Secure and Efficient RNS Approach for Elliptic Curve Cryptography

Scalar multiplication, the main operation in elliptic curve cryptographic protocols, is vulnerable to side-channel (SCA) and fault injection (FA) attacks. An efficient countermeasure for scalar multiplication can be provided by using alternative number systems like the Residue Number System (RNS). In RNS, a number is represented as a set of smaller numbers, where each one is the result of the modular reduction with a given moduli basis. Under certain requirements, a number can be uniquely transformed from the integers to the RNS domain (and vice versa) and all arithmetic operations can be performed in RNS. This representation provides an inherent SCA and FA resistance to many attacks and can be further enhanced by RNS arithmetic manipulation or more traditional algorithmic countermeasures. In this paper, extending our previous work, we explore the potentials of RNS as an SCA and FA countermeasure and provide an description of RNS based SCA and FA resistance means. We propose a secure and efficient Montgomery Power Ladder based scalar multiplication algorithm on RNS and discuss its SCAFA resistance. The proposed algorithm is implemented on an ARM Cortex A7 processor and its SCA-FA resistance is evaluated by collecting preliminary leakage trace results that validate our initial assumptions

Similar operation template attack on RSA-CRT as a case study

A template attack, the most powerful side-channel attack methods, usually first builds the leakage profiles from a controlled profiling device, and then uses these profiles to recover the secret of the target device. It is based on the fact that the profiling device shares similar leakage characteristics with the target device. In this study, we focus on the similar operations in a single device and propose a new variant of the template attack, called the similar operation template attack (SOTA). SOTA builds the models on public variables (e.g., input/output) and recovers the values of the secret variables that leak similar to the public variables. SOTA’s advantage is that it can avoid the requirement of an additional profiling device. In this study, the proposed SOTA method is applied to a straightforward RSA-CRT implementation. Because the leakage is (almost) the same in similar operations, we reduce the security of RSA-CRT to a hidden multiplier problem (HMP) over GF(q), which can be solved byte-wise using our proposed heuristic algorithm. The effectiveness of our proposed method is verified as an entire prime recovery procedure in a practical leakage scenario

On the Entropy of Oscillator-Based True Random Number Generators under Ionizing Radiation

The effects of ionizing radiation on field-programmable gate arrays (FPGAs) have been investigated in depth during the last decades. The impact of these effects is typically evaluated on implementations which have a deterministic behavior. In this article, two well-known true-random number generators (TRNGs) based on sampling jittery signals have been exposed to a Co-60 radiation source as in the standard tests for space conditions. The effects of the accumulated dose on these TRNGs, an in particular, its repercussion over their randomness quality (e.g., entropy or linear complexity), have been evaluated by using two National Institute of Standards and Technology (NIST) statistical test suites. The obtained results clearly show how the degradation of the statistical properties of these TRNGs increases with the accumulated dose. It is also notable that the deterioration of the TRNG (non-deterministic component) appears before that the degradation of the deterministic elements in the FPGA, which compromises the integrated circuit lifetime.Ministerio de Economía y Competitividad (ESP-2015-68245-C4-1-P)Ministerio de Economía y Competitividad (ESP-2015-68245-C4-4-P)Ministerio de Economía y Empresa (TIN2016-79095-C2-2-R)CAM (S2013/ICE-3095

Higher-Order Threshold Implementation of the AES S-Box

In this paper we present a threshold implementation of the Advanced Encryption Standard’s S-box which is secure against first- and second-order power analysis attacks. This security guarantee holds even in the presence of glitches, and includes resistance against bivariate attacks. The design requires an area of 7849 Gate Equivalents and 126 bits of randomness per S-box execution. The implementation is tested on an FPGA platform and its security claim is supported by practical leakage detection tests

Réseau des bib en 2015, rapport d\u27activité - Bibliothèque municipale de Dunkerque

Rapport d\u27activité du réseau des bibliothèques de Dunkerque pour l\u27année 2015

PerfWeb: How to Violate Web Privacy with Hardware Performance Events

The browser history reveals highly sensitive information about users, such as financial status, health conditions, or political views. Private browsing modes and anonymity networks are consequently important tools to preserve the privacy not only of regular users but in particular of whistleblowers and dissidents. Yet, in this work we show how a malicious application can infer opened websites from Google Chrome in Incognito mode and from Tor Browser by exploiting hardware performance events (HPEs). In particular, we analyze the browsers' microarchitectural footprint with the help of advanced Machine Learning techniques: k-th Nearest Neighbors, Decision Trees, Support Vector Machines, and in contrast to previous literature also Convolutional Neural Networks. We profile 40 different websites, 30 of the top Alexa sites and 10 whistleblowing portals, on two machines featuring an Intel and an ARM processor. By monitoring retired instructions, cache accesses, and bus cycles for at most 5 seconds, we manage to classify the selected websites with a success rate of up to 86.3%. The results show that hardware performance events can clearly undermine the privacy of web users. We therefore propose mitigation strategies that impede our attacks and still allow legitimate use of HPEs

A MAC Mode for Lightweight Block Ciphers

status: accepte

Ring-LWE:applications to cryptography and their efficient realization

© Springer International Publishing AG 2016. The persistent progress of quantum computing with algorithms of Shor and Proos and Zalka has put our present RSA and ECC based public key cryptosystems at peril. There is a flurry of activity in cryptographic research community to replace classical cryptography schemes with their post-quantum counterparts. The learning with errors problem introduced by Oded Regev offers a way to design secure cryptography schemes in the post-quantum world. Later for efficiency LWE was adapted for ring polynomials known as Ring-LWE. In this paper we discuss some of these ring-LWE based schemes that have been designed. We have also drawn comparisons of different implementations of those schemes to illustrate their evolution from theoretical proposals to practically feasible schemes

FPGA-Based PUF Designs: A Comprehensive Review and Comparative Analysis

Field-programmable gate arrays (FPGAs) have firmly established themselves as dynamic platforms for the implementation of physical unclonable functions (PUFs). Their intrinsic reconfigurability and profound implications for enhancing hardware security make them an invaluable asset in this realm. This groundbreaking study not only dives deep into the universe of FPGA-based PUF designs but also offers a comprehensive overview coupled with a discerning comparative analysis. PUFs are the bedrock of device authentication and key generation and the fortification of secure cryptographic protocols. Unleashing the potential of FPGA technology expands the horizons of PUF integration across diverse hardware systems. We set out to understand the fundamental ideas behind PUF and how crucially important it is to current security paradigms. Different FPGA-based PUF solutions, including static, dynamic, and hybrid systems, are closely examined. Each design paradigm is painstakingly examined to reveal its special qualities, functional nuances, and weaknesses. We closely assess a variety of performance metrics, including those related to distinctiveness, reliability, and resilience against hostile threats. We compare various FPGA-based PUF systems against one another to expose their unique advantages and disadvantages. This study provides system designers and security professionals with the crucial information they need to choose the best PUF design for their particular applications. Our paper provides a comprehensive view of the functionality, security capabilities, and prospective applications of FPGA-based PUF systems. The depth of knowledge gained from this research advances the field of hardware security, enabling security practitioners, researchers, and designers to make wise decisions when deciding on and implementing FPGA-based PUF solutions.publishedVersio

SMART SECURITY MANAGEMENT IN SECURE DEVICES

International audienceAmong other threats, secure components are subjected tophysical attacks whose aim is to recover the secret information theystore. Most of the work carried out to protect these components generally consists in developing protections (or countermeasures) taken one byone. But this “countermeasure-centered” approach drastically decreasesthe performance of the chip in terms of power, speed and availability.In order to overcome this limitation, we propose a complementary approach: smart dynamic management of the whole set of countermeasuresembedded in the component. Three main specifications for such management are required in a real world application (for example, a conditionalaccess system for Pay-TV): it has to provide capabilities for the chip todistinguish between attacks and normal use cases (without the help of ahuman being and in a robust but versatile way); it also has to be basedon mechanisms which dynamically find a trade-off between security andperformance; all these mecanisms have to formalized in a way which isclearly understandable by the designer. In this article, a prototype whichenables such security management is described. The solution is based ona double-processor architecture: one processor embeds a representativeset of countermeasures (and mechanisms to define their parameters) andexecutes the application code. The second processor, on the same chip,applies a given security strategy, but without requesting sensitive datafrom the first processor. The chosen strategy is based on fuzzy logic reasoning to enable the designer to describe, using a fairly simple formalism,both the attack paths and the normal use cases. A proof of concept hasbeen proposed for the smart card part of a conditional access for Pay-TV,but it could easily be fine-tuned for other applications