Vulnerabilidad y análisis diferencial mediante inserción de fallos de cifradores Trivium en FPGA y ASIC.

Las comunicaciones entre dispositivos aumenta día a día y un gran ejemplo de ello es el crecimiento del Internet de las cosas, en inglés Internet of things (IoT). De entre todas las comunicaciones que se producen, parte de ella está compuesta por información sensible susceptible de ser interceptada por terceras partes con fines malintencionados. Con el fin de evitar este gran problema, la comunidad científica se ha centrado en la constante búsqueda y desarrollo de algoritmos criptográficos o criptosistemas, algoritmos orientados tanto a software como a hardware, que permitan asegurar unas comunicaciones donde los canales de transmisión son potencialmente inseguros. A la hora de poder establecer nuevos estándares de seguridad, es necesario estudiar la seguridad ofrecida por los nuevos algoritmos desde el punto de vista de su vulnerabilidad con el objetivo de reducirla. Estas vulnerabilidades de los llamados criptosistemas es posible estudiarlas tomando el rol de una tercera parte que trata de obtener la información secreta del dispositivo y con ello conocer dónde se encuentran sus puntos débiles. Es aquí donde se enmarca la presente Tesis Doctoral. A lo largo de este texto, se realiza un estudio del estado del arte de la criptografía, así como las técnicas más importantes para comprometer la seguridad de los criptosistemas actuales, siendo objeto de estudio el cifrador de flujo Trivium, tanto el diseño original presentado en el portfolio del proyecto eSTREAM, como diferentes variantes de éste. Para poder estudiar la vulnerabilidad de estos criptosistemas y poder recuperar su información secreta, se han diseñado diferentes sistemas de inserción de fallos tanto en tecnología FPGA como en ASIC. Estos sistemas de ataque se han implementado para poder atacar al cifrador mediante la manipulación de su señal de reloj y sus señales de control. Gracias a estos sistemas de ataque experimentales, es posible determinar los puntos débiles de estos criptosistemas y mediante el uso de análisis diferenciales recuperar su información secreta, clave y vector de inicialización. Este estudio, por tanto, presenta la primera rotura de este cifrador de forma experimental, consiguiendo en el 100% de los casos la recuperación de su clave secreta y probando que este criptosistema es vulnerable a los ataques por inserción de fallos

How is a digital circuit designed and implemented? Application of theoretical concepts about digital electronics

El desarrollo del Ciclo de Mejora en el Aula (CIMA) se ha llevado a cabo en la asignatura Electrónica Digital de segundo curso del Grado de Ingeniería Electrónica Industrial impartido en la Escuela Politécnica Superior de la Universidad de Sevilla. En este capítulo se detallan el diseño y resultados del CIMA desarrollado durante ocho horas de sesiones prácticas, donde se ha introducido a los alumnos en el uso de las herramientas de diseño y donde se les ha guiado a través del proceso de diseño y testado de circuitos digitales, aplicando los conceptos teóricos vistos en clase. Para ello, se ha fomentado un ambiente de trabajo participativo por parte de los alumnos, dándoles el protagonismo e incitándoles a ayudarse entre ellos y donde el docente ha tenido un papel de guía en las situaciones necesarias para que los alumnos interiorizaran los contenidos y completaran o modificaran sus ideas previas.The development of the improvement cycle in the class has been carried out in the Digital Electronics course of the second year of the Industrial Electronics Engineering Degree imparted at the Escuela Politécnica Superior of the University of Seville. This chapter details the design and results of the improvement cycle developed during eight hours of practical classes, where students have been introduced to the use of design tools and where they have been led through the process of design and testing of digital circuits, applying the theoretical concepts covered in class. For this, a participative work environment has been created for the students, giving them the leading role and encouraging them to help each other, and where the teacher has played a guidance role in the necessary situations for the students to incorporate the contents covered and complete their previous ideas

Fault Injection on FPGA implementations of Trivium Stream Cipher using Clock Attacks

Ministerio de Economía y Competitividad TEC2010-16870Ministerio de Economía y Competitividad TEC2013-45523-RMinisterio de Economía y Competitividad CSIC 201550E03

Fault Attack on FPGA implementations of Trivium Stream Cipher

This article presents the development of an experimental system to introduce faults in Trivium stream ciphers implemented on FPGA. The developed system has made possible to analyze the vulnerability of these implementations against fault attacks. The developed system consists of a mechanism that injects small pulses in the clock signal, and elements that analyze if a fault has been introduced, the number of faults introduced and its position in the inner state. The results obtained demonstrate the vulnerability of these implementations against fault attacks. As far as we know, this is the first time that experimental results of fault attack over Trivium are presented.Ministerio de Economía y Competitividad TEC2010-16870Ministerio de Economía y Competitividad TEC2013-45523- RMinisterio de Economía y Competitividad CSIC 201550E039

Design and evaluation of countermeasures against fault injection attacks and power side-channel leakage exploration for AES block cipher

Differential Fault Analysis (DFA) and Power Analysis (PA) attacks, have become the main methods for exploiting the vulnerabilities of physical implementations of block ciphers, currently used in a multitude of applications, such as the Advanced Encryption Standard (AES). In order to minimize these types of vulnerabilities, several mechanisms have been proposed to detect fault attacks. However, these mechanisms can have a signi cant cost, not fully covering the implementations against fault attacks or not taking into account the leakage of the information exploitable by the power analysis attacks. In this paper, four different approaches are proposed with the aim of protecting the AES block cipher against DFA. The proposed solutions are based on Hamming code and parity bits as signature generators for the internal state of the AES cipher. These allow to detect DFA exploitable faults, from bit to byte level. The proposed solutions have been applied to a T-box based AES block cipher implemented on Field Programmable Gate Array (FPGA). Experimental results suggest a fault coverage of 98.5% and 99.99% with an area penalty of 9% and 36% respectively, for the parity bit signature generators and a fault coverage of 100% with an area penalty of 18% and 42% respectively when Hamming code signature generator is used. In addition, none of the proposed countermeasures impose a frequency degradation, in respect to the unprotected cipher. The proposed work goes further in the evaluation of the proposed DFA countermeasures by evaluating the impact of these structures in terms of power side-channel. The obtained results suggest that no extra information leakage is produced that can be exploited by PA. Overall, the proposed DFA countermeasures provide a high fault coverage protection with a low cost in terms of area and power consumption and no PA security degradation

Automated experimental setup for EM cartography to enhance EM attacks

Side-channel attacks are a real threat, exploiting and revealing the secret data stored in our electronic devices just analyzing the leaked information of the cryptographic modules during their normal encryption/decryption operations. In this sense, electromagnetic attacks have been posed as one of the most powerful attacks, retrieving the secret information by analyzing the existing relation between the leaked electromagnetic radiation and the data being processed. These attacks are known as ElectroMagnetic (EM) attacks and a extremely critic point for their success is the EM probe positioning. In this paper, an automated experimental setup for EM cartography is described to enhance EM attacks and to help hardware designers to detect the possible information leakage flaws, as well as to determine the security level reached by the hardware implementations against EM attacks

Floorplanning as a practical countermeasure against clock fault attack in Trivium stream cipher

The fault injection in ciphers operation is a very successful mechanism to attack them. The inclusion of elements of protection against this kind of attacks is more and more necessary. These mechanisms are usually based on introducing redundancy, which leads to a greater consumption of resources or a longer processing time. This article presents how the introduction of placement restrictions on ciphers can make it difficult to inject faults by altering the clock signal. It is therefore a countermeasure that neither increases the consumption of resources nor the processing time. This mechanism has been tested on FPGA implementations of the Trivium cipher. Several tests have been performed on a Spartan 3E device from Xilinx and the experimental measurements have been carried out with ChipScope Pro. The tests showed that an adequate floorplanning is a good countermeasure against these kind of attacks.Ministerio de Economía y Competitividad TEC2013-45523-RMinisterio de Economía y Competitividad TEC2016-80549-RMinisterio de Economía y Competitividad CSIC 201550E03

FPGA design example for maximum operating frequency measurements

The best way to learn how to design digital systems at the RT level is to use practical examples. In addition, from a teaching point of view, the more practical they are, the more attractive to students. But for a design to be attractive, even if it is presented with a low complexity, it is not possible to do it in a single practice session. This paper presents, as a demonstrator, the design at RT level and its implementation in FPGA of a digital system that uses the Trivium flow cipher and on which measurements of maximum operating frequency are made. This circuit is designed in three laboratory sessions of about two hours each.Ministerio de Economía y Competitividad TEC2013-45523-RMinisterio de Economía y Competitividad TEC2016-80549-RConsejo Superio de Investigaciones Científicas (CSIC) LACRE CSIC 201550E03

Distance measurement as a practical example of FPGA design

Digital design learning at the RT level requires practical examples and as learning progresses, the examples need to become more complex. FPGAs and development boards offer a very suitable platform for the implementation of these designs. However, classroom practice sessions usually last two hours, which does not allow the complexity of the designs be high enough. For this reason, interesting designs that can be made in several sessions are required In this paper, the construction of a distance measuring system is presented as a demonstrator. For this purpose, a distance measurement module based on ultrasound is available and the results are displayed in 7-segment displays on a Nexys4 board.Ministerio de Economía y Competitividad TEC2013-45523-RMinisterio de Economía y Competitividad TEC2016-80549-RConsejo Superio de Investigaciones Científicas (CSIC) LACRE CSIC 201550E03

Diseño de circuitos integrados y seguridad de circuitos criptográficos frente a ataques

Muchos sistemas electrónicos incorporan dispositivos criptográficos que implementan algoritmos que cifran la información almacenada. Pero aun cuando los algoritmos sean muy seguros, estos dispositivos pueden llegar a revelar cierta información debido a su implementación física, mediante el empleo de los llamados ataques laterales. Estos ataques hacen uso de información obtenida durante del funcionamiento del circuito para obtener información sobre la clave utilizada. Por lo tanto, hay que cuidar la implementación física de los dispositivos criptográficos, para minimizar la posibilidad de pérdida de información mediante estos ataques. En nuestras líneas de investigación estamos trabajando en analizar la vulnerabilidad de implementaciones de circuitos criptográficos, fundamentalmente cifradores de clave privada, frente a ataques laterales pasivos y activos. Estos ataques obtienen información de la clave almacenada mediante la medida de magnitudes físicas como el consumo de potencia o la radiación electromagnética durante el funcionamiento del circuito o alterando las condiciones de funcionamiento para introducirles fallos y comparar las salidas sin y con fallos. En esta comunicación presentamos un breve resumen del estado del arte en los ataques laterales sobre implementaciones hardware de cifradores, algunos de los temas en los que estamos trabajando y algunos resultados obtenidos por nuestro grupo de investigación.Many electronic systems include devices that implement cryptographic algorithms that encrypt stored information. But even if the algorithms are very safe, these devices can reveal some information because of its physical implementation, through the use of so-called side channel attacks. These attacks make use of information obtained during the operation of the circuit to obtain information of the used key. Therefore, we must take care of the physical implementation of cryptographic devices to minimize the possibility of loss of information through these types of attacks. In our research we are working on analyzing the vulnerability of implementations of cryptographic circuits, mainly private key ciphers, against side channel attacks, passive and active. These attacks obtain key information stored by measuring physical quantities such as power consumption or electromagnetic radiation during operation of the circuit, or altering the operating conditions to introduce faults and compare the output with and without faults. In this paper we present a brief summary of the state of art of side channel attacks on ciphers hardware implementations, some of the topics we are working and some results obtained by our research group.Junta de Andalucía CRIPTO-BIO (Diseño Microelectrónico para Autenticación Cripto-Biométrica)Ministerio de Ciencia y Tecnología (España) P08-TIC3674, CITIES (Circuitos Integrados para transmisión de información especialmente segura)Ministerio de Economía y Competitividad (España) TEC2010-16870 y CESAR (Circuitos microelectrónicos seguros frente a ataques laterales) y TEC2013-45523-