Design of cryptographic components


Key-words: security, cryptographic systems, AES, ECC, FHE, lightweight, fault-based attacks, side-channel attacks, countermeasures

Members: P. Maistri, R. Leveugle, S. Pontie, A. Mkhinini, M. Portolan

Current or recent main cooperations: STMicroelectronics, LIRMM, ENSMSE/CEA, Institut Fourier, University of Monastir - Faculte des Sciences (Tunisia), Ecole Nationale d'Ingenieurs de Sousse (ENISo, Tunisia), Univ. Massachusetts (USA), University Assane Seck de Ziguinchor (Senegal)

Main recent or on-going funded projects: LIESSE (ANR), SCCyPhy Action team (Persyval-Lab Labex), CRACL Exploratory project (Persyval-Lab Labex), EMAISeCi (ANR)

Context and goals

The current trend for many products, and in particular for consumer products, is toward an increasing need of security, in the form of confidentiality, data integrity, and/or authentication. These services rely on secure protocols and algorithms, which can be implemented in software or hardware according to the performance requirements, and to the cost constraints. Cryptography is at the heart of those systems. Many current secure implementations rely on specific hardware blocks to implement the main cryptographic functions. These functions can be tampered by various attacks, either active (fault-based attacks) or passive (side-channel attacks: computation time analysis, power analysis, observation of electromagnetic emissions ...). So-called hardware attacks target the implementation rather than the algorithm itself and are today a significant threat for security, in addition to software- or network-based attacks.

Among requirements for the security of assets, property and people, the availability of efficient and robust cryptographic computations is therefore an increasing need in many applications. So-called hardware attacks are an increasing concern in consumer applications involved in the digital society, including not only everyday-life applications but also industrial applications (e.g., SCADA systems).

The work done in the team aims at (1) better characterizing and modeling the effect of attacks, in particular fault-based attacks by various means, and (2) propose innovative countermeasures (i.e., protections) against the different types of attacks.

Our countermeasures are mainly implemented at RT-Level, even when targeting low-level characteristics such as power consumption analysis. A lot of work has been focused on the development and validation of robust re-usable cores (IPs) for cryptography.

Recent outcomes and on-going work

Research performed in the team during previous years has in particular led to several crypto-processor blocks for symmetric AES encryption with counter-measures against several types of attacks. This work involved collaborations with several academic and industrial partners, including the University of Massachusetts at Amherst [1-4]. Figure 1 illustrates (as an example) a DPA attack on the AES design protected by dynamic composite field [3]. Unlike other solutions in the literature, where the focus is on the performance/cost ratio, for the first time the composite fields are used as a countermeasure against side channel analysis. The representation field is chosen randomly at runtime at each encryption, thus the correlation between the power consumption and the key changes continuously. Simulation results show that the correct key cannot be found anymore, as it is indistinguishable from all the other (wrong) hypotheses, as seen in Figure 1. Work is on-going in order to reduce the overhead required by the different representations.

DPA on AES - protection by dynamic composite field

Figure 1: DPA attack on the AES design protected by dynamic composite field.

Work is also on-going in the framework of the ANR project LIESSE, with several prototypes manufactured by STMicroelectronics in 28 nm bulk and FDSOI technologies [5]. These prototypes aim in particular at evaluating the actual resilience with respect to laser attacks. In parallel, the real faults generated by such attacks are studied in order to assess the fault models to be used in early fault injection experiments for dependability analysis (see the on-going work on methods and tools for resilience (section dependability analysis)) or Hardware/Software dependability analysis from RT-Level descriptions. Work was also done on modeling electromagnetic attacks [6].

For asymmetric cryptography, Elliptic Curves (ECC) are being increasingly used in replacement of RSA. Crypto-processors exist but new counter-measures are required to improve the state-of-the-art level of security provided by classical techniques such as "add always". The on-going work is targeted towards an efficient and flexible ECC crypto-processor including counter-measures against the main known attacks and in particular, at that stage, power analysis [7-8]. This work is involving multidisciplinary skills (hardware design, security, mathematics for efficient curve selection) and is partly done in collaboration in the framework of the SCCyPhy action of the Labex Persyval-Lab. Work includes hardware processor design and validation, but also in parallel the study of new attacks that may be harmful for the proposed counter-measures, in order to strengthen proposals at their maximum level.
In this context, we have in particular designed and implemented an improved version of the windowing algorithm, where the size of each window used during the computation is randomly chosen at runtime. In order to protect also against timing attacks and to hide the size of the windows, dummy point additions are inserted randomly in the design. The number of operations is chosen in order to perform the same number of operations as in the worst case, i.e. choosing always the smallest possible window. The dummy operations can be inserted anytime. This approach increases the number of ways by which the scalar coefficient can be partitioned, thus increasing the number of possible ways to compute the scalar multiplication. The number of possible configurations, as a function of the minimal and maximal window sizes, is shown in Figure 2. It is interesting to observe that increasing the largest constraint does not give any significant advantage over a certain limit, from the point of view of robustness and performance, which is on the other hand largely affected by the smallest parameter.

Number of window partitionings for a 163-bit scalar coefficient, as a function of the minimum and maximum window size

Figure 2: Number of window partitionings for a 163-bit scalar coefficient, as a function of the minimum and maximum window size.

Figure 3 shows a partial power trace obtained with random windows from a random key. Two different patterns can be easily recognized, corresponding to the point addition and doubling. A simple power analysis could be mounted, but the attacker cannot know if an addition is real or dummy. However, we have also demonstrated an attack over this scheme, and a new counter-measure including dummy point doublings. Work is on-going on ECCs with unified formulas, where point additions and doublings are no longer distinguishable. This is part of the work made in collaboration with Institut Fourier in the context of the Labex Persyval-Lab.

Partial trace of the consumed power on a 256-bit elliptic curve

Figure 3: Partial trace of the consumed power on a 256-bit elliptic curve.

Another type of cryptography with increasing impact is homomorphic encryption. Such an encryption enables computations on encrypted data without knowing the secret key. The interest for such mechanisms has become obvious in the context of Cloud Computing with needs in the near future for inclusion in everyday applications through set-top-boxes or home gateways. Unfortunately, the recent improvements in algorithms are not sufficient to enable widespread usage due to the huge computing power required by the existing software implementations. The first goal is therefore to noticeably improve the computing efficiency for such encryptions, by taking advantage of hardware acceleration. The next goal will be to tackle the resiliency of such implementations with respect to various attacks. This work is partly done within an international collaboration with University of Monastir and ENISo (Sousse, Tunisia), in addition to the exploratory project CRACL selected by the Labex Persyval-Lab.

On the opposite of the previously mentioned algorithms, applications related to e.g., sensor networks and more generally "internet of things", require lightweight cryptography due to very limited resources. However, data can be critical, e.g., in the context of health monitoring. It is therefore compulsory to ensure a simple and low-energy implementation, while keeping away from simple attacks. Work started on the algorithm PRESENT. It is currently extended to other algorithms, including the possibility to propose efficient counter-measures. An international collaboration is started on this subject with University Assane Seck de Ziguinchor in Senegal and several other collaborations are under discussion.

In complement, work is also on-going to increase the security on standard platforms, in which specific crypto-processors cannot be added. One goal will be to take advantage of optimization mechanisms such as DVFS (dynamic voltage and frequency scaling) to improve the robustness with respect to side-channel attacks.

Most of this work is related to our contributions to the ICT COST Action TRUDEVICE in the working groups WG 3 (Fault attack detection and protection), WG 4 (Reconfigurable devices for secure functions) and WG 5 (Validation, Evaluation, and Fault Injection).

References

[1] P. Maistri, R. Leveugle: Double-Data-Rate computation as a countermeasure against fault analysis , IEEE Transactions on Computers, vol. 57, no. 11, November 2008, pp. 1528-1539
[2] G. Canivet, P. Maistri, R. Leveugle, F. Valette, M. Renaudin: Glitch and laser fault attacks onto a secure AES implementation on a SRAM-based FPGA, Journal of Cryptology, Springer, vol. 24, no. 2, April 2011, pp. 247-268
[3] M.Bollo, P.Maistri: Composite Fields against Side Channel Analysis for the Advanced Encryption Standard, 21st IEEE International Conference on Electronics Circuits and Systems (ICECS), 2014
[4] P. Maistri, R. Leveugle, L. Bossuet, A. Aubert, V. Fischer, B. Robisson, N. Moro, P. Maurine, J.-M. Dutertre, M. Lisart: Electromagnetic analysis and fault injection onto secure circuits , 22nd IFIP/IEEE International Conference on Very Large Scale Integration (VLSI-SoC), 2014, pp. 195-200
[5] R. Leveugle, P. Maistri, P. Vanhauwaert, F. Lu, G. Di Natale, M.-L. Flottes, B. Rouzeyre, A. Papadimitriou, D. Hely, V. Beroulle, G. Hubert, S. De Castro, J.-M. Dutertre, A. Sarafianos, N. Boher, M. Lisart, J. Damiens, P. Candelier, C. Tavernier: Laser-induced fault effects in security-dedicated circuits , 22nd IFIP/IEEE International Conference on Very Large Scale Integration (VLSI-SoC), 2014, pp. 201-206
[6] D.Alberto, P.Maistri, R.Leveugle: Forecasting the effects of electromagnetic fault injections on embedded cryptosystems, Information Security Journal: A Global Perspective, Taylor & Francis, vol. 22, no. 5-6, November 2013, pp. 237-243.
[7] S. Pontie, P. Maistri: Design of a secure architecture for scalar multiplication on elliptic curves, 10th Conference on Ph.D Research in Microelectronics and Electronics (PRIME), 2014
[8] S. Pontie, P. Maistri, R. Leveugle: An Elliptic Curve Crypto-Processor Secured by Randomized Windows, 17th Euromicro Conference on Digital System Design (DSD), 2014, pp. 535-542.