Secure and Efficient RNS Approach for Elliptic Curve Cryptography

Scalar multiplication, the main operation in elliptic curve cryptographic protocols, is vulnerable to side-channel (SCA) and fault injection (FA) attacks. An efficient countermeasure for scalar multiplication can be provided by using alternative number systems like the Residue Number System (RNS). In RNS, a number is represented as a set of smaller numbers, where each one is the result of the modular reduction with a given moduli basis. Under certain requirements, a number can be uniquely transformed from the integers to the RNS domain (and vice versa) and all arithmetic operations can be performed in RNS. This representation provides an inherent SCA and FA resistance to many attacks and can be further enhanced by RNS arithmetic manipulation or more traditional algorithmic countermeasures. In this paper, extending our previous work, we explore the potentials of RNS as an SCA and FA countermeasure and provide an description of RNS based SCA and FA resistance means. We propose a secure and efficient Montgomery Power Ladder based scalar multiplication algorithm on RNS and discuss its SCAFA resistance. The proposed algorithm is implemented on an ARM Cortex A7 processor and its SCA-FA resistance is evaluated by collecting preliminary leakage trace results that validate our initial assumptions

Enabling the human in the loop: Linked data and knowledge in industrial cyber-physical systems

Industrial Cyber-Physical Systems have benefitted substantially from the introduction of a range of technology enablers. These include web-based and semantic computing, ubiquitous sensing, internet of things (IoT) with multi-connectivity, advanced computing architectures and digital platforms, coupled with edge or cloud side data management and analytics, and have contributed to shaping up enhanced or new data value chains in manufacturing. While parts of such data flows are increasingly automated, there is now a greater demand for more effectively integrating, rather than eliminating, human cognitive capabilities in the loop of production related processes. Human integration in Cyber-Physical environments can already be digitally supported in various ways. However, incorporating human skills and tangible knowledge requires approaches and technological solutions that facilitate the engagement of personnel within technical systems in ways that take advantage or amplify their cognitive capabilities to achieve more effective sociotechnical systems. After analysing related research, this paper introduces a novel viewpoint for enabling human in the loop engagement linked to cognitive capabilities and highlighting the role of context information management in industrial systems. Furthermore, it presents examples of technology enablers for placing the human in the loop at selected application cases relevant to production environments. Such placement benefits from the joint management of linked maintenance data and knowledge, expands the power of machine learning for asset awareness with embedded event detection, and facilitates IoT-driven analytics for product lifecycle management

Machine-Learning assisted Side-Channel Attacks on RNS-based Elliptic Curve Implementations using Hybrid Feature Engineering

Side-channel attacks based on machine learning have recently been introduced to recover the secret information from software and hardware implementations of mathematically secure algorithms. Convolutional Neural Networks (CNNs) have proven to outperform the template attacks due to their ability of handling misalignment in the symmetric algorithms leakage data traces. However, one of the limitations of deep learning algorithms is the requirement of huge datasets for model training. For evaluation scenarios, where limited leakage trace instances are available, simple machine learning with the selection of proper feature engineering, data splitting, and validation techniques, can be more effective. Moreover, limited analysis exists for public-key algorithms, especially on non-traditional implementations like those using Residue Number System (RNS). Template attacks are successful on RNS-based Elliptic Curve Cryptography (ECC), only if the aligned portion is used in templates. In this study, we present a systematic methodology for the evaluation of ECC cryptosystems with and without countermeasures against machine learning side-channel attacks using two attack models. RNS-based ECC datasets have been evaluated using four machine learning classifiers and comparison is provided with existing state-of-the-art template attacks. Moreover, we analyze the impact of raw features and advanced hybrid feature engineering techniques, along with the effect of splitting ratio. We discuss the metrics and procedures that can be used for accurate classification on the imbalance datasets. The experimental results demonstrate that, for ECC RNS datasets, the efficiency of simple machine learning algorithms is better than the complex deep learning techniques when such datasets are not so huge

Energy Consumption Evaluation of Post-Quantum TLS 1.3 for Resource-Constrained Embedded Devices

Post-Quantum cryptography (PQC), in the past few years, constitutes the main driving force of the quantum resistance transition for security primitives, protocols and tools. TLS is one of the widely used security protocols that needs to be made quantum safe. However, PQC algorithms integration into TLS introduce various implementation overheads compared to traditional TLS that in battery powered embedded devices with constrained resources, cannot be overlooked. While there exist several works, evaluating the PQ TLS execution time overhead in embedded systems there are only a few that explore the PQ TLS energy consumption cost. In this paper, a thorough power/energy consumption evaluation and analysis of PQ TLS 1.3 on embedded systems has been made. A WolfSSL PQ TLS 1.3 custom implementation is used that integrates all the NIST PQC algorithms selected for standardisation as well as 2 out of 3 of those evaluated in NIST Round 4. Also 1 out of 2 of the BSI recommendations have been included. The PQ TLS 1.3 with the various PQC algorithms is deployed in a STM Nucleo evaluation board under a mutual and a unilateral client-server authentication scenario. The power and energy consumption collected results are analyzed in detail. The performed comparisons and overall analysis provide very interesting results indicating that the choice of the PQC algorithms in TLS 1.3 to be deployed on an embedded system may be very different depending on the device use as an authenticated or not authenticated, client or server. Also, the results indicate that in some cases, PQ TLS 1.3 implementations can be equally or more energy consumption efficient compared to traditional TLS 1.3

Performance Evaluation of Post-Quantum TLS 1.3 on Resource-Constrained Embedded Systems

Transport Layer Security (TLS) constitutes one of the most widely used protocols for securing Internet communications and has also found broad acceptance in the Internet of Things (IoT) domain. As we progress toward a security environment resistant to quantum computer attacks, TLS needs to be transformed to support post-quantum cryptography. However, post-quantum TLS is still not standardised, and its overall performance, especially in resource-constrained, IoT-capable, embedded devices, is not well understood. In this paper, we showcase how TLS 1.3 can be transformed into quantum-safe by modifying the TLS 1.3 architecture in order to accommodate the latest Post-Quantum Cryptography (PQC) algorithms from NIST PQC process. Furthermore, we evaluate the execution time, memory, and bandwidth requirements of this proposed post-quantum variant of TLS 1.3 (PQ TLS 1.3). This is facilitated by integrating the pqm4 and PQClean library implementations of almost all PQC algorithms selected for standardisation by the NIST PQC process, as well as the alternatives to be evaluated in a new round (Round 4). The proposed solution and evaluation focuses on the lower end of resource-constrained embedded devices. Thus, the evaluation is performed on the ARM Cortex-M4 embedded platform NUCLEO-F439ZI that provides $180$ MHz clock rate, $2$ MB Flash Memory, and $256$ KB SRAM. To the authors\u27 knowledge, this is the first systematic, thorough, and complete timing, memory usage, and network traffic evaluation of PQ TLS 1.3 for all the NIST PQC process selections and upcoming candidate algorithms, that explicitly targets resource-constrained embedded systems

Context-based and human-centred information fusion in diagnostics

Maintenance management and engineering practice has progressed to adopt approaches which aim to reach maintenance decisions not by means of pre-specified plans and recommendations but increasingly on the basis of best contextually relevant available information and knowledge, all considered against stated objectives. Different methods for automating event detection, diagnostics and prognostics have been proposed, which may achieve very high performance when appropriately adapted and tuned to serve the needs of well defined tasks. However, the scope of such solutions is often narrow and without a mechanism to include human contributed intervention and knowledge contribution. This paper presents a conceptual framework of integrating automated detection and diagnostics and human contributed knowledge in a single architecture. This is instantiated by an e-maintenance platform comprising tools for both lower level information fusion as well as for handling higher level knowledge. Well structured maintenance relationships, such as those present in a typical FMECA study, as well as on the job human contributed compact knowledge are exploited to this end. A case study presenting the actual workflow of the process in an industrial setting is employed to pilot test the approach

Seamless Communication for Crises Management

SECRICOM is proposed as a collaborative research project aiming at development of a reference security platform for EU crisis management operations with two essential ambitions: (A) Solve or mitigate problems of contemporary crisis communication infrastructures (Tetra, GSM, Citizen Band, IP) such as poor interoperability of specialized communication means, vulnerability against tapping and misuse, lack of possibilities to recover from failures, inability to use alternative data carrier and high deployment and operational costs. (B) Add new smart functions to existing services which will make the communication more effective and helpful for users. Smart functions will be provided by distributed IT systems based on an agents’ infrastructure. Achieving these two project ambitions will allow creating a pervasive and trusted communication infrastructure fulfilling requirements of crisis management users and ready for immediate application

Anomaly Detection Trusted Hardware Sensors for Critical Infrastructure Legacy Devices

Critical infrastructures and associated real time Informational systems need some security protection mechanisms that will be able to detect and respond to possible attacks. For this reason, Anomaly Detection Systems (ADS), as part of a Security Information and Event Management (SIEM) system, are needed for constantly monitoring and identifying potential threats inside an Information Technology (IT) system. Typically, ADS collect information from various sources within a CI system using security sensors or agents and correlate that information so as to identify anomaly events. Such sensors though in a CI setting (factories, power plants, remote locations) may be placed in open areas and left unattended, thus becoming targets themselves of security attacks. They can be tampering and malicious manipulated so that they provide false data that may lead an ADS or SIEM system to falsely comprehend the CI current security status. In this paper, we describe existing approaches on security monitoring in critical infrastructures and focus on how to collect security sensor–agent information in a secure and trusted way. We then introduce the concept of hardware assisted security sensor information collection that improves the level of trust (by hardware means) and also increases the responsiveness of the sensor. Thus, we propose a Hardware Security Token (HST) that when connected to a CI host, it acts as a secure anchor for security agent information collection. We describe the HST functionality, its association with a host device, its expected role and its log monitoring mechanism. We also provide information on how security can be established between the host device and the HST. Then, we introduce and describe the necessary host components that need to be established in order to guarantee a high security level and correct HST functionality. We also provide a realization–implementation of the HST overall concept in a FPGA SoC evaluation board and describe how the HST implementation can be controlled. In addition, in the paper, two case studies where the HST has been used in practice and its functionality have been validated (one case study on a real critical infrastructure test site and another where a critical industrial infrastructure was emulated in our lab) are described. Finally, results taken from these two case studies are presented, showing actual measurements for the in-field HST usage

Σχεδιασμός κρυπτογραφικών συστημάτων δημοσίου κλειδιού

In this PhD dissertation the cryptographic schemes of RSA and elliptic curve cryptography were studied extensively in order to propose design methodologies for those schemes that are efficient in terms of computation speed and employed hardware resources. In the proposed methodologies special attention is given in the optimization of finite field arithmetic operations employed in public key cryptography. The most widely used such fields are the prime fields or GF(p) and the binary extension fields or GF(2ᵏ). Concerning GF(p) arithmetic an optimized version of Montgomery modulo multiplication algorithm is proposed for performing modular multiplication that employs Carry Save redundant logic and value precomputation. The resulting architecture is used in a modular exponentiation unit (which is the basic arithmetic operation of RSA. The proposed unit achieves much better results in terms of computation speed and utilized hardware resources when compared to other well known similar designs. Concerning arithmetic in GF(2ᵏ) algorithms and architectures are proposed for versatile design and inversion when polynomial basis representation of the GF(2ᵏ) is employed. Also, a multiplication design methodology is proposed along with resulting sequential (SMPO) and parallel hardware architectures when normal basis representation of the GF(2ᵏ) is chosen. Finally, on elliptic curve arithmetic defined over GF(p) or GF(2ᵏ) the proposed architectures for those fields were used in order to propose a competitive elliptic curve point operation arithmetic unit. The major problem of such a unit is the extensive cost in hardware resources and computation delay of finite field inversion operation. Using the architectural structure proposed in the PhD dissertation for inversion/multiplication in GF(2ᵏ) (multiplication/inversion unit) the design cost can be minimized.Στα πλαίσια αυτής της διδακτορικής διατριβής μελετήθηκαν τόσο το κρυπτογραφικό σχήμα του RSA όσο και τα διάφορα σχήματα κρυπτογραφίας ελλειπτικών καμπυλών με στόχο την πρόταση μιας αποδοτικής σε ταχύτητα και απαιτουμένους πόρους υλικού, μεθοδολογία σχεδιασμού τους. Σε αυτή τη μεθοδολογία σχεδιασμού δίνεται μεγάλο βάρος στη βελτιστοποίηση των πράξεων στα πεπερασμένα σώματα που χρησιμοποιούνται στην κρυπτογραφία δημοσίου κλειδιού. Τα πιο ευρέως χρησιμοποιούμενα σε κρυπτογραφία πεπερασμένα σώματα είναι τα GF(p) (πρώτα σώματα) και τα GF(2ᵏ) (πεπερασμένα σώματα δυαδικής επέκτασης). Σε σχέση με την αριθμητική των GF(p) προτείνεται η χρήση του αλγορίθμου του Montgomery για modulo πολλαπλασιασμό, τροποποιημένου έτσι ώστε να χρησιμοποιεί Carry Save πλεονάζουσα λογική καθώς και προεπεξεργασία τιμών. Η προκύπτουσα προτεινόμενη αρχιτεκτονική χρησιμοποιείται σε μονάδα ύψωσης σε δύναμη (που αποτελεί και την βασική αριθμητική πράξη του RSA). Η προτεινομένη μονάδα επιτυγχάνει πολύ καλύτερα αποτελέσματα σε σχέση με άλλες αρχιτεκτονικές τόσο ως προς την ταχύτητα λειτουργίας αλλά και ως προς τους χρησιμοποιούμενους πόρους υλικού. Σε σχέση με την αριθμητική των GF(2ᵏ) προτείνονται αλγόριθμοι και αρχιτεκτονικές για ευέλικτο πολλαπλασιασμό και για αντίστροφή όταν χρησιμοποιείται πολυωνυμική βάση αναπαράστασης, και μια μεθοδολογία πολλαπλασιασμού με αντίστοιχες σειριακές (SMPO) και παράλληλες αρχιτεκτονικές πολλαπλασιασμού όταν χρησιμοποιείται αναπαράσταση κανονικής βάσης. Τέλος, στα πλαίσια της αριθμητικής Ελλειπτικών Καμπυλών η οποία βασίζεται στα πεπερασμένα σώματα GF(p) η GF(2ᵏ) (στην κρυπτογραφία), χρησιμοποιήθηκαν προτεινόμενες αρχιτεκτονικές δομές για τα σώματα αυτά έτσι ώστε να προκύψει μια ανταγωνιστική αριθμητική μονάδα πράξεων για Ελλειπτικές Καμπύλες. Το πρόβλημα που εμφανίζεται σε μια τέτοια μονάδα έχει να κάνει με το μεγάλο κόστος της αντιστροφής σε πεπερασμένα σώματα σε πόρους υλικού αλλά και σε καθυστέρηση υπολογισμών. Χρησιμοποιώντας την αρχιτεκτονική δομή που προτείνεται στην παρούσα διδακτορική διατριβή για αντιστροφή πολλαπλασιασμό σε GF(2ᵏ) (μονάδα πολλαπλασιασμού/αντιστροφής) το προαναφερθέν κόστος ελαχιστοποιείται

Exploiting Hardware Vulnerabilities to Attack Embedded System Devices: a Survey of Potent Microarchitectural Attacks

Cyber-Physical system devices nowadays constitute a mixture of Information Technology (IT) and Operational Technology (OT) systems that are meant to operate harmonically under a security critical framework. As security IT countermeasures are gradually been installed in many embedded system nodes, thus securing them from many well-know cyber attacks there is a lurking danger that is still overlooked. Apart from the software vulnerabilities that typical malicious programs use, there are some very interesting hardware vulnerabilities that can be exploited in order to mount devastating software or hardware attacks (typically undetected by software countermeasures) capable of fully compromising any embedded system device. Real-time microarchitecture attacks such as the cache side-channel attacks are such case but also the newly discovered Rowhammer fault injection attack that can be mounted even remotely to gain full access to a device DRAM (Dynamic Random Access Memory). Under the light of the above dangers that are focused on the device hardware structure, in this paper, an overview of this attack field is provided including attacks, threat directives and countermeasures. The goal of this paper is not to exhaustively overview attacks and countermeasures but rather to survey the various, possible, existing attack directions and highlight the security risks that they can pose to security critical embedded systems as well as indicate their strength on compromising the Quality of Service (QoS) such systems are designed to provide