Software and Critical Technology Protection Against Side Channel Analysis Through Dynamic Hardware Obfuscation

Side Channel Analysis (SCA) is a method by which an adversary can gather information about a processor by examining the activity being done on a microchip though the environment surrounding the chip. Side Channel Analysis attacks use SCA to attack a microcontroller when it is processing cryptographic code, and can allow an attacker to gain secret information, like a crypto-algorithm\u27s key. The purpose of this thesis is to test proposed dynamic hardware methods to increase the hardware security of a microprocessor such that the software code being run on the microprocessor can be made more secure without having to change the code. This thesis uses the Java Optimized Processor (JOP) to identify and _x SCA vulnerabilities to give a processor running RSA or AES code more protection against SCA attacks

Dynamic Polymorphic Reconfiguration to Effectively “CLOAK” a Circuit’s Function

Today\u27s society has become more dependent on the integrity and protection of digital information used in daily transactions resulting in an ever increasing need for information security. Additionally, the need for faster and more secure cryptographic algorithms to provide this information security has become paramount. Hardware implementations of cryptographic algorithms provide the necessary increase in throughput, but at a cost of leaking critical information. Side Channel Analysis (SCA) attacks allow an attacker to exploit the regular and predictable power signatures leaked by cryptographic functions used in algorithms such as RSA. In this research the focus on a means to counteract this vulnerability by creating a Critically Low Observable Anti-Tamper Keeping Circuit (CLOAK) capable of continuously changing the way it functions in both power and timing. This research has determined that a polymorphic circuit design capable of varying circuit power consumption and timing can protect a cryptographic device from an Electromagnetic Analysis (EMA) attacks. In essence, we are effectively CLOAKing the circuit functions from an attacker

Side-Channel Attacks and Countermeasures for the MK-3 Authenticated Encryption Scheme

In the field of cryptography, the focus is often placed on security in a mathematical or information-theoretic sense; for example, cipher security is typically evaluated by the difficulty of deducing the plaintext from the ciphertext without knowledge of the key. However, once these cryptographic schemes are implemented in electronic devices, another class of attack presents itself. Side-channel attacks take advantage of the side effects of performing a computation, such as power consumption or electromagnetic emissions, to extract information outside of normal means. In particular, these side-channels can reveal parts of the internal state of a computation. This is important because intermediate values occurring during computation are typically considered implementation details, invisible to a potential attacker. If this information is revealed, then the assumptions of a non-side-channel-aware security analysis based only on inputs and outputs will no longer hold, potentially enabling an attack. This work tests the effectiveness of power-based side-channel attacks against MK-3, a customizable authenticated encryption scheme developed in a collaboration between RIT and L3Harris Technologies. Using an FPGA platform, Correlation Power Analysis (CPA) is performed on several different implementations of the algorithm to evaluate their resistance to power side-channel attacks. This method does not allow the key to be recovered directly; instead, an equivalent 512-bit intermediate state value is targeted. By applying two sequential stages of analysis, a total of between 216 and 322 bits are recovered, dependent on customization parameters. If a 128-bit key is used, then this technique has no benefit to an attacker over brute-forcing the key itself; however, in the case of a 256-bit key, CPA may provide up to a 66-bit advantage. In order to completely defend MK-3 against this type of attack, several potential countermeasures are discussed at the implementation, design, and overall system levels

Evaluating Performance and Efficiency of a 16-bit Substitution Box on an FPGA

A Substitution Box (S-Box) is an integral component of modern block ciphers that provides confusion. The term confusion was introduced by Shannon in 1949 and it refers to the complexity of the relationship between the key and the ciphertext. Most S-Boxes are non-linear in order to promote confusion. Due to this, the S-Box is usually the most complex component of a block cipher. The Advanced Encryption Standard (AES) features an 8-bit S-Box where the output depends on the Galois field multiplicative inverse of the input. MK-3 is a sponge based Authenticated Encryption (AE) algorithm which provides both authenticity and confidentiality. It was developed through a joint effort between the Rochester Institute of Technology and the former Harris Corporation, now L3Harris. The MK-3 algorithm has a state that is 512 bits wide and it uses 32 instances of a 16-bit S-Box to cover the entire state. These 16-bit S-Boxes are similar to what is seen in the AES, however, they are notably larger and more complex. Binary Galois field arithmetic is well suited to hardware implementations where addition and multiplication are mapped to a combination of basic XOR and AND operations. A simple method to calculate Galois field multiplicative inversion is through the extended Euclidean algorithm. This is, however, very expensive to implement in hardware. A possible solution is to use a composite field representation, where the original operation is broken down to a series of simpler operations in the base field. This lends itself very well to implementations that consume less area and power with better performance. Given the size and number of the S-Boxes in MK-3, these units contribute to the majority of the implementation resources. Several composite field structures are explored in this work which provide different area utilization and clock frequency characteristics. This thesis evaluates the composite field structures and recommends several candidates for high performing MK-3 Field Programmable Gate Array (FPGA) applications

Assessment of Hiding the Higher-Order Leakages in Hardware - what are the achievements versus overheads?

Higher-order side-channel attacks are becoming amongst the major interests of academia as well as industry sector. It is indeed being motivated by the development of countermeasures which can prevent the leakages up to certain orders. As a concrete example, threshold implementation (TI) as an efficient way to realize Boolean masking in hardware is able to avoid first-order leakages. Trivially, the attacks conducted at second (and higher) orders can exploit the corresponding leakages hence devastating the provided security. Hence, the extension of TI to higher orders was being expected which has been presented at ASIACRYPT 2014. Following its underlying univariate settings it can provide security at higher orders, and its area and time overheads naturally increase with the desired security order. In this work we look at the feasibility of higher-order attacks on first-order TI from another perspective. Instead of increasing the order of resistance by employing higher-order TIs, we realize the first-order TI designs following the principles of a power-equalization technique dedicated to FPGA platforms, that naturally leads to hardening higher-order attacks. We show that although the first-order TI designs, which are additionally equipped by the power-equalization methodology, have significant area overhead, they can maintain the same throughput and more importantly can avoid the higher-order leakages to be practically exploitable by up to 1 billion traces

Hardware security design from circuits to systems

The security of hardware implementations is of considerable importance, as even the most secure and carefully analyzed algorithms and protocols can be vulnerable in their hardware realization. For instance, numerous successful attacks have been presented against the Advanced Encryption Standard, which is approved for top secret information by the National Security Agency. There are numerous challenges for hardware security, ranging from critical power and resource constraints in sensor networks to scalability and automation for large Internet of Things (IoT) applications. The physically unclonable function (PUF) is a promising building block for hardware security, as it exposes a device-unique challenge-response behavior which depends on process variations in fabrication. It can be used in a variety of applications including random number generation, authentication, fingerprinting, and encryption. The primary concerns for PUF are reliability in presence of environmental variations, area and power overhead, and process-dependent randomness of the challenge-response behavior. Carbon nanotube field-effect transistors (CNFETs) have been shown to have excellent electrical and unique physical characteristics. They are a promising candidate to replace silicon transistors in future very large scale integration (VLSI) designs. We present the Carbon Nanotube PUF (CNPUF), which is the first PUF design that takes advantage of unique CNFET characteristics. CNPUF achieves higher reliability against environmental variations and increases the resistance against modeling attacks. Furthermore, CNPUF has a considerable power and energy reduction in comparison to previous ultra-low power PUF designs of 89.6% and 98%, respectively. Moreover, CNPUF allows a power-security tradeoff in an extended design, which can greatly increase the resilience against modeling attacks. Despite increasing focus on defenses against physical attacks, consistent security oriented design of embedded systems remains a challenge, as most formalizations and security models are concerned with isolated physical components or a high-level concept. Therefore, we build on existing work on hardware security and provide four contributions to system-oriented physical defense: (i) A system-level security model to overcome the chasm between secure components and requirements of high-level protocols; this enables synergy between component-oriented security formalizations and theoretically proven protocols. (ii) An analysis of current practices in PUF protocols using the proposed system-level security model; we identify significant issues and expose assumptions that require costly security techniques. (iii) A System-of-PUF (SoP) that utilizes the large PUF design-space to achieve security requirements with minimal resource utilization; SoP requires 64% less gate-equivalent units than recently published schemes. (iv) A multilevel authentication protocol based on SoP which is validated using our system-level security model and which overcomes current vulnerabilities. Furthermore, this protocol offers breach recognition and recovery. Unpredictability and reliability are core requirements of PUFs: unpredictability implies that an adversary cannot sufficiently predict future responses from previous observations. Reliability is important as it increases the reproducibility of PUF responses and hence allows validation of expected responses. However, advanced machine-learning algorithms have been shown to be a significant threat to the practical validity of PUFs, as they can accurately model PUF behavior. The most effective technique was shown to be the XOR-based combination of multiple PUFs, but as this approach drastically reduces reliability, it does not scale well against software-based machine-learning attacks. We analyze threats to PUF security and propose PolyPUF, a scalable and secure architecture to introduce polymorphic PUF behavior. This architecture significantly increases model-building resistivity while maintaining reliability. An extensive experimental evaluation and comparison demonstrate that the PolyPUF architecture can secure various PUF configurations and is the only evaluated approach to withstand highly complex neural network machine-learning attacks. Furthermore, we show that PolyPUF consumes less energy and has less implementation overhead in comparison to lightweight reference architectures. Emerging technologies such as the Internet of Things (IoT) heavily rely on hardware security for data and privacy protection. The outsourcing of integrated circuit (IC) fabrication introduces diverse threat vectors with different characteristics, such that the security of each device has unique focal points. Hardware Trojan horses (HTH) are a significant threat for IoT devices as they process security critical information with limited resources. HTH for information leakage are particularly difficult to detect as they have minimal footprint. Moreover, constantly increasing integration complexity requires automatic synthesis to maintain the pace of innovation. We introduce the first high-level synthesis (HLS) flow that produces a threat-targeted and security enhanced hardware design to prevent HTH injection by a malicious foundry. Through analysis of entropy loss and criticality decay, the presented algorithms implement highly resource-efficient targeted information dispersion. An obfuscation flow is introduced to camouflage the effects of dispersion and reduce the effectiveness of reverse engineering. A new metric for the combined security of the device is proposed, and dispersion and obfuscation are co-optimized to target user-supplied threat parameters under resource constraints. The flow is evaluated on existing HLS benchmarks and a new IoT-specific benchmark, and shows significant resource savings as well as adaptability. The IoT and cloud computing rely on strong confidence in security of confidential or highly privacy sensitive data. As (differential) power attacks can take advantage of side-channel leakage to expose device-internal secrets, side-channel leakage is a major concern with ongoing research focus. However, countermeasures typically require expert-level security knowledge for efficient application, which limits adaptation in the highly competitive and time-constrained IoT field. We address this need by presenting the first HLS flow with primary focus on side-channel leakage reduction. Minimal security annotation to the high-level C-code is sufficient to perform automatic analysis of security critical operations with corresponding insertion of countermeasures. Additionally, imbalanced branches are detected and corrected. For practicality, the flow can meet both resource and information leakage constraints. The presented flow is extensively evaluated on established HLS benchmarks and a general IoT benchmark. Under identical resource constraints, leakage is reduced between 32% and 72% compared to the baseline. Under leakage target, the constraints are achieved with 31% to 81% less resource overhead

Generación de falsas claves criptográficas como medida de protección frente a ataques por canal lateral

In the late 90s, Paul C. Kocher introduced the concept of differential attack focused on the power consumption of a cryptographic device. In this type of analysis the plain text sent to the device is known, and all possible hypotheses of a subset of the key, related to a specific point of the cryptographic algorithm, are tested. If the key value at that point depends only on 1 byte, it is possible to predict the input current based on a theoretical model of power consumption. Thus, using statistic procedures, it is easy to compare the consumption measured during the processing of each plain text and the intermediate values related to all the hypothesis of the key.The one with the highest level of similarity will correspond to the actual key. So far the countermeasures proposed to prevent the success of the attack can be classified into two groups: Masking and Hiding. Masking tries to decouple the processed data and the power consumption by adding a random mask which is unknown by the attacker. Therefore, it is impossible to make a hypothesis that allows the theoretical and the real power consumption of the device to be related. Although is a valid method, the key could be revealed by performing a second-order attack that analyzes several points of the current trace. Hiding aims at making constant the consumption of a device in each clock cycle and independent of the processed data. In order to achieve this objective, the data is processed in double line, in such a way that the datum and its complementary are processed together, so that the same number of transitions always occur on every clock cycle. The weakness of such a method lies on the impossibility of building identical CMOS cells, which causes a minimum difference of consumption between the two lines that can be used successfully to discover the key. This thesis proposes a countermeasure based on a differentiated protection strategy with respect to the proposals made in other specific studies. It is intended to modify the algorithm in order to force a very high correlation with a different hypothesis to the one of the true key (Faking). Thus, the actual key is hidden behind the strong correlation, which is impossible to differentiate from the rest of false assumptions and remains protected. To verify its performance a trial bank has been designed to launch consumption analysis attacks. We have implemented the algorithm AES due to its simplicity and strength. Two types of attacks have been carried out. In the first one, the analysis was performed using both the correlation and the mean difference analysis without including any countermeasure. In the second attack, the proposed countermeasure has been added and the attack was repeated to check its effectiveness. We have evaluated three different situations. First of all, the algorithm and the countermeasure are solved by software on a 32-bit processor. Secondly, the algorithm is executed in software and the implementation of the countermeasure has been performed with a specific hardware coprocessor. Finally, a full hardware implementation including both the algorithm and the countermeasure has been chosen.All of them have been implemented on a Virtex 5 FPGA Xilinx. Several conclusions are obtained from the comparison between each of the AES implementations without countermeasures and their respective solution with the added countermeasure. The obtained results are also compared to other which use "masking" and "hiding" techniques. The results demonstrate that the proposal is valid. In all three cases, the protected system behaves like the unprotected system but returning the false key after the attacks. It should be noted that the amount of resources needed to carry out the "Faking" is less than the "Masking" or "Hiding" and the time needed to process the plain text is not particularly affected.A finales de los 90 Paul C.Kocher introdujo por primera vez el concepto de ataque diferencial sobre el consumo de corriente de un dispositivo criptográfico. En este tipo de análisis, se conoce el texto plano que se envía al dispositivo y se plantean todas las posibles hipótesis de la clave para un punto concreto del algoritmo. Si el valor en ese punto del algoritmo depende únicamente de 1 byte de la clave, es posible calcular todos los valores que se producirán. Llegado a este punto, se compara, por métodos estadísticos, el consumo medido durante el procesado de cada texto plano y los valores intermedios relacionados con todas las hipótesis de la clave. Aquella que mayor nivel de similitud tenga corresponderá con la clave real. Las contramedidas propuestas hasta la fecha, para evitar el éxito del ata-que, pueden separarse en dos grupos: enmascaramiento (Masking) y ocultación (Hiding). El enmascaramiento trata de desvincular el dato procesado del consumo eléctrico mediante la adición de una máscara aleatoria y desconocida por el atacante. En consecuencia, resulta imposible realizar una hipótesis que permita relacionar los consumos teórico y real del dispositivo. Si bien este es un método inicialmente válido, puede descubrirse la clave realizando un ataque de segundo orden que analiza varios puntos del consumo. La ocultación persigue que el consumo de un dispositivo sea el mismo en cada ciclo de reloj e independiente del dato procesado. Para ello, se procesa el dato en doble línea, por un lado el dato propiamente dicho y por el otro su complementario, de forma que siempre se produzcan la misma cantidad de transiciones en cada ciclo de reloj. La debilidad de este método radica en la práctica imposibilidad de construir celdas CMOS idénticas, esto provoca que siempre exista una diferencia de consumo entre las dos líneas y pueda usarse con éxito para descubrir la clave. En esta tesis se propone una contramedida basada en una estrategia de protección claramente diferenciada con respecto a las propuestas realizadas en la bibliografía específica. Se pretende modificar el algoritmo con el objetivo de forzar una correlación muy alta en una hipótesis diferente a la de la clave (Faking). De este modo, la clave real se oculta tras la fuerte correlación aparecida, resulta imposible diferenciarla del resto de hipótesis falsas y queda protegida. Para verificar su funcionamiento se ha montado un banco de pruebas para realizar ataques por análisis de consumo. Se ha implementado el algoritmo AES debido a su simplicidad y robustez. Se han realizado dos tipos de ataques: en el primero se han practicado análisis de correlación y diferencia de medias sin contramedida alguna; en el segundo, se ha añadido la contramedida y se han repetido los ataques para comprobar su eficacia. Se han evaluado 3 escenarios diferentes, primeramente el algoritmo y la contramedida se resuelven mediante software en un procesador de 32 bits. En segundo lugar, el algoritmo se resuelve mediante software y la implementación de la contramedida se ha realizado en un coprocesador hardware específico. Fi-nalmente, se ha elegido una implementación totalmente hardware para resolver tanto el algoritmo como la contramedida. Todos ellos se han implementado sobre una FPGA Virtex5 de Xilinx. Las conclusiones se obtienen de la comparación entre cada una de las im-plementaciones del AES sin contramedidas y su respectiva solución con la con-tramedida añadida. También se comparan los resultados obtenidos con otros que utilizan las técnicas "Masking" y "Hiding" Los resultados demuestran que la propuesta es válida. En los tres casos, el sistema protegido se comporta igual que el sistema sin proteger, pero retornando la clave falsa ante los ataques realizados. Se ha de destacar que, la cantidad de recursos necesarios para llevar a cabo el "Faking" es menor que con el "Masking" o el "Hiding" y el tiempo necesario para procesar el texto plano no se ve particularmente afectado por su inclusión

Advances in Information Security and Privacy

With the recent pandemic emergency, many people are spending their days in smart working and have increased their use of digital resources for both work and entertainment. The result is that the amount of digital information handled online is dramatically increased, and we can observe a significant increase in the number of attacks, breaches, and hacks. This Special Issue aims to establish the state of the art in protecting information by mitigating information risks. This objective is reached by presenting both surveys on specific topics and original approaches and solutions to specific problems. In total, 16 papers have been published in this Special Issue