The embedded security challenge: Protecting bits at rest
|
|
- Pearl Jefferson
- 5 years ago
- Views:
Transcription
1 The embedded security challenge: Protecting bits at rest Patrick Schaumont Acknowledgements: Eric Simpson, Pengyuan Yu Secure Embedded Systems Group ECE Department Secret bits-at-rest Hi-Res Digitized Signature Car Unlock Code AACS Keys (Blu-Ray DVD)
2 Classic security Protect bits 'in flight' using crypto Message Cipher Key Message Cipher Key ??? Embedded security Need more than crypto to protect bits 'at-rest' Secret bits Flash Battery Bus-probing CPU Attach Debugger JTAG Power-analysis Side-channel
3 Keeping secrets in software doesn't work Example - Fairplay encryption scheme of Apple Song Song Audio Master Key Master Key Apple itune Server User Key Machine ID Remove DRM by compromising easy-to-access interfaces April 2007: Steve Jobs announces itunes will sell DRM-free songs Keeping secrets in hardware doesn't work Example: Aladdin etoken (2001) stores PIN in plaintext [grandideastudios.com] April 2007: Secustick ('self-destruct thumbdrive') is broken by means of a trivial hack [tweakers.net/reviews/683/1]
4 We need a secure design methodology Methodology - series of steps that can be learned and repeated. Zero-risk security does not exist Zero-power design does not exist either Low-risk security can be achieved Low-power operation can be achieved Power Area Security Performance Objective of secure design methodology: minimize spatial and temporal footprint of secret bits in embedded systems The starting point: Root of Trust A secret in a box by itself is useless (useless like a key without a matching door-lock) So a secure system contains at least two parts distrusted environment secure embedded system security policy authentication integrity confidentiality non-repudiation availability root-of-trust The part that always works as expected (or so you think!) Secret bits are inside of root-of-trust
5 Characteristics of attacks An 'attack' is an interface into the root-of-trust around the security policy distrusted environment secure embedded system attack abstraction level attacker proximity active/passive logical side-channel physical invasive/non-invasive off-line connected close-range physical side-channel fault-based spoof Example: Cache timing attack MEMORY (20 cycle/acces) data in round keys CACHE (1 cycle/acces) sbox shift rows mix columns (last round) add roundkey data out Execution time dependency due to cache conflicts Software Solution: constant-time crypto (hard)
6 Example: Cache timing attack Timing Side-Channel Root-of-Trust Top-level Policy MEMORY (20 cycle/acces) data in round keys CACHE (1 cycle/acces) sbox shift rows mix columns (last round) add roundkey data out Execution time dependency due to cache conflicts Software Solution: constant-time crypto (hard) Moving Sbox into Hardware SBOX regs (16 byte + 4 byte rkey) register file instruction fetch/ decode DCACHE sbox (AES32) ALU ICACHE 128 Hardware Sbox with ASIP interface CPU AES driver code RAM
7 Moving Sbox into Hardware SBOX regs (16 byte + 4 byte rkey) register file instruction fetch/ decode Cache miss rate per encryption sbox (AES32) 128 Hardware Sbox with ASIP interface Constant Execution Timing ALU CPU DCACHE ICACHE AES driver code RAM Software Sbox: 159 Dcache 138 Icache Hardware Sbox 0 Dcache 52 Icache StrongARM arch 1K I, 1K D cache, 16 byte/line direct Timing Side-channel fixed, but others remain.. Design Step: Secure partitioning Secure design over multiple abstraction levels (protocol, software, hardware, circuits) distrusted environment secure embedded system Interpreter Side-channels non-critical software crypto software Timing Side-channels non-critical hardware/ software crypto hardware Power Side-channels non-critical circuit crypto circuit Physical Tamper-resistance
8 Applications Hardware Chain-of-Trust Can we build a path in a device that is completely trusted, even as it extends into hardware? Side-channel resistant hardware in FPGA Can we port side-channel resistant design styles for ASIC into FPGA while maintaining their properties? Applications Hardware Chain-of-Trust Can we build a path in a device that is completely trusted, even as it extends into hardware? Side-channel resistant hardware in FPGA Can we port side-channel resistant design styles for ASIC into FPGA while maintaining their properties?
9 Hardware Chain of Trust for DRM - Why? D/A & Amplify Side-channel: Probe and extract DRM-free high-quality music Decode Download copy-righted multimedia into player Decrypt (DRM) Flash Memory Hardware Chain of Trust for DRM - Principle Encrypt at Server Hard-drive Challenge: How to build this chain-of-trust? D/A & Amplify Decode Decrypt (DRM) Flash Memory Decrypt at D/A conversion in Player Hardware-specific Key-exchange
10 Chain-of-trust for Video Messaging FPGA-unique encryption CF-card Display SW Trivium Key Message incorrect authentication incomplete chain-of-trust [Eric Simpson, VT] correct authentication complete chain-of-trust SAM key Trivium Stream Cipher VGA FPGA PPC Program Memory Chain-of-trust for Video Messaging FPGA-unique encryption CF-card Display SW Trivium Key Message SAM key Trivium Stream Cipher VGA FPGA PPC Program Memory
11 Chain-of-trust for Video Messaging CF-card FPGA-unique encryption Display SW Trivium Key Message Compact Flash Data PPC Baseline Config FPGA bitstream decryption (keys) SAM key Trivium Stream Cipher VGA FPGA PPC Program Memory Chain-of-trust for Video Messaging CF-card FPGA-unique encryption Display SW SAM key Trivium Key Message Trivium Stream Cipher VGA Compact Flash Data Secure SW & Data Download PPC Baseline Config SAM decryption (PUF) Configure VGA Display FPGA PPC Program Memory
12 Chain-of-trust for Video Messaging CF-card FPGA-unique encryption Display SW Trivium Key Message Compact Flash Data PPC Baseline Config SAM key Trivium Stream Cipher VGA Secure SW & Data Download Configure VGA Display FPGA PPC Program Memory Load Encrypted Message Display Video Message Trivium Stream Cipher (key) Applications Hardware Chain-of-Trust Can we build a path in a device that is completely trusted, even as it extends into hardware? Side-channel resistant hardware in FPGA Can we port side-channel resistant design styles for ASIC into FPGA while maintaining their properties?
13 Side-channel resistant design In KEY LOOKUP TABLE OUT SBOX Power Reduce Power Variation Constant-Power Design Wave Dynamic Differential Logic De-correlate Power Variation Masking Random Switching Logic Reducing Power Variations: WDDL Wave Dynamic Differential Logic (Tiri 2003) Gates have exactly one 0->1 transition per clock cycle Differential Logic Precharge Logic A A Q A Q F B B Q F PRECHRG EVAL Differential output ensures each switch contains 0->1 Precharge output guarantees switching each cycle
14 WDDL NAND Gate A A Q B B Q Φ F A B Q Q PRE EVAL PRE EVAL Exactly one switching event per gate per cycle Matching Interconnect Capacitance WDDL GATE C1 C2 WDDL GATE Asymmetry in C-load gives residual power leakage Need symmetrical place-and-route technique, not easy in contemporary tools
15 Unbalanced WDDL easy to break Impact of imbalance of 1 part in 500 per WDDL net Frequency R KEY = 124 TOGGLE BIN Overall Power Variation ~ 1 per 15,000 KEY 10,000 measurements WDDL in FPGA [Pengyuan Yu, VT] Use FPGA fabric regularity to build a better WDDL Single-Ended Circuit Differential Circuit Copy- Modify- Relocate 'Copy' + 'Relocate' results in identical routing pattern 'Modify' LUT content creates complementary logic function
16 Maping WDDL in FPGA Create complementary function starting from differential netlist by switching Q and Qbar WDDL WDDL with switched Q,Qbar - 4X in area over single-ended + same advantages as WDDL with symmetrical routing 'DWDDL', Double Wave Dynamic Differential Logic Test Setup considers 3 possible cases Single-ended WDDL WDDL + Complementary SE WDDL DWDDL
17 Test setup LFSR KEY LOOKUP TABLE SBOX OUT Measurements AC Current (ma) DWDDL 1 cycle SE ( 1 scale) 10 WDDL
18 DPA on Measurements Correlation on SE Key = Key Correlation peak position on dual-rail design Bit WDDL DWDDL Conclusions In embedded systems, ZERO-risk security does NOT exist In embedded systems, LOW-risk security IS possible Methodology is essential Chain-of-trust Side-channel Resistant Design Many open problems How to quantify security? Number of measurements? Cost versus Security trade-offs? Can we build tools to automate analysis and secure design?
19 Thanks! Patrick Schaumont, Eric Simpson, Pengyuan Yu Secure Embedded Systems Group ECE Department
Secure Design Methodology and The Tree of Trust
Secure Design Methodology and The Tree of Trust Secure Embedded Systems Group ECE Department Virginia Tech The new Cool: Reverse Engineering... Microsoft Zune (http://bunniestudios.com) Under the Hood
More informationSIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017
SIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017 WHAT WE DO What we do Robust and Efficient Cryptographic Protocols Research in Cryptography and
More informationHOST Differential Power Attacks ECE 525
Side-Channel Attacks Cryptographic algorithms assume that secret keys are utilized by implementations of the algorithm in a secure fashion, with access only allowed through the I/Os Unfortunately, cryptographic
More informationImplementation of DPA-Resistant Circuit for FPGA
Implementation of DPA-Resistant Circuit for FPGA Pengyuan Yu Thesis submitted to the Faculty of the Virginia Polytechnic Institute and State University in partial fulfillment of the requirements for the
More informationSide channel attack: Power Analysis. Chujiao Ma, Z. Jerry Shi CSE, University of Connecticut
Side channel attack: Power Analysis Chujiao Ma, Z. Jerry Shi CSE, University of Connecticut Conventional Cryptanalysis Conventional cryptanalysis considers crypto systems as mathematical objects Assumptions:
More informationA Key Management Scheme for DPA-Protected Authenticated Encryption
A Key Management Scheme for DPA-Protected Authenticated Encryption Mostafa Taha and Patrick Schaumont Virginia Tech DIAC-2013 This research was supported in part by the VT-MENA program of Egypt, and by
More informationA physical level perspective
UMass CS 660 Advanced Information Assurance Spring 2011Guest Lecture Side Channel Analysis A physical level perspective Lang Lin Who am I 5 th year PhD candidate in ECE Advisor: Professor Wayne Burleson
More information6.857 L17. Secure Processors. Srini Devadas
6.857 L17 Secure Processors Srini Devadas 1 Distributed Computation Example: Distributed Computation on the Internet (SETI@home, etc.) Job Dispatcher Internet DistComp() { x = Receive(); result = Func(x);
More informationOutline. Trusted Design in FPGAs. FPGA Architectures CLB CLB. CLB Wiring
Outline Trusted Design in FPGAs Mohammad Tehranipoor ECE6095: Hardware Security & Trust University of Connecticut ECE Department Intro to FPGA Architecture FPGA Overview Manufacturing Flow FPGA Security
More informationImplementation Tradeoffs for Symmetric Cryptography
Implementation Tradeoffs for Symmetric Cryptography Télécom ParisTech, LTCI Page 1 Implementation Trade-offs Security Physical attacks Cryptanalysis* Performance energy Throughput Latency Complexity *
More informationEvaluating the Duplication of Dual-Rail Logics on FPGAs
Horst Görtz Institute for IT-Security Evaluating the Duplication of Dual-Rail Logics on FPGAs Alexander Wild, Amir Moradi, Tim Güneysu April 13. 2015 Motivation Dual-rail precharge logic 1 Motivation Dual-rail
More informationFault Sensitivity Analysis
Fault Sensitivity Analysis Yang Li, Kazuo Sakiyama, Shigeto Gomisawa, Kazuo Ohta The University of Electro-Communications liyang@ice.uec.ac.jp Toshinori Fukunaga, Junko Takahashi NTT Information Sharing
More informationLow Power Embedded Security
Low Power Embedded Security Ingrid Verbauwhede K.U.Leuven - ESAT - SCD/COSIC With thanks to: EMSEC and COSIC/HW team members E: ingrid.verbauwhede@esat.kuleuven.be www.emsec.ee.ucla.edu Ingrid Verbauwhede
More informationThe Design and Evaluation Methodology of Dependable VLSI for Tamper Resistance
2013.12.7 DLSI International Symposium The Design and Evaluation Methodology of Dependable VLSI for Focusing on the security of hardware modules - Tamper resistant cryptographic circuit - Evaluation tools
More informationA Countermeasure Circuit for Secure AES Engine against Differential Power Analysis
A Countermeasure Circuit for Secure AES Engine against Differential Power Analysis V.S.Subarsana 1, C.K.Gobu 2 PG Scholar, Member IEEE, SNS College of Engineering, Coimbatore, India 1 Assistant Professor
More informationBreaking the Bitstream Decryption of FPGAs
Breaking the Bitstream Decryption of FPGAs 05. Sep. 2012 Amir Moradi Embedded Security Group, Ruhr University Bochum, Germany Acknowledgment Christof Paar Markus Kasper Timo Kasper Alessandro Barenghi
More informationPrototype IC with WDDL and Differential Routing DPA Resistance Assessment
Prototype IC with WDDL and Differential Routing DPA Resistance Assessment Kris Tiri, David Hwang, Alireza Hodjat, Bo-Cheng Lai, Shenglin Yang, Patrick Schaumont, and Ingrid Verbauwhede,2 Electrical Engineering
More informationDesign methods and tools for side channel attack resistant circuits
Design methods and tools for side channel attack resistant circuits Ingrid Verbauwhede ingrid.verbauwhede-at-esat.kuleuven.be K.U.Leuven, COSIC Computer Security and Industrial Cryptography www.esat.kuleuven.be/cosic
More informationBreaking Korea Transit Card with Side-Channel Attack
Breaking Korea Transit Card with Side-Channel Attack -Unauthorized Recharging- Black Hat Asia 2017 Tae Won Kim, Tae Hyun Kim, and Seokhie Hong Outline 1. Attack Goal & Scenario 2. Target Device Details
More informationSECURITY OF CPS: SECURE EMBEDDED SYSTEMS AS A BASIS
SECURITY OF CPS: SECURE EMBEDDED SYSTEMS AS A BASIS Christoph Krauß, christoph.krauss@aisec.fraunhofer.de Dagstuhl Seminar 11441: Science and Engineering of CPS, November 2011 Overview Introduction Securing
More informationIBG Protection for Anti-Fuse OTP Memory Security Breaches
IBG Protection for Anti-Fuse OTP Memory Security Breaches Overview Anti-Fuse Memory IP is considered by some to be the gold standard for secure memory. Once programmed, reverse engineering methods will
More informationInvestigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures
Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures L. BARTHE, P. BENOIT, L. TORRES LIRMM - CNRS - University of Montpellier 2 FPL 10 - Tuesday
More informationConnecting Securely to the Cloud
Connecting Securely to the Cloud Security Primer Presented by Enrico Gregoratto Andrew Marsh Agenda 2 Presentation Speaker Trusting The Connection Transport Layer Security Connecting to the Cloud Enrico
More informationSIDE CHANNEL RISK EVALUATION AND MEASUREMENT (SCREAM)
SIDE CHANNEL RISK EVALUATION AND MEASUREMENT (SCREAM) A Major Qualifying Project Report Submitted to the Faculty of WORCESTER POLYTECHNIC INSTITUTE By Zachary Goddard Nicholas LaJeunesse 1 Abstract While
More informationImplementing Virtual Secure Circuit Using A Custom-Instruction Approach
Implementing Virtual Secure Circuit Using A Custom-Instruction Approach Zhimin Chen Virginia Tech. Blacksburg, VA 246 chenzm@vt.edu Ambuj Sinha Virginia Tech. Blacksburg, VA 246 ambujs87@vt.edu Patrick
More informationFundamentals of HW-based Security
Fundamentals of HW-based Security Udi Maor CryptoCell-7xx Product Manager Systems and SW Group ARM Tech Forum 2016 - Korea Jun. 28, 2016 What is system security design? Every system design will require
More informationWAP Security. Helsinki University of Technology S Security of Communication Protocols
WAP Security Helsinki University of Technology S-38.153 Security of Communication Protocols Mikko.Kerava@iki.fi 15.4.2003 Contents 1. Introduction to WAP 2. Wireless Transport Layer Security 3. Other WAP
More informationMasking as a Side-Channel Countermeasure in Hardware
Masking as a Side-Channel Countermeasure in Hardware 6. September 2016 Ruhr-Universität Bochum 1 Agenda Physical Attacks and Side Channel Analysis Attacks Measurement setup Power Analysis Attacks Countermeasures
More informationInterfacing a High Speed Crypto Accelerator to an Embedded CPU
Interfacing a High Speed Crypto Accelerator to an Embedded CPU Alireza Hodjat ahodjat @ee.ucla.edu Electrical Engineering Department University of California, Los Angeles Ingrid Verbauwhede ingrid @ee.ucla.edu
More informationCountermeasures against EM Analysis
Countermeasures against EM Analysis Paolo Maistri 1, SebastienTiran 2, Amine Dehbaoui 3, Philippe Maurine 2, Jean-Max Dutertre 4 (1) (2) (3) (4) Context Side channel analysis is a major threat against
More informationDataTraveler 5000 (DT5000) and DataTraveler 6000 (DT6000) Ultimate Security in a USB Flash Drive. Submitted by SPYRUS, Inc.
Submitted by SPYRUS, Inc. Contents DT5000 and DT6000 Technology Overview...2 Why DT5000 and DT6000 Encryption Is Different...3 Why DT5000 and DT6000 Encryption Is Different - Summary...4 XTS-AES Sector-Based
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 14: Folklore, Course summary, Exam requirements Ion Petre Department of IT, Åbo Akademi University 1 Folklore on
More information2.1 Basic Cryptography Concepts
ENEE739B Fall 2005 Part 2 Secure Media Communications 2.1 Basic Cryptography Concepts Min Wu Electrical and Computer Engineering University of Maryland, College Park Outline: Basic Security/Crypto Concepts
More informationWhite-Box Cryptography State of the Art. Paul Gorissen
White-Box Cryptography State of the Art Paul Gorissen paul.gorissen@philips.com Outline Introduction Attack models White-box cryptography How it is done Interesting properties State of the art Conclusion
More informationInvestigation of DPA Resistance of Block RAMs in Cryptographic Implementations on FPGAs
Investigation of DPA Resistance of Block RAMs in Cryptographic Implementations on FPGAs Shaunak Shah Corsec Security, Inc Fairfax, VA, USA Email: sshah@corsec.com Rajesh Velegalati, Jens-Peter Kaps, David
More informationTrojan-tolerant Hardware & Supply Chain Security in Practice
Trojan-tolerant Hardware & Supply Chain Security in Practice Who we are Vasilios Mavroudis Doctoral Researcher, UCL Dan Cvrcek CEO, Enigma Bridge George Danezis Professor, UCL Petr Svenda CTO, Enigma Bridge
More information! Memory Overview. ! ROM Memories. ! RAM Memory " SRAM " DRAM. ! This is done because we can build. " large, slow memories OR
ESE 57: Digital Integrated Circuits and VLSI Fundamentals Lec 2: April 5, 26 Memory Overview, Memory Core Cells Lecture Outline! Memory Overview! ROM Memories! RAM Memory " SRAM " DRAM 2 Memory Overview
More informationARM Security Solutions and Numonyx Authenticated Flash
ARM Security Solutions and Numonyx Authenticated Flash How to integrate Numonyx Authenticated Flash with ARM TrustZone* for maximum system protection Introduction Through a combination of integrated hardware
More informationSection 6. Memory Components Chapter 5.7, 5.8 Physical Implementations Chapter 7 Programmable Processors Chapter 8
Section 6 Memory Components Chapter 5.7, 5.8 Physical Implementations Chapter 7 Programmable Processors Chapter 8 Types of memory Two major types of memory Volatile When power to the device is removed
More informationHow Safe is Anti-Fuse Memory? IBG Protection for Anti-Fuse OTP Memory Security Breaches
How Safe is Anti-Fuse Memory? IBG Protection for Anti-Fuse OTP Memory Security Breaches Overview A global problem that impacts the lives of millions daily is digital life security breaches. One of the
More informationOffline HW/SW Authentication for Reconfigurable Platforms. Eric Simpson, Patrick Schaumont
Offline HW/SW Authentication for Reconfigurable Platforms Eric Simpson, Patrick Schaumont Overview Security considerations for reconfigurable platforms Why today s security mechanisms are insufficient
More informationECE 1160/2160 Embedded Systems Design. Midterm Review. Wei Gao. ECE 1160/2160 Embedded Systems Design
ECE 1160/2160 Embedded Systems Design Midterm Review Wei Gao ECE 1160/2160 Embedded Systems Design 1 Midterm Exam When: next Monday (10/16) 4:30-5:45pm Where: Benedum G26 15% of your final grade What about:
More informationCOS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2018
COS433/Math 473: Cryptography Mark Zhandry Princeton University Spring 2018 Previously on COS 433 Confusion/Diffusion Paradigm f 1 f 2 f 3 f 4 f 5 f 6 Round π 1 f 7 f 8 f 9 f 10 f 11 f 12 π 2 Substitution
More informationStream Ciphers. Stream Ciphers 1
Stream Ciphers Stream Ciphers 1 Stream Ciphers Generate a pseudo-random key stream & xor to the plaintext. Key: The seed of the PRNG Traditional PRNGs (e.g. those used for simulations) are not secure.
More informationSymmetric Key Algorithms. Definition. A symmetric key algorithm is an encryption algorithm where the same key is used for encrypting and decrypting.
Symmetric Key Algorithms Definition A symmetric key algorithm is an encryption algorithm where the same key is used for encrypting and decrypting. 1 Block cipher and stream cipher There are two main families
More informationSemiconductor Memory Classification. Today. ESE 570: Digital Integrated Circuits and VLSI Fundamentals. CPU Memory Hierarchy.
ESE 57: Digital Integrated Circuits and VLSI Fundamentals Lec : April 4, 7 Memory Overview, Memory Core Cells Today! Memory " Classification " ROM Memories " RAM Memory " Architecture " Memory core " SRAM
More informationFPGA Based Design of AES with Masked S-Box for Enhanced Security
International Journal of Engineering Science Invention ISSN (Online): 2319 6734, ISSN (Print): 2319 6726 Volume 3 Issue 5ǁ May 2014 ǁ PP.01-07 FPGA Based Design of AES with Masked S-Box for Enhanced Security
More informationPRACTICAL DPA ATTACKS ON MDPL. Elke De Mulder, Benedikt Gierlichs, Bart Preneel, Ingrid Verbauwhede
PRACTICAL DPA ATTACKS ON MDPL Elke De Mulder, Benedikt Gierlichs, Bart Preneel, Ingrid Verbauwhede K.U. Leuven, ESAT/SCD-COSIC and IBBT Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee, Belgium {elke.demulder,benedikt.gierlichs,bart.preneel,ingrid.verbauwhede}@esat.kuleuven.be
More informationCOSADE Conference Series
COSADE Conference Series Past, Present, and Future Sorin A. Huss 1 / 24 Initiators Werner Schindler Sorin Alexander Huss 2 / 24 Constructive Side-Channel Analysis and Secure Design Time Period 2010 to
More informationSecurity against Timing Analysis Attack
International Journal of Electrical and Computer Engineering (IJECE) Vol. 5, No. 4, August 2015, pp. 759~764 ISSN: 2088-8708 759 Security against Timing Analysis Attack Deevi Radha Rani 1, S. Venkateswarlu
More informationReconfigurable Computing. Introduction
Reconfigurable Computing Tony Givargis and Nikil Dutt Introduction! Reconfigurable computing, a new paradigm for system design Post fabrication software personalization for hardware computation Traditionally
More informationCS310 Embedded Computer Systems. Maeng
1 INTRODUCTION (PART II) Maeng Three key embedded system technologies 2 Technology A manner of accomplishing a task, especially using technical processes, methods, or knowledge Three key technologies for
More informationMicrosemi Secured Connectivity FPGAs
IoT Solutions Microsemi Secured Connectivity FPGAs SmartFusion2 SoC FPGAs Low Power Small Form Factors Scalable Security Secured Connectivity FPGAs Best in Class for IoT Infrastructure The IoT Infrastructure
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 11 Basic Cryptography Objectives Define cryptography Describe hashing List the basic symmetric cryptographic algorithms 2 Objectives
More informationPOWER ANALYSIS RESISTANT SRAM
POWER ANALYSIS RESISTANT ENGİN KONUR, TÜBİTAK-UEKAE, TURKEY, engin@uekae.tubitak.gov.tr YAMAN ÖZELÇİ, TÜBİTAK-UEKAE, TURKEY, yaman@uekae.tubitak.gov.tr EBRU ARIKAN, TÜBİTAK-UEKAE, TURKEY, ebru@uekae.tubitak.gov.tr
More informationA Reliable Architecture for Substitution Boxes in Integrated Cryptographic Devices
Author manuscript, published in "DCIS'08: Conference on Design of Circuits and Integrated Systems, (2008)" A Reliable Architecture for Substitution Boxes in Integrated Cryptographic Devices G. Di Natale,
More informationIntegral Memory PLC. Crypto Dual (Underlying Steel Chassis) and Crypto Dual Plus (Underlying Steel Chassis) FIPS Security Policy
Integral Memory PLC. Chassis) and Crypto Dual Plus (Underlying FIPS 140-2 Security Policy Table of Contents 1. INTRODUCTION... 1 1.1 Purpose....1 1.2 References... 1 1.3 Document History... 1 2. PRODUCT
More informationFPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs, suitable for DFA on AES
, suitable for DFA on AES Jonas Krautter, Dennis R.E. Gnad, Mehdi B. Tahoori 10.09.2018 INSTITUTE OF COMPUTER ENGINEERING CHAIR OF DEPENDABLE NANO COMPUTING KIT Die Forschungsuniversität in der Helmholtz-Gemeinschaft
More informationUses of Cryptography
Uses of Cryptography What can we use cryptography for? Lots of things Secrecy Authentication Prevention of alteration Page 1 Cryptography and Secrecy Pretty obvious Only those knowing the proper keys can
More informationDigital Logic Design using Verilog and FPGA devices Part 2. An Introductory Lecture Series By Chirag Sangani
Digital Logic Design using Verilog and FPGA devices Part 2 An Introductory Lecture Series By A Small Recap Verilog allows us to design circuits, FPGAs allow us to test these circuits in real-time. The
More informationFault injection attacks on cryptographic devices and countermeasures Part 1
Fault injection attacks on cryptographic devices and countermeasures Part 1 Israel Koren Department of Electrical and Computer Engineering University of Massachusetts Amherst, MA Outline Introduction -
More informationENGI 8868/9877 Computer and Communications Security III. BLOCK CIPHERS. Symmetric Key Cryptography. insecure channel
(a) Introduction - recall symmetric key cipher: III. BLOCK CIPHERS k Symmetric Key Cryptography k x e k y yʹ d k xʹ insecure channel Symmetric Key Ciphers same key used for encryption and decryption two
More informationHardware Security. Debdeep Mukhopadhyay
Hardware Security Debdeep Mukhopadhyay Secured Embedded Architecture Laboratory (SEAL) Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Kharagpur, West Bengal, INDIA
More informationStream Ciphers and Block Ciphers
Stream Ciphers and Block Ciphers Ruben Niederhagen September 18th, 2013 Introduction 2/22 Recall from last lecture: Public-key crypto: Pair of keys: public key for encryption, private key for decryption.
More informationImplementation of Full -Parallelism AES Encryption and Decryption
Implementation of Full -Parallelism AES Encryption and Decryption M.Anto Merline M.E-Commuication Systems, ECE Department K.Ramakrishnan College of Engineering-Samayapuram, Trichy. Abstract-Advanced Encryption
More informationCSCE 715: Network Systems Security
CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Next Topic in Cryptographic Tools Symmetric key encryption Asymmetric key encryption Hash functions and
More information3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some
3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some popular block ciphers Triple DES Advanced Encryption
More informationAn Instruction Set Extension for Fast and Memory- Efficient AES Implementation. Stefan Tillich, Johann Großschädl, Alexander Szekely
Institute for Applied Information Processing and Communications () GRAZ UNIVERSITY OF TECHNOLOGY An Instruction Set Extension for Fast and Memory- Efficient AES Implementation Stefan Tillich, Johann Großschädl,
More informationDietary Recommendations for Lightweight Block Ciphers: Power, Energy and Area Analysis of Recently Developed Architectures
Dietary Recommendations for Lightweight Block Ciphers: Power, Energy and Area Analysis of Recently Developed Architectures Lejla Batina, Amitabh Das, Barış Ege, Elif Bilge Kavun, Nele Mentens, Christof
More informationThe S6000 Family of Processors
The S6000 Family of Processors Today s Design Challenges The advent of software configurable processors In recent years, the widespread adoption of digital technologies has revolutionized the way in which
More informationSecurity in NFC Readers
Security in Readers Public Content and security, a different kind of wireless Under the hood of based systems Enhancing the security of an architecture Secure data exchange Information security goals Cryptographic
More informationStream Ciphers and Block Ciphers
Stream Ciphers and Block Ciphers 2MMC10 Cryptology Fall 2015 Ruben Niederhagen October 6th, 2015 Introduction 2/32 Recall: Public-key crypto: Pair of keys: public key for encryption, private key for decryption.
More informationELECTRONICS DEPARTMENT
ELECTRONICS DEPARTMENT By Eng. 28 th Mar MUSTAFA 2012 M. Efficient SHIPLEImplementation of AES Algorithm Immune to DPA Attack Cryptography processing plaintext cipher text format Block Cipher Stream Cipher
More informationL2: FPGA HARDWARE : ADVANCED DIGITAL DESIGN PROJECT FALL 2015 BRANDON LUCIA
L2: FPGA HARDWARE 18-545: ADVANCED DIGITAL DESIGN PROJECT FALL 2015 BRANDON LUCIA 18-545: FALL 2014 2 Admin stuff Project Proposals happen on Monday Be prepared to give an in-class presentation Lab 1 is
More informationAdvanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50
Advanced Encryption Standard and Modes of Operation Foundations of Cryptography - AES pp. 1 / 50 AES Advanced Encryption Standard (AES) is a symmetric cryptographic algorithm AES has been originally requested
More informationFault Sensitivity Analysis
Fault Sensitivity Analysis Yang Li 1, Kazuo Sakiyama 1, Shigeto Gomisawa 1, Toshinori Fukunaga 2, Junko Takahashi 1,2, and Kazuo Ohta 1 1 Department of Informatics, The University of Electro-Communications
More informationSynthesis of Fault-Attack Countermeasures for Cryptographic Circuits
Synthesis of Fault-Attack Countermeasures for Cryptographic Circuits Hassan Eldib, Meng Wu, and Chao Wang CAV, July 23, 2016 Cryptographic Algorithm: an example Plaintext Chip Ciphertext 0110 1001 1011
More informationMing Ming Wong Jawad Haj-Yahya Anupam Chattopadhyay
Hardware and Architectural Support for Security and Privacy (HASP 18), June 2, 2018, Los Angeles, CA, USA Ming Ming Wong Jawad Haj-Yahya Anupam Chattopadhyay Computing and Engineering (SCSE) Nanyang Technological
More informationMasking the Energy Behavior of DES Encryption
Masking the Energy Behavior of DES Encryption H. Saputra, N. Vijaykrishnan, M. Kandemir, M. J. Irwin, R. Brooks, S. Kim and W. Zhang Computer Science and Engineering, Applied Research Lab The Pennsylvania
More informationP2_L6 Symmetric Encryption Page 1
P2_L6 Symmetric Encryption Page 1 Reference: Computer Security by Stallings and Brown, Chapter 20 Symmetric encryption algorithms are typically block ciphers that take thick size input. In this lesson,
More informationPASSWORDS & ENCRYPTION
PASSWORDS & ENCRYPTION Villanova University Department of Computing Sciences D. Justin Price Fall 2014 CRYPTOGRAPHY Hiding the meaning of a message from unintended recipients. Open source algorithms are
More informationData Encryption Standard (DES)
Data Encryption Standard (DES) Best-known symmetric cryptography method: DES 1973: Call for a public cryptographic algorithm standard for commercial purposes by the National Bureau of Standards Goals:
More informationContents Part I Basic Concepts The Nature of Hardware and Software Data Flow Modeling and Transformation
Contents Part I Basic Concepts 1 The Nature of Hardware and Software... 3 1.1 Introducing Hardware/Software Codesign... 3 1.1.1 Hardware... 3 1.1.2 Software... 5 1.1.3 Hardware and Software... 7 1.1.4
More informationSECURE PARTIAL RECONFIGURATION OF FPGAs. Amir S. Zeineddini Kris Gaj
SECURE PARTIAL RECONFIGURATION OF FPGAs Amir S. Zeineddini Kris Gaj Outline FPGAs Security Our scheme Implementation approach Experimental results Conclusions FPGAs SECURITY SRAM FPGA Security Designer/Vendor
More informationFPGA CAN BE IMPLEMENTED BY USING ADVANCED ENCRYPTION STANDARD ALGORITHM
FPGA CAN BE IMPLEMENTED BY USING ADVANCED ENCRYPTION STANDARD ALGORITHM P. Aatheeswaran 1, Dr.R.Suresh Babu 2 PG Scholar, Department of ECE, Jaya Engineering College, Chennai, Tamilnadu, India 1 Associate
More informationECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria. Stefan Mangard.
Building Secure Hardware ECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria Stefan Mangard Infineon Technologies, Munich, Germany Stefan.Mangard@infineon.com Outline Assets and Requirements
More informationHiding Higher-Order Leakages in Hardware
Hiding Higher-Order Leakages in Hardware 21. May 2015 Ruhr-Universität Bochum Acknowledgement Pascal Sasdrich Tobias Schneider Alexander Wild 2 Story? Threshold Implementation should be explained? 1 st
More informationEncryption / decryption system. Fig.1. Block diagram of Hummingbird
801 Lightweight VLSI Design of Hybrid Hummingbird Cryptographic Algorithm NIKITA ARORA 1, YOGITA GIGRAS 2 12 Department of Computer Science, ITM University, Gurgaon, INDIA 1 nikita.0012@gmail.com, 2 gigras.yogita@gmail.com
More informationSide-Channel Countermeasures for Hardware: is There a Light at the End of the Tunnel?
Side-Channel Countermeasures for Hardware: is There a Light at the End of the Tunnel? 11. Sep 2013 Ruhr University Bochum Outline Power Analysis Attack Masking Problems in hardware Possible approaches
More informationTinySec: A Link Layer Security Architecture for Wireless Sensor Networks. Presented by Paul Ruggieri
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry,, David Wagner Presented by Paul Ruggieri 1 Introduction What is TinySec? Link-layer security architecture
More informationOverview ECE 753: FAULT-TOLERANT COMPUTING 1/21/2014. Recap. Fault Modeling. Fault Modeling (contd.) Fault Modeling (contd.)
ECE 753: FAULT-TOLERANT COMPUTING Kewal K.Saluja Department of Electrical and Computer Engineering Fault Modeling Lectures Set 2 Overview Fault Modeling References Fault models at different levels (HW)
More informationCrypto: Symmetric-Key Cryptography
Computer Security Course. Song Crypto: Symmetric-Key Cryptography Slides credit: Dan Boneh, David Wagner, Doug Tygar Overview Cryptography: secure communication over insecure communication channels Three
More informationSecret Key Algorithms (DES)
Secret Key Algorithms (DES) G. Bertoni L. Breveglieri Foundations of Cryptography - Secret Key pp. 1 / 34 Definition a symmetric key cryptographic algorithm is characterized by having the same key used
More informationWhite-Box Cryptography
Based on: J. W. Bos, C. Hubain, W. Michiels, P. Teuwen. In CHES 2016: Differential computation analysis: Hiding your white-box designs is not enough. White-Box Cryptography Don't Forget About Grey Box
More informationD eepa.g.m 3 G.S.Raghavendra 4
Volume 3, Issue 5, May 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Breaking Cryptosystem
More informationDesign Techniques for Side-channel Resistant Embedded Software
Design Techniques for Side-channel Resistant Embedded Software Ambuj Sudhir Sinha Thesis submitted to the Faculty of the Virginia Polytechnic Institute and State University in partial fulfillment of the
More informationOn-Line Self-Test of AES Hardware Implementations
On-Line Self-Test of AES Hardware Implementations G. Di Natale, M. L. Flottes, B. Rouzeyre Laboratoire d Informatique, de Robotique et de Microélectronique de Montpellier Université Montpellier II / CNRS
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More informationHardware-Focused Performance Comparison for the Standard Block Ciphers AES, Camellia, and Triple-DES
Hardware-ocused Performance Comparison for the Standard Block Ciphers AES, Camellia, and Triple-DES Akashi Satoh and Sumio Morioka Tokyo Research Laboratory IBM Japan Ltd. Contents Compact and High-Speed
More informationEE 3170 Microcontroller Applications
EE 3170 Microcontroller Applications Lecture 4 : Processors, Computers, and Controllers - 1.2 (reading assignment), 1.3-1.5 Based on slides for ECE3170 by Profs. Kieckhafer, Davis, Tan, and Cischke Outline
More information