EE-ACML: Energy-Efficient Adiabatic CMOS/MTJ Logic for CPA-Resistant IoT Devices

Internet of Things (IoT) devices have strict energy constraints as they often operate on a battery supply. The cryptographic operations within IoT devices consume substantial energy and are vulnerable to a class of hardware attacks known as side-channel attacks. To reduce the energy consumption and defend against side-channel attacks, we propose combining adiabatic logic and Magnetic Tunnel Junctions to form our novel Energy Efficient-Adiabatic CMOS/MTJ Logic (EE-ACML). EE-ACML is shown to be both low energy and secure when compared to existing CMOS/MTJ architectures. EE-ACML reduces dynamic energy consumption with adiabatic logic, while MTJs reduce the leakage power of a circuit. To show practical functionality and energy savings, we designed one round of PRESENT-80 with the proposed EE-ACML integrated with an adiabatic clock generator. The proposed EE-ACML-based PRESENT-80 showed energy savings of 67.24% at 25 MHz and 86.5% at 100 MHz when compared with a previously proposed CMOS/MTJ circuit. Furthermore, we performed a CPA attack on our proposed design, and the key was kept secret

ENERGY-EFFICIENT AND SECURE HARDWARE FOR INTERNET OF THINGS (IoT) DEVICES

Internet of Things (IoT) is a network of devices that are connected through the Internet to exchange the data for intelligent applications. Though IoT devices provide several advantages to improve the quality of life, they also present challenges related to security. The security issues related to IoT devices include leakage of information through Differential Power Analysis (DPA) based side channel attacks, authentication, piracy, etc. DPA is a type of side-channel attack where the attacker monitors the power consumption of the device to guess the secret key stored in it. There are several countermeasures to overcome DPA attacks. However, most of the existing countermeasures consume high power which makes them not suitable to implement in power constraint devices. IoT devices are battery operated, hence it is important to investigate the methods to design energy-efficient and secure IoT devices not susceptible to DPA attacks. In this research, we have explored the usefulness of a novel computing platform called adiabatic logic, low-leakage FinFET devices and Magnetic Tunnel Junction (MTJ) Logic-in-Memory (LiM) architecture to design energy-efficient and DPA secure hardware. Further, we have also explored the usefulness of adiabatic logic in the design of energy-efficient and reliable Physically Unclonable Function (PUF) circuits to overcome the authentication and piracy issues in IoT devices. Adiabatic logic is a low-power circuit design technique to design energy-efficient hardware. Adiabatic logic has reduced dynamic switching energy loss due to the recycling of charge to the power clock. As the first contribution of this dissertation, we have proposed a novel DPA-resistant adiabatic logic family called Energy-Efficient Secure Positive Feedback Adiabatic Logic (EE-SPFAL). EE-SPFAL based circuits are energy-efficient compared to the conventional CMOS based design because of recycling the charge after every clock cycle. Further, EE-SPFAL based circuits consume uniform power irrespective of input data transition which makes them resilience against DPA attacks. Scaling of CMOS transistors have served the industry for more than 50 years in providing integrated circuits that are denser, and cheaper along with its high performance, and low power. However, scaling of the transistors leads to increase in leakage current. Increase in leakage current reduces the energy-efficiency of the computing circuits,and increases their vulnerability to DPA attack. Hence, it is important to investigate the crypto circuits in low leakage devices such as FinFET to make them energy-efficient and DPA resistant. In this dissertation, we have proposed a novel FinFET based Secure Adiabatic Logic (FinSAL) family. FinSAL based designs utilize the low-leakage FinFET device along with adiabatic logic principles to improve energy-efficiency along with its resistance against DPA attack. Recently, Magnetic Tunnel Junction (MTJ)/CMOS based Logic-in-Memory (LiM) circuits have been explored to design low-power non-volatile hardware. Some of the advantages of MTJ device include non-volatility, near-zero leakage power, high integration density and easy compatibility with CMOS devices. However, the differences in power consumption between the switching of MTJ devices increase the vulnerability of Differential Power Analysis (DPA) based side-channel attack. Further, the MTJ/CMOS hybrid logic circuits which require frequent switching of MTJs are not very energy-efficient due to the significant energy required to switch the MTJ devices. In the third contribution of this dissertation, we have investigated a novel approach of building cryptographic hardware in MTJ/CMOS circuits using Look-Up Table (LUT) based method where the data stored in MTJs are constant during the entire encryption/decryption operation. Currently, high supply voltage is required in both writing and sensing operations of hybrid MTJ/CMOS based LiM circuits which consumes a considerable amount of energy. In order to meet the power budget in low-power devices, it is important to investigate the novel design techniques to design ultra-low-power MTJ/CMOS circuits. In the fourth contribution of this dissertation, we have proposed a novel energy-efficient Secure MTJ/CMOS Logic (SMCL) family. The proposed SMCL logic family consumes uniform power irrespective of data transition in MTJ and more energy-efficient compared to the state-of-art MTJ/ CMOS designs by using charge sharing technique. The other important contribution of this dissertation is the design of reliable Physical Unclonable Function (PUF). Physically Unclonable Function (PUF) are circuits which are used to generate secret keys to avoid the piracy and device authentication problems. However, existing PUFs consume high power and they suffer from the problem of generating unreliable bits. This dissertation have addressed this issue in PUFs by designing a novel adiabatic logic based PUF. The time ramp voltages in adiabatic PUF is utilized to improve the reliability of the PUF along with its energy-efficiency. Reliability of the adiabatic logic based PUF proposed in this dissertation is tested through simulation based temperature variations and supply voltage variations

Uniquely Identifiable Tamper-Evident Device Using Coupling between Subwavelength Gratings

Reliability and sensitive information protection are critical aspects of integrated circuits. A novel technique using near-field evanescent wave coupling from two subwavelength gratings (SWGs), with the input laser source delivered through an optical fiber is presented for tamper evidence of electronic components. The first grating of the pair of coupled subwavelength gratings (CSWGs) was milled directly on the output facet of the silica fiber using focused ion beam (FIB) etching. The second grating was patterned using e-beam lithography and etched into a glass substrate using reactive ion etching (RIE). The slightest intrusion attempt would separate the CSWGs and eliminate near-field coupling between the gratings. Tampering, therefore, would become evident. Computer simulations guided the design for optimal operation of the security solution. The physical dimensions of the SWGs, i.e. period and thickness, were optimized, for a 650 nm illuminating wavelength. The optimal dimensions resulted in a 560 nm grating period for the first grating etched in the silica optical fiber and 420 nm for the second grating etched in borosilicate glass. The incident light beam had a half-width at half-maximum (HWHM) of at least 7 µm to allow discernible higher transmission orders, and a HWHM of 28 µm for minimum noise. The minimum number of individual grating lines present on the optical fiber facet was identified as 15 lines. Grating rotation due to the cylindrical geometry of the fiber resulted in a rotation of the far-field pattern, corresponding to the rotation angle of moiré fringes. With the goal of later adding authentication to tamper evidence, the concept of CSWGs signature was also modeled by introducing random and planned variations in the glass grating. The fiber was placed on a stage supported by a nanomanipulator, which permitted three-dimensional displacement while maintaining the fiber tip normal to the surface of the glass substrate. A 650 nm diode laser was fixed to a translation mount that transmitted the light source through the optical fiber, and the output intensity was measured using a silicon photodiode. The evanescent wave coupling output results for the CSWGs were measured and compared to the simulation results

Diseño y caracterización de criptocircuitos seguros y resistentes a ataques físicos.

A diario personas de todo el mundo hacen uso de dispositivos electrónicos en los que almacenan o con los que intercambian información privada. La confidencialidad y privacidad es un derecho frente a posibles intrusos, por lo que la seguridad en las nuevas tecnologías es un factor de transcendental importancia que exige la atención de la comunidad científica. Los dispositivos electrónicos considerados “seguros”, de facto cualquier dispositivo electrónico de uso en telecomunicaciones o que maneje información relevante, hacen uso de la criptografía para garantizar la confidencialidad, autenticación e integridad de los datos procesados. Estos dispositivos criptográficos implementan algoritmos matemáticamente seguros, pero que, debido a su implementación física, pueden revelar información sensible por las fugas de información durante su operación, que pueden ser aprovechadas por un atacante para revelar la clave secreta del dispositivo. Estos ataques, conocidos como ataques de canal lateral, o simplemente ataques laterales, son muy efectivos y explotan información como puede ser el consumo de potencia, emisión electromagnética o tiempos de ejecución, entre otros, para revelar la clave secreta. La comunidad científica ha centrado su esfuerzo en el diseño de contramedidas para evitar este tipo de ataques. El objetivo principal de esta Tesis es aumentar la seguridad de dispositivos criptográficos hardware frente ataques laterales. Para conseguir este objetivo se han realizado las 3 siguientes macro tareas: 1. Medidas de vulnerabilidad de un dispositivo criptográfico (realización de ataques y métricas de seguridad). 2. Propuestas de contramedidas. 3. Evaluación de su seguridad. Para la medida de vulnerabilidad de los dispositivos criptográficos, se han implementado tanto ataques basados en el consumo de potencia, como ataques electromagnéticos o el uso de otras métricas como por ejemplo el t-test. Para probar la efectividad de los ataques, se han realizado sobre sistemas de clave privada, utilizándose como demostradores cifradores de bloque (AES y una parte del algoritmo KASUMI) y cifradores de flujo (Trivium). Estas medidas se han realizado tanto en entornos de simulación como de forma experimental, sobre implementaciones ASIC o FPGA. Además, se han evaluado diferentes métricas y test alternativos para poder evaluar la seguridad en diferentes etapas de diseño, así como el poder determinar el nivel de seguridad sin tener que llevar a cabo un ataque completo. Por otra parte, se han propuesto diferentes metodologías de diseño de contramedidas frente ataques laterales aplicadas a diferentes niveles de abstracción. Las propuestas a nivel de transistor consisten en modificar las estructuras de las celdas lógicas diseñadas para poder obtener un consumo de potencia igual independientemente del dato procesado. A nivel de puerta se proponen diferentes técnicas que varían la temporización del circuito, modificando así los niveles de seguridad alcanzados por los criptocircuitos diseñados. Estas contramedidas, son complementarias y por tanto ambas aplicables en un mismo diseño. Finalmente, cumplidas las dos tareas anteriores, se ha pasado a una etapa de diseño donde se han integrado en un ASIC los casos de estudio que implementan bloques criptográficos aplicando las contramedidas propuestas a lo largo del desarrollo de la Tesis. La caracterización de los diferentes casos de estudio determinará de forma experimental la ganancia en seguridad obtenida por cada contramedida.Every day, people all over the world use electronic devices to store or exchange private information with each other. Confidentiality and privacy is a right against possible intruders, so security in new technologies is an important factor that requires the attention of the scientific community. Electronic devices considered "secure", in fact any electronic device for use in telecommunications or handling relevant information, make use of cryptography to ensure the confidentiality, authentication and integrity of the data processed. These cryptographic devices implement mathematically secure algorithms, but due to their physical implementation, they can reveal sensitive information due to data leaks during their normal operation, which can be exploited by an attacker to reveal the device’s secret key. These attacks, known as side channel attacks, are very effective and exploit information such as power consumption, electromagnetic radiation or timing, among others, to reveal the secret key. The scientific community has focused its efforts on the design of countermeasures to prevent this type of attack. The main objective of this Thesis is to increase the security of hardware cryptographic devices against side channel attacks. To achieve this objective, the following 3 tasks have been carried out: 1. Vulnerability measurements of a cryptographic device (execution of attacks and security metrics). 2. Proposals for countermeasures. 3. Security assessment. To measure the vulnerability of cryptographic devices, attacks based on power consumption, electromagnetic attacks or the use of other metrics such as t-test have been implemented. To test the effectiveness of the attacks, they have been performed on private key systems, using block cipher demonstrators (AES and a part of the KASUMI algorithm) and stream ciphers (Trivium). These measurements have been carried out both in simulation environments and experimentally on ASIC or FPGA implementations. In addition, different alternative metrics and tests have been evaluated in order to evaluate security at different stages of design, as well as to determine the level of security without having to carry out a complete attack. On the other hand, different methodologies have been proposed for the design of countermeasures against side channel attacks applied at different levels of abstraction. The proposals at the transistor level consist of modifying the structures of the designed logic cells to obtain an equal power consumption independently of the processed data. At the gate level, different techniques are proposed that vary the timing of the circuit, thus modifying the security levels achieved by the designed cryptocircuits. These countermeasures are complementary and therefore both applicable in the same design. Finally, once the two previous tasks had been completed, a design stage has been undertaken where the case studies implementing cryptographic blocks have been integrated into an ASIC, applying the countermeasures proposed throughout the development of the Thesis. The characterization of the different case studies will experimentally determine the security gain obtained by each countermeasure

Generación de falsas claves criptográficas como medida de protección frente a ataques por canal lateral

In the late 90s, Paul C. Kocher introduced the concept of differential attack focused on the power consumption of a cryptographic device. In this type of analysis the plain text sent to the device is known, and all possible hypotheses of a subset of the key, related to a specific point of the cryptographic algorithm, are tested. If the key value at that point depends only on 1 byte, it is possible to predict the input current based on a theoretical model of power consumption. Thus, using statistic procedures, it is easy to compare the consumption measured during the processing of each plain text and the intermediate values related to all the hypothesis of the key.The one with the highest level of similarity will correspond to the actual key. So far the countermeasures proposed to prevent the success of the attack can be classified into two groups: Masking and Hiding. Masking tries to decouple the processed data and the power consumption by adding a random mask which is unknown by the attacker. Therefore, it is impossible to make a hypothesis that allows the theoretical and the real power consumption of the device to be related. Although is a valid method, the key could be revealed by performing a second-order attack that analyzes several points of the current trace. Hiding aims at making constant the consumption of a device in each clock cycle and independent of the processed data. In order to achieve this objective, the data is processed in double line, in such a way that the datum and its complementary are processed together, so that the same number of transitions always occur on every clock cycle. The weakness of such a method lies on the impossibility of building identical CMOS cells, which causes a minimum difference of consumption between the two lines that can be used successfully to discover the key. This thesis proposes a countermeasure based on a differentiated protection strategy with respect to the proposals made in other specific studies. It is intended to modify the algorithm in order to force a very high correlation with a different hypothesis to the one of the true key (Faking). Thus, the actual key is hidden behind the strong correlation, which is impossible to differentiate from the rest of false assumptions and remains protected. To verify its performance a trial bank has been designed to launch consumption analysis attacks. We have implemented the algorithm AES due to its simplicity and strength. Two types of attacks have been carried out. In the first one, the analysis was performed using both the correlation and the mean difference analysis without including any countermeasure. In the second attack, the proposed countermeasure has been added and the attack was repeated to check its effectiveness. We have evaluated three different situations. First of all, the algorithm and the countermeasure are solved by software on a 32-bit processor. Secondly, the algorithm is executed in software and the implementation of the countermeasure has been performed with a specific hardware coprocessor. Finally, a full hardware implementation including both the algorithm and the countermeasure has been chosen.All of them have been implemented on a Virtex 5 FPGA Xilinx. Several conclusions are obtained from the comparison between each of the AES implementations without countermeasures and their respective solution with the added countermeasure. The obtained results are also compared to other which use "masking" and "hiding" techniques. The results demonstrate that the proposal is valid. In all three cases, the protected system behaves like the unprotected system but returning the false key after the attacks. It should be noted that the amount of resources needed to carry out the "Faking" is less than the "Masking" or "Hiding" and the time needed to process the plain text is not particularly affected.A finales de los 90 Paul C.Kocher introdujo por primera vez el concepto de ataque diferencial sobre el consumo de corriente de un dispositivo criptográfico. En este tipo de análisis, se conoce el texto plano que se envía al dispositivo y se plantean todas las posibles hipótesis de la clave para un punto concreto del algoritmo. Si el valor en ese punto del algoritmo depende únicamente de 1 byte de la clave, es posible calcular todos los valores que se producirán. Llegado a este punto, se compara, por métodos estadísticos, el consumo medido durante el procesado de cada texto plano y los valores intermedios relacionados con todas las hipótesis de la clave. Aquella que mayor nivel de similitud tenga corresponderá con la clave real. Las contramedidas propuestas hasta la fecha, para evitar el éxito del ata-que, pueden separarse en dos grupos: enmascaramiento (Masking) y ocultación (Hiding). El enmascaramiento trata de desvincular el dato procesado del consumo eléctrico mediante la adición de una máscara aleatoria y desconocida por el atacante. En consecuencia, resulta imposible realizar una hipótesis que permita relacionar los consumos teórico y real del dispositivo. Si bien este es un método inicialmente válido, puede descubrirse la clave realizando un ataque de segundo orden que analiza varios puntos del consumo. La ocultación persigue que el consumo de un dispositivo sea el mismo en cada ciclo de reloj e independiente del dato procesado. Para ello, se procesa el dato en doble línea, por un lado el dato propiamente dicho y por el otro su complementario, de forma que siempre se produzcan la misma cantidad de transiciones en cada ciclo de reloj. La debilidad de este método radica en la práctica imposibilidad de construir celdas CMOS idénticas, esto provoca que siempre exista una diferencia de consumo entre las dos líneas y pueda usarse con éxito para descubrir la clave. En esta tesis se propone una contramedida basada en una estrategia de protección claramente diferenciada con respecto a las propuestas realizadas en la bibliografía específica. Se pretende modificar el algoritmo con el objetivo de forzar una correlación muy alta en una hipótesis diferente a la de la clave (Faking). De este modo, la clave real se oculta tras la fuerte correlación aparecida, resulta imposible diferenciarla del resto de hipótesis falsas y queda protegida. Para verificar su funcionamiento se ha montado un banco de pruebas para realizar ataques por análisis de consumo. Se ha implementado el algoritmo AES debido a su simplicidad y robustez. Se han realizado dos tipos de ataques: en el primero se han practicado análisis de correlación y diferencia de medias sin contramedida alguna; en el segundo, se ha añadido la contramedida y se han repetido los ataques para comprobar su eficacia. Se han evaluado 3 escenarios diferentes, primeramente el algoritmo y la contramedida se resuelven mediante software en un procesador de 32 bits. En segundo lugar, el algoritmo se resuelve mediante software y la implementación de la contramedida se ha realizado en un coprocesador hardware específico. Fi-nalmente, se ha elegido una implementación totalmente hardware para resolver tanto el algoritmo como la contramedida. Todos ellos se han implementado sobre una FPGA Virtex5 de Xilinx. Las conclusiones se obtienen de la comparación entre cada una de las im-plementaciones del AES sin contramedidas y su respectiva solución con la con-tramedida añadida. También se comparan los resultados obtenidos con otros que utilizan las técnicas "Masking" y "Hiding" Los resultados demuestran que la propuesta es válida. En los tres casos, el sistema protegido se comporta igual que el sistema sin proteger, pero retornando la clave falsa ante los ataques realizados. Se ha de destacar que, la cantidad de recursos necesarios para llevar a cabo el "Faking" es menor que con el "Masking" o el "Hiding" y el tiempo necesario para procesar el texto plano no se ve particularmente afectado por su inclusión

Delay-based dual-rail precharge logic

This paper investigates the design of a dual-rail precharge logic family whose power consumption is insensitive to unbalanced load conditions thus allowing adopting a semi-custom design flow (automatic place and route) without any constraint on the routing of the complementary wires. The proposed logic is based on a novel encoding concept where the information is represented in the time domain rather than in the spatial domain as in a standard dual-rail logic. In this work, a logic family which exploits the proposed concept has been implemented. Implementation details and simulation results are reported which show a power consumption independent of the sequence of processed data and routing capacitances. An improvement in the energy consumption balancing up to 50 times and an area reduction up to 60% with respect to the state of the art have been obtained

A power-balanced sequential element for the delay-based dual-rail precharge logic style

Delay-based Dual-rail Pre-charge Logic (DDPL) is a logic style introduced with the aim of hiding power consumption in cryptographic circuits when a Power Analysis (PA) attack is mounted. Its particular data encoding allows to make the adsorbed current constant for each data input combination, irrespective of capacitive load conditions. The purpose is to break the link between dynamic power and data statistics and preventing power analysis. In this work we present a novel implementation of a dynamic differential master-slave flip-flop which is compatible with the DDPL data encoding. Efforts were made in order to design a completely dynamic master-slave architecture which does not require a conversion of the signals from dynamic to static domain. Moreover we show that the area occupied is also reduced due to a compact differential layout. Simulations performed using a 65nm-CMOS process showed that the proposed circuit exhibits good performance in terms of NED (Normalized Energy Deviation) and CV (Coefficient of Variation) of the current samples as required in transistor level countermeasures against power analysis, and it outperforms other previously published DPA-resistant flip-flops in the real case of unbalanced load conditions

CMOS differential logic with signal-independent power consumption

Power consumption is always the key problem for the digital circuit design. Also, information leaked by hardware implementation is always the problem for the encryption. Many functional logics have been proposed to solve the problems, including Sense Amplifier Based Logic (SABL), Delay-Based Dual-Rail Precharge Logic (DDPL) and Three-phase Dual-Rail Precharge Logic (TDPL). However, the power consumption of these logic gates was less concerned by the designers. This paper focused on the power consumption of different logic gates. By simulating the dynamic logic circuit and dynamic differential circuit in Cadence, the values of power consumption of those circuits were got and compared. By changing the voltage value of the power supply, a conclusion could be made that reducing the voltage of power supply would reduce the power consumption of the circuits. However, this would also result in longer delay time. Hence, a compromise should be made considering the different function of the logics. For those three functional logic circuits, the power consumption values of them were also got and compared to get a better logic with better performance. It was hard to judge which one was better. One should choose the logic depending on the specific needs.Bachelor of Engineerin

TEL Logic Style as a Countermeasure Against Side-Channel Attacks: Secure Cells Library in 65nm CMOS and Experimental Results

This paper presents experimental results on a dualrail pre-charge logic family whose power consumption is insensitive to unbalanced load conditions. The proposed logic family is based on the time enclosed logic (TEL) encoding and can be viewed as an improvement of the delay based dual rail precharge logic (DDPL) logic style. The DDPL logic gates have been redesigned to avoid the early evaluation effect and to reduce area and power consumption. A library of TEL secure gates and flip-flops has been implemented in a 65 nm CMOS process. The developed library allows adopting a semi-custom design flow (automatic place and route) without any constraint on the routing of the complementary wires. A four bit lightweight crypto core has been implemented on a 65 nm CMOS testchip by using the developed TEL library and compared against a SABL implementation of the same crypto core on the same chip. Comparisons have been carried out by means of extensive transistor level simulations and measurements on the 65 nm testchip which allowed to evaluate a wide set of security metrics. Experimental results have shown a strong reduction of the information leakage with respect to the sense amplifier based logic logic style under mismatched load conditions with an improvement in the measurements to disclosure of more than three orders of magnitude