Pub Date : 2010-06-13DOI: 10.1109/HST.2010.5513112
E. Menendez, K. Mai
Power analysis attacks are a common and effective method of defeating cryptographic systems. Many power-analysis-resistant digital circuit techniques have been previously proposed, leaving the circuit designer a myriad of choices without a simple way to compare and contrast the strengths and weaknesses of each technique. In this paper, we compare four promising power-analysis-resistant digital logic styles against a standard CMOS baseline. By comparing these techniques side by side in a consistent manner we present a clearer picture of the advantages and drawbacks of each. Results are presented for logic gate area, energy consumption, and power-analysis resistance. We also present a novel test structure suitable for measuring power-analysis resistance of individual logic gates in actual silicon.
{"title":"A comparison of power-analysis-resistant digital circuits","authors":"E. Menendez, K. Mai","doi":"10.1109/HST.2010.5513112","DOIUrl":"https://doi.org/10.1109/HST.2010.5513112","url":null,"abstract":"Power analysis attacks are a common and effective method of defeating cryptographic systems. Many power-analysis-resistant digital circuit techniques have been previously proposed, leaving the circuit designer a myriad of choices without a simple way to compare and contrast the strengths and weaknesses of each technique. In this paper, we compare four promising power-analysis-resistant digital logic styles against a standard CMOS baseline. By comparing these techniques side by side in a consistent manner we present a clearer picture of the advantages and drawbacks of each. Results are presented for logic gate area, energy consumption, and power-analysis resistance. We also present a novel test structure suitable for measuring power-analysis resistance of individual logic gates in actual silicon.","PeriodicalId":6367,"journal":{"name":"2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST)","volume":"54 1","pages":"64-69"},"PeriodicalIF":0.0,"publicationDate":"2010-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78674734","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-06-13DOI: 10.1109/HST.2010.5513101
Craig Teegarden, M. Bhargava, K. Mai
In the AES algorithm, the Substitution Box (S-Box) often dominates the area and delay of implementations. The S-Box performs a byte-wise substitution on the data based on an established code book, and most AES algorithm implementations use a large complex logic block consisting mainly of XORs to implement the S-Box. Direct implementation of the S-Box with a look-up table (LUT) has been eschewed due to difficulty in pipelining the structure, hence restricting the throughput. However, we present a custom ROM-based S-Box implementation that can achieve comparable throughput to logic-based implementations, yet is smaller in both area and power. Additionally, the symmetrical nature of the ROM is well suited towards achieving data-independent power dissipation, which is key in defending against power analysis side-channel attacks. We present both power-analysis hardened and unhardened ROM-based S-Box designs which significantly outperform logic-based designs in area, power, performance, and power-analysis resistance.
{"title":"Side-channel attack resistant ROM-based AES S-Box","authors":"Craig Teegarden, M. Bhargava, K. Mai","doi":"10.1109/HST.2010.5513101","DOIUrl":"https://doi.org/10.1109/HST.2010.5513101","url":null,"abstract":"In the AES algorithm, the Substitution Box (S-Box) often dominates the area and delay of implementations. The S-Box performs a byte-wise substitution on the data based on an established code book, and most AES algorithm implementations use a large complex logic block consisting mainly of XORs to implement the S-Box. Direct implementation of the S-Box with a look-up table (LUT) has been eschewed due to difficulty in pipelining the structure, hence restricting the throughput. However, we present a custom ROM-based S-Box implementation that can achieve comparable throughput to logic-based implementations, yet is smaller in both area and power. Additionally, the symmetrical nature of the ROM is well suited towards achieving data-independent power dissipation, which is key in defending against power analysis side-channel attacks. We present both power-analysis hardened and unhardened ROM-based S-Box designs which significantly outperform logic-based designs in area, power, performance, and power-analysis resistance.","PeriodicalId":6367,"journal":{"name":"2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST)","volume":"55 1","pages":"124-129"},"PeriodicalIF":0.0,"publicationDate":"2010-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74586914","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-06-13DOI: 10.1109/HST.2010.5513121
Alessandro Barenghi, G. Bertoni, L. Breveglieri, M. Pellicioli, Gerardo Pelosi
This paper presents a new fault based attack on the Advanced Encryption Standard (AES) with any key length, together with its practical validation through the use of low voltage induced faults. The CPU running the attacked algorithm is the ARM926EJ-S: a 32-bit processor widely deployed in computer peripherals, telecommunication appliances and low power portable devices. We prove the practical feasibility of this attack through inducing faults in the computation of the AES algorithm running on a full fledged Linux 2.6 operating system targeted to two implementations of the ARM926EJ-S on commercial development boards.
{"title":"Low voltage fault attacks to AES","authors":"Alessandro Barenghi, G. Bertoni, L. Breveglieri, M. Pellicioli, Gerardo Pelosi","doi":"10.1109/HST.2010.5513121","DOIUrl":"https://doi.org/10.1109/HST.2010.5513121","url":null,"abstract":"This paper presents a new fault based attack on the Advanced Encryption Standard (AES) with any key length, together with its practical validation through the use of low voltage induced faults. The CPU running the attacked algorithm is the ARM926EJ-S: a 32-bit processor widely deployed in computer peripherals, telecommunication appliances and low power portable devices. We prove the practical feasibility of this attack through inducing faults in the computation of the AES algorithm running on a full fledged Linux 2.6 operating system targeted to two implementations of the ARM926EJ-S on commercial development boards.","PeriodicalId":6367,"journal":{"name":"2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST)","volume":"143 1","pages":"7-12"},"PeriodicalIF":0.0,"publicationDate":"2010-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77570684","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-06-13DOI: 10.1109/HST.2010.5513099
Vikram B. Suresh, W. Burleson
True Random Number Generators (TRNG) implemented in deep sub micron (DSM) technologies become biased in bit generation due to process variations and fluctuations in operating conditions. A variety of mechanisms ranging from analog and digital circuit techniques to algorithmic post-processing can be employed to remove bias. In this work we compare the effectiveness of digital post-processing using the XOR function and Von Neumann Corrector with circuit calibration technique for a meta-stability based reference TRNG design. The energy consumption per bit is used as the metric for comparison of the different techniques. The results indicate that the calibration technique is effective for 12% larger process variation than the XOR function and extracts entropy comparable to the Von Neumann Corrector at 56% lesser energy/bit. The analysis thereby demonstrates that circuit calibration provides an efficient tradeoff between entropy and energy/bit for removing bias in lightweight TRNG.
{"title":"Entropy extraction in metastability-based TRNG","authors":"Vikram B. Suresh, W. Burleson","doi":"10.1109/HST.2010.5513099","DOIUrl":"https://doi.org/10.1109/HST.2010.5513099","url":null,"abstract":"True Random Number Generators (TRNG) implemented in deep sub micron (DSM) technologies become biased in bit generation due to process variations and fluctuations in operating conditions. A variety of mechanisms ranging from analog and digital circuit techniques to algorithmic post-processing can be employed to remove bias. In this work we compare the effectiveness of digital post-processing using the XOR function and Von Neumann Corrector with circuit calibration technique for a meta-stability based reference TRNG design. The energy consumption per bit is used as the metric for comparison of the different techniques. The results indicate that the calibration technique is effective for 12% larger process variation than the XOR function and extracts entropy comparable to the Von Neumann Corrector at 56% lesser energy/bit. The analysis thereby demonstrates that circuit calibration provides an efficient tradeoff between entropy and energy/bit for removing bias in lightweight TRNG.","PeriodicalId":6367,"journal":{"name":"2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST)","volume":"15 1","pages":"135-140"},"PeriodicalIF":0.0,"publicationDate":"2010-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86014307","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-01-01DOI: 10.13109/9783666101458.front
M. Kneževi
Hardware security relies on the difficulty of reverse engineering to protect critical information. While virtually anything can be reverse engineered given enough time and money, the question usually is: “is it worth it?” The intellectual property industry uses reverse engineering to drive innovation, to protect patented inventions, and to enforce copyright and trade secret rights. Intellectual property transactions, licensing, and litigation, relies on technical information to drive the patent assertion and monetization process. Others use reverse engineering for more nefarious purposes. The cost and potential benefit of a reverse engineering approach must be considered before embarking on a complex project. The continuous scaling of the complexity and level of integration of semiconductor devices and systems presents major challenges to the analysis of the technological principles of a system. Hardware encryption and software embedded in integrated circuits, together with hardware and software obfuscation techniques add additional layers of difficulty to the analysis. Today, very sophisticated techniques are used to analyze the function, structure and operation of integrated circuits and systems. This presentation gives examples of state-of-the-art reverse engineering techniques for hardware and software system analysis, transistor level-to-schematic circuit extraction, and semiconductor fabrication process analysis. The presentation concludes with a discussion of some of the best practices in system design that can be used to create substantial barriers to the success of a reverse engineering attack. Biography Dr. Adams joined TAEUS International Corporation in 1993. He has over thirty years experience in managing the definition, development, and transfer of new products and technologies. Dr. Adams has held senior engineering and management positions with Sandia National Laboratories, INMOS, Monolithic Memories, United Technologies, and TAEUS, and has served as an expert witness in copyright, trade secret, and patent infringement cases. His expertise includes strategic planning and program management, patent evaluation and analysis, forensic engineering, process integration, device physics, microelectronic reliability and failure analysis, electronic materials, semiconductor memories and microprocessors, software, management of quality, and radiation effects in microelectronics. Dr. Adams holds three patents in integrated circuit technology. He is listed in Who’s Who in Technology Today, 1984–1995 and has received the TOBIE Award for most significant R&D
硬件安全依赖于逆向工程的难度来保护关键信息。虽然只要有足够的时间和金钱,几乎任何东西都可以逆向工程,但问题通常是:“值得吗?”知识产权行业使用逆向工程来推动创新,保护专利发明,并执行版权和商业秘密权利。知识产权交易、许可和诉讼依赖于技术信息来推动专利主张和货币化过程。其他人则将逆向工程用于更邪恶的目的。在开始一个复杂的项目之前,必须考虑逆向工程方法的成本和潜在收益。半导体器件和系统的复杂性和集成水平的不断扩大对系统技术原理的分析提出了重大挑战。集成电路中嵌入的硬件加密和软件,以及硬件和软件混淆技术为分析增加了额外的难度。今天,非常复杂的技术被用来分析集成电路和系统的功能、结构和操作。本报告给出了最先进的逆向工程技术的例子,用于硬件和软件系统分析,晶体管电平到原理图电路提取,以及半导体制造过程分析。报告最后讨论了系统设计中的一些最佳实践,这些实践可用于为成功的反向工程攻击创建实质性的障碍。亚当斯博士于1993年加入TAEUS International Corporation。他在管理新产品和技术的定义、开发和转让方面拥有30多年的经验。他曾在Sandia National Laboratories、INMOS、Monolithic Memories、United Technologies和TAEUS担任高级工程和管理职位,并曾在版权、商业秘密和专利侵权案件中担任专家证人。他的专长包括战略规划和项目管理、专利评估和分析、法医工程、过程集成、设备物理、微电子可靠性和故障分析、电子材料、半导体存储器和微处理器、软件、质量管理和微电子辐射效应。他持有三项集成电路技术专利。他被列入1984-1995年《今日科技名人录》,并因最重要的研发而获得TOBIE奖
{"title":"Title pages","authors":"M. Kneževi","doi":"10.13109/9783666101458.front","DOIUrl":"https://doi.org/10.13109/9783666101458.front","url":null,"abstract":"Hardware security relies on the difficulty of reverse engineering to protect critical information. While virtually anything can be reverse engineered given enough time and money, the question usually is: “is it worth it?” The intellectual property industry uses reverse engineering to drive innovation, to protect patented inventions, and to enforce copyright and trade secret rights. Intellectual property transactions, licensing, and litigation, relies on technical information to drive the patent assertion and monetization process. Others use reverse engineering for more nefarious purposes. The cost and potential benefit of a reverse engineering approach must be considered before embarking on a complex project. The continuous scaling of the complexity and level of integration of semiconductor devices and systems presents major challenges to the analysis of the technological principles of a system. Hardware encryption and software embedded in integrated circuits, together with hardware and software obfuscation techniques add additional layers of difficulty to the analysis. Today, very sophisticated techniques are used to analyze the function, structure and operation of integrated circuits and systems. This presentation gives examples of state-of-the-art reverse engineering techniques for hardware and software system analysis, transistor level-to-schematic circuit extraction, and semiconductor fabrication process analysis. The presentation concludes with a discussion of some of the best practices in system design that can be used to create substantial barriers to the success of a reverse engineering attack. Biography Dr. Adams joined TAEUS International Corporation in 1993. He has over thirty years experience in managing the definition, development, and transfer of new products and technologies. Dr. Adams has held senior engineering and management positions with Sandia National Laboratories, INMOS, Monolithic Memories, United Technologies, and TAEUS, and has served as an expert witness in copyright, trade secret, and patent infringement cases. His expertise includes strategic planning and program management, patent evaluation and analysis, forensic engineering, process integration, device physics, microelectronic reliability and failure analysis, electronic materials, semiconductor memories and microprocessors, software, management of quality, and radiation effects in microelectronics. Dr. Adams holds three patents in integrated circuit technology. He is listed in Who’s Who in Technology Today, 1984–1995 and has received the TOBIE Award for most significant R&D","PeriodicalId":6367,"journal":{"name":"2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST)","volume":"59 1","pages":"i-xii"},"PeriodicalIF":0.0,"publicationDate":"2010-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91139057","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}