Lilian Bossuet

Contactless electromagnetic active attack on ring oscillator based true random number generator

True random number generators (TRNGs) are ubiquitous in data security as one of basic cryptographic primitives. They are primarily used as generators of confidential keys, to initialize vectors, to pad values, but also as random masks generators in some side channel attacks countermeasures. As such, they must have good statistical properties, be unpredictable and robust against attacks. This paper presents a contactless and local active attack on ring oscillators (ROs) based TRNGs using electromagnetic fields. Experiments show that in a TRNG featuring fifty ROs, the impact of a local electromagnetic emanation on the ROs is so strong, that it is possible to lock them on the injected signal and thus to control the monobit bias of the TRNG output even when low power electromagnetic fields are exploited. These results confirm practically that the electromagnetic waves used for harmonic signal injection may represent a serious security threat for secure circuits that embed RO-based TRNG.

A PUF Based on a Transient Effect Ring Oscillator and Insensitive to Locking Phenomenon

This paper presents a new silicon physical unclonable function (PUF) based on a transient effect ring oscillator (TERO). The proposed PUF has state of the art PUF characteristics with a good ratio of PUF response variability to response length. Unlike RO-PUF, it is not sensitive to the locking phenomenon, which challenges the use of ring oscillators for the design of both PUF and TRNG. The novel architecture using differential structures guarantees high stability of the TERO-PUF. The area of the TERO-PUF is relatively high, but is still comparable with other PUF designs. However, since the same piece of hardware can be used for both PUF and random number generation, the proposed principle offers an interesting low area mixed solution.

Design Space Pruning Through Early Estimations of Area/Delay Tradeoffs for FPGA Implementations

Early performance feedback and design space exploration of complete field-programmable gate array (FPGA) designs are still time consuming tasks. This paper proposes an original methodology based on estimations to reduce the impact on design time. It promotes a hierarchical exploration to mitigate the complexity of the exploration process. Therefore, this work takes place before any design step, such as compilation or behavioral synthesis, where the specification is still provided as a C program. The goal is to provide early area and delay evaluations of many register-transfer level (RTL) implementations to prune the design space. Two main steps compose the flow: 1) a structural exploration step defines several RTL implementations, and 2) a physical mapping estimation step computes the mapping characteristics of these onto a given FPGA device. For the structural exploration, a simple yet realistic RTL model reduces the complexity and permits a fast definition of solutions. At this stage, it focuses on the computation parallelism and memory bandwidth. Advanced optimizations using for instance loop tiling, scalar replacement, or data layout are not considered. For the physical estimations, an analytical approach is used to provide fast and accurate area/delay tradeoffs. The paper also do not consider the impact of routing on critical paths or other optimizations. The reduction of the complexity allows the evaluation of key design alternatives, namely target device and parallelism that can also include the effect of resource allocation, bitwidth, or clock period. Due to this, a designer can quickly identify a reliable subset of solutions for which further refinement can be applied to enhance the relevance of the final architecture and reach a better use of FPGA resources, i.e., an optimal level of performance. Experiments performed with Xilinx (VirtexE) and Altera (Apex20K) FPGAs for a two-dimensional Discrete Wavelet Transform and a G722 speech coder lead to an average error of 10% for temporal values and 18% for area estimations

Architectures of flexible symmetric key crypto engines—a survey: From hardware coprocessor to multi-crypto-processor system on chip

Throughput, flexibility, and security form the design trilogy of reconfigurable crypto engines; they must be carefully considered without reducing the major role of classical design constraints, such as surface, power consumption, dependability, and cost. Applications such as network security, Virtual Private Networks (VPN), Digital Rights Management (DRM), and pay per view have drawn attention to these three constraints. For more than ten years, many studies in the field of cryptographic engineering have focused on the design of optimized high-throughput hardware cryptographic cores (e.g., symmetric and asymmetric key block ciphers, stream ciphers, and hash functions). The flexibility of cryptographic systems plays a very important role in their practical application. Reconfigurable hardware systems can evolve with algorithms, face up to new types of attacks, and guarantee interoperability between countries and institutions. The flexibility of reconfigurable crypto processors and crypto coprocessors has reached new levels with the emergence of dynamically reconfigurable hardware architectures and tools. Last but not least, the security of systems that handle confidential information needs to be thoroughly evaluated at the design stage in order to meet security objectives that depend on the importance of the information to be protected and on the cost of protection. Usually, designers tackle security problems at the same time as other design constraints and in many cases target only one security objective, for example, a side-channel attack countermeasures, fault tolerance capability, or the monitoring of the device environment. Only a few authors have addressed all three design constraints at the same time. In particular, key management security (e.g., secure key generation and transmission, the use of a hierarchical key structure composed of session keys and master keys) has frequently been neglected to the benefit of performance and/or flexibility. Nevertheless, a few authors propose original processor architectures based on multi-crypto-processor structures and reconfigurable cryptographic arrays. In this article, we review published works on symmetric key crypto engines and present current trends and design challenges.

An Easy-to-Design PUF Based on a Single Oscillator: The Loop PUF

This paper presents an easy to design Physically Unclonable Function (PUF). The proposed PUF implementation is a loop composed of N identical and controllable delay chains which are serially assembled in a loop to create a single ring oscillator. The frequency discrepancies resulting from the oscillator driven by complementary combinations of the delay chains allows to characterize one device. The presented PUF, nicknamed the Loop PUF (LPUF), returns a frequency comparison of loops made of N delay chains (N ≥ 2). The comparisons are done sequentially on the same structure. Unlike others PUFs based on delays, there is no specific routing constraints. Hence the LPUF is particularly flexible and easy to design. The basic use of the Loop PUF is to generate intrinsic device keys for cryptographic algorithms. It can also be used to generate challenge response pairs for simple authentication. Experiments have been carried out on CYCLONE II FPGAs to assess the performance of the LPUF, such as randomness, uniqueness and steadiness. They clearly show both the easiness of design and the quality level of the LPUF. The measurement time vs steadiness, as well as resistance against side-channel and modeling attacks are discussed.

Fast prototyping of reconfigurable architectures from a C program

Rapid evaluation and design space exploration at the algorithmic level are important issues in the design cycle. In this paper we propose an original area vs delay estimation methodology that targets reconfigurable architectures. Two main steps compose the estimation flow: i) the structural estimation which is technological independent and performs an automatic design space exploration and ii) the physical estimation which performs a technologic mapping to the target reconfigurable architecture. Experiments conducted on Xilinx (XC4000, Virtex) and Altera (Flex 10K, Apex) components for a 2D DWT and a speech coder lead to an average error of about 10% for temporal values and 18% for area estimations.

Survey of hardware protection of design data for integrated circuits and intellectual properties

This study reviews the current situation regarding design protection in the microelectronics industry. Over the past 10 years, the designers of integrated circuits (IC) and intellectual properties (IP) have faced increasing threats including counterfeiting, reverse-engineering and theft. This is now a critical issue for the microelectronics industry, mainly for fabless designers and IP designers. Coupled with increasing pressure to decrease the cost and increase the performance of ICs, the design of a secure, efficient, lightweight protection scheme for design data is a serious challenge for the hardware security community. However, several published works propose different ways to protect design data including functional locking, hardware obfuscation and IC/IP identification. This study presents a survey of academic research on the protection of design data. It concludes with the need to design an efficient protection scheme based on several properties.

SRAM-FPGA implementation of masked S-Box based DPA countermeasure for AES

This paper presents FPGA implementation and overhead evaluation for an algorithmic DPA countermeasure for advanced encryption standard AES. To reduce implementation overhead the masked compact S-Box, proposed by Canright, was chosen to implement a DPA countermeasure on an SRAM FPGA. Obtained results showed that secured AES IP leads to slices number increase by 60,1% and a frequency decrease by 4%.

Generic design space exploration for reconfigurable architectures

We propose in this paper an original design space exploration method for reconfigurable architectures adapted to fine and coarse grain resources. The exploration flow deals with communication hierarchical distribution and processing resources use rate for the architecture under exploration. With this information, designer can explore the architectural design space to define a power-efficient architecture. Exploration results for image computing and cryptography applications are provided to demonstrate the efficiency of the method.

Gossip NoC – Avoiding Timing Side-Channel Attacks through Traffic Management

The wide use of Multi-processing systems-on-chip (MPSoCs) in embedded systems and the trend to increase the integration between devices have turned these systems vulnerable to attacks. Malicious software executed on compromised IP may become a serious security problem. By snooping the traffic exchanged through the Network-on-chip (NoC), it is possible to infer sensitive information such as secrets keys. NoCs are vulnerable to side channel attacks that exploit traffic interference as timing channels. When multiple IP cores are infected, they can work coordinately to implement a distributed timing attack (DTA). In this work we present for the first time the execution of a DTA and a secure enhanced NoC architecture able to avoid the timing attacks. Results show that our NoC proposal can avoid the DTA with an increase of only 1% in area and 0.8% in power regarding the whole chip design.