bricks and tools for secure hardware implementations
play

Bricks and Tools for Secure Hardware Implementations Francesco - PowerPoint PPT Presentation

Dec 23, 2022 •26 likes •846 views

Bricks and Tools for Secure Hardware Implementations Francesco Regazzoni Francesco Regazzoni 06 June 2014, ibenik, Croatia P. 1 Why Electronic Design Automation? Surely the purpose of science is to ease human hardship Galileo,

  1. Bricks and Tools for Secure Hardware Implementations Francesco Regazzoni Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 1

  2. Why Electronic Design Automation? “Surely the purpose of science is to ease human hardship” Galileo, Bertolt Brecht Handle the complexity Time to market Design optimization From G. De Micheli, Synthesis and Optimization of Digital Circuits , McGraw-Hill Higher Education, 1994. Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 2

  3. Why Electronic Design Automation for security? Security is very often considered at later stages of design Cost and Time to Market Possible Security pitfalls EXTRA CONSTRAINT Use as much as possible “standard” EDA commodities! Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 3

  4. Outline Logic Synthesis (Secure) Design Flow for secure ISE Quick note on Software Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 4

  5. Simplified Hardware Design Flow (ASIC) Algorithm Design C, Matlab, VHDL RTL (Architecture) Design Synthesizable HDL Gate x x XOR y y Layout Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 5

  6. Let’s focus on Synthesis RTL (Architecture) Design Synthesizable HDL Logic Synthesis Gate Level x x XOR y y Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 6

  7. A bit of history Few algorithms and tools existed in the 70’s First prototype synthesis tools in the early 80’s First logic synthesis companies in the late 80’s Design Automation Conference (DAC) turned 51 years last week: happy birthday! Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 7

  8. Definitions Logic Synthesis is the manipulation of logic specifications to create logic models as an interconnection of logic primitives Logic Synthesis determines the gate level structure of a circuit From G. De Micheli, Synthesis and Optimization of Digital Circuits , McGraw-Hill Higher Education, 1994. Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 8

  9. Logic Synthesis Input and Output INPUT : HDL Description Technological Library (area, timing, power) Synthetic Library (multipliers...) Constraints OUTPUT : Gate Level Netlist Estimation of area, timing, power (!) Timing constraints Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 9

  10. Typical Logic Synthesis Steps one State Minimization two State Encoding three Combinatorial Logic Minimization four Technology Mapping Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 10

  11. Is it sufficient for Security? Paul Kocher, Joshua Jaffe, and Benjamin Jun, “ Differential Power Analysis ”, in Proceedings of Advances in Cryptology-CRYPTO’99 , Santa Barbara, California, USA, August 15-19, 1999. (Cited by 4128) Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 11

  12. Approach One INPUT : HDL Description Technological Library (area, timing, power) Synthetic Library (multipliers...) Constraints OUTPUT : DPA resistant Gate Level Netlist Estimation of area, timing, power (!) Timing constraints Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 12

  13. Approach Two INPUT : HDL Description Technological Library (area, timing, power) Synthetic Library (multipliers...) Constraints (limit the gates) OUTPUT : Gate Level Netlist “Cell Substitution” : Replace cells Reload in the tool for correct area and timing constraints K. Tiri and I. Verbauwhede, A digital design flow for secure integrated circuits , IEEE TCAD, 2006 Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 13

  14. Careful! As a example of design for security, we have focused on synthesis, and we have detailed two possible approaches for synthesis of DPA resistant circuits However Synthesis is only one step of the whole design flow Security should be considered in every steps of the of the design flow Doing DPA resistant synthesis alone is not sufficient! Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 14

  15. Outline Logic Synthesis (Secure) Design Flow for secure ISE Quick note on Software Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 15

  16. Protect PRESENT with secure hardware Lightweight block cipher 4 bit S-box addRoundKey , sBoxLayer // Calculate S-box (plaintext XOR key) int PRESENT(int plaintext, int key) { 1 int result = 0; // initialize the result 2 plaintext = plaintext ^key; // perform the xor with the key 3 result = S[plaintext]; // perform the S-box 4 return result; }; // return the result Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 16

  17. What can I do? Register File IMM. A B ISE ISE ISE ALU Memory Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 17

  18. What can I do? Register File IMM. B A ISE ISE ISE ALU Memory Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 18

  19. What can I do? Register File IMM. A B ISE ISE ISE ALU Memory Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 19

  20. What can I do? Register File IMM. A B ISE ISE ISE ALU Memory Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 20

  21. What can I do? Register File IMM. A B ISE ISE ISE ALU Memory Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 21

  22. What can I do? Register File IMM. A B ISE ISE ISE ALU Memory Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 22

  23. What can I do? Something easier? Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 23

  24. Protected / Non Protected Co-Design! Register File IMM. A B ISE ISE ISE ALU Memory Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 24

  25. Protected / Non Protected Co-Design! Register File IMM. A B ISE ISE ISE ALU Memory Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 25

  26. Protected / Non Protected Co-Design! Register File IMM. A B ISE ISE ISE ALU Memory Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 26

  27. Automatic design of DPA resistant ISE identify Partition Protect Security sensitive parts Sensitive / Sensitive Evaluation Non Sensitive Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 27

  28. Needed “Basic Blocks” identify Partition Protect Security sensitive parts Sensitive / Sensitive Evaluation Non Sensitive Generate useful power traces? Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 28

  29. Needed “Basic Blocks” identify Partition Protect Security sensitive parts Sensitive / Sensitive Evaluation Non Sensitive Generate useful power traces? Measure the DPA resistance? Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 29

  30. Needed “Basic Blocks” identify Partition Protect Security sensitive parts Sensitive / Sensitive Evaluation Non Sensitive Generate useful power traces? Measure the DPA resistance? Countermeasure and its design flow? Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 30

  31. Needed “Basic Blocks” identify Partition Protect Security sensitive parts Sensitive / Sensitive Evaluation Non Sensitive Generate useful power traces? Measure the DPA resistance? Countermeasure and its design flow? Partition the algorithm? Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 31

  32. Needed “Basic Blocks” identify Partition Protect Security sensitive parts Sensitive / Sensitive Evaluation Non Sensitive Generate useful power traces? Measure the DPA resistance? Countermeasure and its design flow? Partition the algorithm? Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 32

  33. Fast Simulation SPICE level Simulate Complex Design at SPICE level (whole processor) Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 33

  34. Fast Simulation SPICE level Simulate Complex Design at SPICE level (whole processor) Simulated about 400 traces: approximately 20 hours! Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 33

  35. Fast Simulation SPICE level Simulate Complex Design at SPICE level (whole processor) Simulated about 400 traces: approximately 20 hours! Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 33

  36. Careful! Results obtained in simulations are often very different from the ones obtained from the real silicon Check and evaluate if and to which extent simulations results are matching the real measures Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 34

  37. Needed “Basic Blocks” identify Partition Protect Security sensitive parts Sensitive / Sensitive Evaluation Non Sensitive Generate useful power traces? � Measure the DPA resistance? Countermeasure and its design flow? Partition the algorithm? Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 35

  38. Needed “Basic Blocks” identify Partition Protect Security sensitive parts Sensitive / Sensitive Evaluation Non Sensitive Generate useful power traces? � Measure the DPA resistance? Countermeasure and its design flow? Partition the algorithm? Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 36

  39. Information Theory Metric � � � H [ K | L ] = − Pr[ k ] · Pr[ x ] Pr[ l | k, x ] · log 2 Pr[ k | l, x ] dl. x k Add white noise Reduce the dimension using compression Compute the mutual information Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 37

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Threshold Implementations Svetla Nikova Threshold Implementations A provably secure

Threshold Implementations Svetla Nikova Threshold Implementations A provably secure

Threshold Implementations Svetla Nikova Threshold Implementations A provably secure countermeasure Against (first) order power analysis based on multi party computation and secret sharing 2 Outline Threshold Implementations

990 views • 58 slides
Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

SP SPACE ACE 201 2016 Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security Security: : New Front New Frontiers iers Swarup Bhunia Professor Electrical & Computer Engineering SPACE | Dec 2016 1

607 views • 29 slides
Hardware- -Based Implementations Based Implementations Hardware of Factoring Algorithms of

Hardware- -Based Implementations Based Implementations Hardware of Factoring Algorithms of

Hardware- -Based Implementations Based Implementations Hardware of Factoring Algorithms of Factoring Algorithms Factoring Large Numbers with the TWIRL Device Factoring Large Numbers with the TWIRL Device Adi Shamir, Eran Tromer Adi

469 views • 42 slides
Advanced Tools from Modern Cryptography Lecture 12 MPC: UC-secure OT UC-Secure OT UC-secure

Advanced Tools from Modern Cryptography Lecture 12 MPC: UC-secure OT UC-Secure OT UC-secure

Advanced Tools from Modern Cryptography Lecture 12 MPC: UC-secure OT UC-Secure OT UC-secure OT is impossible (even against PPT adversaries) in the plain model (i.e., without the help of another functionality) But possible from simple

527 views • 16 slides
Resource Allocation for Hardware Implementations of Map Richard Townsend Martha A. Kim Stephen

Resource Allocation for Hardware Implementations of Map Richard Townsend Martha A. Kim Stephen

Resource Allocation for Hardware Implementations of Map Richard Townsend Martha A. Kim Stephen A. Edwards Columbia University ASBD Workshop, June 15, 2014 Functional Programs to Functional Hardware Functional program (Haskell) Compiler

779 views • 51 slides
THE STATE-OF-THE-ART OF HARDWARE IMPLEMENTATIONS OF ELLIPTIC CURVE CRYPTOGRAPHY Kimmo Jrvinen

THE STATE-OF-THE-ART OF HARDWARE IMPLEMENTATIONS OF ELLIPTIC CURVE CRYPTOGRAPHY Kimmo Jrvinen

THE STATE-OF-THE-ART OF HARDWARE IMPLEMENTATIONS OF ELLIPTIC CURVE CRYPTOGRAPHY Kimmo Jrvinen Department of Computer Science University of Helsinki kimmo.u.jarvinen@helsinki.fi ECRYPT-CSA Workshop on Hardware Benchmarking Bochum, Germany,

840 views • 58 slides
ISA Implementations Partly in Run programs for one ISA on hardware with different ISA Techniques:

ISA Implementations Partly in Run programs for one ISA on hardware with different ISA Techniques:

ISA Implementations Partly in Run programs for one ISA on hardware with different ISA Techniques: Software Emulation OS software interprets instructions at run-time E.g., OS for PowerPC Macs had emulator for 68000 code Run-time

358 views • 5 slides
Practical Secure Two-Party Computation and Applications Lecture 4: Hardware-Assisted

Practical Secure Two-Party Computation and Applications Lecture 4: Hardware-Assisted

Practical Secure Two-Party Computation and Applications Lecture 4: Hardware-Assisted Cryptographic Protocols Estonian Winter School in Computer Science 2016 Motivation 2 Two Areas Cryptographic Protocols Secure Hardware strong security

759 views • 52 slides
Hardware Implementations of Fixed-Point Atan2 Florent de Dinechin Matei I stoan Universit

Hardware Implementations of Fixed-Point Atan2 Florent de Dinechin Matei I stoan Universit

Hardware Implementations of Fixed-Point Atan2 Hardware Implementations of Fixed-Point Atan2 Florent de Dinechin Matei I stoan Universit e de Lyon, INRIA, INSA-Lyon, CITI-Lab ARITH22 Florent de Dinechin, Matei I stoan Hardware

582 views • 44 slides
Secure Hardware HOW CAN WE PROTECT OUR HARDWARE ??? HOW CAN OUR HARDWARE PROTECT ITSELF ??? 1

Secure Hardware HOW CAN WE PROTECT OUR HARDWARE ??? HOW CAN OUR HARDWARE PROTECT ITSELF ??? 1

Secure Hardware HOW CAN WE PROTECT OUR HARDWARE ??? HOW CAN OUR HARDWARE PROTECT ITSELF ??? 1 OReilly 2 Trusted or Trustworthy? An object is trusted if and only if it operates as expected An object is trustworthy if and only if it is

707 views • 45 slides
Introduction to Computer Arithmetic for Efficient Hardware Implementations Arnaud Tisserand

Introduction to Computer Arithmetic for Efficient Hardware Implementations Arnaud Tisserand

Introduction to Computer Arithmetic for Efficient Hardware Implementations Arnaud Tisserand CNRS, Lab-STICC CEA-SPEC Seminar, Nov. 2019 -- Babylonian Arithmetic Use of a positional number system with: primary radix 60 auxiliary radix

1.46k views • 108 slides
VerMI & VerFI Verification Tools for Masked Implementations Svetla Nikova, Victor Arribas

VerMI & VerFI Verification Tools for Masked Implementations Svetla Nikova, Victor Arribas

VerMI & VerFI Verification Tools for Masked Implementations Svetla Nikova, Victor Arribas COSIC, KULeuven Joint work with Vincent Rijmen (KU Leuven), Felix Wegener, Amir Moradi (RU Bochum) 1 Verification Tools Why do we need

782 views • 50 slides
SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna Ors Yal cn Istanbul Technical University Department of Electronics and Communication Engineering Introduction A side-channel analysis attack

1.81k views • 99 slides
Block Ciphers Implementations Provably Secure Against Second Order Side Channel Analysis Matthieu

Block Ciphers Implementations Provably Secure Against Second Order Side Channel Analysis Matthieu

8 + Block Ciphers Implementations Provably Secure Against Second Order Side Channel Analysis Matthieu Rivain 1 , 2 , Emmanuelle Dottax 1 & Emmanuel Prouff 1 Oberthur Card Systems University of Luxembourg February 11, 2008 M. Rivain, E.

812 views • 64 slides
The IBM 4758 Secure Cryptographic Coprocessor Hardware Architecture and Physical Security Steve

The IBM 4758 Secure Cryptographic Coprocessor Hardware Architecture and Physical Security Steve

The IBM 4758 Secure Cryptographic Coprocessor Hardware Architecture and Physical Security Steve Weingart Senior Engineer (561) 392 6100 c1shw@us.ibm.com Secure Systems and Smart Cards IBM T.J. Watson Research Center Hawthorne, NY 4758 PCI

386 views • 11 slides
Secure Implementations for Typed Session Abstractions Ricardo Corin, Pierre-Malo Denilou,

Secure Implementations for Typed Session Abstractions Ricardo Corin, Pierre-Malo Denilou,

Secure Implementations for Typed Session Abstractions Ricardo Corin, Pierre-Malo Denilou, Cdric Fournet, Karthik Bhargavan, James Leifer INRIA Microsoft Research Joint Centre http://www.msr-inria.inria.fr/projects/sec/sessions/

584 views • 21 slides
MSc Advanced Computing, MSc Computing (Spec.) Comp. 4th year, ISE 4th year & JMC 4th year 480

MSc Advanced Computing, MSc Computing (Spec.) Comp. 4th year, ISE 4th year & JMC 4th year 480

Imperial College London - Department of Computing MSc Advanced Computing, MSc Computing (Spec.) Comp. 4th year, ISE 4th year & JMC 4th year 480 AUTOMATED REASONING CBC Otter Practice (Assessed) Issued: 30 October 2012 Due: 12 November 2011

202 views • 4 slides
The Independent Stream an Introduction Nevil Brownlee Independent Submissions Editor IETF

The Independent Stream an Introduction Nevil Brownlee Independent Submissions Editor IETF

The Independent Stream an Introduction Nevil Brownlee Independent Submissions Editor IETF 98, 26 March 2017 All about the Independent Stream (InSt) History The InSt and its Editor (ISE) Relevant RFCs: 4846 and 6548 What does

498 views • 28 slides
Theory of Parallel Evolutionary Algorithms Dirk Sudholt University of Sheffield, UK Based on

Theory of Parallel Evolutionary Algorithms Dirk Sudholt University of Sheffield, UK Based on

Introduction Independent Runs Royal Road Parallel Times Combinatorial Optimisation Adaptive Schemes Outlook & Conclusions Theory of Parallel Evolutionary Algorithms Dirk Sudholt University of Sheffield, UK Based on joint work with J

806 views • 79 slides
Technology Platform Segmentation

Technology Platform Segmentation

HOW TECHNOLOGY R&D LEADERSHIP BRINGS A COMPETITIVE ADVANTAGE FOR MULTIMEDIA CONVERGENCE

379 views • 14 slides
Towards the Automatic Applications of Side Channel Countermeasures Francesco Regazzoni Francesco

Towards the Automatic Applications of Side Channel Countermeasures Francesco Regazzoni Francesco

Towards the Automatic Applications of Side Channel Countermeasures Francesco Regazzoni Francesco Regazzoni 23 October 2015, Chia, Italy P. 1 Contents 1 Motivations 2 DPA Resistant Synthesis 3 DPA Resistant Place and Route 4 DPA

1.01k views • 55 slides
Lecture 20/Chapter 17 Certainty effect: people feel better about a reduction of risk to 0 than

Lecture 20/Chapter 17 Certainty effect: people feel better about a reduction of risk to 0 than

Psychological Influences on Risk Perception Lecture 20/Chapter 17 Certainty effect: people feel better about a reduction of risk to 0 than they do about a reduction of risk by the same Psychological Influences on Personal amount to a risk

482 views • 6 slides
The Kiev Experiment Evolving Agile Partnerships Who are we? Simon Ogle Alexander

The Kiev Experiment Evolving Agile Partnerships Who are we? Simon Ogle Alexander

The Kiev Experiment Evolving Agile Partnerships Who are we? Simon Ogle Alexander Kikhtenko Peter Thomas Where did we start? Existing monolithic mainframe application Quarterly deliveries 6 week testing cycles

676 views • 48 slides
The evolution and interaction of two shock-accelerated, unstable gas cylinders Chris Tomkins,

The evolution and interaction of two shock-accelerated, unstable gas cylinders Chris Tomkins,

The evolution and interaction of two shock-accelerated, unstable gas cylinders Chris Tomkins, Kathy Prestridge, Paul Rightley, Mark Marr-Lyon, Robert Benjamin Summer students: James Doyle and Michael Schneider Dynamic Experimentation Division,

212 views • 18 slides

More recommend