Eric Peeters

System-on-Chip Platform Security Assurance: Architecture and Validation

Modern system-on-chip (SoC) designs include a wide variety of highly sensitive assets which must be protected from unauthorized access. A significant aspect of SoC design involves exploration, analysis, and evaluation of resiliency mechanisms against attacks to such assets. These attacks may arise from a number of sources, including malicious intellectualproperty blocks (IPs) in the hardware, malicious or vulnerable firmware and software, insecure communication of the system with other devices, and side-channel vulnerabilities through power and performance profiles. Countermeasures for these attacks are equally diverse, which include architecture, design, implementation, and validation-based protection. In this paper, we provide a comprehensive overview of the security infrastructure in modern SoC designs, including both resiliency techniques and their validation paradigms at presilicon and postsilicon stages. We identify gaps in current resiliency and analysis architectures and propose design and validation solutions to address them. Finally, we provide industry perspectives on the role and impact of current practices on SoC security, and discuss some emerging trends in this important area.

SoC security architecture: current practices and emerging needs

At the era of everything is connected, security has become an essential key question when starting a new System-on-chip architecture. With the proliferation of secure systems, it is expected that many design teams will lack the essential knowledge and time to look at the abundant literature. In this paper, we intend to provide a reasonable approach to tackle this problem and try to convey the essential design rules, design elements and threats to any reader. We cover a possible methodology to collect requirements based on a systematic identification of the assets needing protection and threats against these assets: and make sure the design is appropriately sized and adequately secure. Once the requirements have been collected, the architecture can be laid out and we discuss the main elements that can compose it: trusted execution environment, secure boot, secure software update, secure design-for-test (DFT) components, Random Number Generation (RNG).

From New Technologies to New Solutions

Ferroelectric RAM (FRAM) is a promising non-volatile memory technology that is now available in low-end microcontrollers. Its main advantages over Flash memories are faster write performances and much larger tolerated number of write/erase cycles. These properties are profitable for the efficient implementation of side-channel countermeasures exploiting pre-computations. In this paper, we illustrate the interest of FRAM-based microcontrollers for physically secure cryptographic hardware with two case studies. First we consider a recent shuffling scheme for the AES algorithm, exploiting randomized program memories. We exhibit significant performance gains over previous results in an Atmel microcontroller, thanks to the fine-grained programmability of FRAM. Next and most importantly, we propose the first working implementation of the “masking with randomized look-up table” countermeasure, applied to reduced versions of the block cipher LED. This implementation provides unconditional security against side-channel attacks (of all orders!) under the assumption that pre-computations can be performed without leakage. It also provides high security levels in cases where this assumption is relaxed (e.g. for context or performance reasons).

Side-Channel Cryptanalysis: A Brief Survey

Traditionally, the mathematical cryptanalysis considers that the cryptographic device is an abstract machine and target primarily the weaknesses of the cryptographic algorithm by taking advantage of the input and output data. In Shannon’s 1949 paper on “Communication Theory of Secrecy Systems”, he defined what should be perfect secrecy:

Toward the Evaluation of an Implementation Against Side-Channel Attacks

In this chapter, we propose a formal practice-oriented model for the analysis of cryptographic primitives against side-channel attacks was introduced as a specialization of Micali and Reyzin’s “physically observable cryptography” paradigm [MR04] introduced in [SMY06].

CMOS Devices: Sources and Models of Emanation

In this chapter, the major insights regarding the sources of power and electromagnetic leakages are provided. We investigate the first-order dependencies between the data handled and the leakage to allow us to define some simple power and electromagnetic models rather than dealing with complex equations and several parameters. Thanks to these models, an adversary does not need to fully understand the underlying semiconductor physics, neither the structure of the devices, to be able to mount an attack. Indeed we will see some of the possible techniques in this chapter and will deepen this topic in Chap. 6.

Measurement of the Power Consumption

In the previous chapter, we detailed the different simple models that could possibly be used to describe the behavior of CMOS devices. These models may allow an adversary to correlate the actual power consumption (monitored from the chip) with an hypothetical one depending on the key guess and the chosen model. As we will see in Chap. 6, a power consumption model can also be built from a training phase with a second identical device. Those attacks requiring a profiling training are known as Template Attack [AARR02] and Stochastic Models [SLP05]

Higher Order Attacks

In the open literature, the masking technique is among the most popular suggested ways to protect an implementation against Differential Power Analysis [AG01, CJRR99, GP99, OMPR05]. However, several works have shown that such protected devices are still sensitive to higher order attacks, originally described in [Mes00].

General Conclusion and Possible Further Directions

Alice and Bob, our two heroes, realized that there may be more backdoors than they expected. And when designing a secure system, they certainly cannot ignore them. Principally, our purpose was not to propose new physical leakages of embedded systems, but rather we intended to provide a thorough survey of two of them, namely the power and the electromagnetic emanations. In this respect, we investigated.