Presentation is loading. Please wait.

Presentation is loading. Please wait.

On the Synthesis of Side-Channel resistant Cryptographic Modules Sorin Alexander Huss Integrated Circuits and Systems Lab Computer Science Department Technische.

Published byWendy Johnson Modified over 8 years ago

Similar presentations

Presentation on theme: "On the Synthesis of Side-Channel resistant Cryptographic Modules Sorin Alexander Huss Integrated Circuits and Systems Lab Computer Science Department Technische."— Presentation transcript:

1 On the Synthesis of Side-Channel resistant Cryptographic Modules Sorin Alexander Huss Integrated Circuits and Systems Lab Computer Science Department Technische Universität Darmstadt, Germany and CASED IT Security Research Center, Darmstadt huss@iss.tu-darmstadt.dehuss@iss.tu-darmstadt.de sorin.huss@cased.desorin.huss@cased.de A. Israr K. Rohde O. Stein M. Stöttinger M. Zohner This work was supported in part by the German Federal Ministry of Education and Research (BMBF) in the joint project RESIST under grant number 01IS10027A.

2 2 Outline 1.Introduction 2.System Overview 3.Detection of SCA Vulnerabilities 4.Re-Synthesis of Hardware Modules 5.Application Example 6.Conclusions Sorin A. Huss - Technische Universität Darmstadt

3 3 Where are we now?  Embedded devices find application in an increasing part of everyday life. Thus, security becomes more and more an issue.  Various protocols and cryptographic schemes have meanwhile been developed aimed to secure these devices against misuse and to create a secure communication environment. Most of these methods and approaches are realised in software. Software implementations, however, are in general easier to attack than dedicated hardware devices, i.e., microelectronic circuits.  Unsurprisingly, various active or passive attack approaches as well as dedicated countermeasures aimed to protect hardware security devices have been developed too. Sorin A. Huss - Technische Universität Darmstadt

4 4 Power Analysis Attack Sorin A. Huss - Technische Universität Darmstadt

5 5 Well-known Countermeasures Sorin A. Huss - Technische Universität Darmstadt

6 6 Current Current Side-Channel Analysis aware Hardware Design Flow Sorin A. Huss - Technische Universität Darmstadt

7 7 Motivation Sorin A. Huss - Technische Universität Darmstadt Methodology is the right way to significantly rise both productivity and reliability in the digital design domain  Modeling and simulation concepts form the foundation of a consistent design methodology  Logic synthesis is since many years the successful standard approach to digital circuit design automation  High-level synthesis additionaly boosts the productivity of logic synthesis So, why not trying to conceive kind of SCA-related high-level synthesis?

8 8 Novel Novel SCA-related High-Level (Re-)Synthesis Approach Sorin A. Huss - Technische Universität Darmstadt Initial Algorithmic/Structural Description (VHDL Model) (Re)-Synthesis of VHDL Model of VHDL Model SCA Assessment Assessment Embedding of Countermeasures Countermeasures Data Base Final Hardened Structural Description (VHDL Model) Description (VHDL Model) EvaluationResultSummary

9 9 Generic Architecture of the AMASIVE Framework Sorin A. Huss - Technische Universität Darmstadt AMASIVE: Adaptable Modular Autonomous SIde-Channel Vulnerability Evaluator

10 10 Graph Models Sorin A. Huss - Technische Universität Darmstadt Vertex typeElementParameter RegisterStorage elementID, Bit width OperationLUT, C code segm.ID, In, Out, Properties PermutationLUTID, Bit size EntropySecret informationID, Bit size, Entropy value Vertex typeElementParameter RegisterFlip FlopID, Bit width, In signals FunctionSubstitution circuitID, In, Out, Properties PermutationPermutation circuitID SwitchMultiplexorID, In signal Analysis Graph G(V, E) Architecture Graph Ĝ(V, E) Ĝ may, to a large extent, be viewed as a subgraph of G

11 11 SC Analysis Sorin A. Huss - Technische Universität Darmstadt Detection of Vulnerabilities

12 12 Security Analysis Outline Sorin A. Huss - Technische Universität Darmstadt

13 13 Attacker Model Sorin A. Huss - Technische Universität Darmstadt

14 14 Main Characteristics of SC Analysis Component Sorin A. Huss - Technische Universität Darmstadt Variable strength level of attacker achievable by adding/removing known nodes and actions or by changing complexity boundaries Attacker model is indepentent of the constructed graph Security analysis as a game with the goal of the attacker to yield a set of security sensitive nodes Identification of suitable hypothesis functions currently available for both HW and HD models within CPA of symmetric ciphers Easily extendable in terms of both distinguishers and SCA attacks M. Zohner, M. Stöttinger, S. Huss, O. Stein: An Adaptable, Modular, and Autonomous Side-Channel Vulnerability Evaluator. IEEE HOST Conf., 2012

15 15 Circuit Hardening Sorin A. Huss - Technische Universität Darmstadt Instantiation of Countermeasures

16 16 Built-in generic Countermeasures Sorin A. Huss - Technische Universität Darmstadt  Random Register Switching  Component Masking  Boolean Masking of Data Path

17 17 Generation of hardened Circuits Sorin A. Huss - Technische Universität Darmstadt

18 18 Insertion of Nodes: in between Sorin A. Huss - Technische Universität Darmstadt

19 19 Insertion of Nodes: next to Sorin A. Huss - Technische Universität Darmstadt

20 20 Resulting hardened Circuits Sorin A. Huss - Technische Universität Darmstadt

21 21 Example: PRESENT Blockcipher Sorin A. Huss - Technische Universität Darmstadt

22 22 Resource Consumption and Performance of Cipher Variants Sorin A. Huss - Technische Universität Darmstadt Implementation platform: SASEBO II FPGA board

23 23 Result of CPA on unprotected and on hardened Cipher Variants Sorin A. Huss - Technische Universität Darmstadt

24 24 Conclusions (I) Sorin A. Huss - Technische Universität Darmstadt  Parsing of initial VHDL design description of cryptographic modules and automatic extraction of their data and control flows  Construction of an intermediate graph as the foundation of subsequent analysis and synthesis steps  Power SCA featuring configurable attacker models, various distinguishers, and hypothesis function generation Main characteristics of the proposed design flow:

25 25 Conclusions (II) Sorin A. Huss - Technische Universität Darmstadt  User-controlled insertion of first-order counter- measures, related VHDL code generation, and logic synthesis  Applicable to various implementation platforms, i.e., FPGA, ASIC, and Full-Custom IC  Acceptable trade-off between the number of additional components and the achieved security improvements  Considerable quality of the achieved resistance against power analysis … A big step towards high-level synthesis of side-channel resistant cryptographic modules

26 26 Summary of SCA Attack Results KeyLength = 80 bit Sorin A. Huss - Technische Universität Darmstadt

Download ppt "On the Synthesis of Side-Channel resistant Cryptographic Modules Sorin Alexander Huss Integrated Circuits and Systems Lab Computer Science Department Technische."

Similar presentations

ECOE 560 Design Methodologies and Tools for Software/Hardware Systems Spring 2004 Serdar Taşıran.

ECOE 560 Design Methodologies and Tools for Software/Hardware Systems Spring 2004 Serdar Taşıran.
1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.

1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.
Towards Self-Testing in Autonomic Computing Systems Tariq M. King, Djuradj Babich, Jonatan Alava, and Peter J. Clarke Software Testing Research Group Florida.

Towards Self-Testing in Autonomic Computing Systems Tariq M. King, Djuradj Babich, Jonatan Alava, and Peter J. Clarke Software Testing Research Group Florida.
EELE 367 – Logic Design Module 2 – Modern Digital Design Flow Agenda 1.History of Digital Design Approach 2.HDLs 3.Design Abstraction 4.Modern Design Steps.

EELE 367 – Logic Design Module 2 – Modern Digital Design Flow Agenda 1.History of Digital Design Approach 2.HDLs 3.Design Abstraction 4.Modern Design Steps.
Extensible Processors. 2 ASIP Gain performance by:  Specialized hardware for the whole application (ASIC). −  Almost no flexibility. −High cost.  Use.

Extensible Processors. 2 ASIP Gain performance by:  Specialized hardware for the whole application (ASIC). −  Almost no flexibility. −High cost.  Use.
Dr. Turki F. Al-Somani VHDL synthesis and simulation – Part 2 Microcomputer Systems Design (Embedded Systems)

Dr. Turki F. Al-Somani VHDL synthesis and simulation – Part 2 Microcomputer Systems Design (Embedded Systems)
4/10/20081 Lab 9 RT methodology introduction Register operations Data Path Control Path ASM Example TA: Jorge Crichigno.

4/10/20081 Lab 9 RT methodology introduction Register operations Data Path Control Path ASM Example TA: Jorge Crichigno.
Sept. 2005 EE24C Digital Electronics Project Design of a Digital Alarm Clock.

Sept EE24C Digital Electronics Project Design of a Digital Alarm Clock.
1  Staunstrup and Wolf Ed. “Hardware Software codesign: principles and practice”, Kluwer Publication, 1997  Gajski, Vahid, Narayan and Gong, “Specification,

1  Staunstrup and Wolf Ed. “Hardware Software codesign: principles and practice”, Kluwer Publication, 1997  Gajski, Vahid, Narayan and Gong, “Specification,
Web-based design Flávio Rech Wagner UFRGS, Porto Alegre, Brazil SBCCI, Manaus, 24/09/00 Informática UFRGS.

Web-based design Flávio Rech Wagner UFRGS, Porto Alegre, Brazil SBCCI, Manaus, 24/09/00 Informática UFRGS.
Using Mathematica for modeling, simulation and property checking of hardware systems Ghiath AL SAMMANE VDS group : Verification & Modeling of Digital systems.

Using Mathematica for modeling, simulation and property checking of hardware systems Ghiath AL SAMMANE VDS group : Verification & Modeling of Digital systems.
7.4.05-1 Integrated Circuits and Systems Laboratory Darmstadt University of Technology Design Space Exploration of incompletely specified Embedded Systems.

Integrated Circuits and Systems Laboratory Darmstadt University of Technology Design Space Exploration of incompletely specified Embedded Systems.
1 5. Application Examples 5.1. Programmable compensation for analog circuits (Optimal tuning) 5.2. Programmable delays in high-speed digital circuits (Clock.

1 5. Application Examples 5.1. Programmable compensation for analog circuits (Optimal tuning) 5.2. Programmable delays in high-speed digital circuits (Clock.
VHDL IE- CSE. What do you understand by VHDL??  VHDL stands for VHSIC (Very High Speed Integrated Circuits) Hardware Description Language.

VHDL IE- CSE. What do you understand by VHDL??  VHDL stands for VHSIC (Very High Speed Integrated Circuits) Hardware Description Language.
Page 1 Reconfigurable Communications Processor Principal Investigator: Chris Papachristou Task Number: NAG3-2578 Electrical Engineering & Computer Science.

Page 1 Reconfigurable Communications Processor Principal Investigator: Chris Papachristou Task Number: NAG Electrical Engineering & Computer Science.
1 Fly – A Modifiable Hardware Compiler C. H. Ho 1, P.H.W. Leong 1, K.H. Tsoi 1, R. Ludewig 2, P. Zipf 2, A.G. Oritz 2 and M. Glesner 2 1 Department of.

1 Fly – A Modifiable Hardware Compiler C. H. Ho 1, P.H.W. Leong 1, K.H. Tsoi 1, R. Ludewig 2, P. Zipf 2, A.G. Oritz 2 and M. Glesner 2 1 Department of.
Fast Points-to Analysis for Languages with Structured Types Michael Jung and Sorin A. Huss Integrated Circuits and Systems Lab. Department of Computer.

Fast Points-to Analysis for Languages with Structured Types Michael Jung and Sorin A. Huss Integrated Circuits and Systems Lab. Department of Computer.
MAPLD 2005/254C. Papachristou 1 Reconfigurable and Evolvable Hardware Fabric Chris Papachristou, Frank Wolff Robert Ewing Electrical Engineering & Computer.

MAPLD 2005/254C. Papachristou 1 Reconfigurable and Evolvable Hardware Fabric Chris Papachristou, Frank Wolff Robert Ewing Electrical Engineering & Computer.
An Architecture and Prototype Implementation for TCP/IP Hardware Support Mirko Benz Dresden University of Technology, Germany TERENA 2001.

An Architecture and Prototype Implementation for TCP/IP Hardware Support Mirko Benz Dresden University of Technology, Germany TERENA 2001.
Electrical and Computer Engineering University of Cyprus 05-09-2007 LAB 1: VHDL.

Electrical and Computer Engineering University of Cyprus LAB 1: VHDL.

Similar presentations

Ads by Google