Bricks and Tools for Secure Hardware Implementations Francesco - - PowerPoint PPT Presentation

Bricks and Tools for Secure Hardware Implementations Francesco Regazzoni

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 1

Why Electronic Design Automation?

“Surely the purpose of science is to ease human hardship”

Galileo, Bertolt Brecht

Handle the complexity Time to market Design optimization

From G. De Micheli, Synthesis and Optimization of Digital Circuits, McGraw-Hill Higher Education, 1994.

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 2

Why Electronic Design Automation for security? Security is very often considered at later stages

• f design

Cost and Time to Market Possible Security pitfalls

EXTRA CONSTRAINT

Use as much as possible “standard” EDA commodities!

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 3

Outline

Logic Synthesis (Secure) Design Flow for secure ISE Quick note on Software

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 4

Simplified Hardware Design Flow (ASIC)

Algorithm Design C, Matlab, VHDL RTL (Architecture) Design Synthesizable HDL Gate

x y x XOR y

Layout

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 5

Let’s focus on Synthesis

RTL (Architecture) Design Synthesizable HDL Logic Synthesis Gate Level

x y x XOR y

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 6

A bit of history Few algorithms and tools existed in the 70’s First prototype synthesis tools in the early 80’s First logic synthesis companies in the late 80’s

Design Automation Conference (DAC) turned 51 years last week: happy birthday!

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 7

Definitions Logic Synthesis is the manipulation of logic specifications to create logic models as an interconnection of logic primitives Logic Synthesis determines the gate level structure of a circuit

From G. De Micheli, Synthesis and Optimization of Digital Circuits, McGraw-Hill Higher Education, 1994.

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 8

Logic Synthesis Input and Output INPUT: HDL Description Technological Library (area, timing, power) Synthetic Library (multipliers...) Constraints OUTPUT: Gate Level Netlist Estimation of area, timing, power (!) Timing constraints

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 9

Typical Logic Synthesis Steps

• ne

State Minimization two State Encoding three Combinatorial Logic Minimization four Technology Mapping

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 10

Is it sufficient for Security? Paul Kocher, Joshua Jaffe, and Benjamin Jun, “Differential Power Analysis”, in Proceedings of Advances in Cryptology-CRYPTO’99, Santa Barbara, California, USA, August 15-19, 1999. (Cited by 4128)

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 11

Approach One INPUT: HDL Description Technological Library (area, timing, power) Synthetic Library (multipliers...) Constraints OUTPUT: DPA resistant Gate Level Netlist Estimation of area, timing, power (!) Timing constraints

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 12

Approach Two

INPUT: HDL Description Technological Library (area, timing, power) Synthetic Library (multipliers...) Constraints (limit the gates) OUTPUT: Gate Level Netlist “Cell Substitution”: Replace cells Reload in the tool for correct area and timing constraints

• K. Tiri and I. Verbauwhede, A digital design flow for secure integrated circuits, IEEE TCAD,

2006

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 13

Careful! As a example of design for security, we have focused

• n synthesis, and we have detailed two possible

approaches for synthesis of DPA resistant circuits However Synthesis is only one step of the whole design flow Security should be considered in every steps of the of the design flow Doing DPA resistant synthesis alone is not sufficient!

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 14

Outline

Logic Synthesis (Secure) Design Flow for secure ISE Quick note on Software

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 15

Protect PRESENT with secure hardware Lightweight block cipher 4 bit S-box addRoundKey, sBoxLayer

// Calculate S-box (plaintext XOR key) int PRESENT(int plaintext, int key) {

1 int result = 0; // initialize the result 2 plaintext = plaintext ^key; // perform the xor with the key 3 result = S[plaintext]; // perform the S-box 4 return result; }; // return the result

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 16

What can I do?

ALU ISE A B Memory Register File ISE ISE IMM.

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 17

What can I do?

ALU ISE A B Memory Register File ISE ISE IMM.

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 18

What can I do?

ALU ISE A B Memory Register File ISE ISE IMM.

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 19

What can I do?

ALU ISE A B Memory Register File ISE ISE IMM.

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 20

What can I do?

ALU ISE A B Memory Register File ISE ISE IMM.

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 21

What can I do?

ALU ISE A B Memory Register File ISE ISE IMM.

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 22

What can I do? Something easier?

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 23

Protected / Non Protected Co-Design!

ALU A B Memory Register File ISE ISE IMM. ISE

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 24

Protected / Non Protected Co-Design!

B ALU ISE A Memory Register File ISE ISE IMM.

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 25

Protected / Non Protected Co-Design!

B ALU ISE A Memory Register File ISE ISE IMM.

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 26

Automatic design of DPA resistant ISE

identify sensitive parts Partition Sensitive / Non Sensitive Protect Sensitive Security Evaluation

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 27

Needed “Basic Blocks”

identify sensitive parts Partition Sensitive / Non Sensitive Protect Sensitive Security Evaluation

Generate useful power traces?

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 28

Needed “Basic Blocks”

identify sensitive parts Partition Sensitive / Non Sensitive Protect Sensitive Security Evaluation

Generate useful power traces? Measure the DPA resistance?

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 29

Needed “Basic Blocks”

identify sensitive parts Partition Sensitive / Non Sensitive Protect Sensitive Security Evaluation

Generate useful power traces? Measure the DPA resistance? Countermeasure and its design flow?

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 30

Needed “Basic Blocks”

identify sensitive parts Partition Sensitive / Non Sensitive Protect Sensitive Security Evaluation

Generate useful power traces? Measure the DPA resistance? Countermeasure and its design flow? Partition the algorithm?

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 31

Needed “Basic Blocks”

identify sensitive parts Partition Sensitive / Non Sensitive Protect Sensitive Security Evaluation

Generate useful power traces? Measure the DPA resistance? Countermeasure and its design flow? Partition the algorithm?

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 32

Fast Simulation SPICE level

Simulate Complex Design at SPICE level (whole processor)

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 33

Fast Simulation SPICE level

Simulate Complex Design at SPICE level (whole processor) Simulated about 400 traces: approximately 20 hours!

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 33

Fast Simulation SPICE level

Simulate Complex Design at SPICE level (whole processor) Simulated about 400 traces: approximately 20 hours!

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 33

Careful! Results obtained in simulations are often very different from the ones obtained from the real silicon Check and evaluate if and to which extent simulations results are matching the real measures

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 34

Needed “Basic Blocks”

identify sensitive parts Partition Sensitive / Non Sensitive Protect Sensitive Security Evaluation

Generate useful power traces? Measure the DPA resistance? Countermeasure and its design flow? Partition the algorithm?

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 35

Needed “Basic Blocks”

identify sensitive parts Partition Sensitive / Non Sensitive Protect Sensitive Security Evaluation

Generate useful power traces? Measure the DPA resistance? Countermeasure and its design flow? Partition the algorithm?

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 36

Information Theory Metric

H[K|L] = −

• k

Pr[k] ·

• x

Pr[x]

• Pr[l|k, x] · log2 Pr[k|l, x] dl.

Add white noise Reduce the dimension using compression Compute the mutual information

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 37

Needed “Basic Blocks”

identify sensitive parts Partition Sensitive / Non Sensitive Protect Sensitive Security Evaluation

Generate useful power traces? Measure the DPA resistance? Countermeasure and its design flow? Partition the algorithm?

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 38

Needed “Basic Blocks”

identify sensitive parts Partition Sensitive / Non Sensitive Protect Sensitive Security Evaluation

Generate useful power traces? Measure the DPA resistance? Countermeasure and its design flow? Partition the algorithm?

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 39

Protected Logic styles WDDL iMDPL MCML ...

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 40

Needed “Basic Blocks”

identify sensitive parts Partition Sensitive / Non Sensitive Protect Sensitive Security Evaluation

Generate useful power traces? Measure the DPA resistance? Countermeasure and its design flow? Partition the algorithm?

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 41

Needed “Basic Blocks”

identify sensitive parts Partition Sensitive / Non Sensitive Protect Sensitive Security Evaluation

Generate useful power traces? Measure the DPA resistance? Countermeasure and its design flow? Partition the algorithm?

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 42

Algorithm partitioning tool

ALU ISE A B Memory Register File ISE ISE IMM.

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 43

Algorithm partitioning tool

ALU A B Memory Register File ISE ISE IMM. ISE

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 44

Algorithm partitioning tool

B ALU ISE A Memory Register File ISE ISE IMM.

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 45

Algorithm partitioning tool

B ALU ISE A Memory Register File ISE ISE IMM.

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 46

Needed “Basic Blocks”

identify sensitive parts Partition Sensitive / Non Sensitive Protect Sensitive Security Evaluation

Generate useful power traces? Measure the DPA resistance? Countermeasure and its design flow? Partition the algorithm?

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 47

The CMOS Design Flow

processor HDL code ISE HDL code Protected Library crypto.c software CMOS Library

0101001. 1100001. 1100001. 0101001.

Security Evaluaton ISE Extractor Protected Synth and P&R CMOS Synth and P&R crypto_ISE.c SPICE level simulation Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 48

The Processor Customization

processor HDL code ISE HDL code Protected Library crypto.c software CMOS Library

0101001. 1100001. 1100001. 0101001.

Security Evaluaton ISE Extractor Protected Synth and P&R CMOS Synth and P&R crypto_ISE.c SPICE level simulation Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 49

The Protected Design Flow

processor HDL code ISE HDL code Protected Library crypto.c software CMOS Library

0101001. 1100001. 1100001. 0101001.

Security Evaluaton ISE Extractor Protected Synth and P&R CMOS Synth and P&R crypto_ISE.c SPICE level simulation Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 50

The Hybrid Design Flow

processor HDL code ISE HDL code Protected Library crypto.c software CMOS Library

0101001. 1100001. 1100001. 0101001.

Security Evaluaton ISE Extractor Protected Synth and P&R CMOS Synth and P&R crypto_ISE.c SPICE level simulation Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 51

The Simulation Environment

processor HDL code ISE HDL code Protected Library crypto.c software CMOS Library

0101001. 1100001. 1100001. 0101001.

Security Evaluaton ISE Extractor Protected Synth and P&R CMOS Synth and P&R crypto_ISE.c SPICE level simulation Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 52

The Design Evaluation

processor HDL code ISE HDL code Protected Library crypto.c software CMOS Library

0101001. 1100001. 1100001. 0101001.

Security Evaluaton ISE Extractor Protected Synth and P&R CMOS Synth and P&R crypto_ISE.c SPICE level simulation Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 53

Partitioning of the PRESENT algorithm S-box

sbox result

Plain Text key Plain Text key

sbox result

Plain Text key

sbox result

Plain Text key

sbox result

Plain Text key

sbox result

full ISE XOR + S-box ISE S-box ISE XOR ISE Full CMOS

protected logic non protected logic Legend Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 54

Example of ISE and its Source Code

// Calculate S-box (plaintext XOR key) int PRESENT(int plaintext, int key) {

1 int result = 0; // initialize the result 2 plaintext = plaintext ^key; // perform the xor with the key 3 result = S[plaintext]; // perform the S-box 4 return result; }; // return the result SBOX (std-cell)

MCML-CMOS converter key-reg CMOS -MCML converter 4 4 4 4

XOR+S-box ISE

// Calculate S-box (plaintext XOR key) int PRESENT_XOR+S-box-ISE(int plaintex) {

1 int result = 0; // initialize the result

// instantiate the new instruction s-box(pt ^key)

2 Instr_1(plaintex, result); 3 return result; }; // return the result

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 55

Example of ISE and its Source Code

// Calculate S-box (plaintext XOR key) int PRESENT(int plaintext, int key) {

1 int result = 0; // initialize the result 2 plaintext = plaintext ^key; // perform the xor with the key 3 result = S[plaintext]; // perform the S-box 4 return result; }; // return the result

SBOX (std-cell) converter key-reg converter

4 4 4 4

XOR+S-box ISE

// Calculate S-box (plaintext XOR key) int PRESENT_XOR+S-box-ISE(int plaintex) {

1 int result = 0; // initialize the result

// instantiate the new instruction s-box(pt ^key)

2 Instr_1(plaintex, result); 3 return result; }; // return the result

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 56

Security Evaluation

10

• 6

10

• 5

10

• 4

10

• 3

10

• 2

10

• 1

10 10

1

0.5 1 1.5 2 2.5 3 3.5 4

noise standard deviation mutual information [bit] full CMOS XOR ISE S-box ISE XOR + S-box ISE full ISE

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 57

Security Evaluation

10

• 6

10

• 5

10

• 4

10

• 3

10

• 2

10

• 1

10 10

1

0.5 1 1.5 2 2.5 3 3.5 4

noise standard deviation mutual information [bit]

Treshold

full CMOS XOR ISE S-box ISE XOR + S-box ISE full ISE

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 58

Total Time for experiments

PC Features: CPU: Intel(R) Core(TM)2 Quad CPU Q6700 GHz 2.6 Memory: 4 GB Example program 470 clock cycles (boot+cipher) SPICE Level Simulation (Synopsys Nanosim resolution: 1ps): Total simulated time 4700ns Total simulation time more or less 20 minutes 2.8s per clock cycle (full processor simulation core+ISE) Security Evaluation 4 hours per partitioning Full case study Worst case: 15 days on a single PC Parallelizable! Actual experiment: 2 days on 8 PCs

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 59

Outline

Logic Synthesis (Secure) Design Flow for secure ISE Quick note on Software

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 60

Needed “Basic Blocks”

identify sensitive parts Partition Sensitive / Non Sensitive Protect Sensitive Security Evaluation

Generate useful power traces? Measure the DPA resistance? Countermeasure and its design flow? Partition the algorithm?

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 61

Real Measures on Microcontroller No need to simulate or emulate Power traces are obtained directly by measuring with an oscilloscope the software running on the microcontroller

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 62

Needed “Basic Blocks”

identify sensitive parts Partition Sensitive / Non Sensitive Protect Sensitive Security Evaluation

Generate useful power traces? Measure the DPA resistance? Countermeasure and its design flow? Partition the algorithm?

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 63

Needed “Basic Blocks”

identify sensitive parts Partition Sensitive / Non Sensitive Protect Sensitive Security Evaluation

Generate useful power traces? Measure the DPA resistance? Countermeasure and its design flow? Partition the algorithm?

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 64

Metric Same as before.... Applied instruction by instruction!

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 65

Needed “Basic Blocks”

identify sensitive parts Partition Sensitive / Non Sensitive Protect Sensitive Security Evaluation

Generate useful power traces? Measure the DPA resistance? Countermeasure and its design flow? Partition the algorithm?

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 66

Needed “Basic Blocks”

identify sensitive parts Partition Sensitive / Non Sensitive Protect Sensitive Security Evaluation

Generate useful power traces? Measure the DPA resistance? Countermeasure and its design flow? Partition the algorithm?

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 67

Code Transformation

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 68

Needed “Basic Blocks”

identify sensitive parts Partition Sensitive / Non Sensitive Protect Sensitive Security Evaluation

Generate useful power traces? Measure the DPA resistance? Countermeasure and its design flow? Partition the algorithm?

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 69

Needed “Basic Blocks”

identify sensitive parts Partition Sensitive / Non Sensitive Protect Sensitive Security Evaluation

Generate useful power traces? Measure the DPA resistance? Countermeasure and its design flow? Partition the algorithm?

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 70

Transformation Target Identification

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 71

Needed “Basic Blocks”

identify sensitive parts Partition Sensitive / Non Sensitive Protect Sensitive Security Evaluation

Generate useful power traces? Measure the DPA resistance? Countermeasure and its design flow? Partition the algorithm?

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 72

Overall Software Flow

Transformation Target Identification Code Transformation

sbci r21,0xfd ld r25,Y movw r18,r26 subi r18,0x4f

Input Software Implementation Sensitive Parts

sbci r21,0xfd lds r23,705 mov r25,r23 ld r25,Y lds r23,705 mov r18,r23 mov r19,r23 movw r18,r26 subi r18,0x4f Targets for Protection Example (A) Protected Implementation Example (A) Targets for Protection Example (B) Protected Implementation Example (B) sbci r21,0xfd ld r25,Y movw r18,r26 subi r18,0x4f sbci r21,0xfd ld r25,Y movw r18,r26 subi r18,0x4f

Information Leakage Analysis

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 73

Information Leakage Analysis

100 200 300 400 500 600 700 800 900 1000 1100 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1

Sensitivity (Mutual information) Clock cycle ARK SB SR MC

Sensitivity values for unprotected implementation

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 74

Example on Software

846 847 848 849 850 851 852 853 854 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1

sbci r21,0xfd ld r25,Y movw r18,r26 subi r18,0x4f sbci r19,0xfd movw r28,r18 ld r30,Y Sensitivity (Mutual information) Clock cycle

Instruction - time mapping of unprotected implementation

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 75

Example on Software

846 847 848 849 850 851 852 853 854 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1

sbci r21,0xfd ld r25,Y movw r18,r26 subi r18,0x4f sbci r19,0xfd movw r28,r18 ld r30,Y Sensitivity (Mutual information) Clock cycle

Instruction - time mapping of unprotected implementation

1620 1622 1624 1626 1628 1630 1632 1634 1636 1638 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1

sbci r21,0xfd lds r23,705 mov r25,r23 ld r25,Y lds r23,705 mov r18,r23 mov r19,r23 movw r18,r26 subi r18,0x4f sbci r19,0xfd movw r28,r18 lds r23,705 mov r30,r23 ld r30,Y Sensitivity (Mutual information) Clock cycle

Instruction - time mapping of protected implementation

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 75

Security Evaluation

500 1000 1500 2000 2500 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1

Sensitivity (Mutual information) Clock cycle ARK SB SR MC

Sensitivity values for protected implementation

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 76

Conclusions and Tips Initial steps for power analysis are promising This is just the beginning... PS: Never re-invent the wheel!

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 77

Acknowledgments Paolo Ienne, Alessandro Cevrero, Yusuf Leblebici, Stéphane Badel, Johann Großschädl, Ali Galip Bayrak, Axel Poschmann, Zeynep Toprak, Marco Macchetti, Laura Pozzi, Christof Paar, Frank Gurkaynak, François-Xavier Standaert, Theo Kluter, Philip Brisk, Michael Schwander, Thomas Eisenbarth

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 78

Questions? “There is beauty in what we do in EDA!” Alberto Sangiovanni-Vincentelli, EDA Café - 2009 Thank you for your attention! mail: regazzoni@alari.ch

Francesco Regazzoni 06 June 2014, Šibenik, Croatia

• P. 79