Defending cache memory against cold-boot attacks boosted by power or EM radiation analysis

Some algorithms running with compromised data select cache memory as a type of secure memory where data is confined and not transferred to main memory. However, cold-boot attacks that target cache memories exploit the data remanence. Thus, a sudden power shutdown may not delete data entirely, giving the opportunity to steal data. The biggest challenge for any technique aiming to secure the cache memory is performance penalty. Techniques based on data scrambling have demonstrated that security can be improved with a limited reduction in performance. However, they still cannot resist side-channel attacks like power or electromagnetic analysis. This paper presents a review of known attacks on memories and countermeasures proposed so far and an improved scrambling technique named random masking interleaved scrambling technique (RM-ISTe). This method is designed to protect the cache memory against cold-boot attacks, even if these are boosted by side-channel techniques like power or electromagnetic analysis.Postprint (author's final draft

Design and validation of a platform for electromagnetic fault injection

Security is acknowledged as one of the main challenges in the design and deployment of embedded circuits. Devices need to operate on-the-field safely and correctly, even when at physical reach of potential adversaries. One of the most powerful techniques to compromise the correct functioning of a device are fault injection attacks. They enable an active adversary to trigger errors on a circuit in order to bypass security features or to gain knowledge of security-sensitive information. There are several methods to induce such errors. In this work we focus on the injection of faults through the electromagnetic (EM) channel. In particular, we document our efforts towards building a suitable platform for EM pulse injection. We design a pulse injection circuit that can provide currents over 20 A to an EM injector in order to generate abrupt variations of the EM field on the vicinity of a circuit. We validate the suitability of our platform by applying a well-know attack on an embedded 8-bit microcontroller implementing the AES block cipher. In particular, we show how to extract the AES secret cryptographic keys stored in the device by careful injection of faults during the encryption operations and simple analysis of the erroneous outputs.Peer ReviewedPostprint (published version

Anàlisi de l'energia de transició màxima en circuits combinacionals CMOS

En la dècada actual, l'augment del consum energètic dels circuits integrats està tenint un impacte cada vegada més important en el disseny electrònic. Segons l'informe de la Semiconductor Industry Association de l'any 1997, es preveu que aquest impacte serà encara major en la propera dècada. En la bibliografia existeixen diversos treballs on es relaciona un consumo energètic elevat amb la degradació de les prestacions i la fiabilitat del xip. Per aquesta raó, el consum energètic ha estat incorporat com a un altre paràmetre a tenir en compte en el disseny dels circuits integrats. Es coneix com a energia de transició l'energia consumida per un circuit combinacional CMOS quan es produeix un canvi en les seves entrades. Una energia de transició excessivament elevada pot afectar a la fiabilitat del xip a través dels anomenats hot spots, i de l'electromigració. Altres efectes com el ground bouncing i la signal integrity degradation poden repercutir en les prestacions del circuit. La minimització de les degradacions esmentades anteriorment requereixen de la caracterització de l'energia de transició màxima durant la fase de disseny. A tal efecte, en aquesta tesi es proposen dues metodologies que permeten l'estimació de l'energia de transició màxima en circuits combinacionals CMOS. Donat que l'estimació del nivell màxim exacte es inviable en circuits a partir de mides mitjanes, es proposa el càlcul de dues cotes, una d'inferior i una altra de superior, que delimiten un interval de localització de l'esmentat nivell màxim. La tesi està estructurada en els següents capítols. En el capítol 1 es fa una introducció al tema investigat en aquesta tesi i es presenten els treballs existents que el tracten. En el capítol 2 s'introdueixen els models d'estimació de l'energia de transició emprats més habitualment a nivell lògic, que és el nivell de disseny considerat en aquesta tesi. Aquests models assumeixen que l'únic mecanisme de consum és la commutació de les capacitats paràsites del circuit. En els capítols 3 i 4 es tracta l'estimació de l'energia de transició màxima. Aquesta estimació es realitza a partir del càlcul de dues cotes properes, una superior i una altre inferior, a aquesta energia màxima. En el capítol 5 es presenta l'anàlisi del comportament de l'activitat ponderada front als models de retard estàtics. Finalment, en el capítol 6 s'aborden les conclusions generals de la tesis i el treball futur.El consumo energético de los circuitos integrados es un factor cuyo impacto en el diseño electrónico ha crecido significativamente en la década actual. Según el informe de la Semiconductor Industry Association del año 1997, se prevé que este impacto será aún mayor en la próxima década. En la bibliografía existen diversos trabajos donde se relaciona un consumo energético elevado con la degradación de las prestaciones y la fiabilidad del chip. Por esta razón, el consumo energético ha sido incorporado como otro parámetro a tener en cuenta en el diseño de los circuitos integrados. Se conoce como energía de transición la energía consumida por un circuito combinacional CMOS cuando se produce un cambio en las entradas del mismo. Una energía de transición excesivamente elevada puede afectar a la fiabilidad del chip a través de los hot spots, de la electromigración. Otros efectos como el ground bouncing y la signal integrity degradation pueden repercutir en las prestaciones del circuito. La minimización de las degradaciones mencionadas anteriormente requiere de la caracterización de la energía de transición máxima durante la fase de diseño. A este efecto, se propone en esta tesis dos metodologías que permiten la estimación de la energía de transición máxima en circuitos combinacionales CMOS. Dado que la estimación del nivel máximo exacto es inviable en circuitos a partir de tamaños medios, se propone el cálculo de dos cotas, una de inferior y otra de superior, que delimiten un intervalo de localización de dicho nivel máximo. La tesis está estructurada en los siguientes capítulos. En el capítulo 1 se presenta una introducción al tema investigado en esta tesis y se resumen los trabajos existentes más importantes. En el capítulo 2 se introducen los modelos de estimación de la energía de transición más comúnmente utilizados a nivel lógico, que es el nivel de diseño considerado en esta tesis. Estos modelos asumen que el único mecanismo de consumo es la conmutación de las capacidades parásitas del circuito. En los capítulos 3 y 4 se aborda la estimación de la energía de transición máxima. Esta estimación se realiza a partir del cálculo de dos cotas cercanas, una superior y una inferior, a esta energía máxima. En el capítulo 5 se presenta el análisis del comportamiento de la actividad ponderada frente a los modelos de retardo estáticos. Finalmente, en el capítulo 6 se presentan las conclusiones generales de la tesis y el trabajo futuro.The importance of the energy consumption on the design of electronic circuits has increased significantly during the last decade. According to the report of the Semiconductor Industry Association, of 1997, the impact in the next decade will be even greater. In the bibliography several works exist relating to the high energy consumption with the degradation of the reliability and performance of the xip. For this reason, the energy consumption has been included as another parameter to take into account during the design of integrated circuits. It is known as transition energy, the energy consumed by a CMOS combinational circuit when its inputs change their value. Excessively high transition energy may affect the reliability of the chip through the generation of hot spots and electromigration. Other effects such as ground bouncing and signal integrity degradation may reduce the performance of the circuit. In order to minimize the previously detected bad effects it is useful to characterize the maximum transition energy, during the design phase. To this objective, this thesis presents two methodologies that allow for the estimation of the maximum transition energy in CMOS combinational circuits. Given that the estimation of the maximum level is only attainable for medium size circuits, it is proposed the calculation of bounds (higher and lower) delimiting the interval where the maximum level is located. The thesis is divided into the following chapters. In chapter 1 an introduction to the topic and a review of the previous works related to this research domain is given. In chapter 2 the models most extended for the estimation of the transition energy are presented. These models are mainly used at logic level which is the level assumed in this thesis. They assume that the switching of the parasitic capacitances is the only mechanism producing energy consumption. In chapters 3 and 4 the estimation of the maximum transition energy is considered. This estimation is made from the calculation of an upper and lower bound to this maximum transition energy. In chapter 5 the analysis of the switching activity is made for different static delay models. Finally, in chapter 6 the general conclusions of the thesis and future work are discussed

Crypto-test-lab for security validation of ECC co-processor test infrastructure

© 20xx IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting /republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other worksElliptic Curve Cryptography (ECC) is a technology for public-key cryptography that is becoming increasingly popular because it provides greater speed and implementation compactness than other public-key technologies. Calculations, however, may not be executed by software, since it would be so time consuming, thus an ECC co-processor is commonly included to accelerate the speed. Test infrastructure in crypto co-processors is often avoided because it poses serious security holes against adversaries. However, ECC co-processors include complex modules for which only functional test methodologies are unsuitable, because they would take an unacceptably long time during the production test. Therefore, some internal test infrastructure is always included to permit the application of structural test techniques. Designing a secure test infrastructure is quite a complex task that relies on the designer's experience and on trial & error iterations over a series of different types of attacks. Most of the severe attacks cannot be simulated because of the demanding computational effort and the lack of proper attack models. Therefore, prototypes are prepared using FPGAs. In this paper, a Crypto-Test-Lab is presented that includes an ECC co-processor with flexible test infrastructure. Its purpose is to facilitate the design and validation of secure strategies for testing in this type of co-processor.Postprint (author's final draft

Sistemes combinacionals : Introducció a les funcions lògiques i a la minimització d’expressions

En aquest quadern es tractarà l’àlgebra que s’empra en el disseny de sistemes digitalsatemporals. Un sistema atemporal és aquell en què la seva resposta no depèn deltemps i que en conseqüència reacciona de manera instantània i única als impulsosrebuts a l’entrada.2017/201

On the use of error detecting and correcting codes to boost security in caches against side channel attacks

Microprocessor memory is sensitive to cold boot attacks. In this kind of attacks, memory remanence is exploited to download its content after the microprocessor has been struck by a hard boot. If just in this moment, a crypto-algorithm was in execution, the memory data can be downloaded into a backup memory and specialized tools can be used to extract the secret keys. In the main memory data can be protected using efficient encryption techniques but in caches this is not possible unless the performance becomes seriously degraded. Recently, an interleaved scrambling technique (IST) was presented to improve the security of caches against cold boot attacks. While IST is effective for this particular kind of attacks, a weakness exists against side channel attacks, in particular using power analysis. Reliability of data in caches is warranted by means of error detecting and correcting codes. In this work it is shown how these kinds of codes can be used not only to improve reliability but also the security of data. In particular, a self-healing technique is selected to make the IST technique robust against side channel attacks using power analysis.Postprint (author’s final draft

Defeating microprobing attacks using a resource efficient detection circuit

Microprobing is an attack technique against integrated circuits implementing security functions, such as OTP tokens or smartcards. It allows intercepting secrets from onchip wires as well as injecting faults for other attacks. While the necessity to etch open chip packages and to remove the passivation layer makes microprobing appear expensive, it was shown that a successful attack can be run with equipment worth a few thousand euros. On the protector’s side, however, appropriate countermeasures such as active shields, redundancy of core components, or analog detection circuits containing large capacitors, are still expensive. We present a resource efficient microbing detection circuit that we call Low Area Probing Detector (LAPD). It measures minimal timing differences between on-chip wires caused by the capacitive load of microprobes. Simulations show that it can detect up-todate probes with capacitances as low as 10 fF. As a novelty, the LAPD is merely based on digital components and does not require analog circuitry, which reduces the required area and process steps compared to previous approaches.Postprint (author’s final draft

The low area probing detector as a countermeasure against invasive attacks

© 20xx IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting /republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other worksMicroprobing allows intercepting data from on-chip wires as well as injecting faults into data or control lines. This makes it a commonly used attack technique against security-related semiconductors, such as smart card controllers. We present the low area probing detector (LAPD) as an efficient approach to detect microprobing. It compares delay differences between symmetric lines such as bus lines to detect timing asymmetries introduced by the capacitive load of a probe. Compared with state-of-the-art microprobing countermeasures from industry, such as shields or bus encryption, the area overhead is minimal and no delays are introduced; in contrast to probing detection schemes from academia, such as the probe attempt detector, no analog circuitry is needed. We show the Monte Carlo simulation results of mismatch variations as well as process, voltage, and temperature corners on a 65-nm technology and present a simple reliability optimization. Eventually, we show that the detection of state-of-the-art commercial microprobes is possible even under extreme conditions and the margin with respect to false positives is sufficient.Peer ReviewedPostprint (author's final draft