How Do We Make Designs Insecure?
|
|
- Kenneth Malone
- 5 years ago
- Views:
Transcription
1 How Do We Make Designs Insecure? Gang Qu University of Maryland, College Park Design Automation Summer School Austin, TX June 5, 2016 Modular Exponentiation: a e (mod n) What is modular exponentiation? (mod 10) because 2 4 = 16 A critical operation in cryptography Diffie-Hellman key exchange (a X_B ) X_A =(a X_A ) X_B (mod n) RSA public key encryption C = P e (mod n) P = C d (mod n) 34, 987,317 10,357,198 (mod 510,926,533,897) a 16 = (a 8 ) 2 = (a 2 ) 2 ) 2 ) 2 Square and multiply a 23 = (a 16 )(a 4 )(a 2 )(a 1 ) Dr. Gang Qu (gangqu@umd.edu) M 1
2 Modular Exponentiation: a e (mod n) Goal: Compute a e (mod n) 1. convert e to binary: k s k s-1 k 1 k 0 2. b = 1; 3. for (i=s; i>=o; i--) 4. { b = b*b (mod n); 5. if (k i == 1) 6. b = b * a (mod n) 7. } 8. return b; Side channel attacks! Observable side channel info during hardware execution: current, power, timing, The value of bit k i determines whether this non-trivial operation will be required. Dr. Gang Qu (gangqu@umd.edu) Power Analysis Attacks Dr. Gang Qu (gangqu@umd.edu) 4 M 2
3 What Does Trust Mean? Find a 3 rd degree polynomial f(x) s.t. f(1) = 0 f(2) = 0 Answers: 1. f(x) = x 2-3x+2 = (x-1)(x-2) 2. f(x) = x 3-2x 2 -x+2 = (x-1)(x-2)(x+1) 3. f(x) = x 3-4x 2 +5x-2 = (x-1) 2 (x-2) 4. f(x) = x 3-5x 2 +8x-4 = (x-1)(x-2) 2 Which one(s) can be trusted? 5 Trust in Circuit/System Design Question: 3-input encoder Optimal design: Problems: a = z, b = y On input 000, outputs 11 On input 011 or 111, output 00 Trusted design: a = (x y)z, b = (x y)z 00: invalid code x y z a b Dr. Gang Qu (gangqu@umd.edu) 6 M 3
4 Trust in Circuit/System Design A B x A B Trust in Circuit/System Design A B x A B M 4
5 Trust in Circuit/System Design What I want 1/0 11 0/1 What I get works, but is untrusted. There are backdoors! A B x A B Finding the Backdoors Who can reach state 00 Required: S(00)=φ Designed: S(00)={00,01,10,11}; Random Walk Attack in the given design/system: 1. start from a random state 2. give a random input 3. if (new state == 00) successful attack; break; 4. else 1/0 goto step /1 Dr. Gang Qu (gangqu@umd.edu) 10 M 5
6 Malicious Designs Hardware Trojan horse: adding hidden access to 00 [Dunbar and Qu, TECS 14] [Dunbar and Qu, IWLS 13] 11 Optical Fault Injection Attacks [Sergei and Anderson et al, CHES 2002] Dr. Gang Qu 12 M 6
7 Hardware in Security and Trust Evolving role of HW in security: Enabler Enhancer 13 Hardware in Security and Trust Evolving role of HW in security: Enabler Enhancer Enforcer 14 M 7
8 Hardware in Security and Trust Be careful Evolving role of HW in security: where you store Enabler the key Enhancer Enforcer 15 Physical Attacks Reverse engineering Side channel attacks Microprobing Fault generation Software attacks Be careful where you store the key [Ross Anderson, Security Engineering 2001] Dr. Gang Qu 16 M 8
9 Hardware in Security and Trust Evolving role of HW in security: Enabler Enhancer Enforcer Hardware in Security and Trust Evolving role of HW in security: Enabler Enhancer Enforcer Weakest Link? M 9
10 SCA: Attackers with Good Ears Side channel analysis attacks: Monitor/measure chip s physical characteristics during its normal operation Perform data analysis to learn information Side channels: cache memory, power, current, timing, scan chain, EM radiation, output signal, Dr. Gang Qu (gangqu@umd.edu) 19 Side Channel: Power and Current Source of power consumption Dynamic power Leakage current Short circuit and others Why data may leak from power/current Dynamic power: P C V 2 f C: effective capacitance Leakage current: depend on the input vectors Input Leakage(nA) Leakage current in a 2-input NAND Gang Qu (gangqu@umd.edu) 20 M 10
11 Side Channel: Timing or Delay Source of timing and delay Execution time required to complete an operation Why data may leak from timing/delay Control flow Data dependency Cache miss Pipeline stall x = x * y; y=0; y=1; y=64; y =190; if (a!=b) x=8; T x = 8; else x=c-d; a!= b F x = Gang Qu (gangqu@umd.edu) 21 Side Channel: Scan Chain Source of scan chain channel On-chip registers (scan flip flops) Why data may leak from scan chain System internal state can be read directly from scan out port during testing mode SI CLK TC SFF 1 D Q SFF 2 Q SFF 3 Q D D D D 0Q' 0Q' 1Q' 1Q' 1Q' CUT SFF 4 Q SFF 5 Gang Qu (gangqu@umd.edu) 22 M 11
12 Data Remanence Data remanence in SRAM Retaining data after power down Retrieve data after power down Data burned-in after long time storage Retrieve data right after power up Data frozen at low temperature (-20 o C) Freeze data and read it Data remanence in EEPROM and Flash V th changes after write/erase Extract data after multiple write/erase Gang Qu (gangqu@umd.edu) 23 Fault Injection Attacks Idea Have the chip/system execute with faulty or unexpected input/command Observe chip/system execution Fault generation techniques Glitches (clock, power) Temperature White light, laser X-ray and ion beams Electromagnetic Gang Qu (gangqu@umd.edu) 24 M 12
13 Fault Injection Attacks: Idea Bob is counting his dollar coins and pennies. You ask him how much money he has, but he tells you that the total weight is 24 grams. a dollar coin: 8 grams, a penny: 3 grams 3 dollars or 8 cents. Distract Bob or get him drunk so he counts a dollar as a penny or the other way around and tells you the total weight is 29 grams: 8+3x7 1 dollar (error), 7 pennies 8 cents 19 grams: 8x2+3 2 dollars, 1 penny (error) 3 Gang Qu (gangqu@umd.edu) 25 Fault Injection Attacks: Glitch Glitch is a fast change in chip s supply signals (power and clock). Affect some transistors or flip-flops Attack by a systematic search Clock glitch Incorrect instruction fetch Power glitches Corrupted EEPROM data read Break AES on secure Gang Qu (gangqu@umd.edu) 26 M 13
14 Internet of Things Smart Home Smart City IoT Security Smart Grid Smart Me Smart Car Dr. Gang Qu Image source: ST Microelectronics 27 By 2020, IoT will have 4 Billion connected users $4 Trillion business 25+ Million of Apps 25+ Billion of devices/systems 50 Trillion GBs of data INTERNET Hardware is the Root of IoT of THINGS Hardware building blocks: CMOS, RRAM, Analog, M 14
15 Security is the Key for IoT Safety, reliability, trust, privacy, policy, Secure hardware throughout its lifetime This is a hard problem Smart City Smart Me Security Smart Home Smart Grid Smart Car *Source: ST Microelectronics Dr. Gang Qu (gangqu@umd.edu) Source: DARPA BAA Trust for IC 29 EDA Meets Designing the Things Needs: Function Miniature/size Performance Cost Low power Reliability Safety EDA tools Many (IoT devices) will not be the typical designs that are pushing Moore s Law. Many (IoT devices) may be smaller, lower performance devices that do not necessarily need the latest and greatest process technology. Dr. Gang Qu (gangqu@umd.edu) 30 M 15
16 EDA Meets Designing the Things Needs: Function Miniature/size Performance Cost Low power Reliability Safety EDA tools There is nothing new or different about the functionality of EDA tools for the IoT. implementation (of IoT devices) can benefit from all the years of development of multivoltage design techniques applied to mature semiconductor process. Dr. Gang Qu 31 EDA Meets Designing the Things Needs: Function Miniature/size Performance Cost Low power Reliability Safety EDA tools X X X? More Needs: Security Privacy Trust Lower power Hardware has advantages in meeting these needs! [Qu and Yuan, ICCAD 2014] Dr. Gang Qu (gangqu@umd.edu) 32 M 16
17 Conclusion: Nobody Is An Island Security, privacy, trust issues remain as long as currency (including bitcoin) exists Attacking surface grows faster than countermeasures No system is an island, a holistic approach to build secure system Cryptography, software, hardware, network, communication, device, USER, Hardware is the root of security, trust, privacy Enabler, Enhancer, Enforcer Dr. Gang Qu (gangqu@umd.edu) 33 Conclusion 3748 Dr. Gang Qu (gangqu@umd.edu) 34 M 17
Fault-Based Attack of RSA Authentication
Fault-Based Attack of RSA Authentication, Valeria Bertacco and Todd Austin 1 Cryptography: Applications 2 Value of Cryptography $2.1 billions 1,300 employees $1.5 billions 4,000 employees $8.7 billions
More informationSIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017
SIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017 WHAT WE DO What we do Robust and Efficient Cryptographic Protocols Research in Cryptography and
More informationTamper Resistance - a Cautionary Note Ross Anderson Markus Kuhn
Tamper Resistance - a Cautionary Note Ross Anderson University of Cambridge Computer Laboratory Markus Kuhn University of Erlangen/ Purdue University Applications of Tamper Resistant Modules Security of
More informationHow microprobing can attack encrypted memory
How microprobing can attack encrypted memory Sergei Skorobogatov http://www.cl.cam.ac.uk/~sps32 email: sps32@cam.ac.uk Introduction Hardware Security research since 1995 testing microcontrollers and smartcards
More informationCSCI 4974 / 6974 Hardware Reverse Engineering. Lecture 12: Non-invasive attacks
CSCI 4974 / 6974 Hardware Reverse Engineering Lecture 12: Non-invasive attacks Memory technologies Quiz Attack types Non-invasive Any attack which does not damage the package Non-invasive attacks Program/debug
More informationWhoamI. Attacking WBC Implementations No con Name 2017
Attacking WBC Implementations No con Name 2017 1 WHO I AM EDUCATION: Computer Science MSc in IT security COMPANY & ROLES: HCE Security Evaluator R&D Engineer WBC project Responsible of Android security
More informationControlled Fault Injection: Wishful Thinking, Thoughtful Engineering,
Controlled Fault Injection: Wishful Thinking, Thoughtful Engineering, or just LUCK? FDTC 2017 Panelists: Ilia Polian, Marc Joye, Ingrid Verbauwhede Marc Witteman, Johann Heyszl The Fault Attack Process
More informationA physical level perspective
UMass CS 660 Advanced Information Assurance Spring 2011Guest Lecture Side Channel Analysis A physical level perspective Lang Lin Who am I 5 th year PhD candidate in ECE Advisor: Professor Wayne Burleson
More informationECE 595Z Digital Systems Design Automation
ECE 595Z Digital Systems Design Automation Anand Raghunathan, raghunathan@purdue.edu How do you design chips with over 1 Billion transistors? Human designer capability grows far slower than Moore s law!
More informationConnecting Securely to the Cloud
Connecting Securely to the Cloud Security Primer Presented by Enrico Gregoratto Andrew Marsh Agenda 2 Presentation Speaker Trusting The Connection Transport Layer Security Connecting to the Cloud Enrico
More informationSoftware Engineering Aspects of Elliptic Curve Cryptography. Joppe W. Bos Real World Crypto 2017
Software Engineering Aspects of Elliptic Curve Cryptography Joppe W. Bos Real World Crypto 2017 1. NXP Semiconductors Operations in > 35 countries, more than 130 facilities 45,000 employees Research &
More informationFPGA for Complex System Implementation. National Chiao Tung University Chun-Jen Tsai 04/14/2011
FPGA for Complex System Implementation National Chiao Tung University Chun-Jen Tsai 04/14/2011 About FPGA FPGA was invented by Ross Freeman in 1989 SRAM-based FPGA properties Standard parts Allowing multi-level
More informationPart VI. Public-key cryptography
Part VI Public-key cryptography Drawbacks with symmetric-key cryptography Symmetric-key cryptography: Communicating parties a priori share some secret information. Secure Channel Alice Unsecured Channel
More informationSECURITY FOR CONNECTED OBJECTS. Alain MERLE CEA-LETI
SECURITY FOR CONNECTED OBJECTS Alain MERLE CEA-LETI Alain.merle@cea.fr Source: CISCO, AT&T IOT: SOME FIGURES Cisco predicts 50B of connected object by 2020 X-as-a-service a breakthrough for carrier s business
More informationKey Management and Distribution
CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Chapter 10 Key Management; Other Public Key Cryptosystems Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan
More informationHardware Security: Present challenges and Future directions
Hardware Security: Present challenges and Future directions Dr Sergei Skorobogatov http://www.cl.cam.ac.uk/~sps32 email: sps32@cam.ac.uk Dept of Computer Science and Technology Outline Introduction History
More informationSecure Smartcard Design against Laser Fault Injection. FDTC 2007, September 10 th Odile DEROUET
Secure Smartcard Design against Laser Fault Injection FDTC 2007, September 10 th Odile DEROUET Agenda Fault Attacks on Smartcard Laser Fault Injection Our experiment Background on secure hardware design
More informationIntroduction to Side-Channel Analysis: Basic Concepts and Techniques
Introduction to Side-Channel Analysis: Basic Concepts and Techniques Hardware security, Spring 2018 Lejla Batina March 8, 2018 Institute for Computing and Information Sciences Radboud University 1 Outline
More informationSecure Set Intersection with Untrusted Hardware Tokens
Secure Set Intersection with Untrusted Hardware Tokens Thomas Schneider Engineering Cryptographic Protocols Group, TU Darmstadt http://encrypto.de joint work with Marc Fischlin (TU Darmstadt) Benny Pinkas
More informationResearch Institute in Secure Hardware & Embedded Systems (RISE) Professor Máire O Neill
Research Institute in Secure Hardware & Embedded Systems (RISE) Professor Máire O Neill Source: Ericsson Mobility Report, Nov 2016 Need for Hardware Security Demand for Hardware Security research & innovation
More informationOutline. Parity-based ECC and Mechanism for Detecting and Correcting Soft Errors in On-Chip Communication. Outline
Parity-based ECC and Mechanism for Detecting and Correcting Soft Errors in On-Chip Communication Khanh N. Dang and Xuan-Tu Tran Email: khanh.n.dang@vnu.edu.vn VNU Key Laboratory for Smart Integrated Systems
More informationComputers: Inside and Out
Computers: Inside and Out Computer Components To store binary information the most basic components of a computer must exist in two states State # 1 = 1 State # 2 = 0 1 Transistors Computers use transistors
More informationThomas Polzer Institut für Technische Informatik
Thomas Polzer tpolzer@ecs.tuwien.ac.at Institut für Technische Informatik Computer Organization and Design The Hardware / Software Interface David A. Patterson and John L. Hennessy Course based on the
More informationWHAT FUTURE FOR CONTACTLESS CARD SECURITY?
WHAT FUTURE FOR CONTACTLESS CARD SECURITY? Alain Vazquez (alain.vazquez@louveciennes.sema.slb.com) 1/27 AV Contents Major contactless features : summary Contactless major constraints Major security issues
More informationEmbedded System Security. Professor Patrick McDaniel Charles Sestito Fall 2015
Embedded System Security Professor Patrick McDaniel Charles Sestito Fall 2015 Embedded System Microprocessor used as a component in a device and is designed for a specific control function within a device
More informationFault injection attacks on cryptographic devices and countermeasures Part 1
Fault injection attacks on cryptographic devices and countermeasures Part 1 Israel Koren Department of Electrical and Computer Engineering University of Massachusetts Amherst, MA Outline Introduction -
More informationOutline. Trusted Design in FPGAs. FPGA Architectures CLB CLB. CLB Wiring
Outline Trusted Design in FPGAs Mohammad Tehranipoor ECE6095: Hardware Security & Trust University of Connecticut ECE Department Intro to FPGA Architecture FPGA Overview Manufacturing Flow FPGA Security
More informationHardware Security Challenges and Solutions. Mike Bartley TVS, Founder and CEO
Hardware Security Challenges and Solutions Mike Bartley TVS, Founder and CEO Agenda Some background on your speaker and testing safety related systems Threats and solutions Verifying those solutions Bare
More informationCSE484 Final Study Guide
CSE484 Final Study Guide Winter 2013 NOTE: This study guide presents a list of ideas and topics that the TAs find useful to know, and may not represent all the topics that could appear on the final exam.
More informationCryptography and Network Security Chapter 10. Fourth Edition by William Stallings
Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings Chapter 10 Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture out of the
More informationSecuring IoT devices with STM32 & STSAFE Products family. Fabrice Gendreau Secure MCUs Marketing & Application Managers EMEA Region
Securing IoT devices with STM32 & STSAFE Products family Fabrice Gendreau Secure MCUs Marketing & Application Managers EMEA Region 2 The leading provider of products and solutions for Smart Driving and
More informationIntroduction to Cryptography Lecture 7
Introduction to Cryptography Lecture 7 Public-Key Encryption: El-Gamal, RSA Benny Pinkas page 1 1 Public key encryption Alice publishes a public key PK Alice. Alice has a secret key SK Alice. Anyone knowing
More informationDesign methods and tools for side channel attack resistant circuits
Design methods and tools for side channel attack resistant circuits Ingrid Verbauwhede ingrid.verbauwhede-at-esat.kuleuven.be K.U.Leuven, COSIC Computer Security and Industrial Cryptography www.esat.kuleuven.be/cosic
More informationSIDE CHANNEL ANALYSIS : LOW COST PLATFORM. ETSI SECURITY WEEK Driss ABOULKASSIM Jacques FOURNIERI
SIDE CHANNEL ANALYSIS : LOW COST PLATFORM ETSI SECURITY WEEK Driss ABOULKASSIM Jacques FOURNIERI THE CEA Military Applications Division (DAM) Nuclear Energy Division (DEN) Technological Research Division
More informationADVANCED FPGA BASED SYSTEM DESIGN. Dr. Tayab Din Memon Lecture 3 & 4
ADVANCED FPGA BASED SYSTEM DESIGN Dr. Tayab Din Memon tayabuddin.memon@faculty.muet.edu.pk Lecture 3 & 4 Books Recommended Books: Text Book: FPGA Based System Design by Wayne Wolf Overview Why VLSI? Moore
More informationHardware-Level Security for the IoT. Mark Zwolinski March 2017
Hardware-Level Security for the IoT Mark Zwolinski March 2017 Outline Background, IoT, Hardware/Software, Threats/Risks Hardware-level security PUFs Anomaly detection Summary IoT / Embedded Systems Not
More informationSTMicroelectronics STM32F103ZET6 32 Bit MCU. Advanced Functional Analysis
Advanced Functional Analysis For comments, questions, or more information about this report, or for any additional technical needs concerning semiconductor technology, please call Sales at Chipworks. 3685
More informationCOIN FLIPPING BY TELEPHONE
COIN FLIPPING BY TELEPHONE A protocol for solving impossible problems Based on Manuel Blum's Paper from 1981 Proved useful for: - Mental poker - Certified Mail - Exchange of Secrets Table of Contents Application
More informationLecture 2 Applied Cryptography (Part 2)
Lecture 2 Applied Cryptography (Part 2) Patrick P. C. Lee Tsinghua Summer Course 2010 2-1 Roadmap Number theory Public key cryptography RSA Diffie-Hellman DSA Certificates Tsinghua Summer Course 2010 2-2
More informationImplementation Tradeoffs for Symmetric Cryptography
Implementation Tradeoffs for Symmetric Cryptography Télécom ParisTech, LTCI Page 1 Implementation Trade-offs Security Physical attacks Cryptanalysis* Performance energy Throughput Latency Complexity *
More informationSECURITY CRYPTOGRAPHY Cryptography Overview Brochure. Cryptography Overview
SECURITY CRYPTOGRAPHY Cryptography Overview Brochure Cryptography Overview DPA-resistant and Standard Cryptographic Hardware Cores DPA (Differential Power Analysis) Resistant Hardware Cores prevent against
More informationSample Table of Contents
Sample Table of Contents from System-on-Chip (SoC) For any additional technical needs concerning semiconductor and electronics technology, please call Sales at Chipworks. 3685 Richmond Road, Suite 500,
More informationCan randomized mapping secure instruction caches from side-channel attacks?
Can randomized mapping secure instruction caches from side-channel attacks? Fangfei Liu, Hao Wu and Ruby B. Lee Princeton University June 14, 2015 Outline Motivation and Background Data cache attacks and
More informationApplied cryptography
Applied cryptography Electronic Cash Andreas Hülsing 29 November 2016 1 / 61 Classical Cash - Life Cycle Mint produces money (coins / bank notes) Sent to bank User withdraws money (reduces account balance)
More informationKey Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings
Key Exchange References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings Outlines Primitives Root Discrete Logarithm Diffie-Hellman ElGamal Shamir s Three Pass
More informationFlash Memory Bumping Attacks
Flash Memory Bumping Attacks Sergei Skorobogatov http://www.cl.cam.ac.uk/~sps32 email: sps32@cam.ac.uk Introduction Data protection with integrity check verifying memory integrity without compromising
More informationIntroduction to Semiconductor Memory Dr. Lynn Fuller Webpage:
ROCHESTER INSTITUTE OF TECHNOLOGY MICROELECTRONIC ENGINEERING Introduction to Semiconductor Memory Webpage: http://people.rit.edu/lffeee 82 Lomb Memorial Drive Rochester, NY 14623-5604 Tel (585) 475-2035
More informationCREATED BY M BILAL & Arslan Ahmad Shaad Visit:
CREATED BY M BILAL & Arslan Ahmad Shaad Visit: www.techo786.wordpress.com Q1: Define microprocessor? Short Questions Chapter No 01 Fundamental Concepts Microprocessor is a program-controlled and semiconductor
More informationBreaking the Bitstream Decryption of FPGAs
Breaking the Bitstream Decryption of FPGAs 05. Sep. 2012 Amir Moradi Embedded Security Group, Ruhr University Bochum, Germany Acknowledgment Christof Paar Markus Kasper Timo Kasper Alessandro Barenghi
More informationCS3235 Seventh set of lecture slides
CS3235 Seventh set of lecture slides Hugh Anderson National University of Singapore School of Computing October, 2007 Hugh Anderson CS3235 Seventh set of lecture slides 1 Warp 9... Outline 1 Public Key
More informationCryptography and Network Security
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown Chapter 10 Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would
More informationAn Introduction to Programmable Logic
Outline An Introduction to Programmable Logic 3 November 24 Transistors Logic Gates CPLD Architectures FPGA Architectures Device Considerations Soft Core Processors Design Example Quiz Semiconductors Semiconductor
More informationIBG Protection for Anti-Fuse OTP Memory Security Breaches
IBG Protection for Anti-Fuse OTP Memory Security Breaches Overview Anti-Fuse Memory IP is considered by some to be the gold standard for secure memory. Once programmed, reverse engineering methods will
More informationComputer Security. 10. Exam 2 Review. Paul Krzyzanowski. Rutgers University. Spring 2017
Computer Security 10. Exam 2 Review Paul Krzyzanowski Rutgers University Spring 2017 March 23, 2018 CS 419 2017 Paul Krzyzanowski 1 Question 1(a) Suppose you come across some old text in the form GEPPQ
More informationHARDWARE SECURITY. EEC 492/592, CIS 493 Hands-on Experience on Computer System Security Chan Yu Cleveland State University
HARDWARE SECURITY EEC 492/592, CIS 493 Hands-on Experience on Computer System Security Chan Yu Cleveland State University CONTENTS Overview of Hardware security Basics FPGA (Field Programmable Gate Array)
More informationRevolutioni W zi h Wn e hgn e n F a Mi i s liu lsir u e ro e Cri I ti s Ic N al o t V A e n ri n O fi p c ti a o ti n oo
Formal Verification Revolutionizing Mission Critical Verification When Failure Is Not An Option Formal-based Security Verification www.onespin.com March 2016 HW Security Issues More Common Than Thought
More information2/13/2014. What is Tamper Resistance? IBM s Attacker Categories. Protection Levels. Classification Of Physical Attacks.
What is Tamper Resistance? Physical and Tamper Resistance Mohammad Tehranipoor Updated/Modified by Siavash Bayat Sarmadi Resistance to tampering the device by either normal users or systems or others with
More informationOUTLINE Introduction Power Components Dynamic Power Optimization Conclusions
OUTLINE Introduction Power Components Dynamic Power Optimization Conclusions 04/15/14 1 Introduction: Low Power Technology Process Hardware Architecture Software Multi VTH Low-power circuits Parallelism
More informationImproving Smart Card Security using Self-timed Circuits
Improving Smart ard Security using Self-timed ircuits Simon Moore, Ross Anderson, Paul unningham, Robert Mullins, George Taylor omputer Laboratory, University of ambridge simon.moore@cl.cam.ac.uk Abstract
More informationCOMP3221: Microprocessors and. and Embedded Systems. Overview. Lecture 23: Memory Systems (I)
COMP3221: Microprocessors and Embedded Systems Lecture 23: Memory Systems (I) Overview Memory System Hierarchy RAM, ROM, EPROM, EEPROM and FLASH http://www.cse.unsw.edu.au/~cs3221 Lecturer: Hui Wu Session
More informationLecture Objectives. Introduction to Computing Chapter 0. Topics. Numbering Systems 04/09/2017
Lecture Objectives Introduction to Computing Chapter The AVR microcontroller and embedded systems using assembly and c Students should be able to: Convert between base and. Explain the difference between
More informationCryptography for the Internet of Things. Kenny Paterson Information Security
Cryptography for the Internet of Things Kenny Paterson Information Security Group @kennyog; www.isg.rhul.ac.uk/~kp What is the Internet of Things? The Internet of Things (IoT) is the network of physical
More informationAlgorithms and arithmetic for the implementation of cryptographic pairings
Cairn seminar November 29th, 2013 Algorithms and arithmetic for the implementation of cryptographic pairings Nicolas Estibals CAIRN project-team, IRISA Nicolas.Estibals@irisa.fr What is an elliptic curve?
More informationTABLE OF CONTENTS CHAPTER NO. TITLE PAGE NO.
vii TABLE OF CONTENTS CHAPTER NO. TITLE PAGE NO. ABSTRACT LIST OF TABLES LIST OF FIGURES LIST OF SYMBOLS AND ABBREVIATION iii xii xiv xvii 1 INTRODUCTION 1 1.1 GENERAL 1 1.2 TYPES OF WIRELESS COMMUNICATION
More informationRSA. Public Key CryptoSystem
RSA Public Key CryptoSystem DIFFIE AND HELLMAN (76) NEW DIRECTIONS IN CRYPTOGRAPHY Split the Bob s secret key K to two parts: K E, to be used for encrypting messages to Bob. K D, to be used for decrypting
More informationCryptographic Protocols and Algorithms for 5G. Elena Dubrova School of Information and Communication Techonology, KTH
Cryptographic Protocols and Algorithms for 5G Elena Dubrova School of Information and Communication Techonology, KTH Overview PROTOCOLS ALGORITHMS IMPLEMENTATIONS OBJECTIVES TO IMPROVE ATTACK RESISTANCE
More informationPARAMETRIC TROJANS FOR FAULT-BASED ATTACKS ON CRYPTOGRAPHIC HARDWARE
PARAMETRIC TROJANS FOR FAULT-BASED ATTACKS ON CRYPTOGRAPHIC HARDWARE Raghavan Kumar, University of Massachusetts Amherst Contributions by: Philipp Jovanovic, University of Passau Wayne P. Burleson, University
More informationSmalltalk 3/30/15. The Mathematics of Bitcoin Brian Heinold
Smalltalk 3/30/15 The Mathematics of Bitcoin Brian Heinold What is Bitcoin? Created by Satoshi Nakamoto in 2008 What is Bitcoin? Created by Satoshi Nakamoto in 2008 Digital currency (though not the first)
More informationBitcoin, Security for Cloud & Big Data
Bitcoin, Security for Cloud & Big Data CS 161: Computer Security Prof. David Wagner April 18, 2013 Bitcoin Public, distributed, peer-to-peer, hash-chained audit log of all transactions ( block chain ).
More informationECEN 449 Microprocessor System Design. Memories
ECEN 449 Microprocessor System Design Memories 1 Objectives of this Lecture Unit Learn about different types of memories SRAM/DRAM/CAM /C Flash 2 1 SRAM Static Random Access Memory 3 SRAM Static Random
More informationOptical Fault Masking Attacks. Sergei Skorobogatov
Sergei Skorobogatov http://www.cl.cam.ac.uk/~sps32 email: sps32@cam.ac.uk Introduction Memory modification attacks were actively used in mid 90s to circumvent the security in microcontrollers In old chips
More informationInformation Security Theory vs. Reality
Information Security Theory vs. Reality 0368-4474, Winter 2015-2016 Lecture 8: Hardware security (2/2), Leakage/tamper resilience (1/2) Lecturer: Eran Tromer 1 Hardware security Invasive attacks (continued)
More informationHOST Differential Power Attacks ECE 525
Side-Channel Attacks Cryptographic algorithms assume that secret keys are utilized by implementations of the algorithm in a secure fashion, with access only allowed through the I/Os Unfortunately, cryptographic
More information8051 INTERFACING TO EXTERNAL MEMORY
8051 INTERFACING TO EXTERNAL MEMORY Memory Capacity The number of bits that a semiconductor memory chip can store Called chip capacity It can be in units of Kbits (kilobits), Mbits (megabits), and so on
More informationInterface DAC to a PC. Control Word of MC1480 DAC (or DAC 808) 8255 Design Example. Engineering 4862 Microprocessors
Interface DAC to a PC Engineering 4862 Microprocessors Lecture 22 Cheng Li EN-4012 licheng@engr.mun.ca DAC (Digital-to-Analog Converter) Device used to convert digital pulses to analog signals Two methods
More informationProgrammable Logic Devices FPGA Architectures II CMPE 415. Overview This set of notes introduces many of the features available in the FPGAs of today.
Overview This set of notes introduces many of the features available in the FPGAs of today. The majority use SRAM based configuration cells, which allows fast reconfiguation. Allows new design ideas to
More informationOptical Fault Masking Attacks
Optical Fault Masking Attacks Sergei Skorobogatov Computer Laboratory University of Cambridge Cambridge, United Kingdom e-mail: sps32@cam.ac.uk Abstract This paper introduces some new types of optical
More informationAtmel Trusted Platform Module June, 2014
Atmel Trusted Platform Module June, 2014 1 2014 Atmel Corporation What is a TPM? The TPM is a hardware-based secret key generation and storage device providing a secure vault for any embedded system Four
More informationTrojan-tolerant Hardware & Supply Chain Security in Practice
Trojan-tolerant Hardware & Supply Chain Security in Practice Who we are Vasilios Mavroudis Doctoral Researcher, UCL Dan Cvrcek CEO, Enigma Bridge George Danezis Professor, UCL Petr Svenda CTO, Enigma Bridge
More informationCS 161 Computer Security
Raluca Popa Spring 2018 CS 161 Computer Security Homework 2 Due: Wednesday, February 14, at 11:59pm Instructions. This homework is due Wednesday, February 14, at 11:59pm. No late homeworks will be accepted.
More informationVLSI Design Automation
VLSI Design Automation IC Products Processors CPU, DSP, Controllers Memory chips RAM, ROM, EEPROM Analog Mobile communication, audio/video processing Programmable PLA, FPGA Embedded systems Used in cars,
More informationINTERNATIONAL JOURNAL OF ELECTRONICS AND COMMUNICATION ENGINEERING & TECHNOLOGY (IJECET)
INTERNATIONAL JOURNAL OF ELECTRONICS AND COMMUNICATION ENGINEERING & TECHNOLOGY (IJECET) International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN 0976 ISSN 0976 6464(Print)
More informationSPA-Based Adaptive Chosen-Ciphertext Attack on RSA Implementation
SPA-Based Adaptive Chosen-Ciphertext Attack on RSA Implementation Roman Novak Jozef Stefan Institute, Jamova 39, 00 Ljubljana, Slovenia, Roman.Novak@ijs.si Abstract. 1 We describe an adaptive chosen-ciphertext
More informationSho Endo1, Naofumi Homma1, Yu-ichi Hayashi1, Junko Takahashi2, Hitoshi Fuji2 and Takafumi Aoki1
April 15, 2014 COSADE2014 A Multiple-fault Injection Attack by Adaptiv e Timing Control under Black-box Conditi ons and a Countermeasure Sho Endo1, Naofumi Homma1, Yu-ichi Hayashi1, Junko Takahashi2, Hitoshi
More informationTrojan-tolerant Hardware
Trojan-tolerant Hardware + Supply Chain Security in Practice Vasilios Mavroudis Doctoral Researcher, UCL Dan Cvrcek CEO, Enigma Bridge Who we are Vasilios Mavroudis Doctoral Researcher, UCL George Danezis
More informationSynthesis of Fault-Attack Countermeasures for Cryptographic Circuits
Synthesis of Fault-Attack Countermeasures for Cryptographic Circuits Hassan Eldib, Meng Wu, and Chao Wang CAV, July 23, 2016 Cryptographic Algorithm: an example Plaintext Chip Ciphertext 0110 1001 1011
More informationReliable Physical Unclonable Function based on Asynchronous Circuits
Reliable Physical Unclonable Function based on Asynchronous Circuits Kyung Ki Kim Department of Electronic Engineering, Daegu University, Gyeongbuk, 38453, South Korea. E-mail: kkkim@daegu.ac.kr Abstract
More informationSecure Multiparty Computation
Secure Multiparty Computation Li Xiong CS573 Data Privacy and Security Outline Secure multiparty computation Problem and security definitions Basic cryptographic tools and general constructions Yao s Millionnare
More informationA New Attack with Side Channel Leakage during Exponent Recoding Computations
A New Attack with Side Channel Leakage during Exponent Recoding Computations Yasuyuki Sakai 1 and Kouichi Sakurai 2 1 Mitsubishi Electric Corporation, 5-1-1 Ofuna, Kamakura, Kanagawa 247-8501, Japan ysakai@iss.isl.melco.co.jp
More informationField Program mable Gate Arrays
Field Program mable Gate Arrays M andakini Patil E H E P g r o u p D H E P T I F R SERC school NISER, Bhubaneshwar Nov 7-27 2017 Outline Digital electronics Short history of programmable logic devices
More informationA practical integrated device for lowoverhead, secure communications.
A practical integrated device for lowoverhead, secure communications. Gord Allan Matt Lewis Design Goals Versatility Mobility Security -can be used in a range of devices -compatibility, low/no infrastructure
More informationLecture Notes 20 : Smartcards, side channel attacks
6.857 Computer and Network Security November 14, 2002 Lecture Notes 20 : Smartcards, side channel attacks Lecturer: Ron Rivest Scribe: Giffin/Greenstadt/Plitwack/Tibbetts [These notes come from Fall 2001.
More informationAnnouncement. Computer Architecture (CSC-3501) Lecture 20 (08 April 2008) Chapter 6 Objectives. 6.1 Introduction. 6.
Announcement Computer Architecture (CSC-350) Lecture 0 (08 April 008) Seung-Jong Park (Jay) http://www.csc.lsu.edu/~sjpark Chapter 6 Objectives 6. Introduction Master the concepts of hierarchical memory
More informationIntroduction to Secure Multi-Party Computation
Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the University of Texas, Austin for providing these slides. slide 1 Motivation General framework for describing computation
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Public Key Cryptography Modular Arithmetic RSA
More informationPublic Key Algorithms
Public Key Algorithms CS 472 Spring 13 Lecture 6 Mohammad Almalag 2/19/2013 Public Key Algorithms - Introduction Public key algorithms are a motley crew, how? All hash algorithms do the same thing: Take
More informationChapter 1 Microprocessor architecture ECE 3120 Dr. Mohamed Mahmoud http://iweb.tntech.edu/mmahmoud/ mmahmoud@tntech.edu Outline 1.1 Computer hardware organization 1.1.1 Number System 1.1.2 Computer hardware
More informationGreat Theoretical Ideas in Computer Science. Lecture 27: Cryptography
15-251 Great Theoretical Ideas in Computer Science Lecture 27: Cryptography What is cryptography about? Adversary Eavesdropper I will cut his throat I will cut his throat What is cryptography about? loru23n8uladjkfb!#@
More informationEnsimag - 4MMSR Network Security Student Seminar. Bitcoin: A peer-to-peer Electronic Cash System Satoshi Nakamoto
Ensimag - 4MMSR Network Security Student Seminar Bitcoin: A peer-to-peer Electronic Cash System Satoshi Nakamoto wafa.mbarek@ensimag.fr halima.myesser@ensimag.fr 1 Table of contents: I- Introduction: Classic
More informationCS 31: Intro to Systems Digital Logic. Kevin Webb Swarthmore College February 3, 2015
CS 31: Intro to Systems Digital Logic Kevin Webb Swarthmore College February 3, 2015 Reading Quiz Today Hardware basics Machine memory models Digital signals Logic gates Circuits: Borrow some paper if
More information