Dr.-Ing. Martin Novotný

Publications

Side-Channel Analysis of Cryptographic Processor CEC 1702

Authors
Horníčková, T.; Přeučil, T.; Novotný, M.; Martinásek, Z.
Year
2023
Published
Proceedings of 2023 12th Mediterranean Conference on Embedded Computing (MECO). Piscataway: IEEE, 2023. ISSN 2637-9511. ISBN 979-8-3503-2291-0.
Type
Proceedings paper
Annotation
Cryptography is omnipresent in our daily life, as we need it for trusted authentication (e.g., in access systems), secure communication, ensuring data integrity and confidentiality, and many more. However, even if mathematically secure ciphers are used, the device running the cryptographic algorithms is still vul-nerable to side-channel attacks that may reveal the secrets. These attacks exploit the fact that power consumption or electromagnetic emanation of the device depends on processed data. To prevent such an attack, the designer must employ countermeasures, such as masking, hiding, or shuffling. In this paper, we focus on Microchip CEC1702 microcontroller that supports common cryptographic operations in hardware. We analyze the resistance of its AES accelerator against correlation power analysis (CPA). We analyzed 100 million power traces by first-order CPA and univariate second-order CPA. In neither case did we find any vulnerability.

Surveying the security of access systems in Uppsala, Sweden

Year
2023
Published
Proceedings of 2023 12th Mediterranean Conference on Embedded Computing (MECO). Piscataway: IEEE, 2023. ISSN 2637-9511. ISBN 979-8-3503-2291-0.
Type
Proceedings paper
Annotation
Today, many people use several access systems on a daily basis without paying attention to the fact that many of the technologies in use are obsolete and insecure. For example, there are published attacks against all generations of MIFARE Classic cards and cloning a MIFARE Ultralight card is trivial. In this paper, we look into the security of several access systems in a student town Uppsala in Sweden. We evaluate the security of the cards or tags used for access as well as some of the security of the systems themselves. We present a detailed report on the configurations, including any vulnerabilities, while also presenting attacks exploiting these vulnerabilities, as well as real-life examples of how these attacks can be dangerous to the end user. We compare these systems to a well-designed system in the same city and suggest fixes for all vulnerabilities we found. When presenting the potential fixes, we pay attention to the ease and cost of the fixes.

A Comprehensive Survey on the Non-Invasive Passive Side-Channel Analysis

Year
2022
Published
Sensors. 2022, 22(21), ISSN 1424-8220.
Type
Article
Annotation
Side-channel analysis has become a widely recognized threat to the security of cryptographic implementations. Different side-channel attacks, as well as countermeasures, have been proposed in the literature. Such attacks pose a severe threat to both hardware and software cryptographic implementations, especially in the IoT environment where the attacker may easily gain physical access to a device, leaving it vulnerable to tampering. In this paper, we provide a comprehensive survey regarding the non-invasive passive side-channel analysis. We describe both non-profiled and profiled attacks, related security metrics, countermeasures against such attacks, and leakage-assessment methodologies, as available in the literature of more than twenty years of research.

A fair experimental evaluation of distance correlation side-channel distinguisher

Year
2022
Published
Proceedings of the 11th Mediterranean Conference on Embedded Computing (MECO 2022). Institute of Electrical and Electronics Engineers, Inc., 2022. p. 110-113. ISSN 2377-5475. ISBN 978-1-6654-6828-2.
Type
Proceedings paper
Annotation
Side-channel attacks pose a severe threat to crypto graphic implementations, allowing the attacker to recover secret information based on physical observations of the cryptographic device. Correlation Power Analysis is considered to be one of the most powerful attacks in the non-profiled scenario. In this paper, we consider the distance/Brownian correlation instead of the traditionally used Pearson coefficient. We give a fair comparison of our novel approach attacking AES on three different FPGA platforms and we discuss the distance correlation potential in the context of side-channel analysis.

Equivalent Keys: Side-Channel Countermeasure for Post-Quantum Multivariate Quadratic Signatures

Authors
Pokorný, D.; Socha, P.; Novotný, M.
Year
2022
Published
Electronics. 2022, 11(21), ISSN 2079-9292.
Type
Article
Annotation
Algorithms based on the hardness of solving multivariate quadratic equations present promising candidates for post-quantum digital signatures. Contemporary threats to implementations of cryptographic algorithms, especially in embedded systems, include side-channel analysis, where attacks such as differential power analysis allow for the extraction of secret keys from the device’s power consumption or its electromagnetic emission. To prevent these attacks, various countermeasures must be implemented. In this paper, we propose a novel side-channel countermeasure for multivariate quadratic digital signatures through the concept of equivalent private keys. We propose a random equivalent key to be generated prior to every signing, thus randomizing the computation and mitigating side-channel attacks. We demonstrate our approach on the Rainbow digital signature, but since an unbalanced oil and vinegar is its special case, our work is applicable to other multivariate quadratic signature schemes as well. We analyze the proposed countermeasure regarding its properties such as the number of different equivalent keys or the amount of required fresh randomness, and we propose an efficient way to implement the countermeasure. We evaluate its performance regarding side-channel leakage and time/memory requirements. Using test vector leakage assessment, we were not able to detect any statistically significant leakage from our protected implementation.

Evaluation of power saving methods for low-power WiFi environment sensors

Year
2022
Published
Proceedings of the 11th Mediterranean Conference on Embedded Computing (MECO 2022). Institute of Electrical and Electronics Engineers, Inc., 2022. p. 114-118. ISSN 2377-5475. ISBN 978-1-6654-6828-2.
Type
Proceedings paper
Annotation
Environment sensing devices are all around us and the instruction cycle of these devices is usually simple: wake up, measure data, send them to a central unit or to the cloud and enter deep sleep. These devices also need to last as long as possible on a single charge and when we say single charge, we mean months at least. This leads to one common problem-these devices usually use low data rate networks like ZigBee or LoRa and therefore are not easy to deploy for a common user. There are several ways of achieving low power consumption when using WiFi. This paper describes and evaluates these methods and recommends power-saving methods for the WiFi module ESP8266. This paper also describes the development of a reference low-power device that can sense the environment (temperature, humidity and pressure in this case) and uses 2.4 GHz WiFi. Therefore, this device does not need any sort of gateway and can connect directly to the network most users already have deployed. Current programming allows for quick and easy transmission of the data to an MQTT server. It is easy to quicks tart usage and mass production of the presented prototype. The system is based on the popular ESP8266 as a base for measurement, processing and WiFi communication. For power management, more circuitry is used. The paper presents a full reference schematics of the developed device.

Implementation of the Rainbow signature scheme on SoC FPGA

Year
2022
Published
Proceedings of the 2022 25th Euromicro Conference on Digital System Design. Los Alamitos: IEEE Computer Society, 2022. p. 513-519. ISBN 978-1-6654-7404-7.
Type
Proceedings paper
Annotation
Thanks to the research progress, quantum computers are slowly becoming a reality and some companies already have their working prototypes. While this is great news for some, it also means that some of the encryption algorithms used today will be rendered unsafe and obsolete. Due to this fact, NIST (US National Institute of Standards and Technology) has been running a standardization process for quantum-resistant key exchange algorithms and digital signatures. One of these is Rainbow—a signature scheme based on the fact that solving a set of random multivariate quadratic system is an NP-hard problem. This work aims to develop an AXI-connected accelerator for the Rainbow signature scheme, specifically the Ia variant. The accelerator is highly parameterizable, allowing to choose the data bus width, directly affecting the FPGA area used. It is also possible to swap components to use the design for other variants of Rainbow. This allows for a comprehensive experimental evaluation of our design. The developed accelerator provides significant speedup compared to CPU-based computation. This paper includes detailed documentation of the design as well as performance and resource utilisation evaluation.

Versatile Hardware Framework for Elliptic Curve Cryptography

Authors
Mašek, V.; Novotný, M.
Year
2022
Published
Proceedings of the 2022 25th International Symposium on Design and Diagnostics of Electronic Circuits and Systems (DDECS). Piscataway: IEEE, 2022. p. 80-83. ISSN 2473-2117. ISBN 978-1-6654-9431-1.
Type
Proceedings paper
Annotation
We propose versatile hardware framework for ECC. The framework supports arithmetic operations over P-256, Ed25519 and Curve25519 curves, enabling easy implementation of various ECC algorithms. Framework finds its application area e.g. in FIDO2 attestation or in nowadays rapidly expanding field of hardware wallets. As the design is intended to be ASIC-ready, we designed it to be area efficient. Hardware units are reused for calculations in several finite fields, and some of them are superior to previously designed circuits in terms of time-area product. The framework implements several attack countermeasures. It enables implementation of certain countermeasures even in later stages of design. The design was validated on SoC FPGA.

High-level synthesis, cryptography, and side-channel countermeasures: A comprehensive evaluation

Year
2021
Published
Microprocessors and Microsystems. 2021, 85 1-13. ISSN 0141-9331.
Type
Article
Annotation
Side-channel attacks pose a severe threat to both software and hardware cryptographic implementations. Current literature presents various countermeasures against these kinds of attacks, based on approaches such as hiding or masking, implemented either in software, or on register-transfer level or gate level in hardware. However, emerging trends in hardware design lean towards a system-level approach, allowing for faster, less error-prone, design process, an efficient hardware/software co-design, or sophisticated validation, verification, and (co)simulation strategies. In this paper, we propose a Boolean masking scheme suitable for high-level synthesis of substitution-permutation network-based encryption. We implement both unprotected and protected PRESENT, AES/Rijndael and Serpent encryption in C language, utilizing the concept of dynamic logic reconfiguration, synthesize it for Xilinx FPGA, and we compare our results regarding time and area utilization. We evaluate the effectiveness of proposed countermeasures using both specific and non-specific t-test leakage assessment methodology. We discuss the leakage assessment results, and we identify and discuss the related limitations of the system-level approach and the high-level synthesis.

Influence of Synthesis Parameters on Vulnerability to Side-Channel Attacks

Authors
Balihar, T.; Novotný, M.
Year
2021
Published
Proceedings of the 10th Mediterranean Conference on Embedded Computing (MECO'2020). Institute of Electrical and Electronics Engineers, Inc., 2021. p. 735-740. ISSN 2637-9511. ISBN 978-0-7381-3361-4.
Type
Proceedings paper
Annotation
Every cryptographic design has to be secure to fulfil its function properly. As side-channel attacks are becoming easier and easier to perform, designers of secure circuits must pay attention to implementing various countermeasures against these attacks. However, in some cases, their hard work can be thwarted if automatic optimizations invalidate the defences. This work explores the effect of synthesis parameters settings on the vulnerability of the cryptographic designs implemented in FPGAs to side-channel attacks. It focuses on the implementation of Advanced Encryption Standard (AES) with multiple countermeasures against attacks and evaluates the effect of parameters settings on security using Test Vector Leakage Assessment based on Welch’s t-test.

Secure and dependable: Area-efficient masked and fault-tolerant architectures

Year
2021
Published
Proceedings of the 2021 24th Euromicro Conference on Digital System Design. Los Alamitos: IEEE Computer Society, 2021. p. 333-338. ISBN 978-1-6654-2703-6.
Type
Proceedings paper
Annotation
Masking is a powerful instrument for protecting cryptographic devices against side-channel analysis. Multiple masking schemes were introduced providing provable security against attacks of arbitrary order even in the presence of glitches. When a device is a part of some safety-critical system, it needs to meet dependability requirements; therefore, it should be protected against spontaneously occurring faults. Existing commonly used fault-tolerance architectures involve high area overhead as so as the masking schemes do. In this paper, we propose architectures meeting dependability properties of simple modular-redundancy schemes and SCA resistance of masking schemes, but decreasing the area overhead utilizing the randomness involved in the masking schemes. We compare our Masked Duplex architecture with Triple Modular Redundancy. While using one less redundant module, our architecture saves around 20% of the area in comparison with TMR in the case of Threshold Implementation of PRESENT cipher, promising more savings for more complex cryptographic schemes

Side-channel attack on Rainbow post-quantum signature

Authors
Pokorný, D.; Socha, P.; Novotný, M.
Year
2021
Published
Proceedings of the 2021 Design, Automation & Test in Europe (DATE). New Jersey: IEEE, 2021. p. 565-568. ISSN 1558-1101. ISBN 978-3-9819263-5-4.
Type
Proceedings paper
Annotation
Rainbow, a layered multivariate quadratic digital signature, is a candidate for standardization in a competition-like process organized by NIST. In this paper, we present a CPA side-channel attack on the submitted 32-bit reference implementation. We evaluate the attack on an STM32F3 ARM microcontroller,successfully revealing the full private key. Furthermore, we propose a simple masking scheme with minimum overhead.

Exploiting Linearity in White-Box AES with Differential Computation Analysis

Authors
Klemsa, J.; Novotný, M.
Year
2020
Published
Proceedings of the 2020 Computing Conference, Volume 3. Basel: Springer Nature Switzerland AG, 2020. p. 404-419. ISSN 2194-5357. ISBN 978-3-030-52242-1.
Type
Proceedings paper
Annotation
Not only have all current scientific white-box AES schemes been mathematically broken, they also face a family of attacks derived from traditional Side Channel Attacks, e.g., Differential Computation Analysis (DCA) introduced by Bos et al. Such attacks are very universal and easy-to-mount – they require neither knowledge of the implementation, nor use of reverse engineering. In this paper, we particularly focus on DCA against white-box AES by Chow et al. which shows lower than 100% success rate as opposed to other schemes studied by Bos et al. We provide an explanation of this phenomenon while unraveling another weakness in the design of white-box AES by Chow et al. Based on our theoretical results, we propose an extension of the original DCA attack which has a higher chance of key recovery and might be adapted for other schemes.

Novel Controller for Dummy Rounds Scheme DPA Countermeasure

Authors
Year
2020
Published
Proceedings of the 23rd Euromicro Conference on Digital Systems Design. Los Alamitos, CA: IEEE Computer Soc., 2020. p. 281-284. ISBN 978-1-7281-9535-3.
Type
Proceedings paper
Annotation
In our previous work, we developed the Dummy Rounds countermeasure to protect the hardware design against side-channel attacks. The scheme employs hiding in time and hiding in consumption. After several improvements of the datapath, the leakage has been minimized significantly. In this paper, we present the enhancement of the Dummy Rounds controller. This enhancement enables further reduction of the leakage. We tested the method on PRESENT cipher implemented in the Sakura-G board. The design was evaluated using Welch's t-test.

Novel Dummy Rounds Schemes as a DPA Countermeasure in PRESENT Cipher

Authors
Year
2020
Published
Proceedings of the 23rd International Symposium on Design and Diagnostics of Electronic Circuits and Systems. Piscataway, NJ: IEEE, 2020. p. 1-4. ISSN 2334-3133. ISBN 978-1-7281-9938-2.
Type
Proceedings paper
Annotation
The Dummy Rounds Side-Channel Attacks countermeasure scheme for digital design has been proposed in earlier work. Its experimental evaluation and analysis revealed weaknesses that resulted in the proposal of an enhanced Dummy Rounds scheme. In this paper, we present the implementation of the proposed enhancement of Dummy Rounds scheme in PRESENT cipher and provide its experimental evaluation using Welch’s t-test. We further propose several novel modifications of dummy Rounds scheme as a solution to other security problems we have encountered. Novel Dummy Rounds scheme, namely its modifications proposed in this paper, are superior to earlier proposed schemes in terms of side-channel leakage prevention.

Side-channel countermeasures utilizing dynamic logic reconfiguration: Protecting AES/Rijndael and Serpent encryption in hardware

Authors
Socha, P.; Brejník, J.; Balasch, J.; Novotný, M.; Mentens, N.
Year
2020
Published
Microprocessors and Microsystems. 2020, 78 1-10. ISSN 0141-9331.
Type
Article
Annotation
Dynamic logic reconfiguration is a concept that allows for efficient on-the-fly modifications of combinational circuit behavior in both ASIC and FPGA devices. The reconfiguration of Boolean functions is achieved by modification of their generators (e.g., shift register-based look-up tables) and it can be controlled from within the chip, without the necessity of any external intervention. This hardware polymorphism can be utilized for the implementation of side-channel attack countermeasures, as demonstrated by Sasdrich et al. for the lightweight cipher PRESENT. In this work, we adapt these countermeasures to two of the AES finalists, namely Rijndael and Serpent. Just like PRESENT, both Rijndael and Serpent are block ciphers based on a substitution-permutation network. We describe the countermeasures and adjustments necessary to protect these ciphers using the resources available in modern Xilinx FPGAs. We describe our implementations and evaluate the side-channel leakage and effectiveness of different countermeasures combinations using a methodology based on Welch’s t-test. Furthermore, we attempt to break the protected AES/Rijndael implementation using second-order DPA/CPA attacks. We did not detect any significant first-order leakage from the fully protected versions of our implementations. Using one million power traces, we detect second-order leakage from Serpent encryption, while AES encryption second-order leakage is barely detectable. We show that the countermeasures proposed by Sasdrich et al. are, with some modifications, successfully applicable to AES and Serpent.

Towards High-Level Synthesis of Polymorphic Side-Channel Countermeasures

Year
2020
Published
Proceedings of the 23rd Euromicro Conference on Digital Systems Design. Los Alamitos, CA: IEEE Computer Soc., 2020. p. 193-199. ISBN 978-1-7281-9535-3.
Type
Proceedings paper
Annotation
Side-channel attacks pose a severe threat to both software and hardware cryptographic implementations. Current literature presents various countermeasures against these kinds of attacks, based on approaches such as hiding or masking, implemented either in software, or on register-transfer or gate-level in hardware. However, emerging trends in hardware design lean towards a system-level approach, allowing for faster, less error-prone, design process, an efficient hardware/software co-design, or sophisticated validation, verification, and (co)simulation strategies. In this paper, we propose a Boolean masking scheme suitable for high-level synthesis. We implement a protected PRESENT encryption in C language, utilizing the concept of dynamic logic reconfiguration, synthesize it for Xilinx Artix 7 FPGA, and we compare our results regarding clock cycle latency and area utilization. We evaluate the effectiveness of proposed countermeasures using specific t-test leakage assessment methodology. We show that our high-level synthesis implementation successfully conceals the side-channel leakage while maintaining reasonable area and latency overhead.

WTFHE: neural-netWork-ready Torus Fully Homomorphic Encryption

Authors
Klemsa, J.; Novotný, M.
Year
2020
Published
Proceedings of the 9th Mediterranean Conference on Embedded Computing - MECO'2020. Institute of Electrical and Electronics Engineers, Inc., 2020. p. 434-438. ISSN 2637-9511. ISBN 978-1-7281-6949-1.
Type
Proceedings paper
Annotation
We are currently witnessing two arising trends, which have a huge potential to threaten our privacy: the invasive sensors of the Internet of Things (IoT), and the powerful data mining techniques, in particular we focus on Neural Networks (NN's). For this reason, powerful countermeasures must be called for service: namely end-to-end encryption. Such an approach however requires an encryption scheme that enables processing of the encrypted data - this is known as the Fully Homomorphic Encryption (FHE). In this paper, we revisit an FHE scheme named TFHE, which is suitable for evaluation of NN's over encrypted input data, and we suggest to incorporate a verifiability feature to the evaluation process. Since there already exist other variants of the original TFHE scheme-currently only implemented in C++, which is rigid-we further introduce a library for rapid prototyping of new concepts related to TFHE. Our library is implemented in Ruby, which is an interpreted language and which goes with an interactive shell. Hence any new method can be speedily verified before implemented as a high-performance library.

Dynamic Logic Reconfiguration Based Side-Channel Protection of AES and Serpent

Authors
Socha, P.; Brejník, J.; Jeřábek, S.; Novotný, M.; Mentens, N.
Year
2019
Published
Proceedings of the 22nd Euromicro Conference on Digital Systems Design. Los Alamitos, CA: IEEE Computer Soc., 2019. p. 277-282. ISBN 978-1-7281-2861-0.
Type
Proceedings paper
Annotation
Dynamic logic reconfiguration is a concept which allows for efficient on-the-fly modifications of combinational circuit behaviour in both ASIC and FPGA devices. The reconfiguration of Boolean functions is achieved by modification of their generators (e.g. shift register-based look-up tables) and it can be controlled from within the chip, without the necessity of any external intervention. This hardware polymorphism can be utilized for the implementation of side-channel attack countermeasures, as demonstrated by Sasdrich et al. for the lightweight cipher PRESENT. In this work we adopt these countermeasures to two of the AES finalists, namely Rijndael and Serpent. Just like PRESENT, both Rijndael and Serpent are block ciphers based on a substitution-permutation network. We describe the countermeasures and adjustments necessary to protect these ciphers using the resources available in modern Xilinx FPGAs. We describe our VHDL implementations and evaluate the side-channel leakage and effectiveness of different countermeasure combinations using a methodology based on Welch’s t-test. We did not detect any significant leakage from the fully protected versions of our implementations. We show that the countermeasures proposed by Sasdrich et al. are, with some modifications compared to the protected PRESENT implementation, successfully applicable to AES and Serpent.

Efficient algorithmic evaluation of correlation power analysis: Key distinguisher based on the correlation trace derivative

Year
2019
Published
Microprocessors and Microsystems. 2019, 2019(71), 1-8. ISSN 0141-9331.
Type
Article
Annotation
Correlation power analysis (CPA) is one of the most common side-channel attacks today, posing a threat to many modern ciphers, including AES. In the final step of this attack, the cipher key is usually extracted by the attacker by visually examining the correlation traces for each key guess. The naïve way to extract the correct key algorithmically is selecting the key guess with the maximum Pearson correlation coefficient. We propose another key distinguisher based on a significant change in the correlation trace rather than on the absolute value of the coefficient. Our approach performs better than the standard maximization, especially in the noisy environment, and it allows to significantly reduce the number of acquired power traces necessary to successfully mount an attack in noisy environment, and in some cases make the attack even feasible.

First-Order and Higher-Order Power Analysis: Computational Approaches and Aspects

Year
2019
Published
Proceedings of the 8th Mediterranean Conference on Embedded Computing - MECO'2019. Institute of Electrical and Electronics Engineers, Inc., 2019. p. 83-87. ISSN 2377-5475. ISBN 978-1-7281-1739-3.
Type
Proceedings paper
Annotation
Side-channel analysis pose a serious threat to many modern cryptosystems. Using Correlation power analysis, attacker may be able to recover the cipher key and therefore jeopardize the whole cryptosystem, which is why many countermeasures are being developed. These countermeasures are typically effective against first-order attacks. However, protected implementations may still be vulnerable to higher-order analysis. In this paper, we compare different approaches to the higher-order analysis regarding their mathematical and performance properties. We focus on Correlation power analysis attack and the test vector leakage assesment using Welch’s t-test, we optimize and accelerate discussed algorithms using CPU and GPU, and we present our experimental results and remarks

High-Performance Spiking Neural Network Simulator

Authors
Year
2019
Published
Proceedings of the 8th Mediterranean Conference on Embedded Computing - MECO'2019. Institute of Electrical and Electronics Engineers, Inc., 2019. p. 88-91. ISSN 2377-5475. ISBN 978-1-7281-1739-3.
Type
Proceedings paper
Annotation
Simulation of neural networks is a significant task for contemporary artificial intelligence research. Despite the availability of modern processing hardware, the task is still too demanding to be done in a sequential way. Therefore, a parallel computation approach is almost always necessary. Modern graphical accelerators (GPUs) represent highly parallel machines with a significant computational performance that can be unleashed only under certain conditions including threads scheduling, proper sources occupation, aligned data access, communication management, etc. We have proposed a novel acceleration approach for large neural networks. It is using a GPU and incorporating biologically highly precise spiking neurons that can imitate real biological neurons. The simulator can be, for example, used for research of communication dynamics of large neural networks with tens of thousands of spiking neurons.

Low-Cost Portable ECG

Year
2019
Published
Proceedings of the 8th Mediterranean Conference on Embedded Computing - MECO'2019. Institute of Electrical and Electronics Engineers, Inc., 2019. p. 660-663. ISSN 2377-5475. ISBN 978-1-7281-1739-3.
Type
Proceedings paper
Annotation
Common contemporary ECG units are computer-based devices that can be connected to the computer network to enable simultaneous monitoring of several patients in, e.g., intensive care units. Typically, these devices are relatively large, heavy, and powered from the wall socket. As a result, the movement of a patient is limited, even in cases when the patient’s physical condition does not bind him/her to the bed. This paper describes proof-of-concept portable device for electrocardiography which can measure three elemental ECG leads, is battery powered and transmits measured data into a central data collection unit via WiFi. Therefore, the patient can leave the bed for a reasonable distance, while the physician can continue monitoring the patient’s health condition. It is easy to quickstart usage and mass production of the presented prototype. We have tested the hardware and developed the necessary software. The system is based on ADAS1000 from Analog Devices as an ECG analogue front-end. Measured data are processed by STM32L0 MCU and sent to the data collection unit using the ESP8266 WiFi module.

Multiprecision ANSI C Library for Implementation of Cryptographic Algorithms on Microcontrollers

Authors
Říha, J.; Klemsa, J.; Novotný, M.
Year
2019
Published
Proceedings of the 8th Mediterranean Conference on Embedded Computing - MECO'2019. Institute of Electrical and Electronics Engineers, Inc., 2019. p. 275-278. ISSN 2377-5475. ISBN 978-1-7281-1739-3.
Type
Invited/Awarded proceedings paper
Annotation
Current cryptographic algorithms work with operands that are several times wider than the machine word, e.g., the still popular RSA algorithm shall use at least 2 048-bit keys. Such algorithms therefore require libraries that implement multiprecision arithmetic. Existing libraries are either not tailored for microcontrollers, or they implement an incomplete set of multiprecision operations, which limits the implementation of some unusual cryptographic algorithms on microcontrollers. In this work, we present a novel ANSI C library that implements also some less common operations like, e.g., multiprecision integer division. The library was designed with respect to the use on microcontrollers and has been tested on ARM M4-based microcontroller Microchip CEC1302.

SICAK: An open-source SIde-Channel Analysis toolKit

Year
2019
Published
8th Workshop on Trustworthy Manufacturing and Utilization of Secure Devices (TRUDEVICE 2019). Karlsruhe Institute of Technology, 2019.
Type
Proceedings paper
Annotation
Side-channel cryptanalysis pose a serious threat to many modern cryptographic systems. Typical scenario of a side-channel attack consists of an active phase, where data are acquired, and of an analytical phase, where the data get examined and evaluated. This work presents a software toolkit which includes support for both phases of the side-channel attack. The toolkit consists of non-interactive text-based utilities with modular plug-in architecture. The measurement utility supports different oscilloscopes, target interfaces and measurement scenarios. The evaluation utilities include support for the test vector leakage assessment and the CPA attack. Different approaches to the algorithmical evaluation of the attack are implemented in order to extract the cipher key. The visualisation utility allows for the visual examination of the attack results by the user. The toolkit aims to be multiplatform and it is written using C/C++ with performance in mind. Time-demanding operations (such as the statistical analysis) are accelerated using OpenMP and OpenCL for an efficient computation on both CPU and GPU devices.

Correlation Power Analysis Distinguisher Based on the Correlation Trace Derivative

Year
2018
Published
Proceedings of the 21st Euromicro Conference on Digital System Design. Piscataway: IEEE, 2018. p. 565-568. ISBN 978-1-5386-7376-8.
Type
Proceedings paper
Annotation
Correlation power analysis (CPA) is one of the most common side channel attacks today, posing a threat to many modern ciphers, including AES. The simplest method to extract the correct key guess is selecting the guess with the maximum Pearson correlation coefficient. We propose another distinguisher based on a significant change in the correlation trace rather than on the absolute value of the coefficient. Our approach performs better than the standard CPA, especially in the noisy environment.

Dummy Rounds as a DPA countermeasure in hardware

Year
2018
Published
Proceedings of the 21st Euromicro Conference on Digital System Design. Piscataway: IEEE, 2018. p. 523-528. ISBN 978-1-5386-7376-8.
Type
Proceedings paper
Annotation
This paper describes the technique of Dummy Rounds as a countermeasure against DPA in hardware implementation of round-based ciphers. Its principle is inspired by several well-known countermeasures used in hardware as Hiding and Dynamic Reconfiguration as well as countermeasures used in software implementations as Dummy cycles, Random order execution or Hiding in time. Being inspired by countermeasures based on dynamic reconfiguration, this method combines hiding of power consumption with hiding in time. In this work we also discuss the amount of randomness available for the control of the computation.

Dummy Rounds jako opatření proti DPA v hardwaru

Year
2018
Published
Počítačové architektury a diagnostika 2018. Plzeň: Západočeská univerzita v Plzni, 2018. p. 33-36. ISBN 978-80-261-0814-6.
Type
Proceedings paper
Annotation
Tato práce popisuje techniku Dummy Rounds jako protiopatření vůči DPA v hardwarových implementacích rundovních šifer. Princip je inspirován dobře známými metodami používaných v hardwaru jako skrývání a dynamická rekonfigurace stejně jako metodami z softwarových implementací jako nadbytečné cykly, náhodné provádění instrukcí nebo skrývání v čase. Tato metoda inspirovaná dynamickou rekonfigurací kombinuje skrývání spotřeby se skrýváním v čase. V této práci také diskutujeme množství náhodnosti dostupné pro kontrolu výpočtu.

Speeding up differential power analysis using integrated power traces

Year
2018
Published
2018 7th Mediterranean Conference on Embedded Computing (MECO). Piscataway: IEEE, 2018. p. 19-23. ISBN 978-1-5386-5683-9.
Type
Proceedings paper
Annotation
Side-channel attacks, including differential power analysis (DPA), are still an emerging topic. To make a deep research about DPA, one needs to be able to perform it as fast as possible. There are many possible ways to decrease the time of the attack. In this paper, we propose a way to decrease the duration of the correlation computations of this kind of attack by decreasing the number of samples per a power trace using an integration based aggregation method. We comprehensively describe this idea and present the results of an experimental evaluation focusing on the time efficiency of this approach.

Cryptanalytic attacks on cyber-physical systems

Authors
Year
2017
Published
Microprocessors and Microsystems. 2017, 2017(52), 534-539. ISSN 0141-9331.
Type
Article
Annotation
Cryptography finds its application in various objects used in our everyday life. GSM communication, credit cards, tickets for public transport or REID tags employ cryptographic features either to protect privacy or to ensure trustworthy authentication. However, many such objects are vulnerable to certain cryptanalytic attacks. In this review we discuss how FPGA-based cryptanalytic hardware may compromise GSM communication, or how standard laboratory equipment may be used for breaking Smart Card security. This review summarizes keynote speech that was given at 5th Mediterranean Conference on Embedded Computing (MECO'2016).

Differential Power Analysis on FPGA board: Boundaries of Success

Authors
Mazur, L.; Novotný, M.
Year
2017
Published
Proceedings of the 6th Mediterranean Conference on Embedded Computing (MECO 2017). IEEE (Institute of Electrical and Electronics Engineers), 2017. p. 92-95. ISBN 978-1-5090-6741-1.
Type
Proceedings paper
Annotation
Differential Power Analysis (DPA) is a contemporary method able to break cryptographic device via measuring and analyzing its power consumption. The success rate of the DPA method strongly depends on the measurement setup. We have investigated and evaluated the influence of measurement setup on the success rate of DPA attack against FPGA board running AES encryption. From our findings it follows that removing decoupling capacitors plays major role in success rate of the DPA attack. Replacing standard switched-mode power supply with accumulators and linear stabilizers simplifies the attack, however, its effect is not that significant.

Digital Design Connecting Fault Tolerance and Attack Resistance

Year
2017
Published
Počítačové architektúry & diagnostika PAD 2017 - Zborník príspevkov. Bratislava: STU Scientific, 2017. pp. 43-46. ISBN 978-80-972784-0-3.
Type
Invited/Awarded proceedings paper
Annotation
Fault tolerance and attack resistance are design properties possibly demanded at the same time. There are many design methods providing one of these properties, but in both cases they introduce considerable area and power overhead. Unfortunately, the overhead of fault tolerant design could negatively influence the attack resistance and vice versa, the overhead of attack resistant design could negatively influence the fault tolerance. The main aim of this research is determination of the mutual influence and suggestion of new design methods combining both fault tolerance and attack resistance.

Dynamic Reconfiguration as Countermeasure against DPA

Year
2017
Published
Počítačové architektúry & diagnostika PAD 2017 - Zborník príspevkov. Bratislava: STU Scientific, 2017. ISBN 978-80-972784-0-3.
Type
Proceedings paper
Annotation
Tato práce pojednává o směřování výzkumu v rámci tématu dizertační práce věnující se bezpečným a spolehlivým architekturám pro programovatelný hardware, především FPGA. Konkrétně práce pojednává o již existující implementaci šifry PRESENT na FPGA, kde je použita dynamická rekonfigurace jako jedno z opatření proti útoku pomocí rozdílové odběrové analýzy. Poté obsahuje diskusi nových možností pužití dynamické rekonfigurace a jejich vliv na bezpečnost i spolehlivost výsledného obvodu.

Dynamic Reconfiguration as Countermeasure against DPA

Year
2017
Published
Proceedings of the Work in Progress Session SEAA/DSD 2017. Linz: Johannes Kepler University, 2017. ISBN 978-3-902457-48-6.
Type
Proceedings paper
Annotation
Reliability and security are critical properties of all hardware designs. However improving of one of the metrics causes very often decrease of the other metric. Our goal is to find novel method of programmable hardware design increasing both, reliability and security, or at least one of them without decreasing the other. We want to use dynamic reconfiguration on FPGA with lightweight cipher PRESENT implemented as countermeasure against differential power analysis. We will implement on our own existing method described in one of the earlier published papers. After that we will investigate influence of some modifications, implement our novel usage of dynamic reconfiguration usage combining it with hiding in time method and also investigate combination of our novel method and the previously published.

Emulator of Contactless Smart Cards in FPGA

Year
2017
Published
Proceedings of the 6th Mediterranean Conference on Embedded Computing (MECO 2017). IEEE (Institute of Electrical and Electronics Engineers), 2017. p. 96-99. ISBN 978-1-5090-6741-1.
Type
Proceedings paper
Annotation
This paper describes implementation of contactless smart card emulator compliant with ISO/IEC 14443 in Field Programmable Gate Array (FPGA). Systems using contactless smart cards are widely used and some of these systems are not secured properly. For example in many such systems smart card Unique Identifier (UID) is used as the only one authentication mean. As the UID is not encrypted and is read from the card in plain, it is easy to make a copy of the smart card and use the clone as the original card. In this work we describe emulator of a smart card implemented in FPGA which is able to spoof some genuine smart card. Emulator described in this work emulates protocol described in ISO/IEC 14443 standard, which in detail describes all aspects of RFID smart cards (from physical attributes of both - cards and readers - to communication by digital signals). The emulator is able to come through the whole card selection process and to spoof the real smart card with given UID. Moreover emulator can be selected also for higher application layer protocol communication. If we know the proprietary application layer protocol, emulator is able to spoof communication on this protocol with data recorded in it. This functionality was successfully tested on systems used at Czech Technical University in Prague, where the weak implementation of UID as the only one authentication mean is used. Emulator is responding faster than most of other existing smart card emulators thanks to high efficient implementation in hardware.

Influence of Fault-Tolerance Techniques on Power-Analysis Resistance of Cryptographic Design

Year
2017
Published
Proc. of the 20th Euromicro Conference on Digital System Design. Piscataway, NJ: IEEE, 2017. p. 260-267. ISBN 978-1-5386-2146-2.
Type
Proceedings paper
Annotation
As the security is becoming more and more important these days, we still should not forget about reliability. When designing a cryptographic device for some mission-critical or another reliability demanding system, we need to make the device not only attack-resistant, but also fault-tolerant. There are many common fault-tolerant digital design techniques, however, it is questionable, how these techniques affect the attack-resistance. Do they make the device more vulnerable e.g. to side-channel attacks? In our work we focused on finding the answer to this question. We experimentally evaluated the influence of information redundancy, space redundancy and time redundancy techniques on resistance against power analysis attack. In this paper we present our observations.

Influence of passive hardware redundancy on differential power analysis resistance of AES cipher implemented in FPGA

Year
2017
Published
Microprocessors and Microsystems. 2017, 2017(51), 220-226. ISSN 0141-9331.
Type
Article
Annotation
Many electronic systems have to fulfill strict dependability properties, especially both fault tolerance and attack resistance. Intuitively, these requirements may seem to contradict each other. A study and an experiment description of the possible methods how to measure these impacts as well as result of first experiments are presented in this paper. Specifically, how basic passive hardware redundancy design methods affects resistance against differential power analysis attack and how the whole design can be modified to increase attack resistance will be discussed.

Optimization of Pearson correlation coefficient calculation for DPA and comparison of different approaches

Year
2017
Published
Proceedings of the 2017 IEEE 20th International Symposium on Design and Diagnotics of Electronic Circuit & Systems. Piscataway, NJ: IEEE, 2017. p. 184-189. ISSN 2473-2117. ISBN 978-1-5386-0472-4.
Type
Proceedings paper
Annotation
Differential power analysis (DPA) is one of the most common side channel attacks. To perform this attack we need to calculate a large amount of correlation coefficients. This amount is even higher when attacking FPGAs or ASICs, for higher order attacks and especially for attacking DPA protected devices. This article explains different approaches to the calculation of correlations, describes our implementation of these approaches and presents a detailed comparison considering their performance and their properties for a practical usage.

Practical Session: Differential Power Analysis for Beginners

Authors
Buček, J.; Novotný, M.; Štěpánek, F.
Year
2017
Published
Hardware Security and Trust. Springer International Publishing, 2017. p. 77-91. ISBN 978-3-319-44316-4.
Type
Book chapter
Annotation
This tutorial will introduce you to the basics of the DPA (Differential Power Analysis) – a technique that exploits the dependency of the processed data on the power trace of the device to extract some secret information that would not be otherwise available. During the session you will learn how to process the power trace of the implementation of the AES encryption algorithm using an algebraic system (in our case Matlab), create the power hypothesis, extract the secret information and also how to measure the power consumption of the embedded system (smart card) in order to obtain the power traces. The first part of the tutorial Differential Power Analysis – Key Recovery is aimed at explaining the creation of the power hypothesis and the use of algebraic systems. The second part of the tutorial DPA – measurement with an oscilloscope covers the practical part of the exercise - the measurement of the power consumption using the PicoScope.

Cryptanalytical Attacks on Cyber-Physical Systems

Authors
Year
2016
Published
Proceedings of the 5th Mediterranean Conference on Embedded Computing (MECO 2016). Piscataway: Institute of Electrical and Electronics Engineers, 2016. pp. 10. ISSN 2377-5475. ISBN 978-1-5090-2221-2.
Type
Invited/Awarded proceedings paper
Annotation
Cryptography finds its application area in many contemporary object of daily usage. GSM communication, credit cards, tickets for public transport or RFID tags employ cryptographic features either to protect privacy or to ensure trustworthy authentication. However, many such objects are vulnerable to certain cryptanalytical attacks. In our presentation we will discuss how FPGA-based cryptanalytical hardware may compromise GSM communication, or how standard laboratory equipment may be used for breaking SmartCard security. Finally, we would debate one of recent cryptographic challenges, namely protection of dependable systems against cryptanalytical attacks.

Digital Design Connecting Attack Resistance and Fault Tolerance

Year
2016
Published
Počítačové Architektury & Diagnostika PAD 2016 - Sborník příspěvků. Brno: Vysoké učení technické v Brně, 2016. p. 53-56. ISBN 978-80-214-5376-0.
Type
Proceedings paper
Annotation
This research is about possibilities of connecting fault tolerant and attack resistant digital design methods. These properties often contradict each other and both of them cause high area and power consumption overhead. We currently focus on mutual influence of these properties and our future objective is to find some new design method increasing both fault tolerance and attack resistance at the same time.

Education of Computer Engineering at CTU in Prague

Year
2016
Published
Proceedings of the 5th Mediterranean Conference on Embedded Computing (MECO 2016). Piscataway: Institute of Electrical and Electronics Engineers, 2016. pp. 22-25. ISSN 2377-5475. ISBN 978-1-5090-2221-2.
Type
Proceedings paper
Annotation
This paper presents the experience from 7 years existence of Faculty of Information Technology at Czech Technical University in Prague with respect to today Computer Engineering specialization trends. Our education process and study methods are based on programmable hardware, embedded systems and design style intended for such devices. All our courses have both parts; theoretical lectures and practical labs. Here the structure and methods how to prepare our bachelor students for both practice and for the further master study is presented.

Influence of fault-tolerant design methods on differential power analysis resistance of AES cipher: Methodics and challenges

Year
2016
Published
Proceedings of the 5th Mediterranean Conference on Embedded Computing (MECO 2016). Piscataway: Institute of Electrical and Electronics Engineers, 2016. p. 14-17. ISSN 2377-5475. ISBN 978-1-5090-2221-2.
Type
Proceedings paper
Annotation
Many electronic systems has to fulfill strict dependability properties, especially both fault tolerance and attack resistance. These requirements usually contradict each other. The study and experiment descriptions of the possible methods how to measure these impacts are presented in this paper. Specifically, how fault-tolerant design methods affects resistance against differential power analysis attack and how the whole design can be modified to increase attack resistance will be discussed.

Advanced control unit for linear motor for precise measurements in biomechanics

Authors
Bartík, M.; Novotný, M.
Year
2015
Published
EMBEDDED COMPUTING. MEDITERRANEAN CONFERENCE. 4TH 2015. (MECO 2015). New York: IEEE, 2015. p. 129-133. ISBN 978-1-4799-8999-7.
Type
Proceedings paper
Annotation
This paper describes design and development of an advanced control unit for linear motor. The unit is designed for performing precise, reliable and safe measurements in (cardiovascular) biomechanics. Design and implementation of this embedded system is focused on availability, predictability and fail-safe behavior. Designing this system shows practical use of an FPGA chips for embedded system design with respect to low latency, high throughput, real-time operations and parallel processing of commands and/or handling error states. The control software has been developed in C/MATLAB.

Comparison of various approaches in Fault-Tolerant and Attack-Resistant system design

Authors
Štěpánek, F.; Novotný, M.
Year
2014
Published
Proceedings of the 2nd Prague Embedded Systems Workshop. 2014, Available from: http://pesw2014.fit.cvut.cz/papers/Stepanek.pdf
Type
Proceedings paper
Annotation
Fault-tolerance and attack-resistance are often discussed properties of embedded systems but are rarely achieved at the same time. The deployment of fault-tolerant systems demands some kind of reliability in hazard environment or the possibility of recovery in case of failure of the system to protect human lives or to prevent damage to property. The attack-resistant devices on the other hand protect the secrets/money or some other sensitive information of others from being misused or stolen. But as the number of attacks on software systems become more frequent and as the required education of attackers keeps decreasing, the question is { When the safety-critical systems become target of malicious attacks?" The aim of this presentation is to discuss various fault tolerant and attack resistant system design approaches, to find common properties and to compare them to the ordinary design ow of the embedded systems. The goal of this work is to discuss the possibility of having both fault-tolerance and attack-resistance in embedded systems at the same time.

Differential Power Analysis under Constrained Budget: Low Cost Education of Hackers

Authors
Štěpánek, F.; Buček, J.; Novotný, M.
Year
2013
Published
Proceedings of 16th Euromicro Conference on Digital System Design. Piscataway: IEEE Service Center, 2013. p. 645-648. ISBN 978-0-7695-5074-9.
Type
Proceedings paper
Annotation
The differential power analysis is popular technique in exploiting weaknesses of the embedded systems — mostly of the smart cards. This approach is understandable as the DPA does not require expensive equipment or strong theoretical background on the device under attack. Therefore it is ideal for education of beginners or students in the field of computer security. The aim of this paper is to describe the economy of obtaining the basic equipment for the education of the differential power analysis and to share the experience with its teaching.

High-Performance Cryptanalysis on RIVYERA and COPACOBANA Computing Systems

Authors
Gueneysu, T.; Kasper, T.; Novotný, M.; Paar, C.; Wienbrandt, L.; Zimmermann, R.
Year
2013
Published
High-Performance Computing Using FPGAs. New York: Springer, 2013. p. 335-366. ISBN 978-1-4614-1791-0.
Type
Book chapter
Annotation
Special-purpose computing platforms based on reconfigurable hardware have shown to typically exhibit a much better performance-cost ratio than off-the-shelf computers populated with general-purpose processors. In this chapter we introduce two different FPGA-based cluster architectures, called COPACOBANA and RIVYERA. These high-performance computing clusters are populated with up to 256 Xilinx Spartan or Virtex FPGAs per system and can be interconnected to form an even larger system with 2560 FPGA per rack. In this chapter, we present a wide range of applications from the fields of cryptanalysis %and bioinformatics that have been successfully implemented on both architectures.

On Measurement of Synchronous Phasors in Electrical Grids

Authors
Kyncl, J.; Hariram, A.; Novotný, M.
Year
2013
Published
ISCAS 2013 Conference Proceedings. Piscataway: IEEE, 2013. pp. 2972-2975. ISSN 0271-4302. ISBN 978-1-4673-5760-9.
Type
Proceedings paper
Annotation
Precise estimation of frequency and phasor has become important in electrical power grids. Knowledge of phasor enables localization of faults, calculation of active and reactive power flows, determination of electrical parameters of system components (lines, transformers), etc. In this paper we present a new method for frequency and phasor assessment. Frequency assessment is done by applying statistical methods such as minimizing standard deviation of moving averages for the window length corresponding to possible frequency. Phasor assessment is done using numerical quadrature. The algorithm has been developed using Wolfram Mathematica® and implemented in development board equipped with a microcontroller.

Evaluating Cryptanalytical Strength of Lightweight Cipher PRESENT on Reconfigurable Hardware

Authors
Pospíšil, J.; Novotný, M.
Year
2012
Published
Proceedings of the 15th Euromicro Conference on Digital System Design. Los Alamitos: IEEE Computer Society Press, 2012, pp. 560-567. ISBN 978-0-7695-4798-5.
Type
Proceedings paper
Annotation
The PRESENT cipher is a symmetric block cipher with 64 bits of data block and 80 (or 128) bits of key. It is based on Substitution-permutation network and consists of 31 rounds. PRESENT is intended to be implemented in small embedded and contactless systems, thus its design needs only small amount of chip area and consumes low power. In this work we evaluate the resistance of PRESENT against time-memory trade-off attack. Specifically Rainbow Tables method is used. We determine the computational demand of this type of attack conducted on special parallel reconfigurable hardware COPACOBANA consisting of array of FPGA chips with custom design.

Lightweight Cipher Resistivity against Brute-Force Attack: Analysis of PRESENT

Authors
Pospíšil, J.; Novotný, M.
Year
2012
Published
Proceedings of the 2012 IEEE 15th International Symposium on Design and Diagnostics of Electronic Circuits and Systems (DDECS). New York: IEEE Computer Society Press, 2012, pp. 197-198. ISBN 978-1-4673-1185-4.
Type
Proceedings paper
Annotation
The PRESENT cipher symmetric block cipher with 64 bits of data block and 80 (or 128) bits of key.It is based on Substitution-permutation network and consists of 31 rounds. PRESENT is intended to be implemented in small embedded and contactless systems, thus its design needs only small amount of chip area and consumes low power. In this work we evaluate the resistance of PRESENT against brute-force attack. We determine the computational demand of this type of attack conducted on special parallel hardware COPACOBANA consisting of array of FPGA chips with custom design.

Breaking Hitag2 with Reconfigurable Hardware

Authors
Štembera, P.; Novotný, M.
Year
2011
Published
Proceedings of the 14th Euromicro Conference on Digital System Design. Los Alamitos: IEEE Computer Society Press, 2011, pp. 558-563. ISBN 978-0-7695-4494-6.
Type
Proceedings paper
Annotation
The Hitag2 stream cipher is used in many real-world applications, such as car immobilizers and door opening systems, as well as for the access control of buildings. The short length of the 48-bit secret key employed makes the cipher vulnerable to a brute-force attack, i.e., exhaustive key search. In this paper we develop the first hardware architecture for the cryptanalysis of Hitag2 by means of exhaustive key search. Our implementation on COPACOBANA is able to reveal the secret key of a Hitag2 transponder in less than 2 hour in the worst case. The speed of our approach outperforms all previously proposed attacks and requires only 2 sniffed communications between a car and a tag. Our findings thus define a new lower limit for the cloning of car keys in practice. Moreover, the attack is arbitrarily parallelizable and could thus be run on multiple COPACOBANAs to decrease the time to find the secret key.

Education of Digital and Analog Circuits Supported by Computer Algebra System

Authors
Kyncl, J.; Novotný, M.
Year
2011
Published
ISCAS 2011 Conference Proceedings. Piscataway: IEEE, 2011. pp. 341-344. ISSN 0271-4302. ISBN 978-1-4244-9472-9.
Type
Proceedings paper
Annotation
We describe our approach in education of the course Digital and Analog Circuits, which belongs to curricula of the Informatics study program. For analysis of analog and simple digital circuits we use computer algebra system Mathematica, which minimizes the amount of routine, handy calculations. This fact enables focusing on the problem and solving more examples, which in turn provides better comprehension of the topic. As Mathematica is later used in subsequent courses, its knowledge is utilized in these courses. Last, but not least, Mathematica provides several programming paradigms, which can be easy demonstrated to students of Informatics study program.

Hardware Architectures for Cryptanalysis

Authors
Novotný, M.; Šesták, P.; Pospíšil, J.; Štembera, P.; Kalina, V.
Year
2011
Published
Workshop 2011. Praha: České vysoké učení technické v Praze, 2011,
Type
Proceedings paper
Annotation
In this work we explore the resistance of ciphers KeeLoq, Hitag-2, PRESENT and Cryptomeria against variants of brute-force attacks. The ciphers are dedicated for a Lightweight Cryptography, i.e. they find their application area in smartcards or car immobilizers. The ciphers KeeLoq, Hitag-2 and Cryptomeria are used in practice, while the cipher PRESENT has been designed as a replacement for outdated ciphers. We design hardware architectures for cryptanalysis of these ciphers. The architectures are implemented in FPGAs. Where possible, the Cost-Optimized Parallel Code Breaker COPACOBANA is used. The main contribution of this work will insist in (i) design of architectures supporting brute-force attack on individual ciphers and (ii) evaluation of the resistance against brute-force attacks for those ciphers.

Implementing Brute-Force Attack on PRESENT Cipher

Authors
Benáček, P.; Novotný, M.
Year
2010
Published
Proceedings of the Work in Progress Session SEAA 2010 and DSD 2010. Linz: Johannes Kepler University, 2010, pp. 51-52. ISBN 978-3-902457-27-1.
Type
Proceedings paper
Annotation
In this work we present our analysis of resistance of the PRESENT cipher against the brute-force attack. We have chosen its 80 bit variant. As a target platform we have chosen server COPACOBANA.

Time-Area Efficient HW Architectures for Cryptography and Cryptanalysis

Authors
Year
2010
Published
Bochum: Europäischer Universitätsverlag, 2010. IT Security. vol. 12. ISBN 978-3-89966-351-8.
Type
Book
Annotation
The first part of the book focuses on hardware architectures operating over elements of GF(2^m) in normal basis representation. Such architectures are applicable e.g. in Elliptic Curve Cryptography. Four new architectures of digit-serial normal basis multipliers are presented. Based on these architectures, a novel structure of a normal basis arithmetic unit is proposed. As the unit is both small and scalable, the design constrains can be met optimally. The second part of the thesis focuses on the cryptanalysis of the A5/1 cipher used in GSM communications. Hardware architectures of two attacks against the A5/1 cipher are presented. The attacks have been implemented using an existing low-cost special-purpose hardware device: COPACOBANA. The attacks are designed to utilize both the properties of the cipher and the features of underlying reconfigurable hardware. Presented design approaches can be reused when designing attacks against similar ciphers.

COPACOBANA-Assisted Cryptanalysis of GSM Communication

Authors
Year
2009
Published
Fifth Doctoral Workshop on Mathematical and Engineering Methods in Computer Science. Brno: neuveden, 2009, pp. 236. ISBN 978-80-87342-04-6.
Type
Proceedings paper
Annotation
GSM is the most widely used system for mobile phone communication. GSM was developed in 1980s for the use in Europe. The GSM standard defines algorithms for authentication as well as for data encryption. The encryption algorithms are denoted as A5/1 and A5/2. The original cipher, A5/1, is used within Europe and in most other countries, while weaker A5/2 cipher has been developed later --- due to the export restriction --- for deploying GSM outside Europe. We present two known-plaintext attacks against stronger cipher A5/1 that we developed and fully implemented. They represent the first real-world implementations of attacks against A5/1 reported in open literature. To implement both attacks, we used a special-purpose hardware, COPACOBANA, however, the attacks are different.

Cryptanalysis of KeeLoq with COPACOBANA

Authors
Novotný, M.; Kasper, T.
Year
2009
Published
SHARCS '09 Special-Purpose Hardware for Attacking Cryptographic Systems. Lausanne: EPFL, 2009, pp. 159-164.
Type
Proceedings paper
Annotation
In this paper we develop a hardware architecture for the cryptanalysis of KeeLoq. Our brute-force attack, implemented on the Cost-Optimized Parallel Code-Breaker COPACOBANA, is able to reveal the secret key of a remote control in less than 0.5 seconds if a 32-bit seed is used and in less than 6 hours in case of a 48-bit seed. To obtain reasonable cryptographic strength against this type of attack, a 60-bit seed has to be used, for which COPACOBANA needs in the worst case about 1011 days for the key recovery. However, the attack is arbitrarily parallelizable and could thus be run on multiple COPACOBANAs to decrease the attack time.