A Vector Approach to Cryptography Implementation

International audienceThe current deployment of Digital Right Management (DRM) schemes to distribute protected contents and rights is leading the way to massive use of sophisticated embedded cryptographic applications. Embedded microprocessors have been equipped with bulky and power-consuming co-processors designed to suit particular data sizes. However, flexible cryptographic platforms are more desirable than devices dedicated to a particular cryptographic algorithm as the increasing cost of fabrication chips favors large volume production. This paper proposes a novel approach to embedded cryptography whereby we propose a vector-based general purpose machine capable of implementing a range of cryptographic algorithms. We show that vector processing ideas can be used to perform cryptography in an e±cient manner which we believe is appropriate for high performance, flexible and power efficient embedded systems

Hardware-Software Codesign of a Vector Co-processor for Public Key Cryptography

International audienceUntil now, most cryptography implementations on parallel architectures have focused on adapting the software to SIMD architectures initially meant for media applications. In this paper, we review some of the most significant contributions in this area. We then propose a vector architecture to efficiently implement long precision modular multiplications. Having such a data level parallel hardware provides a circuit whose decode and schedule units are at least of the same complexity as those of a scalar processor. The excess transistors are mainly found in the data path. Moreover, the vector approach gives a very modular architecture where resources can be easily redefined. We built a functional simulator onto which we performed a quantitative analysis to study how the resizing of those resources affects the performance of the modular multiplication operation. Hence we not only propose a vector architecture for our Public Key cryptographic operations but also show how we can analyze the impact of design choices on performance. The proposed architecture is also flexible in the sense that the software running on it would offer room for the implementation of counter-measures against side-channel or fault attacks

Thoroughly analyzing the use of ring oscillators for on-chip hardware trojan detection

International audienceWith the globalization of the IC design flow, structural integrity verification to detect parasitic electrical activities has emerged as an important research domain for testing the genuineness of an Integrated Circuit (IC). Sensors like Ring Oscil-lators (RO) have been proposed to precisely monitor the internal behaviour of the ICs. In this paper we propose an experimental analysis of the impact of parasitic electrical activities on the frequencies of ROs and on the internal supply voltages measured. Our observations lead us to identify the limits of the usability of ROs for practical and embedded detection of Hardware Trojans

Extraction of intrinsic structure for Hardware Trojan detection

Cryptology ePrint Archive: Report 2015/912In this paper we present a novel solution to address the problem of potential malicious circuitry on FPGA. This method is based on an a technique of structure extraction which consider the infection of an all lot. This structure is related to the design (place and route, power grid...) of the integrated circuits which composes the lot. In case of additional circuitry this design will be modify and the extracted structure will be affected. After developing the extraction techniques we present a method- ology to insert detection of hardware trojan and counterfeit in different IC manufacturing steps. At last an application example using 30 FPGA boards validate our extraction method. Finally, statistical tools are then applied on the experimental results to distinguish a genuine lot from an infected one and confirm the potential of detection the extracted structure

ElectroMagnetic Analysis (EMA) of Software AES on Java Mobile Phones

International audienceSmartphones, whose market share has increased by 54% between 2009 and 2010, is one of the favored platform for "Convergence Computing". Convergence Computing is a technology in which a single device can provide various services without any restrictions from external devices or networks. Today, smartphones as convergent single device have diverse functions and features such as calling, Internet surfing, game playing, banking, storage of personal and professional data, etc. Some of these use encryption algorithms such as AES (Advanced Encryption Standard). For example, this algorithm is used to authenticate server protocols or to encrypt confidential information. This paper shows that an Electromagnetic Analysis (EMA) on AES is possible on a Java mobile phone to extract secret keys. The latter can then be used for forensic purposes or to recover encrypted data stored in the device. Experiments involving two successful approaches are described and compared : Spectral Density based Approach (SDA) and Template based Resynchronisation Approach (TRA)

Design of a duplicated fault-detecting AES chip and yet using clock set-up time violations to extract 13 out of 16 bytes of the secret key

International audienceThe secret keys manipulated by cryptographic circuits can be extracted using fault injections associated with differential cryptanalysis techniques [1]. Such faults can be induced by different means such as lasers, voltage glitches, electromagnetic perturbations or clock skews. Several counter-measures have been proposed such as random delay insertions, circuit duplications or error correcting codes. In this paper, we focus on an AES chip in which the circuit duplication principle has been implemented to detect fault injection. We show that faults based on clock set-up time violations can nevertheless be used to defeat the implemented counter-measure

Estimating Attributable Mortality Due to Nosocomial Infections Acquired in Intensive Care Units

Background. The strength of the association between intensive care unit (ICU)-acquired nosocomial infections (NIs) and mortality might differ according to the methodological approach taken. Objective. TO assess the association between ICU-acquired NIs and mortality using the concept of population-attributable fraction (PAF) for patient deaths caused by ICU-acquired NIs in a large cohort of critically ill patients. Setting. Eleven ICUs of a French university hospital. Design. We analyzed surveillance data on ICU-acquired NIs collected prospectively during the period from 1995 through 2003. The primary outcome was mortality from ICU-acquired NI stratified by site of infection. A matched-pair, case-control study was performed. Each patient who died before ICU discharge was defined as a case patient, and each patient who survived to ICU discharge was denned as a control patient. The PAF was calculated after adjustment for confounders by use of conditional logistic regression analysis. Results. Among 8,068 ICU patients, a total of 1,725 deceased patients were successfully matched with 1,725 control Patients. The adjusted PAF due to ICU-acquired NI for patients who died before ICU discharge was 14.6% (95% confidence interval [CI], 14.4%—14.8%). Stratified by the type of infection, the PAF was 6.1% (95% CI, 5.7%-6.5%) for pulmonary infection, 3.2% (95% CI, 2.8%-3.5%) for central venous catheter infection, 1.7% (95% CI, 0.9%-2.5%) for bloodstream infection, and 0.0% (95% CI, -0.4% to 0.4%) for urinary tract infection. Conclusions. ICU-acquired NI had an important effect on mortality. However, the statistical association between ICU-acquired NI and mortality tended to be less pronounced in findings based on the PAF than in study findings based on estimates of relative risk. Therefore, the choice of methods does matter when the burden of NI needs to be assesse

An original phylogenetic approach identified mitochondrial haplogroup T1a1 as inversely associated with breast cancer risk in BRCA2 mutation carriers

Introduction: Individuals carrying pathogenic mutations in the BRCA1 and BRCA2 genes have a high lifetime risk of breast cancer. BRCA1 and BRCA2 are involved in DNA double-strand break repair, DNA alterations that can be caused by exposure to reactive oxygen species, a main source of which are mitochondria. Mitochondrial genome variations affect electron transport chain efficiency and reactive oxygen species production. Individuals with different mitochondrial haplogroups differ in their metabolism and sensitivity to oxidative stress. Variability in mitochondrial genetic background can alter reactive oxygen species production, leading to cancer risk. In the present study, we tested the hypothesis that mitochondrial haplogroups modify breast cancer risk in BRCA1/2 mutation carriers. Methods: We genotyped 22,214 (11,421 affected, 10,793 unaffected) mutation carriers belonging to the Consortium of Investigators of Modifiers of BRCA1/2 for 129 mitochondrial polymorphisms using the iCOGS array. Haplogroup inference and association detection were performed using a phylogenetic approach. ALTree was applied to explore the reference mitochondrial evolutionary tree and detect subclades enriched in affected or unaffected individuals. Results: We discovered that subclade T1a1 was depleted in affected BRCA2 mutation carriers compared with the rest of clade T (hazard ratio (HR) = 0.55; 95% confidence interval (CI), 0.34 to 0.88; P = 0.01). Compared with the most frequent haplogroup in the general population (that is, H and T clades), the T1a1 haplogroup has a HR of 0.62 (95% CI, 0.40 to 0.95; P = 0.03). We also identified three potential susceptibility loci, including G13708A/rs28359178, which has demonstrated an inverse association with familial breast cancer risk. Conclusions: This study illustrates how original approaches such as the phylogeny-based method we used can empower classical molecular epidemiological studies aimed at identifying association or risk modification effects.Peer reviewe

Functional mechanisms underlying pleiotropic risk alleles at the 19p13.1 breast-ovarian cancer susceptibility locus

A locus at 19p13 is associated with breast cancer (BC) and ovarian cancer (OC) risk. Here we analyse 438 SNPs in this region in 46,451 BC and 15,438 OC cases, 15,252 BRCA1 mutation carriers and 73,444 controls and identify 13 candidate causal SNPs associated with serous OC (P=9.2 × 10-20), ER-negative BC (P=1.1 × 10-13), BRCA1-associated BC (P=7.7 × 10-16) and triple negative BC (P-diff=2 × 10-5). Genotype-gene expression associations are identified for candidate target genes ANKLE1 (P=2 × 10-3) and ABHD8 (P<2 × 10-3). Chromosome conformation capture identifies interactions between four candidate SNPs and ABHD8, and luciferase assays indicate six risk alleles increased transactivation of the ADHD8 promoter. Targeted deletion of a region containing risk SNP rs56069439 in a putative enhancer induces ANKLE1 downregulation; and mRNA stability assays indicate functional effects for an ANKLE1 3′-UTR SNP. Altogether, these data suggest that multiple SNPs at 19p13 regulate ABHD8 and perhaps ANKLE1 expression, and indicate common mechanisms underlying breast and ovarian cancer risk