Ingrid Verbauwhede

Elliptic-Curve-Based Security Processor for RFID

RFID (radio frequency identification) tags need to include security functions, yet at the same time their resources are extremely limited. Moreover, to provide privacy, authentication and protection against tracking of RFID tags without loosing the system scalability, a public-key based approach is inevitable, which is shown by M. Burmester et al. In this paper, we present an architecture of a state-of-the-art processor for RFID tags with an elliptic curve (EC) processor over GF(2163). It shows the plausibility of meeting both security and efficiency requirements even in a passive RFID tag. The proposed processor is able to perform EC scalar multiplications as well as general modular arithmetic (additions and multiplications) which are needed for the cryptographic protocols. As we work with large numbers, the register file is the most critical component in the architecture. By combining several techniques, we are able to reduce the number of registers from 9 to 6 resulting in EC processor of 10.1 K gates. To obtain an efficient modulo arithmetic, we introduce a redundant modular operation. Moreover the proposed architecture can support multiple cryptographic protocols. The synthesis results with a 0.13 um CMOS technology show that the gate area of the most compact version is 12.5 K gates.

Physically Unclonable Functions: A Study on the State of the Art and Future Research Directions

The idea of using intrinsic random physical features to identify objects, systems, and people is not new. Fingerprint identification of humans dates at least back to the nineteenth century [21] and led to the field of biometrics. In the 1980s and 1990s of the twentieth century, random patterns in paper and optical tokens were used for unique identification of currency notes and strategic arms [2, 8, 53]. A formalization of this concept was introduced in the very beginning of the twenty-first century, first as physical one-way functions [41, 42], physical random functions [13], and finally as physical(ly) unclonable functions or PUFs.1 In the years following this introduction, an increasing number of new types of PUFs were proposed, with a tendency toward more integrated constructions. The practical relevance of PUFs for security applications was recognized from the start, with a special focus on the promising properties of physical unclonability and tamper evidence.

Design and performance testing of a 2.29-GB/s Rijndael processor

This contribution describes the design and performance testing of an Advanced Encryption Standard (AES) compliant encryption chip that delivers 2.29 GB/s of encryption throughput at 56 mW of power consumption in a 0.18-/spl mu/m CMOS standard cell technology. This integrated circuit implements the Rijndael encryption algorithm, at any combination of block lengths (128, 192, or 25 bits) and key lengths (128, 192, or 256 bits). We present the chip architecture and discuss the design optimizations. We also present measurement results that were obtained from a set of 14 test samples of this chip.

A 21.54 Gbits/s fully pipelined AES processor on FPGA

This paper presents the architecture of a fully pipelined AES encryption processor on a single chip FPGA. By using loop unrolling and inner-round and outer-round pipelining techniques, a maximum throughput of 21.54 Gbits/s is achieved. A fast and an area efficient composite field implementation of the byte substitution phase is designed using an optimum number of pipeline stages for FPGA implementation. A 21.54 Gbits/s throughput is achieved using 84 block RAMs and 5177 slices of a VirtexII-Pro FPGA with a latency of 31 cycles and throughput per area rate of 4.2 Mbps/Slice.

Public-Key Cryptography for RFID-Tags

RFID-tags are a new generation of bar-codes with added functionality. An emerging application is the use of RFID-tags for anti-counterfeiting by embedding them into a product. Public-key cryptography (PKC) offers an attractive solution to the counterfeiting problem but whether a publickey cryptosystem can be implemented on an RFID tag or not remains unclear. In this paper, we investigate which PKC-based identification protocols are useful for these anti-counterfeiting applications. We also discuss the feasibility of identification protocols based on elliptic curve cryptography (ECC) and show that it is feasible on RFID tags. Finally, we compare different implementation options and explore the cost that side-channel attack countermeasures would have on such implementations

Securing Encryption Algorithms against DPA at the Logic Level: Next Generation Smart Card Technology

This paper describes a design method to secure encryption algorithms against Differential Power Analysis at the logic level. The method employs logic gates with a power consumption, which is independent of the data signals, and therefore the technique removes the foundation for DPA. In a design ex- periment, a fundamental component of the DES algorithm has been imple- mented. Detailed transistor level simulations show a perfect security whenever the layout parasitics are not taken into account.

A quick safari through the reconfiguration jungle

Cost effective systems use specialization to optimize factors such as power consumption, processing throughput, flexibility or combinations thereof. Reconfigurable systems obtain this specialization at run-time. System reconfiguration has a vertical, a horizontal and a time dimension. We organize this design space as the reconfiguration hierarchy, and discuss the design methods that deal with it. Finally, we survey existing commercial platforms that support reconfiguration and situate them in the reconfiguration jungle.

Area-throughput trade-offs for fully pipelined 30 to 70 Gbits/s AES processors

This paper explores the area-throughput trade-off for an ASIC implementation of the advanced encryption standard (AES). Different pipelined implementations of the AES algorithm as well as the design decisions and the area optimizations that lead to a low area and high throughput AES encryption processor are presented. With loop unrolling and outer-round pipelining techniques, throughputs of 30 Gbits/s to 70 Gbits/s are achievable in a 0.18-/spl mu/m CMOS technology. Moreover, by pipelining the composite field implementation of the byte substitution phase of the AES algorithm (inner-round pipelining), the area consumption is reduced up to 35 percent. By designing an offline key scheduling unit for the AES processor the area cost is further reduced by 28 percent, which results in a total reduction of 48 percent while the same throughput is maintained. Therefore, the over 30 Gbits/s, fully pipelined AES processor operating in the counter mode of operation can be used for the encryption of data on optical links.

Automatic secure fingerprint verification system based on fuzzy vault scheme

We construct an automatic secure fingerprint verification system based on the fuzzy vault scheme to address a major security hole currently existing in most biometric authentication systems. The construction of the fuzzy vault during the enrollment phase is automated by aligning the most reliable reference points between different templates, based on which the converted features are used to form the lock set. The size of the fuzzy vault, the degree of the underlying polynomial, as well as the number of templates needed for reaching the reliable reference point are investigated. This results in a high unlocking complexity for attackers with an acceptable unlocking accuracy for legal users.

A Micropower CMOS-Instrumentation Amplifier

A CMOS switched capacitor instrumentation amplifier is presented. Offset is reduced by an auto-zero technique and effects due to charge injection are attenuated by a special amplifier configuration. The circuit which is realized in a 4-/spl mu/m double poly process has an offset (/spl tau/) of 370 /spl mu/V, an rms input referred integrated noise (0.5 -f/sub c//2) of 79 /spl mu/V, and consumes only 21 /spl mu/W (f/sub c/ = 8 kHz, V/sub DD/ = 3 V).