tamper resistant sensor nodes

Bookchapters

Improving the Security of Wireless Sensor Networks by Protecting the Sensor Nodes against Side Channel Attacks

Author(s) Zoya Dyka, Peter Langendoerfer
Journal Springer to appear 2012/13
Abstract Wireless sensor networks (WSNs) are becoming an essential building block in application fields such as critical infrastructure protection, industrial automation and telemedicine to name a few areas in which security plays a central role. Potential attackers of those applications will most probably attack the most vulnerable part of the overall systems, i.e. the WSNs. The wireless sensor nodes can be attacked by “standard” network based approaches but also by physical means if they are left unattended in remote sites which is, after all, the preferred application for WSN. We are convinced that protecting the wireless sensor nodes is essential since compromised nodes put the whole system at risk. The challenge with sensor nodes is that they are low cost and running with extremely limited resources but are expected to be operational for long time intervals up to several years. The long life time provides potential attackers with a lot of time to execute an attack and even worse to benefit from a successful attack.

Document available here

How can we determine if a device is infected or not?

|Author(s)|Aurélien Francillon| |Wiley|Book chapter 7.8 in “The death of the Internet|”

Document available here

Journals

Extractors Against Side-Channel Attacks: Weak or Strong?

Author(s) Marcel Medwed and François-Xavier Standaert
Journal Journal of Cryptographic Engineering, Volume 1, Number 3, 2012
Abstract Randomness extractors are important tools in cryptography. Their goal is to compress a high-entropy source into a more uniform output. Beyond their theoretical interest, they have recently gained attention because of their use in the design and proof of leakage-resilient primitives, such as stream ciphers and pseudorandom functions. However, for these proofs of leakage resilience to be meaningful in practice, it is important to instantiate and implement the components they are based on. In this context, while numerous works have investigated the implementation properties of block ciphers such as the AES Rijndael, very little is known about the application of side-channel attacks against extractor implementations. In order to close this gap, this paper instantiates a low-cost hardware extractor and analyzes it both from a performance and from a side-channel security point of view. Our investigations lead to contrasted conclusions. On one hand, extractors can be efficiently implemented and protected with masking. On the other hand, they provide adversaries with many more exploitable leakage samples than, e.g. block ciphers. As a result, they can ensure high security margins against standard (non-profiled) side-channel attacks and turn out to be much weaker against profiled attacks. From a methodological point of view, our analysis consequently raises the question of which attack strategies should be considered in security evaluations.

Conferences

Test Apparatus for Side-Channel Resistance Compliance Testing

Author(s) Michael Hutter
Event Non-Invasive Attack Testing Workshop – NIAT 2011

Document available here

Comparing Prime and Binary Field Elliptic Curve Cryptography on a Custom Area-Optimized Microprocessor

Author(s) Erich Wenger
Event Proceedings of 6th Nordic Conference in Secure IT Systems – NordSec 2011

Document available here

Efficient and first-order DPA resistant implementations of KECCAK

Author(s) Begül Bilgin, Joan Daemen, Ventzislav Nikov, Svetla Nikova, Vincent Rijmen, and Gilles Van Assche
Event The twelfth Smart Card Research and Advanced Application Conference (CARDIS), 2013

Design of a Low-Power Asynchronous Elliptic Curve

Author(s) Steffen Zeidler and Michael Goderbauer and Milos Krstic
Event ICECS’13

Fides: Lightweight authenticated cipher with side-channel resistance for constrained hardware

Author(s) Begül Bilgin, Andrey Bogdanov, Miroslav Knezevic, Florian Mendel, and Qingju Wang
Event Cryptographic Hardware and Embedded Systems — CHES 2013

Document available here

Time-frequency analysis for second-order attacks

Author(s) Pierre Belgarric, Francois-Xavier Standaert, Stefan Tillich
Event The twelfth Smart Card Research and Advanced Application Conference (CARDIS), 2013

A Minimalist Approach to Remote Attestation

Author(s) Aurélien Francillon
Event DATE 2014

A Security-Enhanced UHF RFID Tag Chip

Author(s) Johann Ertl
Event Euromicro Conference on Digital System Design – DSD 2013

Document available here

Pushing the limits of SHA-3 hardware implementations to fit on RFID

Author(s) Peter Pessl
Event Cryptographic Hardware and Embedded Systems – CHES 2013

Document available here

The temperature side channel and heating fault attacks

Author(s) Michael Hutter and Jorn-Marc Schmidt
Event The twelfth Smart Card Research and Advanced Application Conference (CARDIS), 2013

Investigation of parameters influencing the success of optical fault attacks

Author(s) Thomas Korak
Event Foundations and Practice of Security – FPS 2013, 6th International Symposium

Document available here

Red team vs. blue team hardware trojan analysis: detection of a hardware trojan on an actual ASIC

Author(s) Michael Muehlberghuber and Frank K. Gürkaynak and Thomas Korak and Philipp Dunst and Michael Hutter
Event HASP 2013

Document available here

On secure multi-party computation in bandwidth-limited smart-meter systems

Author(s) Mario Kirschbaum, Thomas Plos, and Jorn-Marc Schmidt
Event Eighth International Conference on Availability, Reliability and Security (ARES), 2013

Document available here

Minimizing the costs of side-channel analysis resistance evaluations in early design steps

Author(s) Thomas Korak, Thomas Plos, and Andreas Zankl
Event Eighth International Conference on Availability, Reliability and Security (ARES), 2013

Document available here

Hardware architectures for MSP430-based wireless sensor nodes performing elliptic curve cryptography

Author(s) Erich Wenger
Event Applied Cryptography and Network Security – ACNS 2013

Document available here

Analyzing Side-Channel Leakage of RFIDSuitable Lightweight ECC Hardware

Author(s) Erich Wenger and Thomas Korak and Mario Kirschbaum
Event Radio Frequency Identification – RFIDSec 2013

Document available here

8/16/32 shades of elliptic curve cryptography on embedded processors

Author(s) Erich Wenger and Thomas Unterluggauer and Mario Werner
Event Progress in Cryptology – INDOCRYPT 2013

Document available here

Shuffling Against Side-Channel Attacks: a Comprehensive Study with Cautionary Note

Author(s) Nicolas Veyrat-Charvillon
Event 18th international conference on The Theory and Application of Cryptology and Information Security – ASIACRYPT'12

Document available here

Compact Implementation and Performance Evaluation of Hash Functions in ATtiny Devices

Author(s) Josep Balasch
Event Smart Card Research and Advanced Applications –CARDIS 2012

Document available here

Efficient Removal of Random Delays from Embedded Software Implementations using Hidden Markov Models

Author(s) Francois Durvaux
Event Smart Card Research and Advanced Applications – CARDIS 2012

Document available here

Towards Fresh Re-Keying with Leakage-Resilient PRFs: Cipher Design Principles and Analysis

Author(s) Sonia Belaid, Fabrizio De Santis, Johann Heyszl, Stefan Mangard, Marcel Medwed, Jörn-Marc Schmidt,
Event PROOFS: Security Proofs for Embedded Systems 2013

Document available here

Hardware Implementation and Side-Channel Analysis of Lapin

Author(s) Lubos Gaspar, Gaetan Leurent, Francois-Xavier Standaert
Event Topics in Cryptology — CT-RSA 2014

Document available here

Compact Implementation and Performance Evaluation of Block Ciphers in ATtiny Devices

Author(s) Thomas Eisenbarth, Zheng Gong, Tim Güneysu, Stefan Heyse, Sebastiaan Indesteege, Stéphanie Kerckhof, François Koeune, Tomislav Nad, Thomas Plos und Francesco Regazzoni, et al.
Event AFRICACRYPT 2012, July 10 – 12, 2012,
Ifrane, Morocco
Abstract The design of lightweight block ciphers has been a very active research topic over the last years. However, the lack of comparative source codes generally makes it hard to evaluate the extent to which implementations of different ciphers actually reach their low-cost goals on various platforms. This paper reports on an initiative aiming to relax this issue. First, we provide implementations of 12 block ciphers on an ATMEL AVR ATtiny45 8-bit microcontroller, and make the corresponding source code available on a web page. All implementations are made public under an open-source license. Common interfaces and design goals are followed by all designers to achieve comparable implementation results. Second, we evaluate performance figures of our implementations with respect to different metrics, including energy-consumption measurements and show our improvements compared to existing implementations.

Document available here

Fresh Re-keying: Security against Side-Channel and Fault Attacks for Low-Cost Devices

Author(s) Marcel Medwed, François-Xavier Standaert, Johann Großschädl und Francesco Regazzoni
Event AFRICACRYPT 2010, May 3 – 6, 2010,
Stellenbosch, South Africa
Abstract The market for RFID technology has grown rapidly over the past few years. Going along with the proliferation of RFID technology is an increasing demand for secure and privacy-preserving applications. In this context, RFID tags need to be protected against physical attacks such as Differential Power Analysis (DPA) and fault attacks. The main obstacles towards secure RFID are the extreme constraints of passive tags in terms of power consumption and silicon area, which makes the integration of countermeasures against physical attacks even more difficult than for other types of embedded systems. In this paper we propose a fresh re-keying scheme that is especially suited for challenge-response protocols such as used to authenticate tags. We evaluate the resistance of our scheme against fault and side-channel analysis, and introduce a simple architecture for VLSI implementation. In addition, we estimate the cost of our scheme in terms of area and execution time for various security/performance trade-offs. Our experimental results show that the proposed re-keying scheme provides better security (and does so at less cost) than state-of-the-art countermeasures.

Document available here

The World Is Not Enough: Another Look on Second-Order DPA

Author(s) François-Xavier Standaert, Nicolas Veyrat-Charvillon, Elisabeth Oswald, Benedikt Gierlichs, Marcel Medwed, Markus Kasper und Stefan Mangard
Event ASIACRYPT 2010, December 5 – 9, 2010,
Singapore
Abstract In a recent work, Mangard et al. showed that under certain assumptions, the (so-called) standard univariate side-channel attacks using a distance-of-means test, correlation analysis and Gaussian templates are essentially equivalent. In this paper, we show that in the context of multivariate attacks against masked implementations, this conclusion does not hold anymore. While a single distinguisher can be used to compare the susceptibility of different unprotected devices to first-order DPA, understanding second-order attacks requires to carefully investigate the information leakages and the adversaries exploiting these leakages, separately. Using a framework put forward by Standaert et al. at Eurocrypt 2009, we provide the first analysis that explores these two topics in the case of a masked implementation exhibiting a Hamming weight leakage model. Our results lead to refined intuitions regarding the efficiency of various practically-relevant distinguishers. Further, we also investigate the case of second- and third-order masking (i.e. using three and four shares to represent one value). This evaluation confirms that higher-order masking only leads to significant security improvements if the secret sharing is combined with a sufficient amount of noise. Eventually, we show that an information theoretic analysis allows determining this necessary noise level, for different masking schemes and target security levels, with high accuracy and smaller data complexity than previous methods.

Document available here

Fresh Re-keying II: Securing Multiple Parties against Side-Channel and Fault Attacks

Author(s) Marcel Medwed, Christoph Petit, Francesco Regazzoni, Mathieu Renauld und François-Xavier Standaert
Event Tenth Smart Card Research and Advanced Application Conference (CARDIS 2011), September 14 – 16, 2011,
Leuven, Belgium
Abstract Security-aware embedded systems are widespread nowadays and many applications, such as payment, pay-TV and automotive applications rely on them. These devices are usually very resource constrained but at the same time likely to operate in a hostile environment. Thus, the implementation of low-cost protection mechanisms against physical attacks is vital for their market relevance. An appealing choice, to counteract a large family of physical attacks with one mechanism, seem to be protocol-level countermeasures. At last year’s Africacrypt, a fresh re-keying scheme has been presented which combines the advantages of re-keying with those of classical countermeasures such as masking and hiding. The contribution of this paper is threefold: most importantly, the original fresh re-keying scheme was limited to one low-cost party (e.g. an RFID tag) in a two party communication scenario. In this paper we extend the scheme to n low-cost parties and show that the scheme is still secure. Second, one unanswered question in the original paper was the susceptibility of the scheme to algebraic SPA attacks. Therefore, we analyze this property of the scheme. Finally, we implemented the scheme on a common 8-bit microcontroller to show its efficiency in software.

Document available here

Towards Super-Exponential Side-Channel Security with Efficient Leakage-Resilient PRFs

Author(s) Marcel Medwed, François-Xavier Standaert und Antoine Joux
Event Workshop on Cryptographic Hardware and Embedded Systems 2012 (CHES 2012), September 9 – 12, 2012,
Leuven, Belgium
Abstract Leakage-resilient constructions have attracted significant attention over the last couple of years. In practice, pseudorandom functions are among the most important such primitives, because they are stateless and do not require a secure initialization as, e.g. stream ciphers. However, their deployment in actual applications is still limited by security and efficiency concerns. This paper contributes to solve these issues in two directions. On the one hand, we highlight that the condition of bounded data complexity, that is guaranteed by previous leakage-resilient constructions, may not be enough to obtain practical security. We show experimentally that, if implemented in an 8-bit microcontroller, such constructions can actually be broken. On the other hand, we present tweaks for tree-based leakage-resilient PRFs that improve their efficiency and their security, by taking advantage of parallel implementations. Our security analyses are based on worst-case attacks in a noise-free setting and suggest that under reasonable assumptions, the side-channel resistance of our construction grows super-exponentially with a security parameter that corresponds to the degree of parallelism of the implementation. In addition, it exhibits that standard DPA attacks are not the most relevant tool for evaluating such leakage-resilient constructions and may lead to overestimated security. As a consequence, we investigate more sophisticated tools based on lattice reduction, which turn out to be powerful in the physical cryptanalysis of these primitives. Eventually, we put forward that the AES is not perfectly suited for integration in a leakage-resilient design. This observation raises interesting challenges for developing block ciphers with better properties regarding leakage-resilience.

Document available here

Infective Computation and Dummy Rounds: Fault Protection for Block Ciphers without Check-before-Output

Author(s) Benedikt Gierlichs, Jörn-Marc Schmidt and Michael Tunstall
Event Second International Conference on Cryptology and Information Security in Latin America (LATINCRYPT) October 8 – 10,
Santiago de Chile, Chile
Abstract Implementation attacks pose a serious threat for the security of cryptographic devices and there are a multitude of countermeasures that are used to prevent them. Two countermeasures used in implementations of block ciphers to increase the complexity of such attacks are the use of dummy rounds and redundant computation with consistency checks to prevent fault attacks. In this paper we present several countermeasures based on the idea of infective computation. Our countermeasures ensure that a fault injected into a cipher, dummy, or redundant round will infect the ciphertext such that an attacker cannot derive any information on the secret key being used. This has one clear advantage: the propagation of faults prevents an attacker from being able to conduct any fault analysis on any corrupted ciphertexts. As a consequence, there is no need for any test at the end of an implementation to determine if a fault has been injected and a ciphertext can always be returned.

Document available here

Attacking an AES-Enabled NFC Tag: Implications from Design to a Real-World Scenario

Author(s) Thomas Korak, Thomas Plos and Michael Hutter
Event Third International Workshop on Conductive Side-Channel Analysis an Secure Design (COSDADE) May 3 – 4,
Darmstadt, Germany
Abstract Radio-frequency identification (RFID) technology is the enabler for applications like the future internet of things (IoT), where security plays an important role. When integrating security to RFID tags, not only the cryptographic algorithms need to be secure but also their implementation. In this work we present differential power analysis (DPA) and differential electromagnetic analysis (DEMA) attacks on a security-enabled RFID tag. The attacks are conducted on both an ASIC-chip version and on an FPGA-prototype version of the tag. The design of the ASIC version equals that of commercial RFID tags and has analog and digital part integrated on a single chip. Target of the attacks is an implementation of the Advanced Encryption Standard (AES) with 128-bit key length and DPA countermeasures. The countermeasures are shuffling of operations and insertion of dummy rounds. Our results illustrate that the effort for successfully attacking the ASIC chip in a real-world scenario is only 4.5 times higher than for the FPGA prototype in a laboratory environment. This let us come to the conclusion that the effort for attacking contactless devices like RFID tags is only slightly higher than that for contact-based devices. The results further underline that the design of countermeasures like the insertion of dummy rounds has to be done with great care, since the detection of patterns in power or electromagnetic traces can be used to significantly lower the attacking effort.

Document available here

Exploiting the Difference of Side-Channel Leakages

Author(s) Michael Hutter, Mario Kirschbaum, Thomas Plos, Jörn-Marc Schmidt and Stefan Mangard
Event Third International Workshop on Conductive Side-Channel Analysis an Secure Design (COSDADE) May 3 – 4,
Darmstadt, Germany
Abstract In this paper, we propose a setup that improves the performance of implementation attacks by exploiting the difference of side-channel leakages. The main idea of our setup is to use two cryptographic devices and to measure the difference of their physical leakages, e.g., their power consumption. This increases the signal-to-noise ratio of the measurement and reduces the number of needed power-consumption traces in order to succeed an attack. The setup can efficiently be applied (but is not limited) in scenarios where two synchronous devices are available for analysis. By applying template-based attacks, only a few power traces are required to successfully identify weak but data-dependent leakage differences. In order to quantify the efficiency of our proposed setup, we performed practical experiments by designing three evaluation boards that assemble different cryptographic implementations. The results of our investigations show that the needed number of traces can be reduced up to 90%.

Document available here

Compact Hardware Implementations of the Block Ciphers mCrypton, NOEKEON, and SEA

Author(s) Thomas Plos, Christoph Dobraunig, Alexander Oprisnik, Markus Hofinger, Christoph Wiesmeier and Johannes Wiesmeier
Event Indocrypt 2012, December 9-12, 2012
Kolkata, India

Security-Aware Design and Verification Techniques with RTL Compiler

Author(s) U. Özcan, M. Boock, S. Burfeind
Event Proceedings of CDNLive! EMEA Cadence User Conference May 2012,
Munich, Germany

PRINCE – A Low-latency Block Cipher for Pervasive Computing Applications

Author(s) Julia Borghoff, Anne Canteaut, Tim Güneysu, Elif Bilge Kavun, Miroslav Knezevic, Lars R. Knudsen, Gregor Leander, Ventzislav Nikov, Christof Paar, Christian Rechberger, Peter Rombouts, Soren S. Thomsen and Tolga Yalçın
Event ASIACRYPT 2012, December 2-6, 2012,
Beijing, China
Abstract This paper presents a block cipher that is optimized with respect to latency when implemented in hardware. Such ciphers are desirable for many future pervasive applications with real-time security needs. Our cipher, named PRINCE, allows encryption of data within one clock cycle with a very competitive chip area compared to known solutions. The fully unrolled fashion in which such algorithms need to be implemented calls for innovative design choices. The number of rounds must be moderate and rounds must have short delays in hardware. At the same time, the traditional need that a cipher has to be iterative with very similar round functions disappears, an observation that increases the design space for the algorithm. An important further requirement is that realizing decryption and encryption results in minimum additional costs. PRINCE is designed in such a way that the overhead for decryption on top of encryption is negligible. More precisely for our cipher it holds that decryption for one key corresponds to encryption with a related key. This property we refer to as alpha-reflection is of independent interest and we prove its soundness against generic attacks.

Low-Latency Encryption – Is “Lightweight = Light + Wait”?

Author(s) Miroslav Knezevic, Ventzislav Nikov and Peter Rombouts
Event Workshop on Cryptographic Hardware and Embedded Systems 2012 (CHES 2012), September 9 – 12, 2012,
Leuven, Belgium
Abstract The processing time required by a cryptographic primitive implemented in hardware is an important metric for its performance but it has not received much attention in recent publications on lightweight cryptography. Nevertheless, there are important applications for cost effective low-latency encryption. As the first step in the field, this paper explores the low-latency behavior of hardware implementations of a set of block ciphers. The latency of the implementations is investigated as well as the trade-offs with other metrics such as circuit area, time-area product, power, and energy consumption. The obtained results are related back to the properties of the underlying cipher algorithm and, as it turns out, the number of rounds, their complexity, and the similarity of encryption and decryption procedures have a strong impact on the results. We provide a qualitative description and conclude with a set of recommendations for aspiring low-latency block cipher designers.

Paper available here

Threshold Implementations of All 3 × 3 and 4 × 4 S-Boxes

Author(s) Begul Bilgin, Svetla Nikova, Ventzislav Nikov, Vincent Rijmen and Georg Stutz
Event Workshop on Cryptographic Hardware and Embedded Systems 2012 (CHES 2012), September 9 – 12, 2012,
Leuven, Belgium
Abstract Side-channel attacks have proven many hardware implementations of cryptographic algorithms to be vulnerable. A recently proposed masking method, based on secret sharing and multi-party computation methods, introduces a set of sufficient requirements for implementations to be provably resistant against first-order DPA with minimal assumptions on the hardware. The original paper doesn’t describe how to construct the Boolean functions that are to be used in the implementation. In this paper, we derive the functions for all invertible 3 ×3, 4 ×4 S-boxes and the 6 ×4 DES S-boxes. Our methods and observations can also be used to accelerate the search for sharings of larger (e.g. 8 ×8) S-boxes. Finally, we investigate the cost of such protection.

Paper available here

Enabling trusted scheduling in embedded systems

Author(s) Ramya Jayaram Masti, Claudio Marforio, Aanjhan Ranganathan, Aurélien Francillon and Srdjan Capkun
Event ACSAC 2012, 28th Annual Computer Security Applications Conference, December 3-7, 2012,
Orlando, Florida, USA
Abstract The growing complexity and increased networking of security-and safety-critical systems expose them to the risk of adversarial compromise through remote attacks. These attacks can result in full system compromise, but often the attackergains control only over some system components (e.g., a peripheral) and over some applications running on the system. We consider the latter scenario and focus on enabling on-schedule execution of critical applications that are running on a partially compromised system — we call this trusted scheduling. We identify the essential properties needed for the realization of a trusted scheduling system and we design an embedded system that achieves those properties. We show that our system protects not only against misbehaving applications but also against attacks by compromised peripherals. We evaluate the feasibility and performance of our system through a prototype implementation based on the AVR ATmega103 microcontroller.

Side Channel Attacks and the Non Volatile Memory of the Future

Author(s) Zoya Dyka, Christian Walcyk, Damian Walczyk, Christian Wenger, Peter Langendoerfer
Event Proceedings of International Conference on Compilers, Architectures and Synthesis for Embedded Systems (CASES), October 2012, ACM DL (invited paper),
Tampere, Finland
Abstract In this paper, we describe a new non-volatile memory, based on metal-insulator-metal that provides performance benefits compared to standard Flash memory. In addition and more importantly, it comes with some advantages with respect to side channel attacks, i.e., its structure prevents by default optical analysis.

Download Paper

Tool-supported Methodology for Component-based Design of Wireless Sensor Network Applicationss

Author(s) Steffen Peter, Peter Langendörfer
Event CORCS 2012 – The 4th IEEE International Workshop on Component-Based Design of Resource-Constrained Systems, in conjunction with COMPSAC 2012 – the IEEE Signature Conference on Computers, Software, and Applications, July 16-20, 2012
Izmir, Turkey
Abstract A major issue when developing Wireless sensor networks applications is the need for highly specialized knowledge in the field of embedded programming, networking and in the application domain. In order to speed up the development process, a new methodology for WSN application development is required. It needs to provide ready to use building blocks as well as means to map application requirements to technical features provided by these blocks. Last but not least, mechanisms to select appropriate building blocks and to evaluate the system compiled out of these blocks are essentially needed. This paper presents a design flow fulfilling the mentioned features. In a first step, user requirements elicited from a managed catalog are translated to a graph structure. Then, properties of the composed system derived from meta-information of the applied components are evaluated to resolve constraints –representing application requirements and/or features of the target system– in the derived system model. The validity of the methodology, for which the needed tool support has actually been implemented, is shown in an example that illustrates how this approach can propose correct configurations for secure systems as proposed in related work. Since the approach allows designing correct and fine-tuned solutions even for general application requirements we consider it to be a significant step towards improved programmability of WSN nodes.

Download Paper

Improved Fixed-base Comb Method for Fast Scalar Multiplication

Author(s) Nashwa A. F. Mohamed, Mohsin H. A. Hashim, and Michael Hutter
Event AFRICACRYPT , July 10-12 2012,
Ifrane, Morocco
Abstract Computing elliptic-curve scalar multiplication is the most time consuming operation in any elliptic-curve cryptosystem. In the last decades, it has been shown that pre-computations of elliptic-curve points improve the performance of scalar multiplication especially in cases where the elliptic-curve point P is fixed. In this paper, we present an improved fixed-base comb method for scalar multiplication. In contrast to existing comb methods such as proposed by Lim and Lee or Tsaur and Chou, we make use of a width-ω non-adjacent form representation and restrict the number of rows of the comb to be greater or equal ω. The proposed method shows a significant reduction in the number of required elliptic-curve point addition operation. The computational complexity is reduced by 33 to 38 % compared to Tsaur and Chou method even for devices that have limited resources. Furthermore, we propose a constant-time variation of the method to thwart simple-power analysis attacks.

SMART: Secure and Minimal Architecture for (Establishing a Dynamic) Root of Trust

Author(s) El Defrawy, Karim and Francillon, Aurélien and Perito, Daniele and Tsudik, Gene
Event “Proceedings of the Network and Distributed System Security Symposium, NDSS 2012”
San Diego, USA
Abstract Remote attestation is the process of securely verifying internal state of a remote hardware platform. It can be achieved either statically (at boot time) or dynamically, at run-time in order to establish a dynamic root of trust. The latter allows full isolation of a code region from preexisting software (including the operating system) and guarantees untampered execution of this code. Despite the untrusted state of the overall platform, a dynamic root of trust facilitates execution of critical code. Prior software-based techniques lack concrete security guarantees, while hardware-based approaches involve security co-processors that are too costly for low-end embedded devices.
In this paper, we develop a new primitive (called SMART) based on hardware-software co-design. SMART is a simple, efficient and secure approach for establishing a dynamic root of trust in a remote embedded device. We focus on low-end microcontroller units (MCU) that lack specialized memory management or protection features. SMART requires minimal changes to existing MCUs (while providing concrete security guarantees) and assumes few restrictions on adversarial capabilities. We demonstrate both practicality and feasibility of SMART by implementing it – via hardware modifications – on two common MCU platforms: AVR and MSP430. Results show that SMART implementations require only a few changes to memory bus access logic. We also synthesize both implementations to an 180nm ASIC process to confirm its small impact on MCU size and overall cost.

Download Paper

Design of a Test Processor for Asynchronous Chip Test

Author(s) Steffen Zeidler, Christoph Wolf, Miloš Krsti´c, Frank Vater, Rolf Kraemer
Event Proceedings of the IEEE Asian Test Symposium (ATS '11), 2011
Abstract Due to asynchronous timing and arbitration asynchronous designs may behave nondeterministically. For the test of such systems, this means that an exact timing, i.e. a tester cycle, of a test response cannot be guaranteed. This behavior makes functional tests of asynchronous designs relatively complex or even impossible. Therefore, this paper presents
a concept for performing functional tests of asynchronous designs using a test processor infrastructure. To this end, we propose a low-cost 16-bit microprocessor solution with special support of asynchronous handshake signalling that can either be integrated into the device-under-test (DUT), mounted on the load board of the tester or a combination of both.

Download Paper

Fast Multi-Precision Multiplication for Public-Key Cryptography on Embedded Microprocessors?

Author(s) Michael Hutter, Erich Wenger
Event Workshop on Cryptographic Hardware and Embedded Systems (CHES) 2011
Nara, Japan
September 28th – October 1st
Abstract Multi-precision multiplication is one of the most fundamental operations on microprocessors to allow public-key cryptography such as RSA and Elliptic Curve Cryptography (ECC). In this paper, we present a novel multiplication technique that increases the performance of multiplication by sophisticated caching of operands. Our method significantly reduces the number of needed load instructions which is usually one of the most expensive operation on modern processors. We evaluate our new technique on an 8-bit ATmega128 microcontroller and compare the result with existing solutions. Our implementation needs only 2,395 clock cycles for a 160-bit multiplication which outperforms related work by a factor of 10 % to 23 %. The number of required load instructions is reduced from 167 (needed for the best known hybrid multiplication) to only 80. Our implementation scales very well even for larger Integer sizes required for RSA) and limited register sets. It further fully complies to existing multiply-accumulate instructions that are integrated in most of the available processors.

Download Paper

Extractors Against Side-Channel Attacks: Weak or Strong?

Author(s) Marcel Medwed and François-Xavier Standaert
Event Workshop on Cryptographic Hardware and Embedded Systems (CHES) 2011
Nara, Japan
September 28th – October 1st
Abstract Randomness extractors are important tools in cryptography, of which the goal is to compress a high-entropy source into a more uniform output. Beyond their theoretical interest, they have recently gained attention because of their use in the design and proof of leakage-resilient primitives, such as stream ciphers and pseudorandom functions. However, for these proofs of leakage resilience to be meaningful in practice, it is important to instantiate and implement the components they are based on. In this context, while numerous works have investigated the implementation properties of block ciphers such as the AES Rijndael, very little is known about the application of side-channel attacks against extractor implementations.
In order to close this gap, this paper instantiates a low-cost hardware extractor and analyzes it both from a performance and from a side-channel security point of view.
Our investigations lead to contrasted conclusions. On the one hand, extractors can be efficiently implemented and protected with masking. On the other hand, they provide adversaries with many more exploitable leakage samples than, e.g. block ciphers. As a result, they can ensure high security margins against standard (non-profiled) side-channel attacks and turn out to be much weaker against profiled attacks. From a methodological point of view, our analysis consequently raises the question of which attack strategies should be considered in security evaluations.

Download Paper

Towards a Secure Address Space Separation for Low Power Sensor Nodes

Author(s) O. Stecklina, P. Langendörfer, H. Menzel
Event 1st International Conference on Pervasive and Embedded Computing and Communication Systems
Algarve, Portugal
March 05 – 07, 2011
Abstract Wireless sensor networks are becoming more and more considered for application in real world systems such as automation control, critical infrastructure protection and the like. By going wireless these systems are no longer to be protected by fences and walls but need to take into account security of all their components. In this paper we discuss two alternatives for implementing isolation on a Micro Controller Unit (MCU). The first one is a pure software solution, i.e. a Hypervisor which comes with a reasonable performance penalty when applied for 16-bit RISC processor cores such as the TI MSP430. Since it is a pure software solution it can be applied to existing MCUs without any hardware modification. Our second approach is to use a Memory Protection Unit (MPU) realized in hardware, which is placed between the processing core and the resources of the sensor node. The MPU especially supports fine-grained isolation of the sensor node software and further reduces the performance penalty compared to the pure software solution.

Download Paper

Infective Computation and Dummy Rounds: Fault Protection for Block Ciphers without Check-before-Output

Author(s) Benedikt Gierlichs, Jörn-Marc Schmidt, Michael Tunstall
Event Second International Conference on Cryptology and Information Security in Latin America
Santiago de Chile, Chile
October 07 – 10, 2012
Abstract Implementation attacks pose a serious threat for the security of cryptographic devices and there are a multitude of countermeasures that are used to prevent them. Two countermeasures used in implementations of block ciphers to increase the complexity of such attacks are the use of dummy rounds and redundant computation with consistency checks to prevent fault attacks. In this paper we present several countermeasures based on the idea of infective computation. Our countermeasures ensure that a fault injected into a cipher, dummy, or redundant round will infect the ciphertext such that an attacker cannot derive any information on the secret key being used. This has one clear advantage: the propagation of faults prevents an attacker from being able to conduct any fault analysis on any corrupted ciphertexts. As a consequence, there is no need for any test at the end of an implementation to determine if a fault has been injected and a ciphertext can always be returned.

Download Paper

Deliverables

List of technical Deliverables

Del. no. Deliverable name Deliv. date* More Info
D1.1 Sensor network related requirements M6 more info
D1.2 Analysis of attacks on sensor nodes software and hardware M9 more info
D1.3 Definition of performance and security parameters M11 more info
D1.4 Tools and methods for a unified secure design flow of sensor node hardware M12 more info
D2.1 Report on tests measures and attacks M20 more info
D2.2 Report on SCA countermeasure evaluation and validation M24 more info
D2.3 Report on fault attacks and combined implementation attacks M30 more info
D2.4 Secured crypto cores M30
D2.5 Description of a design flow for tamper resistant circuits M30 more info
D3.1 Cryptographic Requirements for Sensor Nodes M9 more info
D3.2 Lightweight cryptographic technologies and their security M14 more info
D3.3 On the secure implementation of asymmetric cryptography for sensor nodes M36 more info
D3.4 On the secure implementation of symmetric cryptography for sensor nodes M36 more info
D4.1 Specification of lightweight memory protection mechanisms M16 more info
D4.2 Implementation of lightweight memory protection mechanisms M21 more info
D4.3 Specification of boot-strapping and code attestation mechanisms M19 more info
D4.4 Implementation of boot-strapping and code attestation mechanisms M24 more info
D4.5 Specification of a secure scan-chain and debug-support-unit for sensor nodes M25 more info
D4.6 Implementation of a secure scan-chain and debug-support-unit for sensor nodes M27 more info
D4.7 Analysis of guidelines of intra-system communication and partitioning between secure/unsecure components M30 more info
D4.8 Analysis of guidelines of intra-system communication and partitioning between secure/unsecure comps M36 more info
D5.1 Description of the Unified Design Flow and Toolkit M31 more info
D5.2 Report on system integration M28 more info
D5.3 Sensor Node Prototype M32
D5.4 Sensor Node measurements M35 more info
D6.1 Exploitation and dissemination M12
D6.2 Exploitation and dissemination M24
D6.3 Exploitation and dissemination M39 more info
D7.1 Periodic activities and management report M12
D7.2 Periodic activities and management report M24
D7.3 Periodic activities and management report M39

*Month 1 = October 2010


Posters and Presentations

Poster: TAMPRES – A tamper resistant sensor node

Author(s) Steffen Peter, Michaela Schreier, Peter Langedoerfer
Event 4th Summer School on Network and Information Security
27 June – 4 July 2011
Crete, Greece
Abstract -

Download Poster