48 research outputs found
Constructing TI-Friendly Substitution Boxes Using Shift-Invariant Permutations
The threat posed by side channels requires ciphers that can be efficiently protected in both software and hardware against such attacks. In this paper, we proposed a novel Sbox construction based on iterations of shift-invariant quadratic permutations and linear diffusions. Owing to the selected quadratic permutations, all of our Sboxes enable uniform 3-share threshold implementations, which provide first order SCA protections without any fresh randomness. More importantly, because of the shift-invariant property, there are ample implementation trade-offs available, in software as well as hardware. We provide implementation results (software and hardware) for a four-bit and an eight-bit Sbox, which confirm that our constructions are competitive and can be easily adapted to various platforms as claimed. We have successfully verified their resistance to first order attacks based on real acquisitions. Because there are very few studies focusing on software-based threshold implementations, our software implementations might be of independent interest in this regard
Optimizing Implementations of Lightweight Building Blocks
We study the synthesis of small functions used as building blocks in lightweight cryptographic designs in terms of hardware implementations. This phase most notably appears during the ASIC implementation of cryptographic primitives. The quality of this step directly affects the output circuit, and while general tools exist to carry out this task, most of them belong to proprietary software suites and apply heuristics to any size of functions. In this work, we focus on small functions (4- and 8-bit mappings) and look for their optimal implementations on a specific weighted instructions set which allows fine tuning of the technology. We propose a tool named LIGHTER, based on two related algorithms, that produces optimized implementations of small functions. To demonstrate the validity and usefulness of our tool, we applied it to two practical cases: first, linear permutations that define diffusion in most of SPN ciphers; second, non-linear 4-bit permutations that are used in many lightweight block ciphers. For linear permutations, we exhibit several new MDS diffusion matrices lighter than the state-of-the-art, and we also decrease the implementation cost of several already known MDS matrices. As for non-linear permutations, LIGHTER outperforms the area-optimized synthesis of the state-of-the-art academic tool ABC. Smaller circuits can also be reached when ABC and LIGHTER are used jointly
CRAFT: Lightweight Tweakable Block Cipher with Efficient Protection Against DFA Attacks
Traditionally, countermeasures against physical attacks are integrated into the implementation of cryptographic primitives after the algorithms have been designed for achieving a certain level of cryptanalytic security. This picture has been changed by the introduction of PICARO, ZORRO, and FIDES, where efficient protection against Side-Channel Analysis (SCA) attacks has been considered in their design. In this work we present the tweakable block cipher CRAFT: the efficient protection of its implementations against Differential Fault Analysis (DFA) attacks has been one of the main design criteria, while we provide strong bounds for its security in the related-tweak model. Considering the area footprint of round-based hardware implementations, CRAFT outperforms the other lightweight ciphers with the same state and key size. This holds not only for unprotected implementations but also when fault-detection facilities, side-channel protection, and their combination are integrated into the implementation. In addition to supporting a 64-bit tweak, CRAFT has the additional property that the circuit realizing the encryption can support the decryption functionality as well with very little area overhead
Teaching Hardware Reverse Engineering: Educational Guidelines and Practical Insights
Since underlying hardware components form the basis of trust in virtually any
computing system, security failures in hardware pose a devastating threat to
our daily lives. Hardware reverse engineering is commonly employed by security
engineers in order to identify security vulnerabilities, to detect IP
violations, or to conduct very-large-scale integration (VLSI) failure analysis.
Even though industry and the scientific community demand experts with expertise
in hardware reverse engineering, there is a lack of educational offerings, and
existing training is almost entirely unstructured and on the job. To the best
of our knowledge, we have developed the first course to systematically teach
students hardware reverse engineering based on insights from the fields of
educational research, cognitive science, and hardware security. The
contribution of our work is threefold: (1) we propose underlying educational
guidelines for practice-oriented courses which teach hardware reverse
engineering; (2) we develop such a lab course with a special focus on
gate-level netlist reverse engineering and provide the required tools to
support it; (3) we conduct an educational evaluation of our pilot course. Based
on our results, we provide valuable insights on the structure and content
necessary to design and teach future courses on hardware reverse engineering
CRAFT: Lightweight Tweakable Block Cipher with Efficient Protection Against DFA Attacks
Traditionally, countermeasures against physical attacks are integrated into the implementation of cryptographic primitives after the algorithms have been designed for achieving a certain level of cryptanalytic security. This picture has been changed by the introduction of PICARO, ZORRO, and FIDES, where efficient protection against Side-Channel Analysis (SCA) attacks has been considered in their design. In this work we present the tweakable block cipher CRAFT: the efficient protection of its implementations against Differential Fault Analysis (DFA) attacks has been one of the main design criteria, while we provide strong bounds for its security in the related-tweak model. Considering the area footprint of round-based hardware implementations, CRAFT outperforms the other lightweight ciphers with the same state and key size. This holds not only for unprotected implementations but also when fault-detection facilities, side-channel protection, and their combination are integrated into the implementation. In addition to supporting a 64-bit tweak, CRAFT has the additional property that the circuit realizing the encryption can support the decryption functionality as well with very little area overhead
Recommended from our members
Development of a Layout-Level Hardware Obfuscation Tool to Counter Reverse Engineering
Reverse engineering of hardware IP block is a common practice for competitive purposes in the semiconductor industry. What is done with the information gathered is the deciding legal factor. Once this information gets into the hands of an attacker, it can be used to manufacture exact clones of the hardware device.
In an attempt to prevent the illegal copies of the IP block from flooding the market, layout-level obfuscation based on switchable dopant is suggested for the hardware design. This approach can be integrated into the design and manufacturing flow using an obfuscation tool (ObfusTool) to obfuscate the functionality of the IP core.
The ObfusTool is developed in a way to be flexible and adapt to different standard cell libraries and designs. It enables easy and accurate evaluation of the area, power and delay v/s obfuscation trades-offs across different design approaches for hardware obfuscation. The ObfusTool is linked to an obfuscation standard cell library which is based on a prototype design created with Obfuscells and 4-input NAND gate. The Obfuscell is a standard cell which is created with switchable functionality based on the assigned dopant configurations. The Obfuscell is combined with other logic gates to form a standard cell library, which can replace any number of existing gates in the IP block without altering it\u27s functionality. A total of 160 different gates are realized using permutated combinations starting with 26 unique gate functions. This design library provide a high level of obfuscation in terms of the number of combinations an adversary has to go through increase to 2 2000 approximately based on the design under consideration.
The connectivity of the design has been ignored by previous approaches, which we have addressed in this thesis. The connectivity of a design leaks important information related to inputs and outputs of a gate. We extend the basic idea of dopant-based hardware obfuscation by introducing dummy wires . The addition of dummy wires not only obfuscates the functionality of the design but also it\u27s connectivity. This greatly reduces the information leakage and complexity of the design increases. To an attacker the whole design appears as one big \u27blob\u27.This also curbs the attempts of brute force attacks. The introduced obfuscation comes at a cost of area and power overhead on an average 5x, which varies across different design libraries
SCAR: Power Side-Channel Analysis at RTL-Level
Power side-channel attacks exploit the dynamic power consumption of
cryptographic operations to leak sensitive information of encryption hardware.
Therefore, it is necessary to conduct power side-channel analysis for assessing
the susceptibility of cryptographic systems and mitigating potential risks.
Existing power side-channel analysis primarily focuses on post-silicon
implementations, which are inflexible in addressing design flaws, leading to
costly and time-consuming post-fabrication design re-spins. Hence, pre-silicon
power side-channel analysis is required for early detection of vulnerabilities
to improve design robustness. In this paper, we introduce SCAR, a novel
pre-silicon power side-channel analysis framework based on Graph Neural
Networks (GNN). SCAR converts register-transfer level (RTL) designs of
encryption hardware into control-data flow graphs and use that to detect the
design modules susceptible to side-channel leakage. Furthermore, we incorporate
a deep learning-based explainer in SCAR to generate quantifiable and
human-accessible explanation of our detection and localization decisions. We
have also developed a fortification component as a part of SCAR that uses
large-language models (LLM) to automatically generate and insert additional
design code at the localized zone to shore up the side-channel leakage. When
evaluated on popular encryption algorithms like AES, RSA, and PRESENT, and
postquantum cryptography algorithms like Saber and CRYSTALS-Kyber, SCAR,
achieves up to 94.49% localization accuracy, 100% precision, and 90.48% recall.
Additionally, through explainability analysis, SCAR reduces features for GNN
model training by 57% while maintaining comparable accuracy. We believe that
SCAR will transform the security-critical hardware design cycle, resulting in
faster design closure at a reduced design cost
Design and Implementation of a Secure RISC-V Microprocessor
Secret keys can be extracted from the power consumption or electromagnetic
emanations of unprotected devices. Traditional counter-measures have limited
scope of protection, and impose several restrictions on how sensitive data must
be manipulated. We demonstrate a bit-serial RISC-V microprocessor
implementation with no plain-text data. All values are protected using Boolean
masking. Software can run with little to no counter-measures, reducing code
size and performance overheads. Unlike previous literature, our methodology is
fully automated and can be applied to designs of arbitrary size or complexity.
We also provide details on other key components such as clock randomizer,
memory protection, and random number generator. The microprocessor was
implemented in 65 nm CMOS technology. Its implementation was evaluated using
NIST tests as well as side channel attacks. Random numbers generated with our
RNG pass on all NIST tests. Side-channel analysis on the baseline
implementation extracted the AES key using only 375 traces, while our secure
microprocessor was able to withstand attacks using 20 M traces.Comment: Submitted to IEEE for possible publication. Copyright may be
transferred. This version may no longer be accessibl