Jean-Baptiste Rigaud

Implementing Asynchronous Circuits on LUT Based FPGAs

This paper describes a general methodology to rapidly prototype asynchronous circuits on LUT based FPGAs. The main objective is to offer designers the powerfulness of standard synchronous FPGAs to prototype their asynchronous circuits or mixed synchronous/asynchronous circuits. To avoid hazard in FPGAs, the appearance of hazard in configurable logic cells is analyzed. The developed technique is based on the use and the design of a Muller gate library. It is shown how the place and route tools automatically exploit this library. Finally, an asynchronous dual-rail adder is implemented automatically to demonstrate the potential of the methodology. Several FPGA families, like Xilinx X4000, Altera Flex, Xilinx Virtex and uptodate Altera Apex are targeted.

Strengthening hardware AES implementations against fault attacks

Differential fault attacks become a threat of increasing importance against cryptographic devices. One of the most efficient hardware countermeasures for block ciphers to prevent such attacks relies on duplication. Novel techniques to implement a duplication scheme for the AES are proposed. Remarkably, the proposed techniques do not impact on the throughput/area ratio and better withstand a large variety of known fault attacks.

Hardware Engines for Bus Encryption: A Survey of Existing Techniques

The widening spectrum of applications and services provided by portable and embedded devices brings a new dimension of concerns in security. Most of those embedded systems (pay-TV, PDAs, mobile phones, etc.) make use of external memory. As a result, the main problem is that data and instructions are constantly exchanged between memory (RAM) and CPU in clear form on the bus. This memory may contain confidential data like commercial software or private contents, which either the end-user or the content provider is willing to protect. The paper describes the problem of processor-memory bus communications in this regard and the existing techniques applied to secure the communication channel through encryption. Performance overheads implied by those solutions are discussed extensively.

Static Implementation of QDI Asynchronous Primitives

To fairly compare the performance of an asynchronous ASIC to its homologous synchronous one requires the availability of a dedicated asynchronous library. In this paper we present TAL_130nm a standard cell library dedicated to the design of QDI asynchronous circuits. Cell selection and sizing rules applied to develop TAL_130nm are detailed. It is shown that significant area and power savings as well as speed improvements can be obtained.

A side-channel and fault-attack resistant AES circuit working on duplicated complemented values

Cryptographic circuits can be subjected to several kinds of side-channel and fault attacks in order to extract the secret key. Side-channel attacks can be carried by measuring either the power consumed or the EM waves emitted by the cryptographic module and trying to find a correlation between the given side-channel and the data manipulated [1]. Concerning fault attacks, in the case of differential fault attacks (DFA) [2], a cryptographic calculation is corrupted in such a way as to retrieve information about the secret key. Faults can be induced by different means such as lasers, voltage glitches, electromagnetic perturbations or clock skews. Several counter-measures, like in [3], have been separately proposed to tackle either kind of attack. In this paper, we describe the implementation of an AES chip where duplicated and complemented data paths provide resistance against both side-channel and fault attacks.

Experimental evaluation of protections against laser-induced faults and consequences on fault modeling

Lasers can be used by hackers to situations to inject faults in circuits and induce security flaws. On-line detection mechanisms are classically proposed to counter such attacks, and are often based on error detecting codes. However, the efficiency of such schemes has not been precisely validated against real attack conditions. This paper presents results showing that, with a given type of laser, a classical protection technique can leave open doors to an attacker. The results give also insights into the fault models to be taken into account when designing a secured circuit.

Hardware trojan detection by delay and electromagnetic measurements

Hardware Trojans (HT) inserted in integrated circuits have received special attention of researchers. In this paper, we present firstly a novel HT detection technique based on path delays measurements. A delay model, which considers intra-die process variations, is established for a net. Secondly, we show how to detect HT using ElectroMagnetic (EM) measurements. We study the HT detection probability according to its size taking into account the inter-die process variations with a set of FPGA. The results show, for instance, that there is a probability greater than 95% with a false negative rate of 5% to detect a HT larger than 1.7% of the original circuit.

Design and characterisation of an AES chip embedding countermeasures

In critical communication infrastructures, hardware accelerators are often used to speed up cryptographic calculations. Their resistance to physical attacks determines how secure the overall infrastructure is. In this paper, we describe the implementation and characterisation of an AES accelerator embedding security features against physical attacks. This AES chip is implemented in HCMOS9gp 130 nm STM technology. The countermeasure is based on duplication and works on complemented values in parallel. The chip was tested against side channel attacks showing the efficiency of the proposed countermeasure against such attacks. Fault injection tests based on the use of local laser shoots showed that the fault detection mechanism did indeed react as expected. However, using clock set-up time violations, 80% of the secret key were retrieved in less than 40 hours, thus illustrating the limits of the duplication countermeasure against a global fault attack which was published after the chip was designed.

Review of fault injection mechanisms and consequences on countermeasures design

The secret keys handled by cryptographic devices can be extracted using fault attacks associated with cryptanalysis techniques. These faults can be induced by different means such as laser exposure, voltage or clock glitches, electromagnetic perturbation, etc. This paper provides a detailed insight into the physics and mechanisms involved in several fault injection processes. The paper also highlights the difficulty to design countermeasures while even hardware duplication, usually considered as secure, has proved to show flaws against low cost fault injection means.

Error Detection for Borrow-Save Adders Dedicated to ECC Unit

Differential Fault Analysis (DFA) is a real threat for elliptic curve cryptosystems. This paper describes an elliptic curve cryptoprocessor unit resistant against fault injection. This resistance is provided by the use of parity preserving logic gates in the operating structure of the ECC unit, which is based on borrow-save adders. The proposed countermeasure provides a high coverage fault detection and induces an acceptable area overhead (+ 38 %).