Chiffrement authentifié sur FPGAs de la partie reconfigurable à la partie static

Communication systems need to access, store, manipulate, or communicate sensitive information. Therefore, cryptographic primitives such as hash functions and block ciphers are deployed to provide encryption and authentication. Recently, techniques have been invented to combine encryption and authentication into a single algorithm which is called Authenticated Encryption (AE). Combining these two security services in hardware produces better performance compared to two separated algorithms since authentication and encryption can share a part of the computation. Because of combining the programmability with the performance ofcustom hardware, FPGAs become more common as an implementation target for such algorithms. The first part of this thesis is devoted to efficient and high-speed FPGA-based architectures of AE algorithms, AES-GCM and AEGIS-128, in order to be used in the reconfigurable part of FPGAs to support security services of communication systems. Our focus on the state of the art leads to the introduction of high-speed architectures for slow changing keys applications like Virtual Private Networks (VPNs). Furthermore, we present an efficient method for implementing the GF(2¹²⁸) multiplier, which is responsible for the authentication task in AES-GCM, to support high-speed applications. Additionally, an efficient AEGIS-128is also implemented using only five AES rounds. Our hardware implementations were evaluated using Virtex-5 and Virtex-4 FPGAs. The performance of the presented architectures (Thr./Slices) outperforms the previously reported ones.The second part of the thesis presents techniques for low cost solutions in order to secure the reconfiguration of FPGAs. We present different ranges of low cost implementations of AES-GCM, AES-CCM, and AEGIS-128, which are used in the static part of the FPGA in order to decrypt and authenticate the FPGA bitstream. Presented ASIC architectures were evaluated using 90 and 65 nm technologies and they present better performance compared to the previous work.Les systèmes de communication ont besoin d'accéder, stocker, manipuler, ou de communiquer des informations sensibles. Par conséquent, les primitives cryptographiques tels que les fonctions de hachage et le chiffrement par blocs sont déployés pour fournir le cryptage et l'authentification. Récemment, des techniques ont été inventés pour combiner cryptage et d'authentification en un seul algorithme qui est appelé authentifiés Encryption (AE). La combinaison de ces deux services de sécurité dans le matériel de meilleures performances par rapport aux deux algorithmes séparés puisque l'authentification et le cryptage peuvent partager une partie du calcul. En raison de la combinaison de la programmation de l'exécution de matériel personnalisé, FPGA deviennent plus communs comme cible d'une mise en œuvre de ces algorithmes. La première partie de cette thèse est consacrée aux architectures d'algorithmes AE, AES-GCM et AEGIS-128 à base de FPGA efficaces et à grande vitesse, afin d'être utilisé dans la partie reconfigurable FPGA pour soutenir les services de sécurité des systèmes de communication. Notre focalisation sur l'état de l'art conduit à la mise en place d'architectures à haute vitesse pour les applications lentes touches changeantes comme les réseaux privés virtuels (VPN). En outre, nous présentons un procédé efficace pour mettre en œuvre le GF(2¹²⁸) multiplicateur, qui est responsable de la tâche d'authentification en AES-GCM, pour supporter les applications à grande vitesse. En outre, un système efficace AEGIS-128 est également mis en œuvre en utilisant seulement cinq tours AES. Nos réalisations matérielles ont été évaluées à l'aide Virtex-5 et Virtex-4 FPGA. La performance des architectures présentées (Thr. / Parts) surpasse ceux signalés précédemment. La deuxième partie de la thèse présente des techniques pour des solutions à faible coût afin de garantir la reconfiguration du FPGA. Nous présentons différentes gammes de mises en œuvre à faible coût de AES-GCM, AES-CCM, et AEGIS-128, qui sont utilisés dans la partie statique du FPGA afin de décrypter et authentifier le bitstream FPGA. Architectures ASIC présentées ont été évaluées à l'aide de 90 et 65 technologies nm et présentent de meilleures performances par rapport aux travaux antérieurs

Security enhancements for FPGA-based MPSoCs: a boot-to-runtime protection flow for an embedded Linux-based system

International audienceNowadays, embedded systems become more and more complex: the hardware/software codesign approach is a method to create such systems in a single chip which can be based on reconfigurable technologies such as FPGAs (Field-Programmable Gate Arrays). In such systems, data exchanges are a key point as they convey critical and confidential information and data are transmitted between several hardware modules and software layers. In case of an FPGA development life cycle, OS (Operating System) / data updates as runtime communications can be done through an insecure link: attackers can use this medium to make the system misbehave (malicious injection) or retrieve bitstream-related information (eavesdropping). Recent works propose solutions to securely boot a bitstream and the associated OS while runtime transactions are not protected. This work proposes a full boot-to-runtime protection flow of an embedded Linux kernel during boot and confidentiality/integrity protection of the external memory containing the kernel and the main application code/data. This work shows that such a solution with hardware components induces an area occupancy of 10% of a xc6vlx240t Virtex-6 FPGA while having an improved throughput for Linux booting and lowlatency security for runtime protection

Compact Field Programmable Gate Array Based Physical Unclonable Functions Circuits

The Physical Unclonable Functions (PUFs) is a candidate to provide a secure solid root source for identification and authentication applications. It is precious for FPGA-based systems, as FPGA designs are vulnerable to IP thefts and cloning. Ideally, the PUFs should have strong random variations from one chip to another, and thus each PUF is unique and hard to replicate. Also, the PUFs should be stable over time so that the same challenge bits always yield the same result. Correspondingly, one of the major challenges for FPGA-based PUFs is the difficulty of avoiding systematic bias in the integrated circuits but also pulling out consistent characteristics as the PUF at the same time. This thesis discusses several compact PUF structures relying on programmable delay lines (PDLs) and our novel intertwined programmable delays (IPD). We explore the strategy to extract the genuinely random PUF from these structures by minimizing the systematic biases. Yet, our methods still maintain very high reliability. Furthermore, our proposed designs, especially the TERO-based PUFs, show promising resilience to machine learning (ML) attacks. We also suggest the bit-bias metric to estimate PUF’s complexity quickly

An IoT Endpoint System-on-Chip for Secure and Energy-Efficient Near-Sensor Analytics

Near-sensor data analytics is a promising direction for IoT endpoints, as it minimizes energy spent on communication and reduces network load - but it also poses security concerns, as valuable data is stored or sent over the network at various stages of the analytics pipeline. Using encryption to protect sensitive data at the boundary of the on-chip analytics engine is a way to address data security issues. To cope with the combined workload of analytics and encryption in a tight power envelope, we propose Fulmine, a System-on-Chip based on a tightly-coupled multi-core cluster augmented with specialized blocks for compute-intensive data processing and encryption functions, supporting software programmability for regular computing tasks. The Fulmine SoC, fabricated in 65nm technology, consumes less than 20mW on average at 0.8V achieving an efficiency of up to 70pJ/B in encryption, 50pJ/px in convolution, or up to 25MIPS/mW in software. As a strong argument for real-life flexible application of our platform, we show experimental results for three secure analytics use cases: secure autonomous aerial surveillance with a state-of-the-art deep CNN consuming 3.16pJ per equivalent RISC op; local CNN-based face detection with secured remote recognition in 5.74pJ/op; and seizure detection with encrypted data collection from EEG within 12.7pJ/op.Comment: 15 pages, 12 figures, accepted for publication to the IEEE Transactions on Circuits and Systems - I: Regular Paper

Physically Uncloneable Functions in the Stand-Alone and Universally Composable Framework

In this thesis, we investigate the possibility of basing cryptographic primitives on Physically Uncloneable Functions (PUF). A PUF is a piece of hardware that can be seen as a source of randomness. When a PUF is evaluated on a physical stimulus, it answers with a noisy output. PUFs are unpredictable such that even if a chosen stimulus is given, it should be infeasible to predict the corresponding output without physically evaluating the PUF. Furthermore, PUFs are uncloneable, which means that even if all components of the system are known, it is computational infeasible to model their behavior. In the course of this dissertation, we discuss PUFs in the context of their implementation, their mathematical description, as well as their usage as a cryptographic primitive and in cryptographic protocols. We first give an overview of the most prominent PUF constructions in order to derive subsequently an appropriate mathematical PUF model. It turns out that this is a non- trivial task, because it is not certain which common security properties are generally necessary and achievable due to the numerous PUF implementations. Next, we consider PUFs in security applications. Due to the properties of PUFs, these hardware tokens are good to build authentication protocols that rely on challenge/response pairs. If the number of potential PUF-based challenge/response pairs is large enough, an adversary cannot measure all PUF responses. Therefore, the at- tacker will most likely not be able to answer the challenge of the issuing party even if he had physical access to the PUF for a short time. However, we show that some of the previously suggested protocols are not fully secure in the attacker model where the adversary has physical control of the PUF and the corresponding reader during a short time. Finally, we analyze PUFs in the universally composable (UC) framework for the first time. Although hardware tokens have been considered before in the UC framework, designing PUF-based protocols is fundamentally different from other hardware token approaches. One reason is that the manufacturer of the PUF creates a physical object that outputs pseudorandom values, but where no specific code is running. In fact, the functional behavior of the PUF is unpredictable even for the PUF creator. Thus, only the party in possession of the PUF has full access to the secrets. After formalizing PUFs in the UC framework, we derive efficient UC-secure protocols for basic tasks like oblivious transfer, commitments, and key exchange

Protection des architectures hétérogènes multiprocesseurs dans les systèmes embarqués : Une approche décentralisée basée sur des pare-feux matériels

Embedded systems are used in several domains and are parts of our daily life : we use them when we use our smartphones or when we drive our modern cars embeddingGPS, light/rain sensors and other electronic assistance mechanisms. These systems process sensitive data (such as credit card numbers, critical information about the host system and so on) which must be protected against external attacks as these data are transmitted through a communication link where the attacker can connect to extract sensitive information or inject malicious code within the system. Unfortunately, embedded systems containmore andmore components which make more and more security breaches that can be exploited to provoke attacks. One of the goals of this thesis is to propose a method to protect communications and memories in a multiprocessor architecture implemented in a FPGA reconfigurable chip. The method is based on the implementation of hardware mechanisms offering monitoring and cryptographic features in order to give a secured execution environment according to a given threat model. The main goal of the solution proposed in this work is to minimize perturbations in the data traffic ; it is considered that it can be accomplished by focusing on the latency impact of our security mechanisms. Our solution is also sensible to attack events : as soon as an attack is detected, an update process of security policies can be enabled. Following an analysis of implementation results, two extensions of the basic solution are described : a fully-secured flow for startup/maintenance of FPGA-based multiprocessor systems and a method to improve attacks detection in order to take into account software parameters in multitasks applications.Les systèmes embarqués sont présents dans de nombreux domaines et font même partie de notre quotidien à travers les smartphones ou l'électronique embarquée dans les voitures par exemple. Ces systèmes manipulent des données sensibles (codes de carte bleue, informations techniques sur le système hôte. . . ) qui doivent être protégées contre les attaques extérieures d'autant plus que ces données sont transmises sur un canal de communication sur lequel l'attaquant peut se greffer pour extraire des données ou injecter du code malveillant. Le fait que ces systèmes contiennent de plus en plus de composants dans une seule et même puce augmente le nombre de failles qui peuvent être exploitées pour provoquer des attaques. Les travaux menés dans cemanuscrit s'attachent à proposer une méthode de sécurisation des communications et des mémoires dans une architecture multiprocesseur embarquée dans un composant reconfigurable FPGA par l'implantation de mécanismes matériels qui proposent des fonctions de surveillance et de cryptographie afin de protéger le système contre un modèle de menaces prédéfini tout en minimisant l'impact en latence pour éviter de perturber le trafic des données dans le système. Afin de répondre au mieux aux tentatives d'attaques, le protocole demise à jour est également défini. Après une analyse des résultats obtenus par différentes implémentations, deux extensions sont proposées : un flot de sécurité complet dédié à la mise en route et la maintenance d'un système multiprocesseur sur FPGA ainsi qu'une amélioration des techniques de détection afin de prendre en compte des paramètres logiciels dans les applications multi-tâches