Crypto-test-lab for security validation of ECC co-processor test infrastructure

© 20xx IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting /republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other worksElliptic Curve Cryptography (ECC) is a technology for public-key cryptography that is becoming increasingly popular because it provides greater speed and implementation compactness than other public-key technologies. Calculations, however, may not be executed by software, since it would be so time consuming, thus an ECC co-processor is commonly included to accelerate the speed. Test infrastructure in crypto co-processors is often avoided because it poses serious security holes against adversaries. However, ECC co-processors include complex modules for which only functional test methodologies are unsuitable, because they would take an unacceptably long time during the production test. Therefore, some internal test infrastructure is always included to permit the application of structural test techniques. Designing a secure test infrastructure is quite a complex task that relies on the designer's experience and on trial & error iterations over a series of different types of attacks. Most of the severe attacks cannot be simulated because of the demanding computational effort and the lack of proper attack models. Therefore, prototypes are prepared using FPGAs. In this paper, a Crypto-Test-Lab is presented that includes an ECC co-processor with flexible test infrastructure. Its purpose is to facilitate the design and validation of secure strategies for testing in this type of co-processor.Postprint (author's final draft

Caracterització elèctrica de circuits CMOS digitals amb defectes tipus pont: implicacions al test per corrent quiescent

La tesis contribuye a los esfuerzos dirigidos a la consecución de modelaciones precisas de los fallos de tipo puente. La tecnología de los circuitos digitales considerados es la CMOS estática. En la tesis se utiliza un modelo eléctrico realista para los puentes consistentes en una conexión resistiva entre los nodos cortocircuitados. La elección del modelo se basa en un conjunto de medidas experimentales realizadas sobre circuitos monitores de defectos fabricados en un proceso industrial europeo. El análisis de la resistencia de los puentes medidos justifica la utilización del modelo resistivo. Este modelo eléctrico es aplicado dentro de una metodología de test basada en la vigilancia de la corriente quiescente (IDDQ) consumida por el circuito defectuoso. El nivel de detección del test por corriente es evaluado teórica y experimentalmente para circuitos digitales básicos CMOS estáticos afectados de puentes modelados según el modelo resistivo y es comparado con el nivel de detección del test clásico. Se presenta una predicción del rango de corriente quiecente consumida por los módulos digitales defectuosos de tecnología CMOS considerados. La conclusión a la que se llega es que la vigilancia del consumo de corriente es una metodología potente en la detección de los puentes considerados

The low area probing detector as a countermeasure against invasive attacks

© 20xx IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting /republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other worksMicroprobing allows intercepting data from on-chip wires as well as injecting faults into data or control lines. This makes it a commonly used attack technique against security-related semiconductors, such as smart card controllers. We present the low area probing detector (LAPD) as an efficient approach to detect microprobing. It compares delay differences between symmetric lines such as bus lines to detect timing asymmetries introduced by the capacitive load of a probe. Compared with state-of-the-art microprobing countermeasures from industry, such as shields or bus encryption, the area overhead is minimal and no delays are introduced; in contrast to probing detection schemes from academia, such as the probe attempt detector, no analog circuitry is needed. We show the Monte Carlo simulation results of mismatch variations as well as process, voltage, and temperature corners on a 65-nm technology and present a simple reliability optimization. Eventually, we show that the detection of state-of-the-art commercial microprobes is possible even under extreme conditions and the margin with respect to false positives is sufficient.Peer ReviewedPostprint (author's final draft

RRAM Based Random Bit Generation for Hardware Security Applications

© 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.Resistive random access memories (RRAMs) have arisen as a competitive candidate for non-volatile memories due to their scalability, simple structure, fast switching speed and compatibility with conventional back-end processes. The stochastic switching mechanism and intrinsic variability of RRAMs still poses challenges that must be overcome prior to their massive memory commercialization. However, these very same features open a wide range of potential applications for these devices in hardware security. In this context, this work proposes the generation of a random bit by means of simultaneous write operation of two parallel cells so that only one of them unpredictably switches its state. Electrical simulations confirm the strong stochastic behavior and stability of the proposed primitive. Exploiting this fact, a Physical Unclonable Function (PUF) like primitive is implemented based on modified 1 transistor - 1 resistor (1T1R) array structure.Peer ReviewedPostprint (published version

Random masking interleaved scrambling technique as a countermeasure for DPA/DEMA attacks in cache memories

Memory remanence in SRAMs and DRAMs is usually exploited through cold-boot attacks and the targets are the main memory and the L2 cache memory. Hence, a sudden power shutdown may give an attacker the opportunity to download the contents of the memory and extract critical data. Side-channel attacks such as differential power or differential electromagnetic analysis have proven to be very effective against memory security. Furthermore, blending cold-boot attacks with DPA or DEMA can overpower even a high-level of security in cache or main memories. In this scope, data scrambling techniques have been explored and employed to improve the security, with a minor penalty in performance. Enforcing security techniques and methods in cache memories is risky because any substantial reduction in the cache memory speed might be devastating to the CPU, which is why the performance penalty must be minimal. In this paper, we introduce an improved scrambling technique which uses random masking of the scrambling vector and it is designed to protect cache memories against cold-boot and differential power or electromagnetic attacks. The technique is analyzed in terms of area, power and speed, while the level of security is evaluated through adversary models and simulated attacks

A combinatorial method for the evaluation of yield of fault-tolerant systems-on-chip

In this paper we develop a combinatorial method for the evaluation of yield of fault-tolerant systems-on-chip. The method assumes that defects are produced according to a model in which defects are lethal and affect given components of the system following a distribution common to all defects. The distribution of the number of defects is arbitrary. The method is based on the formulation of the yield as 1 minus the probability that a given boolean function with multiple-valued variables has value 1. That probability is computed by analyzing a ROMDD (reduced ordered multiple-valuedecision diagram) representation of the function. For efficiency reasons, we first build a coded ROBDD (reduced ordered binary decision diagram) representation of the function and then transform that coded ROBDD into the ROMDD required by the method. We present numerical experiments showing that the method is able to cope with quite large systems in moderate CPU times.Postprint (published version

8T SRAM Cell with Open Defects under Voltage and Timing Variations

Postprint (published version

Impact of laser attacks on the switching behavior of RRAM devices

The ubiquitous use of critical and private data in electronic format requires reliable and secure embedded systems for IoT devices. In this context, RRAMs (Resistive Random Access Memories) arises as a promising alternative to replace current memory technologies. However, their suitability for this kind of application, where the integrity of the data is crucial, is still under study. Among the different typology of attacks to recover information of secret data, laser attack is one of the most common due to its simplicity. Some preliminary works have already addressed the influence of laser tests on RRAM devices. Nevertheless, the results are not conclusive since different responses have been reported depending on the circuit under testing and the features of the test. In this paper, we have conducted laser tests on individual RRAM devices. For the set of experiments conducted, the devices did not show faulty behaviors. These results contribute to the characterization of RRAMs and, together with the rest of related works, are expected to pave the way for the development of suitable countermeasures against external attacks.Postprint (published version

Impact of gate tunnelling leakage on CMOS circuits with full open defects

Electronics Letter of the MonthInterconnecting lines with full open defects become floating lines. In nanometric CMOS technologies, gate tunnelling leakage currents impact the behaviour of these lines, which cannot be considered electrically isolated anymore. The voltage of the floating node is determined by its neighbours and leakage currents. After some time an equilibrium is reached between these effects. Theoretical analysis and experimental evidence of this behaviour are presented.Peer ReviewedAward-winningPostprint (published version

Unpredictable bits generation based on RRAM parallel configuration

In this letter a cell with the parallel combination of two TiN/Ti/HfO2/W resistive random access memory (RRAM) devices is studied for the generation of unpredictable bits. Measurements confirm that a simultaneous parallel SET operation in which one of the two RRAMs switches to the low resistance state (LRS) is an unpredictable process showing random properties for different sets of cells. Furthermore, given a device pair, the same device switches during subsequent write operations. The proposed cell is also analyzed under different current compliances and pulse widths with the same persistent behavior being observed. The features of the proposed cell, which provide data obfuscation without compromising reliability, pave the way for its application in Physical Unclonable Functions (PUFs) for hardware security purposes.Peer ReviewedPostprint (author's final draft