tamper resistant sensor nodes

Publications

Bookchapters

Zoya Dyka, Peter Langendoerfer

Improving the Security of Wireless Sensor Networks by Protecting the Sensor Nodes against Side Channel Attacks

Download

Abstract: Wireless sensor networks (WSNs) are becoming an essential building block in application fields such as critical infrastructure protection, industrial automation and telemedicine to name a few areas in which security plays a central role. Potential attackers of those applications will most probably attack the most vulnerable part of the overall systems, i.e. the WSNs. The wireless sensor nodes can be attacked by “standard” network based approaches but also by physical means if they are left unattended in remote sites which is, after all, the preferred application for WSN. We are convinced that protecting the wireless sensor nodes is essential since compromised nodes put the whole system at risk. The challenge with sensor nodes is that they are low cost and running with extremely limited resources but are expected to be operational for long time intervals up to several years. The long life time provides potential attackers with a lot of time to execute an attack and even worse to benefit from a successful attack.


Aurélien Francillon

How can we determine if a device is infected or not?

Download


Journals

Marcel Medwed and François-Xavier Standaert

Extractors Against Side-Channel Attacks: Weak or Strong?

Download

Abstract: Randomness extractors are important tools in cryptography. Their goal is to compress a high-entropy source into a more uniform output. Beyond their theoretical interest, they have recently gained attention because of their use in the design and proof of leakage-resilient primitives, such as stream ciphers and pseudorandom functions. However, for these proofs of leakage resilience to be meaningful in practice, it is important to instantiate and implement the components they are based on. In this context, while numerous works have investigated the implementation properties of block ciphers such as the AES Rijndael, very little is known about the application of side-channel attacks against extractor implementations. In order to close this gap, this paper instantiates a low-cost hardware extractor and analyzes it both from a performance and from a side-channel security point of view. Our investigations lead to contrasted conclusions. On one hand, extractors can be efficiently implemented and protected with masking. On the other hand, they provide adversaries with many more exploitable leakage samples than, e.g. block ciphers. As a result, they can ensure high security margins against standard (non-profiled) side-channel attacks and turn out to be much weaker against profiled attacks. From a methodological point of view, our analysis consequently raises the question of which attack strategies should be considered in security evaluations.


Conferences

Michael Hutter

Test Apparatus for Side-Channel Resistance Compliance Testing

Download


Erich Wenger

Comparing Prime and Binary Field Elliptic Curve Cryptography on a Custom Area-Optimized Microprocessor

Download


Begül Bilgin, Joan Daemen, Ventzislav Nikov, Svetla Nikova, Vincent Rijmen, and Gilles Van Assche

Efficient and first-order DPA resistant implementations of KECCAK


Steffen Zeidler and Michael Goderbauer and Milos Krstic

Design of a Low-Power Asynchronous Elliptic Curve


Begül Bilgin, Andrey Bogdanov, Miroslav Knezevic, Florian Mendel, and Qingju Wang

Fides: Lightweight authenticated cipher with side-channel resistance for constrained hardware

Download


Pierre Belgarric, Francois-Xavier Standaert, Stefan Tillich

Time-frequency analysis for second-order attacks


Aurélien Francillon

A Minimalist Approach to Remote Attestation


Johann Ertl

A Security-Enhanced UHF RFID Tag Chip

Download


Peter Pessl

Pushing the limits of SHA-3 hardware implementations to fit on RFID

Download


Michael Hutter and Jorn-Marc Schmidt

The temperature side channel and heating fault attacks


Thomas Korak

Investigation of parameters influencing the success of optical fault attacks

Download


Michael Muehlberghuber and Frank K. Gürkaynak and Thomas Korak and Philipp Dunst and Michael Hutter

Red team vs. blue team hardware trojan analysis: detection of a hardware trojan on an actual ASIC

Download


Mario Kirschbaum, Thomas Plos, and Jorn-Marc Schmidt

On secure multi-party computation in bandwidth-limited smart-meter systems

Download


Thomas Korak, Thomas Plos, and Andreas Zankl

Minimizing the costs of side-channel analysis resistance evaluations in early design steps

Download


Erich Wenger

Hardware architectures for MSP430-based wireless sensor nodes performing elliptic curve cryptography

Download


Erich Wenger and Thomas Korak and Mario Kirschbaum

Analyzing Side-Channel Leakage of RFIDSuitable Lightweight ECC Hardware

Download


Erich Wenger and Thomas Unterluggauer and Mario Werner

8/16/32 shades of elliptic curve cryptography on embedded processors

Download


Nicolas Veyrat-Charvillon

Shuffling Against Side-Channel Attacks: a Comprehensive Study with Cautionary Note

Download


Josep Balasch

Compact Implementation and Performance Evaluation of Hash Functions in ATtiny Devices

Download


Francois Durvaux

Efficient Removal of Random Delays from Embedded Software Implementations using Hidden Markov Models

Download


Sonia Belaid, Fabrizio De Santis, Johann Heyszl, Stefan Mangard, Marcel Medwed, Jörn-Marc Schmidt

Towards Fresh Re-Keying with Leakage-Resilient PRFs: Cipher Design Principles and Analysis

Download


Lubos Gaspar, Gaetan Leurent, Francois-Xavier Standaert

Hardware Implementation and Side-Channel Analysis of Lapin

Download


Thomas Eisenbarth, Zheng Gong, Tim Güneysu, Stefan Heyse, Sebastiaan Indesteege, Stéphanie Kerckhof, François Koeune, Tomislav Nad, Thomas Plos und Francesco Regazzoni, et al.

Compact Implementation and Performance Evaluation of Block Ciphers in ATtiny Devices

Download

Abstract: The design of lightweight block ciphers has been a very active research topic over the last years. However, the lack of comparative source codes generally makes it hard to evaluate the extent to which implementations of different ciphers actually reach their low-cost goals on various platforms. This paper reports on an initiative aiming to relax this issue. First, we provide implementations of 12 block ciphers on an ATMEL AVR ATtiny45 8-bit microcontroller, and make the corresponding source code available on a web page. All implementations are made public under an open-source license. Common interfaces and design goals are followed by all designers to achieve comparable implementation results. Second, we evaluate performance figures of our implementations with respect to different metrics, including energy-consumption measurements and show our improvements compared to existing implementations.


Marcel Medwed, François-Xavier Standaert, Johann Großschädl und Francesco Regazzoni

Fresh Re-keying: Security against Side-Channel and Fault Attacks for Low-Cost Devices

Download

Abstract: The market for RFID technology has grown rapidly over the past few years. Going along with the proliferation of RFID technology is an increasing demand for secure and privacy-preserving applications. In this context, RFID tags need to be protected against physical attacks such as Differential Power Analysis (DPA) and fault attacks. The main obstacles towards secure RFID are the extreme constraints of passive tags in terms of power consumption and silicon area, which makes the integration of countermeasures against physical attacks even more difficult than for other types of embedded systems. In this paper we propose a fresh re-keying scheme that is especially suited for challenge-response protocols such as used to authenticate tags. We evaluate the resistance of our scheme against fault and side-channel analysis, and introduce a simple architecture for VLSI implementation. In addition, we estimate the cost of our scheme in terms of area and execution time for various security/performance trade-offs. Our experimental results show that the proposed re-keying scheme provides better security (and does so at less cost) than state-of-the-art countermeasures.


François-Xavier Standaert, Nicolas Veyrat-Charvillon, Elisabeth Oswald, Benedikt Gierlichs, Marcel Medwed, Markus Kasper und Stefan Mangard

The World Is Not Enough: Another Look on Second-Order DPA

Abstract: In a recent work, Mangard et al. showed that under certain assumptions, the (so-called) standard univariate side-channel attacks using a distance-of-means test, correlation analysis and Gaussian templates are essentially equivalent. In this paper, we show that in the context of multivariate attacks against masked implementations, this conclusion does not hold anymore. While a single distinguisher can be used to compare the susceptibility of different unprotected devices to first-order DPA, understanding second-order attacks requires to carefully investigate the information leakages and the adversaries exploiting these leakages, separately. Using a framework put forward by Standaert et al. at Eurocrypt 2009, we provide the first analysis that explores these two topics in the case of a masked implementation exhibiting a Hamming weight leakage model. Our results lead to refined intuitions regarding the efficiency of various practically-relevant distinguishers. Further, we also investigate the case of second- and third-order masking (i.e. using three and four shares to represent one value). This evaluation confirms that higher-order masking only leads to significant security improvements if the secret sharing is combined with a sufficient amount of noise. Eventually, we show that an information theoretic analysis allows determining this necessary noise level, for different masking schemes and target security levels, with high accuracy and smaller data complexity than previous methods.


Marcel Medwed, Christoph Petit, Francesco Regazzoni, Mathieu Renauld und François-Xavier Standaert

Fresh Re-keying II: Securing Multiple Parties against Side-Channel and Fault Attacks

Download

Abstract: Security-aware embedded systems are widespread nowadays and many applications, such as payment, pay-TV and automotive applications rely on them. These devices are usually very resource constrained but at the same time likely to operate in a hostile environment. Thus, the implementation of low-cost protection mechanisms against physical attacks is vital for their market relevance. An appealing choice, to counteract a large family of physical attacks with one mechanism, seem to be protocol-level countermeasures. At last year’s Africacrypt, a fresh re-keying scheme has been presented which combines the advantages of re-keying with those of classical countermeasures such as masking and hiding. The contribution of this paper is threefold: most importantly, the original fresh re-keying scheme was limited to one low-cost party (e.g. an RFID tag) in a two party communication scenario. In this paper we extend the scheme to n low-cost parties and show that the scheme is still secure. Second, one unanswered question in the original paper was the susceptibility of the scheme to algebraic SPA attacks. Therefore, we analyze this property of the scheme. Finally, we implemented the scheme on a common 8-bit microcontroller to show its efficiency in software.


Marcel Medwed, François-Xavier Standaert und Antoine Joux

Towards Super-Exponential Side-Channel Security with Efficient Leakage-Resilient PRFs

Download

Abstract: Leakage-resilient constructions have attracted significant attention over the last couple of years. In practice, pseudorandom functions are among the most important such primitives, because they are stateless and do not require a secure initialization as, e.g. stream ciphers. However, their deployment in actual applications is still limited by security and efficiency concerns. This paper contributes to solve these issues in two directions. On the one hand, we highlight that the condition of bounded data complexity, that is guaranteed by previous leakage-resilient constructions, may not be enough to obtain practical security. We show experimentally that, if implemented in an 8-bit microcontroller, such constructions can actually be broken. On the other hand, we present tweaks for tree-based leakage-resilient PRFs that improve their efficiency and their security, by taking advantage of parallel implementations. Our security analyses are based on worst-case attacks in a noise-free setting and suggest that under reasonable assumptions, the side-channel resistance of our construction grows super-exponentially with a security parameter that corresponds to the degree of parallelism of the implementation. In addition, it exhibits that standard DPA attacks are not the most relevant tool for evaluating such leakage-resilient constructions and may lead to overestimated security. As a consequence, we investigate more sophisticated tools based on lattice reduction, which turn out to be powerful in the physical cryptanalysis of these primitives. Eventually, we put forward that the AES is not perfectly suited for integration in a leakage-resilient design. This observation raises interesting challenges for developing block ciphers with better properties regarding leakage-resilience.


Benedikt Gierlichs, Jörn-Marc Schmidt and Michael Tunstall

Infective Computation and Dummy Rounds: Fault Protection for Block Ciphers without Check-before-Output

Download

Abstract: Implementation attacks pose a serious threat for the security of cryptographic devices and there are a multitude of countermeasures that are used to prevent them. Two countermeasures used in implementations of block ciphers to increase the complexity of such attacks are the use of dummy rounds and redundant computation with consistency checks to prevent fault attacks. In this paper we present several countermeasures based on the idea of infective computation. Our countermeasures ensure that a fault injected into a cipher, dummy, or redundant round will infect the ciphertext such that an attacker cannot derive any information on the secret key being used. This has one clear advantage: the propagation of faults prevents an attacker from being able to conduct any fault analysis on any corrupted ciphertexts. As a consequence, there is no need for any test at the end of an implementation to determine if a fault has been injected and a ciphertext can always be returned.


Thomas Korak, Thomas Plos and Michael Hutter

Attacking an AES-Enabled NFC Tag: Implications from Design to a Real-World Scenario

Download

Abstract: Radio-frequency identification (RFID) technology is the enabler for applications like the future internet of things (IoT), where security plays an important role. When integrating security to RFID tags, not only the cryptographic algorithms need to be secure but also their implementation. In this work we present differential power analysis (DPA) and differential electromagnetic analysis (DEMA) attacks on a security-enabled RFID tag. The attacks are conducted on both an ASIC-chip version and on an FPGA-prototype version of the tag. The design of the ASIC version equals that of commercial RFID tags and has analog and digital part integrated on a single chip. Target of the attacks is an implementation of the Advanced Encryption Standard (AES) with 128-bit key length and DPA countermeasures. The countermeasures are shuffling of operations and insertion of dummy rounds. Our results illustrate that the effort for successfully attacking the ASIC chip in a real-world scenario is only 4.5 times higher than for the FPGA prototype in a laboratory environment. This let us come to the conclusion that the effort for attacking contactless devices like RFID tags is only slightly higher than that for contact-based devices. The results further underline that the design of countermeasures like the insertion of dummy rounds has to be done with great care, since the detection of patterns in power or electromagnetic traces can be used to significantly lower the attacking effort.


Michael Hutter, Mario Kirschbaum, Thomas Plos, Jörn-Marc Schmidt and Stefan Mangard

Exploiting the Difference of Side-Channel Leakages

Download

Abstract: In this paper, we propose a setup that improves the performance of implementation attacks by exploiting the difference of side-channel leakages. The main idea of our setup is to use two cryptographic devices and to measure the difference of their physical leakages, e.g., their power consumption. This increases the signal-to-noise ratio of the measurement and reduces the number of needed power-consumption traces in order to succeed an attack. The setup can efficiently be applied (but is not limited) in scenarios where two synchronous devices are available for analysis. By applying template-based attacks, only a few power traces are required to successfully identify weak but data-dependent leakage differences. In order to quantify the efficiency of our proposed setup, we performed practical experiments by designing three evaluation boards that assemble different cryptographic implementations. The results of our investigations show that the needed number of traces can be reduced up to 90%.


Thomas Plos, Christoph Dobraunig, Alexander Oprisnik, Markus Hofinger, Christoph Wiesmeier and Johannes Wiesmeier

Compact Hardware Implementations of the Block Ciphers mCrypton, NOEKEON, and SEA


U. Özcan, M. Boock, S. Burfeind

Security-Aware Design and Verification Techniques with RTL Compiler


Julia Borghoff, Anne Canteaut, Tim Güneysu, Elif Bilge Kavun, Miroslav Knezevic, Lars R. Knudsen, Gregor Leander, Ventzislav Nikov, Christof Paar, Christian Rechberger, Peter Rombouts, Soren S. Thomsen and Tolga Yalçın

PRINCE – A Low-latency Block Cipher for Pervasive Computing Applications

Abstract: This paper presents a block cipher that is optimized with respect to latency when implemented in hardware. Such ciphers are desirable for many future pervasive applications with real-time security needs. Our cipher, named PRINCE, allows encryption of data within one clock cycle with a very competitive chip area compared to known solutions. The fully unrolled fashion in which such algorithms need to be implemented calls for innovative design choices. The number of rounds must be moderate and rounds must have short delays in hardware. At the same time, the traditional need that a cipher has to be iterative with very similar round functions disappears, an observation that increases the design space for the algorithm. An important further requirement is that realizing decryption and encryption results in minimum additional costs. PRINCE is designed in such a way that the overhead for decryption on top of encryption is negligible. More precisely for our cipher it holds that decryption for one key corresponds to encryption with a related key. This property we refer to as alpha-reflection is of independent interest and we prove its soundness against generic attacks.


Miroslav Knezevic, Ventzislav Nikov and Peter Rombouts

Low-Latency Encryption – Is “Lightweight = Light + Wait”?

Abstract: The processing time required by a cryptographic primitive implemented in hardware is an important metric for its performance but it has not received much attention in recent publications on lightweight cryptography. Nevertheless, there are important applications for cost effective low-latency encryption. As the first step in the field, this paper explores the low-latency behavior of hardware implementations of a set of block ciphers. The latency of the implementations is investigated as well as the trade-offs with other metrics such as circuit area, time-area product, power, and energy consumption. The obtained results are related back to the properties of the underlying cipher algorithm and, as it turns out, the number of rounds, their complexity, and the similarity of encryption and decryption procedures have a strong impact on the results. We provide a qualitative description and conclude with a set of recommendations for aspiring low-latency block cipher designers.


Begul Bilgin, Svetla Nikova, Ventzislav Nikov, Vincent Rijmen and Georg Stutz

Threshold Implementations of All 3 × 3 and 4 × 4 S-Boxes

Download

Abstract: Side-channel attacks have proven many hardware implementations of cryptographic algorithms to be vulnerable. A recently proposed masking method, based on secret sharing and multi-party computation methods, introduces a set of sufficient requirements for implementations to be provably resistant against first-order DPA with minimal assumptions on the hardware. The original paper doesn’t describe how to construct the Boolean functions that are to be used in the implementation. In this paper, we derive the functions for all invertible 3 ×3, 4 ×4 S-boxes and the 6 ×4 DES S-boxes. Our methods and observations can also be used to accelerate the search for sharings of larger (e.g. 8 ×8) S-boxes. Finally, we investigate the cost of such protection.


Ramya Jayaram Masti, Claudio Marforio, Aanjhan Ranganathan, Aurélien Francillon and Srdjan Capkun

Enabling trusted scheduling in embedded systems

Abstract: The growing complexity and increased networking of security-and safety-critical systems expose them to the risk of adversarial compromise through remote attacks. These attacks can result in full system compromise, but often the attackergains control only over some system components (e.g., a peripheral) and over some applications running on the system. We consider the latter scenario and focus on enabling on-schedule execution of critical applications that are running on a partially compromised system — we call this trusted scheduling. We identify the essential properties needed for the realization of a trusted scheduling system and we design an embedded system that achieves those properties. We show that our system protects not only against misbehaving applications but also against attacks by compromised peripherals. We evaluate the feasibility and performance of our system through a prototype implementation based on the AVR ATmega103 microcontroller.


Zoya Dyka, Christian Walcyk, Damian Walczyk, Christian Wenger, Peter Langendoerfer

Side Channel Attacks and the Non Volatile Memory of the Future

Download

Abstract: In this paper, we describe a new non-volatile memory, based on metal-insulator-metal that provides performance benefits compared to standard Flash memory. In addition and more importantly, it comes with some advantages with respect to side channel attacks, i.e., its structure prevents by default optical analysis.


Steffen Peter, Peter Langendörfer

Tool-supported Methodology for Component-based Design of Wireless Sensor Network Applicationss

Abstract: A major issue when developing Wireless sensor networks applications is the need for highly specialized knowledge in the field of embedded programming, networking and in the application domain. In order to speed up the development process, a new methodology for WSN application development is required. It needs to provide ready to use building blocks as well as means to map application requirements to technical features provided by these blocks. Last but not least, mechanisms to select appropriate building blocks and to evaluate the system compiled out of these blocks are essentially needed. This paper presents a design flow fulfilling the mentioned features. In a first step, user requirements elicited from a managed catalog are translated to a graph structure. Then, properties of the composed system derived from meta-information of the applied components are evaluated to resolve constraints –representing application requirements and/or features of the target system– in the derived system model. The validity of the methodology, for which the needed tool support has actually been implemented, is shown in an example that illustrates how this approach can propose correct configurations for secure systems as proposed in related work. Since the approach allows designing correct and fine-tuned solutions even for general application requirements we consider it to be a significant step towards improved programmability of WSN nodes.


Nashwa A. F. Mohamed, Mohsin H. A. Hashim, and Michael Hutter

Improved Fixed-base Comb Method for Fast Scalar Multiplication

Abstract: Computing elliptic-curve scalar multiplication is the most time consuming operation in any elliptic-curve cryptosystem. In the last decades, it has been shown that pre-computations of elliptic-curve points improve the performance of scalar multiplication especially in cases where the elliptic-curve point P is fixed. In this paper, we present an improved fixed-base comb method for scalar multiplication. In contrast to existing comb methods such as proposed by Lim and Lee or Tsaur and Chou, we make use of a width-ω non-adjacent form representation and restrict the number of rows of the comb to be greater or equal ω. The proposed method shows a significant reduction in the number of required elliptic-curve point addition operation. The computational complexity is reduced by 33 to 38 % compared to Tsaur and Chou method even for devices that have limited resources. Furthermore, we propose a constant-time variation of the method to thwart simple-power analysis attacks.


El Defrawy, Karim and Francillon, Aurélien and Perito, Daniele and Tsudik, Gene

SMART: Secure and Minimal Architecture for (Establishing a Dynamic) Root of Trust

Download

Abstract: Remote attestation is the process of securely verifying internal state of a remote hardware platform. It can be achieved either statically (at boot time) or dynamically, at run-time in order to establish a dynamic root of trust. The latter allows full isolation of a code region from preexisting software (including the operating system) and guarantees untampered execution of this code. Despite the untrusted state of the overall platform, a dynamic root of trust facilitates execution of critical code. Prior software-based techniques lack concrete security guarantees, while hardware-based approaches involve security co-processors that are too costly for low-end embedded devices. In this paper, we develop a new primitive (called SMART) based on hardware-software co-design. SMART is a simple, efficient and secure approach for establishing a dynamic root of trust in a remote embedded device. We focus on low-end microcontroller units (MCU) that lack specialized memory management or protection features. SMART requires minimal changes to existing MCUs (while providing concrete security guarantees) and assumes few restrictions on adversarial capabilities. We demonstrate both practicality and feasibility of SMART by implementing it – via hardware modifications – on two common MCU platforms: AVR and MSP430. Results show that SMART implementations require only a few changes to memory bus access logic. We also synthesize both implementations to an 180nm ASIC process to confirm its small impact on MCU size and overall cost.


Steffen Zeidler, Christoph Wolf, Miloš Krsti´c, Frank Vater, Rolf Kraemer

Design of a Test Processor for Asynchronous Chip Test

Download

Abstract: Due to asynchronous timing and arbitration asynchronous designs may behave nondeterministically. For the test of such systems, this means that an exact timing, i.e. a tester cycle, of a test response cannot be guaranteed. This behavior makes functional tests of asynchronous designs relatively complex or even impossible. Therefore, this paper presents a concept for performing functional tests of asynchronous designs using a test processor infrastructure. To this end, we propose a low-cost 16-bit microprocessor solution with special support of asynchronous handshake signalling that can either be integrated into the device-under-test (DUT), mounted on the load board of the tester or a combination of both.


Michael Hutter, Erich Wenger

Multi-Precision Multiplication for Public-Key Cryptography on Embedded Microprocessors?

Download

Abstract: Multi-precision multiplication is one of the most fundamental operations on microprocessors to allow public-key cryptography such as RSA and Elliptic Curve Cryptography (ECC). In this paper, we present a novel multiplication technique that increases the performance of multiplication by sophisticated caching of operands. Our method significantly reduces the number of needed load instructions which is usually one of the most expensive operation on modern processors. We evaluate our new technique on an 8-bit ATmega128 microcontroller and compare the result with existing solutions. Our implementation needs only 2,395 clock cycles for a 160-bit multiplication which outperforms related work by a factor of 10 % to 23 %. The number of required load instructions is reduced from 167 (needed for the best known hybrid multiplication) to only 80. Our implementation scales very well even for larger Integer sizes required for RSA) and limited register sets. It further fully complies to existing multiply-accumulate instructions that are integrated in most of the available processors.


Marcel Medwed and François-Xavier Standaert

Extractors Against Side-Channel Attacks: Weak or Strong?

Download

Abstract: Randomness extractors are important tools in cryptography, of which the goal is to compress a high-entropy source into a more uniform output. Beyond their theoretical interest, they have recently gained attention because of their use in the design and proof of leakage-resilient primitives, such as stream ciphers and pseudorandom functions. However, for these proofs of leakage resilience to be meaningful in practice, it is important to instantiate and implement the components they are based on. In this context, while numerous works have investigated the implementation properties of block ciphers such as the AES Rijndael, very little is known about the application of side-channel attacks against extractor implementations. In order to close this gap, this paper instantiates a low-cost hardware extractor and analyzes it both from a performance and from a side-channel security point of view. Our investigations lead to contrasted conclusions. On the one hand, extractors can be efficiently implemented and protected with masking. On the other hand, they provide adversaries with many more exploitable leakage samples than, e.g. block ciphers. As a result, they can ensure high security margins against standard (non-profiled) side-channel attacks and turn out to be much weaker against profiled attacks. From a methodological point of view, our analysis consequently raises the question of which attack strategies should be considered in security evaluations.


O. Stecklina, P. Langendörfer, H. Menzel

Towards a Secure Address Space Separation for Low Power Sensor Nodes

Download

Abstract: Wireless sensor networks are becoming more and more considered for application in real world systems such as automation control, critical infrastructure protection and the like. By going wireless these systems are no longer to be protected by fences and walls but need to take into account security of all their components. In this paper we discuss two alternatives for implementing isolation on a Micro Controller Unit (MCU). The first one is a pure software solution, i.e. a Hypervisor which comes with a reasonable performance penalty when applied for 16-bit RISC processor cores such as the TI MSP430. Since it is a pure software solution it can be applied to existing MCUs without any hardware modification. Our second approach is to use a Memory Protection Unit (MPU) realized in hardware, which is placed between the processing core and the resources of the sensor node. The MPU especially supports fine-grained isolation of the sensor node software and further reduces the performance penalty compared to the pure software solution.


Benedikt Gierlichs, Jörn-Marc Schmidt, Michael Tunstall

Infective Computation and Dummy Rounds: Fault Protection for Block Ciphers without Check-before-Output

Download

Abstract: Implementation attacks pose a serious threat for the security of cryptographic devices and there are a multitude of countermeasures that are used to prevent them. Two countermeasures used in implementations of block ciphers to increase the complexity of such attacks are the use of dummy rounds and redundant computation with consistency checks to prevent fault attacks. In this paper we present several countermeasures based on the idea of infective computation. Our countermeasures ensure that a fault injected into a cipher, dummy, or redundant round will infect the ciphertext such that an attacker cannot derive any information on the secret key being used. This has one clear advantage: the propagation of faults prevents an attacker from being able to conduct any fault analysis on any corrupted ciphertexts. As a consequence, there is no need for any test at the end of an implementation to determine if a fault has been injected and a ciphertext can always be returned.


Deliverables

D1.1 Sensor network related requirements, M6

Keywords: sensor networks, security, requirements

Abstract: This deliverable analyzes wireless sensor networks and their applications, as well as resulting requirements and properties that have to be considered when designing security mechanisms for sensor networks. In the first part of this deliverable, requirements are identified: cost, size, computational complexity, storage demands, and power consumption need to be minimized. In addition, scalability, adhoc network formation and robustness have to be supported. Most importantly, as sensor networks are often installed in public places, sensor nodes must be able to resist attacks that become possible due to their accessibility. The second part of the deliverable introduces criteria for categorizing sensor network applications: life time, mobility, network size and density, security requirements, accessibility, network structure, and deployment. Finally, three example application scenarios are introduced and described based on the aforementioned criteria: factory automation and process control, temporary border surveillance, and harbour logistics.

Download

D1.2 Analysis of attacks on sensor nodes software and hardware, M9

Keywords: Side-Channel Attacks, Implementation Attacks, Buffer Overflow Attacks

Abstract: This Deliverable describes attacks on existing sensor nodes. We concentrate on two different kinds of attacks: (1) attacks on the cryptographic primitives of the nodes and (2) attacks on system level that exploit weaknesses on the implementation of the software of the node. The first group covers side-channel attacks, i.e. timing attacks, power measurements and analysis of electromagnetic emanations, while the second part discusses buffer overflow and stack overflow attacks in the context of sensor nodes.

Download

D1.3 Definition of performance and security parameters, M11

Keywords: Wireless Sensor Networks, Security, Protection

Abstract: This deliverable discusses means to derive and manage protection and performance goals of applications for wireless sensor networks. Therefore the application parameters are quantified and trade-offs are analyzed. While metrics for performance goals are well-established and can be applied directly, the assessment of security properties needs additional studies. For this purpose attacks, countermeasures and state-of-the art security metrics are analyzed on their suitability for the assessment process of secure sensor networks. Due to the absence of direct approaches to develop secure systems, finally, a model-based approach is introduced that determines whether a given system satisfies the system’s requirements. By this, the models bridge the technical details of secure implementations and high level requirements. It eventually allows to express individual protection and performance goals for sensor node systems and its components in a direct natural way.

Download

D1.4 Tools and methods for a unified secure design flow of sensor node hardware, M12

Keywords: Wireless Sensor Networks, Integrated Circuits, Tool support, Security

Abstract: This Deliverable presents an initial toolkit approach for the unified secure design flow as it will be applied in the TAMPRES project. Therefore the state-of-the-art in general security engineering as well as dedicated secure design flows for secure integrated circuits will be discussed and an overview on today’s tool support for secure system integration will be provided. Based on this the general TAMPRES design flow as well as well as a concept for a tool support is presented.

Download

D2.1 Report on tests measures and attacks, M20

Keywords: Side-Channel Attacks, Implementation Attacks

Abstract: Nowadays, side-channel analysis belongs to the most powerful methods to attack cryptographic implementations. These attacks exploit data-dependent behavior of an implementation to reveal sensitive information like secret keys. In this report, we present generic measurement setups, show how to improve these methods in order to reduce the effort for an attack. In particular, we present a setup consisting of two devices to reduce the measurement noise and a setup for detailed EM analysis of microchips. In addition, we show attacks on symmetric as well as asymmetric ciphers: We compare an FPGA and an ASIC implementation of AES and show how to deal with common countermeasures like dummy rounds and shuffling. Subsequently, we present an attack on digit-serial multipliers, which can be applied to public key systems based on elliptic curve cryptography (ECC).

Download

D2.2 Report on SCA countermeasure evaluation and validation, M24

Keywords: Security, side-channel, countermeasures, evaluation

Abstract: This deliverable describes the security metric used to estimate side-channel resistance of implementations and efficiency of countermeasures. This security metric ids based on the framework defined in [30, 31]. Part 1 of the deliverable describes the framework, which provides sound tools to evaluate and compare different implementations and adversaries. As an illustration of these capabilities, Part 2 and 3 then apply our metric to analyse two potentially interesting coutermeasures, namely dual rail logic style and shuffling. The metric will be used in order to assess the security of our cryptographic implementations for the TAMPRES core (M3.3, D3.4).

Download

D2.3 Report on fault attacks and combined implementation attacks, M30

Keywords: Fault Attacks, Side-Channel Attacks, Combined Implementation Attacks

Abstract: This deliverable presents the latest version of our fault attack platform, the TAMPRES fault board, as well as practical experiments using this platform. In the first part, we first discuss the development process of the board, the realization of the main features in hardware, as well as the lessons learned. Second, we present the details of how we generate clock glitches as well as power and laser glitches. Third, we briefly discuss the corresponding Matlab toolbox that allows an intuitive control of the TAMPRES fault board. In the second part of this deliverable we present the laser equipment we use to induce optical faults. In this part we also present some experiments based on laser fault injection in a commonly used PIC microcontroller. In the third part of this deliverable we present combined attacks on different microcontrollers. The first experiment demonstrates the vulnerability of widely used microcontrollers to clock glitches. In this experiment we reveal an RSA private exponent by inducing one single clock glitch into a protected implementation of a square and multiply algorithm. The second experiment demonstrates the relation between the power consumption of a microcontroller and induced laser faults.

Download

D2.4 Secured crypto cores, M30

D2.5 Description of a design flow for tamper resistant circuits, M30

Keywords: secure design flow, tamper-resistant ICs, security by design

Abstract: This document describes a design flow for the development of tamper-resistant integrated circuits. It follows the idea of “security by design”. To address possible vulnerabilities already during the design phase of the hardware a special design flow is needed to secure the implementation of the hardware. This document focuses on a consistent and security-aware methodology for the development of tamper-resistant hardware components. It also is a thorough evolutionary step of the TAMPRES deliverable D1.4 [7].

Download

D3.1 Cryptographic Requirements for Sensor Nodes, M9

Keywords: Chosen Architecture, HW/SW interfaces and needs

Abstract: This deliverable presents the steps that were done and discussed within the Tampres project to better understand and define the requirements and the tools or software that will be used as a basis of system integration. We first evaluated which microcontroller will be used as a basis for the devices manufactured, considering technical and non technical constraints. Once the microcontroller architecture chosen we describe the requirements in terms of high level cryptographic needs, then we describe how software interfaces will be provided to higher level components as well as how the hardware blocks will interact.

Download

D3.2 Lightweight cryptographic technologies and their security, M14

Keywords: Lightweight Cryptography

Abstract: We provide an overview of cryptographic solutions likely to be relevant to sensor node deployment, including a particular focus on lightweight cryptography. Within the deliverable, we identify the technologies that will be considered for ongoing study and deployment within project TAMPRES.

Download

D3.3 On the secure implementation of asymmetric cryptography for sensor nodes, M36

Keywords: Asymmetric Crypto, Secure Implementation, Simulation, Countermeasures

Abstract: This document describes the architecture, design, and the implementation of the asymmetric ECC co-processors that are developed in the TAMPRES project. NXP has developed a hardened ECC co-processor suitable for authentication operations in ulta low power use cases. IHP has worked on two versions for an EC hardware accelerators. All designs where also included in the TAMPRES hardware manufacturing runs and are available as silicon.

Download

D3.4 On the secure implementation of symmetric cryptography for sensor nodes, M36

Keywords: Side-channel security evaluation, countermeasures

Abstract: This document reflects new scientific results on the secure implementation of symmetric cryptographic primitives, and so is a natural extension to the preliminary report located in M3.3. The deliverable describes the application of the general evaluation metrics for side-channel analysis exposed in the D2.2, to the two countermeasures used within the symmetric cryptographic cores of the TAMPRES sensor node. On one hand, the information theoretic analysis, better suited to evaluate masking as a countermeasure, is used. This content is provided in Part 1 of this document. On the other hand, security evaluations based on the guessing entropy and success rates are discussed which in turn are much better suited to analyze the PRF countermeasure. This interesting approach is described in Part 2 of the deliverable.

Download

D4.1 Specification of lightweight memory protection mechanisms, M16

Keywords: Memory protection, virtualization, MPU

Abstract: This deliverable reports on the current state of work on memory protection within the TAMPRES project.

Download

D4.2 Implementation of lightweight memory protection mechanisms, M21

Keywords: Memory protection, virtualization, MPU

Abstract: This deliverable reports on the current state of work on memory protection within the TAMPRES project.

Download

D4.3 Specification of boot-strapping and code attestation mechanisms, M19

Keywords: Boot-strapping, Code attestation

Abstract: This deliverable reports on mechanisms for boot strapping and code attestation implemented in the TAMPRES project. Specifically we describe the software root of trust used in SMART and how this can be used to build novel security mechanisms. Version 2.0 was updated following DoW update (Section 7).

Download

D4.4 Implementation of boot-strapping and code attestation mechanisms, M24

Keywords: Dynamic root of trust, Code attestation

Abstract: This deliverable is a companion document to the delivered implementation of the mechanisms for bootstrapping dynamic root of trust mechanism implemented in the TAMPRES project. Specifically we describe the implementation of the dynamic root of trust mechanism used in SMART and how this can be used to build novel security mechanisms. We describe the code organization, testing framework, as well as providing code metrics.

Download

D4.5 Specification of a secure scan-chain and debug-support-unit for sensor nodes, M25

Abstract: This deliverable provides the analysis and the specification of a debug support unit. Design alternatives are discussed and an novel approach intended for implementation is specified. This deliverable provides an overview on today’s debug interfaces and discusses typical weaknesses, attacks paths and countermeasures as illustrated in related work. Based on this work, we present a new protection mechanism suitable to protect the debug and scan interfaces of the trusted sensor node system of the TAMPRES project.

Download

D4.6 Implementation of a secure scan-chain and debug-support-unit for sensor nodes, M27

Keywords: scan chain, debug interface, secure

Abstract: This deliverable reports on the current state of work on secure scan chain and debug interface within the TAMPRES project. Please note that this deliverable is a prototype implementation, i.e. the text provided is mainly thought to simplify understanding source code provided.

Download

D4.7 Analysis of guidelines of intra-system communication and partitioning between secure/unsecure components, M30

Keywords: scan chain, debug interface, secure, implementation

Abstract: This deliverable reports on the current state of work on secure scan chain and debug interface within the TAMPRES project. Please note that this deliverable is a prototype implementation, i.e. the text provided is mainly thought to simplify understanding source code provided.

Download

D4.8 Analysis of guidelines of intra-system communication and partitioning between secure/unsecure comps, M36

Keywords: Secure components, partitioning

Abstract: This deliverable discusses how a secure sensor node could be built upon the TAMPRES core. Its goal is not to define a full specification of the system, but rather to provide guidelines and recommendations about potential security issues when building a full sensor node, leaving several options open, depending on the application context and cost vs. security tradeoff. The deliverable thus focuses on identifying critical blocks (e.g. key storage zone) that need to be secured, non-critical blocks (e.g. over-the-air transmission devices) that do not need to be secured, and the interface between them. It also provides an architecture allowing to rely on secured parts in order to build a globally reliable system (e.g. allowing to securely store critical data in general-purpose memory, based on TAMPRES cryptographic functions and on a small secure memory).

Download

D5.1 Description of the Unified Design Flow and Toolkit, M31

Abstract: This deliverable provides a description of the Unified Design Flow and Toolkit. It was used to implement the prototype in IHP as well as in NXP technology.

Download

D5.2 Report on system integration, M28

Abstract: This deliverable provides an report on system integration.

Download

D5.3 Sensor Node Prototype, M32

D5.4 Sensor Node measurements, M35

Keywords: Fault Attacks, Side-Channel Attacks, Combined Implementation Attacks

Abstract: This deliverable covers the performed attacks targeting the actual sensor node microcontrollers from NXP and IHP. The focus is put on two different kinds of attacks: (1) Side-channel analysis (SCA) attacks targeting the implemented cryptographic primitives and (2) the evaluation of the system-level countermeasures. In the first part, power consumption measurements as well as electromagnetic emanation measurements are used in order to evaluate the security of the cryptographic hardware modules. The second part evaluates the security of the system-level techniques that rely on a dynamic root of trust to detect at compromise and perform remote attestation of devices internal state.

Download

D6.1 Exploitation and dissemination, M12

D6.2 Exploitation and dissemination , M24

D6.3 Exploitation and dissemination, M39

Keywords: Dissemination, Exploitation

Abstract: This deliverable reports on the dissemination and exploitation plans and activities of the TAMPRES project during the third period (1.10.2012-31.12.2013).

D7.1 Periodic activities and management report, M12

D7.2 Periodic activities and management report, M24

D7.3 Periodic activities and management report, M39

* Month 1 = October 2010

Posters and Presentations

Steffen Peter, Michaela Schreier, Peter Langedoerfer

Poster: TAMPRES – A tamper resistant sensor node

Download