139 research outputs found
Engineering On-Chip Thermal Effects
Temperature effects can be used to maliciously affect the behavior of
digital crypto-circuits. For example, temperature effects can create
covert communication channels, and they can affect the stability of
physical unclonable functions (PUFs). This talk observes that these
thermal effects can be engineered, and we describe two techniques. The
first technique shows how to filter the information through a covert
temperature channel. This leads to detectors for very specific events,
for example, someone touching the chip package. The second technique
shows how to mitigate the impact of temperature on a PUF design while
avoiding costly post-processing. We discuss the design of a compact
ring-oscillator PUF for FPGA which is tolerant to temperature
variations
Precomputation Methods for Faster and Greener Post-Quantum Cryptography on Emerging Embedded Platforms
Precomputation techniques are useful to improve real-time performance of complex algorithms at the expense of extra memory, and extra preparatory computations. This practice is neglected especially in the embedded context where energy and memory space is limited. Instead, the embedded space favors the immediate reduction of energy and memory footprint. However, the embedded platforms of the future may be different from the traditional ones. Energy-harvesting sensor nodes may extract virtually limitless energy from their surrounding, while at the same time they are able to store more data at cheaper cost, thanks to Moore\u27s law. Yet, minimizing the run-time energy and latency will still be primary targets for today\u27s as well as future real-time embedded systems. Another important challenge for the future systems is to provide efficient public-key based solutions that can thwart quantum-cryptanalysis. In this article, we address these two concepts. We apply precomputation techniques on two post-quantum digital signature schemes: hash-based and lattice-based digital signatures. We first demonstrate that precomputation methods are extensible to post-quantum cryptography and are applicable on current energy-harvesting platforms. Then, we quantify its impact on energy, execution time, and the overall system yield. The results show that precomputation can improve the run-time latency and energy consumption up to a factor of 82.7 and 11.8, respectively. Moreover, for a typical energy-harvesting profile, it can triple the total number of generated signatures. We reveal that precomputation enables very complex and even probabilistic algorithms to achieve acceptable real-time performance on resource-constrained platforms. Thus, it will expand the scope of post-quantum algorithms to a broader range of platforms and applications
Domain-Oriented Masked Instruction Set Architecture for RISC-V
An important selling point for the RISC-V instruction set is the separation between ISA and the implementation of the ISA, leading to flexibility in the design. We argue that for secure implementations, this flexibility is often a vulnerability. With a hardware attacker, the side-effects of instruction execution cannot be ignored. As a result, a strict separation between the ISA interface and implementation is undesirable. We suggest that secure ISA may require additional implementation constraints. As an example, we describe an instruction-set for the development of power side-channel resistant software
Virtual Secure Circuit: Porting Dual-Rail Pre-charge Technique into Software on Multicore
This paper discusses a novel direction for multicore cryptographic
software, namely the use of multicore to protect a design against
side-channel attacks. We present a technique which is based on the
principle of dual-rail pre-charge, but which can be completely
implemented in software. The resulting protected software is called
a Virtual Secure Circuit (VSC). Similar to the dual-rail pre-charge
technique, a VSC executes as two complementary programs on two
identical processor cores. Our key contributions include (1) the
analysis of the security properties of a VSC, (2) the construction
of a VSC AES prototype on a dual-PowerPC architecture, (3) the
demonstration of VSC\u27s protection effectiveness with real
side-channel attack experiments. The attack results showed that the
VSC protected AES needs 80 times more measurements than the
unprotected AES to find the first correct key byte. Even one million
measurements were not sufficient to fully break VSC protected AES,
while unprotected AES was broken using only 40000 measurements. We
conclude that VSC can provide a similar side-channel resistance as
WDDL, the dedicated hardware equivalent of dual-rail pre-charge.
However, in contrast to WDDL, VSC is a software technique, and
therefore it is flexible
SoC Root Canal!
Finding the root cause of power-based side-channel leakage becomes harder when multiple layers of design abstraction are involved. While side-channel leakage originates in processor hardware, the dangerous consequences may only become apparent in the cryptographic software that runs on the processor. This contribution presents RootCanal, a methodology to explain the origin of side-channel leakage in a software program in terms of the underlying micro-architecture and system architecture. We simulate the hardware power consumption at the gate level and perform a non-specific test to identify the logic gates that contribute most sidechannel leakage. Then, we back-annotate those findings to the related activities in the software. The resulting analysis can automatically point out non-trivial causes of side-channel leakages. To illustrate RootCanal’s capabilities, we discuss a collection of case studies
- …