Efficient software implementation of AES on 32-bit platforms

Rijndael is the winner algorithm of the AES contest; therefore it should become the most used symmetric-key cryptographic algorithm. One important application of this new standard is cryptography on smart cards. In this paper we present an optimisation of the Rijndael algorithm to speed up execution on 32-bits processors with memory constraints, such as those used in smart cards. First a theoretical analysis of the Rijndael algorithm and of the proposed optimisation is discussed, and then simulation results of the optimised algorithm on different processors are presented and compared with other reference implementations, as known from the technical literature

Implementing a protected zone in a reconfigurable processor for isolated execution of cryptographic algorithms

We design and realize a protected zone inside a reconfigurable and extensible embedded RISC processor for isolated execution of cryptographic algorithms. The protected zone is a collection of processor subsystems such as functional units optimized for high-speed execution of integer operations, a small amount of local memory, and general and special-purpose registers. We outline the principles for secure software implementation of cryptographic algorithms in a processor equipped with the protected zone. We also demonstrate the efficiency and effectiveness of the protected zone by implementing major cryptographic algorithms, namely RSA, elliptic curve cryptography, and AES in the protected zone. In terms of time efficiency, software implementations of these three cryptographic algorithms outperform equivalent software implementations on similar processors reported in the literature. The protected zone is designed in such a modular fashion that it can easily be integrated into any RISC processor; its area overhead is considerably moderate in the sense that it can be used in vast majority of embedded processors. The protected zone can also provide the necessary support to implement TPM functionality within the boundary of a processor

Аналіз апаратної підтримки криптографії у пристроях інтернету речей

This article analyzes the features and functionality of embedded cryptographic accelerators in 8/16/32-bit general purpose microcontrollers designed to adapt traditional cryptography to the requirements of IoT-devices. It is established that traditional cryptographic algorithms and protocols used on the Internet in the case of software implementation do not meet the requirements of things related to –devices, the speed, the amount of memory required, and power consumption. The tendencies of development of light weight cryptography and cryptoaccelerators in microcontrollers from the point of view of balance of safety, cost and productivity are shown. The performance gain in the use of cryptographic accelerators for encryption, hashing and generation of random numbers in comparison with optimized software implementations is estimated. In particular, it is noted that the use of cryptographic accelerators allows to raise the speed of AES encryption 10-20 times for 8/16-bit processors and up to 150 times for 32-bit compared with software implementations of the algorithm. The growth of the SHA-1, SHA-256 hash rate algorithms in 32-bit microcontrollers is more than 100 times faster, and the НМАС is approaching 500. This allows 32-bit processors to use traditional cryptographic algorithms and protocols without significant constraints. It has also been shown that 32-bit microcontrollers have a trend towards the implementation of comprehensive security solutions that not only accelerate a wide range of symmetric and asymmetric algorithms and protocols, but also provide the ability to securely store and generate keys, securely download and update code, support digital signatures, and certificates. It is noted that manufacturers of microcontrollers are increasingly forced to pay attention to physical and algorithmic methods of protecting cryptographic accelerators from attacks through side-channels, in the first place attacks of analysis of power consumption, which constitute the main danger to devices of the Internet of things.У даній статті проаналізовано характеристики та функціональні можливості вбудованих криптоакселераторів у 8/16/32-бітових мікроконтролерах загального призначення, покликаних адаптувати традиційну криптографію до вимог пристроїв Інтернету речей. Встановлено, що традиційні криптоалгоритми і протоколи, що застосовуються в мережі Інтернет при програмній реалізації не відповідають вимогам, які ставляться до пристроїв Інтернету речей. Показано тенденції розвитку легковагової криптографії та криптоакселераторів у мікроконтролерах з точки зору балансу безпеки, вартості і продуктивності. Оцінено виграш в продуктивності при застосуванні криптоакселераторів для шифрування, хешування та генерації випадкових чисел у порівнянні з оптимізованими програмними реалізаціями. Звертається увага на методи захисту криптоакселераторів від атак через сторонні канали, у першу чергу атак на енергоспоживання, що становлять головну небезпеку

Evaluación de la seguridad de sistemas embebidos ante ataques EMA

Los sistemas embebidos de bajo consumo y alto rendimiento, cuya principal aplicación son los dispositivos portátiles tales como: teléfonos móviles, tabletas, consolas de juego, reproductores de música, lectores de libros etc. han experimentado un tremendo auge en los últimos años. Estos dispositivos, además de contener información confidencial (contraseñas, fotos, números de teléfono…) permiten, en su gran mayoría, realizar operaciones bajo redes inalámbricas poco seguras: como transacciones, envío de datos, acceso a cuentas personales etc. Por tanto, se hace imprescindible el análisis del nivel de seguridad alcanzado por estos dispositivos. Sin embargo, a la espera de futuros desarrollos de la estadística, todavía no existe un marco de evaluación de la seguridad totalmente satisfactorio e internacionalmente reconocido. Así por primera vez en este trabajo se evalúa la seguridad relativa de varios microprocesadores representativos del mercado de aplicaciones embebidas de bajo consumo, comparando su respuesta ante un ataque por canal lateral electromagnético. Los dispositivos seleccionados para su evaluación son: 8051 con arquitectura de 8 bits evolucionada (C8051F303 de Silicon Labs). ARM7TDMI-S de 32 bits (LPC2124 de NXP). Dos ARMCortexM3 de 32 bits nunca antes analizados ante ataques por canal lateral: con diseño de alto rendimiento (LPC1769 de NXP) y bajo consumo (STM32L152 de STMicroelectronics). Para la realización de los experimentos se desarrolla un setup propio de medida, altamente automatizado, robusto ante vibraciones y con una capacidad de muestreo superior a lo publicado hasta ahora en la bibliografía. También se propone una nueva métrica para comparar la respuesta de los dispositivos ante ataques por canal lateral, y que se apoya en la correlación estadística. Uno de los elementos cruciales en un ataque por canal lateral electromagnético es el dispositivo o sonda de medida. Las publicaciones de autores que sugieren la utilización de algún tipo de sonda, no aportan datos concluyentes. Este trabajo compara de forma novedosa la respuesta de tres tipos de sondas: dos fabricadas y comercializadas por Electrometrics EM6995 y Langer MFA-R y una tercera fabricada ad-hoc, y manualmente. Como resultado se concluye que cualquier tipo de sonda es factible de ser usada en un ataque electromagnético, aunque son mejores aquellas de alta precisión como la MFA-R de cabeza milimétrica y preamplificador integrado, que sin embargo requieren una preparación y un setup más elaborado. Como resultado final del estudio, se concluye que los dispositivos actuales ARM Cortex M3, ofrecen una seguridad inherente muy superior a la de otros microprocesadores de diseño menos elaborado, y en consecuencia es recomendable usarlos para aquellas aplicaciones cuyos requisitos de seguridad sean elevados. -------------The low power and high performance embedded systems used in mobile devices like mobile phones, tablet computers, music readers, handheld game consoles, book readers… have achieved a great success in the last years. These devices contain confidence information (keys, photographs, telephone numbers…) and usually let us doing operations over unsafe wireless networks: banking transactions, sending data, accessing to personal accounts etc. In consequence, the analysis of the security level reached by these devices is indispensable. However, there isn’t a satisfactory and internationally recognized methodology to assess security. For first time, this work assesses the relative security of several representative low power embedded microprocessors, comparing their response against Electromagnetic Side Channel Attack. The selected devices for this evaluation are: 8051 with new 8 bits architecture (Silicon Labs C8051F303). ARM7TDMI-S of 32 bits (NXP LPC2124). Two 32 bits ARMCortexM3 never before analysed against Side Channel Attacks: with high performance (NXP LPC1769) and low power specifications (STMicroelectronics STM32L152). A measurement setup has been developed to carry out this study. It’s highly automatized, robustly against vibrations and with a higher sampling rate than rest of setups showed in bibliography. Also, a new metric is proposed. It allows to compare device response against correlation side channel attack using statistical correlation. One of the essential elements of an electromagnetic side channel attack is the near field probe. The authors, whose studies suggest the use of some type of probe, do not include conclusion results. This work compares the response of three probes in a new way: Electrometrics EM6995, Langer MFA-R and ones handmade. It concludes that any type of probe is useful in an electromagnetic attack, although the use of high precision probes is recommended. For example, the MFA-R with tiny head and integrated preamplifier. Nevertheless, it requires more training and a precise setup. This study finds out that the updated devices ARM Cortex M3, have a very high security, higher than traditional ones. Therefore, the use of this type of devices in sensitive applications is advisable

Automatic Quantification of Cache Side-Channels

The latency gap between caches and main memory has been successfully exploited for recovering sensitive input to programs, such as cryptographic keys from implementation of AES and RSA. So far, there are no practical general-purpose countermeasures against this threat. In this paper we propose a novel method for automatically deriving upper bounds on the amount of information about the input that an adversary can extract from a program by observing the CPU\u27s cache behavior. At the heart of our approach is a novel technique for efficient counting of concretizations of abstract cache states that enables us to connect state-of-the-art techniques for static cache analysis and quantitative information-flow. We implement our counting procedure on top of the AbsInt TimingExplorer, one of the most advanced engines for static cache analysis. We use our tool to perform a case study where we derive upper bounds on the cache leakage of a 128-bit AES executable on an ARM processor with a realistic cache configuration. We also analyze this implementation with a commonly suggested (but until now heuristic) countermeasure applied, obtaining a formal account of the corresponding increase in security

Physical Fault Injection and Side-Channel Attacks on Mobile Devices:A Comprehensive Analysis

Today's mobile devices contain densely packaged system-on-chips (SoCs) with multi-core, high-frequency CPUs and complex pipelines. In parallel, sophisticated SoC-assisted security mechanisms have become commonplace for protecting device data, such as trusted execution environments, full-disk and file-based encryption. Both advancements have dramatically complicated the use of conventional physical attacks, requiring the development of specialised attacks. In this survey, we consolidate recent developments in physical fault injections and side-channel attacks on modern mobile devices. In total, we comprehensively survey over 50 fault injection and side-channel attack papers published between 2009-2021. We evaluate the prevailing methods, compare existing attacks using a common set of criteria, identify several challenges and shortcomings, and suggest future directions of research

From Pre-Quantum to Post-Quantum IoT Security: A Survey on Quantum-Resistant Cryptosystems for the Internet of Things

© 2020 IEEE. This version of the article has been accepted for publication, after peer review. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.[Absctract]: Although quantum computing is still in its nascent age, its evolution threatens the most popular public-key encryption systems. Such systems are essential for today's Internet security due to their ability for solving the key distribution problem and for providing high security in insecure communications channels that allow for accessing websites or for exchanging e-mails, financial transactions, digitally signed documents, military communications or medical data. Cryptosystems like Rivest-Shamir-Adleman (RSA), elliptic curve cryptography (ECC) or Diffie-Hellman have spread worldwide and are part of diverse key Internet standards like Transport Layer Security (TLS), which are used both by traditional computers and Internet of Things (IoT) devices. It is especially difficult to provide high security to IoT devices, mainly because many of them rely on batteries and are resource constrained in terms of computational power and memory, which implies that specific energy-efficient and lightweight algorithms need to be designed and implemented for them. These restrictions become relevant challenges when implementing cryptosystems that involve intensive mathematical operations and demand substantial computational resources, which are often required in applications where data privacy has to be preserved for the long term, like IoT applications for defense, mission-critical scenarios or smart healthcare. Quantum computing threatens such a long-term IoT device security and researchers are currently developing solutions to mitigate such a threat. This article provides a survey on what can be called post-quantum IoT systems (IoT systems protected from the currently known quantum computing attacks): the main post-quantum cryptosystems and initiatives are reviewed, the most relevant IoT architectures and challenges are analyzed, and the expected future trends are indicated. Thus, this article is aimed at providing a wide view of post-quantum IoT security and give useful guidelines...This work was supported in part by the Xunta de Galicia under Grant ED431G2019/01, in part by the Agencia Estatal de Investigación of Spain under Grant TEC2016-75067-C4- 1-R and Grant RED2018-102668-T, and in part by ERDF funds of the EU (AEI/FEDER, UE).Xunta de Galicia; ED431G2019/0