Elena Trichina

Simplified Adaptive Multiplicative Masking for AES

Software counter measures against side channel attacks considerably hinder performance of cryptographic algorithms in terms of memory or execution time or both. The challenge is to achieve secure implementation with as little extra cost as possible. In this paper we optimize a counter measure for the AES block cipher consisting in transforming a boolean mask to a multiplicative mask prior to a non-linear Byte Substitution operation (thus, avoiding S-box re-computations for every run or storing multiple S-box tables in RAM), while preserving a boolean mask everywhere else. We demonstrate that it is possible to achieve such transformation for a cost of two additional multiplications in the field.However, due to an inherent vulnerability of multiplicative masking to so-called zero attack, an additional care must be taken to securize its implementation. We describe one possible, although not perfect, approach to such an implementation which combines algebraic techniques and partial re-computation of S-boxes. This adds one more multiplication operation, and either occasional S-box re-computations or extra 528 bytes of memory to the total price of the counter measure.

Small size, low power, side channel-immune AES coprocessor: design and synthesis results

When cryptosystems are being used in real life, hardware and software implementations themselves present a fruitful field for attacks. Side channel attacks exploit information such as time measurements, power consumption, and electromagnetic emission that leaks from a device when it executes cryptographic applications. When leaked information is correlated to a secret key, an adversary may be able to recover the key by monitoring this information. This paper describes an AES coprocessor that provides complete protection against first-order differential power analysis by embedding a widely used software countermeasure that decorrelates data being processed from the leaked information, so-called data masking, at a hardware level.

Implementation of Elliptic Curve Cryptography with Built-In Counter Measures against Side Channel Attacks

Many software implementations of public key cryptosystems have been concerned with efficiency. The advent of side channel attacks, such as timing and power analysis attacks, force us to reconsider the strategy of implementation of group arithmetic. This paper presents a study of software counter measures against side channel attacks for elliptic curve cryptosystems.We introduce two new counter measures. The first is a new implementation technique, namely, homogeneous group operations, which has the property that addition and doubling on elliptic curves cannot be distinguished from side channel analysis. Being inexpensive time-wise, this technique is an alternative to a well-known Montgomery ladder. The second is a non-deterministic method of point exponentiation with precomputations. Although requiring rather large ROM, it provides an effective resistance against high-order power analysis attacks for the price of index re-computations and ROM accesses.An experimental implementation of NIST-recommended elliptic curves over binary fields with a balanced suite of counter measures built-in in group arithmetic is presented, and the penalty paid is analyzed. The results of the implementation in C on an AMD Duron 600 MHz running Linux are included in the paper.

Secure AES hardware module for resource constrained devices

Low power consumption, low gate count, and high throughput are standard design criteria for cryptographic coprocessors designated for resource constrained devices such as smart cards. With the advent of side channel attacks, devices’ resistance to such attacks became another major requirement. This paper describes a cryptographic hardware module for an AES algorithm that provides complete protection against first order differential power analysis by embedding a data masking countermeasure at a hardware level. We concentrate on inversion in GF(28) since this is the only non-linear operation that requires complex transformations on masked data and on bits of the masks. The simulation and synthesis results confirm that the proposed solution is suitable for applications in GSM and ad-hoc networks in terms of performance, gate count and power consumption. To our knowledge, this is the first implementation of a side channel-resistant AES hardware module suitable for smart- and SIM-cards.

RSA Acceleration with Field Programmable Gate Arrays

An efficient implementations of modular exponentiation, i.e., the main building block in the RSA cryptographic scheme, is achieved by first designing a bit-level systolic array such that the whole procedure of modular exponentiation can be carried out entirely by a single unit without using global interconnections or memory to store intermediate results, and then mapping this design onto Xilinx XC6000 Field Programmable Gate Array.

Open learning environment and instruction system (OLEIS)

Intelligent Tutoring Systems are dynamically organised instructional programs that employ representations of expert, instructional, and student knowledge to provide individualised instruction much like a personal human tutor. Open Learning Environment and Instruction System is an integrated authoring tool that enables any computer-literate lecturer to construct intelligent tutoring systems from existing teaching materials such as texts, graphics, animation, sound, video, simulators, HTML pages, software packages (i.e. compilers, spreadsheets, CAD-s...), etc. The system makes it possible for a lecturer to take the pieces built with standard software applications and configure them into the components of an intelligent tutoring system, which employs a number of different teaching strategies and provides a regular student modelling loop. This tool was designed at the School of Computer and Information Science, University of South Australia, and is currently being used for creating intelligent multimedia courseware.

SIM-enabled Open Mobile Payment System Based on Nation-wide PKI

Many current mobile payment systems rely on mobile network operators for authentication, and lack adequate nonrepudiation. In this work we describe a mobile payment system that uses a governmentally administered public-key infrastructure, namely, the Finnish Electronic Identity. FINEID cards store user credentials and private keys for authentication and digital signature, and upon user request can be issued as an application on a PKI-enabled SIM card which is used as a trusted module in our application. Using FINEID, our system authenticates persons, not customers of a certain bank, mobile network operator, or payment service provider. It also ensures non-repudiation, integrity and confidentiality of the messages related to the payment transactions. As the administration of the PKI system is the responsibility of the government, the system is very economical for both the service providers and the users. Fhe proof-of-concept implementation, a system for purchasing train tickets, is done using freely available development tools and platforms. Implementing an open payment system based on a nation-wide PKI has proven to be feasible.

Scalable Algorithm for Montgomery Multiplication and Its Implementation on the Coarse-Grain Reconfigurable Chip

One approach to achieve real-time cryptography is to use reconfigurable hardware, where different cryptographical methods can be implemented with performance of special-purpose chips, but with a fraction of the time to market expense. While there is a lot of development done for fine-grain reconfigurable hardware, such as FPGAs, the area of coarse-grain programmable hardware is almost unknown. In this paper we describe a coarse-grain reconfigurable chip XPU128. This chip is capable of performing simultaneously up to 128 multiply-accumulate operations on 32-bit numbers in one clock cycle. As a case study we implemented Montgomery Multiplication. Our implementation is fully scalable, with the time increasing linearly with the length of the operands.

Reducing the Memory Complexity of Type-Inference Algorithms

In the Java Virtual Machine, the byte-code verifier checks low-level security properties that ensure that the downloaded code cannot bypass the virtual machines security mechanisms. One of the statically ensured properties is type safety. The type-inference phase is the overwhelming resource-consuming part of the verification process.This paper addresses the RAM bottleneck met while verifying mobile code in memory-constrained environments such as smart-cards. We propose to modify the algorithm in a way that significantly reduces memory consumption.

Modular Exponentiation on Fine-Grained FPGA

Taking as a starting point for an FPGA program an efficient bit-level systolic algorithm facilitates the design process but does not automatically guarantee the most efficient hardware solution. We use an example of modular exponentiation with Montgomery multiplication to demonstrate a role of layout optimisation and partitioning in mapping linear systolic arrays onto two-dimensional arrays of FPGA cells.