David Naccache

Random Active Shield

Recently, some active shielding techniques have been broken (e.g. by FlyLogic). The caveat is that their geometry is easy to guess, and thus they can be bypassed with an affordable price. This paper has two contributions. First of all, it provides a definition of the objectives of shielding, which is seldom found in publicly available sources. Notably, we precise the expected functionality, but also the constraints it must meet to be both manufacturable and secure. Second, we propose an innovative solution based on random shielding. The goal of this shielding is to make the geometry of the shield difficult to recognize, thereby making the identification phase of the attack harder than in previous schemes. Also, a proof of the shielding existence for two layers of metal is provided, which guarantees that the generation of the layout will succeed. Finally, we provide real tests of the shield generation algorithm, that show it is computationally tractable even for large areas to protect.

Alien vs. Quine, the vanishing circuit and other tales from the industry's crypt

This talk illustrates the everyday challenges met by embedded security practitioners by five real examples. All the examples were actually encountered while designing, developing or evaluating commercial products. n nThis note, which is not a refereed research paper, presents the details of one of these five examples. It is intended to help the audience follow that part of our presentation.

Cryptographically secure shields

Probing attacks are serious threats on integrated circuits. Security products often include a protective layer called shield that acts like a digital fence. In this article, we demonstrate a new shield structure that is cryptographically secure. This shield is based on the newly proposed SIMON lightweight block cipher and independent mesh lines to ensure the security against probing attacks of the hardware located behind the shield. Such structure can be proven secure against state-of-the-art invasive attacks. For the first time in the open literature, we describe a chip designed with a digital shield, and give an extensive report of its cost, in terms of power, metal layer(s) to sacrifice and of logic (including the logic to connect it to the CPU). Also, we explain how “Through Silicon Vias” (TSV) technology can be used for the protection against both frontside and backside probing.

Applying Cryptographic Acceleration Techniques to Error Correction

Modular reduction is the basic building block of many public-key cryptosystems. BCH codes require repeated polynomial reductions modulo the same constant polynomial. This is conceptually very similar to the implementation of public-key cryptography where repeated modular reduction in (mathbb {Z}_n) or (mathbb {Z}_p) are required for some fixed n or p. It is hence natural to try and transfer the modular reduction expertise developed by cryptographers during the past decades to obtain new BCH speed-up strategies. Error correction codes (ECCs) are deployed in digital communication systems to enforce transmission accuracy. BCH codes are a particularly popular ECC family. This paper generalizes Barrett’s modular reduction to polynomials to speed-up BCH ECCs. A BCH(15, 7, 2) encoder was implemented in Verilog and synthesized. Results show substantial improvements when compared to traditional polynomial reduction implementations. We present two BCH code implementations (regular and pipelined) using Barrett polynomial reduction. These implementations, are respectively 4.3 and 6.7 faster than an improved BCH LFSR design. The regular Barrett design consumes around 53 (%) less power than the BCH LFSR design, while the faster pipelined version consumes 2.3 times more power than the BCH LFSR design.

How to Carefully Breach a Service Contract

Consider a firm

Operand folding hardware multipliers

mathcal {S}

Method for monitoring program flow to verify execution of proper instructions by a processor

providing support to clients