The Design and Evaluation Methodology of Dependable VLSI for Tamper Resistance
|
|
- Bruce McDowell
- 5 years ago
- Views:
Transcription
1 DLSI International Symposium The Design and Evaluation Methodology of Dependable VLSI for Focusing on the security of hardware modules - Tamper resistant cryptographic circuit - Evaluation tools for tamper resistance - Physical Unclonable Function (PUF) Takeshi Ritsumeikan Univ. Yohei AIST(Advanced Industrial Science and Technology) Masaya Meijo University Daisuke Mitsubishi Electric 1
2 Contents 2 Introduction to cryptographic modules and Side channel attacks The aspect of Side channel attacks (SCAs) The Effect of on-chip Capacitance The Effect of on-chip Metal Shielding The Effect of finer device fabrication process The AES cryptographic circuit against SCAs Countermeasure against Power Analysis Countermeasure against EM Analysis The evaluation platform SASEBO Smartcard-type evaluation board new Secure Key Storage using Physical Unclonable Functions
3 IC card Automotive Security SIM card Cryptographic circuit Embedded Systems Security Smart meter 1. INTRODUCTION TO CRYPTOGRAPHIC MODULES AND SIDE CHANNEL ATTACKS 3
4 The research target in tamper resistant security LSI 4 The design methodology for tamper resistant LSI The evaluation tools for tamper resistance Secure system utilizing Physical Unclonable Function Fault Attack Illegal Clock (e.g. Glitch) Power Supply fluctuation Input Noise Security LSI module Invasive Attack Open Package Laser or EM Injection Malicious Input Abnormal Output Regular Input/Output Side Channel Information Reverse Engineering Probing electro signal Processing Time Current /Voltage EM Radiation Cloning Attack Side Channel Attack
5 Cryptographic module and Side Channel Information Cryptography for Realizing Security Functions (exam.) 1 Authentication: Read/write permissions to HDD are granted to authorized users 2 Encryption: HDD data are encrypted in case of loss or theft 5 Authorized User Security Functions (LSI) Storage (HDD) 1 Authentication Request Challenge Response Authentic ation Authentication Key : KA Secret Information Key : KA 2 Encryption Plaintext M Encryption Key : KE Encryption Cipher text C Decryption Side Channel Information Processing Time Current /Voltage EM Radiation
6 Side Channel Attack 6 Secret key is revealed by exploiting side channel information from crypto module Consumption Power or EM leakage are used as an information Evaluation Board SASEBO-RII Plain Text Control & Analysis software for revealing secret key Power Cryptographic Module EM Probe Cipher Text Oscilloscope AES Chip
7 The attacking points on AES crypto circuit Plain Text 16Byte RoundKey 0 Key 16Byte 7 Hamming Distance(HD) Data Register SubBytes SEL Data Registers 16Byte SEL Temp Key Registers Hamming Weight(HW) Sbox input(output) Power consumption is correlated to the HD of resisters and HW of Sbox input Round10 Sbox01 Sbox02 ShiftRows Round 1-9 MixColumns SEL Sbox15 16Byte Sbox16 1Byte 16Byte Cipher Text RoundKey Byte Key Expansion
8 (Text) Plain Cipher Safe Cryptographic Device Side channel information Threat Power Attack Power Consumption EM Attack Electromagnetic wave 2. THE ASPECT OF SIDE CHANNEL ATTACKS 8
9 The Effect of Capacitance 9 The Power leakage is considered to be reduced by the on-chip or off-chip decoupling capacitor On-chip Capacitor make vulnerable to EMA attack with HW correlation PA attack EMA attack Capacitor s Effect Capacitor s Effect SAMPLE: Non-countermeasured AES (Sbox:Composite Field)
10 Number of revealed keys [Bytes] The Effect of Metal Shielding 10 The Metal Shielding reduce the EM leakage The secret key can still be exploited by the increased number of traces Metal Shielding is not a perfect solution against EM attack SAMPLE: I/O masked dual rail ROM (The countermeasured AES circuit against Power Analysis) M etal 5 M etal 4 M etal 3 Metal Shielding layers VDD GND VDD GND ROM Cell (PO, M 1) Without metal-shield With metal-shield Number of traces
11 The Effect of Finer fabrication process 11 The Power and EM attack are tested in 65 and 28nm FPGA EM attack getting powerful in the finer process Reason: Static Power leakage is dominant 65nm 28nm Solid line : EM Attack Dotted line : Power Attack (28nm) (65nm) [mw] dynamic
12 3. THE AES CRYPTOGRAPHIC CIRCUIT AGAINST SCAS 12
13 S-Box1 S-Box2 S-Box16 Dependable VLSI (Our countermeasure) I/O Masked Dual Rail ROM (MDR-ROM) AES IN MDR-ROM provides constant power consumption irrespective of input value 2K bit MDR-ROM is used in the SubByte transformation on the AES circuit Other linear circuits are masked by the additive mask AES IN 13 dual-rail complementary operation Round key R m [127:0] 128 Round key Masked In Data one hot transition Unmask Data Mask Data IO-masked dual-rail (MDR) ROM Sense Amp 3 4 Masked Out Data Sub Bytes SEL 128 Shift Rows Round10 Round1-9 Mix Columns Round key DFF IO- masked dual- rail ROM SEL R um [127:0] 128 non-linear circuit AES OUT AES applied IO-masked dual-rail ROM Sub Bytes SEL 128 Shift Rows Round10 Round1-9 Mix Columns Round key DFF SEL 128 AES OUT Advanced Encryption Standard (AES)
14 (Our countermeasure) I/O Masked Dual Rail ROM (MDR-ROM) MDR-ROM provides constant power consumption irrespective of input value 2K bit MDR-ROM is used in the SubByte transformation on the AES circuit Other linear circuits are masked by the additive mask dual-rail complementary operation one hot transition Unmask Data Mask Data Sense Amp 4 Masked In Data Masked Out Data IO-masked dual-rail (MDR) ROM SBox
15 Evaluation results of MDR-ROM 15 Dual rail RSL memory is used for S-box and other circuits are designed in Standard ASIC flow Power overhead is 50 % of no countermeasure Sufficient PA resistance is demonstrated compared with other countermeasures (WDDL, MDPL,MAO,TI) MDR ROM Information Leakage No Leakage Small area Low Power
16 EM leakage on MDR-ROM MDR-ROM demonstrate high resistance against Power Attack MDR-ROM has a EM leakage called Geometric Leak This type of leakage is discovered for the 1st time in the world on our experiments (presented at CHES 2013, invited to submit on Journal of Cryptographic Engineering ) 16 EM Probe Position UnMask Data Sense Amp Masked Data Masked Data Mask Data Masked Data
17 IO- Masked Dual Rail ROM IO- Masked Dual Rail ROM Dependable VLSI Multiplicative masking is also introduced in addition to additive mask Inverse operation on Galois Field is tabled on the MDR-ROM The addresses except for zero are randomly accessed regardless of the input data Sbox is commonly used for encryption and decryption (New countermeasure) Hybrid Masked Dual Rail ROM (HMDR-ROM) The number of MDR-ROM is half 17 Memory Cell Array Memory Cell Array
18 EMA resistance on HMDR-ROM 18 Geometric leakage is diminished and high EMA resistance is obtained in HMDR-ROM Additive mask:off Multiplicative mask:off Additive mask:on Multiplicative mask:off Additive mask:on Multiplicative mask:on
19 FPGA Board SASEBO-GIII Analysis Software Compact Scanner for EM Analysis 4. THE EVALUATION PLATFORM SASEBO 19
20 Development of SCA Test Environment SASEBO: Side-channel Attack Standard Evaluation Board Provides a uniform experimental environment to academic, industrial and governmental researchers Facilitates research of side-channel attacks Outcome Commercially available and globally used in >100 institutes >1100 academic papers use/cite SASEBO (1/Nov/2013, Google scholar) Included in world s de-facto standard SCA evaluation tools SASEBO-RII ASIC evaluation SASEBO-GIII 28-nm Kintex-7 MiMICC 45-nm Spartan-6 Compact automatic EM scanner Photo from the Riscure s INSPECTOR brochure
21 Smartcard-type evaluation board w/45-nm FPGA MiMICC: Minature Measurement IC Card H/W-implemented cipher algorithms (etc.) on a smartcard can be tested Physical dimensions are almost ISO/IEC 7810 ID-1 compliant ISO/IEC 7816 (T=0) data transfer protocol is supported 21 Smartcard emulation circuit ATR sender APDU operator UART I/F Memory mapped I/F 0000 FFFF User application circuit User application circuit Card reader (SASEBO-W)
22 EMA Demonstration Using MiMICC 22 Secret key extraction from AES on the smartcard Key length = 128 bits (16 bytes). Block length = 128 bits. Without countermeasures EM radiation from the chip is measured and analyzed Analysis tool MiMICC EM radiation Loop antenna Oscilloscope Amplifier Power source SASEBO-W Oscilloscope Loop antenna MiMICC AES is running on the smartcard board MiMICC. EM radiation is measured with loop antenna. Cipher text Extract secret key Waveform Statistical analysis tool
23 5. SECURE KEY STORAGE USING PHYSICAL UNCLONABLE FUNCTIONS 23
24 PUF extracts physical variation in each device Physical Unclonable Function 24 Unique and Unclonable ID(Identification code) can be produced We proposed arbiter base DTM PUF with high uniqueness Challenges [ C0, C1, C2,, CN-1] #1 #2 #3 #1 [ 0, 0, 0,, 0 ] #2 [ 1, 0, 0,, 0 ] #3 [ 0, 1, 0,, 0 ] PUF #A PUF #B Responses PUF #C N Conventional Arbiter Challenges x N multiplexors D dt Δt Response Ddt DTM method (Delay time measurement)
25 PUF based Key Generation 25 IDs produced by PUF has the instability Fuzzy Extractor is used for error correction Fuzzy Extractor (FE) 訂正符号例 Correction 入力 出力 in Error Code out Generation 初期鍵生成処理 RNG ENC Generate PUF Initial Responses レスポンス #A 初期鍵 Initial Key W Hash C W C ヘルパー Helper データ Data Reproduced 再生成鍵 Key ^ W Hash ^ C Reproduction 再生成処理 ENC DEC C W [1] Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data Regenerate Responses レスポンス PUF #A
26 Secure Key Storage using PUF 26 Authentication key had to be stored in secure memory PUF Encrypted authentication key (2) can be stored in the standard memory Authentication key can be produced by (1) (2) (3) Initial Key Generation RNG (1)Challenges ENC PUF Hash (1)Challenges PUF Key (2)Helper Data (1) (2) (3) Authentication Key AES (3)PUF Encrypted Authentication Key PUF Reproduce Key DEC ENC Hash PUF Key Authentication Key cannot be produced without PUF AES Authentication Key
27 SUMMARY 27 Side channel attacks (SCAs) is a serious threat for cryptographic modules which are used in IC card, smart meter or automobile The countermeasures against SCAs is not easy On chip capacitor is effective against power analysis but vulnerable against EM analysis Metal Shielding is not perfect countermeasure against EM analysis EM analysis is still powerful on finer device fabrication process The AES cryptographic circuit against SCAs are designed I/O Masked Dual Rail ROM (MDR-ROM) is a good countermeasure against power analysis, but EM leak called geometric leak was found Hybrid Masked Dual Rail ROM (HMDR-ROM) is free from geometric leak The FPGA on the smartcard is newly designed, and EM analysis is successfully demonstrated by using SASEBO-W board Stable PUF Key generation by Fuzzy-Extractor, and authentication system using PUF-protected key are demonstrated
HOST Differential Power Attacks ECE 525
Side-Channel Attacks Cryptographic algorithms assume that secret keys are utilized by implementations of the algorithm in a secure fashion, with access only allowed through the I/Os Unfortunately, cryptographic
More informationSide channel attack: Power Analysis. Chujiao Ma, Z. Jerry Shi CSE, University of Connecticut
Side channel attack: Power Analysis Chujiao Ma, Z. Jerry Shi CSE, University of Connecticut Conventional Cryptanalysis Conventional cryptanalysis considers crypto systems as mathematical objects Assumptions:
More informationA Countermeasure Circuit for Secure AES Engine against Differential Power Analysis
A Countermeasure Circuit for Secure AES Engine against Differential Power Analysis V.S.Subarsana 1, C.K.Gobu 2 PG Scholar, Member IEEE, SNS College of Engineering, Coimbatore, India 1 Assistant Professor
More informationMasking as a Side-Channel Countermeasure in Hardware
Masking as a Side-Channel Countermeasure in Hardware 6. September 2016 Ruhr-Universität Bochum 1 Agenda Physical Attacks and Side Channel Analysis Attacks Measurement setup Power Analysis Attacks Countermeasures
More informationSecurity against Timing Analysis Attack
International Journal of Electrical and Computer Engineering (IJECE) Vol. 5, No. 4, August 2015, pp. 759~764 ISSN: 2088-8708 759 Security against Timing Analysis Attack Deevi Radha Rani 1, S. Venkateswarlu
More informationSIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017
SIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017 WHAT WE DO What we do Robust and Efficient Cryptographic Protocols Research in Cryptography and
More informationCountermeasures against EM Analysis
Countermeasures against EM Analysis Paolo Maistri 1, SebastienTiran 2, Amine Dehbaoui 3, Philippe Maurine 2, Jean-Max Dutertre 4 (1) (2) (3) (4) Context Side channel analysis is a major threat against
More informationSIDE CHANNEL ANALYSIS : LOW COST PLATFORM. ETSI SECURITY WEEK Driss ABOULKASSIM Jacques FOURNIERI
SIDE CHANNEL ANALYSIS : LOW COST PLATFORM ETSI SECURITY WEEK Driss ABOULKASSIM Jacques FOURNIERI THE CEA Military Applications Division (DAM) Nuclear Energy Division (DEN) Technological Research Division
More informationThe embedded security challenge: Protecting bits at rest
The embedded security challenge: Protecting bits at rest Patrick Schaumont schaum@vt.edu Acknowledgements: Eric Simpson, Pengyuan Yu Secure Embedded Systems Group ECE Department Secret bits-at-rest Hi-Res
More informationBreaking the Bitstream Decryption of FPGAs
Breaking the Bitstream Decryption of FPGAs 05. Sep. 2012 Amir Moradi Embedded Security Group, Ruhr University Bochum, Germany Acknowledgment Christof Paar Markus Kasper Timo Kasper Alessandro Barenghi
More informationFPGA Prototyping of a Smart Card Platform for Evaluating Tamper Resistance of Cryptographic Circuits
R1-14 SASIMI 2016 Proceedings FPGA Prototyping of a Smart Card Platform for Evaluating Tamper Resistance of Cryptographic Circuits Hiroyuki Kanbara Naoya Ito Hinata Takebayashi School of Science and Technology
More informationSECURITY OF CPS: SECURE EMBEDDED SYSTEMS AS A BASIS
SECURITY OF CPS: SECURE EMBEDDED SYSTEMS AS A BASIS Christoph Krauß, christoph.krauss@aisec.fraunhofer.de Dagstuhl Seminar 11441: Science and Engineering of CPS, November 2011 Overview Introduction Securing
More informationFault Sensitivity Analysis
Fault Sensitivity Analysis Yang Li, Kazuo Sakiyama, Shigeto Gomisawa, Kazuo Ohta The University of Electro-Communications liyang@ice.uec.ac.jp Toshinori Fukunaga, Junko Takahashi NTT Information Sharing
More informationECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria. Stefan Mangard.
Building Secure Hardware ECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria Stefan Mangard Infineon Technologies, Munich, Germany Stefan.Mangard@infineon.com Outline Assets and Requirements
More informationSide-Channel Countermeasures for Hardware: is There a Light at the End of the Tunnel?
Side-Channel Countermeasures for Hardware: is There a Light at the End of the Tunnel? 11. Sep 2013 Ruhr University Bochum Outline Power Analysis Attack Masking Problems in hardware Possible approaches
More informationSecure Design Methodology and The Tree of Trust
Secure Design Methodology and The Tree of Trust Secure Embedded Systems Group ECE Department Virginia Tech The new Cool: Reverse Engineering... Microsoft Zune (http://bunniestudios.com) Under the Hood
More informationA physical level perspective
UMass CS 660 Advanced Information Assurance Spring 2011Guest Lecture Side Channel Analysis A physical level perspective Lang Lin Who am I 5 th year PhD candidate in ECE Advisor: Professor Wayne Burleson
More informationOutline. Trusted Design in FPGAs. FPGA Architectures CLB CLB. CLB Wiring
Outline Trusted Design in FPGAs Mohammad Tehranipoor ECE6095: Hardware Security & Trust University of Connecticut ECE Department Intro to FPGA Architecture FPGA Overview Manufacturing Flow FPGA Security
More informationBreaking Korea Transit Card with Side-Channel Attack
Breaking Korea Transit Card with Side-Channel Attack -Unauthorized Recharging- Black Hat Asia 2017 Tae Won Kim, Tae Hyun Kim, and Seokhie Hong Outline 1. Attack Goal & Scenario 2. Target Device Details
More informationChosen-IV Correlation Power Analysis on KCipher-2 and a Countermeasure
Fourth International Workshop on Constructive Side-Channel Analysis and Secure Design (COSADE 2013) Chosen-IV Correlation Power Analysis on KCipher-2 and a Countermeasure Takafumi Hibiki*, Naofumi Homma*,
More informationClock Glitch Fault Injection Attacks on an FPGA AES Implementation
Journal of Electrotechnology, Electrical Engineering and Management (2017) Vol. 1, Number 1 Clausius Scientific Press, Canada Clock Glitch Fault Injection Attacks on an FPGA AES Implementation Yifei Qiao1,a,
More informationOn-Line Self-Test of AES Hardware Implementations
On-Line Self-Test of AES Hardware Implementations G. Di Natale, M. L. Flottes, B. Rouzeyre Laboratoire d Informatique, de Robotique et de Microélectronique de Montpellier Université Montpellier II / CNRS
More informationInvestigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures
Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures L. BARTHE, P. BENOIT, L. TORRES LIRMM - CNRS - University of Montpellier 2 FPL 10 - Tuesday
More informationIntroduction to Side-Channel Analysis: Basic Concepts and Techniques
Introduction to Side-Channel Analysis: Basic Concepts and Techniques Hardware security, Spring 2018 Lejla Batina March 8, 2018 Institute for Computing and Information Sciences Radboud University 1 Outline
More informationPrototype IC with WDDL and Differential Routing DPA Resistance Assessment
Prototype IC with WDDL and Differential Routing DPA Resistance Assessment Kris Tiri, David Hwang, Alireza Hodjat, Bo-Cheng Lai, Shenglin Yang, Patrick Schaumont, and Ingrid Verbauwhede,2 Electrical Engineering
More informationImplementation of Full -Parallelism AES Encryption and Decryption
Implementation of Full -Parallelism AES Encryption and Decryption M.Anto Merline M.E-Commuication Systems, ECE Department K.Ramakrishnan College of Engineering-Samayapuram, Trichy. Abstract-Advanced Encryption
More information«Safe (hardware) design methodologies against fault attacks»
«Safe (hardware) design methodologies against fault attacks» Bruno ROBISSON Assia TRIA SESAM Laboratory (joint R&D team CEA-LETI/EMSE), Centre Microélectronique de Provence Avenue des Anémones, 13541 Gardanne,
More informationWhoamI. Attacking WBC Implementations No con Name 2017
Attacking WBC Implementations No con Name 2017 1 WHO I AM EDUCATION: Computer Science MSc in IT security COMPANY & ROLES: HCE Security Evaluator R&D Engineer WBC project Responsible of Android security
More informationFAULT DETECTION IN THE ADVANCED ENCRYPTION STANDARD. G. Bertoni, L. Breveglieri, I. Koren and V. Piuri
FAULT DETECTION IN THE ADVANCED ENCRYPTION STANDARD G. Bertoni, L. Breveglieri, I. Koren and V. Piuri Abstract. The AES (Advanced Encryption Standard) is an emerging private-key cryptographic system. Performance
More informationWHAT FUTURE FOR CONTACTLESS CARD SECURITY?
WHAT FUTURE FOR CONTACTLESS CARD SECURITY? Alain Vazquez (alain.vazquez@louveciennes.sema.slb.com) 1/27 AV Contents Major contactless features : summary Contactless major constraints Major security issues
More informationOn the Power of Fault Sensitivity Analysis and Collision Side-Channel Attacks in a Combined Setting
On the Power of Fault Sensitivity Analysis and Collision Side-Channel Attacks in a Combined Setting Amir Moradi 1, Oliver Mischke 1, Christof Paar 1, Yang Li 2, Kazuo Ohta 2, and Kazuo Sakiyama 2 1 Horst
More informationExamples for the Calculation of Attack Potential for Smartcards
Examples for the Calculation of Attack Potential for Smartcards Thomas Schröder, T-Systems GEI GmbH on behalf of the JHAS working group Introduction Basis for the examples The work is based on a collection
More informationA Lightweight AES Implementation Against Bivariate First-Order DPA Attacks Weize Yu and Selçuk Köse
A Lightweight AES Implementation Against Bivariate First-Order DPA Attacks Weize Yu and Selçuk Köse Department of Electrical Engineering University of South Florida 1 Presentation Flow p Side-channel attacks
More informationHow microprobing can attack encrypted memory
How microprobing can attack encrypted memory Sergei Skorobogatov http://www.cl.cam.ac.uk/~sps32 email: sps32@cam.ac.uk Introduction Hardware Security research since 1995 testing microcontrollers and smartcards
More informationSuccessfully Attacking Masked AES Hardware Implementations
Successfully Attacking Masked AES Hardware Implementations Stefan Mangard, Norbert Pramstaller, and Elisabeth Oswald Institute for Applied Information Processing and Communications (IAIK) Graz University
More informationFault Sensitivity Analysis
Fault Sensitivity Analysis Yang Li 1, Kazuo Sakiyama 1, Shigeto Gomisawa 1, Toshinori Fukunaga 2, Junko Takahashi 1,2, and Kazuo Ohta 1 1 Department of Informatics, The University of Electro-Communications
More informationVLSI ARCHITECTURE FOR NANO WIRE BASED ADVANCED ENCRYPTION STANDARD (AES) WITH THE EFFICIENT MULTIPLICATIVE INVERSE UNIT
VLSI ARCHITECTURE FOR NANO WIRE BASED ADVANCED ENCRYPTION STANDARD (AES) WITH THE EFFICIENT MULTIPLICATIVE INVERSE UNIT K.Sandyarani 1 and P. Nirmal Kumar 2 1 Research Scholar, Department of ECE, Sathyabama
More informationElectromagnetic Transient Fault Injection on AES
Electromagnetic Transient Fault Injection on AES Amine DEHBAOUI ¹, Jean-Max DUTERTRE ², Bruno ROBISSON ¹, Assia TRIA ¹ Fault Diagnosis and Tolerance in Cryptography Leuven, Belgium Sunday, September 9,
More informationFPGA CAN BE IMPLEMENTED BY USING ADVANCED ENCRYPTION STANDARD ALGORITHM
FPGA CAN BE IMPLEMENTED BY USING ADVANCED ENCRYPTION STANDARD ALGORITHM P. Aatheeswaran 1, Dr.R.Suresh Babu 2 PG Scholar, Department of ECE, Jaya Engineering College, Chennai, Tamilnadu, India 1 Associate
More informationDifferential Computation Analysis Hiding your White-Box Designs is Not Enough
Differential Computation Analysis Hiding your White-Box Designs is Not Enough Joppe W. Bos Microsoft Research Visit, August 24, 2016 Redmond, WA, USA 1. NXP Semiconductors Operations in > 35 countries,
More informationSecurity of Biometric Passports ECE 646 Fall Team Members : Aniruddha Harish Divya Chinthalapuri Premdeep Varada
Security of Biometric Passports ECE 646 Fall 2013 Team Members : Aniruddha Harish Divya Chinthalapuri Premdeep Varada CONTENTS Introduction to epassports Infrastructure required for epassports Generations
More informationHardware Security. Debdeep Mukhopadhyay
Hardware Security Debdeep Mukhopadhyay Secured Embedded Architecture Laboratory (SEAL) Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Kharagpur, West Bengal, INDIA
More informationDynamic Behavior of RS latches using FIB processing and probe connection
Dynamic Behavior of RS latches using FIB processing and probe connection Naoya Torii 1,2, Dai Yamamoto 1, Masahiko Takenaka 1, and Tsutomu Matsumoto 2 1 Secure Computing Laboratory, Fujitsu Laboratories
More informationThis document is downloaded from DR-NTU, Nanyang Technological University Library, Singapore.
This document is downloaded from DR-NTU, Nanyang Technological University Library, Singapore. Title Interceptive side channel attack on wireless communications for IoT applications( Main Article ) Author(s)
More informationReliable Physical Unclonable Function based on Asynchronous Circuits
Reliable Physical Unclonable Function based on Asynchronous Circuits Kyung Ki Kim Department of Electronic Engineering, Daegu University, Gyeongbuk, 38453, South Korea. E-mail: kkkim@daegu.ac.kr Abstract
More informationAdvanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50
Advanced Encryption Standard and Modes of Operation Foundations of Cryptography - AES pp. 1 / 50 AES Advanced Encryption Standard (AES) is a symmetric cryptographic algorithm AES has been originally requested
More informationFlash Memory Bumping Attacks
Flash Memory Bumping Attacks Sergei Skorobogatov http://www.cl.cam.ac.uk/~sps32 email: sps32@cam.ac.uk Introduction Data protection with integrity check verifying memory integrity without compromising
More informationCOSADE Conference Series
COSADE Conference Series Past, Present, and Future Sorin A. Huss 1 / 24 Initiators Werner Schindler Sorin Alexander Huss 2 / 24 Constructive Side-Channel Analysis and Secure Design Time Period 2010 to
More informationDesign of an Efficient Architecture for Advanced Encryption Standard Algorithm Using Systolic Structures
Design of an Efficient Architecture for Advanced Encryption Standard Algorithm Using Systolic Structures 1 Suresh Sharma, 2 T S B Sudarshan 1 Student, Computer Science & Engineering, IIT, Khragpur 2 Assistant
More informationOn the Simplicity of Converting Leakages from Multivariate to Univariate
On the Simplicity of Converting Leakages from Multivariate to Univariate 21. Aug. 2013, Oliver Mischke Embedded Security Group + Hardware Security Group Ruhr University Bochum, Germany Outline Definitions,
More information@ 2014 SEMAR GROUPS TECHNICAL SOCIETY.
www.semargroup.org, www.ijsetr.com ISSN 2319-8885 Vol.03,Issue.02, February-2014, Pages:0350-0355 Performance Improvement in Fault Detection Schemes for the Advanced Encryption Standard Using Composite
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Secret Key Cryptography Block cipher DES 3DES
More informationConnecting Securely to the Cloud
Connecting Securely to the Cloud Security Primer Presented by Enrico Gregoratto Andrew Marsh Agenda 2 Presentation Speaker Trusting The Connection Transport Layer Security Connecting to the Cloud Enrico
More informationPOWER ANALYSIS RESISTANT SRAM
POWER ANALYSIS RESISTANT ENGİN KONUR, TÜBİTAK-UEKAE, TURKEY, engin@uekae.tubitak.gov.tr YAMAN ÖZELÇİ, TÜBİTAK-UEKAE, TURKEY, yaman@uekae.tubitak.gov.tr EBRU ARIKAN, TÜBİTAK-UEKAE, TURKEY, ebru@uekae.tubitak.gov.tr
More informationA Simple Power Analysis Attack Against the Key Schedule of the Camellia Block Cipher
A Simple Power Analysis Attack Against the Key Schedule of the Camellia Block Cipher Lu Xiao and Howard M. Heys 2 QUALCOMM Incorporated, lxiao@qualcomm.com 2 Electrical and Computer Engineering, Faculty
More informationELECTRONICS DEPARTMENT
ELECTRONICS DEPARTMENT By Eng. 28 th Mar MUSTAFA 2012 M. Efficient SHIPLEImplementation of AES Algorithm Immune to DPA Attack Cryptography processing plaintext cipher text format Block Cipher Stream Cipher
More informationA Reliable Architecture for Substitution Boxes in Integrated Cryptographic Devices
Author manuscript, published in "DCIS'08: Conference on Design of Circuits and Integrated Systems, (2008)" A Reliable Architecture for Substitution Boxes in Integrated Cryptographic Devices G. Di Natale,
More informationPRACTICAL DPA ATTACKS ON MDPL. Elke De Mulder, Benedikt Gierlichs, Bart Preneel, Ingrid Verbauwhede
PRACTICAL DPA ATTACKS ON MDPL Elke De Mulder, Benedikt Gierlichs, Bart Preneel, Ingrid Verbauwhede K.U. Leuven, ESAT/SCD-COSIC and IBBT Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee, Belgium {elke.demulder,benedikt.gierlichs,bart.preneel,ingrid.verbauwhede}@esat.kuleuven.be
More informationPower-Analysis Attack on an ASIC AES implementation
Power-Analysis Attack on an ASIC AES implementation Sıddıka Berna Örs 1 Frank Gürkaynak 2 Elisabeth Oswald 3,4 Bart Preneel 1 1 Katholieke Universiteit Leuven, Dept. ESAT/SCD-COSIC, Kasteelpark Arenberg
More informationHow Safe is Anti-Fuse Memory? IBG Protection for Anti-Fuse OTP Memory Security Breaches
How Safe is Anti-Fuse Memory? IBG Protection for Anti-Fuse OTP Memory Security Breaches Overview A global problem that impacts the lives of millions daily is digital life security breaches. One of the
More informationHardware Implementation of Cryptosystem by AES Algorithm Using FPGA
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology ISSN 2320 088X IMPACT FACTOR: 6.017 IJCSMC,
More informationA Defense Mechanism for Differential Power Analysis Attack in AES
Journal of Computer Science Original Research Paper A Defense Mechanism for Differential Power Analysis Attack in AES 1 M. Rajaramand 2 J. Vijaya 1 Anna University, Chennai, India 2 Vice Chancellor, Anna
More informationEmbedded System Security. Professor Patrick McDaniel Charles Sestito Fall 2015
Embedded System Security Professor Patrick McDaniel Charles Sestito Fall 2015 Embedded System Microprocessor used as a component in a device and is designed for a specific control function within a device
More informationHiding Higher-Order Leakages in Hardware
Hiding Higher-Order Leakages in Hardware 21. May 2015 Ruhr-Universität Bochum Acknowledgement Pascal Sasdrich Tobias Schneider Alexander Wild 2 Story? Threshold Implementation should be explained? 1 st
More informationSmart card Power Analysis: From Theory To Practice
Smart card Power Analysis: From Theory To Practice João Lopes and Ricardo Chaves INESC-ID, Instituto Superior Técnico, Universidade Lisboa Email: joao.c.lopes@tecnico.ulisboa.pt, Ricardo.Chaves@inesc-id.pt
More informationAn Efficient FPGA Implementation of the Advanced Encryption Standard (AES) Algorithm Using S-Box
Volume 5 Issue 2 June 2017 ISSN: 2320-9984 (Online) International Journal of Modern Engineering & Management Research Website: www.ijmemr.org An Efficient FPGA Implementation of the Advanced Encryption
More informationTest Vector Leakage Assessment (TVLA) Derived Test Requirements (DTR) with AES
Test Vector Leakage Assessment (TVLA) Derived Test Requirements (DTR) with AES 1 Document Scope This document describes requirements and test procedures for qualifying DPA-resistant implementations of
More informationIntroduction to Software Countermeasures For Embedded Cryptography
Introduction to Software Countermeasures For Embedded Cryptography David Vigilant UMPC Master, 1 st December, 2017 Outline 1 Context and Motivations 2 Basic Rules and Countermeasures Examples Regarding
More informationIBG Protection for Anti-Fuse OTP Memory Security Breaches
IBG Protection for Anti-Fuse OTP Memory Security Breaches Overview Anti-Fuse Memory IP is considered by some to be the gold standard for secure memory. Once programmed, reverse engineering methods will
More informationDifferential Computation Analysis Hiding your White-Box Designs is Not Enough
Differential Computation Analysis Hiding your White-Box Designs is Not Enough Joppe W. Bos Summer school on real-world crypto and privacy Šibenik, Croatia 1. NXP Semiconductors Operations in > 35 countries,
More informationFault Sensitivity Analysis
Fault Sensitivity Analysis Yang Li 1, Kazuo Sakiyama 1, Shigeto Gomisawa 1, Toshinori Fukunaga 2, Junko Takahashi 1,2,andKazuoOhta 1 1 Department of Informatics, The University of Electro-Communications
More informationWhite-Box Cryptography
Based on: J. W. Bos, C. Hubain, W. Michiels, P. Teuwen. In CHES 2016: Differential computation analysis: Hiding your white-box designs is not enough. White-Box Cryptography Don't Forget About Grey Box
More information128 Bit ECB-AES Crypto Core Design using Rijndeal Algorithm for Secure Communication
IJSRD - International Journal for Scientific Research & Development Vol. 2, Issue 03, 2014 ISSN (online): 2321-0613 128 Bit ECB-AES Crypto Core Design using Rijndeal Algorithm for Secure Communication
More informationCorrelation-Enhanced Power Analysis Collision Attack
Correlation-Enhanced Power Analysis Collision Attack Amir Moradi 1, Oliver Mischke 1, and Thomas Eisenbarth 2 1 Horst Görtz Institute for IT Security Ruhr University Bochum, Germany {moradi, mischke}@crypto.rub.de
More informationPower Analysis Attacks
Power Analysis Attacks Elisabeth Oswald Computer Science Department Crypto Group eoswald@cs.bris.ac.uk Elisabeth.Oswald@iaik.tugraz.at Outline Working principle of power analysis attacks DPA Attacks on
More informationArea Optimization in Masked Advanced Encryption Standard
IOSR Journal of Engineering (IOSRJEN) ISSN (e): 2250-3021, ISSN (p): 2278-8719 Vol. 04, Issue 06 (June. 2014), V1 PP 25-29 www.iosrjen.org Area Optimization in Masked Advanced Encryption Standard R.Vijayabhasker,
More informationSecuring IoT devices with STM32 & STSAFE Products family. Fabrice Gendreau Secure MCUs Marketing & Application Managers EMEA Region
Securing IoT devices with STM32 & STSAFE Products family Fabrice Gendreau Secure MCUs Marketing & Application Managers EMEA Region 2 The leading provider of products and solutions for Smart Driving and
More informationFault-based Cryptanalysis on Block Ciphers
LIRMM / university of Montpellier COSADE 2017, Thursday April 13 2017, Paris, France 1/ 62 Outline 1 2 Fault Model Safe Error Attack DFA Statistical Fault Attack 3 Analog Level Digital Level Application
More informationCorrelated Power Noise Generator as a Low Cost DPA Countermeasures to Secure Hardware AES Cipher
Correlated Power Noise Generator as a Low Cost DPA Countermeasures to Secure Hardware AES Cipher Najeh Kamoun 1, Lilian Bossuet 2, and Adel Ghazel 1 1 CIRTA COM, SUP COM 2 IMS, University of Bordeaux Tunis,
More informationConsidering the Security of Mobile Commerce and Banking. Professor Keith Mayes Information Security Group ACE-CSR
Considering the Security of Mobile Commerce and Banking Professor Keith Mayes Information Security Group ACE-CSR Information Security Group (ISG) Established 1992 17 Full-time Academics, 8+ Research Assistants
More informationGeneral Security. Physical Unclonable Functions and True Random Number Generator. Digital Storage. Authentication. What We Want to Achieve?
General Security Physical Unclonable Functions and True Random Number Generator Mohammad Tehranipoor ECE695: Hardware Security & Trust University of Connecticut ECE Department 2 Digital Storage Authentication
More informationSecurity Policy. 10 th March 2005
DCAP Security Module FIPS 140-2 Level 3 Security Policy 10 th March 2005 Thales e-security Limited, Meadow View House, Long Crendon, Aylesbury, BUCKS HP18 9EQ United Kingdom Tel. +44 (0) 1844 201800 Fax.
More informationUsing Error Detection Codes to detect fault attacks on Symmetric Key Ciphers
Using Error Detection Codes to detect fault attacks on Symmetric Key Ciphers Israel Koren Department of Electrical and Computer Engineering Univ. of Massachusetts, Amherst, MA collaborating with Luca Breveglieri,
More informationCountering power analysis attacks by exploiting characteristics of multicore processors
This article has been accepted and published on J-STAGE in advance of copyediting. Content is final as presented. IEICE Electronics Express, Vol.*, o.*, 1 11 Countering power analysis attacks by exploiting
More informationLow-Overhead Implementation of a Soft Decision Helper Data Algorithm for SRAM PUFs
Low-Overhead Implementation of a Soft Decision Helper Data Algorithm for SRAM PUFs Roel Maes 1, Pim Tuyls 1,2, Ingrid Verbauwhede 1 1. COSIC, K.U.Leuven and IBBT 2. Intrinsic-ID, Eindhoven Workshop on
More informationASIC Performance Comparison for the ISO Standard Block Ciphers
ASIC Performance Comparison for the ISO Standard Block Ciphers Takeshi Sugawara 1, Naofumi Homma 1, Takafumi Aoki 1, and Akashi Satoh 2 1 Graduate School of Information Sciences, Tohoku University Aoba
More informationHardware Security Challenges and Solutions. Mike Bartley TVS, Founder and CEO
Hardware Security Challenges and Solutions Mike Bartley TVS, Founder and CEO Agenda Some background on your speaker and testing safety related systems Threats and solutions Verifying those solutions Bare
More informationON PRACTICAL RESULTS OF THE DIFFERENTIAL POWER ANALYSIS
Journal of ELECTRICAL ENGINEERING, VOL. 63, NO. 2, 212, 125 129 COMMUNICATIONS ON PRACTICAL RESULTS OF THE DIFFERENTIAL POWER ANALYSIS Jakub Breier Marcel Kleja This paper describes practical differential
More informationGoals of Modern Cryptography
Goals of Modern Cryptography Providing information security: Data Privacy Data Integrity and Authenticity in various computational settings. Data Privacy M Alice Bob The goal is to ensure that the adversary
More informationPARAMETRIC TROJANS FOR FAULT-BASED ATTACKS ON CRYPTOGRAPHIC HARDWARE
PARAMETRIC TROJANS FOR FAULT-BASED ATTACKS ON CRYPTOGRAPHIC HARDWARE Raghavan Kumar, University of Massachusetts Amherst Contributions by: Philipp Jovanovic, University of Passau Wayne P. Burleson, University
More informationAtmel Trusted Platform Module June, 2014
Atmel Trusted Platform Module June, 2014 1 2014 Atmel Corporation What is a TPM? The TPM is a hardware-based secret key generation and storage device providing a secure vault for any embedded system Four
More informationFault Injection Attacks and Countermeasures
Fault Injection Attacks and Countermeasures Brněnské bezpečnostní setkávání, FEKT VUT Brno Jakub Breier 28 March 2018 Physical Analysis and Cryptographic Engineering Nanyang Technological University Singapore
More informationCountermeasures against EM Analysis for a Secured FPGA-based AES Implementation
Countermeasures against EM Analysis for a Secured FPGA-based AES Implementation P. Maistri 1, S. Tiran 2, P. Maurine 2, I. Koren 3, R. Leveugle 1 1 Univ. Grenoble Alpes, TIMA Laboratory, F-38031 Grenoble
More informationPractical DFA on AES. Marc Witteman CTO June 13, 2013
Practical DFA on AES Marc Witteman CTO June 13, 2013 DFA on AES, how hard is that? 2003 Gilles Piret and Jean-Jacques Quisquater 2 faults 2013 Christophe Giraud and Adrian Thillard 1 fault 2013 Riscure
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 14: Folklore, Course summary, Exam requirements Ion Petre Department of IT, Åbo Akademi University 1 Folklore on
More informationDaniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven
Goals of authenticated encryption Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven More details, credits: competitions.cr.yp.to /features.html Encryption sender
More informationEffects of Architecture on Information Leakage of a Hardware Advanced Encryption Standard Implementation
Air Force Institute of Technology AFIT Scholar Theses and Dissertations 9-13-2012 Effects of Architecture on Information Leakage of a Hardware Advanced Encryption Standard Implementation Eric A. Koziel
More informationAES ALGORITHM FOR ENCRYPTION
Volume 02 - Issue 05 May 2016 PP. 63-68 AES ALGORITHM FOR ENCRYPTION Radhika D.Bajaj M.Tech VLSI G.H. Raisoni Institute of Engineering And Technology For Women, Nagpur. Dr. U.M. Gokhale Electronics and
More informationDFA on AES. Christophe Giraud. Oberthur Card Systems, 25, rue Auguste Blanche, Puteaux, France.
DFA on AES Christophe Giraud Oberthur Card Systems, 25, rue Auguste Blanche, 92800 Puteaux, France. c.giraud@oberthurcs.com Abstract. In this paper we describe two different DFA attacks on the AES. The
More informationTABLE OF CONTENTS CHAPTER NO. TITLE PAGE NO.
vii TABLE OF CONTENTS CHAPTER NO. TITLE PAGE NO. ABSTRACT LIST OF TABLES LIST OF FIGURES LIST OF SYMBOLS AND ABBREVIATION iii xii xiv xvii 1 INTRODUCTION 1 1.1 GENERAL 1 1.2 TYPES OF WIRELESS COMMUNICATION
More information