Robert P. McEvoy

Optimisation of the SHA-2 family of hash functions on FPGAs

Hash functions play an important role in modern cryptography. This paper investigates optimisation techniques that have recently been proposed in the literature. A new VLSI architecture for the SHA-256 and SHA-512 hash functions is presented, which combines two popular hardware optimisation techniques, namely pipelining and unrolling. The SHA processors are developed for implementation on FPGAs, thereby allowing rapid prototyping of several designs. Speed/area results from these processors are analysed and are shown to compare favourably with other FPGA-based implementations, achieving the fastest data throughputs in the literature to date

EEG compression using JPEG2000: How much loss is too much?

Compression of biosignals is an important means of conserving power in wireless body area networks and ambulatory monitoring systems. In contrast to lossless compression techniques, lossy compression algorithms can achieve higher compression ratios and hence, higher power savings, at the expense of some degradation of the reconstructed signal. In this paper, a variant of the lossy JPEG2000 algorithm is applied to Electroencephalogram (EEG) data from the Freiburg epilepsy database. By varying compression parameters, a range of reconstructions of varying signal fidelity is produced. Although lossy compression has been applied to EEG data in previous studies, it is unclear what level of signal degradation, if any, would be acceptable to a clinician before diagnostically significant information is lost. In this paper, the reconstructed EEG signals are applied to REACT, a state-of-the-art seizure detection algorithm, in order to determine the effect of lossy compression on its seizure detection ability. By using REACT in place of a clinician, many hundreds of hours of reconstructed EEG data are efficiently analysed, thereby allowing an analysis of the amount of EEG signal distortion that can be tolerated. The corresponding compression ratios that can be achieved are also presented.

Differential power analysis of HMAC based on SHA-2, and countermeasures

The HMAC algorithm is widely used to provide authentication and message integrity to digital communications. However, if the HMAC algorithm is implemented in embedded hardware, it is vulnerable to side-channel attacks. In this paper, we describe a DPA attack strategy for the HMAC algorithm, based on the SHA-2 hash function family. Using an implementation on a commercial FPGA board, we show that such attacks are practical in reality. In addition, we present a masked implementation of the algorithm, which is designed to counteract first-order DPA attacks.

Isolated WDDL: A Hiding Countermeasure for Differential Power Analysis on FPGAs

Security protocols are frequently accelerated by implementing the underlying cryptographic functions in reconfigurable hardware. However, unprotected hardware implementations are susceptible to side-channel attacks, and Differential Power Analysis (DPA) has been shown to be especially powerful. In this work, we evaluate and compare the effectiveness of common hiding countermeasures against DPA in FPGA-based designs, using the Whirlpool hash function as a case study. In particular, we develop a new design flow called Isolated WDDL (IWDDL). In contrast with previous works, IWDDL isolates the direct and complementary circuit paths, and also provides DPA resistance in the Hamming distance power model. The analysis is supported using actual implementation results.

The Effects of Lossy Compression on Diagnostically Relevant Seizure Information in EEG Signals

This paper examines the effects of compression on electroencephalogram (EEG) signals, in the context of automated detection of epileptic seizures. Specifically, it examines the use of lossy compression on EEG signals in order to reduce the amount of data which has to be transmitted or stored, while having as little impact as possible on the information in the signal relevant to diagnosing epileptic seizures. Two popular compression methods, JPEG2000 and SPIHT, were used. A range of compression levels was selected for both algorithms in order to compress the signals with varying degrees of loss. This compression was applied to the database of epileptiform data provided by the University of Freiburg, Germany. The real-time EEG analysis for event detection automated seizure detection system was used in place of a trained clinician for scoring the reconstructed data. Results demonstrate that compression by a factor of up to 120:1 can be achieved, with minimal loss in seizure detection performance as measured by the area under the receiver operating characteristic curve of the seizure detection system.

First-Order Side-Channel Attacks on the Permutation Tables Countermeasure

The use of random permutation tables as a side-channel attack countermeasure was recently proposed by Coron [5]. The countermeasure operates by ensuring that during the execution of an algorithm, each intermediate variable that is handled is in a permuted form described by the random permutation tables. In this paper, we examine the application of this countermeasure to the AES algorithm as described in [5], and show that certain operations admit first-order side-channel leakage. New side-channel attacks are developed to exploit these flaws, using correlation-based and mutual information-based methods. The attacks have been verified in simulation, and in practice on a smart card.

Ambulatory REACT: Real-time seizure detection with a DSP microprocessor

REACT (Real-Time EEG Analysis for event deteCTion) is a Support Vector Machine based technology which, in recent years, has been successfully applied to the problem of automated seizure detection in both adults and neonates. This paper describes the implementation of REACT on a commercial DSP microprocessor; the Analog Devices Blackfin®. The primary aim of this work is to develop a prototype system for use in ambulatory or in-ward automated EEG analysis. Furthermore, the complexity of the various stages of the REACT algorithm on the Blackfin processor is analysed; in particular the EEG feature extraction stages. This hardware profile is used to select a reduced, platform-aware feature set, in order to evaluate the seizure classification accuracy of a lower-complexity, lower-power REACT system.

All-or-Nothing Transforms as a countermeasure to differential side-channel analysis

Side-channel attacks on hardware implementations of cryptographic algorithms have recently been the focus of much attention in the research community. Differential power analysis (DPA) has been shown to be particularly effective at retrieving secret information stored within an implementation. The design of DPA-resistant systems that are efficient in terms of speed and area poses a significant challenge. All-or-Nothing Transforms are cryptographic transforms, which are currently employed in numerous applications. We examine All-or-Nothing Encryption systems from the DPA perspective. This paper shows that All-or-Nothing cryptosystems, whilst not preventing side-channel leakage, do fundamentally inhibit DPA attacks. Furthermore, we develop extensions to the All-or-Nothing protocol to strengthen the DPA resistance of the cryptosystem, providing a practical alternative to masking countermeasures for symmetric ciphers.

Efficient All-or-Nothing Encryption Using CTR Mode

All-or-Nothing Encryption is a useful technique which can heighten the security of block ciphers. It can also be used to design faster symmetric-key cryptosystems, by decreasing the number of required encryption operations at run-time. An open problem in the literature regards the speed of all-or-nothing encryption, which we address in this paper by combining two techniques from the literature, forming a new all-or-nothing mode of operation. Trade-offs in the implementation of this design are considered, and theoretical proofs of security are provided.

Self-Deployed Magnetic Polygons: Design, Construction, and Application

This paper reports the development of self-deployed magnetic polygons at the centimeter scale. These permanent-magnet (NdFeB) devices can be folded into a constraining catheter for delivery, before spontaneously unfolding into a polygon upon extrusion. The devices use a combination of dipolar and quadrapolar magnetic components along their sides, which facilitate self-deployment. Four-, six-, and eight-sided devices are reported and the effects of varying the geometry, the number of sides, and the duty cycle of the quadrapolar sides are examined in simulation and through experimental testing. As well as self-deployment, two N-sided devices (N ∈ {4,6,8}) are capable of face-to-face magnetic mating of opposing north and south poles with a minimum of difficulty. This capability is justified by modeling of the systems magnetic potential energy, and by experimental validation. Optimized design parameters are proposed. Magnetic mating of two N-sided devices facilitates applications where access to an adjoining orifice is desirable with a minimally sized access port (e.g., in the case of minimally invasive surgical technology). Current and future applications are considered.