Jean-Luc Danger

Efficient FPGA implementation of Gaussian noise generator for communication channel emulation

In this paper, a high accuracy Gaussian noise generator emulator is defined and optimized for hardware implementation on a FPGA. The proposed emulator is based on the Box-Muller method implemented by using ROM tabulation and a random memory access. By means of accumulations, the central limit method is applied to the Box-Muller output Gaussian distribution. After presenting the algorithmic method, this paper analyzes its efficiency for different noise signal formats. Then the architecture to fit into a FPGA is explained. Finally, results from the FPGA synthesis are given to show the value of this method for FPGA implementation.

Hardware Trojan Horses in Cryptographic IP Cores

Detecting hardware trojans is a difficult task in general. In this article we study hardware trojan horses insertion and detection in cryptographic intellectual property (IP) blocks. The context is that of a fabless design house that sells IP blocks as GDSII hard macros, and wants to check that final products have not been infected by trojans during the foundry stage. First, we show the efficiency of a medium cost hardware trojans detection method if the placement or the routing have been redone by the foundry. It consists in the comparison between optical microscopic pictures of the silicon product and the original view from a GDSII layout database reader. Second, we analyze the ability of an attacker to introduce a hardware trojan horse without changing neither the placement nor the routing of the cryptographic IP logic. On the example of an AES engine, we show that if the placement density is beyond 80%, the insertion is basically impossible. Therefore, this settles a simple design guidance to avoid trojan horses insertion in cryptographic IP blocks: have the design be compact enough, so that any functionally discreet trojan necessarily requires a complete replace and re-route, which is detected by mere optical imaging (and not complete chip reverse-engineering).

Design of High Speed AWGN Communication Channel Emulator

This paper presents a method for designing a high accuracy white gaussian noise generator suitable for communication channel emulation. The proposed solution is based on the combined use of the Box-Muller method and the central limit theorem. The resulting architecture provides a high accuracy AWGN with a low complexity architecture for a digital implementation in FPGA. The performance is studied by means of MATLAB simulations and various complexity figures are given.

RSM: a small and fast countermeasure for AES, secure against 1st and 2nd-order zero-offset SCAs

Amongst the many existing countermeasures against Side Channel Attacks (SCA) on symmetrical cryptographic algorithms, masking is one of the most widespread, thanks to its relatively low overhead, its low performance loss and its robustness against first-order attacks. However, several articles have recently pinpointed the limitations of this countermeasure when matched with variance-based and other high-order analyses. In this article, we present a new form of Boolean masking for the Advanced Encryption Standard (AES) called “RSM”, which shows the same level in performances as the state-of-the-art, while being less area consuming, and secure against Variance-based Power Analysis (VPA) and second-order zero-offset CPA. Our theoretical security evaluation is then validated with simulations as well as real-life CPA and VPA on an AES 256 implemented on FPGA.

Generic Description and Synthesis of LDPC Decoders

Through a rapid survey of the architecture of low-density parity-check (LDPC) decoders, this paper proposes a general framework to describe and compare the LDPC decoder architectures. A set of parameters makes it possible to classify the scheduling of iterative decoders, memory organization, and type of check-node processors and variable-node processors. Using the proposed framework, an efficient generic architecture for nonflooding schedules is also given.

Design and performance analysis of a high speed AWGN communication channel emulator

A hardware white Gaussian noise generator (WGNG) is developed in an FPGA circuit for mobile communication channel emulation. High accuracy, fast and low-cost hardware are reached by combining the Box-Muller and central limit methods. The performance of the designed model is investigated using MATLAB. The complexity and the performance level are given for some configurations and show the interest of the proposed model.

BCDL: a high speed balanced DPL for FPGA with global precharge and no early evaluation

In this paper, we present BCDL (Balanced Cell-based Dual-rail Logic), a new counter-measure against Side Channel Attacks (SCA) on cryptoprocessors implementing symmetrical algorithms on FPGA. BCDL is a DPL (Dual-rail Precharge Logic), which aims at overcoming most of the usual vulnerabilities of such counter-measures, by using specific synchronization schemes, while maintaining a reasonable complexity. We compare our architecture in terms of complexity, performances and easiness to design with other DPLs (WDDL, IWDDL, MDPL, iMDPL, STTL, DRSL, SecLib). It is shown that BCDL can be optimized to achieve higher performances than any other DPLs (more than 1/2 times the nominal data rate) with an affordable complexity. Finally, we implement a BCDL AES on an FPGA and compare its robustness against DPA by using the number of Measurements To Disclosure (MTD) required to find the key with regards to unprotected AES. It is observed that the SCA on a BCDL implementation failed for 150,000 power consumption traces which represents a gain greater than 20 w.r.t. the unprotected version. Moreover the fault attack study has pointed out the natural resistance of BCDL against simple faults attacks.

WDDL is Protected against Setup Time Violation Attacks

In order to protect crypto-systems against side channel attacks various countermeasures have been implemented such as dual-rail logic or masking. Faults attacks are a powerful tool to break some implementations of robust cryptographic algorithms such as AES and DES. Various kind of fault attacks scenarios have been published. However, very few publications available in the public literature detail the practical realization of such attacks. In this paper we present the result of a practical fault attack on AES in WDDL and its comparison with its non-protected equivalent. The practical faults on an FPGA running an AES encrypt or are realized by under-powering it and further exploited using Pirets attack. The results show that WDDL is protected against setup violation attacks by construction because a faulty bit is replaced by a null bit in the cipher text. Therefore, the fault leaks no exploitable information. We also give a theoretical model for the above results. Other references have already studied the potential of fault protection of the resynchronizing gates (delay-insensitive). In this paper, we show that non-resynchronizing gates (hence combinatorial DPL such as WDDL) are natively immune to setup time violation attacks.

Place-and-route impact on the security of DPL designs in FPGAs

Straightforward implementations of cryptographic algorithms are known to be vulnerable to attacks aimed not at the mathematical structure of the cipher but rather at the weak points of the electronic devices which implement it. These attacks, known as side-channel attacks, have proved to be very powerful in retrieving secret keys from any kind of unprotected electronic device. Amongst the various protection strategies, side-channel hiding is very popular and well studied. The principle of information hiding is to make any leak constant, thus uncorrelated to the device internal secrets. The so-called ldquodual-rail with precharge logicrdquo (DPL) style is indicated to achieve that goal. For DPL protection to be effective, it further requires a carefully balanced layout so as to obtain equal propagation delays and power consumption on both rails. In this article, we study to which extent the differential place-and-route constraints must be strict in FPGA technology. We describe placement techniques suitable for Xilinx and Altera FPGAs, and quantify the gain of balance they confer. On the one hand, we observed that Xilinx fitting tool achieves naturally good balancing results. On the other hand, the symmetry can be greatly improved with Altera devices, using a manual placement, leading to unprecedented dual netlists balancing.

Successful attack on an FPGA-based WDDL DES cryptoprocessor without place and route constraints

In this paper, we propose a preprocessing method to improve side channel attacks (SCAs) on dual-rail with precharge logic (DPL) countermeasure family. The strength of our method is that it uses intrinsic characteristics of the countermeasure: classical methods fail when the countermeasure is perfect, whereas our method still works and enables us to perform advanced attacks. We have experimentally validated the proposed method by attacking a DES cryptoprocessor embedded in a field programmable gates array (FPGA), and protected by the wave dynamic differential logic (WDDL) countermeasure. This successful attack, unambiguous as the full key is retrieved, is the first to be reported.