Liji Wu

A passive UHF tag for RFID-based train axle temperature measurement system

A fully integrated passive UHF RFID tag with embedded temperature sensor, compatible with the ISO/IEC 18000 type 6C protocol, is developed in a standard 0.18µm CMOS process, which is designed to measure the axle temperature of a running train. The consumption of RF/analog front-end circuits is 1.556µA@1.0V, and power dissipation of digital part is 5µA@1.0V. The CMOS temperature sensor exhibits a conversion time under 2 ms, less than 7 µW power dissipation, resolution of 0.31°C/LSB and error of +2.3/−1.1°C with a 1.8 V power supply for range from −35°C to 105°C. Measured sensitivity of tag is −5dBm at room temperature.

Design and Implementation of an Electromagnetic Analysis System for Smart Cards

Information security is very important for the smart cards. Electromagnetic analysis (EMA) attack is a common method of side channel attacks which is a serious threat for the security of smart cards. So it is necessary to build a system to estimate the ability of the smart card to resist EMA attack. In this paper, an automatic EMA system for smart cards is designed and implemented. This system can measuring the electromagnetic field of smart card and can also carry out EMA attack. To verify the effectiveness of this system, an EMA attack was successfully carried out by it on a FPGA which 3DES cryptographic algorithm was loaded and implemented. 3DES is widely used in bank IC card and USB key. It is important to make sure of the safety of these financial IC cards. The experimental results showed that the applicable electromagnetic field signal can be traced to estimate the ability of the security device to resist EMA attack.

Transient-Steady Effect Attack on Block Ciphers

A new Transient-Steady Effect attack on block ciphers called TSE attack is presented in this paper. The concept of transient-steady effect denotes the phenomenon that the output of a combinational circuit keeps a temporal value for a while before it finally switches to the correct value. Unlike most existing fault attacks, our attack does not need a large amount of encryptions to build a statistical model. By injecting a clock glitch to capture the temporal value caused by transient-steady effect, attackers can obtain the information of key from faulty outputs directly. This work shows that AES implementations, which have transient-steady property, are vulnerable to our attack. Experiments are successfully conducted on two kinds of unmasked S-boxes and one kind of masked S-box implemented in serial with FPGA board. After a moderate pre-computation, we need only 1 encryption to recover a key byte of the unmasked S-boxes, and 20 encryptions to recover a key byte of the masked S-box. Furthermore, we investigate the key recover method for parallel unmasked implementation, and discuss a possible attack scenario which may deem WDDL-AES insecure.

Design of Monitor and Protect Circuits against FIB Attack on Chip Security

As information security chips are more widely used in the field of information security, the security of chips becomes increasingly important, which has also been a hot research field of information security. With the advances in technology, a chip-invasive method of attack which uses laser or focused ion beam (FIB) to change the chips internal signal line, and then probe the chips secret information with the electron microprobe, becomes a serious threat to information security chip. Such an attack makes the shielding metal wire an effective mean to improve chip security. The protection circuit module monitoring the shielding metal line is to ensure the layer of the metal wire is undamaged, in order to ensure that the chip has not been attacked by laser or FIB. This paper studies the design and implementation of Monitor and Protect Circuits (MPC) based on RC delay, which monitor if the shielding metal wires are damaged. The circuit is designed in SMIC0.18um CMOS process and an entire layout is completed. The gate count of MPC is about 642, which is 2.9% of that of AES. And its power consumption is about 81uw.

A Configurable IPSec Processor for High Performance In-Line Security Network Processor

A configurable IPSec processor for a high performance in-line network security processor that integrates two embedded 32-bit CPU cores, and an IPSec protocol processor on a SoC is presented. The IPSec processor can implement the transport/tunnel mode AH and ESP protocol of the IPSec, and support AES-128/192/256, HMAC-SHA-1 algorithm. The number of AH, ESP, AES, HMAC-SHA-1 IP-cores in the design can be configured for different use such as 10 Gigabit Ethernet and Gigabit Ethernet, even for the next generation 40/100G Network. Low power is also considered in the design. In the IPSec processor, crossbar switch architecture for multi-core data transfer is adopted. With four parallel AH, ESP, AES, HMAC-SHA-1 IP-cores separately connected to an 8x8 crossbar switch in the IPSec processor, a throughput of 1.5Gbps at 200MHz is achieved and hardware verification is implemented by FPGA. By simulation, the IPSec protocol operation can achieve 10Gbps wire speed with 32 IPSec protocol IP-cores and cryptographic IP-cores configured in the IPSec processor.

Design of a 0.8V low power CMOS temperature sensor for RFID-based train axle temperature measurement

A novel CMOS temperature sensor embedded in a passive UHF RFID tag is presented. The sensor consists of a temperature-to-current converter, two current-starved ring oscillators and two digital counters. High power consumption band-gap voltage references and traditional ADCs are not used for low power design. Post-layout simulation show that the power consumption is 0.64µW with a supply voltage of 0.8V at room temperature (27°C), and the conversion rate is up to 1 kHz. The average temperature resolution is 0.2°C/LSB from −40°Cr∼120°C. The sensor is implemented in CMOS 0.18µm and the core occupies an area of 0.09 mm2.

Wavelet-Based Noise Reduction in Power Analysis Attack

Side-channel power analysis attacks have been proven to be the most powerful attacks on implementations of cryptographic primitives. DPA and CPA are probably the most wide-spread practical attacks on numerous embedded cryptographic systems. Additive noise is a kind of typical power analysis resistant implementing technique. The success rate of the DPA and CPA attacks is significantly affected by the Signal-to-Noise Ratio (SNR) of the power traces. Hence, it is important to eliminate noise effectively and improve the SNR for power attacks to extract the secret key. In this paper, a new method is proposed with wavelet analysis to reduce noise effects, which aims to improve the performance of side-channel power attacks named as WPA (Wavelet-based Power Attack). The key is successfully recovered on commercially available contact-less smart card based on 3DES, which is widely used for security-sensitive applications. Experimental results show that WPA significantly improves the success rate for encryption key detection. Compared to the fourth-order cumulant noise reduction method for power attack, the required number of the power traces is 50% less.

Key recovery against 3DES in CPU smart card based on improved correlation power analysis

The security of CPU smart cards,which are widely used throughout China,is currently being threatened by side-channel analysis.Typical countermeasures to side-channel analysis involve adding noise and filtering the power consumption signal.In this paper,we integrate appropriate preprocessing methods with an improved attack strategy to generate a key recovery solution to the shortcomings of these countermeasures.Our proposed attack strategy improves the attack result by combining information leaked from two adjacent clock cycles.Using our laboratory-based power analysis system,we verified the proposed key recovery solution by performing a successful correlation power analysis on a Triple Data Encryption Standard(3DES)hardware module in a real-life 32-bit CPU smart card.All 112 key bits of the 3DES were recovered with about 80 000 power traces.

A 70 mW 25 Gb/s Quarter-Rate SerDes Transmitter and Receiver Chipset With 40 dB of Equalization in 65 nm CMOS Technology

A 25 Gb/s transmitter (TX) and receiver (RX) chipset designed in a 65 nm CMOS technology is presented. The proposed quarter-rate TX architecture with divider-less clock generation can not only guarantee the timing constraint for the highest-speed serialization, but also save power compared with the conventional designs. A source-series terminated (SST) driver with a 2-tap feed-forward equalizer (FFE) and a far-end crosstalk canceller (XTC) is implemented in the TX chip. The RX chip employs an adaptive quarter-rate 2-tap decision-feedback equalizer (DFE) and a baud-rate clock and data recovery (CDR). The power-efficient DFE uses the combination of the soft-decision technique and a new dynamic structure. The DFE adaption logic and baud-rate CDR logic share a set of error samplers to save power and area. A hybrid alternate clock scheme is proposed to satisfy the timing requirement and reduce the power consumption further. The measurement results show that the TX and RX chipset totally compensates for a Nyquist channel loss of more than 40 dB, and consumes only 70 mW from a 1.2 V supply when operating at 25 Gb/s.

Adaptive Chosen-Plaintext Correlation Power Analysis

Yongdae K ea al. poposed biasing power traces to improve correlation in power analysis attack in 2010. However this method abandons large numbers of power traces which is unreasonable in comparison with traditional CPA. In this paper, the traces acquirement process is divided into two stages. In the first stage, some plaintexts are chosen randomly and two most probable key byte candidates are recovered. In the second stage, we adaptively choose specific plaintexts corresponding to the traces with high signal-to-noise ratio, encrypt them, and acquire the second batch of traces. So the attack can be finished with fewer traces. According to our experiments on AT89S52 software implementation of AES, getting the same success rate 0.955, our adaptive chosen-plaintext CPA only requires 78.9% traces of traditional CPA. Our proposal can be implemented by automatic software through two interactions with the AT89S52.