Double-Data-Rate computation as a countermeasure against fault analysis

International audienceDifferential Fault Analysis (DFA) is one of the most powerful techniques to attack cryptosystems. Several countermeasures have been proposed, which are based either on information or temporal redundancy. In this work, we propose a novel approach based on a Double-Data-Rate (DDR) computation template. A few sample architectures have been implemented: they are compared to other existing architectures and countermeasures, and a thorough dependability analysis is given

Towards automated fault pruning with Petri Nets

International audienceEmbedded systems design is starting considering dependability issues even for mass-market systems. Soft error consequences must in particular be carefully analyzed. Usually, fault injection campaigns are run to analyze the consequences of transient faults, but the length of a comprehensive evaluation often collides with the severe requirements on design cycle times. We propose a new fault pruning technique to identify harmless components and computation cycles as soon as possible, thus avoiding useless fault injection experiments. The technique is based on a formal model of the system and we show that it can be used for both SEUs and SETs

Chiffrement homomorphique : entre développements théoriques et implantations pratiques

National audienc

Forecasting the effects of electromagnetic fault injections on embedded cryptosystems

Special Issue: Trustworthy Manufacturing and Utilization of Secure DevicesInternational audienceThis work deals with the electromagnetic pulses (EMP) injection of transient faults into embedded cryptosystems. The purpose of this study is to deepen the understanding of the interaction of an electromagnetic (EM) field and a logic circuit (ASIC or FPGA). In this direction, a sign-off power analysis and a voltage (IR) drop analysis can be useful to localize possible circuit weaknesses and identify the most vulnerable regions to EMP attacks. The preliminary results of a sign-off power analysis conducted on a real circuit are provided and discussed. The long-term objective is the development of a model able to predict the effects of an EMP on a cryptosystem

Electromagnetic attacks on embedded devices: a model of probe-circuit power coupling

International audienceThis work proposes a model to estimate the electromagnetic (EM) power coupling between an EM probe and an embedded cryptosystem. All the assumptions and the approximations of this approach are introduced and discussed to extract a general model to be applied to a multi-layer circuit. The power coupled to each circuit layer can thus be estimated by using this model. In particular, an example of power coupling with a real circuit is provided. The long term objective is the development of a macro-model able to predict the effects of an EM pulse on a cryptosystem knowing the energy delivered by an EM probe

An Elliptic Curve Crypto-Processor Secured by Randomized Windows

International audienceEmbedded systems are increasingly providing secure functionalities, which often rely on some dedicated hardware for symmetric and public-key cryptography. When resources are limited, elliptic curve cryptosystemsgraphy (ECC) (ECCs) may be chosen instead of the more widely known RSA, which needs much longer keys for the same security level. However, ECC may be vulnerable, as any other cryptographic implementation, to side channel analysis, which may reveal secret information by analyzing collateral sources of information, such as power consumption. Countermeasures must be thus adopted at the design level, in order to ensure robust and secure operation of the device. We propose here a new scalar multiplication algorithm on an elliptic curve, based on a novel randomized window method. This design is protected against side channel attacks (Timing, Simple and Differential Power Analysis) and it is implemented over prime fields, but it can be applied to binary fields as well. In order to evaluate this countermeasure, we provide its costs, and an estimation of the additional entropy added to the computation against side channels attacks

Accès autorisé au réseau reconfigurable de test par ensemble de segments

National audienceDes instruments de test sont embarqués dans les circuits pour réussir à tester des structures de plus en plus complexes. Il est possible d’accéder à ces instruments grâce à des réseaux de test sériel (scan), qui facilitent le travail des testeurs mais aussi des attaquants. L’objet de cet article est une solution permettant de restreindre l’accès de chaque instrument à ceux qui y sont autorisé tout en optimisant la gestion des clés donnant ces accès

A Novel Double-Data-Rate AES Architecture Resistant against Fault Injection

Several techniques have been proposed for encryption blocks in order to provide protection against faults. These techniques usually exploit some form of redundancy, e.g. by means of error detection codes. However, protection schemes that offer an acceptable error detection rate are in general expensive, while temporal redundancy heavily affects the throughput. In this paper, we propose a new design solution that exploits temporal redundancy by DDR techniques without affecting adversely the throughput at lower clock frequencies. We will also show that the overall costs can be comparable to other solutions recently proposed. 1

Tuning of randomized windows against simple power analysis for scalar multiplication on elliptic curves

International audienceThe elliptic curve cryptography (ECC) is relevant in embedded systems, since it can provide an elevated level of security with keys much shorter than the current de-facto standard in public key cryptography, RSA. However, an implementation of ECC may leak information in side-channels (time of computation, power consumption ...). Thus, the operation that manipulates the secret key must be implemented with the goal of reducing such leakage. In this paper we focus on the simple power analysis (SPA) attack: this technique is based on identifying patterns in single power consumption trace that would allow obtaining the sequence of operations performed in the group (addition and doubling of points in the case of elliptic curves). SPA attacks target the scalar multiplication because this operation manipulates the secret key, which is used as the coefficient of the scalar multiplication. Windows methods can improve the performance and the security with respect to the simple Double and Add algorithm. On a Weierstrass curve, however, point operands of group operations cannot be the infinity point; therefore, empty windows (all bits equal to zero) can be still detected by an SPA attack. The leakage of critical data can be decreased by using windows of random width, and by inserting dummy group operations at random times in order to mask the size of windows. However, we show here that computing SPA on several scalar multiplications (using the same secret key and different points) still allows finding long sequences of zero bits in the secret key. We present here an experimental and statistical approach to quantify this attack, allowing the designer to tune the parameters of the scalar multiplication algorithm