With the increasing popularity of virtual currencies, it has become more important to have highly secure devices in which to store private-key information. Furthermore, ARM has made available an extension of processors architectures, designated TrustZone, which allows for the separation of trusted and non-trusted environments, while ensuring the integrity of the OS code. In this paper, we propose the exploitation of this technology to implement a flexible and reliable bitcoin wallet that is more resilient to dictionary and side-channel attacks. Making use of the TrustZone comes with the downside that writing and reading operations become slower, due to the encrypted storage, but we show that cryptographic operations can in fact be executed more efficiently as a result of platform-specific optimizations.
{"title":"TrustZone-backed bitcoin wallet","authors":"Miraje Gentilal, P. Martins, L. Sousa","doi":"10.1145/3031836.3031841","DOIUrl":"https://doi.org/10.1145/3031836.3031841","url":null,"abstract":"With the increasing popularity of virtual currencies, it has become more important to have highly secure devices in which to store private-key information. Furthermore, ARM has made available an extension of processors architectures, designated TrustZone, which allows for the separation of trusted and non-trusted environments, while ensuring the integrity of the OS code. In this paper, we propose the exploitation of this technology to implement a flexible and reliable bitcoin wallet that is more resilient to dictionary and side-channel attacks. Making use of the TrustZone comes with the downside that writing and reading operations become slower, due to the encrypted storage, but we show that cryptographic operations can in fact be executed more efficiently as a result of platform-specific optimizations.","PeriodicalId":126518,"journal":{"name":"Proceedings of the Fourth Workshop on Cryptography and Security in Computing Systems","volume":"67 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-01-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126045210","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Speed-optimized side-channel protected software implementations of block ciphers are important for the security of embedded IoT devices based on general-purpose microcontrollers. The recent work of Schwabe et al. published at SAC 2016 introduced a bit-sliced implementation of AES and a first-order Boolean-masked version of it, targeting ARM Cortex-M CPU cores. The authors claim to be secure against timing as well as first-order power and electromagnetic side-channel attacks. However, the author's security claims are not taking the actual leakage characteristics of the underlying CPU architecture into account, hence making the scheme potentially vulnerable to first-order attacks in practice. In this work we show indeed that such a masking scheme can be attacked very easily by first-order electromagnetic side-channel attacks. In order to fix the issue and provide practical first-order security, we provide a strategy to schedule program instructions in way that the specific leakage of the CPU does not impair the side-channel countermeasure.
{"title":"Side-channel leakage aware instruction scheduling","authors":"Hermann Seuschek, F. D. Santis, O. Guillen","doi":"10.1145/3031836.3031838","DOIUrl":"https://doi.org/10.1145/3031836.3031838","url":null,"abstract":"Speed-optimized side-channel protected software implementations of block ciphers are important for the security of embedded IoT devices based on general-purpose microcontrollers. The recent work of Schwabe et al. published at SAC 2016 introduced a bit-sliced implementation of AES and a first-order Boolean-masked version of it, targeting ARM Cortex-M CPU cores. The authors claim to be secure against timing as well as first-order power and electromagnetic side-channel attacks. However, the author's security claims are not taking the actual leakage characteristics of the underlying CPU architecture into account, hence making the scheme potentially vulnerable to first-order attacks in practice. In this work we show indeed that such a masking scheme can be attacked very easily by first-order electromagnetic side-channel attacks. In order to fix the issue and provide practical first-order security, we provide a strategy to schedule program instructions in way that the specific leakage of the CPU does not impair the side-channel countermeasure.","PeriodicalId":126518,"journal":{"name":"Proceedings of the Fourth Workshop on Cryptography and Security in Computing Systems","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-01-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122864746","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Physical unclonable functions (PUFs) are promising hardware security primitives suitable for resource-constrained devices requiring lightweight cryptographic methods. However, PUF responses frequently suffer from instability due to varying environmental conditions such as voltage and temperature. In this paper, we introduce circuit-level techniques to enhance the reliability of delay-based PUFs against temperature variation. We propose a voltage controlled current starved (VCCS) delay element that can effectively reduce temperature sensitivity and thus improve the reliability of PUF responses. Built on the VCCS delay element, two test-case arbiter-based PUF architectures are implemented in a standard 65nm CMOS technology and validated through post-layout Monte-Carlo simulation. Evaluation results show that two proposed PUF designs satisfy requirements on randomness, uniqueness, and reliability over a wide temperature range. Moreover, the proposed approach imposes only a marginal overhead leading to one of the most energy-efficient PUFs in the state-of-the-art.
{"title":"Reliable low-overhead arbiter-based physical unclonable functions for resource-constrained IoT devices","authors":"S. Tao, E. Dubrova","doi":"10.1145/3031836.3031837","DOIUrl":"https://doi.org/10.1145/3031836.3031837","url":null,"abstract":"Physical unclonable functions (PUFs) are promising hardware security primitives suitable for resource-constrained devices requiring lightweight cryptographic methods. However, PUF responses frequently suffer from instability due to varying environmental conditions such as voltage and temperature. In this paper, we introduce circuit-level techniques to enhance the reliability of delay-based PUFs against temperature variation. We propose a voltage controlled current starved (VCCS) delay element that can effectively reduce temperature sensitivity and thus improve the reliability of PUF responses. Built on the VCCS delay element, two test-case arbiter-based PUF architectures are implemented in a standard 65nm CMOS technology and validated through post-layout Monte-Carlo simulation. Evaluation results show that two proposed PUF designs satisfy requirements on randomness, uniqueness, and reliability over a wide temperature range. Moreover, the proposed approach imposes only a marginal overhead leading to one of the most energy-efficient PUFs in the state-of-the-art.","PeriodicalId":126518,"journal":{"name":"Proceedings of the Fourth Workshop on Cryptography and Security in Computing Systems","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-01-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121572130","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
K. M. Abdellatif, Damien Couroussé, O. Potin, P. Jaillon
Secure implementations against side channel attacks usually combine hiding and masking protections in software implementations. In this work, we focus on desynchronization protection which is considered as a hiding countermeasure. The idea of desynchronization is to obtain a non-predictable offset of the attacking point in terms of time dimension. For this purpose, we present exploiting pattern-recognition methods to filter interesting points for obtaining a successful side channel attack. Using this tool as a case study, we completely cancel the desynchronization effect of the CHES 2009/2010 countermeasure [2, 3]. Moreover, 25k traces are needed for a successful key recoveries in case of polymorphism-based countermeasure [4].
{"title":"Filtering-based CPA: a successful side-channel attack against desynchronization countermeasures","authors":"K. M. Abdellatif, Damien Couroussé, O. Potin, P. Jaillon","doi":"10.1145/3031836.3031842","DOIUrl":"https://doi.org/10.1145/3031836.3031842","url":null,"abstract":"Secure implementations against side channel attacks usually combine hiding and masking protections in software implementations. In this work, we focus on desynchronization protection which is considered as a hiding countermeasure. The idea of desynchronization is to obtain a non-predictable offset of the attacking point in terms of time dimension. For this purpose, we present exploiting pattern-recognition methods to filter interesting points for obtaining a successful side channel attack. Using this tool as a case study, we completely cancel the desynchronization effect of the CHES 2009/2010 countermeasure [2, 3]. Moreover, 25k traces are needed for a successful key recoveries in case of polymorphism-based countermeasure [4].","PeriodicalId":126518,"journal":{"name":"Proceedings of the Fourth Workshop on Cryptography and Security in Computing Systems","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-01-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128310206","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Frank K. Gürkaynak, R. Schilling, M. Muehlberghuber, Francesco Conti, S. Mangard, L. Benini
Embedded systems for Internet-of-Things applications present new challenges to system design. From a hardware design perspective, energy efficiency is paramount, as most of devices have a limited power supply due to size considerations. Transmitting data away from the node remains a very power hungry operation, and the only viable solution to this problem is to reduce the amount of data by performing pre-processing which again requires additional computational power. Hence modern embedded devices need to strike a fine balance between the power needed for acquisition/processing and communication. In many scenarios, small IoT devices will be deployed widely making them vulnerable to malicious attacks. Thus, for practical applications, these devices also need to fit the necessary resources to provide adequate security services. We present a cryptographic hardware accelerator capable of supporting multiple encryption and decryption modes for different cryptographic algorithms (AES, Keccak) in an energy efficient multi-core cluster optimized for embedded digital signal processing applications implemented in 65 nm CMOS technology. We show that it is possible to have the necessary computation power to perform cryptographic services in addition to state of the art processing in a power budget that is compatible with IoT devices in a mature 65 nm CMOS technology. When running at 0.8 V the SoC with the cryptographic accelerator can be clocked at 84 MHz running AES-XTS at more than 250 Mbits/s consuming a total of 27 mW, which is a 100 × gain in energy and 496 × gain in operation speed over an optimized software implementation running on a single 32 bit OpenRISC core.
{"title":"Multi-core data analytics SoC with a flexible 1.76 Gbit/s AES-XTS cryptographic accelerator in 65 nm CMOS","authors":"Frank K. Gürkaynak, R. Schilling, M. Muehlberghuber, Francesco Conti, S. Mangard, L. Benini","doi":"10.1145/3031836.3031840","DOIUrl":"https://doi.org/10.1145/3031836.3031840","url":null,"abstract":"Embedded systems for Internet-of-Things applications present new challenges to system design. From a hardware design perspective, energy efficiency is paramount, as most of devices have a limited power supply due to size considerations. Transmitting data away from the node remains a very power hungry operation, and the only viable solution to this problem is to reduce the amount of data by performing pre-processing which again requires additional computational power. Hence modern embedded devices need to strike a fine balance between the power needed for acquisition/processing and communication. In many scenarios, small IoT devices will be deployed widely making them vulnerable to malicious attacks. Thus, for practical applications, these devices also need to fit the necessary resources to provide adequate security services. We present a cryptographic hardware accelerator capable of supporting multiple encryption and decryption modes for different cryptographic algorithms (AES, Keccak) in an energy efficient multi-core cluster optimized for embedded digital signal processing applications implemented in 65 nm CMOS technology. We show that it is possible to have the necessary computation power to perform cryptographic services in addition to state of the art processing in a power budget that is compatible with IoT devices in a mature 65 nm CMOS technology. When running at 0.8 V the SoC with the cryptographic accelerator can be clocked at 84 MHz running AES-XTS at more than 250 Mbits/s consuming a total of 27 mW, which is a 100 × gain in energy and 496 × gain in operation speed over an optimized software implementation running on a single 32 bit OpenRISC core.","PeriodicalId":126518,"journal":{"name":"Proceedings of the Fourth Workshop on Cryptography and Security in Computing Systems","volume":"52 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-01-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134011812","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
SRAM-based physical unclonable functions (SRAM PUFs) derive a device dependent secret from the start-up pattern of their memory cells and have shown very promising results in previous publications. This work presents a dataset measured on 144 Infineon XMC4500 microcontrollers containing 160 KiB of SRAM sampled 101 times each in 2015 and 2016. Analyses are done using state-of-the-art metrics by Maiti et al., Hori et al., and by custom inspections. In extensive comparison to previous work, this work is found to score best in average Reliability and Bit-Alias, match with previous top results in average Uniformity and still mid-range in Uniqueness. This confirms previous results that general purpose SRAM on microcontrollers is adequate for most PUF applications. To support further research into SRAM PUFs and their post-processing, the full dataset originating from this work will be made publicly available on the internet.
{"title":"Large scale characterization of SRAM on infineon XMC microcontrollers as PUF","authors":"F. Wilde","doi":"10.1145/3031836.3031839","DOIUrl":"https://doi.org/10.1145/3031836.3031839","url":null,"abstract":"SRAM-based physical unclonable functions (SRAM PUFs) derive a device dependent secret from the start-up pattern of their memory cells and have shown very promising results in previous publications. This work presents a dataset measured on 144 Infineon XMC4500 microcontrollers containing 160 KiB of SRAM sampled 101 times each in 2015 and 2016. Analyses are done using state-of-the-art metrics by Maiti et al., Hori et al., and by custom inspections. In extensive comparison to previous work, this work is found to score best in average Reliability and Bit-Alias, match with previous top results in average Uniformity and still mid-range in Uniqueness. This confirms previous results that general purpose SRAM on microcontrollers is adequate for most PUF applications. To support further research into SRAM PUFs and their post-processing, the full dataset originating from this work will be made publicly available on the internet.","PeriodicalId":126518,"journal":{"name":"Proceedings of the Fourth Workshop on Cryptography and Security in Computing Systems","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-01-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125875866","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
M. Brorsson, Zhonghai Lu, G. Agosta, Alessandro Barenghi, Gerardo Pelosi
On behalf of the program and organizing committees, it is a great pleasure to welcome you to the First Workshop on Cryptography and Security in Computing Systems (CS2 2014). The CS2 meeting is a co-located event with HiPEAC 2014 in Vienna, Austria, January 20, 2014. � �The wide diffusion of embedded systems, including multi-core, many-core, and re-configurable platforms, poses a number of challenges related to the security of operations of such systems, as well as of the information stored in them. Malicious adversaries can leverage unprotected communications to hijack cyber-physical systems, resulting in incorrect and potentially highly dangerous behaviors, or can exploit side-channel information leakage, as well as reverse engineering hints, to recover secret information from a computing system. Untrustworthy third party software and hardware can create openings for such attacks, which must be detected and removed or counteracted. In addition, the complexity of modern and future embedded and mobile systems leads to the need to depart from manual planning and deployment of security features. Thus, design automation tools are needed to design and verify the security features of new hardware/software systems. � �The workshop provides a venue for security and cryptography experts to interact with the computer architecture and compilers community, aiming at cross-fertilization and multi-disciplinary approaches to address the security and privacy challenges of computing systems.
{"title":"Proceedings of the Fourth Workshop on Cryptography and Security in Computing Systems","authors":"M. Brorsson, Zhonghai Lu, G. Agosta, Alessandro Barenghi, Gerardo Pelosi","doi":"10.1145/3031836","DOIUrl":"https://doi.org/10.1145/3031836","url":null,"abstract":"On behalf of the program and organizing committees, it is a great pleasure to welcome you to the First Workshop on Cryptography and Security in Computing Systems (CS2 2014). The CS2 meeting is a co-located event with HiPEAC 2014 in Vienna, Austria, January 20, 2014. \u0000 \u0000The wide diffusion of embedded systems, including multi-core, many-core, and re-configurable platforms, poses a number of challenges related to the security of operations of such systems, as well as of the information stored in them. Malicious adversaries can leverage unprotected communications to hijack cyber-physical systems, resulting in incorrect and potentially highly dangerous behaviors, or can exploit side-channel information leakage, as well as reverse engineering hints, to recover secret information from a computing system. Untrustworthy third party software and hardware can create openings for such attacks, which must be detected and removed or counteracted. In addition, the complexity of modern and future embedded and mobile systems leads to the need to depart from manual planning and deployment of security features. Thus, design automation tools are needed to design and verify the security features of new hardware/software systems. \u0000 \u0000The workshop provides a venue for security and cryptography experts to interact with the computer architecture and compilers community, aiming at cross-fertilization and multi-disciplinary approaches to address the security and privacy challenges of computing systems.","PeriodicalId":126518,"journal":{"name":"Proceedings of the Fourth Workshop on Cryptography and Security in Computing Systems","volume":"227 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-01-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132150583","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: