E-Book, Englisch, 246 Seiten
Verbauwhede Secure Integrated Circuits and Systems
1. Auflage 2010
ISBN: 978-0-387-71829-3
Verlag: Springer
Format: PDF
Kopierschutz: 1 - PDF Watermark
E-Book, Englisch, 246 Seiten
Reihe: Integrated Circuits and Systems
ISBN: 978-0-387-71829-3
Verlag: Springer
Format: PDF
Kopierschutz: 1 - PDF Watermark
On any advanced integrated circuit or 'system-on-chip' there is a need for security. In many applications the actual implementation has become the weakest link in security rather than the algorithms or protocols. The purpose of the book is to give the integrated circuits and systems designer an insight into the basics of security and cryptography from the implementation point of view. As a designer of integrated circuits and systems it is important to know both the state-of-the-art attacks as well as the countermeasures. Optimizing for security is different from optimizations for speed, area, or power consumption. It is therefore difficult to attain the delicate balance between the extra cost of security measures and the added benefits.
Autoren/Hrsg.
Weitere Infos & Material
1;Preface;6
2;Contents;8
3;Contributors;10
4;Part I Basics;12
4.1;1 Modular Integer Arithmetic for Public-Key Cryptography ;14
4.1.1;Tim Güneysu and Christof Paar;14
4.1.1.1;1.1 Modular Arithmetic in Finite Fields;18
4.1.1.2;1.2 Crypto Building Blocks for Fields Fp ;20
4.1.1.2.1;1.2.1 Addition and Subtraction in Fp ;21
4.1.1.2.2;1.2.2 Multiplication in Fp ;22
4.1.1.2.3;1.2.3 Faster Reduction in Fp ;25
4.1.1.2.4;1.2.4 Inversion in Fp;26
4.1.1.3;1.3 Crypto Building Blocks for Fields F2m;27
4.1.1.3.1;1.3.1 Multiplication in F2m;29
4.1.1.3.1.1;1.3.1.1 Bit Multipliers in F2m;29
4.1.1.3.1.2;1.3.1.2 Digit Multipliers in F2m;31
4.1.1.3.2;1.3.2 Squaring in F2m;33
4.1.1.3.3;1.3.3 Inversion in F2m using Itoh--Tsujii Algorithms;34
4.1.1.4;1.4 Summary;35
4.1.1.5;References;35
4.2;2 Introduction to Side-Channel Attacks ;38
4.2.1;François-Xavier Standaert;38
4.2.1.1;2.1 Introduction;38
4.2.1.2;2.2 Basics of Side-Channel Attacks;39
4.2.1.2.1;2.2.1 Origin of the Leakages;39
4.2.1.2.2;2.2.2 Measurement Setups;41
4.2.1.2.3;2.2.3 Classical Attacks: SPA and DPA;42
4.2.1.3;2.3 An Exemplary Differential Attack Against the DES;43
4.2.1.4;2.4 Improved Side-Channel Attacks;46
4.2.1.4.1;2.4.1 A Exemplary Profiled Attack Against the DES;47
4.2.1.5;2.5 Countermeasures;48
4.2.1.6;2.6 Conclusions;49
4.2.1.7;References;51
5;Part II Cryptomodules and Arithmetic;54
5.1;3 Secret Key Crypto Implementations ;55
5.1.1;Guido Marco Bertoni and Filippo Melzani;55
5.1.1.1;3.1 Introduction;55
5.1.1.2;3.2 Block Cipher and Stream Cipher;55
5.1.1.3;3.3 The Advanced Encryption Standard;57
5.1.1.4;3.4 Modes of Operation;62
5.1.1.5;3.5 Implementation of the AES;67
5.1.1.5.1;3.5.1 Software Implementation;67
5.1.1.5.2;3.5.2 Hardware Implementation;68
5.1.1.6;3.6 Conclusions;70
5.1.1.7;References;71
5.2;4 Arithmetic for Public-Key Cryptography ;73
5.2.1;Kazuo Sakiyama and Lejla Batina;73
5.2.1.1;4.1 Introduction;73
5.2.1.2;4.2 RSA Modular Exponentiation;73
5.2.1.2.1;4.2.1 Exponent Recoding;75
5.2.1.3;4.3 Curve-Based Cryptography;77
5.2.1.3.1;4.3.1 ECC over GF(p);77
5.2.1.3.2;4.3.2 ECC over GF(2m);80
5.2.1.3.3;4.3.3 ECC over a Composite Field;81
5.2.1.3.4;4.3.4 Hyperelliptic Curve Cryptography (HECC);82
5.2.1.3.5;4.3.5 Scalar Recoding;83
5.2.1.4;4.4 Recent Trends;86
5.2.1.5;4.5 Conclusions;87
5.2.1.6;References;87
5.3;5 Hardware Design for Hash Functions ;89
5.3.1;Yong Ki Lee, Miroslav Kneževic, and Ingrid M.R. Verbauwhede;89
5.3.1.1;5.1 Introduction;89
5.3.1.2;5.2 Popular Hash Algorithms and Their Security Considerations;90
5.3.1.3;5.3 Common Techniques Used for Efficient Hardware Implementation of MD4-Based Hash Algorithms;92
5.3.1.4;5.4 Throughput Optimal Architecture of SHA1;93
5.3.1.4.1;5.4.1 The SHA1 Hash Algorithm and Its DFG;93
5.3.1.4.2;5.4.2 Iteration Bound Analysis;94
5.3.1.4.3;5.4.3 Iteration Bound Analysis with Carry Save Adders;95
5.3.1.4.4;5.4.4 Retiming Transformation;96
5.3.1.4.5;5.4.5 Unfolding Transformation;97
5.3.1.5;5.5 Throughput Optimal Architecture of SHA2;100
5.3.1.5.1;5.5.1 DFG of SHA2 Compressor;101
5.3.1.5.2;5.5.2 DFG of SHA2 Expander;104
5.3.1.6;5.6 Throughput Optimal Architecture of RIPEMD-160;104
5.3.1.7;5.7 Implementation of the Designed Hash Algorithms;105
5.3.1.7.1;5.7.1 Synthesis of the SHA1 Algorithm;106
5.3.1.7.2;5.7.2 Synthesis of the SHA2 Algorithm;107
5.3.1.7.3;5.7.3 Synthesis of the RIPEMD-160 Algorithm;108
5.3.1.8;5.8 Hardware Designers' Feedback to Hash Designers;109
5.3.1.8.1;5.8.1 High-Throughput Architecture;110
5.3.1.8.2;5.8.2 Compact Architecture;110
5.3.1.9;5.9 Conclusions and Future Work;111
5.3.1.10;References;111
6;Part III Design Methods for Security;115
6.1;6 Random Number Generators for Integrated Circuits and FPGAs ;116
6.1.1;Berk Sunar and Dries Schellekens;116
6.1.1.1;6.1 Introduction;116
6.1.1.2;6.2 Testing for Randomness;117
6.1.1.2.1;6.2.1 Statistical Tests;117
6.1.1.2.2;6.2.2 True Randomness Tests;119
6.1.1.3;6.3 Post-processing Techniques;120
6.1.1.3.1;6.3.1 The von Neumann Corrector;121
6.1.1.3.2;6.3.2 Cryptographic Hash Functions;122
6.1.1.3.3;6.3.3 Extractor Functions;122
6.1.1.4;6.4 A Pottpouri of RNG Designs;123
6.1.1.4.1;6.4.1 The Intel RNG Design;123
6.1.1.4.2;6.4.2 The Tkacik RNG Design;124
6.1.1.4.3;6.4.3 The Epstein et al. RNG Design;125
6.1.1.4.4;6.4.4 The Fischer--Drutarovský Design;125
6.1.1.4.5;6.4.5 The Kohlbrenner--Gaj Design;126
6.1.1.4.6;6.4.6 The Rings Design;127
6.1.1.4.7;6.4.7 The O'Donnell et al. PUF-Based RNG Design;128
6.1.1.4.8;6.4.8 The Golic FIGARO Design;129
6.1.1.4.9;6.4.9 The Dichtl and Golic RNG Design;130
6.1.1.4.10;6.4.10 An ADC-Chaos RNG Design;131
6.1.1.5;References;132
6.2;7 Process Variations for Security: PUFs ;134
6.2.1;Roel Maes and Pim Tuyls;134
6.2.1.1;7.1 Introduction;134
6.2.1.1.1;7.1.1 Background;134
6.2.1.2;7.2 Process Variations;136
6.2.1.3;7.3 Physical Unclonable Functions: PUFs;137
6.2.1.3.1;7.3.1 Coating PUF;138
6.2.1.3.2;7.3.2 Intrinsic PUFs;138
6.2.1.3.3;7.3.3 How to Use a PUF;144
6.2.1.4;7.4 Helper Data Algorithm or Fuzzy Extractor;144
6.2.1.4.1;7.4.1 Information Reconciliation;144
6.2.1.4.2;7.4.2 Privacy Amplification;145
6.2.1.4.3;7.4.3 Fuzzy Extractor;146
6.2.1.4.4;7.4.4 Quantization;147
6.2.1.5;7.5 Applications;147
6.2.1.5.1;7.5.1 Secure Key Storage;147
6.2.1.5.2;7.5.2 IP Protection;148
6.2.1.6;7.6 Conclusions;149
6.2.1.7;References;149
7;Part IV Applications;151
7.1;8 Side-Channel Resistant Circuit Styles and Associated ICDesign Flow;152
7.1.1;Kris Tiri;152
7.1.1.1;8.1 Introduction;152
7.1.1.2;8.2 Requirements for Transition-Independent Power Consumption;153
7.1.1.2.1;8.2.1 Single Switching Event per Clock Cycle;153
7.1.1.2.2;8.2.2 Same Capacitance Value for Each Switching Event;154
7.1.1.2.3;8.2.3 Capacitance Matching Precision;155
7.1.1.3;8.3 Secure Digital Design Flow;156
7.1.1.3.1;8.3.1 Wave Dynamic Differential Logic;156
7.1.1.3.2;8.3.2 Place and Route Approach;158
7.1.1.3.3;8.3.3 Secure Digital Design flow;160
7.1.1.4;8.4 Prototype IC and Measurement Results;160
7.1.1.5;8.5 Conclusion;163
7.1.1.6;References;163
7.2;9 Counteracting Power Analysis Attacks by Masking ;165
7.2.1;Elisabeth Oswald and Stefan Mangard;165
7.2.1.1;9.1 Introduction;165
7.2.1.2;9.2 Masking;166
7.2.1.2.1;9.2.1 Software;167
7.2.1.2.2;9.2.2 Hardware -- Architecture Level;169
7.2.1.2.3;9.2.3 Hardware -- Cell Level;174
7.2.1.3;9.3 Second-Order DPA Attacks and Template Attacks;175
7.2.1.3.1;9.3.1 Second-Order DPA Attacks;176
7.2.1.3.2;9.3.2 Template Attacks;178
7.2.1.4;9.4 Conclusions;181
7.2.1.5;References;182
7.3;10 Compact Public-Key Implementations for RFID and Sensor Nodes ;185
7.3.1;Lejla Batina, Kazuo Sakiyama, and Ingrid M.R. Verbauwhede;185
7.3.1.1;10.1 Introduction;185
7.3.1.2;10.2 Related Work;186
7.3.1.3;10.3 Preliminaries;188
7.3.1.3.1;10.3.1 ECC/HECC over Binary Fields;188
7.3.1.3.2;10.3.2 Algorithms Selection and Optimizations;189
7.3.1.3.3;10.3.3 Algorithms for ECC/HECC Arithmetic;190
7.3.1.3.4;10.3.4 Binary Field Arithmetic;191
7.3.1.4;10.4 Curve-Based Processors for Low-Cost Applications;192
7.3.1.4.1;10.4.1 Modular Arithmetic Logic Unit (MALU);193
7.3.1.4.2;10.4.2 Performance Results and Discussion;195
7.3.1.5;10.5 Conclusions and Future Challenges;198
7.3.1.6;References;199
7.4;11 Demonstrating End-Point Security in Embedded Systems ;202
7.4.1;Patrick Schaumont, Eric Simpson, and Pengyuan Yu;202
7.4.1.1;11.1 End-Point Security for Embedded Systems;202
7.4.1.2;11.2 Required Security Assurances;204
7.4.1.3;11.3 Secure Video System Architecture;206
7.4.1.3.1;11.3.1 System Layout;206
7.4.1.3.2;11.3.2 Booting the Chain-of-Trust;207
7.4.1.3.3;11.3.3 The SAM Protocol;208
7.4.1.3.3.1;11.3.3.1 SAM Protocol Online Phase;209
7.4.1.3.3.2;11.3.3.2 SAM Protocol Off-line Phase;210
7.4.1.4;11.4 Secure Authentication Module (SAM) Implementation;211
7.4.1.4.1;11.4.1 SAM Architecture;211
7.4.1.4.2;11.4.2 System to SAM Communication;212
7.4.1.4.3;11.4.3 Loading Secured Video Configurations;213
7.4.1.4.4;11.4.4 Secure Video Peripheral;214
7.4.1.4.5;11.4.5 Design Methodology;216
7.4.1.5;11.5 Results;217
7.4.1.6;11.6 Conclusions;218
7.4.1.7;References;219
7.5;12 From Secure Memories to Smart Card Security ;220
7.5.1;Helena Handschuh and Elena Trichina;220
7.5.1.1;12.1 Introduction;220
7.5.1.2;12.2 Flash Memory Technology and Architecture of Flash Devices;221
7.5.1.2.1;12.2.1 Memory Cell Architecture;221
7.5.1.2.2;12.2.2 Cell Functionality (Program, Erase and Read Operations);222
7.5.1.2.3;12.2.3 Array Organisation;224
7.5.1.2.4;12.2.4 Flash Memory User Interface;225
7.5.1.3;12.3 General Architecture Scheme;226
7.5.1.4;12.4 Secure Memories;227
7.5.1.5;12.5 From Secure Memories to Smart Cards;231
7.5.1.6;12.6 High-Density Cards;233
7.5.1.6.1;12.6.1 HD-SIM as an Application Example;233
7.5.1.7;12.7 Smart Card Tamper Resistance;235
7.5.1.7.1;12.7.1 Hardware Attacks;235
7.5.1.7.2;12.7.2 Countermeasures at the Hardware Design Level;236
7.5.1.7.3;12.7.3 New Security Challenges for High-Density Cards;237
7.5.1.8;References;238
7.6;Index;240
