Yohei Hori

Bitstream encryption and authentication with AES-GCM in dynamically reconfigurable systems

A high-speed and secure dynamic partial reconfiguration (DPR) system is realized with AES-GCM that guarantees both confidentiality and authenticity of FPGA bitstreams. In DPR systems, bitstream authentication is essential for avoiding fatal damage caused by unintended bitstreams. An encryption-only system can prevent bitstream cloning and reverse engineering, but cannot prevent erroneous or malicious bitstreams from being configured. Authenticated encryption is a relatively new concept that provides both message encryption and authentication, and AES-GCM is one of the latest authenticated encryption algorithms suitable for hardware implementation. We implemented the AES-GCM-based DPR system targeting the Virtex-5 device on an off-the-shelf board, and evaluated its throughput and hardware resource utilization. For comparison, we also implemented AES-CBC and SHA-256 modules on the same device. The experimental results showed that the AES-GCM-based system achieved higher throughput with less resource utilization than the AES/SHA-based system. The AES-GCM-module achieved more than 1 Gbps throughput and the entire system achieved about 800 Mbps throughput with reasonable resource utilization. This paper clarifies the advantage of using AES-GCM for protecting DPR systems.

SASEBO-GIII: A hardware security evaluation board equipped with a 28-nm FPGA

The SASEBO-GIII board equipped with a 28-nm FPGA was developed for security evaluation against side-channel attacks (SCAs) and various other threats. SCAs are performed to extract a secret key inside a cryptographic module by analyzing its power consumption, electromagnetic radiation and other physical parameters. Since an increasing number of current consumer electronic devices provide hardware-accelerated cryptographic functionality for data encryption, device authentication, and so forth, SCAs are considered to be a serious problem in the electronics market. While previous SASEBO models mainly target SCA evaluation of a single cryptographic core, they are nevertheless insufficient for testing the security of integrated systems that consist of any combination of cryptographic, network, control and other modules. Providing high processing power with the latest Kintex-7 FPGA and considerable expandability with ANSI-standard FMC connectors, SASEBO-GIII is suitable for prototyping a wide variety of systems, such as home information appliances, content distribution systems and dynamic partial reconfiguration (DPR) systems, and offers a convenient environment for studying security issues in such integrated systems, for example, hardware trojans and counterfeit electronics. The configuration of the Kintex-7 FPGA is controlled by the other FPGA (Spartan-6), and therefore a user can verify the security of various types of device configuration processes, for example, DPR through ICAP or SelectMAP interfaces as well as though standard configuration interfaces such as BPI and JTAG. This paper presents the detailed architecture and features of SASEBO-GIII, and shows the results of an electromagnetic SCA attack against the standard AES block cipher implemented on the Kintex-7 FPGA.

Evaluation of Physical Unclonable Functions for 28-nm Process Field-Programmable Gate Arrays

In this study, the properties of physical unclonable functions (PUFs) for 28-nm process field-programmable gate arrays (FPGAs) are examined. A PUF is a circuit that generates device-specific IDs by extracting device variations. Owing to device variation, no two PUFs will generate the same ID even if they have identical structures and are manufactured on the same silicon wafer. However, because the influence of device variation increases as the size of the process node shrinks, it is uncertain whether PUFs can be built using recently developed small-scale process nodes, even though the technology of variation control is constantly advancing. While many PUFs using 40-nm or larger process nodes have been reported, smaller devices have not yet been studied to the authors’ knowledge, and this is the first published journal article on PUFs for 28-nm process FPGAs. In this paper, within-die reproducibility, die-to-die uniqueness, and other properties are evaluated, and the feasibility of PUFs on 28-nm FPGAs is discussed.

Cryptographie key generation from PUF data using efficient fuzzy extractors

Physical unclonable functions (PUFs) and biometrics are inherently noisy. When used in practice as cryptographic key generators, they need to be combined with an extraction technique to derive reliable bit strings (i.e., cryptographic key). An approach based on an error correcting code was proposed by Dodis et al. and is known as a fuzzy extractor. However, this method appears to be difficult for non-specialists to implement. In our recent study, we reported the results of some example implementations using PUF data and presented a detailed implementation diagram. In this paper, we describe a more efficient implementation method by replacing the hash function output with the syndrome from the BCH code. The experimental results show that the Hamming distance between two keys vary according to the key size and information-theoretic security has been achieved.

Performance evaluation of the first commercial PUF-embedded RFID

Physical unclonable functions (PUFs) generate device-unique data streams by using manufacturing variations of each LSI. High-security authentication for counterfeiting prevention and secret key generation for data encryption are provided through PUFs. Such technology is a recent innovation, and Verayo Inc. created the worlds first commercially available PUF only a few years ago. Toppan Printing Co., Ltd., has since integrated Verayos PUF ICs into radio frequency identification (RFID) tags in order to develop a new security business in the near field communication market. In collaboration with Toppan, we have conducted acceleration tests on their PUF-embedded RFID tag to evaluate its performance and reliability.

Pseudo-LFSR PUF: A Compact, Efficient and Reliable Physical Unclonable Function

A physical unclonable function (PUF) with a novel hardware architecture called Pseudo-LFSR PUF (PL-PUF) is developed. The structure of the PL-PUF is based on LFSR but it actually is large combinational logic. The long feedback signal of the PL-PUF effectively extracts the device variation, and consequently the output IDs generated in the different devices become completely dissimilar. The advantages of the PL-PUF are that (1) the size of the circuit is small since it simply consists of inverters and a few XOR gates, (2) it efficiently outputs a long-bit ID since all n bits of the ID are simultaneously output from a single n-bit challenge, and (3) the challenge-response mapping of PL-PUF can be easily changed without modifying its hardware structure. The reliability of the PL-PUF is also examined in terms of False Acceptance Rate (FAR) and False Rejection Rate (FRR) through the experimentation using FPGAs. The empirical results show that the intra-device Hamming distance among IDs generated in the same PL-PUF is quite small, the inter-device Hamming distance among IDs in different PL-PUFs is sufficiently large. As a consequent, it is demonstrated that the PL-PUF has quite low FAR/FRR and is quite effective for device identification and other security-sensitive applications. This paper describes the structure of the PL-PUF in detail and presents the experimental results of the performance evaluation using Virtex-5 FPGAs.

A fast power current analysis methodology using capacitor charging model for side channel attack evaluation

Fast power current analysis method using capacitor charging model was introduced to evaluate security of cryptographic hardware against side channel attacks before the circuit is fabricated as an LSI chip. The method was applied to CPA (Correlation Power Analysis) on various AES (Advanced Encryption Standard) circuits, which require more than 10,000 power current traces, and simulation speed was accelerated by 40–60 times in comparison with conventional full transistor level analysis. The proposed simulation based CPA revealed all of the secret keys of the AES circuits by extracting capacitance model from the post-layout data using a 65-nm CMOS standard cell library. The layout was also fabricated as an LSI chip, and CPA on the LSI was conducted. The results showed remarkable consistency between simulation and actual measurement in terms of information leakage related to the secret keys in power waveforms.

A Secure Content Delivery System Based on a Partially Reconfigurable FPGA

We developed a content delivery system using a partially reconfigurable FPGA to securely distribute digital content on the Internet. With partial reconfigurability of a Xilinx Virtex-II Pro FPGA, the system provides an innovative single-chip solution for protecting digital content. In the system, a partial circuit must be downloaded from a server to the client terminal to play content. Content will be played only when the downloaded circuit is correctly combined (= interlocked) with the circuit built in the terminal. Since each circuit has a unique I/O configuration, the downloaded circuit interlocks with the corresponding built-in circuit designed for a particular terminal. Thus, the interface of the circuit itself provides a novel authentication mechanism. This paper describes the detailed architecture of the system and clarify the feasibility and effectiveness of the system. In addition, we discuss a fail-safe mechanism and future work necessary for the practical application of the system.

Robust and compact key generator using physically unclonable function based on logic-transistor-compatible poly-crystalline-Si channel FinFET technology

This paper presents a robust and compact SRAM physically-unclonable-function (PUF) cell using a polycrystalline-Si channel (poly-Si) FinFET, for the first time. Its process is identical to that of a crystalline-Si FinFET except channel material. A systematic comparison between poly- and crystalline-Si FinFET PUF cells, reveals that the poly-Si cell improves the intra-PUF hamming distance to 1/3.4 of that of the crystalline-Si cell and 15k logic-transistors for stabilizing PUF reproducibility are reduced with keeping the same stability. For this analysis, a newly defined noise margin for SRAM PUFs, which is different from the SRAM static noise margin, is introduced.

Secure Content Distribution System Based on Run-Time Partial Hardware Reconfiguration

A secure content distribution system is prototyped based on run-time partial reconfigurability of an FPGA. The system provides a robust content protection scheme for online content download services. The key idea is to divide the security module in a user terminal into Content-Specific Circuit (CSC) and Terminal Build-in Circuit (TBC) and to dynamically reconfigure CSC. CSC is customized for each content and transferred from a server in the form of encrypted configuration data. TBC is a uniquely identifiable processing unit that is combined with particular CSC to decrypt and decode contents. A content is properly decrypted and played by the security module only if its CSC is interlocked with the authorized TBC. To realize this CSC-TBC interlock authentication mechanism, partial reconfigurability of the FPGA is essential. This paper discusses the robustness and feasibility of the content distribution system through a proof-of-concept demonstration.