David Hely

Key Reconciliation Protocols for Error Correction of Silicon PUF Responses

Physical unclonable functions (PUFs) are promising primitives for the lightweight authentication of an integrated circuit (IC). Indeed, by extracting an identifier from random process variations, they allow each instance of a design to be uniquely identified. However, the extracted identifiers are not stable enough to be used as is, and hence, need to be corrected first. This is currently achieved using error-correcting codes in secure sketches that generate helper data through a one-time procedure. As an alternative, we propose key reconciliation protocols. This interactive method, originating from quantum key distribution, allows two entities to correct errors in their respective correlated keys by discussing over a public channel. We believe that this can also be used by a device and a remote server to agree on two different responses to the same challenge from the same PUF obtained at different times. This approach has the advantage of requiring very few logic resources on the device side. The information leakage caused by the key reconciliation process is limited and easily computable. Results of implementation on field-programmable gate array (FPGA) targets are presented, showing that it is the most lightweight error-correction module to date.

Secure and Flexible Trace-Based Debugging of Systems-on-Chip

This work tackles the conflict between enforcing security of a system-on-chip (SoC) and providing observability during trace-based debugging. On one hand, security objectives require that assets remain confidential at different stages of the SoC life cycle. On the other hand, the trace-based debug infrastructure exposes values of internal signals that can leak the assets to untrusted third parties. We propose a secure trace-based debug infrastructure to resolve this conflict. The secure infrastructure tags each asset to identify its owner (to whom it can be exposed during debug) and nonintrusively enforces the confidentiality of the assets during runtime debug. We implement a prototype of the enhanced infrastructure on an FPGA to validate its functional correctness. ASIC estimations show that our approach incurs practical area and power costs.

Enhanced Elliptic Curve Scalar Multiplication Secure Against Side Channel Attacks and Safe Errors

Elliptic curve cryptography (ECC) is involved in many secure schemes. Such schemes involve the elliptic curve scalar operation which is particularly security sensitive. Many algorithms of this operation have been proposed including security countermeasures. This paper discusses the security issues of such algorithms when running on a device that can be physically accessed. Leveraging these issues, new simple attack schemes to recover scalar bit information are presented and a new detailed attack based on C safe-error, probability and lattice is described against an Elliptic Curve Digital Signature Algorithm (ECDSA) using the Montgomery ladder algorithm. This new attack shows that Montgomery ladder can be sensitive to C safe-errors under some conditions. Finally, new secure elliptic curve scalar operation algorithms are presented with solutions to the discussed issues and guidance for their secure implementations.