HLS-Based Methodology for Fast Iterative Development Applied to Elliptic Curve Arithmetic

International audienceHigh-Level Synthesis (HLS) is used by hardware developers to achieve higher abstraction in circuit descriptions. In order to shorten the hardware development time via HLS, we present an adjustment of the Iterative and Incremental Design (IID) methodology, frequently used in software development. In particular, our methodology is relevant for the development of applications with unusual complexity: the method was applied here to the development of large modular arithmetic, commonly used for cryptography applications (e.g., Elliptic Curves). Rapid feedback on circuit characteristics is used to evaluate deep architectural changes in short time, greatly reducing the time-to-market with respect to hand-made designs. In addition, our approach is highly flexible, since the same generic high-level description can be used to produce an entire set of circuits, each with different area/performance trade-offs. Thanks to the proposed approach, any change to the initial specification (e.g., the curve used) is also very fast, while it may require a large effort in the case of hand-made designs

Countermeasures against EM Analysis

International audienceCountermeasures against EM Analysi

ElectroMagnetic Analysis and Fault Injection onto Secure Circuits

International audienceImplementation attacks are a major threat to hardware cryptographic implementations. These attacks exploit the correlation existing between the computed data and variables such as computation time, consumed power, and electromagnetic (EM) emissions. Recently, the EM channel has been proven as an effective passive and active attack technique against secure implementations. In this paper, we review the recent results obtained on this subject, with a particular focus on EM as a fault injection tool

Hardware Design of Error Detection Schemes for Symmetric Ciphers

National audienceSecure hardware implementations are often used to accelerate cryptographic implementations; however, designers are well aware that cost and performance are not their only goal. Attacks exploiting side channel leakage or faulty behaviour are a serious threat that do not always require expensive equipment to be carried out, and can affect both symmetric and public-key cryptosystems. Hardware implementations must hence adopt solutions in order to make these attacks harder. In this talk we will present a few schemes aiming at detecting faulty computations in symmetric ciphers, with a particular focus on the Advanced Encryption Standard. Two countermeasures will be primarily addressed: temporal redundancy based on a double-data rate computation scheme, and a parity-based error detection code automatically generated from the RTL structure of the design. Several experimental results will be provided in order to show the validity of the proposed approaches

Pruning Single Event Upset Faults with Petri Nets

OSBN :978-1-4244-4207-2International audienceDependability of embedded systems is becoming a serious concern even for mass-market systems. Usually, designs are verified by means of fault injection campaigns, but the length of a thorough test often collides with the severe requirements about design cycle times. The number of fault injection experiments is thus usually reduced by performing random fault injections, or by focusing on selected fault models, or on components that depend on specific architectures and workloads. This forces to begin the validation campaign only when the system is fully designed, since specific details about the implementation or the workload are required. In this work, we propose to perform early fault pruning analysis on a formal model of the system, in order to identify the most critical components and computation cycles as soon as possible

Countermeasures against Implementation Attacks on Private- and Public-Key Cryptosystems

International audienceImplementing a secure system is much more complex than providing a theoretically secure algorithm. Careless implementations can be easily vulnerable to a large spectrum of passive and/or active attacks. In this talk, we will present the most important attacks and a (non-exhaustive) list of possible countermeasures that will make the attacker's job a bit harder. Both symmetric and asymmetric cryptography will be presented, with application examples to the Advanced Encryption Standard and Elliptic Curve Cryptosystems

Countermeasures against fault attacks: The good, the bad, and the ugly

ISBN: 978-1-4577-1053-7International audienceHardware implementations of cryptographic systems are becoming common, due to new market needs and to reduced costs. However, the security of a system may be seriously compromised by implementation attacks, such as side channel analysis or fault analysis. Thus, a large number of solutions have been proposed to counteract these threats. In this paper, we present most common architectural countermeasures against natural or malicious fault injections, highlighting their strengths, weaknesses, and giving a few nontrivial considerations

Secure Test Architectures in IoT

International audienc

Double-Data-Rate computation as a countermeasure against fault analysis

International audienceDifferential Fault Analysis (DFA) is one of the most powerful techniques to attack cryptosystems. Several countermeasures have been proposed, which are based either on information or temporal redundancy. In this work, we propose a novel approach based on a Double-Data-Rate (DDR) computation template. A few sample architectures have been implemented: they are compared to other existing architectures and countermeasures, and a thorough dependability analysis is given