10.4 Cryptographic Hardware

Time	Label	Presentation Title Authors
11:00	10.4.1	BINARY RING-LWE HARDWARE WITH POWER SIDE-CHANNEL COUNTERMEASURES Speaker: Ye Wang, The University of Texas at Austin, US Authors: Aydin Aysu, Mohit Tiwari and Michael Orshansky, University of Texas at Austin, US Abstract We describe the first hardware implementation of a quantum-secure encryption scheme along with its low-cost power side-channel countermeasures. The encryption uses an implementation-friendly Binary-Ring-Learning-with-Errors (B-RLWE) problem with binary errors that can be efficiently generated in hardware. We demonstrate that a direct implementation of B-RLWE exhibits vulnerability to power side-channel attacks, even to Simple Power Analysis, due to the nature of binary coefficients. We mitigate this vulnerability with a redundant addition and memory update. To further protect against Differential Power Analysis (DPA), we use a B-RLWE specific opportunity to construct a lightweight yet effective countermeasure based on randomization of intermediate states and masked threshold decoding. On a SAKURA-G FPGA board, we show that our method increases the required number of measurements for DPA attacks by 40X compared to unprotected design. Our results also quantify the trade-off between side-channel security and hardware area-cost of B-RLWE. Download Paper (PDF; Only available from the DATE venue WiFi)
11:30	10.4.2	HIGH SPEED ASIC IMPLEMENTATIONS OF LEAKAGE-RESILIENT CRYPTOGRAPHY Speaker: Thomas Unterluggauer, Graz University of Technology, AT Authors: Robert Schilling¹, Thomas Unterluggauer², Stefan Mangard², Frank Gurkaynak³, Michael Muehlberghuber⁴ and Luca Benini⁵ ¹Graz University of Technology / Know Center GmbH, AT; ²Graz University of Technology, AT; ³ETH Zurich, CH; ⁴Integrated Systems Laboratory (ETH Zurich), CH; ⁵Università di Bologna, IT Abstract Embedded devices in the Internet-of-Things require encryption functionalities to secure their communication. However, side-channel attacks and in particular differential power analysis (DPA) attacks pose a serious threat to cryptographic implementations. While state-of-the-art countermeasures like masking slow down the performance and can only prevent DPA up to a certain order, leakage-resilient schemes are designed to stay secure even in the presence of side-channel leakage. Although several leakage-resilient schemes have been proposed, there are no hardware implementations to demonstrate their practicality and performance on measurable silicon. In this work, we present an ASIC implementation of a multi-core System-on-Chip extended with a software-programmable accelerator for leakage-resilient cryptography. The accelerator is deeply embedded in the shared memory architecture of the many-core system, supports different configurations, contains a high-throughput implementation of the 2PRG primitive based on AES-128, offers two side-channel protected re-keying functions, and is the first fabricated design of the side-channel secure authenticated encryption scheme ISAP. The accelerator reaches a maximum throughput of 7.49,Gbit/s and a best-case energy efficiency of 137,Gbit/s/W making this accelerator suitable for high-speed secure IoT applications. Download Paper (PDF; Only available from the DATE venue WiFi)
12:00	10.4.3	OPTIMIZATION OF THE PLL CONFIGURATION IN A PLL-BASED TRNG DESIGN Speaker: Elie Noumon Allini, Laboratoire Hubert Curien, University of Saint-Etienne, FR Authors: Elie Noumon Allini, Oto Petura, Viktor Fischer and Florent Bernard, Hubert Curien Laboratory, Jean Monnet University, FR Abstract Several recent designs show that the phase locked- loops (PLLs) are well suited for building true random number generators (TRNG) in logic devices and especially in FPGAs, in which PLLs are physically isolated from the rest of the device. However, the setup of the PLL configuration for the PLL-based TRNG is a challenging task. Indeed, the designer has to take into account physical constraints of the hardwired block, when trying to achieve required performance (bit rate) and security (entropy rate per bit). In this paper, we introduce a method aimed at choosing PLL parameters (e.g. input frequency, multiplication and division factors of the PLL) that satisfy hardware constraints, while achieving the highest possible bit rate or entropy rate according to application requirements. The proposed method is fast enough to produce all possible configurations in a short time. Comparing to the previous method based on a generic algorithm, which was able to find only a locally optimized solution and only for one PLL in tens of seconds, the new method finds exhaustive set of possible configurations of one- or two-PLL TRNG in few seconds, while the found configurations can be ordered depending on their performance or sensitivity to jitter. Download Paper (PDF; Only available from the DATE venue WiFi)
12:30	IP4-15, 187	ERASMUS: EFFICIENT REMOTE ATTESTATION VIA SELF-MEASUREMENT FOR UNATTENDED SETTINGS Speaker: Norrathep Rattanavipanon, University of California, Irvine, TH Authors: Xavier Carpent¹, Norrathep Rattanavipanon² and Gene Tsudik² ¹UC Irvine, US; ²UCI, US Abstract Remote attestation (RA) is a popular means of detecting malware in embedded and IoT devices. RA is usually realized as a protocol via which a trusted verifier measures software integrity of an untrusted remote device called prover. All prior RA techniques require on-demand operation. We identify two drawbacks of this approach in the context of unattended devices: First, it fails to detect mobile malware that enters and leaves the prover between successive RA instances. Second, it requires the prover to engage in a potentially expensive computation, which can negatively impact safety-critical or real-time devices. To this end, we introduce the concept of self-measurement whereby a prover periodically (and securely) measures and records its own software state. A verifier then collects and verifies these measurements. We demonstrate a concrete technique called ERASMUS, justify its features and evaluate its performance. We show that ERASMUS is well-suited for safety-critical applications. We also define a new metric -- Quality of Attestation (QoA). Download Paper (PDF; Only available from the DATE venue WiFi)
12:31	IP5-14, 873	NON-INTRUSIVE TESTING TECHNIQUE FOR DETECTION OF TROJANS IN ASYNCHRONOUS CIRCUITS Speaker: Rodrigo Possamai Bastos, TIMA Laboratory, CNRS/Grenoble INP/UJF, FR Authors: Leonel Acunha Guimarães, Thiago Ferreira de Paiva Leite, Rodrigo Possamai Bastos and Laurent Fesquet, TIMA - Grenoble Institute of Technology, FR Abstract Asynchronous circuits, as any IC, are vulnerable to hardware Trojans (HTs), which might be maliciously implanted in IC designs during outsourced fabrication phases. In this paper, a new testing technique to detect HTs by exploiting the regular side-channel properties of quasi-delay insensitive (QDI) asynchronous circuits is proposed. The technique does not need neither additional circuitry nor significant adjustments in the post-fabrication testing phase. Simulation results show that the proposed technique is able to detect HTs with dimensions smaller than 1% of the original circuit. Download Paper (PDF; Only available from the DATE venue WiFi)
12:30		End of session Lunch Break in Großer Saal and Saal 1 Coffee Breaks in the Exhibition Area On all conference days (Tuesday to Thursday), coffee and tea will be served during the coffee breaks at the below-mentioned times in the exhibition area (Terrace Level of the ICCD). Lunch Breaks (Großer Saal + Saal 1) On all conference days (Tuesday to Thursday), a seated lunch (lunch buffet) will be offered in the rooms "Großer Saal" and "Saal 1" (Saal Level of the ICCD) to fully registered conference delegates only. There will be badge control at the entrance to the lunch break area. Tuesday, March 20, 2018 Coffee Break 10:30 - 11:30 Lunch Break 13:00 - 14:30 Awards Presentation and Keynote Lecture in "Saal 2" 13:50 - 14:20 Coffee Break 16:00 - 17:00 Wednesday, March 21, 2018 Coffee Break 10:00 - 11:00 Lunch Break 12:30 - 14:30 Awards Presentation and Keynote Lecture in "Saal 2" 13:30 - 14:20 Coffee Break 16:00 - 17:00 Thursday, March 22, 2018 Coffee Break 10:00 - 11:00 Lunch Break 12:30 - 14:00 Keynote Lecture in "Saal 2" 13:20 - 13:50 Coffee Break 15:30 - 16:00

Time

Label

Presentation Title
Authors

11:00

10.4.1

BINARY RING-LWE HARDWARE WITH POWER SIDE-CHANNEL COUNTERMEASURES
Speaker:
Ye Wang, The University of Texas at Austin, US
Authors:
Aydin Aysu, Mohit Tiwari and Michael Orshansky, University of Texas at Austin, US
Abstract
We describe the first hardware implementation of a quantum-secure encryption scheme along with its low-cost power side-channel countermeasures. The encryption uses an implementation-friendly Binary-Ring-Learning-with-Errors (B-RLWE) problem with binary errors that can be efficiently generated in hardware. We demonstrate that a direct implementation of B-RLWE exhibits vulnerability to power side-channel attacks, even to Simple Power Analysis, due to the nature of binary coefficients. We mitigate this vulnerability with a redundant addition and memory update. To further protect against Differential Power Analysis (DPA), we use a B-RLWE specific opportunity to construct a lightweight yet effective countermeasure based on randomization of intermediate states and masked threshold decoding. On a SAKURA-G FPGA board, we show that our method increases the required number of measurements for DPA attacks by 40X compared to unprotected design. Our results also quantify the trade-off between side-channel security and hardware area-cost of B-RLWE.
Download Paper (PDF; Only available from the DATE venue WiFi)

11:30

10.4.2

HIGH SPEED ASIC IMPLEMENTATIONS OF LEAKAGE-RESILIENT CRYPTOGRAPHY
Speaker:
Thomas Unterluggauer, Graz University of Technology, AT
Authors:
Robert Schilling¹, Thomas Unterluggauer², Stefan Mangard², Frank Gurkaynak³, Michael Muehlberghuber⁴ and Luca Benini⁵
¹Graz University of Technology / Know Center GmbH, AT; ²Graz University of Technology, AT; ³ETH Zurich, CH; ⁴Integrated Systems Laboratory (ETH Zurich), CH; ⁵Università di Bologna, IT
Abstract
Embedded devices in the Internet-of-Things require encryption functionalities to secure their communication. However, side-channel attacks and in particular differential power analysis (DPA) attacks pose a serious threat to cryptographic implementations. While state-of-the-art countermeasures like masking slow down the performance and can only prevent DPA up to a certain order, leakage-resilient schemes are designed to stay secure even in the presence of side-channel leakage. Although several leakage-resilient schemes have been proposed, there are no hardware implementations to demonstrate their practicality and performance on measurable silicon. In this work, we present an ASIC implementation of a multi-core System-on-Chip extended with a software-programmable accelerator for leakage-resilient cryptography. The accelerator is deeply embedded in the shared memory architecture of the many-core system, supports different configurations, contains a high-throughput implementation of the 2PRG primitive based on AES-128, offers two side-channel protected re-keying functions, and is the first fabricated design of the side-channel secure authenticated encryption scheme ISAP. The accelerator reaches a maximum throughput of 7.49,Gbit/s and a best-case energy efficiency of 137,Gbit/s/W making this accelerator suitable for high-speed secure IoT applications.
Download Paper (PDF; Only available from the DATE venue WiFi)

12:00

10.4.3

OPTIMIZATION OF THE PLL CONFIGURATION IN A PLL-BASED TRNG DESIGN
Speaker:
Elie Noumon Allini, Laboratoire Hubert Curien, University of Saint-Etienne, FR
Authors:
Elie Noumon Allini, Oto Petura, Viktor Fischer and Florent Bernard, Hubert Curien Laboratory, Jean Monnet University, FR
Abstract
Several recent designs show that the phase locked- loops (PLLs) are well suited for building true random number generators (TRNG) in logic devices and especially in FPGAs, in which PLLs are physically isolated from the rest of the device. However, the setup of the PLL configuration for the PLL-based TRNG is a challenging task. Indeed, the designer has to take into account physical constraints of the hardwired block, when trying to achieve required performance (bit rate) and security (entropy rate per bit). In this paper, we introduce a method aimed at choosing PLL parameters (e.g. input frequency, multiplication and division factors of the PLL) that satisfy hardware constraints, while achieving the highest possible bit rate or entropy rate according to application requirements. The proposed method is fast enough to produce all possible configurations in a short time. Comparing to the previous method based on a generic algorithm, which was able to find only a locally optimized solution and only for one PLL in tens of seconds, the new method finds exhaustive set of possible configurations of one- or two-PLL TRNG in few seconds, while the found configurations can be ordered depending on their performance or sensitivity to jitter.
Download Paper (PDF; Only available from the DATE venue WiFi)

12:30

IP4-15, 187

ERASMUS: EFFICIENT REMOTE ATTESTATION VIA SELF-MEASUREMENT FOR UNATTENDED SETTINGS
Speaker:
Norrathep Rattanavipanon, University of California, Irvine, TH
Authors:
Xavier Carpent¹, Norrathep Rattanavipanon² and Gene Tsudik²
¹UC Irvine, US; ²UCI, US
Abstract
Remote attestation (RA) is a popular means of detecting malware in embedded and IoT devices. RA is usually realized as a protocol via which a trusted verifier measures software integrity of an untrusted remote device called prover. All prior RA techniques require on-demand operation. We identify two drawbacks of this approach in the context of unattended devices: First, it fails to detect mobile malware that enters and leaves the prover between successive RA instances. Second, it requires the prover to engage in a potentially expensive computation, which can negatively impact safety-critical or real-time devices. To this end, we introduce the concept of self-measurement whereby a prover periodically (and securely) measures and records its own software state. A verifier then collects and verifies these measurements. We demonstrate a concrete technique called ERASMUS, justify its features and evaluate its performance. We show that ERASMUS is well-suited for safety-critical applications. We also define a new metric -- Quality of Attestation (QoA).
Download Paper (PDF; Only available from the DATE venue WiFi)

12:31

IP5-14, 873

NON-INTRUSIVE TESTING TECHNIQUE FOR DETECTION OF TROJANS IN ASYNCHRONOUS CIRCUITS
Speaker:
Rodrigo Possamai Bastos, TIMA Laboratory, CNRS/Grenoble INP/UJF, FR
Authors:
Leonel Acunha Guimarães, Thiago Ferreira de Paiva Leite, Rodrigo Possamai Bastos and Laurent Fesquet, TIMA - Grenoble Institute of Technology, FR
Abstract
Asynchronous circuits, as any IC, are vulnerable to hardware Trojans (HTs), which might be maliciously implanted in IC designs during outsourced fabrication phases. In this paper, a new testing technique to detect HTs by exploiting the regular side-channel properties of quasi-delay insensitive (QDI) asynchronous circuits is proposed. The technique does not need neither additional circuitry nor significant adjustments in the post-fabrication testing phase. Simulation results show that the proposed technique is able to detect HTs with dimensions smaller than 1% of the original circuit.
Download Paper (PDF; Only available from the DATE venue WiFi)

12:30

End of session
Lunch Break in Großer Saal and Saal 1

Coffee Breaks in the Exhibition Area

On all conference days (Tuesday to Thursday), coffee and tea will be served during the coffee breaks at the below-mentioned times in the exhibition area (Terrace Level of the ICCD).

Lunch Breaks (Großer Saal + Saal 1)

On all conference days (Tuesday to Thursday), a seated lunch (lunch buffet) will be offered in the rooms "Großer Saal" and "Saal 1" (Saal Level of the ICCD) to fully registered conference delegates only. There will be badge control at the entrance to the lunch break area.

Tuesday, March 20, 2018