Engineering On-Chip Thermal Effects

Temperature effects can be used to maliciously affect the behavior of digital crypto-circuits. For example, temperature effects can create covert communication channels, and they can affect the stability of physical unclonable functions (PUFs). This talk observes that these thermal effects can be engineered, and we describe two techniques. The first technique shows how to filter the information through a covert temperature channel. This leads to detectors for very specific events, for example, someone touching the chip package. The second technique shows how to mitigate the impact of temperature on a PUF design while avoiding costly post-processing. We discuss the design of a compact ring-oscillator PUF for FPGA which is tolerant to temperature variations

Domain-Oriented Masked Instruction Set Architecture for RISC-V

An important selling point for the RISC-V instruction set is the separation between ISA and the implementation of the ISA, leading to flexibility in the design. We argue that for secure implementations, this flexibility is often a vulnerability. With a hardware attacker, the side-effects of instruction execution cannot be ignored. As a result, a strict separation between the ISA interface and implementation is undesirable. We suggest that secure ISA may require additional implementation constraints. As an example, we describe an instruction-set for the development of power side-channel resistant software

Precomputation Methods for Faster and Greener Post-Quantum Cryptography on Emerging Embedded Platforms

Precomputation techniques are useful to improve real-time performance of complex algorithms at the expense of extra memory, and extra preparatory computations. This practice is neglected especially in the embedded context where energy and memory space is limited. Instead, the embedded space favors the immediate reduction of energy and memory footprint. However, the embedded platforms of the future may be different from the traditional ones. Energy-harvesting sensor nodes may extract virtually limitless energy from their surrounding, while at the same time they are able to store more data at cheaper cost, thanks to Moore\u27s law. Yet, minimizing the run-time energy and latency will still be primary targets for today\u27s as well as future real-time embedded systems. Another important challenge for the future systems is to provide efficient public-key based solutions that can thwart quantum-cryptanalysis. In this article, we address these two concepts. We apply precomputation techniques on two post-quantum digital signature schemes: hash-based and lattice-based digital signatures. We first demonstrate that precomputation methods are extensible to post-quantum cryptography and are applicable on current energy-harvesting platforms. Then, we quantify its impact on energy, execution time, and the overall system yield. The results show that precomputation can improve the run-time latency and energy consumption up to a factor of 82.7$\times$ and 11.8$\times$, respectively. Moreover, for a typical energy-harvesting profile, it can triple the total number of generated signatures. We reveal that precomputation enables very complex and even probabilistic algorithms to achieve acceptable real-time performance on resource-constrained platforms. Thus, it will expand the scope of post-quantum algorithms to a broader range of platforms and applications

Virtual Secure Circuit: Porting Dual-Rail Pre-charge Technique into Software on Multicore

This paper discusses a novel direction for multicore cryptographic software, namely the use of multicore to protect a design against side-channel attacks. We present a technique which is based on the principle of dual-rail pre-charge, but which can be completely implemented in software. The resulting protected software is called a Virtual Secure Circuit (VSC). Similar to the dual-rail pre-charge technique, a VSC executes as two complementary programs on two identical processor cores. Our key contributions include (1) the analysis of the security properties of a VSC, (2) the construction of a VSC AES prototype on a dual-PowerPC architecture, (3) the demonstration of VSC\u27s protection effectiveness with real side-channel attack experiments. The attack results showed that the VSC protected AES needs 80 times more measurements than the unprotected AES to find the first correct key byte. Even one million measurements were not sufficient to fully break VSC protected AES, while unprotected AES was broken using only 40000 measurements. We conclude that VSC can provide a similar side-channel resistance as WDDL, the dedicated hardware equivalent of dual-rail pre-charge. However, in contrast to WDDL, VSC is a software technique, and therefore it is flexible

SoC Root Canal!

Finding the root cause of power-based side-channel leakage becomes harder when multiple layers of design abstraction are involved. While side-channel leakage originates in processor hardware, the dangerous consequences may only become apparent in the cryptographic software that runs on the processor. This contribution presents RootCanal, a methodology to explain the origin of side-channel leakage in a software program in terms of the underlying micro-architecture and system architecture. We simulate the hardware power consumption at the gate level and perform a non-specific test to identify the logic gates that contribute most sidechannel leakage. Then, we back-annotate those findings to the related activities in the software. The resulting analysis can automatically point out non-trivial causes of side-channel leakages. To illustrate RootCanal’s capabilities, we discuss a collection of case studies