Laboratoř vestavné bezpečnosti (EmbeddedSecurityLab)

V Laboratoři vestavné bezpečnosti se zabýváme všemi aspekty bezpečnosti vestavných zařízení. Dnes počítačové systémy řídí nejen automobily, vlaky, ale také chytré domácnosti nebo celá města. Pro zajištění bezpečnosti těchto často autonomních systémů, v IoT prostředí navíc omezených požadavky na malou velikost i spotřebu, je korektní implementace kryptografických algoritmů kritickou záležitostí.

Více o nás

Čemu se laboratoř věnuje?

Věnujeme se bezpečnosti Internetu věcí, kyber-fyzikálních systémů a vestavných systémů. Mezi naše výzkumná témata mj. patří:

  • Návrh kryptografického hardwaru, hlavně v programovatelných hradlových polích (FPGA).
  • Kryptoanalýza, tedy útoky, 
    • ať už s využitím programovatelného hardware (FPGA) nebo
    • prostřednictvím postranních kanálů, a 
    • účinná ochrana proti takovým útokům.
  • Ochrana vestavných systémů s mikroprocesory (Internet věcí, čipové karty, …).
  • Spolehlivost kryptografických systémů.

Vedoucí laboratoře

Dr.-Ing. Martin Novotný

Členové laboratoře

Ing. Stanislav Jeřábek

Ing. Vojtěch Miškovský, Ph.D.

Vybavení

Osciloskopy

V Hardwarové laboratoři máme osciloskopy, kterými měříme postranní kanály například na programovatelných hradlových polích (FPGA).

SICAK: SIde-Channel Analysis toolKit

SICAK: SIde-Channel Analysis toolKit je modulární toolkit pro rychlou analýzu postranních kanálů.

Činnost laboratoře se dotýká těchto témat

Inteligentní vestavné systémy, spolehlivost a bezpečnost

Zabýváme se výzkumem v oblasti nových architektur a algoritmů, které jsou vhodné pro realizaci současných výzev (Internet of things, umělá inteligence a strojové učení, koordinace činnosti humanoidních i kolových robotů) s ohledem na splnění…

Projekty

Návrh, programování a verifikace vestavných systémů

Program
Studentská grantová soutěž ČVUT
Pracoviště
Katedra číslicového návrhu
Fakulta informačních technologií
Řešitelé
Ing. Jan Řezníček
Bc. Vojtěch Pail
doc. Ing. Hana Kubátová, CSc.
Kód
SGS20/211/OHK3/3T/18
Období
2020 - 2022
Popis
Projekt se zabývá číslicovým návrhem zaměřeným na vestavné systémy. Zaměřuje se na studium nejnovějších trendů jednak v technologiích a jejich využití i v tzv. "mission-critical" aplikacích. Návrh takových systémů musí zohledňovat požadavky nejen na funkčnost, ale i na další omezující podmínky, tzn., že musí splňovat požadovanou úroveň spolehlivosti, bezpečnosti, odolnosti proti útokům, velikost, spotřebu a real-timové garance. Proto budeme využívat nové metody, algoritmy a návrhové prostředky (EDA tools) a hledat, navrhovat a upravovat vhodné modely, které umožní testovat, predikovat i formálně verifikovat požadované funkce a chování systému.

DRASTIC: Dynamically Reconfigurable Architectures for Side-channel analysis protecTIon of Cryptographic implementations

Program
Projekty v rámci přímé spolupráce se zahraničními institucemi z EU
Pracoviště
Katedra číslicového návrhu
Fakulta informačních technologií
Řešitelé
Dr.-Ing. Martin Novotný
Ing. Vojtěch Miškovský, Ph.D.
Kód
CELSA/17/033
Období
2017 - 2019
Popis
The Internet of Things (IoT) is increasingly becoming part of our everyday life. Therefore, electronic IoT devices need to be carefully designed, taking into account data security and privacy. Putting in place security and privacy measures should introduce a minimal overhead in the system's power/energy consumption, cost and operational delay. Additionally, since IoT devices are everywhere, attackers can be in the vicinity of the device, which stresses the need for protection against side-channel analysis (SCA) attacks. These attacks exploit the use of side-channels, which are information channels that are unintentionally present in electronic devices and which potentially leak secret information. Examples are the power consumption, the electromagnetic radiation and the timing behaviour of the electronic device. In both academia and industry, SCA countermeasures are being developed and deployed. However, as SCA attacks become more and more sophisticated, continuously evolving countermeasures are necessary to protect the electronic devices of the future. This project proposes the use of dynamic hardware reconfiguration as a countermeasure against one of the most exploited types of SCA attacks, namely power analysis attacks. The goal is to randomly change the hardware circuit without altering the input-output behaviour of the chip. Since power analysis attacks are strongly based on the knowledge of the circuit, this is a very promising countermeasure. Another advantage is that dynamic hardware reconfiguration can be used as an add-on to other countermeasures. The project focuses on dynamic hardware reconfiguration on FPGAs (field-programmable gate arrays). It will result in proof-of-concept implementations that will be evaluated for power analysis attack resistance. The experimental results are crucial for the definition of a European project proposal that develops an automated tool flow and industry-driven use cases to show the effectiveness of the approach.

Všechny projekty

Bezpečné a spolehlivé architektury pro programovatelné obvody

Program
Studentská grantová soutěž ČVUT
Pracoviště
Katedra číslicového návrhu
Fakulta informačních technologií
Řešitelé
Ing. Robert Hülle
Ing. Vojtěch Miškovský, Ph.D.
doc. Ing. Hana Kubátová, CSc.
Ing. Tomáš Zimmerhakl
Ing. Jan Bělohoubek
Kód
SGS17/213/OHK3/3T/18
Období
2017 - 2019
Popis
Navrhovaný projekt se bude zabývat návrhem a modelováním architektur, které budou tolerantní vůči poruchám, útokům a nespolehlivým senzorickým vstupům. Projekt bude zejména orientován do oblasti programovatelných obvodů (FPGA), systémů s mikrokontroléry a vestavných systémů integrujících umělou inteligencí. Zásadní a tradiční metoda pro zvýšení spolehlivostních ukazatelů je zavedení redundance ať již replikací obvodů nebo kombinováním různých senzorických vstupů. Bezpečnost zařízení ve smyslu odolnosti proti útokům, je v dnešní době dalším stále důležitějším aspektem, což se často dosahuje také pomocí redundance, ale s cílem skrýt data. Budeme hledat vzájemné vztahy metod a způsobů návrhu systémů odolných proti poruchám, systémů odolných vůči chybným senzorickým vstupům a systémů odolných proti útokům. Chceme studovat průsečíky těchto oblastí a vliv řiditelnosti, pozorovatelnosti a redundance na cílové vlastnosti těchto architektur.

Výzkum vztahů a společných vlastností spolehlivých a bezpečných architektur založených na programovatelných obvodech

Program
Standardní projekty
Pracoviště
Katedra číslicového návrhu
Řešitelé
doc. Ing. Petr Fišer, Ph.D.
Kód
GA16-05179S
Období
2016 - 2018
Popis
S pokračující miniaturizací současných zařízení se drasticky zhoršuje jejich spolehlivost. Je tedy nutné navrhovat zařízení, která s tímto počítají a jsou spolehlivá (funkční) i za přítomnosti poruch. Toho se typicky dosahuje zavedením redundance za cílem zaručení správnosti dat. Bezpečnost zařízení, tj. odolnost proti útokům, je v dnešní době dalším stále důležitějším aspektem. Návrhu bezpečných zařízení se často dosahuje také pomocí redundance, ovšem za jiným cílem

Publikace

WTFHE: neural-netWork-ready Torus Fully Homomorphic Encryption

Autoři
Novotný, M.; Klemsa, J.
Rok
2020
Publikováno
Proceedings of the 9th Mediterranean Conference on Embedded Computing - MECO'2020. Institute of Electrical and Electronics Engineers, Inc., 2020. p. 1-5. ISSN 2637-9511. ISBN 978-1-7281-6949-1.
Typ
Stať ve sborníku
DOI
10.1109/MECO49872.2020.9134331
Pracoviště
Katedra číslicového návrhu
Anotace
We are currently witnessing two arising trends, which have a huge potential to threaten our privacy: the invasive sensors of the Internet of Things (IoT), and the powerful data mining techniques, in particular we focus on Neural Networks (NN's). For this reason, powerful countermeasures must be called for service: namely end-to-end encryption. Such an approach however requires an encryption scheme that enables processing of the encrypted data - this is known as the Fully Homomorphic Encryption (FHE). In this paper, we revisit an FHE scheme named TFHE, which is suitable for evaluation of NN's over encrypted input data, and we suggest to incorporate a verifiability feature to the evaluation process. Since there already exist other variants of the original TFHE scheme-currently only implemented in C++, which is rigid-we further introduce a library for rapid prototyping of new concepts related to TFHE. Our library is implemented in Ruby, which is an interpreted language and which goes with an interactive shell. Hence any new method can be speedily verified before implemented as a high-performance library.

Novel Dummy Rounds Schemes as a DPA Countermeasure in PRESENT Cipher

Autoři
Novotný, M.; Moucha, P.; Jeřábek, S.
Rok
2020
Publikováno
Proceedings of the 23rd International Symposium on Design and Diagnostics of Electronic Circuits and Systems. Piscataway, NJ: IEEE, 2020. p. 1-4. ISBN 978-1-7281-9938-2.
Typ
Stať ve sborníku
DOI
10.1109/DDECS50862.2020.9095720
Pracoviště
Katedra číslicového návrhu
Anotace
The Dummy Rounds Side-Channel Attacks countermeasure scheme for digital design has been proposed in earlier work. Its experimental evaluation and analysis revealed weaknesses that resulted in the proposal of an enhanced Dummy Rounds scheme. In this paper, we present the implementation of the proposed enhancement of Dummy Rounds scheme in PRESENT cipher and provide its experimental evaluation using Welch’s t-test. We further propose several novel modifications of dummy Rounds scheme as a solution to other security problems we have encountered. Novel Dummy Rounds scheme, namely its modifications proposed in this paper, are superior to earlier proposed schemes in terms of side-channel leakage prevention.

Všechny publikace

Analyzing and Optimizing the Dummy Rounds Scheme

Autoři
Schmidt, J.; Jeřábek, S.
Rok
2019
Publikováno
Proceedings of the 22nd International Symposium on Design and Diagnostics of Electronic Circuits and Systems. Piscataway, NJ: IEEE, 2019. p. 1-4. ISBN 978-1-7281-0073-9.
Typ
Stať ve sborníku
DOI
10.1109/DDECS.2019.8724632
Pracoviště
Katedra číslicového návrhu
Anotace
The dummy rounds protection scheme, intendedto offer resistance against Side Channel Attacks to Feisteland SP ciphers, has been introduced in earlier work. Itsexperimental evaluation revealed weaknesses, most notablyin the first and last round. In this contribution, we showthat the situation can be greatly improved by controllingthe transition probabilities in the state space of the algo-rithm. We derived necessary and sufficient conditions forthe round execution probabilities to be uniform and hencethe minimum possible. The optimum trajectories over thestate space are regular and easy to implement.

Multiprecision ANSI C Library for Implementation of Cryptographic Algorithms on Microcontrollers

Autoři
Novotný, M.; Říha, J.; Klemsa, J.
Rok
2019
Publikováno
Proceedings of the 8th Mediterranean Conference on Embedded Computing - MECO'2019. Institute of Electrical and Electronics Engineers, Inc., 2019. p. 275-278. ISSN 2377-5475. ISBN 978-1-7281-1739-3.
Typ
Stať ve sborníku
DOI
10.1109/MECO.2019.8760285
Pracoviště
Katedra číslicového návrhu
Anotace
Current cryptographic algorithms work with operands that are several times wider than the machine word, e.g., the still popular RSA algorithm shall use at least 2 048-bit keys. Such algorithms therefore require libraries that implement multiprecision arithmetic. Existing libraries are either not tailored for microcontrollers, or they implement an incomplete set of multiprecision operations, which limits the implementation of some unusual cryptographic algorithms on microcontrollers. In this work, we present a novel ANSI C library that implements also some less common operations like, e.g., multiprecision integer division. The library was designed with respect to the use on microcontrollers and has been tested on ARM M4-based microcontroller Microchip CEC1302.

Dynamic Logic Reconfiguration Based Side-Channel Protection of AES and Serpent

Autoři
Novotný, M.; Socha, P.; Brejník, J.; Jeřábek, S.; Mentens, N.
Rok
2019
Publikováno
Proceedings of the 22nd Euromicro Conference on Digital Systems Design. Los Alamitos, CA: IEEE Computer Soc., 2019. p. 277-282. ISBN 978-1-7281-2861-0.
Typ
Stať ve sborníku
DOI
10.1109/DSD.2019.00048
Pracoviště
Katedra číslicového návrhu
Anotace
Dynamic logic reconfiguration is a concept which allows for efficient on-the-fly modifications of combinational circuit behaviour in both ASIC and FPGA devices. The reconfiguration of Boolean functions is achieved by modification of their generators (e.g. shift register-based look-up tables) and it can be controlled from within the chip, without the necessity of any external intervention. This hardware polymorphism can be utilized for the implementation of side-channel attack countermeasures, as demonstrated by Sasdrich et al. for the lightweight cipher PRESENT. In this work we adopt these countermeasures to two of the AES finalists, namely Rijndael and Serpent. Just like PRESENT, both Rijndael and Serpent are block ciphers based on a substitution-permutation network. We describe the countermeasures and adjustments necessary to protect these ciphers using the resources available in modern Xilinx FPGAs. We describe our VHDL implementations and evaluate the side-channel leakage and effectiveness of different countermeasure combinations using a methodology based on Welch’s t-test. We did not detect any significant leakage from the fully protected versions of our implementations. We show that the countermeasures proposed by Sasdrich et al. are, with some modifications compared to the protected PRESENT implementation, successfully applicable to AES and Serpent.

First-Order and Higher-Order Power Analysis: Computational Approaches and Aspects

Autoři
Miškovský, V.; Novotný, M.; Socha, P.
Rok
2019
Publikováno
Proceedings of the 8th Mediterranean Conference on Embedded Computing - MECO'2019. Institute of Electrical and Electronics Engineers, Inc., 2019. p. 83-87. ISSN 2377-5475. ISBN 978-1-7281-1739-3.
Typ
Stať ve sborníku
DOI
10.1109/MECO.2019.8760033
Pracoviště
Katedra číslicového návrhu
Anotace
Side-channel analysis pose a serious threat to many modern cryptosystems. Using Correlation power analysis, attacker may be able to recover the cipher key and therefore jeopardize the whole cryptosystem, which is why many countermeasures are being developed. These countermeasures are typically effective against first-order attacks. However, protected implementations may still be vulnerable to higher-order analysis. In this paper, we compare different approaches to the higher-order analysis regarding their mathematical and performance properties. We focus on Correlation power analysis attack and the test vector leakage assesment using Welch’s t-test, we optimize and accelerate discussed algorithms using CPU and GPU, and we present our experimental results and remarks

SICAK: An open-source SIde-Channel Analysis toolKit

Autoři
Miškovský, V.; Novotný, M.; Socha, P.
Rok
2019
Publikováno
8th Workshop on Trustworthy Manufacturing and Utilization of Secure Devices (TRUDEVICE 2019). Karlsruhe Institute of Technology, 2019.
Typ
Stať ve sborníku
Pracoviště
Katedra číslicového návrhu
Anotace
Side-channel cryptanalysis pose a serious threat to many modern cryptographic systems. Typical scenario of a side-channel attack consists of an active phase, where data are acquired, and of an analytical phase, where the data get examined and evaluated. This work presents a software toolkit which includes support for both phases of the side-channel attack. The toolkit consists of non-interactive text-based utilities with modular plug-in architecture. The measurement utility supports different oscilloscopes, target interfaces and measurement scenarios. The evaluation utilities include support for the test vector leakage assessment and the CPA attack. Different approaches to the algorithmical evaluation of the attack are implemented in order to extract the cipher key. The visualisation utility allows for the visual examination of the attack results by the user. The toolkit aims to be multiplatform and it is written using C/C++ with performance in mind. Time-demanding operations (such as the statistical analysis) are accelerated using OpenMP and OpenCL for an efficient computation on both CPU and GPU devices.

Efficient algorithmic evaluation of correlation power analysis: Key distinguisher based on the correlation trace derivative

Autoři
Miškovský, V.; Kubátová, H.; Novotný, M.; Socha, P.
Rok
2019
Publikováno
Microprocessors and Microsystems. 2019, 2019(71), 1-8. ISSN 0141-9331.
Typ
Článek
DOI
10.1016/j.micpro.2019.102858
Pracoviště
Katedra číslicového návrhu
Anotace
Correlation power analysis (CPA) is one of the most common side-channel attacks today, posing a threat to many modern ciphers, including AES. In the final step of this attack, the cipher key is usually extracted by the attacker by visually examining the correlation traces for each key guess. The naïve way to extract the correct key algorithmically is selecting the key guess with the maximum Pearson correlation coefficient. We propose another key distinguisher based on a significant change in the correlation trace rather than on the absolute value of the coefficient. Our approach performs better than the standard maximization, especially in the noisy environment, and it allows to significantly reduce the number of acquired power traces necessary to successfully mount an attack in noisy environment, and in some cases make the attack even feasible.

Dummy Rounds as a DPA countermeasure in hardware

Autoři
Schmidt, J.; Novotný, M.; Miškovský, V.; Jeřábek, S.
Rok
2018
Publikováno
Proceedings of the 21st Euromicro Conference on Digital System Design. Piscataway: IEEE, 2018. p. 523-528. ISBN 978-1-5386-7376-8.
Typ
Stať ve sborníku
DOI
10.1109/DSD.2018.00092
Pracoviště
Katedra číslicového návrhu
Anotace
This paper describes the technique of Dummy Rounds as a countermeasure against DPA in hardware implementation of round-based ciphers. Its principle is inspired by several well-known countermeasures used in hardware as Hiding and Dynamic Reconfiguration as well as countermeasures used in software implementations as Dummy cycles, Random order execution or Hiding in time. Being inspired by countermeasures based on dynamic reconfiguration, this method combines hiding of power consumption with hiding in time. In this work we also discuss the amount of randomness available for the control of the computation.

Speeding up differential power analysis using integrated power traces

Autoři
Miškovský, V.; Kubátová, H.; Novotný, M.
Rok
2018
Publikováno
2018 7th Mediterranean Conference on Embedded Computing (MECO). Piscataway: IEEE, 2018. p. 19-23. ISBN 978-1-5386-5683-9.
Typ
Stať ve sborníku
Pracoviště
Katedra číslicového návrhu
Anotace
Side-channel attacks, including differential power analysis (DPA), are still an emerging topic. To make a deep research about DPA, one needs to be able to perform it as fast as possible. There are many possible ways to decrease the time of the attack. In this paper, we propose a way to decrease the duration of the correlation computations of this kind of attack by decreasing the number of samples per a power trace using an integration based aggregation method. We comprehensively describe this idea and present the results of an experimental evaluation focusing on the time efficiency of this approach.

Correlation Power Analysis Distinguisher Based on the Correlation Trace Derivative

Autoři
Miškovský, V.; Kubátová, H.; Novotný, M.; Socha, P.
Rok
2018
Publikováno
Proceedings of the 21st Euromicro Conference on Digital System Design. Piscataway: IEEE, 2018. p. 565-568. ISBN 978-1-5386-7376-8.
Typ
Stať ve sborníku
DOI
10.1109/DSD.2018.00098
Pracoviště
Katedra číslicového návrhu
Anotace
Correlation power analysis (CPA) is one of the most common side channel attacks today, posing a threat to many modern ciphers, including AES. The simplest method to extract the correct key guess is selecting the guess with the maximum Pearson correlation coefficient. We propose another distinguisher based on a significant change in the correlation trace rather than on the absolute value of the coefficient. Our approach performs better than the standard CPA, especially in the noisy environment.

Practical Session: Differential Power Analysis for Beginners

Autoři
Buček, J.; Novotný, M.; Štěpánek, F.
Rok
2017
Publikováno
Hardware Security and Trust. Springer International Publishing, 2017. p. 77-91. ISBN 978-3-319-44316-4.
Typ
Kapitola v knize
DOI
10.1007/978-3-319-44318-8_4
Pracoviště
Katedra číslicového návrhu
Katedra počítačových systémů
Anotace
This tutorial will introduce you to the basics of the DPA (Differential Power Analysis) – a technique that exploits the dependency of the processed data on the power trace of the device to extract some secret information that would not be otherwise available. During the session you will learn how to process the power trace of the implementation of the AES encryption algorithm using an algebraic system (in our case Matlab), create the power hypothesis, extract the secret information and also how to measure the power consumption of the embedded system (smart card) in order to obtain the power traces. The first part of the tutorial Differential Power Analysis – Key Recovery is aimed at explaining the creation of the power hypothesis and the use of algebraic systems. The second part of the tutorial DPA – measurement with an oscilloscope covers the practical part of the exercise - the measurement of the power consumption using the PicoScope.

Emulator of Contactless Smart Cards in FPGA

Autoři
Buček, J.; Schmidt, J.; Novotný, M.; Jeřábek, S.
Rok
2017
Publikováno
Proceedings of the 6th Mediterranean Conference on Embedded Computing (MECO 2017). IEEE (Institute of Electrical and Electronics Engineers), 2017. p. 96-99. ISBN 978-1-5090-6741-1.
Typ
Stať ve sborníku
DOI
10.1109/MECO.2017.7977169
Pracoviště
Katedra číslicového návrhu
Katedra počítačových systémů
Anotace
This paper describes implementation of contactless smart card emulator compliant with ISO/IEC 14443 in Field Programmable Gate Array (FPGA). Systems using contactless smart cards are widely used and some of these systems are not secured properly. For example in many such systems smart card Unique Identifier (UID) is used as the only one authentication mean. As the UID is not encrypted and is read from the card in plain, it is easy to make a copy of the smart card and use the clone as the original card. In this work we describe emulator of a smart card implemented in FPGA which is able to spoof some genuine smart card. Emulator described in this work emulates protocol described in ISO/IEC 14443 standard, which in detail describes all aspects of RFID smart cards (from physical attributes of both - cards and readers - to communication by digital signals). The emulator is able to come through the whole card selection process and to spoof the real smart card with given UID. Moreover emulator can be selected also for higher application layer protocol communication. If we know the proprietary application layer protocol, emulator is able to spoof communication on this protocol with data recorded in it. This functionality was successfully tested on systems used at Czech Technical University in Prague, where the weak implementation of UID as the only one authentication mean is used. Emulator is responding faster than most of other existing smart card emulators thanks to high efficient implementation in hardware.

Differential Power Analysis on FPGA board: Boundaries of Success

Autoři
Novotný, M.; Mazur, L.
Rok
2017
Publikováno
Proceedings of the 6th Mediterranean Conference on Embedded Computing (MECO 2017). IEEE (Institute of Electrical and Electronics Engineers), 2017. p. 92-95. ISBN 978-1-5090-6741-1.
Typ
Stať ve sborníku
DOI
10.1109/MECO.2017.7977168
Pracoviště
Katedra číslicového návrhu
Anotace
Differential Power Analysis (DPA) is a contemporary method able to break cryptographic device via measuring and analyzing its power consumption. The success rate of the DPA method strongly depends on the measurement setup. We have investigated and evaluated the influence of measurement setup on the success rate of DPA attack against FPGA board running AES encryption. From our findings it follows that removing decoupling capacitors plays major role in success rate of the DPA attack. Replacing standard switched-mode power supply with accumulators and linear stabilizers simplifies the attack, however, its effect is not that significant.

Influence of passive hardware redundancy on differential power analysis resistance of AES cipher implemented in FPGA

Autoři
Miškovský, V.; Kubátová, H.; Novotný, M.
Rok
2017
Publikováno
Microprocessors and Microsystems. 2017, 2017(51), 220-226. ISSN 0141-9331.
Typ
Článek
DOI
10.1016/j.micpro.2017.04.014
Pracoviště
Katedra číslicového návrhu
Anotace
Many electronic systems have to fulfill strict dependability properties, especially both fault tolerance and attack resistance. Intuitively, these requirements may seem to contradict each other. A study and an experiment description of the possible methods how to measure these impacts as well as result of first experiments are presented in this paper. Specifically, how basic passive hardware redundancy design methods affects resistance against differential power analysis attack and how the whole design can be modified to increase attack resistance will be discussed.

Cryptanalytic attacks on cyber-physical systems

Autoři
Novotný, M.
Rok
2017
Publikováno
Microprocessors and Microsystems. 2017, 2017(52), 534-539. ISSN 0141-9331.
Typ
Článek
DOI
10.1016/j.micpro.2017.04.017
Pracoviště
Katedra číslicového návrhu
Anotace
Cryptography finds its application in various objects used in our everyday life. GSM communication, credit cards, tickets for public transport or REID tags employ cryptographic features either to protect privacy or to ensure trustworthy authentication. However, many such objects are vulnerable to certain cryptanalytic attacks. In this review we discuss how FPGA-based cryptanalytic hardware may compromise GSM communication, or how standard laboratory equipment may be used for breaking Smart Card security. This review summarizes keynote speech that was given at 5th Mediterranean Conference on Embedded Computing (MECO'2016).

Influence of Fault-Tolerance Techniques on Power-Analysis Resistance of Cryptographic Design

Autoři
Miškovský, V.; Kubátová, H.; Novotný, M.; Říha, J.
Rok
2017
Publikováno
Proc. of the 20th Euromicro Conference on Digital System Design. Piscataway, NJ: IEEE, 2017. p. 260-267. ISBN 978-1-5386-2146-2.
Typ
Stať ve sborníku
DOI
10.1109/DSD.2017.76
Pracoviště
Katedra číslicového návrhu
Anotace
As the security is becoming more and more important these days, we still should not forget about reliability. When designing a cryptographic device for some mission-critical or another reliability demanding system, we need to make the device not only attack-resistant, but also fault-tolerant. There are many common fault-tolerant digital design techniques, however, it is questionable, how these techniques affect the attack-resistance. Do they make the device more vulnerable e.g. to side-channel attacks? In our work we focused on finding the answer to this question. We experimentally evaluated the influence of information redundancy, space redundancy and time redundancy techniques on resistance against power analysis attack. In this paper we present our observations.

Optimization of Pearson correlation coefficient calculation for DPA and comparison of different approaches

Autoři
Miškovský, V.; Kubátová, H.; Novotný, M.; Socha, P.
Rok
2017
Publikováno
Proceedings of the 2017 IEEE 20th International Symposium on Design and Diagnotics of Electronic Circuit & Systems. Piscataway, NJ: IEEE, 2017. p. 184-189. ISSN 2473-2117. ISBN 978-1-5386-0472-4.
Typ
Stať ve sborníku
DOI
10.1109/DDECS.2017.7934563
Pracoviště
Katedra číslicového návrhu
Anotace
Differential power analysis (DPA) is one of the most common side channel attacks. To perform this attack we need to calculate a large amount of correlation coefficients. This amount is even higher when attacking FPGAs or ASICs, for higher order attacks and especially for attacking DPA protected devices. This article explains different approaches to the calculation of correlations, describes our implementation of these approaches and presents a detailed comparison considering their performance and their properties for a practical usage.

Influence of fault-tolerant design methods on differential power analysis resistance of AES cipher: Methodics and challenges

Autoři
Miškovský, V.; Kubátová, H.; Novotný, M.
Rok
2016
Publikováno
Proceedings of the 5th Mediterranean Conference on Embedded Computing (MECO 2016). Piscataway: Institute of Electrical and Electronics Engineers, 2016. p. 14-17. ISSN 2377-5475. ISBN 978-1-5090-2221-2.
Typ
Stať ve sborníku
DOI
10.1109/MECO.2016.7525685
Pracoviště
Katedra číslicového návrhu
Anotace
Many electronic systems has to fulfill strict dependability properties, especially both fault tolerance and attack resistance. These requirements usually contradict each other. The study and experiment descriptions of the possible methods how to measure these impacts are presented in this paper. Specifically, how fault-tolerant design methods affects resistance against differential power analysis attack and how the whole design can be modified to increase attack resistance will be discussed.

High-Performance Cryptanalysis on RIVYERA and COPACOBANA Computing Systems

Autoři
Novotný, M.; Gueneysu, T.; Kasper, T.; Paar, C.; Wienbrandt, L.; Zimmermann, R.
Rok
2013
Publikováno
High-Performance Computing Using FPGAs. New York: Springer, 2013. p. 335-366. ISBN 978-1-4614-1791-0.
Typ
Kapitola v knize
DOI
10.1007/978-1-4614-1791-0_11
Pracoviště
Katedra číslicového návrhu
Anotace
Special-purpose computing platforms based on reconfigurable hardware have shown to typically exhibit a much better performance-cost ratio than off-the-shelf computers populated with general-purpose processors. In this chapter we introduce two different FPGA-based cluster architectures, called COPACOBANA and RIVYERA. These high-performance computing clusters are populated with up to 256 Xilinx Spartan or Virtex FPGAs per system and can be interconnected to form an even larger system with 2560 FPGA per rack. In this chapter, we present a wide range of applications from the fields of cryptanalysis %and bioinformatics that have been successfully implemented on both architectures.

Differential Power Analysis under Constrained Budget: Low Cost Education of Hackers

Autoři
Buček, J.; Novotný, M.; Štěpánek, F.
Rok
2013
Publikováno
Proceedings of 16th Euromicro Conference on Digital System Design. Piscataway: IEEE Service Center, 2013. p. 645-648. ISBN 978-0-7695-5074-9.
Typ
Stať ve sborníku
DOI
10.1109/DSD.2013.130
Pracoviště
Katedra číslicového návrhu
Katedra počítačových systémů
Anotace
The differential power analysis is popular technique in exploiting weaknesses of the embedded systems — mostly of the smart cards. This approach is understandable as the DPA does not require expensive equipment or strong theoretical background on the device under attack. Therefore it is ideal for education of beginners or students in the field of computer security. The aim of this paper is to describe the economy of obtaining the basic equipment for the education of the differential power analysis and to share the experience with its teaching.

Lightweight Cipher Resistivity against Brute-Force Attack: Analysis of PRESENT

Autoři
Novotný, M.; Pospíšil, J.
Rok
2012
Publikováno
Proceedings of the 2012 IEEE 15th International Symposium on Design and Diagnostics of Electronic Circuits and Systems (DDECS). New York: IEEE Computer Society Press, 2012, pp. 197-198. ISBN 978-1-4673-1185-4.
Typ
Stať ve sborníku
DOI
10.1109/DDECS.2012.6219055
Pracoviště
Katedra číslicového návrhu
Anotace
The PRESENT cipher symmetric block cipher with 64 bits of data block and 80 (or 128) bits of key.It is based on Substitution-permutation network and consists of 31 rounds. PRESENT is intended to be implemented in small embedded and contactless systems, thus its design needs only small amount of chip area and consumes low power. In this work we evaluate the resistance of PRESENT against brute-force attack. We determine the computational demand of this type of attack conducted on special parallel hardware COPACOBANA consisting of array of FPGA chips with custom design.

Evaluating Cryptanalytical Strength of Lightweight Cipher PRESENT on Reconfigurable Hardware

Autoři
Novotný, M.; Pospíšil, J.
Rok
2012
Publikováno
Proceedings of the 15th Euromicro Conference on Digital System Design. Los Alamitos: IEEE Computer Society Press, 2012, pp. 560-567. ISBN 978-0-7695-4798-5.
Typ
Stať ve sborníku
DOI
10.1109/DSD.2012.53
Pracoviště
Katedra číslicového návrhu
Anotace
The PRESENT cipher is a symmetric block cipher with 64 bits of data block and 80 (or 128) bits of key. It is based on Substitution-permutation network and consists of 31 rounds. PRESENT is intended to be implemented in small embedded and contactless systems, thus its design needs only small amount of chip area and consumes low power. In this work we evaluate the resistance of PRESENT against time-memory trade-off attack. Specifically Rainbow Tables method is used. We determine the computational demand of this type of attack conducted on special parallel reconfigurable hardware COPACOBANA consisting of array of FPGA chips with custom design.

Breaking Hitag2 with Reconfigurable Hardware

Autoři
Novotný, M.; Štembera, P.
Rok
2011
Publikováno
Proceedings of the 14th Euromicro Conference on Digital System Design. Los Alamitos: IEEE Computer Society Press, 2011, pp. 558-563. ISBN 978-0-7695-4494-6.
Typ
Stať ve sborníku
DOI
10.1109/DSD.2011.77
Pracoviště
Katedra číslicového návrhu
Anotace
The Hitag2 stream cipher is used in many real-world applications, such as car immobilizers and door opening systems, as well as for the access control of buildings. The short length of the 48-bit secret key employed makes the cipher vulnerable to a brute-force attack, i.e., exhaustive key search. In this paper we develop the first hardware architecture for the cryptanalysis of Hitag2 by means of exhaustive key search. Our implementation on COPACOBANA is able to reveal the secret key of a Hitag2 transponder in less than 2 hour in the worst case. The speed of our approach outperforms all previously proposed attacks and requires only 2 sniffed communications between a car and a tag. Our findings thus define a new lower limit for the cloning of car keys in practice. Moreover, the attack is arbitrarily parallelizable and could thus be run on multiple COPACOBANAs to decrease the time to find the secret key.

Cryptanalysis of KeeLoq with COPACOBANA

Autoři
Novotný, M.; Kasper, T.
Rok
2009
Publikováno
SHARCS '09 Special-Purpose Hardware for Attacking Cryptographic Systems. Lausanne: EPFL, 2009, pp. 159-164.
Typ
Stať ve sborníku
Pracoviště
Katedra číslicového návrhu
Anotace
In this paper we develop a hardware architecture for the cryptanalysis of KeeLoq. Our brute-force attack, implemented on the Cost-Optimized Parallel Code-Breaker COPACOBANA, is able to reveal the secret key of a remote control in less than 0.5 seconds if a 32-bit seed is used and in less than 6 hours in case of a 48-bit seed. To obtain reasonable cryptographic strength against this type of attack, a 60-bit seed has to be used, for which COPACOBANA needs in the worst case about 1011 days for the key recovery. However, the attack is arbitrarily parallelizable and could thus be run on multiple COPACOBANAs to decrease the attack time.

Jak to u nás vypadá

Měřením průběhů proudové spotřeby během šifrování různých dat dokážeme odhalit tajný klíč, který šifrující zařízení používá. Vysvětlivky: 1 - olověný akumulátor pro napájení měřené desky s FPGA, 2 - regulátor napětí, 3 - měřené FPGA (Spartan 3E), 4 - sériová linka (komunikace mezi PC a FPGA), 5 - USB konektor pro programování FPGA, 6 - sonda druhého kanálu osciloskopu (trigger měření), 7 - měření průběhu proudové spotřeby FPGA, 8 - napájení ze síťového zdroje (v tuto chvíli se nepoužívá - na desce je vypínač), 9 - předzesilovač 30 dB. Měření průběhů proudové spotřeby probíhá na osciloskopu Agilent MSO 7104A.

Kontaktní osoba

Dr.-Ing. Martin Novotný

Kde nás najdete?

Laboratoř vestavné bezpečnosti
Katedra číslicového návrhu
Fakulta informačních technologií
České vysoké učení technické v Praze

Místnost TH:A-1058 (Budova A, 10. patro)
Thákurova 7
Praha 6 – Dejvice
160 00

Za obsah stránky zodpovídá: doc. Ing. Štěpán Starosta, Ph.D.