Test and security in a System-on-Chip environment

This dissertation outlines new approaches for test and security in a System-on-Chip (SoC) environment. A methodology is proposed for designing a single test access mechanism (TAM) architecture on each die with a "bandwidth adapter" that allows it to be efficiently used for multiple different test data bandwidths in three-dimensional integrated circuits (3D-IC) using through-silicon vias (TSVs). In this way, a single test architecture can be re-used for pre-bond, partial stack, and post-bond testing while minimizing test time across all phases of test. Unlike previous approaches, this methodology does not need multiple TAM architectures or reconfigurable wrappers in order to be efficient when the test data bandwidth changes. In industry, sequential linear decompression is widely used to reduce data and bandwidth requirements. A new scheme using a multiple polynomial linear feedback shift register (LFSR) with rotating polynomial is proposed here to increase encoding flexibility resulting in higher compression ratios. An algorithm is described to assign test cubes to polynomials in a way that enhances encoding efficiency. For hardware security, a new attack strategy against logic obfuscation is described here. It is based on applying brute force iteratively to each logic cone one at a time and is shown to significantly reduce the number of brute force key combinations that need to be tried by an attacker. It is shown that inserting key gates based on MUXes is an effective approach to increase security against this type of attack. In data security for hardware, existing techniques for computing with encrypted operands are either prohibitively expense (e.g., fully homomorphic encryption) or only work for special cases (e.g., linear circuits). A lightweight scheme implemented at the gate-level is proposed for computing with noise-obfuscated data. By carefully selecting internal locations for noise cancellation in arbitrary logic circuits, the overhead can be greatly minimized. One important application of the proposed scheme is for protecting data inside a computing unit obtained from a third party IP provider where a hidden backdoor access mechanism or hardware Trojan could be maliciously inserted.Electrical and Computer Engineerin

Improved Random Demodulator for Compressed Sensing Applications

The advances in the field of signal processing have led to the continuous increase in the bandwidth of signals. Sampling these signals becomes harder and harder due to the increased bandwidth. This brings in need for a complex high rate ADCs to meet the Nyquist rate which is the minimum rate to avoid aliasing. For a given increase in bandwidth, there has to be a corresponding increase in the sampling rate of ADC. This might not be possible in the near future at the current rate of increase in bandwidth. Hence, there is a need to replace the current Nyquist rate sampling method by a process that relaxes the requirements but still keeps the quality of signal reconstruction good . Compressed sensing is a new technique in the field of signal acquisition. Compressed sensing allows a signal to be acquired below Nyquist rate if the signal is sparse in a given domain. Compressed sensing makes possible to acquire sparse signals at rates below Nyquist rate. Signals like audio and images are sparse and can be sampled at a rate below the Nyquist rate. The random demodulator (RD) is a hardware architecture that is used to implement compressed sensing. A direct implementation of compressed sensing in hardware requires several copies of the RD. To reduce the complexity fewer RDs can be used. Usage of fewer RDs comes at the cost of decreased signal reconstruction performance. The contribution of this thesis is about improving the efficiency of RD. First contribution of this thesis involves proposing a new RD architecture that improves signal reconstruction quality using a post-acquisition randomization step. The second contribution of this thesis is to develop a hardware platform for compressed sensing using field programmable analog arrays (FPAAs) and field programmable gate arrays (FPGAs). This platform can be used to test new architectures of RD in hardware

D.STVL.9 - Ongoing Research Areas in Symmetric Cryptography

This report gives a brief summary of some of the research trends in symmetric cryptography at the time of writing (2008). The following aspects of symmetric cryptography are investigated in this report: • the status of work with regards to different types of symmetric algorithms, including block ciphers, stream ciphers, hash functions and MAC algorithms (Section 1); • the algebraic attacks on symmetric primitives (Section 2); • the design criteria for symmetric ciphers (Section 3); • the provable properties of symmetric primitives (Section 4); • the major industrial needs in the area of symmetric cryptography (Section 5)

Efficient simultaneous encryption and compression of digital videos in computationally constrained applications

This thesis is concerned with the secure video transmission over open and wireless network channels. This would facilitate adequate interaction in computationally constrained applications among trusted entities such as in disaster/conflict zones, secure airborne transmission of videos for intelligence/security or surveillance purposes, and secure video communication for law enforcing agencies in crime fighting or in proactive forensics. Video content is generally too large and vulnerable to eavesdropping when transmitted over open network channels so that compression and encryption become very essential for storage and/or transmission. In terms of security, wireless channels, are more vulnerable than other kinds of mediums to a variety of attacks and eavesdropping. Since wireless communication is the main mode in the above applications, protecting video transmissions from unauthorized access through such network channels is a must. The main and multi-faceted challenges that one faces in implementing such a task are related to competing, and to some extent conflicting, requirements of a number of standard control factors relating to the constrained bandwidth, reasonably high image quality at the receiving end, the execution time, and robustness against security attacks. Applying both compression and encryption techniques simultaneously is a very tough challenge due to the fact that we need to optimize the compression ratio, time complexity, security and the quality simultaneously. There are different available image/video compression schemes that provide reasonable compression while attempting to maintain image quality, such as JPEG, MPEG and JPEG2000. The main approach to video compression is based on detecting and removing spatial correlation within the video frames as well as temporal correlations across the video frames. Temporal correlations are expected to be more evident across sequences of frames captured within a short period of time (often a fraction of a second). Correlation can be measured in terms of similarity between blocks of pixels. Frequency domain transforms such as the Discrete Cosine Transform (DCT) and the Discrete Wavelet Transform (DWT) have both been used restructure the frequency content (coefficients) to become amenable for efficient detection. JPEG and MPEG use DCT while JPEG2000 uses DWT. Removing spatial/temporal correlation encodes only one block from each class of equivalent (i.e. similar) blocks and remembering the position of all other block within the equivalence class. JPEG2000 compressed images achieve higher image quality than JPEG for the same compression ratios, while DCT based coding suffer from noticeable distortion at high compression ratio but when applied to any block it is easy to isolate the significant coefficients from the non-significant ones. Efficient video encryption in computationally constrained applications is another challenge on its own. It has long been recognised that selective encryption is the only viable approach to deal with the overwhelming file size. Selection can be made in the spatial or frequency domain. Efficiency of simultaneous compression and encryption is a good reason for us to apply selective encryption in the frequency domain. In this thesis we develop a hybrid of DWT and DCT for improved image/video compression in terms of image quality, compression ratio, bandwidth, and efficiency. We shall also investigate other techniques that have similar properties to the DCT in terms of representation of significant wavelet coefficients. The statistical properties of wavelet transform high frequency sub-bands provide one such approach, and we also propose phase sensing as another alternative but very efficient scheme. Simultaneous compression and encryption, in our investigations, were aimed at finding the best way of applying these two tasks in parallel by selecting some wavelet sub-bands for encryptions and applying compression on the other sub-bands. Since most spatial/temporal correlation appear in the high frequency wavelet sub-bands and the LL sub-bands of wavelet transformed images approximate the original images then we select the LL-sub-band data for encryption and the non-LL high frequency sub-band coefficients for compression. We also follow the common practice of using stream ciphers to meet efficiency requirements of real-time transmission. For key stream generation we investigated a number of schemes and the ultimate choice will depend on robustness to attacks. The still image (i.e. RF’s) are compressed with a modified EZW wavelet scheme by applying the DCT on the blocks of the wavelet sub-bands, selecting appropriate thresholds for determining significance of coefficients, and encrypting the EZW thresholds only with a simple 10-bit LFSR cipher This scheme is reasonably efficient in terms of processing time, compression ratio, image quality, as well was security robustness against statistical and frequency attack. However, many areas for improvements were identified as necessary to achieve the objectives of the thesis. Through a process of refinement we developed and tested 3 different secure efficient video compression schemes, whereby at each step we improve the performance of the scheme in the previous step. Extensive experiments are conducted to test performance of the new scheme, at each refined stage, in terms of efficiency, compression ratio, image quality, and security robustness. Depending on the aspects of compression that needs improvement at each refinement step, we replaced the previous block coding scheme with a more appropriate one from among the 3 above mentioned schemes (i.e. DCT, Edge sensing and phase sensing) for the reference frames or the non-reference ones. In subsequent refinement steps we apply encryption to a slightly expanded LL-sub-band using successively more secure stream ciphers, but with different approaches to key stream generation. In the first refinement step, encryption utilized two LFSRs seeded with three secret keys to scramble the significant wavelet LL-coefficients multiple times. In the second approach, the encryption algorithm utilises LFSR to scramble the wavelet coefficients of the edges extracted from the low frequency sub-band. These edges are mapped from the high frequency sub-bands using different threshold. Finally, use a version of the A5 cipher combined with chaotic logistic map to encrypt the significant parameters of the LL sub-band. Our empirical results show that the refinement process achieves the ultimate objectives of the thesis, i.e. efficient secure video compression scheme that is scalable in terms of the frame size at about 100 fps and satisfying the following features; high compression, reasonable quality, and resistance to the statistical, frequency and the brute force attack with low computational processing. Although image quality fluctuates depending on video complexity, in the conclusion we recommend an adaptive implementation of our scheme. Although this thesis does not deal with transmission tasks but the efficiency achieved in terms of video encryption and compression time as well as in compression ratios will be sufficient for real-time secure transmission of video using commercially available mobile computing devices

Ongoing Research Areas in Symmetric Cryptography

This report is a deliverable for the ECRYPT European network of excellence in cryptology. It gives a brief summary of some of the research trends in symmetric cryptography at the time of writing. The following aspects of symmetric cryptography are investigated in this report: • the status of work with regards to different types of symmetric algorithms, including block ciphers, stream ciphers, hash functions and MAC algorithms (Section 1); • the recently proposed algebraic attacks on symmetric primitives (Section 2); • the design criteria for symmetric ciphers (Section 3); • the provable properties of symmetric primitives (Section 4); • the major industrial needs in the area of symmetric cryptography (Section 5)

Design and implementation of an ETSI-SDR OFDM transmitter with power amplifier linearizer

Satellite radio has attained great popularity because of its wide range of geographical coverage and high signal quality as compared to the terrestrial broadcasts. Most Satellite Digital Radio (SDR) based systems favor multi-carrier transmission schemes, especially, orthogonal frequency division multiplexing (OFDM) transmission because of high data transfer rate and spectral efficiency. It is a challenging task to find a suitable platform that supports fast data rates and superior processing capabilities required for the development and deployment of the new SDR standards. Field programmable gate array (FPGA) devices have the potential to become suitable development platform for such standards. Another challenging factor in SDR systems is the distortion of variable envelope signals used in OFDM transmission by the nonlinear RF power amplifiers (PA) used in the base station transmitters. An attractive option is to use a linearizer that would compensate for the nonlinear effects of the PA. In this research, an OFDM transmitter, according to European Telecommunications Standard Institute (ETSI) SDR Technical Specifications 2007-2008, was designed and implemented on a low-cost Xilinx FPGA platform. A weakly nonlinear PA, operating in the L-band SDR frequency (1.450-1.490GHz), was used for signal transmission. An FPGA-based, low-cost, adaptive linearizer was designed and implemented based on the digital predistortion (DPD) reference design from Xilinx, to correct the distortion effects of the PA on the transmitted signal

Some Words on Cryptanalysis of Stream Ciphers

In the world of cryptography, stream ciphers are known as primitives used to ensure privacy over a communication channel. One common way to build a stream cipher is to use a keystream generator to produce a pseudo-random sequence of symbols. In such algorithms, the ciphertext is the sum of the keystream and the plaintext, resembling the one-time pad principal. Although the idea behind stream ciphers is simple, serious investigation of these primitives has started only in the late 20th century. Therefore, cryptanalysis and design of stream ciphers are important. In recent years, many designs of stream ciphers have been proposed in an effort to find a proper candidate to be chosen as a world standard for data encryption. That potential candidate should be proven good by time and by the results of cryptanalysis. Different methods of analysis, in fact, explain how a stream cipher should be constructed. Thus, techniques for cryptanalysis are also important. This thesis starts with an overview of cryptography in general, and introduces the reader to modern cryptography. Later, we focus on basic principles of design and analysis of stream ciphers. Since statistical methods are the most important cryptanalysis techniques, they will be described in detail. The practice of statistical methods reveals several bottlenecks when implementing various analysis algorithms. For example, a common property of a cipher to produce n-bit words instead of just bits makes it more natural to perform a multidimensional analysis of such a design. However, in practice, one often has to truncate the words simply because the tools needed for analysis are missing. We propose a set of algorithms and data structures for multidimensional cryptanalysis when distributions over a large probability space have to be constructed. This thesis also includes results of cryptanalysis for various cryptographic primitives, such as A5/1, Grain, SNOW 2.0, Scream, Dragon, VMPC, RC4, and RC4A. Most of these results were achieved with the help of intensive use of the proposed tools for cryptanalysis

Contributions to Confidentiality and Integrity Algorithms for 5G

The confidentiality and integrity algorithms in cellular networks protect the transmission of user and signaling data over the air between users and the network, e.g., the base stations. There are three standardised cryptographic suites for confidentiality and integrity protection in 4G, which are based on the AES, SNOW 3G, and ZUC primitives, respectively. These primitives are used for providing a 128-bit security level and are usually implemented in hardware, e.g., using IP (intellectual property) cores, thus can be quite efficient. When we come to 5G, the innovative network architecture and high-performance demands pose new challenges to security. For the confidentiality and integrity protection, there are some new requirements on the underlying cryptographic algorithms. Specifically, these algorithms should: 1) provide 256 bits of security to protect against attackers equipped with quantum computing capabilities; and 2) provide at least 20 Gbps (Gigabits per second) speed in pure software environments, which is the downlink peak data rate in 5G. The reason for considering software environments is that the encryption in 5G will likely be moved to the cloud and implemented in software. Therefore, it is crucial to investigate existing algorithms in 4G, checking if they can satisfy the 5G requirements in terms of security and speed, and possibly propose new dedicated algorithms targeting these goals. This is the motivation of this thesis, which focuses on the confidentiality and integrity algorithms for 5G. The results can be summarised as follows.1. We investigate the security of SNOW 3G under 256-bit keys and propose two linear attacks against it with complexities 2172 and 2177, respectively. These cryptanalysis results indicate that SNOW 3G cannot provide the full 256-bit security level. 2. We design some spectral tools for linear cryptanalysis and apply these tools to investigate the security of ZUC-256, the 256-bit version of ZUC. We propose a distinguishing attack against ZUC-256 with complexity 2236, which is 220 faster than exhaustive key search. 3. We design a new stream cipher called SNOW-V in response to the new requirements for 5G confidentiality and integrity protection, in terms of security and speed. SNOW-V can provide a 256-bit security level and achieve a speed as high as 58 Gbps in software based on our extensive evaluation. The cipher is currently under evaluation in ETSI SAGE (Security Algorithms Group of Experts) as a promising candidate for 5G confidentiality and integrity algorithms. 4. We perform deeper cryptanalysis of SNOW-V to ensure that two common cryptanalysis techniques, guess-and-determine attacks and linear cryptanalysis, do not apply to SNOW-V faster than exhaustive key search. 5. We introduce two minor modifications in SNOW-V and propose an extreme performance variant, called SNOW-Vi, in response to the feedback about SNOW-V that some use cases are not fully covered. SNOW-Vi covers more use cases, especially some platforms with less capabilities. The speeds in software are increased by 50% in average over SNOW-V and can be up to 92 Gbps.Besides these works on 5G confidentiality and integrity algorithms, the thesis is also devoted to local pseudorandom generators (PRGs). 6. We investigate the security of local PRGs and propose two attacks against some constructions instantiated on the P5 predicate. The attacks improve existing results with a large gap and narrow down the secure parameter regime. We also extend the attacks to other local PRGs instantiated on general XOR-AND and XOR-MAJ predicates and provide some insight in the choice of safe parameters