Secure Integrated Circuits and Systems (eBook)

Preface 6
Contents 8
Contributors 10
Part I Basics 12
1 Modular Integer Arithmetic for Public-Key Cryptography 14
Tim Güneysu and Christof Paar 14
1.1 Modular Arithmetic in Finite Fields 18
1.2 Crypto Building Blocks for Fields Fp 20
1.2.1 Addition and Subtraction in Fp 21
1.2.2 Multiplication in Fp 22
1.2.3 Faster Reduction in Fp 25
1.2.4 Inversion in Fp 26
1.3 Crypto Building Blocks for Fields F2m 27
1.3.1 Multiplication in F2m 29
1.3.1.1 Bit Multipliers in F2m 29
1.3.1.2 Digit Multipliers in F2m 31
1.3.2 Squaring in F2m 33
1.3.3 Inversion in F2m using Itoh--Tsujii Algorithms 34
1.4 Summary 35
References 35
2 Introduction to Side-Channel Attacks 38
François-Xavier Standaert 38
2.1 Introduction 38
2.2 Basics of Side-Channel Attacks 39
2.2.1 Origin of the Leakages 39
2.2.2 Measurement Setups 41
2.2.3 Classical Attacks: SPA and DPA 42
2.3 An Exemplary Differential Attack Against the DES 43
2.4 Improved Side-Channel Attacks 46
2.4.1 A Exemplary Profiled Attack Against the DES 47
2.5 Countermeasures 48
2.6 Conclusions 49
References 51
Part II Cryptomodules and Arithmetic 54
3 Secret Key Crypto Implementations 55
Guido Marco Bertoni and Filippo Melzani 55
3.1 Introduction 55
3.2 Block Cipher and Stream Cipher 55
3.3 The Advanced Encryption Standard 57
3.4 Modes of Operation 62
3.5 Implementation of the AES 67
3.5.1 Software Implementation 67
3.5.2 Hardware Implementation 68
3.6 Conclusions 70
References 71
4 Arithmetic for Public-Key Cryptography 73
Kazuo Sakiyama and Lejla Batina 73
4.1 Introduction 73
4.2 RSA Modular Exponentiation 73
4.2.1 Exponent Recoding 75
4.3 Curve-Based Cryptography 77
4.3.1 ECC over GF(p) 77
4.3.2 ECC over GF(2m) 80
4.3.3 ECC over a Composite Field 81
4.3.4 Hyperelliptic Curve Cryptography (HECC) 82
4.3.5 Scalar Recoding 83
4.4 Recent Trends 86
4.5 Conclusions 87
References 87
5 Hardware Design for Hash Functions 89
Yong Ki Lee, Miroslav Kneževic, and Ingrid M.R. Verbauwhede 89
5.1 Introduction 89
5.2 Popular Hash Algorithms and Their Security Considerations 90
5.3 Common Techniques Used for Efficient Hardware Implementation of MD4-Based Hash Algorithms 92
5.4 Throughput Optimal Architecture of SHA1 93
5.4.1 The SHA1 Hash Algorithm and Its DFG 93
5.4.2 Iteration Bound Analysis 94
5.4.3 Iteration Bound Analysis with Carry Save Adders 95
5.4.4 Retiming Transformation 96
5.4.5 Unfolding Transformation 97
5.5 Throughput Optimal Architecture of SHA2 100
5.5.1 DFG of SHA2 Compressor 101
5.5.2 DFG of SHA2 Expander 104
5.6 Throughput Optimal Architecture of RIPEMD-160 104
5.7 Implementation of the Designed Hash Algorithms 105
5.7.1 Synthesis of the SHA1 Algorithm 106
5.7.2 Synthesis of the SHA2 Algorithm 107
5.7.3 Synthesis of the RIPEMD-160 Algorithm 108
5.8 Hardware Designers' Feedback to Hash Designers 109
5.8.1 High-Throughput Architecture 110
5.8.2 Compact Architecture 110
5.9 Conclusions and Future Work 111
References 111
Part III Design Methods for Security 115
6 Random Number Generators for Integrated Circuits and FPGAs 116
Berk Sunar and Dries Schellekens 116
6.1 Introduction 116
6.2 Testing for Randomness 117
6.2.1 Statistical Tests 117
6.2.2 True Randomness Tests 119
6.3 Post-processing Techniques 120
6.3.1 The von Neumann Corrector 121
6.3.2 Cryptographic Hash Functions 122
6.3.3 Extractor Functions 122
6.4 A Pottpouri of RNG Designs 123
6.4.1 The Intel RNG Design 123
6.4.2 The Tkacik RNG Design 124
6.4.3 The Epstein et al. RNG Design 125
6.4.4 The Fischer--Drutarovský Design 125
6.4.5 The Kohlbrenner--Gaj Design 126
6.4.6 The Rings Design 127
6.4.7 The O'Donnell et al. PUF-Based RNG Design 128
6.4.8 The Golic FIGARO Design 129
6.4.9 The Dichtl and Golic RNG Design 130
6.4.10 An ADC-Chaos RNG Design 131
References 132
7 Process Variations for Security: PUFs 134
Roel Maes and Pim Tuyls 134
7.1 Introduction 134
7.1.1 Background 134
7.2 Process Variations 136
7.3 Physical Unclonable Functions: PUFs 137
7.3.1 Coating PUF 138
7.3.2 Intrinsic PUFs 138
7.3.3 How to Use a PUF 144
7.4 Helper Data Algorithm or Fuzzy Extractor 144
7.4.1 Information Reconciliation 144
7.4.2 Privacy Amplification 145
7.4.3 Fuzzy Extractor 146
7.4.4 Quantization 147
7.5 Applications 147
7.5.1 Secure Key Storage 147
7.5.2 IP Protection 148
7.6 Conclusions 149
References 149
Part IV Applications 151
8 Side-Channel Resistant Circuit Styles and Associated ICDesign Flow 152
Kris Tiri 152
8.1 Introduction 152
8.2 Requirements for Transition-Independent Power Consumption 153
8.2.1 Single Switching Event per Clock Cycle 153
8.2.2 Same Capacitance Value for Each Switching Event 154
8.2.3 Capacitance Matching Precision 155
8.3 Secure Digital Design Flow 156
8.3.1 Wave Dynamic Differential Logic 156
8.3.2 Place and Route Approach 158
8.3.3 Secure Digital Design flow 160
8.4 Prototype IC and Measurement Results 160
8.5 Conclusion 163
References 163
9 Counteracting Power Analysis Attacks by Masking 165
Elisabeth Oswald and Stefan Mangard 165
9.1 Introduction 165
9.2 Masking 166
9.2.1 Software 167
9.2.2 Hardware -- Architecture Level 169
9.2.3 Hardware -- Cell Level 174
9.3 Second-Order DPA Attacks and Template Attacks 175
9.3.1 Second-Order DPA Attacks 176
9.3.2 Template Attacks 178
9.4 Conclusions 181
References 182
10 Compact Public-Key Implementations for RFID and Sensor Nodes 185
Lejla Batina, Kazuo Sakiyama, and Ingrid M.R. Verbauwhede 185
10.1 Introduction 185
10.2 Related Work 186
10.3 Preliminaries 188
10.3.1 ECC/HECC over Binary Fields 188
10.3.2 Algorithms Selection and Optimizations 189
10.3.3 Algorithms for ECC/HECC Arithmetic 190
10.3.4 Binary Field Arithmetic 191
10.4 Curve-Based Processors for Low-Cost Applications 192
10.4.1 Modular Arithmetic Logic Unit (MALU) 193
10.4.2 Performance Results and Discussion 195
10.5 Conclusions and Future Challenges 198
References 199
11 Demonstrating End-Point Security in Embedded Systems 202
Patrick Schaumont, Eric Simpson, and Pengyuan Yu 202
11.1 End-Point Security for Embedded Systems 202
11.2 Required Security Assurances 204
11.3 Secure Video System Architecture 206
11.3.1 System Layout 206
11.3.2 Booting the Chain-of-Trust 207
11.3.3 The SAM Protocol 208
11.3.3.1 SAM Protocol Online Phase 209
11.3.3.2 SAM Protocol Off-line Phase 210
11.4 Secure Authentication Module (SAM) Implementation 211
11.4.1 SAM Architecture 211
11.4.2 System to SAM Communication 212
11.4.3 Loading Secured Video Configurations 213
11.4.4 Secure Video Peripheral 214
11.4.5 Design Methodology 216
11.5 Results 217
11.6 Conclusions 218
References 219
12 From Secure Memories to Smart Card Security 220
Helena Handschuh and Elena Trichina 220
12.1 Introduction 220
12.2 Flash Memory Technology and Architecture of Flash Devices 221
12.2.1 Memory Cell Architecture 221
12.2.2 Cell Functionality (Program, Erase and Read Operations) 222
12.2.3 Array Organisation 224
12.2.4 Flash Memory User Interface 225
12.3 General Architecture Scheme 226
12.4 Secure Memories 227
12.5 From Secure Memories to Smart Cards 231
12.6 High-Density Cards 233
12.6.1 HD-SIM as an Application Example 233
12.7 Smart Card Tamper Resistance 235
12.7.1 Hardware Attacks 235
12.7.2 Countermeasures at the Hardware Design Level 236
12.7.3 New Security Challenges for High-Density Cards 237
References 238
Index 240