DistComp() { x = Receive(); result = Func(x);
More informationHow microprobing can attack encrypted memory
How microprobing can attack encrypted memory Sergei Skorobogatov http://www.cl.cam.ac.uk/~sps32 email: sps32@cam.ac.uk Introduction Hardware Security research since 1995 testing microcontrollers and smartcards
More informationXbox Security. Daniel Butnaru. 28 th June 2006
Xbox Security Daniel Butnaru 28 th June 2006 Overview Intro Benefits Security System Attacks Conclusion 2 Hardware Introduction XBOX is a game console introduced by Microsoft in 2002. Consists of: Pentium
More informationAn Instruction Set Extension for Fast and Memory- Efficient AES Implementation. Stefan Tillich, Johann Großschädl, Alexander Szekely
Institute for Applied Information Processing and Communications () GRAZ UNIVERSITY OF TECHNOLOGY An Instruction Set Extension for Fast and Memory- Efficient AES Implementation Stefan Tillich, Johann Großschädl,
More informationSIDE CHANNEL ANALYSIS : LOW COST PLATFORM. ETSI SECURITY WEEK Driss ABOULKASSIM Jacques FOURNIERI
SIDE CHANNEL ANALYSIS : LOW COST PLATFORM ETSI SECURITY WEEK Driss ABOULKASSIM Jacques FOURNIERI THE CEA Military Applications Division (DAM) Nuclear Energy Division (DEN) Technological Research Division
More informationMicro-Architectural Attacks and Countermeasures
Micro-Architectural Attacks and Countermeasures Çetin Kaya Koç koc@cs.ucsb.edu Çetin Kaya Koç http://koclab.org Winter 2017 1 / 25 Contents Micro-Architectural Attacks Cache Attacks Branch Prediction Attack
More informationCryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III
Cryptography III Public-Key Cryptography Digital Signatures 2/1/18 Cryptography III 1 Public Key Cryptography 2/1/18 Cryptography III 2 Key pair Public key: shared with everyone Secret key: kept secret,
More informationA Countermeasure Circuit for Secure AES Engine against Differential Power Analysis
A Countermeasure Circuit for Secure AES Engine against Differential Power Analysis V.S.Subarsana 1, C.K.Gobu 2 PG Scholar, Member IEEE, SNS College of Engineering, Coimbatore, India 1 Assistant Professor
More informationECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria. Stefan Mangard.
Building Secure Hardware ECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria Stefan Mangard Infineon Technologies, Munich, Germany Stefan.Mangard@infineon.com Outline Assets and Requirements
More informationOutline. Trusted Design in FPGAs. FPGA Architectures CLB CLB. CLB Wiring
Outline Trusted Design in FPGAs Mohammad Tehranipoor ECE6095: Hardware Security & Trust University of Connecticut ECE Department Intro to FPGA Architecture FPGA Overview Manufacturing Flow FPGA Security
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More informationContents Part I Basic Concepts The Nature of Hardware and Software Data Flow Modeling and Transformation
Contents Part I Basic Concepts 1 The Nature of Hardware and Software... 3 1.1 Introducing Hardware/Software Codesign... 3 1.1.1 Hardware... 3 1.1.2 Software... 5 1.1.3 Hardware and Software... 7 1.1.4
More informationMicrosemi Secured Connectivity FPGAs
IoT Solutions Microsemi Secured Connectivity FPGAs SmartFusion2 SoC FPGAs Low Power Small Form Factors Scalable Security Secured Connectivity FPGAs Best in Class for IoT Infrastructure The IoT Infrastructure
More informationSymmetric Key Algorithms. Definition. A symmetric key algorithm is an encryption algorithm where the same key is used for encrypting and decrypting.
Symmetric Key Algorithms Definition A symmetric key algorithm is an encryption algorithm where the same key is used for encrypting and decrypting. 1 Block cipher and stream cipher There are two main families
More informationSecret Key Algorithms (DES)
Secret Key Algorithms (DES) G. Bertoni L. Breveglieri Foundations of Cryptography - Secret Key pp. 1 / 34 Definition a symmetric key cryptographic algorithm is characterized by having the same key used
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Secret Key Cryptography Block cipher DES 3DES
More informationCSC574: Computer & Network Security
CSC574: Computer & Network Security Lecture 3 Prof. William Enck Spring 2016 (Derived from slides by Micah Sherr, Patrick McDaniel, and Peng Ning) Modern Cryptography 2 Kerckhoffs Principles Modern cryptosystems
More informationCSC 580 Cryptography and Computer Security
CSC 580 Cryptography and Computer Security Encryption Concepts, Classical Crypto, and Binary Operations January 30, 2018 Overview Today: Cryptography concepts and classical crypto Textbook sections 3.1,
More informationTuesday, January 17, 17. Crypto - mini lecture 1
Crypto - mini lecture 1 Cryptography Symmetric key cryptography (secret key crypto): sender and receiver keys identical Asymmetric key cryptography (public key crypto): encryption key public, decryption
More informationChip Lifecycle Security Managing Trust and Complexity
Chip Lifecycle Security Managing Trust and Complexity Dr. Martin Scott July 2016 Connected Endpoints Are The New Mobile 2 50 billion connected devices by 2020 Unprecedented Data Proliferation Cloud Endpoint
More informationSecurity. Communication security. System Security
Security Communication security security of data channel typical assumption: adversary has access to the physical link over which data is transmitted cryptographic separation is necessary System Security
More informationDaniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven
Goals of authenticated encryption Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven More details, credits: competitions.cr.yp.to /features.html Encryption sender
More informationLecture 1 Applied Cryptography (Part 1)
Lecture 1 Applied Cryptography (Part 1) Patrick P. C. Lee Tsinghua Summer Course 2010 1-1 Roadmap Introduction to Security Introduction to Cryptography Symmetric key cryptography Hash and message authentication
More informationContent of this part
UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 5 More About Block Ciphers Israel Koren ECE597/697 Koren Part.5.1 Content of this
More informationSECURITY FOR CONNECTED OBJECTS. Alain MERLE CEA-LETI
SECURITY FOR CONNECTED OBJECTS Alain MERLE CEA-LETI Alain.merle@cea.fr Source: CISCO, AT&T IOT: SOME FIGURES Cisco predicts 50B of connected object by 2020 X-as-a-service a breakthrough for carrier s business
More informationLecture 3: Symmetric Key Encryption
Lecture 3: Symmetric Key Encryption CS996: Modern Cryptography Spring 2007 Nitesh Saxena Outline Symmetric Key Encryption Continued Discussion of Potential Project Topics Project proposal due 02/22/07
More informationFPGA Based Design of AES with Masked S-Box for Enhanced Security
International Journal of Engineering Science Invention ISSN (Online): 2319 6734, ISSN (Print): 2319 6726 Volume 3 Issue 5ǁ May 2014 ǁ PP.01-07 FPGA Based Design of AES with Masked S-Box for Enhanced Security
More informationBlock Cipher Modes of Operation
Block Cipher Modes of Operation Luke Anderson luke@lukeanderson.com.au 24th March 2016 University Of Sydney Overview 1. Crypto-Bulletin 2. Modes Of Operation 2.1 Evaluating Modes 2.2 Electronic Code Book
More information2.1 Basic Cryptography Concepts
ENEE739B Fall 2005 Part 2 Secure Media Communications 2.1 Basic Cryptography Concepts Min Wu Electrical and Computer Engineering University of Maryland, College Park Outline: Basic Security/Crypto Concepts
More informationCSCE 715: Network Systems Security
CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Next Topic in Cryptographic Tools Symmetric key encryption Asymmetric key encryption Hash functions and
More informationLightweight Block Cipher Design
Lightweight Block Cipher Design Gregor Leander HGI, Ruhr University Bochum, Germany Sardinia 2015 Outline 1 Motivation 2 Industry 3 Academia 4 Lightweight: 2nd Generation 5 NIST Initiative Outline 1 Motivation
More informationImplementation Tradeoffs for Symmetric Cryptography
Implementation Tradeoffs for Symmetric Cryptography Télécom ParisTech, LTCI Page 1 Implementation Trade-offs Security Physical attacks Cryptanalysis* Performance energy Throughput Latency Complexity *
More informationPhysical Tamper Resistance
Physical Tamper Resistance (Ross Anderson s book Security Engineering - Chapter 16) Tamper: VERB (tamper with) Interfere with (something) in order to cause damage or make unauthorized alterations. someone
More informationCrypto tidbits: misuse, side channels. Slides from Dave Levin 414-spring2016
Crypto tidbits: misuse, side channels Slides from Dave Levin 414-spring2016 A paper from 2013 that looked at how Android apps use crypto, as a function of 6 rules that reflect the bare minimum a secure
More informationSECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA
SECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA CTO Office www.digi.me another Engineering Briefing digi.me keeping your data secure at all times ALL YOUR DATA IN ONE PLACE TO SHARE WITH PEOPLE WHO
More informationSECURITY CRYPTOGRAPHY Cryptography Overview Brochure. Cryptography Overview
SECURITY CRYPTOGRAPHY Cryptography Overview Brochure Cryptography Overview DPA-resistant and Standard Cryptographic Hardware Cores DPA (Differential Power Analysis) Resistant Hardware Cores prevent against
More informationCSCI 454/554 Computer and Network Security. Topic 3.1 Secret Key Cryptography Algorithms
CSCI 454/554 Computer and Network Security Topic 3.1 Secret Key Cryptography Algorithms Outline Introductory Remarks Feistel Cipher DES AES 2 Introduction Secret Keys or Secret Algorithms? Security by
More informationModern Symmetric Block cipher
Modern Symmetric Block cipher 81 Shannon's Guide to Good Ciphers Amount of secrecy should determine amount of labour appropriate for encryption and decryption The set of keys and enciphering algorithm
More information«Safe (hardware) design methodologies against fault attacks»
«Safe (hardware) design methodologies against fault attacks» Bruno ROBISSON Assia TRIA SESAM Laboratory (joint R&D team CEA-LETI/EMSE), Centre Microélectronique de Provence Avenue des Anémones, 13541 Gardanne,
More informationOffline HW/SW Authentication for Reconfigurable Platforms. Eric Simpson, Patrick Schaumont
Offline HW/SW Authentication for Reconfigurable Platforms Eric Simpson, Patrick Schaumont Overview Security considerations for reconfigurable platforms Why today s security mechanisms are insufficient
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 3.1 Secret Key Cryptography Algorithms Instructor: Dr. Kun Sun Outline Introductory Remarks Feistel Cipher DES AES 2 Introduction Secret Keys or Secret Algorithms?
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationTest Vector Leakage Assessment (TVLA) Derived Test Requirements (DTR) with AES
Test Vector Leakage Assessment (TVLA) Derived Test Requirements (DTR) with AES 1 Document Scope This document describes requirements and test procedures for qualifying DPA-resistant implementations of
More informationInformation Security: Principles and Practice Second Edition. Mark Stamp
Information Security: Principles and Practice Second Edition Mark Stamp August 10, 2009 Contents Preface Second Edition Preface About The Author Acknowledgments xvii xix xxiii xxv 1 Introduction 1 1.1
More informationUses of Cryptography
Uses of Cryptography What can we use cryptography for? Lots of things Secrecy Authentication Prevention of alteration Page 1 Cryptography and Secrecy Pretty obvious Only those knowing the proper keys can
More informationComputer and Data Security. Lecture 3 Block cipher and DES
Computer and Data Security Lecture 3 Block cipher and DES Stream Ciphers l Encrypts a digital data stream one bit or one byte at a time l One time pad is example; but practical limitations l Typical approach
More informationFundamentals of HW-based Security
Fundamentals of HW-based Security Udi Maor CryptoCell-7xx Product Manager Systems and SW Group ARM Tech Forum 2016 - Korea Jun. 28, 2016 What is system security design? Every system design will require
More informationFPGA Intrinsic PUFs and Their Use in IP Protection
FPGA Intrinsic PUFs and Their Use in IP Protection Jorge Guajardo*,Sandeep S. Kumar*, Geert-Jan Schrijen**, and Pim Tuyls** * Philips Research Europe, Eindhoven, The Netherlands ** Business Line Intrinsic-ID,
More informationFDTC 2010 Fault Diagnosis and Tolerance in Cryptography. PACA on AES Passive and Active Combined Attacks
FDTC 21 Fault Diagnosis and Tolerance in Cryptography PACA on AES Passive and Active Combined Attacks Christophe Clavier Benoît Feix Georges Gagnerot Mylène Roussellet Limoges University Inside Contactless
More informationSurveying the Physical Landscape
Surveying the Physical Landscape UL and the UL logo are trademarks of UL LLC 2017 What do we mean by physical security? Some might think about this Or this Or For this presentation, we mean protection
More informationLecture 4: Symmetric Key Encryption
Lecture 4: Symmetric ey Encryption CS6903: Modern Cryptography Spring 2009 Nitesh Saxena Let s use the board, please take notes 2/20/2009 Lecture 1 - Introduction 2 Data Encryption Standard Encrypts by
More informationSecuring IoT devices with STM32 & STSAFE Products family. Fabrice Gendreau Secure MCUs Marketing & Application Managers EMEA Region
Securing IoT devices with STM32 & STSAFE Products family Fabrice Gendreau Secure MCUs Marketing & Application Managers EMEA Region 2 The leading provider of products and solutions for Smart Driving and
More informationSecurity of Embedded Hardware Systems Insight into Attacks and Protection of IoT Devices
Security of Embedded Hardware Systems Insight into Attacks and Protection of IoT Devices Dr. Johann Heyszl, Head of Hardware Security Department Fraunhofer-Institute for Applied and Integrated Security
More informationHACK MY CHIP: A RED TEAM BLUE TEAM APPROACH FOR SOC SECURITY. David HELY Grenoble INP Esisar LCIS, Valence
Hack My chip: A red Team Blue Team Approach 1 HACK MY CHIP: A RED TEAM BLUE TEAM APPROACH FOR SOC SECURITY David HELY Grenoble INP Esisar LCIS, Valence david.hely@grenoble-inp.fr Hack My chip: A red Team
More informationCOS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017
COS433/Math 473: Cryptography Mark Zhandry Princeton University Spring 2017 Previously on COS 433 Pseudorandom Permutations unctions that look like random permutations Syntax: Key space K (usually {0,1}
More informationELECTRONICS DEPARTMENT
ELECTRONICS DEPARTMENT By Eng. 28 th Mar MUSTAFA 2012 M. Efficient SHIPLEImplementation of AES Algorithm Immune to DPA Attack Cryptography processing plaintext cipher text format Block Cipher Stream Cipher
More informationECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos
ECE596C: Handout #7 Analysis of DES and the AES Standard Electrical and Computer Engineering, University of Arizona, Loukas Lazos Abstract. In this lecture we analyze the security properties of DES and
More informationHardware-Level Security for the IoT. Mark Zwolinski March 2017
Hardware-Level Security for the IoT Mark Zwolinski March 2017 Outline Background, IoT, Hardware/Software, Threats/Risks Hardware-level security PUFs Anomaly detection Summary IoT / Embedded Systems Not
More informationVortex: A New Family of One-way Hash Functions Based on AES Rounds and Carry-less Multiplication
Vortex: A New Family of One-way Hash Functions Based on AES Rounds and Carry-less ultiplication Shay Gueron 2, 3, 4 and ichael E. Kounavis 1 1 Corresponding author, Corporate Technology Group, Intel Corporation,
More informationCryptography Functions
Cryptography Functions Lecture 3 1/29/2013 References: Chapter 2-3 Network Security: Private Communication in a Public World, Kaufman, Perlman, Speciner Types of Cryptographic Functions Secret (Symmetric)
More informationSecurity in sensors, an important requirement for embedded systems
Security in sensors, an important requirement for embedded systems Georg Sigl Institute for Security in Information Technology Technical University Munich sigl@tum.de Fraunhofer AISEC Institute for Applied
More informationChapter 3 Traditional Symmetric-Key Ciphers 3.1
Chapter 3 Traditional Symmetric-Key Ciphers 3.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 3 Objectives To define the terms and the concepts of symmetric
More informationCSCE 813 Internet Security Symmetric Cryptography
CSCE 813 Internet Security Symmetric Cryptography Professor Lisa Luo Fall 2017 Previous Class Essential Internet Security Requirements Confidentiality Integrity Authenticity Availability Accountability
More informationCrypto Basics. Recent block cipher: AES Public Key Cryptography Public key exchange: Diffie-Hellmann Homework suggestion
Crypto Basics Recent block cipher: AES Public Key Cryptography Public key exchange: Diffie-Hellmann Homework suggestion 1 What is a cryptosystem? K = {0,1} l P = {0,1} m C = {0,1} n, C C E: P K C D: C
More informationSecret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34
Secret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34 Definition a symmetric key cryptographic algorithm is characterized by having the same key used for both encryption and decryption.
More informationMICROCIRCUIT SECURITY
MICROCIRCUIT SECURITY Everything begins in the chip. Sawblade Ventures, LLC Austin, Texas Chip Security Vulnerability: How to Close the Gap Between Design Software & Design Hardware CTEA Electronics Symposium
More informationCourse 831 EC-Council Certified Ethical Hacker v10 (CEH)
Course 831 EC-Council Certified Ethical Hacker v10 (CEH) Duration: 5 days What You Get: CEH v10 Certification exam voucher 5 days of high quality classroom training 18 comprehensive modules 40% of class
More informationBlock Ciphers and Data Encryption Standard. CSS Security and Cryptography
Block Ciphers and Data Encryption Standard CSS 322 - Security and Cryptography Contents Block Cipher Principles Feistel Structure for Block Ciphers DES Simplified DES Real DES DES Design Issues CSS 322
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 2.2 Secret Key Cryptography CSC 474/574 Dr. Peng Ning 1 Agenda Generic block cipher Feistel cipher DES Modes of block ciphers Multiple encryptions Message
More informationLecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.
15-441 Lecture Nov. 21 st 2006 Dan Wendlandt Worms & Viruses Phishing End-host impersonation Denial-of-Service Route Hijacks Traffic modification Spyware Trojan Horse Password Cracking IP Spoofing DNS
More informationFull file at
Computers Are Your Future, 12e (LaBerta) Chapter 2 Inside the System Unit 1) A byte: A) is the equivalent of eight binary digits. B) represents one digit in the decimal numbering system. C) is the smallest
More informationCOMPUTER ORGANIZATION AND DESIGN. 5 th Edition. The Hardware/Software Interface. Chapter 4. The Processor
COMPUTER ORGANIZATION AND DESIGN The Hardware/Software Interface 5 th Edition Chapter 4 The Processor Introduction CPU performance factors Instruction count Determined by ISA and compiler CPI and Cycle
More informationAdvanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50
Advanced Encryption Standard and Modes of Operation Foundations of Cryptography - AES pp. 1 / 50 AES Advanced Encryption Standard (AES) is a symmetric cryptographic algorithm AES has been originally requested
More informationBlind Differential Cryptanalysis for Enhanced Power Attacks
Blind Differential Cryptanalysis for Enhanced Power Attacks Bart Preneel COSIC K.U.Leuven - Belgium bart.preneel(at)esat.kuleuven.be Joint work with Helena Handschuh Concept Differential cryptanalysis
More informationENGI 8868/9877 Computer and Communications Security III. BLOCK CIPHERS. Symmetric Key Cryptography. insecure channel
(a) Introduction - recall symmetric key cipher: III. BLOCK CIPHERS k Symmetric Key Cryptography k x e k y yʹ d k xʹ insecure channel Symmetric Key Ciphers same key used for encryption and decryption two
More information@ 2014 SEMAR GROUPS TECHNICAL SOCIETY.
www.semargroup.org, www.ijsetr.com ISSN 2319-8885 Vol.03,Issue.02, February-2014, Pages:0350-0355 Performance Improvement in Fault Detection Schemes for the Advanced Encryption Standard Using Composite
More informationData Integrity. Modified by: Dr. Ramzi Saifan
Data Integrity Modified by: Dr. Ramzi Saifan Encryption/Decryption Provides message confidentiality. Does it provide message authentication? 2 Message Authentication Bob receives a message m from Alice,
More informationBinding Hardware and Software to Prevent Firmware Modification and Device Counterfeiting
Binding Hardware and Software to Prevent Firmware Modification and Device Counterfeiting Robert P. Lee Konstantinos robert.lee.2013@live.rhul.ac.uk Markantonakis k.markantonakis@rhul.ac.uk Raja Naeem Akram
More information