On the Exploitation of a High-throughput SHA-256 FPGA Design for HMAC

High-throughput and area-efficient designs of hash functions and corresponding mechanisms for Message Authentication Codes (MACs) are in high demand due to new security protocols that have arisen and call for security services in every transmitted data packet. For instance, IPv6 incorporates the IPSec protocol for secure data transmission. However, the IPSec's performance bottleneck is the HMAC mechanism which is responsible for authenticating the transmitted data. HMAC's performance bottleneck in its turn is the underlying hash function. In this article a high-throughput and small-size SHA-256 hash function FPGA design and the corresponding HMAC FPGA design is presented. Advanced optimization techniques have been deployed leading to a SHA-256 hashing core which performs more than 30% better, compared to the next better design. This improvement is achieved both in terms of throughput as well as in terms of throughput/area cost factor. It is the first reported SHA-256 hashing core that exceeds 11Gbps (after place and route in Xilinx Virtex 6 board)

VLSI Watermark Implementations and Applications

This paper presents an up to date review of digital watermarking (WM) from a VLSI designer point of view. The reader is introduced to basic principles and terms in the field of image watermarking. It goes through a brief survey on WM theory, laying out common classification criterions and discussing important design considerations and trade-offs. Elementary WM properties such as robustness, computational complexity and their influence on image quality are discussed. Common attacks and testing benchmarks are also briefly mentioned. It is shown that WM design must take the intended application into account. The difference between software and hardware implementations is explained through the introduction of a general scheme of a WM system and two examples from previous works. A versatile methodology to aid in a reliable and modular design process is suggested. Relating to mixed-signal VLSI design and testing, the proposed methodology allows an efficient development of a CMOS image sensor with WM capabilities

A Survey of Recent Developments in Testability, Safety and Security of RISC-V Processors

With the continued success of the open RISC-V architecture, practical deployment of RISC-V processors necessitates an in-depth consideration of their testability, safety and security aspects. This survey provides an overview of recent developments in this quickly-evolving field. We start with discussing the application of state-of-the-art functional and system-level test solutions to RISC-V processors. Then, we discuss the use of RISC-V processors for safety-related applications; to this end, we outline the essential techniques necessary to obtain safety both in the functional and in the timing domain and review recent processor designs with safety features. Finally, we survey the different aspects of security with respect to RISC-V implementations and discuss the relationship between cryptographic protocols and primitives on the one hand and the RISC-V processor architecture and hardware implementation on the other. We also comment on the role of a RISC-V processor for system security and its resilience against side-channel attacks

Algorithms and Architectures for Secure Embedded Multimedia Systems

Embedded multimedia systems provide real-time video support for applications in entertainment (mobile phones, internet video websites), defense (video-surveillance and tracking) and public-domain (tele-medicine, remote and distant learning, traffic monitoring and management). With the widespread deployment of such real-time embedded systems, there has been an increasing concern over the security and authentication of concerned multimedia data. While several (software) algorithms and hardware architectures have been proposed in the research literature to support multimedia security, these fail to address embedded applications whose performance specifications have tighter constraints on computational power and available hardware resources. The goals of this dissertation research are two fold: 1. To develop novel algorithms for joint video compression and encryption. The proposed algorithms reduce the computational requirements of multimedia encryption algorithms. We propose an approach that uses the compression parameters instead of compressed bitstream for video encryption. 2. Hardware acceleration of proposed algorithms over reconfigurable computing platforms such as FPGA and over VLSI circuits. We use signal processing knowledge to make the algorithms suitable for hardware optimizations and try to reduce the critical path of circuits using hardware-specific optimizations. The proposed algorithms ensures a considerable level of security for low-power embedded systems such as portable video players and surveillance cameras. These schemes have zero or little compression losses and preserve the desired properties of compressed bitstream in encrypted bitstream to ensure secure and scalable transmission of videos over heterogeneous networks. They also support indexing, search and retrieval in secure multimedia digital libraries. This property is crucial not only for police and armed forces to retrieve information about a suspect from a large video database of surveillance feeds, but extremely helpful for data centers (such as those used by youtube, aol and metacafe) in reducing the computation cost in search and retrieval of desired videos

Implementation of an FPGA based accelerator for virtual private networks.

Cheung Yu Hoi Ocean.Thesis (M.Phil.)--Chinese University of Hong Kong, 2002.Includes bibliographical references (leaves 65-70).Abstracts in English and Chinese.Chapter 1 --- Introduction --- p.1Chapter 1.1 --- Motivation --- p.1Chapter 1.2 --- Aims --- p.2Chapter 1.3 --- Contributions --- p.3Chapter 1.4 --- Thesis Outline --- p.3Chapter 2 --- Virtual Private Network and FreeS/WAN --- p.4Chapter 2.1 --- Introduction --- p.4Chapter 2.2 --- Internet Protocol Security (IPSec) --- p.4Chapter 2.3 --- Secure Virtual Private Network --- p.6Chapter 2.4 --- LibDES --- p.9Chapter 2.5 --- FreeS/WAN --- p.9Chapter 2.6 --- Commercial VPN solutions --- p.9Chapter 2.7 --- Summary --- p.11Chapter 3 --- Cryptography and Field-Programmable Gate Arrays (FPGAs) --- p.12Chapter 3.1 --- Introduction --- p.12Chapter 3.2 --- The Data Encryption Standard Algorithm (DES) --- p.12Chapter 3.2.1 --- The Triple-DES Algorithm (3DES) --- p.14Chapter 3.2.2 --- Previous work on DES and Triple-DES --- p.16Chapter 3.3 --- The IDEA Algorithm --- p.17Chapter 3.3.1 --- Multiplication Modulo 2n + 1 --- p.20Chapter 3.3.2 --- Previous work on IDEA --- p.21Chapter 3.4 --- Block Cipher Modes of operation --- p.23Chapter 3.4.1 --- Electronic Code Book (ECB) mode --- p.23Chapter 3.4.2 --- Cipher-block Chaining (CBC) mode --- p.25Chapter 3.5 --- Field-Programmable Gate Arrays --- p.27Chapter 3.5.1 --- Xilinx Virtex-E´ёØ FPGA --- p.27Chapter 3.6 --- Pilchard --- p.30Chapter 3.6.1 --- Memory Cache Control Mode --- p.31Chapter 3.7 --- Electronic Design Automation Tools --- p.32Chapter 3.8 --- Summary --- p.33Chapter 4 --- ImplementationChapter 4.1 --- Introduction --- p.36Chapter 4.1.1 --- Hardware Platform --- p.36Chapter 4.1.2 --- Reconfigurable Hardware Computing Environment --- p.36Chapter 4.1.3 --- Pilchard Software --- p.38Chapter 4.2 --- DES in ECB mode --- p.39Chapter 4.2.1 --- Hardware --- p.39Chapter 4.2.2 --- Software Interface --- p.40Chapter 4.3 --- DES in CBC mode --- p.42Chapter 4.3.1 --- Hardware --- p.42Chapter 4.3.2 --- Software Interface --- p.42Chapter 4.4 --- Triple-DES in CBC mode --- p.45Chapter 4.4.1 --- Hardware --- p.45Chapter 4.4.2 --- Software Interface --- p.45Chapter 4.5 --- IDEA in ECB mode --- p.48Chapter 4.5.1 --- Multiplication Modulo 216 + 1 --- p.48Chapter 4.5.2 --- Hardware --- p.48Chapter 4.5.3 --- Software Interface --- p.50Chapter 4.6 --- Triple-DES accelerator in LibDES --- p.51Chapter 4.7 --- Triple-DES accelerator in FreeS/WAN --- p.52Chapter 4.8 --- IDEA accelerator in FreeS/WAN --- p.53Chapter 4.9 --- Summary --- p.54Chapter 5 --- Results --- p.55Chapter 5.1 --- Introduction --- p.55Chapter 5.2 --- Benchmarking environment --- p.55Chapter 5.3 --- Performance of Triple-DES and IDEA accelerator --- p.56Chapter 5.3.1 --- Performance of Triple-DES core --- p.55Chapter 5.3.2 --- Performance of IDEA core --- p.58Chapter 5.4 --- Benchmark of FreeSAVAN --- p.59Chapter 5.4.1 --- Triple-DES --- p.59Chapter 5.4.2 --- IDEA --- p.60Chapter 5.5 --- Summary --- p.61Chapter 6 --- Conclusion --- p.62Chapter 6.1 --- Future development --- p.63Bibliography --- p.6

RISC-Vコンピュータシステムに基づくシリコンレベルの信頼ルートを有する信頼できる実行環境

電気通信大学202

Techniques for Improving Security and Trustworthiness of Integrated Circuits

The integrated circuit (IC) development process is becoming increasingly vulnerable to malicious activities because untrusted parties could be involved in this IC development flow. There are four typical problems that impact the security and trustworthiness of ICs used in military, financial, transportation, or other critical systems: (i) Malicious inclusions and alterations, known as hardware Trojans, can be inserted into a design by modifying the design during GDSII development and fabrication. Hardware Trojans in ICs may cause malfunctions, lower the reliability of ICs, leak confidential information to adversaries or even destroy the system under specifically designed conditions. (ii) The number of circuit-related counterfeiting incidents reported by component manufacturers has increased significantly over the past few years with recycled ICs contributing the largest percentage of the total reported counterfeiting incidents. Since these recycled ICs have been used in the field before, the performance and reliability of such ICs has been degraded by aging effects and harsh recycling process. (iii) Reverse engineering (RE) is process of extracting a circuit’s gate-level netlist, and/or inferring its functionality. The RE causes threats to the design because attackers can steal and pirate a design (IP piracy), identify the device technology, or facilitate other hardware attacks. (iv) Traditional tools for uniquely identifying devices are vulnerable to non-invasive or invasive physical attacks. Securing the ID/key is of utmost importance since leakage of even a single device ID/key could be exploited by an adversary to hack other devices or produce pirated devices. In this work, we have developed a series of design and test methodologies to deal with these four challenging issues and thus enhance the security, trustworthiness and reliability of ICs. The techniques proposed in this thesis include: a path delay fingerprinting technique for detection of hardware Trojans, recycled ICs, and other types counterfeit ICs including remarked, overproduced, and cloned ICs with their unique identifiers; a Built-In Self-Authentication (BISA) technique to prevent hardware Trojan insertions by untrusted fabrication facilities; an efficient and secure split manufacturing via Obfuscated Built-In Self-Authentication (OBISA) technique to prevent reverse engineering by untrusted fabrication facilities; and a novel bit selection approach for obtaining the most reliable bits for SRAM-based physical unclonable function (PUF) across environmental conditions and silicon aging effects

ENABLING IOT AUTHENTICATION, PRIVACY AND SECURITY VIA BLOCKCHAIN

Although low-power and Internet-connected gadgets and sensors are increasingly integrated into our lives, the optimal design of these systems remains an issue. In particular, authentication, privacy, security, and performance are critical success factors. Furthermore, with emerging research areas such as autonomous cars, advanced manufacturing, smart cities, and building, usage of the Internet of Things (IoT) devices is expected to skyrocket. A single compromised node can be turned into a malicious one that brings down whole systems or causes disasters in safety-critical applications. This dissertation addresses the critical problems of (i) device management, (ii) data management, and (iii) service management in IoT systems. In particular, we propose an integrated platform solution for IoT device authentication, data privacy, and service security via blockchain-based smart contracts. We ensure IoT device authentication by blockchain-based IC traceability system, from its fabrication to its end-of-life, allowing both the supplier and a potential customer to verify an IC’s provenance. Results show that our proposed consortium blockchain framework implementation in Hyperledger Fabric for IC traceability achieves a throughput of 35 transactions per second (tps). To corroborate the blockchain information, we authenticate the IC securely and uniquely with an embedded Physically Unclonable Function (PUF). For reliable Weak PUF-based authentication, our proposed accelerated aging technique reduces the cumulative burn-in cost by ∼ 56%. We also propose a blockchain-based solution to integrate the privacy of data generated from the IoT devices by giving users control of their privacy. The smart contract controlled trust-base ensures that the users have private access to their IoT devices and data. We then propose a remote configuration of IC features via smart contracts, where an IC can be programmed repeatedly and securely. This programmability will enable users to upgrade IC features or rent upgraded IC features for a fixed period after users have purchased the IC. We tailor the hardware to meet the blockchain performance. Our on-die hardware module design enforces the hardware configuration’s secure execution and uses only 2,844 slices in the Xilinx Zedboard Zynq Evaluation board. The blockchain framework facilitates decentralized IoT, where interacting devices are empowered to execute digital contracts autonomously