Skip to main content

Über dieses Buch

On any advanced integrated circuit or "system-on-chip" there is a need for security. In many applications the actual implementation has become the weakest link in security rather than the algorithms or protocols. The purpose of the book is to give the integrated circuits and systems designer an insight into the basics of security and cryptography from the implementation point of view. As a designer of integrated circuits and systems it is important to know both the state-of-the-art attacks as well as the countermeasures. Optimizing for security is different from optimizations for speed, area, or power consumption. It is therefore difficult to attain the delicate balance between the extra cost of security measures and the added benefits.





Chapter 1. Modular Integer Arithmetic for Public Key Cryptography

This chapter discusses building blocks for implementing popular public key cryptosystems, like RSA, Diffie-Hellman Key Exchange (DHKE) and Elliptic Curve Cryptography (ECC). Therefore, we briefly introduce field-based arithmetic on which most of recently established public key cryptosystems rely. As most popular fields, we give examples for architecture implementing efficient arithmetic operations over prime and binary extension fields for use in cryptographic applications.
Tim Güneysu, Christof Paar

Chapter 2. Introduction to Side-Channel Attacks

Side-channel cryptanalysis is a new research area in applied cryptography that has gained more and more interest since the mid-nineties. It considers adversaries trying to take advantage of the physical specificities of actual cryptographic devices. These implementation-specific attacks frequently turn out to be much more efficient than the best known cryptanalytic attacks against the underlying primitive seen as an idealized object. This chapter aims to introduce such attacks with illustrative examples and to put forward a number of practical concerns related to their implementation and countermeasures.
François-Xavier Standaert

Cryptomodules and Arithmetic


Chapter 3. Secret Key Crypto Implementations

This chapter presents the algorithm selected in 2001 as the Advanced Encryption Standard. This algorithm is the base for implementing security and privacy based on symmetric key solutions in almost all new applications. Secret key algorithms are used in combination with modes of operation to provide different security properties. The most used modes of operation are presented in this chapter. Finally an overview of the different techniques of software and hardware implementations is given.
Guido Marco Bertoni, Filippo Melzani

Chapter 4. Arithmetic for Public-Key Cryptography

In this chapter, we discuss arithmetic algorithms used for implementing public-key cryptography (PKC). More precisely, we explore the various algorithms for RSA exponentiation and point/divisor multiplication for curve-based cryptography. The selection of the algorithms has a profound impact on the trade-off between cost, performance, and security. The goal of this chapter is to introduce the different recoding techniques to reduce the number of computations efficiently.
Kazuo Sakiyama, Lejla Batina

Chapter 5. Hardware design for Hash functions

Due to its cryptographic and operational key features such as the one-way function property, high speed and a fixed output size independent of input size the hash algorithm is one of the most important cryptographic primitives. A critical drawback of most cryptographic algorithms is the large computational overhead. This is getting more critical since the data amount to process or communicate is increasing a lot. In many cases, a proper use of the hash algorithm reduces the computational overhead. Digital signature generation and the message authentication are the most common applications of the hash algorithms. The increasing data size also motivates hardware designers to have a throughput optimal architecture for a given hash algorithm. In this chapter, some popular hash algorithms and their cryptanalysis are briefly introduced, and a design methodology for throughput optimal architectures of MD4-based hash algorithms is described in detail.
Yong Ki Lee, Miroslav Knežević, Ingrid M.R. Verbauwhede

Chapter 6. Random Number Generators for Integrated Circuits and FPGAs

Random number generators are essential for modern day cryptography. Typically the secret data or function is established through the use of random number generator. It is assumed that the attacker has no access to these a random bits. According to Kerckhoffs’ principles the security of the cryptographic scheme should not depend on the secrecy of the algorithm but rather the secrecy of the key. Hence, in many cryptographic schemes the compromise of the random number generator leads to the collapse of the overall security. As the security of the overall system rests on these secrets, it is natural to set high standards for random number generators that produce them. The random number generator is expected to produce a stream of independent, statistically uniform, and unpredictable random bits. The output should be unpredictable even to the strongest adversary.
Berk Sunar, Dries Schellekens

Chapter 7. Process Variations for Security: PUFs

Process variations in deep-submicron technology lead usually to undesired effects. Manufacturers of ICs try to remove those as much as possible in order to be sure that all their devices function in the same and expected way. In this chapter, we show how process variations which make a device unique can be used to provide new, cheap and enhanced security functionality to the device. We identify physical unclonable functions (PUFs) based on process variations that are present on an IC and explain how they can be used to provide enhanced security features for the IC.
Roel Maes, Pim Tuyls

Design methods for security


Chapter 8. Side-Channel Resistant Circuit Styles and Associated IC Design Flow

The supply current variations, which are being analyzed to find the secret information, are the aggregated effect of the supply current variations of the individual switching logic gates that make up the microcontroller- or ASIC-based encryption system under attack. The fundamental reason that the information is leaked through the power supply is that the logic gates have an asymmetric power consumption. Indeed, as discussed in Section 2.1, only when the output of the logic gate makes a 0–1 transition, a current comes from the power supply and charges the output capacitance. In all other cases, no or only a limited amount of energy (due to short circuit or leakage) is consumed from the power supply. Hence by observing the supply current, one has information on the switching event and the state of the logic gate.
Kris Tiri

Chapter 9. Counteracting Power Analysis Attacks by Masking

The publication of power analysis attacks [12] has triggered a lot of research activities. On the one hand these activities have been dedicated toward the development of secure and efficient countermeasures. On the other hand also new and improved attacks have been developed. In fact, there has been a continuous arms race between designers of countermeasures and attackers. This chapter provides a brief overview of the state-of-the art in the arms race in the context of a countermeasure called masking. Masking is a popular countermeasure that has been extensively discussed in the scientific community. Numerous articles have been published that explain different types of masking and that analyze weaknesses of this countermeasure.
Elisabeth Oswald, Stefan Mangard



Chapter 10. Compact Public-Key Implementations for RFID and Sensor Nodes

Embedded systems have become extremely important and new applications are taking a larger portion of the market every day. Radio frequency identification (RFID) tags and sensor nodes are recent and challenging examples and they imply very low budgets for the number of gates, power, bandwidth, etc. while they often require security solutions.
Implementations of public-key cryptography (PKC) are very difficult in those environments as PKC deploys computationally demanding operations. However, PKC protocols are useful for applications that need strong cryptography and services such as authentication, signatures, key-exchange, and so on. There are several possible candidates for low-cost PKC and in this chapter we discuss a custom hardware-assisted approach to implement elliptic/hyperelliptic curve cryptography (ECC/HECC). We describe compact implementations of curve-based cryptography for security services as required for RFID and wireless sensor networks applications. We also list the related previous works and compare them with respect to area, power, and performance.
Lejla Batina, Kazuo Sakiyama, Ingrid M.R. Verbauwhede

Chapter 11. Demonstrating end point security in embedded systems

This chapter describes a demonstrator for end-point security in a video peripheral. The demonstrator enables a third party to securely display a message, stored on a compact flash card, on a video monitor attached to the system. The message is personalized to a specific instance of the display platform and cannot be copied, modified, or cloned. The message is only decoded just before rendering the message on the video display. The chapter describes architectural enhancements to hardware and software to implement end-point security. The resulting system effectively implements a secure ’tunnel’: a trusted path from the compact flash memory up to the pins of the VGA connector. The chapter also presents a suitable security protocol to support end-point security services, and it presents a design methodology to implement this concept.
Patrick Schaumont, Eric Simpson, Pengyuan Yu

Chapter 12. From Secure Memories to Smart Card Security

Non-volatile memory is essential in most embedded security applications. It will store the key and other sensitive materials for cryptographic and security applications. In this chapter, first an overview is given of current flash memory architectures. Next the standard security features which form the basis of so-called secure memories are described in more detail. Smart cards are a typical embedded application that is very vulnerable to attacks and that at the same time has a high need for secure non-volatile memory. In the next part of this chapter, the secure memories of so-called flash-based high-density smart cards are described. It is followed by a detailed analysis of what the new security challenges for such objects are.
Helena Handschuh, Elena Trichina


Weitere Informationen

Premium Partner