low c cost s st se e lf t lf te e st o st of c f cry
play

Low-C -Cost S st Se e lf-T lf-Te e st o st of C f Cry rypto - PowerPoint PPT Presentation

Aug 10, 2023 •144 likes •442 views

LIRMM Low-C -Cost S st Se e lf-T lf-Te e st o st of C f Cry rypto to D De e v vice ice s s Low-C -Cost S st Se e lf-T lf-Te e st o st of C f Cry rypto to D De e v vice ice s s G. DiNatale, M. Doulcier, M-L.

  1. LIRMM Low-C -Cost S st Se e lf-T lf-Te e st o st of C f Cry rypto to D De e v vice ice s s Low-C -Cost S st Se e lf-T lf-Te e st o st of C f Cry rypto to D De e v vice ice s s G. DiNatale, M. Doulcier, M-L. Flottes, B. Rouzeyre WDSN 2008

  2. Motivation Motivation LIRMM 2 � Secure circuits testing � Scan path • High fault coverage • Automatic generation of scan chains • Easy test sequence generation � Vulnerability • Control and observation of internal states of CUT • => secret data retrieval Scan based attack DES [Yan et al., ITC 04] AES [Yan et al., IEEE TCAD 06] BIST

  3. Motivation Motivation LIRMM 3 � BIST � Reduced ATE cost � In-situ testing � Reduced external access � But � Circuitry overhead • test controller • pattern generator • signature analyzer…

  4. Motivation Motivation LIRMM 4 � Secure circuits contain a crypto core � E.g. Smart cards RO RA E � PRO AES RSA CRC M M M CPU Data/Address Bus MMU UART RNG Timer Sensors Interrupt � Crypto core => Test resource

  5. Outline Outline LIRMM 5 � AES & DES � Algorithm & architecture � Testability issues � AES/DES as pattern generators � AES/DES Self test � Optimisations � Conclusion

  6. Introduction Introduction LIRMM 6 � Symetric cryptography Cipher Plaintext Plaintext text Ciphering Deciphering � DES � Adopted as standard in 1976 � Data : 64 bits, Key : 56 bits � AES : Advanced Encryption Standard � Adopted as standard in 2001 � Data: 128 bits, Key: 128 bits (192, 256) � Crypto algorithms basis: Diffusion & Confusion

  7. Characteristics Characteristics LIRMM 7 � Diffusion and confusion � Confusion refers to making the relationship between the key and the ciphertext as complex and involved as possible. � Diffusion refers to the property that redundancy in the statistics of the plaintext is "dissipated" in the statistics of the ciphertext. For diffusion to occur a change in a single bit of the plaintext should result in changing the value of many ciphertext bits. � Iterative algorithms (rounds) � Each round is a "bijective" operation

  8. DES algorithm algorithm & architecture & architecture DES LIRMM 8 Plaintext IP E Key Generatio n SBoxes P Control 32 Start 32 Register R1 64 FP Register R2 Cipher text

  9. AES Algorithm Algorithm & architecture & architecture AES LIRMM 9 Plaintext Plaintext K Key Xor Secret Key K Round 1 Sub Bytes Select Start MUX Shift Row Sub Bytes Control Mix Column Shift Row RK1 Key Xor Round Mix Column Key Last-round MUX Round 9 RK i Key Generation Register R1 Last Sub Bytes Round Encryption Register R2 Shift Row RK1 Key Xor Cipher text 0 Ciphertext

  10. Cyphering & & testability testability Cyphering LIRMM 10 � Diffusion � every input bit of a round influences many output bits, i.e. every input line of a round is in the logic cone of many output bits. � an error caused by a fault in the body of the round is very likely to propagate to the output. � observability � Bijective � controllability � Highly testable hardware implementations � => random testing

  11. AES/DES as test pattern generator AES/DES as test pattern generator LIRMM 11 One test pattern = Intermediate round result of encryption Seed Secret Key K Select Start MUX Sub Bytes Control Shift Row Round Mix Column Key Last-round MUX RK i Key Generatio n Register R1 Encryption Register R2 Test pattern

  12. AES/DES as TPG: randomness analysis AES/DES as TPG: randomness analysis LIRMM 12 1 : Monobit Test 2 : Block Frequency Test NIST Special Publication 800- 3 : Cumulative Sums Forward (Reverse) 22 4 : Runs Test [NIST 800-22] 5 : Long Runs of Ones Test 6 : Rank Test 7 : Discrete Fourier Transform (Spectral) Test 8 : Universal Statistical Test Statistical package of 9 : Approximate Entropy Test 15 tests has been 10 : Serial Test developed to test binary 11 : Linear Complexity Test 12 : Aperiodic Templates sequences randomness 13 : Periodic Template Test 14 : Random Excursion Test 15 : Random Excursion Variant Test

  13. 1-round AES/DES : randomness 1-round AES/DES : randomness LIRMM 13 1.5 Mbit bitstream (leftmost bit) Test passes if x > 0.1 1_round 1_round LFSR AES DES Frequency 0.71209 0.45847 0.00256 Blk-freq 0.47556 0.87065 0.44150 Runs 0.64156 0.18337 0.14362 Long Runs 0.28546 0.15829 0.96593 Rank 0.35722 0.24411 0.52660 DFT 0.03397 0.61040 0.81051 Aperiodic 0.50704 0.50541 0.49963 Periodic 0.08345 0.90055 0.39384 Univ.Maurer 0.44635 0.86625 0.24403 Lincomp 0.86761 0.88996 0 Serial 0.62350 0.42735 0.71383 Apen 0.44173 0.41358 0.63747 Cusum 0.73566 0.55751 0.00326 Random 0.41284 0.36790 0 Variant-R 0.49847 0.24177 0

  14. 1-round AES/DES : randomness 1-round AES/DES : randomness LIRMM 14 Proportion of bitstreams passing each NIST test 1-round AES 1-round DES LFSR randomness: “1-round AES” � “1-round DES” � LFSR

  15. AES Self-test AES Self-test LIRMM 15 Message Cycle 1 Secret Key K 0 Start 0 1 MUX Sub Bytes Control Shift Row Round Mix Column Key Last-round MUX RK i Key Generation Register R1 Done

  16. AES Self-test AES Self-test LIRMM 16 Cycle 2, 3, ……, T Secret Key K 1 Start 0 1 MUX Sub Bytes Control Shift Row Round Mix Column Key Last-round MUX RK i Key Generation Register R1 Done Signature Is FC = 100% achievable ? When ?

  17. AES Self-test AES Self-test LIRMM 17 SubBytes ShiftRows MixColumns AddKey Register

  18. AES Self-test AES Self-test LIRMM 18 SubBytes Sbox (8 bits � 8 bits) Implementations ShiftRows • ROM => 256 patterns • Glue logic => 200 ... 220 patterns • Actually 203 patterns MixColumns AddKey Register

  19. AES Self-test AES Self-test LIRMM 19 SubBytes One Sbox (8 bits � 8 bits) • Glue logic => 203 patterns ShiftRows • 203 responses MixColumns (Exors) - Propagation of Sboxes errors - Faults in Mixcolumn, Addkey, Register are AddKey tested by the 203 responses Register

  20. AES Self-test AES Self-test LIRMM 20 � How many random patterns are needed to get those 203 deterministic patterns? “The Coupon Collector Problem” k T 1 � j j � 1 � � m � j � � = X � X � ... � X � � P 1 � ( � 1) C � � 0,9 1 2 k � � k Coordinates � � m � � 0,8 {2534 ; 0.99} = j 1 0,7 m = 2 128 k = #vectors = 203 0,6 0,5 0,4 0,3 ( ) T = 2534 = 0,2 P 99 % X � X � ... � X 1 2 k 0,1 random patterns 0 1000 1400 1800 2200 2600 3000 3400 3800 4200 4600 5000 number of set n 2534 AES rounds � Sbox implementation: � #test vectors � {200,...,256} => T � {2520,...,2590}

  21. AES Self-test AES Self-test LIRMM 21 � “Pseudo” Fault Simulation � Result : � Fault coverage: 100% after 2534 cycles � Test time reduction: 2400 cycles (with several keys, several plaintexts) � Specific plaintext, specific key for minimal test time ?

  22. DES Self-test DES Self-test LIRMM 22 Right bits 32 bits Expansion 6 6 6 6 6 6 6 6 Key Sbox Sbox Sbox Sbox Sbox Sbox Sbox Sbox 4 4 4 4 4 4 4 4 Permutation 32 bits Left bits

  23. DES Self-test DES Self-test LIRMM 23 Right bits 32 bits Expansion 6 6 6 6 6 6 6 6 Key Sbox (6 bits � 4 bits) Actually 64 patterns Sbox Sbox Sbox Sbox Sbox Sbox Sbox Sbox Sbox 4 4 4 4 4 4 4 4 - Propagation of Sboxes errors Permutation - Faults in Addkey, Permutation, Expansion & Register are tested by the 64 responses 32 bits Left bits

  24. DES random sequence length random sequence length DES LIRMM 24 k T � j � j 1 � m � j � � � X � X � ... � X = � � P 1 � ( � 1) C � � 1 2 k � � k � � m � � = j 1 m = 2 64 k = #vectors = 64 ( ) = P 99 % X X ... X T = 540 � � � 1 2 k random patterns (540 rounds) 34 encryptions Results : 100% FC after 24 encryptions (Data path and control)

  25. Optimisation Optimisation LIRMM 25 � Speeding up self-test of AES � 2500 cycles for 256 test patterns Length States � Feed-back on Sbox 63,FB,F,76,38,7,C5,A6,24,36,5,6B,7F,D2,B5,D5, 3,7B,21,FD,54,20,B7,A9,D3,66,33,C3,2E,31,C7, 59 C6,B4,8D,5D,4C,29,A5,6,6F,A8,C2,25,3F,75,9D, 5E,58,6A,2,77,F5,E6,8E,19,D4,48,52,0 7C,10,CA,74,92,4F,84,5F,CF,8A,7E,F3,D,D7,E,AB, SBox 62,AA,AC,91,81,C,FE,BB,EA,87,17,F0,8C,64,43,1A, 81 A2,3A,80,CD,BD,7A,DA,57,5B,39,12,C9,DD,C1,78, BC,65,4D,E3,11,82,13,7D,FF,16,47,A0,E0,E1,F8,41, 83,EC,CE,8B,3D,27,CC,4B,B3,6D,3C,EB,E9,1E,72,40,9,1 F2,89,A7,5C,4A,D6,F6,42,2C,71,A3,A,67,85,97,88, C4,1C,9C,DE,1D,A4,49,3B,E2,98,46,5A,BE,AE,E4, 69,F9,99,EE,28,34,18,AD,95,2A,E5,D9,35,96,90,60,D0, 87 70,51,D1,3E,B2,37,9A,B8,6C,50,53,ED,55,FC,B0,E7, • 5 cycles in state graph => 94,22,93,DC,86,44,1B,AF,79,B6,4E,2F,15,59,CB,1F, C0,BA,F4,BF, 8,30,4 2B,F1,A1,32,23,26,F7,68,45,6E,9F,DB,B9,56,B1,C8, 27 E8,9B,14,FA,2D,D8,61,EF,DF,9E, B 2 8F,73 • Add a (simple) feed-back function for traversing all 256 states g = exor (01110110) � 5 inverters SBox g

  26. Optimisation Optimisation LIRMM 26 � 2 steps procedure � test of Sboxes: 256 cycles (vs 2400) � test of remaining logic: 16 cycles � Area overhead : 1% � S g g g � 1 Shift Rows MixC MixC MixC MixC AES Round Register / MISR

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cost Report Capital Cost Operating Cost (Up front cost) (Annual cost over time) Utilities

Cost Report Capital Cost Operating Cost (Up front cost) (Annual cost over time) Utilities

Cost Report Capital Cost Operating Cost (Up front cost) (Annual cost over time) Utilities Construction Insurance Design Maintenance Operating Costs Taxes Reserves Contribution to Reserves Construction Cost

310 views • 12 slides
COST European Cooperation in Science and Technology Introduction to the COST Framework Programme

COST European Cooperation in Science and Technology Introduction to the COST Framework Programme

COST European Cooperation in Science and Technology Introduction to the COST Framework Programme Outline 1. What is COST and how does it work? COST Overview COST Structure COST Policies 2. What are the COST Actions and how to

1.08k views • 35 slides
Cost Cost Ov Over erruns uns and Cos and Cost t Gr Growth: wth: A A Thr hree Decade ee

Cost Cost Ov Over erruns uns and Cos and Cost t Gr Growth: wth: A A Thr hree Decade ee

Cost Cost Ov Over erruns uns and Cos and Cost t Gr Growth: wth: A A Thr hree Decade ee Decade Old Old Cost Cost Perf erfor ormanc mance e Issue Issue within within DoDs Acquisition Acquisition En Envir vironment onment

404 views • 36 slides
Chapter 4 Chapter 4 Marginal Costing and Cost-Volume-Profit Analysis Cost behaviour Cost

Chapter 4 Chapter 4 Marginal Costing and Cost-Volume-Profit Analysis Cost behaviour Cost

Chapter 4 Chapter 4 Marginal Costing and Cost-Volume-Profit Analysis Cost behaviour Cost behaviour Cost behaviour is 'the way in which cost per unit of output is affected by fluctuations in the level of activity'. Fixed cost Variable cost

866 views • 47 slides
Chapter 2: Cost Behavior, Activity Analysis, and Cost Estimation Agenda History of Cost

Chapter 2: Cost Behavior, Activity Analysis, and Cost Estimation Agenda History of Cost

Chapter 2: Cost Behavior, Activity Analysis, and Cost Estimation Agenda History of Cost Accounting Cost Formulas Cost Estimation Techniques New School Nonunit-Level Data 2 1 Cost Accounting First developed by General

382 views • 20 slides
Pricing according to cost Cost-based pricing Cost of a service = value of economic means used in

Pricing according to cost Cost-based pricing Cost of a service = value of economic means used in

Pricing according to cost Cost-based pricing Cost of a service = value of economic means used in order to provide the service Cost is a relative notion! Tariffs must cover some notion of cost related to service provisioning Cost

652 views • 46 slides
A B C Cost A Cost B Outcome A Outcome B Cost-effectiveness ratio Cost Cost i std

A B C Cost A Cost B Outcome A Outcome B Cost-effectiveness ratio Cost Cost i std

R ESULTS PRESENTATION O UTLINES Model transparency and validation (lecture 7) Deterministic results Incremental costeffectiveness ratio (ICER) Costeffectiveness plane and Efficiency frontier Deterministic sensitivity analysis

738 views • 44 slides
COST Action CA18108 Quantum gravity phenomenology in the multi-messenger approach What is a COST

COST Action CA18108 Quantum gravity phenomenology in the multi-messenger approach What is a COST

COST Action CA18108 Quantum gravity phenomenology in the multi-messenger approach What is a COST Action More info: https://www.cost.eu/cost-actions/what-are-cost-actions/ COST is an European organization funding COST Actions . 38 Full Member

194 views • 8 slides
Chapter 12, 13 Warehouse Cost and Performance Cost The cost of operating a warehouse can average

Chapter 12, 13 Warehouse Cost and Performance Cost The cost of operating a warehouse can average

Chapter 12, 13 Warehouse Cost and Performance Cost The cost of operating a warehouse can average between 1 and 5 % of total sales depending on the type of company and the value of its goods. Warehousing also makes up around 22 % of a companys

371 views • 13 slides
Chapter 12, 13 Warehouse Cost and Performance Cost The cost of operating a warehouse can average

Chapter 12, 13 Warehouse Cost and Performance Cost The cost of operating a warehouse can average

Chapter 12, 13 Warehouse Cost and Performance Cost The cost of operating a warehouse can average between 1 and 5 % of total sales depending on the type of company and the value of its goods. Warehousing also makes up around 22 % of a companys

621 views • 14 slides
Cost Share What is Cost Share Cost share is the portion of costs of a project or program that

Cost Share What is Cost Share Cost share is the portion of costs of a project or program that

NANO Session presented by OSPA 6/15/06 Cost Share What is Cost Share Cost share is the portion of costs of a project or program that is not borne by the sponsoring agency Can be provided by the University or a third party source

438 views • 16 slides
Working Group Presentation 1 COST is supported by ESF provides the COST Office the EU RTD

Working Group Presentation 1 COST is supported by ESF provides the COST Office the EU RTD

12/12/2014 European Cooperation in the field of Scientific and Technical Research Building Integration of Solar Thermal Systems TU1205 BISTS www.cost.esf.org Working Group Presentation 1 COST is supported by ESF provides the COST Office

231 views • 10 slides
Working Group Presentation 1 ESF provides the COST Office COST is supported by through an EC

Working Group Presentation 1 ESF provides the COST Office COST is supported by through an EC

European Cooperation in the field of Scientific and Technical Research Building Integration of Solar Thermal Systems TU1205 BISTS www.cost.esf.org Working Group Presentation 1 ESF provides the COST Office COST is supported by through an EC

280 views • 17 slides
Cost Allocation Plans and Indirect Cost Rates Cost Allocation Plans and Indirect Cost Rates

Cost Allocation Plans and Indirect Cost Rates Cost Allocation Plans and Indirect Cost Rates

Cost Allocation Plans and Indirect Cost Rates Cost Allocation Plans and Indirect Cost Rates Method of charging shared or common cost among different funding sources Cost Allocation Plan (CAP) Charges current shared cost to funding sources

145 views • 14 slides
Cost st-Effect ctiveness, ss, C Cost-Feasib ibilit ility, and Co Cost-Bene nefit Metho

Cost st-Effect ctiveness, ss, C Cost-Feasib ibilit ility, and Co Cost-Bene nefit Metho

Cost st-Effect ctiveness, ss, C Cost-Feasib ibilit ility, and Co Cost-Bene nefit Metho hods ds What Are These Methods? And How Can School Districts Benefit from Using Them? Dale DeCesare and Mark Fermanich Colorado Kansas

566 views • 43 slides
Summary of What We Learned: PORs - Designed based upon NCP Max Gen (e.g. generator name

Summary of What We Learned: PORs - Designed based upon NCP Max Gen (e.g. generator name

Network Cost Allocation (cont.) A Balanced Proposal on Network Segment Cost Allocation based upon BPAs Cost Causation Principles : BPA has explained why NT loads in NOS/Reliability studies are 20% higher than those used for cost

235 views • 20 slides
Peer-to-Peer Networks 14 Security Christian Schindelhauer Technical Faculty Computer-Networks

Peer-to-Peer Networks 14 Security Christian Schindelhauer Technical Faculty Computer-Networks

Peer-to-Peer Networks 14 Security Christian Schindelhauer Technical Faculty Computer-Networks and Telematics University of Freiburg Cryptography in a Nutshelf Symmetric Cryptography - AES - Affine Cryptosystems Public-Key Cryptography -

474 views • 32 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CSCE Intro to Computer Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies Security

472 views • 20 slides
THE NIST PROJECT ON PRIVACY ENHANCING CRYPTOGRAPHY Lus Brando*, Ren Peralta, Angela

THE NIST PROJECT ON PRIVACY ENHANCING CRYPTOGRAPHY Lus Brando*, Ren Peralta, Angela

THE NIST PROJECT ON PRIVACY ENHANCING CRYPTOGRAPHY Lus Brando*, Ren Peralta, Angela Robinson Presentation at ICMC20 International Cryptographic Module Conference September 23, 2020 @ Virtual event * At NIST as a Foreign Guest Researcher

335 views • 20 slides
Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security

Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security

Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security Authentication not required. i.e., Adversary allowed to send own messages (possibly error) Key/ Key/ Recv Enc Dec Send Replay SIM-CCA

192 views • 16 slides
A DFA attack on White-box implementations of AES with external encoding WhibOx 2019: White-Box

A DFA attack on White-box implementations of AES with external encoding WhibOx 2019: White-Box

A DFA attack on White-box implementations of AES with external encoding WhibOx 2019: White-Box Cryptography and Obfuscation, 18-19/05/2019, Darmstadt Alessandro Amadori , Wil Michiels and Peter Roelse Department of Mathematics and Computer

655 views • 26 slides
T-79.159 Cryptography and Data Security Lecture 3: 3.1 Introduction to block ciphers 3.2 DES

T-79.159 Cryptography and Data Security Lecture 3: 3.1 Introduction to block ciphers 3.2 DES

T-79.159 Cryptography and Data Security Lecture 3: 3.1 Introduction to block ciphers 3.2 DES 3.3 IDEA 3.4 AES Kaufman et al: Chapter 3 Stallings: Chapters 3, 5 1 Block ciphers Confidentiality primitive Threat: recover the plaintext

774 views • 15 slides
Security Cryptography Arise from resources sharing Plaintext; Encryption algorithm;

Security Cryptography Arise from resources sharing Plaintext; Encryption algorithm;

Security Cryptography Arise from resources sharing Plaintext; Encryption algorithm; keys; Ciphertext; Resources are encapsulated by process; Decryption algorithm users access them through processs interface. Three

565 views • 7 slides
Course Introduction Professor Patrick McDaniel CSE545 - Advanced Network Security Spring 2011

Course Introduction Professor Patrick McDaniel CSE545 - Advanced Network Security Spring 2011

Course Introduction Professor Patrick McDaniel CSE545 - Advanced Network Security Spring 2011 CSE545 - Advanced Network Security - Professor McDaniel Page 1 Network Security No really good definition, so we will accept the following for

419 views • 20 slides

More recommend