Comparison of Hand-Written RTL code against High-Level Synthesis for Blowfish and Tiny Encrpytion Algorithm (TEA)

Cryptography is the backbone of a secure and reliable communication system. Data security while transmission depends upon the strength of cryptographic algorithm. In this work, Tiny Encryption Algorithms (TEA) and Blowfish algorithms has been implemented using the High Level Synthesis (HLS) and hand-written Register Transfer Level (RTL) approaches in Xilinx Vivado HLS and Xilinx ISE. Comparative evaluation for both implementation approaches has shown that RTL approach is outperforming HLS approach in both algorithms for different parameters like throughput, frequency etc., due to flexibility of designing modules in RTL as compared to HLS approach

A proposal for the use of blockchain in the portuguese voting system

Dissertation presented as the partial requirement for obtaining a Master's degree in Information Management, specialization in Knowledge Management and Business IntelligenceThe key objective of this proposal is to present one of the problems that the Portuguese economy, as well as other European countries, have been facing in regard to the civil society intervention in the democracy: the decrease of turnover rates in the voting system. The main objective is to propose the use of Blockchain technology in the Portuguese Voting System, as a mechanism to counter this trend. In order to understand how the possible application of a remote e-voting system succeeds, Estonia was selected as the case of study. Its architecture, as well as the legal, social and technological issues and challenges associated are investigated in the light of the information collected in the literature review. Considering the case analysis and discussion, a set of recommendations that purpose the use of a remote electronic voting system in the Portuguese electoral system are presented and a critical analysis about the introduction of a Blockchain algorithm is made. This dissertation concludes about the advantages and disadvantages from the use of this decentralized system when compared with a system involving a third-party as the one used in the Estonian I-Voting. The validation is based on interviews and discussions with professors in the area of information systems and law, and also with a contribution of a Digital adviser of the Estonian e-Governance model

Understanding the current trends in mobile crowdsensing - a business model perspective: case MyGeo Trust

Crowdsensing and personal data markets that have emerged around it have rapidly gained momentum in parallel with the appearance of mobile devices. Collecting information via mobile sensors and the applications relying on these, the privacy of mobile users can be threatened, especially in the case of location-related data. In 2015, a research project called MyGeoTrust was initiated to investigate this issue. One aim of the project was to study the potential business models for a trusted, open-source crowdsourcing platform. This study, carried within the MyGeoTrust project, reviews existing literature about business models, location-based services, and open-source software development. It then investigates the relationship between these topics and mobile crowdsensing. As a whole, this thesis provides an overview on the development of location-based services, as well as the current trends and business models in crowdsensing. The empirical part of the thesis employs embedded case study methodology, acquiring empirical data from several sources. The analyzed case is the MyGeoTrust project itself, and other empirical data is collected via market analysis, interim reports, a user survey, and semi-structured interviews. This material forms the baseline for the empirical study and project-specific recommendations. The findings suggest that creating a two- or multisided platform is the most robust business model for mobile crowdsensing. The identified benefits of platform-based business models include facilitating the value exchange between self-governing groups and possibilities to build positive network effects. This is especially the case with open-source software and open data since the key value for users - or “the crowd” in other terms - is created through network effects. In the context of open business models, strategic planning, principally licensing, plays a central role. Also, for a differentiated platform like MyGeoTrust finding the critical mass of users is crucial, in order to create an appealing alternative to current market leaders. Lastly, this study examines how transformational political or legal factors may shape the scene and create requirements for novel, privacy-perceiving solutions. In the present case study, the upcoming European Union (EU) General Data Protection Regulation (GDPR) legislation is a central example of such a factor

Module-per-Object: a Human-Driven Methodology for C++-based High-Level Synthesis Design

High-Level Synthesis (HLS) brings FPGAs to audiences previously unfamiliar to hardware design. However, achieving the highest Quality-of-Results (QoR) with HLS is still unattainable for most programmers. This requires detailed knowledge of FPGA architecture and hardware design in order to produce FPGA-friendly codes. Moreover, these codes are normally in conflict with best coding practices, which favor code reuse, modularity, and conciseness. To overcome these limitations, we propose Module-per-Object (MpO), a human-driven HLS design methodology intended for both hardware designers and software developers with limited FPGA expertise. MpO exploits modern C++ to raise the abstraction level while improving QoR, code readability and modularity. To guide HLS designers, we present the five characteristics of MpO classes. Each characteristic exploits the power of HLS-supported modern C++ features to build C++-based hardware modules. These characteristics lead to high-quality software descriptions and efficient hardware generation. We also present a use case of MpO, where we use C++ as the intermediate language for FPGA-targeted code generation from P4, a packet processing domain specific language. The MpO methodology is evaluated using three design experiments: a packet parser, a flow-based traffic manager, and a digital up-converter. Based on experiments, we show that MpO can be comparable to hand-written VHDL code while keeping a high abstraction level, human-readable coding style and modularity. Compared to traditional C-based HLS design, MpO leads to more efficient circuit generation, both in terms of performance and resource utilization. Also, the MpO approach notably improves software quality, augmenting parametrization while eliminating the incidence of code duplication.Comment: 9 pages. Paper accepted for publication at The 27th IEEE International Symposium on Field-Programmable Custom Computing Machines, San Diego CA, April 28 - May 1, 201

Tamper-Resistant Arithmetic for Public-Key Cryptography

Cryptographic hardware has found many uses in many ubiquitous and pervasive security devices with a small form factor, e.g. SIM cards, smart cards, electronic security tokens, and soon even RFIDs. With applications in banking, telecommunication, healthcare, e-commerce and entertainment, these devices use cryptography to provide security services like authentication, identification and confidentiality to the user. However, the widespread adoption of these devices into the mass market, and the lack of a physical security perimeter have increased the risk of theft, reverse engineering, and cloning. Despite the use of strong cryptographic algorithms, these devices often succumb to powerful side-channel attacks. These attacks provide a motivated third party with access to the inner workings of the device and therefore the opportunity to circumvent the protection of the cryptographic envelope. Apart from passive side-channel analysis, which has been the subject of intense research for over a decade, active tampering attacks like fault analysis have recently gained increased attention from the academic and industrial research community. In this dissertation we address the question of how to protect cryptographic devices against this kind of attacks. More specifically, we focus our attention on public key algorithms like elliptic curve cryptography and their underlying arithmetic structure. In our research we address challenges such as the cost of implementation, the level of protection, and the error model in an adversarial situation. The approaches that we investigated all apply concepts from coding theory, in particular the theory of cyclic codes. This seems intuitive, since both public key cryptography and cyclic codes share finite field arithmetic as a common foundation. The major contributions of our research are (a) a generalization of cyclic codes that allow embedding of finite fields into redundant rings under a ring homomorphism, (b) a new family of non-linear arithmetic residue codes with very high error detection probability, (c) a set of new low-cost arithmetic primitives for optimal extension field arithmetic based on robust codes, and (d) design techniques for tamper resilient finite state machines

Roadmap on optical security

Postprint (author's final draft

Transiently Powered Computers

Demand for compact, easily deployable, energy-efficient computers has driven the development of general-purpose transiently powered computers (TPCs) that lack both batteries and wired power, operating exclusively on energy harvested from their surroundings. TPCs\u27 dependence solely on transient, harvested power offers several important design-time benefits. For example, omitting batteries saves board space and weight while obviating the need to make devices physically accessible for maintenance. However, transient power may provide an unpredictable supply of energy that makes operation difficult. A predictable energy supply is a key abstraction underlying most electronic designs. TPCs discard this abstraction in favor of opportunistic computation that takes advantage of available resources. A crucial question is how should a software-controlled computing device operate if it depends completely on external entities for power and other resources? The question poses challenges for computation, communication, storage, and other aspects of TPC design. The main idea of this work is that software techniques can make energy harvesting a practicable form of power supply for electronic devices. Its overarching goal is to facilitate the design and operation of usable TPCs. This thesis poses a set of challenges that are fundamental to TPCs, then pairs these challenges with approaches that use software techniques to address them. To address the challenge of computing steadily on harvested power, it describes Mementos, an energy-aware state-checkpointing system for TPCs. To address the dependence of opportunistic RF-harvesting TPCs on potentially untrustworthy RFID readers, it describes CCCP, a protocol and system for safely outsourcing data storage to RFID readers that may attempt to tamper with data. Additionally, it describes a simulator that facilitates experimentation with the TPC model, and a prototype computational RFID that implements the TPC model. To show that TPCs can improve existing electronic devices, this thesis describes applications of TPCs to implantable medical devices (IMDs), a challenging design space in which some battery-constrained devices completely lack protection against radio-based attacks. TPCs can provide security and privacy benefits to IMDs by, for instance, cryptographically authenticating other devices that want to communicate with the IMD before allowing the IMD to use any of its battery power. This thesis describes a simplified IMD that lacks its own radio, saving precious battery energy and therefore size. The simplified IMD instead depends on an RFID-scale TPC for all of its communication functions. TPCs are a natural area of exploration for future electronic design, given the parallel trends of energy harvesting and miniaturization. This work aims to establish and evaluate basic principles by which TPCs can operate

Human Factors in Secure Software Development

While security research has made significant progress in the development of theoretically secure methods, software and algorithms, software still comes with many possible exploits, many of those using the human factor. The human factor is often called ``the weakest link'' in software security. To solve this, human factors research in security and privacy focus on the users of technology and consider their security needs. The research then asks how technology can serve users while minimizing risks and empowering them to retain control over their own data. However, these concepts have to be implemented by developers whose security errors may proliferate to all of their software's users. For example, software that stores data in an insecure way, does not secure network traffic correctly, or otherwise fails to adhere to secure programming best practices puts all of the software's users at risk. It is therefore critical that software developers implement security correctly. However, in addition to security rarely being a primary concern while producing software, developers may also not have extensive awareness, knowledge, training or experience in secure development. A lack of focus on usability in libraries, documentation, and tools that they have to use for security-critical components may exacerbate the problem by blowing up the investment of time and effort needed to "get security right". This dissertation's focus is how to support developers throughout the process of implementing software securely. This research aims to understand developers' use of resources, their mindsets as they develop, and how their background impacts code security outcomes. Qualitative, quantitative and mixed methods were employed online and in the laboratory, and large scale datasets were analyzed to conduct this research. This research found that the information sources developers use can contribute to code (in)security: copying and pasting code from online forums leads to achieving functional code quickly compared to using official documentation resources, but may introduce vulnerable code. We also compared the usability of cryptographic APIs, finding that poor usability, unsafe (possibly obsolete) defaults and unhelpful documentation also lead to insecure code. On the flip side, well-thought out documentation and abstraction levels can help improve an API's usability and may contribute to secure API usage. We found that developer experience can contribute to better security outcomes, and that studying students in lieu of professional developers can produce meaningful insights into developers' experiences with secure programming. We found that there is a multitude of online secure development advice, but that these advice sources are incomplete and may be insufficient for developers to retrieve help, which may cause them to choose un-vetted and potentially insecure resources. This dissertation supports that (a) secure development is subject to human factor challenges and (b) security can be improved by addressing these challenges and supporting developers. The work presented in this dissertation has been seminal in establishing human factors in secure development research within the security and privacy community and has advanced the dialogue about the rigorous use of empirical methods in security and privacy research. In these research projects, we repeatedly found that usability issues of security and privacy mechanisms, development practices, and operation routines are what leads to the majority of security and privacy failures that affect millions of end users

Identity management policy and unlinkability: a comparative case study of the US and Germany

This study compares the privacy policies of Germany and the US in the field of identity management. It analyses the emergence of unlinkability within the countries’ electronic citizen identity initiatives. The study used qualitative research methods, including semi-structured interview and document analysis, to analyse the policy-making processes surrounding the issue of unlinkability. The study found that unlinkability is emerging in different ways in each country. Germany’s data protection and privacy regimes are more coherent than the US, and unlinkability was an incremental policy change. US unlinkability policies are a more significant departure from its data protection and policy regimes. New institutionalism is used to help explain the similarities and differences between the two countries’ policies. Scholars have long been calling for the use of privacy-enhancing technologies (PETs) in policy-making, and unlinkability falls into this category. By employing PETs in this way, German and US identity management policies are in the vanguard of their respective privacy regimes. Through these policies, the US comes closer to German and European data protection policies, doing so non-legislatively. The digital citizen identities appearing in both countries must be construed as commercial products inasmuch as official identities. Lack of attendance to the commercial properties of these identities frustrates policy goals. As national governments embark on further identity management initiatives, commercial and design imperatives, such as value to the citizen and usability, must be considered for policy to be successful

Microarchitectural Low-Power Design Techniques for Embedded Microprocessors

With the omnipresence of embedded processing in all forms of electronics today, there is a strong trend towards wireless, battery-powered, portable embedded systems which have to operate under stringent energy constraints. Consequently, low power consumption and high energy efficiency have emerged as the two key criteria for embedded microprocessor design. In this thesis we present a range of microarchitectural low-power design techniques which enable the increase of performance for embedded microprocessors and/or the reduction of energy consumption, e.g., through voltage scaling. In the context of cryptographic applications, we explore the effectiveness of instruction set extensions (ISEs) for a range of different cryptographic hash functions (SHA-3 candidates) on a 16-bit microcontroller architecture (PIC24). Specifically, we demonstrate the effectiveness of light-weight ISEs based on lookup table integration and microcoded instructions using finite state machines for operand and address generation. On-node processing in autonomous wireless sensor node devices requires deeply embedded cores with extremely low power consumption. To address this need, we present TamaRISC, a custom-designed ISA with a corresponding ultra-low-power microarchitecture implementation. The TamaRISC architecture is employed in conjunction with an ISE and standard cell memories to design a sub-threshold capable processor system targeted at compressed sensing applications. We furthermore employ TamaRISC in a hybrid SIMD/MIMD multi-core architecture targeted at moderate to high processing requirements (> 1 MOPS). A range of different microarchitectural techniques for efficient memory organization are presented. Specifically, we introduce a configurable data memory mapping technique for private and shared access, as well as instruction broadcast together with synchronized code execution based on checkpointing. We then study an inherent suboptimality due to the worst-case design principle in synchronous circuits, and introduce the concept of dynamic timing margins. We show that dynamic timing margins exist in microprocessor circuits, and that these margins are to a large extent state-dependent and that they are correlated to the sequences of instruction types which are executed within the processor pipeline. To perform this analysis we propose a circuit/processor characterization flow and tool called dynamic timing analysis. Moreover, this flow is employed in order to devise a high-level instruction set simulation environment for impact-evaluation of timing errors on application performance. The presented approach improves the state of the art significantly in terms of simulation accuracy through the use of statistical fault injection. The dynamic timing margins in microprocessors are then systematically exploited for throughput improvements or energy reductions via our proposed instruction-based dynamic clock adjustment (DCA) technique. To this end, we introduce a 6-stage 32-bit microprocessor with cycle-by-cycle DCA. Besides a comprehensive design flow and simulation environment for evaluation of the DCA approach, we additionally present a silicon prototype of a DCA-enabled OpenRISC microarchitecture fabricated in 28 nm FD-SOI CMOS. The test chip includes a suitable clock generation unit which allows for cycle-by-cycle DCA over a wide range with fine granularity at frequencies exceeding 1 GHz. Measurement results of speedups and power reductions are provided