Single-Trace Side-Channel Attacks on NTRU Implementation
Autoři
Rabas, T.; Buček, J.; Lórencz, R.
Rok
2024
Publikováno
SN Computer Science. 2024, 5(2), 1-11. ISSN 2662-995X.
Typ
Článek
Pracoviště
Anotace
Most of the currently used cryptosystems are not secure in the presence of cryptographically relevant quantum computers. As the research in quantum technologies proceeds, a need for quantum-safe cryptography is imminent. NTRU is a post-quantum public-key cryptosystem based on lattices and was a finalist in the 3rd round of the post-quantum standardization process organized by the National Institute of Standards and Technology (NIST). This paper aims to study the implementation security of the cryptosystem with respect to an attacker with access to power leakage. Such a threat model is relevant especially, but not only, for embedded devices. We studied a countermeasure implementation of the NTRU decryption algorithm from An et al. (Appl Sci https://doi.org/10.3390/app8112014 , 2018) that claimed its security against power attacks. This paper revisits an attack presented in as reported by Rabas (In: Proceedings of the9th International Conference on Information Systems Security and Privacy,ICISSP 2023, Lisbon, 2023) that shows it is in fact vulnerable even in the case of just a single trace available to the enemy for extracting the key. We then describe a new profiling template attack on the implementation and show experimental results of the attack using the same datasets, resulting in a comparison of these two methods and further confirmation of the vulnerability of the algorithm even to generic profiling attacks. Several possible types of countermeasures are discussed.
Symmetric and Asymmetric Schemes for Lightweight Secure Communication
Autoři
Rok
2022
Publikováno
Information Systems Security and Privacy. Basel: Springer Nature Switzerland AG, 2022. p. 97-114. ISSN 1865-0929. ISBN 978-3-030-94899-3.
Typ
Stať ve sborníku
Pracoviště
Anotace
The paper deals with the topic of lightweight authentication and secure communication for constrained hardware devices such as IoT or embedded devices. In the paper, protocols based on both symmetric and asymmetric schemes are presented, utilizing a PUF/TRNG combined module, showing it is advantageous to have single module that will allow generation of both TRNG and PUF at the same time. This approach minimizes implementation requirements and operational resource consumption. Moreover, it allows the simplification of the overall key management process as the proposed protocols do not require to store secrets on the devices themselves. This paper is the extended and revised version of the paper entitled "Lightweight Authentication and Secure Communication Suitable for IoT Devices" [1] presented at the 6th International Conference on Information Systems Security and Privacy (ICISSP) 2020.
Three counter value based ROPUFs on FPGA and their properties
Autoři
Rok
2022
Publikováno
Microprocessors and Microsystems. 2022, 88 1-10. ISSN 0141-9331.
Typ
Článek
Pracoviště
Anotace
This paper investigates the behavior of the Physical Unclonable Function (PUF) design proposed in our previous work that is based ring oscillators (ROs). Our approach is able to extract multiple output bits from each RO pair in contrary to the classical approach, where frequencies of ROs are compared. We study the behavior of our PUF design together with other two similar proposals that are also based on extracting PUF bits from counter values.
In this work we compare the behavior of three PUF designs that are based on extracting PUF bits from counter values with one of them being proposed in our previous work. We evaluate these proposals at both stable and varying temperature and voltage in order to determine their robustness. The results show that our proposed technique, the frequency ratio, is the most reliable one. Furthermore, we compare the behavior of all of the three designs when mutually asymmetric and symmetric ROs are used. All of the measurements were performed on Cmod S7 FPGA boards (Xilinx XC7S25-1CSGA225C).
Verification of PUF-based IoT Protocols with AVISPA and Scyther
Autoři
Rabas, T.; Lórencz, R.; Buček, J.
Rok
2022
Publikováno
Proceedings of the 19th International Conference on Security and Cryptography. Madeira: SciTePress, 2022. p. 627-635. ISSN 2184-7711. ISBN 978-989-758-590-6.
Typ
Stať ve sborníku
Pracoviště
Anotace
Paper from 2020 (Buchovecká et al., 2020) suggests protocols suitable for lightweight IoT Devices. They are based on physical unclonable functions (PUF) which among others simplify the problem of key management on simple hardware devices and microcontrollers. These protocols are supposed to authenticate a device and distribute keys safely so that only the intended parties can know the key. We analysed suggested protocols using two automated verification tools AVISPA and Scyther. The analysis shows that there are several issues concerning the authentication property. We demonstrate the results from the tools and describe several attacks that exploit this vulnerability. Finally, we provide modified versions of these protocols that are resistant to those attacks and satisfy authentication as desired.
Comparison of three counter value based ROPUFs on FPGA
Autoři
Rok
2020
Publikováno
Proceedings of the 23rd Euromicro Conference on Digital Systems Design. Los Alamitos, CA: IEEE Computer Soc., 2020. p. 205-212. ISBN 978-1-7281-9535-3.
Typ
Stať ve sborníku
Pracoviště
Anotace
This paper extends our previous work, in which we proposed a Ring Oscillator (RO) based Physical Unclonable Function (PUF) on FPGA. Our approach is able to extract multiple output bits from each RO pair in contrary to the classical approach, where the frequencies of ROs are compared. In this work we investigate the behaviour of our proposed PUF design, together with two other similar proposals that are also based on extracting PUF bits from counter values. We evaluate these proposals under stable operating conditions. Furthermore, we compare the behaviour of all of the three designs when mutually asymmetric and symmetric ROs are used. All of the measurements were performed on Digilent Cmod S7 FPGA boards (Xilinx XC7S25-1CSGA225C).
Lightweight Authentication and Secure Communication Suitable for IoT Devices
Autoři
Rok
2020
Publikováno
Proceedings of the 6th International Conference on Information Systems Security and Privacy. Madeira: SciTePress, 2020. p. 75-83. ISSN 2184-4356. ISBN 978-989-758-399-5.
Typ
Stať ve sborníku
Pracoviště
Anotace
In this paper we present the protocols for lightweight authentication and secure communication for IoT and embedded devices. The protocols are using a PUF/TRNG combined circuit as a basic building block. The goal is to show the possibilities of securing communication and authentication of the embedded systems, using PUF and TRNG for secure key generation, without requirement to store secrets on the device itself, thus allowing to significantly simplify the problem of key management on the simple hardware devices and microcontrollers, while allowing secure communication.
Side-Channel Attack on the A5/1 Stream Cipher
Autoři
Rok
2019
Publikováno
Proceedings of the 22nd Euromicro Conference on Digital Systems Design. Los Alamitos, CA: IEEE Computer Soc., 2019. p. 633-638. ISBN 978-1-7281-2862-7.
Typ
Stať ve sborníku
Pracoviště
Anotace
In this paper we present cryptanalysis of the A5/1
stream cipher used in GSM mobile phones. Our attack is based
on power analysis where we assume that the power consumption
while clocking 3 LFSRs is different than when clocking 2 LFSRs.
We demonstrate a simple power analysis (SPA) attack and discuss
existing differential power analysis (DPA). We present the attack
for recovering secret key based on the information on clocking
bits of LFSRs that was deduced from power analysis.
The attack has a 100% success rate, requires minimal storage
and it does not requires any single bit of a keystream. An average
time complexity of our attack based on SPA is around 233 where
the computation unit is a resolution of system of linear equations
over the Z2. Recovering the secret key using information from
the DPA has a constant complexity.
Design of a Residue Number System Based Linear System Solver in Hardware
Autoři
Rok
2017
Publikováno
Journal of Signal Processing Systems. 2017, 87(3), 343-356. ISSN 1939-8018.
Typ
Článek
Anotace
This paper is focused on error-free solution of dense linear systems using residual arithmetic in hardware. The designed Modular System uses hardware identical Residual Processors (RP)s for solving independent systems of linear congruences and combines their solutions into the solution of the given linear system. This approach uses the residue number system which is based on the Chinese remainder theorem. In order to efficiently exploit parallel processing and cooperation of the individual components, a hardware architecture of the Modular System with several RPs is designed. In order to verify the proposed architecture, a Xilinx FPGA with a MicroBlaze processor was used. Experimental results are obtained for an evaluation FPGA board with Virtex 6. Results from implementation serve for subsequent theoretical analysis of the system performance for various linear system sizes and further improvement of the system. The proposed system can be useful as a special hardware peripheral or a part of an embedded system for solving large nonsingular systems of linear equations with integer, rational or floating-point coefficients with arbitrary precision.
Emulator of Contactless Smart Cards in FPGA
Autoři
Rok
2017
Publikováno
Proceedings of the 6th Mediterranean Conference on Embedded Computing (MECO 2017). IEEE (Institute of Electrical and Electronics Engineers), 2017. p. 96-99. ISBN 978-1-5090-6741-1.
Typ
Stať ve sborníku
Anotace
This paper describes implementation of contactless smart card emulator compliant with ISO/IEC 14443 in Field Programmable Gate Array (FPGA). Systems using contactless smart cards are widely used and some of these systems are not secured properly. For example in many such systems smart card Unique Identifier (UID) is used as the only one authentication mean. As the UID is not encrypted and is read from the card in plain, it is easy to make a copy of the smart card and use the clone as the original card. In this work we describe emulator of a smart card implemented in FPGA which is able to spoof some genuine smart card. Emulator described in this work emulates protocol described in ISO/IEC 14443 standard, which in detail describes all aspects of RFID smart cards (from physical attributes of both - cards and readers - to communication by digital signals). The emulator is able to come through the whole card selection process and to spoof the real smart card with given UID. Moreover emulator can be selected also for higher application layer protocol communication. If we know the proprietary application layer protocol, emulator is able to spoof communication on this protocol with data recorded in it. This functionality was successfully tested on systems used at Czech Technical University in Prague, where the weak implementation of UID as the only one authentication mean is used. Emulator is responding faster than most of other existing smart card emulators thanks to high efficient implementation in hardware.
Practical Session: Differential Power Analysis for Beginners
Autoři
Buček, J.; Novotný, M.; Štěpánek, F.
Rok
2017
Publikováno
Hardware Security and Trust. Springer International Publishing, 2017. p. 77-91. ISBN 978-3-319-44316-4.
Typ
Kapitola v knize
Anotace
This tutorial will introduce you to the basics of the DPA (Differential Power Analysis) – a technique that exploits the dependency of the processed data on the power trace of the device to extract some secret information that would not be otherwise available. During the session you will learn how to process the power trace of the implementation of the AES encryption algorithm using an algebraic system (in our case Matlab), create the power hypothesis, extract the secret information and also how to measure the power consumption of the embedded system (smart card) in order to obtain the power traces.
The first part of the tutorial Differential Power Analysis – Key Recovery is aimed at explaining the creation of the power hypothesis and the use of algebraic systems. The second part of the tutorial DPA – measurement with an oscilloscope covers the practical part of the exercise - the measurement of the power consumption using the PicoScope.
True random number generator based on ring oscillator PUF circuit
Autoři
Rok
2017
Publikováno
Microprocessors and Microsystems. 2017, 53 33-41. ISSN 0141-9331.
Typ
Článek
Pracoviště
Anotace
In this paper we propose the method of generating true random numbers utilizing the circuit primarily designed as Physically Unclonable Function (PUF) based on ring oscillators. The goal is to show that it is possible to design the universal crypto system, that can be used for various applications – the PUF can be utilized for asymmetric cryptography and generating asymmetric keys, True Random Number Generator (TRNG) for symmetric cryptography (generating session and ephemeral keys), nonces and salts. In the paper the results of evaluation of such a circuit utilized for TRNG purpose are presented.
A Low-Cost Multi-Purpose Experimental FPGA Board for Cryptography Applications
Autoři
Bartík, M.; Buček, J.
Rok
2016
Publikováno
2016 IEEE 4th Workshop on Advances in Information, Electronic and Electrical Engineering (AIEEE). Piscataway, NJ: IEEE, 2016. ISBN 978-1-5090-4473-3.
Typ
Stať ve sborníku
Pracoviště
Anotace
This paper describes the evaluation of available experimental boards, the comparison of their supported set of experiments and other aspects. The second part of this evaluation is focused on the design process of the PCB (Printed Circuit Board) for an FPGA (Field Programmable Gate Array) based cryptography environment suitable for evaluating the latest trends in the IC (Integrated Circuit) security like Side–Channel Attacks (SCA) or Physically Unclonable Function (PUF). It leads to many criteria affecting the design process and of course, the suitability for evaluating and measuring results of the attacks and their countermeasures. The developed system should be open, versatile and unrestricted by the U.S. law.
A Low-Cost Unified Experimental FPGA Board for Cryptography Applications
Autoři
Bartík, M.; Buček, J.
Rok
2016
Publikováno
TRUDEVICE 2016 Final Conference. The Universitat Politècnica de Catalunya, 2016. pp. 75-80.
Typ
Stať ve sborníku
Pracoviště
Anotace
This paper describes the evaluation of available
experimental boards, the comparison of their supported set
of experiments and other aspects. The second part of this
evaluation is focused on the design process of the PCB (Printed
Circuit Board) for an FPGA (Field Programmable Gate Array)
based cryptography environment suitable for evaluating the latest
trends in the IC (Integrated Circuit) security like Side–Channel
Attacks (SCA) or Physically Unclonable Function (PUF). It
leads to many criteria affecting the design process and also the
suitability for evaluating and measuring results of the attacks and
their countermeasures. The developed system should be open,
versatile and unrestricted by the U.S. law.
Improved ring oscillator PUF on FPGA and its properties
Autoři
Rok
2016
Publikováno
Microprocessors and Microsystems. 2016, 47 55-63. ISSN 0141-9331.
Typ
Článek
Pracoviště
Anotace
PUFs (Physical Unclonable Function) are increasingly used in proposals of security architectures for device identification and cryptographic key generation. Many PUF designs for FPGAs proposed up to this day are based on ring oscillators (RO). The classical approach is to compare frequencies of ROs and produce a single output bit from each pair of ROs based on the result of comparison of their frequencies. This ROPUF design requires all ROs to be mutually symmetric and also the number of pairs of ROs is limited in order to preserve the independence of bits in the PUF response. This led us to design a new ROPUF on FPGA which is capable of generating multiple output bits from each pair of ROs and is also allowing to create higher number of pairs of ROs, thereby making the use of ROs more efficient than the classical approach. Our PUF design is based on selecting a particular part of a counter value and using it for the PUF output. By applying Gray code on the counter values, we have considerably improved the PUF's statistical properties. In principle, this PUF design does not need the ROs to be mutually symmetric, however, it is shown that this ROPUF design has significantly better properties with varying supply voltage when symmetric ROs are used. All of the presented measurements were performed on Digilent Basys 2 FPGA Boards (Xilinx Spartan3E-100 CP132). In this work, we provide a more detailed description of the PUF design on FPGA and the behaviour of ROs with varying supply voltage. Our proposed PUF architecture offers more output bits with required statistical properties from each RO pair than the classical approach, where frequencies of ROs are compared. The presented improvements significantly reduce the dependence on fluctuation of supply voltage.
Temperature Dependence of ROPUF on FPGA
Autoři
Rok
2016
Publikováno
Proceedings of 19th Euromicro Conference on Digital System Design DSD 2016. Los Alamitos, CA: IEEE Computer Soc., 2016. p. 698-702. ISBN 978-1-5090-2816-0.
Typ
Stať ve sborníku
Pracoviště
Anotace
This paper continues and extends our previous work introduced in [3], [4], in which we proposed a ring oscillator (RO) based Physical Unclonable Function (PUF) on FPGA. Our approach is able to extract multiple output bits from each RO pair in contrary to the classical approach, where frequencies of ROs are compared. Our original design used asymmetric ROs, i.e. without constrained placement of gates. In this paper, we investigate the behaviour of the proposed ROPUF using symmetric ROs, and compare them against the original approach with asymmetric ROs. The measurement results showed that the ROPUF with symmetric ROs is approximately two times more stable with varying temperature. We have also compared three different methods of information extraction from ROPUF based on frequency measurement. The measured results show that out of these three methods, our one is the most stable against change of temperature. The measurements were performed on Digilent Basys 2 FPGA boards (Xilinx Spartan3E-100 CP132).
True Random Number Generator Based on ROPUF Circuit
Autoři
Rok
2016
Publikováno
Proceedings of 19th Euromicro Conference on Digital System Design DSD 2016. Los Alamitos, CA: IEEE Computer Soc., 2016. p. 519-523. ISBN 978-1-5090-2816-0.
Typ
Stať ve sborníku
Pracoviště
Anotace
In this paper we propose the method of generating true random numbers utilizing the circuit primarily designed as PUF based on ring oscillators. The goal is to prove that it is possible to design the universal crypto system, that can be used for various applications - the PUF can be utilized for asymmetric cryptography and generating asymmetric keys, TRNG for symmetric cryptography (generating session and ephemeral keys), nonces and salts. In the paper the results of evaluation of such a circuit utilized for TRNG purpose are presented.
An ASIC Linear Congruence Solver Synthesized with Three Cell Libraries
Autoři
Rok
2014
Publikováno
Proceedings of the 21st IEEE International Conference on Electronics Circuits and Systems. Monterey: IEEE Circuits and Systems Society, 2014. pp. 706-709. ISBN 978-1-4799-4242-8.
Typ
Stať ve sborníku
Anotace
The paper describes an ASIC implementation of a
linear congruence solver, part of a parallel system for solution of linear equations, and presents
synthesis results for three different standard cell libraries. The
previous VHDL design was adapted to three ASIC technologies
(130 nm, 110 nm, and 55 nm) from two different vendors and
the synthesized results were mutually compared. The comparison results were
further used to obtain a view of design properties in higher
density technologies.
System Design of an FPGA Linear Solver
Autoři
Rok
2014
Publikováno
Proceedings of the Work in Progress Session held in connection with the 40th EUROMICRO Conference on Software Engineering and Advanced Applications and the 17th EUROMICRO Conference on Digital System Design. Linz: Johannes Kepler University, 2014, ISBN 978-3-902457-40-0.
Typ
Stať ve sborníku
Anotace
The work is focused on design of a Modular System performing error-free solution of dense linear systems using residue arithmetic in Xilinx FPGA. The designed system shall use a set of Residual Processors (RP)s for linear system solution in Residue Number System and reconstruct the set's solution afterwards. The currently proposed system's architecture has a single RP, a large DDR memory used for data transfer in between a PC and the system, and a built-in MicroBlaze processor. Future work will focus on extending the architecture to implement the entire Modular System consisting of multiple RPs and performing the backward transformation from residue representation into the rational number set.
System on Chip Design of a Linear System Solver
Autoři
Rok
2014
Publikováno
2014 International Symposium on System-on-Chip Proceedings. Piscataway: IEEE, 2014. ISBN 9781479968909.
Typ
Stať ve sborníku
Anotace
This paper is focused on hardware error-free solution of dense linear systems using residual arithmetic on a
System on Chip Modular System. The designed Modular System
uses Residual Processors (RP)s for solving independent linear
systems in residue arithmetic and combines RP solutions into
solution of the linear system. A System on Chip architecture of the Modular System with
several RPs is designed, each with a large memory unit used for
data transfer and storage. A Xilinx FPGA architecture with a
MicroBlaze processor is used to verify the proposed architecture.
The experimental results are obtained for an evaluation FPGA
board with Virtex 6 and a 1GiB DDR memory and serve for
further theoretical analysis of the system performance for various
linear system sizes and the architecture of the system.
Comparison of FPGA and ASIC Implementation of a Linear Congruence Solver
Autoři
Rok
2013
Publikováno
Proceedings of 16th Euromicro Conference on Digital System Design. Piscataway: IEEE Service Center, 2013. p. 284-287. ISBN 978-0-7695-5074-9.
Typ
Stať ve sborníku
Pracoviště
Anotace
Residual processor (RP) is a dedicated hardware for solution of sets of linear congruences. RPs are parts of a larger modular system for error-free solution of linear equations in residue arithmetic. We present new FPGA and ASIC RP implementations, focusing mainly on their memory units being a bottleneck of the calculation and therefore determining the efficiency of the system. First, we choose an FPGA to easily test the functionality of our implementation, then we do the same in ASIC, and finally we compare both implementations together. The experimental FPGA results are obtained for Xilinx Virtex 6, while the ASIC results are obtained from Synopsys tools with a 130 nm standard cell library. Results also present a maximum matrix dimension fitting directly into the FPGA and achieved speed as a function of the dimension.
Differential Power Analysis under Constrained Budget: Low Cost Education of Hackers
Autoři
Štěpánek, F.; Buček, J.; Novotný, M.
Rok
2013
Publikováno
Proceedings of 16th Euromicro Conference on Digital System Design. Piscataway: IEEE Service Center, 2013. p. 645-648. ISBN 978-0-7695-5074-9.
Typ
Stať ve sborníku
Anotace
The differential power analysis is popular technique in exploiting weaknesses of the embedded systems — mostly of the smart cards. This approach is understandable as the DPA does not require expensive equipment or strong theoretical background on the device under attack. Therefore it is ideal for education of beginners or students in the field of computer security. The aim of this paper is to describe the economy of obtaining the basic equipment for the education of the differential power analysis and to share the experience with its teaching.
Dedicated Hardware Implementation of a Linear Congruence Solver in FPGA
Autoři
Rok
2012
Publikováno
The 19th IEEE International Conference on Electronics, Circuits, and Systems, ICECS 2012. Monterey: IEEE Circuits and Systems Society, 2012. p. 689-692. ISBN 978-1-4673-1261-5.
Typ
Stať ve sborníku
Pracoviště
Anotace
The residual processor is a dedicated hardware for solving sets of linear congruences. It is a part of the modular system for solving sets of linear equations without rounding errors using Residue Number System. We present a new FPGA implementation of the residual processor, focusing mainly on the memory unit that forms a bottleneck of the calculation, and therefore determines the effectivity of the system. FPGA has been chosen, as it allows us to optimally implement the designed architecture depending on the size of the problem. The proposed memory architecture of the modular system is implemented using the internal FPGA block RAM. Experimental results are obtained for the Xilinx Virtex 6 family. Results present the maximum matrix dimension fitting directly into the FPGA, and achieved speed as a function of the dimension.