Asymmetric Leakage from Multiplier and Collision-Based Single-Shot Side-Channel Attack

The single-shot collision attack on RSA proposed by Hanley et al. is studied focusing on the difference between two operands of multiplier. It is shown that how leakage from integer multiplier and long-integer multiplication algorithm can be asymmetric between two operands. The asymmetric leakage is verified with experiments on FPGA and micro-controller platforms. Moreover, we show an experimental result in which success and failure of the attack is determined by the order of operands. Therefore, designing operand order can be a cost-effective countermeasure. Meanwhile we also show a case in which a particular countermeasure becomes ineffective when the asymmetric leakage is considered. In addition to the above main contribution, an extension of the attack by Hanley et al. using the signal-processing technique of Big Mac Attack is presented

EM Attack Is Non-Invasive? - Design Methodology and Validity Verification of EM Attack Sensor

This paper presents a standard-cell-based semi-automatic design methodology of a new conceptual countermeasure against electromagnetic (EM) analysis and fault-injection attacks. The countermeasure namely EM attack sensor utilizes LC oscillators which detect variations in the EM field around a cryptographic LSI caused by a micro probe brought near the LSI. A dual-coil sensor architecture with an LUT-programming-based digital calibration can prevent a variety of microprobe-based EM attacks that cannot be thwarted by conventional countermeasures. All components of the sensor core are semi-automatically designed by standard EDA tools with a fully-digital standard cell library and hence minimum design cost. This sensor can be therefore scaled together with the cryptographic LSI to be protected. The sensor prototype is designed based on the proposed methodology together with a 128bit-key composite AES processor in 0.18um CMOS with overheads of only 1.9% in area, 7.6% in power, and 0.2% in performance, respectively. The validity against a variety of EM attack scenarios has been verified successfully

Randomness Generation for Secure Hardware Masking - Unrolled Trivium to the Rescue

Masking is a prominent strategy to protect cryptographic implementations against side-channel analysis. Its popularity arises from the exponential security gains that can be achieved for (approximately) quadratic resource utilization. Many variants of the countermeasure tailored for different optimization goals have been proposed over the past decades. The common denominator among all of them is the implicit demand for robust and high entropy randomness. Simply assuming that uniformly distributed random bits are available, without taking the cost of their generation into account, leads to a poor understanding of the efficiency and performance of secure implementations. This is especially relevant in case of hardware masking schemes which are known to consume large amounts of random bits per cycle due to parallelism. Currently, there seems to be no consensus on how to most efficiently derive many pseudo-random bits per clock cycle from an initial seed and with properties suitable for masked hardware implementations. In this work, we evaluate a number of building blocks for this purpose and find that hardware-oriented stream ciphers like Trivium and its reduced-security variant Bivium B outperform all competitors when implemented in an unrolled fashion. Unrolled implementations of these primitives enable the flexible generation of many bits per cycle while maintaining high performance, which is crucial for satisfying the large randomness demands of state-of-the-art masking schemes. According to our analysis, only Linear Feedback Shift Registers (LFSRs), when also unrolled, are capable of producing long non-repetitive sequences of random-looking bits at a high rate per cycle even more efficiently than Trivium and Bivium B. Yet, these instances do not provide black-box security as they generate only linear outputs. We experimentally demonstrate that using multiple output bits from an LFSR in the same masked implementation can violate probing security and even lead to harmful randomness cancellations. Circumventing these problems, and enabling an independent analysis of randomness generation and masking scheme, requires the use of cryptographically stronger primitives like stream ciphers. As a result of our studies, we provide an evidence-based estimate for the cost of securely generating n fresh random bits per cycle. Depending on the desired level of black-box security and operating frequency, this cost can be as low as 20n to 30n ASIC gate equivalents (GE) or 3n to 4n FPGA look-up tables (LUTs), where n is the number of random bits required. Our results demonstrate that the cost per bit is (sometimes significantly) lower than estimated in previous works, incentivizing parallelism whenever exploitable and potentially moving low randomness usage in hardware masking research from a primary to secondary design goal

The DUNE Far Detector Interim Design Report, Volume 3: Dual-Phase Module

The DUNE IDR describes the proposed physics program and technical designs of the DUNE far detector modules in preparation for the full TDR to be published in 2019. It is intended as an intermediate milestone on the path to a full TDR, justifying the technical choices that flow down from the high-level physics goals through requirements at all levels of the Project. These design choices will enable the DUNE experiment to make the ground-breaking discoveries that will help to answer fundamental physics questions. Volume 3 describes the dual-phase module's subsystems, the technical coordination required for its design, construction, installation, and integration, and its organizational structure

MEMS sensors as physical unclonable functions

A fundamental requirement of any crypto system is that secret-key material remains securely stored so that it is robust in withstanding attacks including physical tampering. In this context, physical unclonable functions (PUFs) have been proposed to store cryptographic secrets in a particularly secure manner. In this thesis, the feasibility of using microelectromechanical systems (MEMS) sensors for secure key storage purposes is evaluated for the first time. To this end, we investigated an off-the-shelf 3-axis MEMS gyroscope design and used its properties to derive a unique fingerprint from each sensor. We thoroughly examined the robustness of the derived fingerprints against temperature variation and aging. We extracted stable keys with nearly full entropy from the fingerprints. The security level of the extracted keys lies in a range between 27 bits and 150 bits depending on the applied test conditions and the used entropy estimation method. Moreover, we provide experimental evidence that the extractable key length is higher in practice when multiple wafers are considered. In addition, it is shown that further improvements could be achieved by using more precise measurement techniques and by optimizing the MEMS design. The robustness of a MEMS PUF against tampering and malicious read-outs was tested by three different types of physical attacks. We could show that MEMS PUFs provide a high level of protection due to the sensitivity of their characteristics to disassembly.Eine grundlegende Anforderung jedes Kryptosystems ist, dass der verwendete geheime Schlüssel sicher und geschützt aufbewahrt wird. Vor diesem Hintergrund wurden physikalisch unklonbare Funktionen (PUFs) vorgeschlagen, um kryptographische Geheimnisse besonders sicher zu speichern. In dieser Arbeit wird erstmals die Verwendbarkeit von mikroelektromechanischen Systemen (MEMS) für die sichere Schlüsselspeicherung anhand eines 3-achsigen MEMS Drehratensensor gezeigt. Dabei werden die Eigenschaften der Sensoren zur Ableitung eines eindeutigen Fingerabdrucks verwendet. Die Temperatur- und Langzeitstabilität der abgeleiteten Fingerabdrücke wurde ausführlich untersucht. Aus den Fingerabdrücken wurden stabile Schlüssel mit einem Sicherheitsniveau zwischen 27 Bit und 150 Bit, abhängig von den Testbedingungen und der verwendeten Entropie-Schätzmethode, extrahiert. Außerdem konnte gezeigt werden, dass die Schlüssellänge ansteigt, je mehr Wafer betrachtet werden. Darüber hinaus wurde die Verwendung einer präziseren Messtechnik und eine Optimierung des MEMS-Designs als potentielle Verbesserungsmaßnahmen identifiziert. Die Robustheit einer MEMS PUF gegen Manipulationen und feindseliges Auslesen durch verschiedene Arten von physikalischen Angriffen wurde untersucht. Es konnte gezeigt werden, dass MEMS PUFs aufgrund der Empfindlichkeit ihrer Eigenschaften hinsichtlich einer Öffnung des Mold-Gehäuses eine hohe Widerstandsfähigkeit gegenüber invasiven Angriffen aufweisen

Two Operands of Multipliers in Side-Channel Attack

The single-shot collision attack on RSA proposed by Hanley et al. is studied focusing on the difference between two operands of multipliers. There are two consequences. Firstly, designing order of operands can be a cost-effective countermeasure. We show a concrete example in which operand order determines success and failure of the attack. Secondly, countermeasures can be ineffective if the asymmetric leakage is considered. In addition to the main results, the attack by Hanley et al. is extended using the signal-processing technique of the big mac attack. An experimental result to successfully analyze an FPGA implementation of RSA with the multiply-always method is also presented

The DUNE far detector vertical drift technology. Technical design report

DUNE is an international experiment dedicated to addressing some of the questions at the forefront of particle physics and astrophysics, including the mystifying preponderance of matter over antimatter in the early universe. The dual-site experiment will employ an intense neutrino beam focused on a near and a far detector as it aims to determine the neutrino mass hierarchy and to make high-precision measurements of the PMNS matrix parameters, including the CP-violating phase. It will also stand ready to observe supernova neutrino bursts, and seeks to observe nucleon decay as a signature of a grand unified theory underlying the standard model. The DUNE far detector implements liquid argon time-projection chamber (LArTPC) technology, and combines the many tens-of-kiloton fiducial mass necessary for rare event searches with the sub-centimeter spatial resolution required to image those events with high precision. The addition of a photon detection system enhances physics capabilities for all DUNE physics drivers and opens prospects for further physics explorations. Given its size, the far detector will be implemented as a set of modules, with LArTPC designs that differ from one another as newer technologies arise. In the vertical drift LArTPC design, a horizontal cathode bisects the detector, creating two stacked drift volumes in which ionization charges drift towards anodes at either the top or bottom. The anodes are composed of perforated PCB layers with conductive strips, enabling reconstruction in 3D. Light-trap-style photon detection modules are placed both on the cryostat's side walls and on the central cathode where they are optically powered. This Technical Design Report describes in detail the technical implementations of each subsystem of this LArTPC that, together with the other far detector modules and the near detector, will enable DUNE to achieve its physics goals