Design and implementation of robust embedded processor for cryptographic applications

Practical implementations of cryptographic algorithms are vulnerable to side-channel analysis and fault attacks. Thus, some masking and fault detection algorithms must be incorporated into these implementations. These additions further increase the complexity of the cryptographic devices which already need to perform computationally-intensive operations. Therefore, the general-purpose processors are usually supported by coprocessors/hardware accelerators to protect as well as to accelerate cryptographic applications. Using a configurable processor is just another solution. This work designs and implements robust execution units as an extension to a configurable processor, which detect the data faults (adversarial or otherwise) while performing the arithmetic operations. Assuming a capable adversary who can injects faults to the cryptographic computation with high precision, a nonlinear error detection code with high error detection capability is used. The designed units are tightly integrated to the datapath of the configurable processor using its tool chain. For different configurations, we report the increase in the space and time complexities of the configurable processor. Also, we present performance evaluations of the software implementations using the robust execution units. Implementation results show that it is feasible to implement robust arithmetic units with relatively low overhead in an embedded processor

On selection of modulus of quadratic codes for the protection of cryptographic operations against fault attacks

Quadratic residue codes are introduced as an effective and efficient error detection technique to protect cryptographic devices against fault attacks. In this paper, we re-consider these codes in an adversarial model, where a powerful attacker can introduce errors with high precision and accuracy. We present two analysis techniques that can lead to successful attacks against quadratic codes if the modulus is not chosen carefully. We provide in-depth theoretical analysis that covers wide range of attacks and present results of practical concerns such as exact number of undetected errors and effective countermeasures. Our analysis is generic in the sense that it can be extended to other residue codes

On protecting cryptographic applications against fault attacks using residue codes

We propose a new class of error detection codes, quadratic dual residue codes, to protect cryptographic computations running on general-purpose processor cores against fault attacks. The assumed adversary model is a powerful one, whereby the attacker can inject errors anywhere in the data path of a general-purpose microprocessor by bit flipping. We demonstrate that quadratic dual residue codes provide a much better protection under this powerful adversary model compared to similar codes previously proposed for the same purpose in the literature. The adopted strategy aims to protect the single-precision arithmetic operations, such as addition and multiplication, which usually dominate the execution time of many public key cryptography algorithms in general-purpose microprocessors. Two so called robust units for addition and multiplication operations, which provide a protection against faults attacks, are designed and tightly integrated into the data path of a simple, embedded re-configurable processor. We report the implementation results that compare the proposed error detection codes favorably with previous proposals of similar type in the literature. In addition, we present performance evaluations of the software implementations of Montgomery multiplication algorithm using the robust execution units. Implementation results clearly show that it is feasible to implement robust arithmetic units with relatively low overhead even for a simple embedded processor