Pub Date : 2017-07-03DOI: 10.1109/IVSW.2017.8031543
M. D. Silva, M. Flottes, G. D. Natale, B. Rouzeyre
Crypto-processors are vulnerable to scan attacks. Using the scan chain, an attacker is indeed able to observe intermediate encryption states and steal secret data closely-related to the key. However, scan design is the most powerful mean for test and diagnostic purpose. Several countermeasure approaches have thus been proposed for securing scan designs while preserving test efficiency, diagnosis and debugging abilities. One solution is to encrypt test patterns thanks to extra block ciphers preventing control and observation of plain texts in the scan chain. The goal of this paper is to experiment this scan chain encryption approach on different designs in order to evaluate test efficiency and costs in terms of area and test time.
{"title":"Experimentations on scan chain encryption with PRESENT","authors":"M. D. Silva, M. Flottes, G. D. Natale, B. Rouzeyre","doi":"10.1109/IVSW.2017.8031543","DOIUrl":"https://doi.org/10.1109/IVSW.2017.8031543","url":null,"abstract":"Crypto-processors are vulnerable to scan attacks. Using the scan chain, an attacker is indeed able to observe intermediate encryption states and steal secret data closely-related to the key. However, scan design is the most powerful mean for test and diagnostic purpose. Several countermeasure approaches have thus been proposed for securing scan designs while preserving test efficiency, diagnosis and debugging abilities. One solution is to encrypt test patterns thanks to extra block ciphers preventing control and observation of plain texts in the scan chain. The goal of this paper is to experiment this scan chain encryption approach on different designs in order to evaluate test efficiency and costs in terms of area and test time.","PeriodicalId":184196,"journal":{"name":"2017 IEEE 2nd International Verification and Security Workshop (IVSW)","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124578330","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-07-03DOI: 10.1109/IVSW.2017.8031550
Marc Fyrbiak, Sebastian Strauss, Christian Kison, Sebastian Wallat, M. Elson, N. Rummel, C. Paar
Hardware reverse engineering is a universal tool for both legitimate and illegitimate purposes. On the one hand, it supports confirmation of IP infringement and detection of circuit malicious manipulations, on the other hand it provides adversaries with crucial information to plagiarize designs, infringe on IP, or implant hardware Trojans into a target circuit. Although reverse engineering is commonplace in practice, the quantification of its complexity is an unsolved problem to date since both technical and human factors have to be accounted for. A sophisticated understanding of this complexity is crucial in order to provide a reasonable threat estimation and to develop sound countermeasures, i.e. obfuscation transformations of the target circuit, to mitigate risks for the modern IC landscape. The contribution of our work is threefold: first, we systematically study the current research branches related to hardware reverse engineering ranging from decapsulation to gate-level netlist analysis. Based on our overview, we formulate several open research questions to scientifically quantify reverse engineering, including technical and human factors. Second, we survey research on problem solving and on the acquisition of expertise and discuss its potential to quantify human factors in reverse engineering. Third, we propose novel directions for future interdisciplinary research encompassing both technical and psychological perspectives that hold the promise to holistically capture the complexity of hardware reverse engineering.
{"title":"Hardware reverse engineering: Overview and open challenges","authors":"Marc Fyrbiak, Sebastian Strauss, Christian Kison, Sebastian Wallat, M. Elson, N. Rummel, C. Paar","doi":"10.1109/IVSW.2017.8031550","DOIUrl":"https://doi.org/10.1109/IVSW.2017.8031550","url":null,"abstract":"Hardware reverse engineering is a universal tool for both legitimate and illegitimate purposes. On the one hand, it supports confirmation of IP infringement and detection of circuit malicious manipulations, on the other hand it provides adversaries with crucial information to plagiarize designs, infringe on IP, or implant hardware Trojans into a target circuit. Although reverse engineering is commonplace in practice, the quantification of its complexity is an unsolved problem to date since both technical and human factors have to be accounted for. A sophisticated understanding of this complexity is crucial in order to provide a reasonable threat estimation and to develop sound countermeasures, i.e. obfuscation transformations of the target circuit, to mitigate risks for the modern IC landscape. The contribution of our work is threefold: first, we systematically study the current research branches related to hardware reverse engineering ranging from decapsulation to gate-level netlist analysis. Based on our overview, we formulate several open research questions to scientifically quantify reverse engineering, including technical and human factors. Second, we survey research on problem solving and on the acquisition of expertise and discuss its potential to quantify human factors in reverse engineering. Third, we propose novel directions for future interdisciplinary research encompassing both technical and psychological perspectives that hold the promise to holistically capture the complexity of hardware reverse engineering.","PeriodicalId":184196,"journal":{"name":"2017 IEEE 2nd International Verification and Security Workshop (IVSW)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125484221","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-07-03DOI: 10.1109/IVSW.2017.8031545
C. Bresch, Adrien Michelet, Laurent Amato, Thomas Meyer, D. Hély
Software attacks are commonly performed against embedded systems in order to access private data or to run restricted services. In this work, we demonstrate some vulnerabilities of commonly use processor which can be leveraged by hackers to attack a system. The targeted devices are based on open processor architectures OpenRISC and RISC-V. Several software exploits are discussed and demonstrated while a hardware countermeasure is proposed and validated on OpenRISC against Return Oriented Programming attack.
{"title":"A red team blue team approach towards a secure processor design with hardware shadow stack","authors":"C. Bresch, Adrien Michelet, Laurent Amato, Thomas Meyer, D. Hély","doi":"10.1109/IVSW.2017.8031545","DOIUrl":"https://doi.org/10.1109/IVSW.2017.8031545","url":null,"abstract":"Software attacks are commonly performed against embedded systems in order to access private data or to run restricted services. In this work, we demonstrate some vulnerabilities of commonly use processor which can be leveraged by hackers to attack a system. The targeted devices are based on open processor architectures OpenRISC and RISC-V. Several software exploits are discussed and demonstrated while a hardware countermeasure is proposed and validated on OpenRISC against Return Oriented Programming attack.","PeriodicalId":184196,"journal":{"name":"2017 IEEE 2nd International Verification and Security Workshop (IVSW)","volume":"48 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132850498","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-07-03DOI: 10.1109/IVSW.2017.8031551
Sebastian Wallat, Marc Fyrbiak, Moritz Schlögel, C. Paar
A massive threat to the modern and complex IC production chain is the use of untrusted off-shore foundries which are able to infringe valuable hardware design IP or to inject hardware Trojans causing severe loss of safety and security. Similarly, market dominating SRAM-based FPGAs are vulnerable to both attacks since the crucial gate-level netlist can be retrieved even in field for the majority of deployed device series. In order to perform IP infringement or Trojan injection, reverse engineering (parts of) the hardware design is necessary to understand its internal workings. Even though IP protection and obfuscation techniques exist to hinder both attacks, the security of most techniques is doubtful since realistic capabilities of reverse engineering are often neglected. The contribution of our work is twofold: first, we carefully review an IP watermarking scheme tailored to FPGAs and improve its security by using opaque predicates. In addition, we show novel reverse engineering strategies on proposed opaque predicate implementations that again enables to automatically detect and alter watermarks. Second, we demonstrate automatic injection of hardware Trojans specifically tailored for third-party cryptographic IP gate-level netlists. More precisely, we extend our understanding of adversary's capabilities by presenting how block and stream cipher implementations can be surreptitiously weakened.
{"title":"A look at the dark side of hardware reverse engineering - a case study","authors":"Sebastian Wallat, Marc Fyrbiak, Moritz Schlögel, C. Paar","doi":"10.1109/IVSW.2017.8031551","DOIUrl":"https://doi.org/10.1109/IVSW.2017.8031551","url":null,"abstract":"A massive threat to the modern and complex IC production chain is the use of untrusted off-shore foundries which are able to infringe valuable hardware design IP or to inject hardware Trojans causing severe loss of safety and security. Similarly, market dominating SRAM-based FPGAs are vulnerable to both attacks since the crucial gate-level netlist can be retrieved even in field for the majority of deployed device series. In order to perform IP infringement or Trojan injection, reverse engineering (parts of) the hardware design is necessary to understand its internal workings. Even though IP protection and obfuscation techniques exist to hinder both attacks, the security of most techniques is doubtful since realistic capabilities of reverse engineering are often neglected. The contribution of our work is twofold: first, we carefully review an IP watermarking scheme tailored to FPGAs and improve its security by using opaque predicates. In addition, we show novel reverse engineering strategies on proposed opaque predicate implementations that again enables to automatically detect and alter watermarks. Second, we demonstrate automatic injection of hardware Trojans specifically tailored for third-party cryptographic IP gate-level netlists. More precisely, we extend our understanding of adversary's capabilities by presenting how block and stream cipher implementations can be surreptitiously weakened.","PeriodicalId":184196,"journal":{"name":"2017 IEEE 2nd International Verification and Security Workshop (IVSW)","volume":"62 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122850539","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-07-03DOI: 10.1109/IVSW.2017.8031542
Kaibin Huang, R. Tso
In public key encryption with keyword search (PEKS) framework, see Figure 1(a), the cloud server stores index Iw and verifies the equivalence whether w = w′ or not on receiving a keyword search request through a trapdoor Tw′. Aside from the traditional secrecy concerns over index, a new threat called inner keyword guessing attack which addressed the secrecy of trapdoors against off-line brute force attacks, was indicated by Chen et al. First, the index Iw is publicly computable; second, the domain of keywords is not big enough to resist brute force attacks; and third, the cloud server can verify the equivalence between keywords of index and trapdoors by itself. As a curious server, on input a trapdoor Tw′, the server can keep computing index with different keywords w and tests the equivalence by itself until finding the keyword w′ hidden in the trapdoors. That is, the secrecy of trapdoors can be easily broken. Furthermore, the ‘hacked trapdoor’ can be utilized to test all the index in the database, which indirectly impacts the secrecy of index. Chen et al. propose a dual-server PEKS (DS-PEKS) syntax to deal with this issue. There are a front server and a back server in their architecture (see Figure 1(b)) and the keyword search test is done by the co-operation of two servers. Assume that these two servers do not collude, the DS-PEKS scheme will be secure against off-line inner keyword guessing attacks (although that the on-line inner keyword guessing attacks still work). However, several flaws occur in Chen et al.'s works so that the secrecy of index and trapdoors are not well-protected even against outside adversaries. In this work, we propose a new DS-PEKS construction based on the Cramer Shoup encryption, whose index and trapdoors are provably indistinguishable against chosen keyword attacks based on the IND-CCA2 security of the Cramer Shoup encryption without random oracle model.
{"title":"Provable secure dual-server public key encryption with keyword search","authors":"Kaibin Huang, R. Tso","doi":"10.1109/IVSW.2017.8031542","DOIUrl":"https://doi.org/10.1109/IVSW.2017.8031542","url":null,"abstract":"In public key encryption with keyword search (PEKS) framework, see Figure 1(a), the cloud server stores index Iw and verifies the equivalence whether w = w′ or not on receiving a keyword search request through a trapdoor Tw′. Aside from the traditional secrecy concerns over index, a new threat called inner keyword guessing attack which addressed the secrecy of trapdoors against off-line brute force attacks, was indicated by Chen et al. First, the index Iw is publicly computable; second, the domain of keywords is not big enough to resist brute force attacks; and third, the cloud server can verify the equivalence between keywords of index and trapdoors by itself. As a curious server, on input a trapdoor Tw′, the server can keep computing index with different keywords w and tests the equivalence by itself until finding the keyword w′ hidden in the trapdoors. That is, the secrecy of trapdoors can be easily broken. Furthermore, the ‘hacked trapdoor’ can be utilized to test all the index in the database, which indirectly impacts the secrecy of index. Chen et al. propose a dual-server PEKS (DS-PEKS) syntax to deal with this issue. There are a front server and a back server in their architecture (see Figure 1(b)) and the keyword search test is done by the co-operation of two servers. Assume that these two servers do not collude, the DS-PEKS scheme will be secure against off-line inner keyword guessing attacks (although that the on-line inner keyword guessing attacks still work). However, several flaws occur in Chen et al.'s works so that the secrecy of index and trapdoors are not well-protected even against outside adversaries. In this work, we propose a new DS-PEKS construction based on the Cramer Shoup encryption, whose index and trapdoors are provably indistinguishable against chosen keyword attacks based on the IND-CCA2 security of the Cramer Shoup encryption without random oracle model.","PeriodicalId":184196,"journal":{"name":"2017 IEEE 2nd International Verification and Security Workshop (IVSW)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126865328","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-07-03DOI: 10.1109/IVSW.2017.8031537
Jan Burchard, Ange-Salomé Messeng Ekossono, J. Horácek, Mael Gay, B. Becker, Tobias Schubert, M. Kreuzer, I. Polian
Fault attacks are a major threat for hardware-implemented security primitives, and algebraic techniques (equation-solving) are one of the most powerful building blocks for such attacks. We show that structural models obtained from a circuit implementation of the analyzed cipher can lead to more efficient attacks than the functional models used in literature. We also discuss possible synergies of the traditional functional and the proposed structural models and show first results on mixed models that combine structural and functional information. The overspecification provided by the mixed models creates an optimization potential through a partial mixed model with different filter rules for the combination of the two models.
{"title":"Towards mixed structural-functional models for algebraic fault attacks on ciphers","authors":"Jan Burchard, Ange-Salomé Messeng Ekossono, J. Horácek, Mael Gay, B. Becker, Tobias Schubert, M. Kreuzer, I. Polian","doi":"10.1109/IVSW.2017.8031537","DOIUrl":"https://doi.org/10.1109/IVSW.2017.8031537","url":null,"abstract":"Fault attacks are a major threat for hardware-implemented security primitives, and algebraic techniques (equation-solving) are one of the most powerful building blocks for such attacks. We show that structural models obtained from a circuit implementation of the analyzed cipher can lead to more efficient attacks than the functional models used in literature. We also discuss possible synergies of the traditional functional and the proposed structural models and show first results on mixed models that combine structural and functional information. The overspecification provided by the mixed models creates an optimization potential through a partial mixed model with different filter rules for the combination of the two models.","PeriodicalId":184196,"journal":{"name":"2017 IEEE 2nd International Verification and Security Workshop (IVSW)","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123807978","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-07-03DOI: 10.1109/IVSW.2017.8031536
D. McCann, E. Oswald
Implementing cryptography on Internet-of-Things (IoT) devices, that is resilient against side channel analysis, has so far been a task only suitable for specialist software designers in interaction with access to a sophisticated testing facility. Recently a novel tool has been developed, ELMO, which offers the potential to enable non-specialist software developers to evaluate their code w.r.t. power analysis for a popular IoT processor. We explain a crucial extension of ELMO, which enables a user to test higher-order masking schemes much more efficiently than so far possible as well as improve the ease and speed of diagnosing masking errors.
{"title":"Practical evaluation of masking software countermeasures on an IoT processor","authors":"D. McCann, E. Oswald","doi":"10.1109/IVSW.2017.8031536","DOIUrl":"https://doi.org/10.1109/IVSW.2017.8031536","url":null,"abstract":"Implementing cryptography on Internet-of-Things (IoT) devices, that is resilient against side channel analysis, has so far been a task only suitable for specialist software designers in interaction with access to a sophisticated testing facility. Recently a novel tool has been developed, ELMO, which offers the potential to enable non-specialist software developers to evaluate their code w.r.t. power analysis for a popular IoT processor. We explain a crucial extension of ELMO, which enables a user to test higher-order masking schemes much more efficiently than so far possible as well as improve the ease and speed of diagnosing masking errors.","PeriodicalId":184196,"journal":{"name":"2017 IEEE 2nd International Verification and Security Workshop (IVSW)","volume":"99 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124440801","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-07-03DOI: 10.1109/IVSW.2017.8031556
S. Trimberger, Steve McNeil
Recent deployments of FPGAs as compute resources in data centers have raised security concerns. One concern is how to prevent user-deployed logic in the FPGA from accessing privileged data such as physical addresses or raw network traffic. Addressing this issue uses the concept of ‘privileged’ mode FPGA logic that is kept separate from ‘user’ mode logic. Logical separation can be achieved with design restrictions, physical separation gives a stronger security guarantee. Physical separation can be implemented and enforced using the Xilinx Isolation Design Flow to isolate privileged shell logic from user application logic. A second security concern is the detection and handling of undesirable behavior of user logic. This undesirable behavior includes generation of current spikes, consumption of excessive power or overheating the FPGA or the system. These conditions can be addressed by design checking, and a thorough run-time solution leverages anti-tamper functionality in the FPGA that activates user logic to disable functions when voltage or temperature exceeds preset limits. A third concern is the need to ensure FPGA logic only changes when desired. This concern is addressed using both hard logic and IP that together ensure and verify that the programmable logic does not change during operation.
{"title":"Security of FPGAs in data centers","authors":"S. Trimberger, Steve McNeil","doi":"10.1109/IVSW.2017.8031556","DOIUrl":"https://doi.org/10.1109/IVSW.2017.8031556","url":null,"abstract":"Recent deployments of FPGAs as compute resources in data centers have raised security concerns. One concern is how to prevent user-deployed logic in the FPGA from accessing privileged data such as physical addresses or raw network traffic. Addressing this issue uses the concept of ‘privileged’ mode FPGA logic that is kept separate from ‘user’ mode logic. Logical separation can be achieved with design restrictions, physical separation gives a stronger security guarantee. Physical separation can be implemented and enforced using the Xilinx Isolation Design Flow to isolate privileged shell logic from user application logic. A second security concern is the detection and handling of undesirable behavior of user logic. This undesirable behavior includes generation of current spikes, consumption of excessive power or overheating the FPGA or the system. These conditions can be addressed by design checking, and a thorough run-time solution leverages anti-tamper functionality in the FPGA that activates user logic to disable functions when voltage or temperature exceeds preset limits. A third concern is the need to ensure FPGA logic only changes when desired. This concern is addressed using both hard logic and IP that together ensure and verify that the programmable logic does not change during operation.","PeriodicalId":184196,"journal":{"name":"2017 IEEE 2nd International Verification and Security Workshop (IVSW)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133108795","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-07-03DOI: 10.1109/IVSW.2017.8031546
P. Papadopoulos, A. Raman, Y. Koutsoyannopoulos, N. Provatas, M. Abadir
Electromagnetic Crosstalk analysis is emerging as a fundamental necessity as a component of electronic system development. With the advent of advanced technologies and System on-Chip (SoC) architectures, ignoring electromagnetic crosstalk is highly risky resulting in significant delays in reaching the market on time as well significant cost over runs. This paper provides an overview of the state of the practice in electromagnetic crosstalk in the context of modern SoC designs, current industrial trends, and key adoption challenges.
{"title":"Challenges and trends in SOC Electromagnetic (EM) Crosstalk","authors":"P. Papadopoulos, A. Raman, Y. Koutsoyannopoulos, N. Provatas, M. Abadir","doi":"10.1109/IVSW.2017.8031546","DOIUrl":"https://doi.org/10.1109/IVSW.2017.8031546","url":null,"abstract":"Electromagnetic Crosstalk analysis is emerging as a fundamental necessity as a component of electronic system development. With the advent of advanced technologies and System on-Chip (SoC) architectures, ignoring electromagnetic crosstalk is highly risky resulting in significant delays in reaching the market on time as well significant cost over runs. This paper provides an overview of the state of the practice in electromagnetic crosstalk in the context of modern SoC designs, current industrial trends, and key adoption challenges.","PeriodicalId":184196,"journal":{"name":"2017 IEEE 2nd International Verification and Security Workshop (IVSW)","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121866045","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-07-01DOI: 10.1109/IVSW.2017.8031541
Gregoire Gimenez, A. Cherkaoui, Raphael Frisch, L. Fesquet
Self-timed Ring based True Random Generators (STRNGs) extract randomness from the jitter of events evenly propagating in a Self-Timed Ring (STR) oscillator. Security of such generators is primarily based on an entropy assessment: an accurate model of the minimum entropy per output bit with physical measurement of the noise source. This assessment is reinforced with both entropy source monitoring and online testing of the output bits. This paper addresses the security of the STRNG. First we identify potential vulnerabilities on the generator and define a threat model. Based on this threat model, we analyze the effect of active attacks in analog simulations (in a 55 nm technology), and by emulating them in a high-level simulation model. Then, we propose simple and efficient countermeasures to thwart attacks focusing on the generator. Finally, we evaluate the output sequences before and after attacks to validate the proposed countermeasures.
{"title":"Self-timed Ring based True Random Number Generator: Threat model and countermeasures","authors":"Gregoire Gimenez, A. Cherkaoui, Raphael Frisch, L. Fesquet","doi":"10.1109/IVSW.2017.8031541","DOIUrl":"https://doi.org/10.1109/IVSW.2017.8031541","url":null,"abstract":"Self-timed Ring based True Random Generators (STRNGs) extract randomness from the jitter of events evenly propagating in a Self-Timed Ring (STR) oscillator. Security of such generators is primarily based on an entropy assessment: an accurate model of the minimum entropy per output bit with physical measurement of the noise source. This assessment is reinforced with both entropy source monitoring and online testing of the output bits. This paper addresses the security of the STRNG. First we identify potential vulnerabilities on the generator and define a threat model. Based on this threat model, we analyze the effect of active attacks in analog simulations (in a 55 nm technology), and by emulating them in a high-level simulation model. Then, we propose simple and efficient countermeasures to thwart attacks focusing on the generator. Finally, we evaluate the output sequences before and after attacks to validate the proposed countermeasures.","PeriodicalId":184196,"journal":{"name":"2017 IEEE 2nd International Verification and Security Workshop (IVSW)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131196280","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: