Pub Date : 2011-06-05DOI: 10.1109/HST.2011.5954993
Houssem Maghrebi, S. Guilley, J. Danger
The masking countermeasure in hardware has been widely studied, for its simplicity and its efficiency. Notably, no care is required at backend level and the throughput is not affected with respect to an unprotected implementation. In this article, we are concerned with a formal security evaluation of Boolean hardware masking schemes. Following a practice-oriented evaluation framework introduced at EURO-CRYPT'2009 [22], we compute both leakage and attack metrics. The hardware implementations have the specificity that the signal to noise ratio is below 1. In this particular case, we prove that a leakage metric (namely the mutual information) allows to characterize perfectly the best attack. This was previously unknown; moreover, we exhibit explicitly the links between leakage and attacks metrics. This result is in line with [10] but conflicts with [24]. More precisely, second-order DPA with a centered product combination function yields the largest leaks and the most powerful attacks. However, those are not possible if the implementation is “zero-offset”, an implementation of first-order masking only possible in hardware. Furthermore, even the sub-optimal attacks are impeded, due to the high noise that characterizes parallel hardware crypto-processors. Therefore, masked implementations in hardware reach much higher security levels than software counterparts while not degrading significantly the computation throughput.
{"title":"Formal security evaluation of hardware Boolean masking against second-order attacks","authors":"Houssem Maghrebi, S. Guilley, J. Danger","doi":"10.1109/HST.2011.5954993","DOIUrl":"https://doi.org/10.1109/HST.2011.5954993","url":null,"abstract":"The masking countermeasure in hardware has been widely studied, for its simplicity and its efficiency. Notably, no care is required at backend level and the throughput is not affected with respect to an unprotected implementation. In this article, we are concerned with a formal security evaluation of Boolean hardware masking schemes. Following a practice-oriented evaluation framework introduced at EURO-CRYPT'2009 [22], we compute both leakage and attack metrics. The hardware implementations have the specificity that the signal to noise ratio is below 1. In this particular case, we prove that a leakage metric (namely the mutual information) allows to characterize perfectly the best attack. This was previously unknown; moreover, we exhibit explicitly the links between leakage and attacks metrics. This result is in line with [10] but conflicts with [24]. More precisely, second-order DPA with a centered product combination function yields the largest leaks and the most powerful attacks. However, those are not possible if the implementation is “zero-offset”, an implementation of first-order masking only possible in hardware. Furthermore, even the sub-optimal attacks are impeded, due to the high noise that characterizes parallel hardware crypto-processors. Therefore, masked implementations in hardware reach much higher security levels than software counterparts while not degrading significantly the computation throughput.","PeriodicalId":300377,"journal":{"name":"2011 IEEE International Symposium on Hardware-Oriented Security and Trust","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116866913","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-06-05DOI: 10.1109/HST.2011.5955000
Q. Luo, Yunsi Fei
Side-channel attacks have emerged as a kind of effective security threat targeting system implementation of cryptographic algorithms. Evaluating a cryptographic system's resilience to side-channel attacks is therefore important for secure system design. This paper proposes a novel analysis method for resilience evaluation of cryptographic algorithms, which takes DES as example and reveals inherent algorithmic properties related to side-channel attacks. Collision and confusion coefficients are defined as the algorithmic parameters. The analysis shows that in addition to the side-channel leakage, another algorithm-dependent factor determines the effectiveness of side-channel attacks. With such factor considered, a metric is proposed to evaluate side-channel attacks and system resilience. Experiment results demonstrate the effectiveness and efficiency of the metric.
{"title":"Algorithmic collision analysis for evaluating cryptographic systems and side-channel attacks","authors":"Q. Luo, Yunsi Fei","doi":"10.1109/HST.2011.5955000","DOIUrl":"https://doi.org/10.1109/HST.2011.5955000","url":null,"abstract":"Side-channel attacks have emerged as a kind of effective security threat targeting system implementation of cryptographic algorithms. Evaluating a cryptographic system's resilience to side-channel attacks is therefore important for secure system design. This paper proposes a novel analysis method for resilience evaluation of cryptographic algorithms, which takes DES as example and reveals inherent algorithmic properties related to side-channel attacks. Collision and confusion coefficients are defined as the algorithmic parameters. The analysis shows that in addition to the side-channel leakage, another algorithm-dependent factor determines the effectiveness of side-channel attacks. With such factor considered, a metric is proposed to evaluate side-channel attacks and system resilience. Experiment results demonstrate the effectiveness and efficiency of the metric.","PeriodicalId":300377,"journal":{"name":"2011 IEEE International Symposium on Hardware-Oriented Security and Trust","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116963121","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-06-05DOI: 10.1109/HST.2011.5955010
Zdenek Sid Paral, S. Devadas
We describe a novel and efficient method to reliably provision and re-generate a finite and exact sequence of bits, for use with cryptographic applications, e.g., as a key, by employing one or more challengeable Physical Unclonable Function (PUF) circuit elements. Our method reverses the conventional paradigm of using public challenges to generate secret PUF responses; it exposes response patterns and keeps secret the particular challenges that generate response patterns. The key is assembled from a series of small (initially chosen or random), secret integers, each being an index into a string of bits produced by the PUF circuit(s); a PUF unique pattern at each respective index is then persistently stored between provisioning and all subsequent key re-generations. To obtain the secret integers again, a newly repeated PUF output string is searched for highest-probability matches with the stored patterns. This means that complex error correction logic such as BCH decoders are not required. The method reveals only relatively short PUF output data in public store, thwarting opportunities for modeling attacks. We provide experimental results using data obtained from PUF ASICs, which show that keys can be efficiently and reliably generated using our scheme under extreme environmental variation.
{"title":"Reliable and efficient PUF-based key generation using pattern matching","authors":"Zdenek Sid Paral, S. Devadas","doi":"10.1109/HST.2011.5955010","DOIUrl":"https://doi.org/10.1109/HST.2011.5955010","url":null,"abstract":"We describe a novel and efficient method to reliably provision and re-generate a finite and exact sequence of bits, for use with cryptographic applications, e.g., as a key, by employing one or more challengeable Physical Unclonable Function (PUF) circuit elements. Our method reverses the conventional paradigm of using public challenges to generate secret PUF responses; it exposes response patterns and keeps secret the particular challenges that generate response patterns. The key is assembled from a series of small (initially chosen or random), secret integers, each being an index into a string of bits produced by the PUF circuit(s); a PUF unique pattern at each respective index is then persistently stored between provisioning and all subsequent key re-generations. To obtain the secret integers again, a newly repeated PUF output string is searched for highest-probability matches with the stored patterns. This means that complex error correction logic such as BCH decoders are not required. The method reveals only relatively short PUF output data in public store, thwarting opportunities for modeling attacks. We provide experimental results using data obtained from PUF ASICs, which show that keys can be efficiently and reliably generated using our scheme under extreme environmental variation.","PeriodicalId":300377,"journal":{"name":"2011 IEEE International Symposium on Hardware-Oriented Security and Trust","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121596598","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-06-05DOI: 10.1109/HST.2011.5955014
A. Moradi, Oliver Mischke, C. Paar
In CHES 2010 a correlation-based power analysis collision attack has been introduced which is supposed to exploit any first-order leakage of cryptographic devices. This work examines the effectiveness of the well-known DPA countermea-sures versus the correlation collision attack. The considered countermeasures include masking, shuffling, and noise addition, when applied in hardware. Practical evaluations, which all have been performed using power traces measured from an FPGA board, show an increase in the number of required traces, e.g. from 10,000 to 1,500,000, when combining different counter-measures. This study allows for a fair comparison between the hardware countermeasures and helps identifying an appropriate key lifetime.
{"title":"Practical evaluation of DPA countermeasures on reconfigurable hardware","authors":"A. Moradi, Oliver Mischke, C. Paar","doi":"10.1109/HST.2011.5955014","DOIUrl":"https://doi.org/10.1109/HST.2011.5955014","url":null,"abstract":"In CHES 2010 a correlation-based power analysis collision attack has been introduced which is supposed to exploit any first-order leakage of cryptographic devices. This work examines the effectiveness of the well-known DPA countermea-sures versus the correlation collision attack. The considered countermeasures include masking, shuffling, and noise addition, when applied in hardware. Practical evaluations, which all have been performed using power traces measured from an FPGA board, show an increase in the number of required traces, e.g. from 10,000 to 1,500,000, when combining different counter-measures. This study allows for a fair comparison between the hardware countermeasures and helps identifying an appropriate key lifetime.","PeriodicalId":300377,"journal":{"name":"2011 IEEE International Symposium on Hardware-Oriented Security and Trust","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117119382","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-06-05DOI: 10.1109/HST.2011.5955002
Daisuke Fujimoto, M. Nagata, T. Katashita, A. Sasaki, Y. Hori, Akashi Satoh
Fast power current analysis method using capacitor charging model was introduced to evaluate security of cryptographic hardware against side channel attacks before the circuit is fabricated as an LSI chip. The method was applied to CPA (Correlation Power Analysis) on various AES (Advanced Encryption Standard) circuits, which require more than 10,000 power current traces, and simulation speed was accelerated by 40–60 times in comparison with conventional full transistor level analysis. The proposed simulation based CPA revealed all of the secret keys of the AES circuits by extracting capacitance model from the post-layout data using a 65-nm CMOS standard cell library. The layout was also fabricated as an LSI chip, and CPA on the LSI was conducted. The results showed remarkable consistency between simulation and actual measurement in terms of information leakage related to the secret keys in power waveforms.
{"title":"A fast power current analysis methodology using capacitor charging model for side channel attack evaluation","authors":"Daisuke Fujimoto, M. Nagata, T. Katashita, A. Sasaki, Y. Hori, Akashi Satoh","doi":"10.1109/HST.2011.5955002","DOIUrl":"https://doi.org/10.1109/HST.2011.5955002","url":null,"abstract":"Fast power current analysis method using capacitor charging model was introduced to evaluate security of cryptographic hardware against side channel attacks before the circuit is fabricated as an LSI chip. The method was applied to CPA (Correlation Power Analysis) on various AES (Advanced Encryption Standard) circuits, which require more than 10,000 power current traces, and simulation speed was accelerated by 40–60 times in comparison with conventional full transistor level analysis. The proposed simulation based CPA revealed all of the secret keys of the AES circuits by extracting capacitance model from the post-layout data using a 65-nm CMOS standard cell library. The layout was also fabricated as an LSI chip, and CPA on the LSI was conducted. The results showed remarkable consistency between simulation and actual measurement in terms of information leakage related to the secret keys in power waveforms.","PeriodicalId":300377,"journal":{"name":"2011 IEEE International Symposium on Hardware-Oriented Security and Trust","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123952080","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-06-05DOI: 10.1109/HST.2011.5955001
Armin Krieg, Christian Bachmann, J. Grinschgl, C. Steger, R. Weiss, J. Haid
The personal banking and ID sector has seen a tremendous change in recent years, partially caused by the widespread introduction of smart-cards. Because of the extensive implications of a successful attack on these devices, a wide range of practical as well as purely academic attacks has been developed during the last years. These attacks have unveiled weaknesses in hardware as well as software implementations of several different, partially widely used cryptographic algorithms. An especially powerful method, the differential power analysis (DPA), extracts secret information from power consumption and electro-magnetic emission profiles. The efficiency of a DPA attack significantly depends on the quality of the cryptographic algorithm implementation. These traces currently can only be generated using real hardware or simulation-based approaches. Depending on the chosen simulation accuracy these evaluations result in time-consuming RTL and SPICE simulations often limiting the maximum amount of available execution traces. This paper introduces a novel high-speed methodology for early security evaluations of integrated processor systems using power emulation. First, the usage of power emulation hardware allows for the estimation of attack effort that an adversary will have to invest to gain secret information from an algorithm's execution profile. Second, countermeasures against differential power analysis attacks can be quickly evaluated in terms of effectiveness. The shown approach uses semi-automatic characterization techniques and fully synthesizable emulation hardware to reduce the designer's dependency on time-consuming simulation runs.
{"title":"Accelerating early design phase differential power analysis using power emulation techniques","authors":"Armin Krieg, Christian Bachmann, J. Grinschgl, C. Steger, R. Weiss, J. Haid","doi":"10.1109/HST.2011.5955001","DOIUrl":"https://doi.org/10.1109/HST.2011.5955001","url":null,"abstract":"The personal banking and ID sector has seen a tremendous change in recent years, partially caused by the widespread introduction of smart-cards. Because of the extensive implications of a successful attack on these devices, a wide range of practical as well as purely academic attacks has been developed during the last years. These attacks have unveiled weaknesses in hardware as well as software implementations of several different, partially widely used cryptographic algorithms. An especially powerful method, the differential power analysis (DPA), extracts secret information from power consumption and electro-magnetic emission profiles. The efficiency of a DPA attack significantly depends on the quality of the cryptographic algorithm implementation. These traces currently can only be generated using real hardware or simulation-based approaches. Depending on the chosen simulation accuracy these evaluations result in time-consuming RTL and SPICE simulations often limiting the maximum amount of available execution traces. This paper introduces a novel high-speed methodology for early security evaluations of integrated processor systems using power emulation. First, the usage of power emulation hardware allows for the estimation of attack effort that an adversary will have to invest to gain secret information from an algorithm's execution profile. Second, countermeasures against differential power analysis attacks can be quickly evaluated in terms of effectiveness. The shown approach uses semi-automatic characterization techniques and fully synthesizable emulation hardware to reduce the designer's dependency on time-consuming simulation runs.","PeriodicalId":300377,"journal":{"name":"2011 IEEE International Symposium on Hardware-Oriented Security and Trust","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127083874","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-06-05DOI: 10.1109/HST.2011.5954989
Mainak Banga, M. Hsiao
In this paper, we propose a two-step non-scan design-for-test methodology that can ease detection of an embedded Trojan and simultaneously partially obfuscates a design against Trojan implantations. In the first step, we use Q signals of flip-flops in a circuit to increase the number of reachable states. In the second step, we partition these flip-flops into different groups enhancing the state-space variation. Creation of these new reachable states helps to trigger and propagate the Trojan effect more easily. Experimental results on ISCAS'89 benchmarks show that this method can effectively uncover Trojans which are otherwise very difficult to detect in the normal functional mode. In addition, partitioning the flip-flops of the circuit into different groups and selecting the output (Q or Q) based on input controlled ENABLE signals conceal its actual functionality beyond simple recognition thereby making it difficult for the adversary to implant Trojans.
{"title":"ODETTE: A non-scan design-for-test methodology for Trojan detection in ICs","authors":"Mainak Banga, M. Hsiao","doi":"10.1109/HST.2011.5954989","DOIUrl":"https://doi.org/10.1109/HST.2011.5954989","url":null,"abstract":"In this paper, we propose a two-step non-scan design-for-test methodology that can ease detection of an embedded Trojan and simultaneously partially obfuscates a design against Trojan implantations. In the first step, we use Q signals of flip-flops in a circuit to increase the number of reachable states. In the second step, we partition these flip-flops into different groups enhancing the state-space variation. Creation of these new reachable states helps to trigger and propagate the Trojan effect more easily. Experimental results on ISCAS'89 benchmarks show that this method can effectively uncover Trojans which are otherwise very difficult to detect in the normal functional mode. In addition, partitioning the flip-flops of the circuit into different groups and selecting the output (Q or Q) based on input controlled ENABLE signals conceal its actual functionality beyond simple recognition thereby making it difficult for the adversary to implant Trojans.","PeriodicalId":300377,"journal":{"name":"2011 IEEE International Symposium on Hardware-Oriented Security and Trust","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125131050","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-06-05DOI: 10.1109/HST.2011.5954998
Xuehui Zhang, M. Tehranipoor
The intellectual property (IP) blocks are designed by hundreds of IP vendors distributed across the world. Such IPs cannot be assumed trusted as hardware Trojans can be maliciously inserted into them and could be used in military, financial and other critical applications. It is extremely difficult to detect Trojans in third-party IPs (3PIPs) simply with conventional verification methods as well as methods developed for detecting Trojans in fabricated ICs. This paper first discusses the difficulties to detect Trojans in 3PIPs. Then a complementary flow is presented to verify the presence of Trojans in 3PIPs by identifying suspicious signals (SS) with formal verification, coverage analysis, removing redundant circuit, sequential automatic test pattern generation (ATPG), and equivalence theorems. Experimental results, shown in the paper for detecting many Trojans inserted into RS232 circuit, demonstrate the efficiency of the flow.
{"title":"Case study: Detecting hardware Trojans in third-party digital IP cores","authors":"Xuehui Zhang, M. Tehranipoor","doi":"10.1109/HST.2011.5954998","DOIUrl":"https://doi.org/10.1109/HST.2011.5954998","url":null,"abstract":"The intellectual property (IP) blocks are designed by hundreds of IP vendors distributed across the world. Such IPs cannot be assumed trusted as hardware Trojans can be maliciously inserted into them and could be used in military, financial and other critical applications. It is extremely difficult to detect Trojans in third-party IPs (3PIPs) simply with conventional verification methods as well as methods developed for detecting Trojans in fabricated ICs. This paper first discusses the difficulties to detect Trojans in 3PIPs. Then a complementary flow is presented to verify the presence of Trojans in 3PIPs by identifying suspicious signals (SS) with formal verification, coverage analysis, removing redundant circuit, sequential automatic test pattern generation (ATPG), and equivalence theorems. Experimental results, shown in the paper for detecting many Trojans inserted into RS232 circuit, demonstrate the efficiency of the flow.","PeriodicalId":300377,"journal":{"name":"2011 IEEE International Symposium on Hardware-Oriented Security and Trust","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122632401","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-06-05DOI: 10.1109/HST.2011.5954994
L. A. Bathen, N. Dutt
Embedded system security challenges have been exacerbated by the complexity inherent in the software stack of next generation handheld devices (internet connectivity, app stores, mobile banking, etc.) and the aggressive push for multicore technology. As applications with different degrees of assurance are deployed on these multiprocessor platforms, new challenges emerge in terms of protection against software based side channel attacks and exploits such as buffer overruns. In this paper, we introduce TrustGeM: a dynamic trusted environment generation engine for chip-multiprocessors. TrustGeM's goal is to dynamically generate trusted execution environments for applications with different assurance requirements. TrustGeM exploits the concepts of application driven policy generation, performance/power-aware on-chip application sandboxing, and reliable, secure, and dynamic memory virtualization. Experimental results on an 8 Core CMP show that TrustGeM is able reduce overall system energy by an average 24% due to its memory utilization efficiency while incurring minimal performance overhead over the ideal case (an average of 5%). TrustGeM is also able to generate policies with much smaller memory requirements allowing the dynamic trusted environment generation to enforce the policies much more efficiently.
{"title":"TrustGeM: Dynamic trusted environment generation for chip-multiprocessors","authors":"L. A. Bathen, N. Dutt","doi":"10.1109/HST.2011.5954994","DOIUrl":"https://doi.org/10.1109/HST.2011.5954994","url":null,"abstract":"Embedded system security challenges have been exacerbated by the complexity inherent in the software stack of next generation handheld devices (internet connectivity, app stores, mobile banking, etc.) and the aggressive push for multicore technology. As applications with different degrees of assurance are deployed on these multiprocessor platforms, new challenges emerge in terms of protection against software based side channel attacks and exploits such as buffer overruns. In this paper, we introduce TrustGeM: a dynamic trusted environment generation engine for chip-multiprocessors. TrustGeM's goal is to dynamically generate trusted execution environments for applications with different assurance requirements. TrustGeM exploits the concepts of application driven policy generation, performance/power-aware on-chip application sandboxing, and reliable, secure, and dynamic memory virtualization. Experimental results on an 8 Core CMP show that TrustGeM is able reduce overall system energy by an average 24% due to its memory utilization efficiency while incurring minimal performance overhead over the ideal case (an average of 5%). TrustGeM is also able to generate policies with much smaller memory requirements allowing the dynamic trusted environment generation to enforce the policies much more efficiently.","PeriodicalId":300377,"journal":{"name":"2011 IEEE International Symposium on Hardware-Oriented Security and Trust","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115275863","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-06-05DOI: 10.1109/HST.2011.5954997
Dusko Karaklajic, Junfeng Fan, I. Verbauwhede
This paper proposes a systematic security evaluation of cryptographic hardware against C safe-error attacks. Using the graph representation of a design, we provide a simple and efficient method to detect possible C safe-errors. Exposing possible vulnerabilities at an early stage of a design process, this method avoids costly design re-spins and reduces time-to-market. As a proof of concept, we apply the method to two well-known exponentiation algorithms: square-and-multiply-always and the Montgomery ladder.
{"title":"Systematic security evaluation method against C safe-error attacks","authors":"Dusko Karaklajic, Junfeng Fan, I. Verbauwhede","doi":"10.1109/HST.2011.5954997","DOIUrl":"https://doi.org/10.1109/HST.2011.5954997","url":null,"abstract":"This paper proposes a systematic security evaluation of cryptographic hardware against C safe-error attacks. Using the graph representation of a design, we provide a simple and efficient method to detect possible C safe-errors. Exposing possible vulnerabilities at an early stage of a design process, this method avoids costly design re-spins and reduces time-to-market. As a proof of concept, we apply the method to two well-known exponentiation algorithms: square-and-multiply-always and the Montgomery ladder.","PeriodicalId":300377,"journal":{"name":"2011 IEEE International Symposium on Hardware-Oriented Security and Trust","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127232361","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: