46 research outputs found
SoK: Design Tools for Side-Channel-Aware Implementations
Side-channel attacks that leak sensitive information through a computing
device's interaction with its physical environment have proven to be a severe
threat to devices' security, particularly when adversaries have unfettered
physical access to the device. Traditional approaches for leakage detection
measure the physical properties of the device. Hence, they cannot be used
during the design process and fail to provide root cause analysis. An
alternative approach that is gaining traction is to automate leakage detection
by modeling the device. The demand to understand the scope, benefits, and
limitations of the proposed tools intensifies with the increase in the number
of proposals.
In this SoK, we classify approaches to automated leakage detection based on
the model's source of truth. We classify the existing tools on two main
parameters: whether the model includes measurements from a concrete device and
the abstraction level of the device specification used for constructing the
model. We survey the proposed tools to determine the current knowledge level
across the domain and identify open problems. In particular, we highlight the
absence of evaluation methodologies and metrics that would compare proposals'
effectiveness from across the domain. We believe that our results help
practitioners who want to use automated leakage detection and researchers
interested in advancing the knowledge and improving automated leakage
detection
HW/SW Co-design of TA/SPA-resistant Public-key Cryptosystems
Contains fulltext :
127469.pdf (preprint version ) (Open Access)CRASH 2005 : Cryptographic Advances in Secure Hardware, Leuven, September 6-7, 200
Platform-based design for an embedded fingerprint authentication device
Fingerprint authentication, in an embedded and portable context, requires complex signal, network, and security-protocol processing in a resource-constrained implementation. We present a platform-based design approach for this application, based on a hierarchy of virtual machines (VM). The fingerprint authentication is programmed in Java, C, and VHSIC hardware description language, and mapped onto a hierarchy of three machines, consisting of an embedded Java VM, an Sparc-V8 core, and an field programmable gate array. We show bow our approach is able to cope with multiple concurrent design processes and multiple application domains, including biometrics signal processing, as well as security-protocol implementation. The platform-based design approach also deals with reuse requirements for embedded software and hardware. The formulation of a platform as a VM enables design exploration and incremental design validation throughout the design traject, and results in a specialized, but still programmable, platform. The Java bytecode of our fingerprint authentication takes less than 10 kB.status: publishe
An interactive codesign environment for domain-specific coprocessors
Energy-efficient embedded systems rely on domain-specific coprocessors for dedicated tasks such as baseband processing, video coding, or encryption. We present a language and design environment called GEZEL that can be used for the design, verification and implementation of such coprocessor-based systems.status: publishe
NEON crypto
NEON is a vector instruction set included in a large fraction of new ARM-based tablets and smartphones. This paper shows that NEON supports high-security cryptography at surprisingly high speeds; normally data arrives at lower speeds, giving the CPU time to handle tasks other than cryptography. In particular, this paper explains how to use a single 800MHz Cortex A8 core to compute the existing NaCl suite of high-security cryptographic primitives at the following speeds: 5.60 cycles per byte (1.14 Gbps) to encrypt using a shared secret key, 2.30 cycles per byte (2.78 Gbps) to authenticate using a shared secret key, 527102 cycles (1517/second) to compute a shared secret key for a new public key, 624846 cycles (1280/second) to verify a signature, and 244655 cycles (3269/second) to sign a message. These speeds make no use of secret branches and no use of secret memory addresses. Keywords: vectorization-friendly cryptographic primitives – efficient software implementations – smartphones – tablets – there be dragon