bricks and tools for secure hardware implementations
play

Bricks and Tools for Secure Hardware Implementations Francesco - PowerPoint PPT Presentation

Bricks and Tools for Secure Hardware Implementations Francesco Regazzoni Francesco Regazzoni 06 June 2014, ibenik, Croatia P. 1 Why Electronic Design Automation? Surely the purpose of science is to ease human hardship Galileo,


  1. Bricks and Tools for Secure Hardware Implementations Francesco Regazzoni Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 1

  2. Why Electronic Design Automation? “Surely the purpose of science is to ease human hardship” Galileo, Bertolt Brecht Handle the complexity Time to market Design optimization From G. De Micheli, Synthesis and Optimization of Digital Circuits , McGraw-Hill Higher Education, 1994. Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 2

  3. Why Electronic Design Automation for security? Security is very often considered at later stages of design Cost and Time to Market Possible Security pitfalls EXTRA CONSTRAINT Use as much as possible “standard” EDA commodities! Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 3

  4. Outline Logic Synthesis (Secure) Design Flow for secure ISE Quick note on Software Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 4

  5. Simplified Hardware Design Flow (ASIC) Algorithm Design C, Matlab, VHDL RTL (Architecture) Design Synthesizable HDL Gate x x XOR y y Layout Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 5

  6. Let’s focus on Synthesis RTL (Architecture) Design Synthesizable HDL Logic Synthesis Gate Level x x XOR y y Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 6

  7. A bit of history Few algorithms and tools existed in the 70’s First prototype synthesis tools in the early 80’s First logic synthesis companies in the late 80’s Design Automation Conference (DAC) turned 51 years last week: happy birthday! Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 7

  8. Definitions Logic Synthesis is the manipulation of logic specifications to create logic models as an interconnection of logic primitives Logic Synthesis determines the gate level structure of a circuit From G. De Micheli, Synthesis and Optimization of Digital Circuits , McGraw-Hill Higher Education, 1994. Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 8

  9. Logic Synthesis Input and Output INPUT : HDL Description Technological Library (area, timing, power) Synthetic Library (multipliers...) Constraints OUTPUT : Gate Level Netlist Estimation of area, timing, power (!) Timing constraints Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 9

  10. Typical Logic Synthesis Steps one State Minimization two State Encoding three Combinatorial Logic Minimization four Technology Mapping Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 10

  11. Is it sufficient for Security? Paul Kocher, Joshua Jaffe, and Benjamin Jun, “ Differential Power Analysis ”, in Proceedings of Advances in Cryptology-CRYPTO’99 , Santa Barbara, California, USA, August 15-19, 1999. (Cited by 4128) Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 11

  12. Approach One INPUT : HDL Description Technological Library (area, timing, power) Synthetic Library (multipliers...) Constraints OUTPUT : DPA resistant Gate Level Netlist Estimation of area, timing, power (!) Timing constraints Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 12

  13. Approach Two INPUT : HDL Description Technological Library (area, timing, power) Synthetic Library (multipliers...) Constraints (limit the gates) OUTPUT : Gate Level Netlist “Cell Substitution” : Replace cells Reload in the tool for correct area and timing constraints K. Tiri and I. Verbauwhede, A digital design flow for secure integrated circuits , IEEE TCAD, 2006 Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 13

  14. Careful! As a example of design for security, we have focused on synthesis, and we have detailed two possible approaches for synthesis of DPA resistant circuits However Synthesis is only one step of the whole design flow Security should be considered in every steps of the of the design flow Doing DPA resistant synthesis alone is not sufficient! Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 14

  15. Outline Logic Synthesis (Secure) Design Flow for secure ISE Quick note on Software Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 15

  16. Protect PRESENT with secure hardware Lightweight block cipher 4 bit S-box addRoundKey , sBoxLayer // Calculate S-box (plaintext XOR key) int PRESENT(int plaintext, int key) { 1 int result = 0; // initialize the result 2 plaintext = plaintext ^key; // perform the xor with the key 3 result = S[plaintext]; // perform the S-box 4 return result; }; // return the result Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 16

  17. What can I do? Register File IMM. A B ISE ISE ISE ALU Memory Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 17

  18. What can I do? Register File IMM. B A ISE ISE ISE ALU Memory Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 18

  19. What can I do? Register File IMM. A B ISE ISE ISE ALU Memory Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 19

  20. What can I do? Register File IMM. A B ISE ISE ISE ALU Memory Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 20

  21. What can I do? Register File IMM. A B ISE ISE ISE ALU Memory Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 21

  22. What can I do? Register File IMM. A B ISE ISE ISE ALU Memory Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 22

  23. What can I do? Something easier? Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 23

  24. Protected / Non Protected Co-Design! Register File IMM. A B ISE ISE ISE ALU Memory Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 24

  25. Protected / Non Protected Co-Design! Register File IMM. A B ISE ISE ISE ALU Memory Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 25

  26. Protected / Non Protected Co-Design! Register File IMM. A B ISE ISE ISE ALU Memory Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 26

  27. Automatic design of DPA resistant ISE identify Partition Protect Security sensitive parts Sensitive / Sensitive Evaluation Non Sensitive Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 27

  28. Needed “Basic Blocks” identify Partition Protect Security sensitive parts Sensitive / Sensitive Evaluation Non Sensitive Generate useful power traces? Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 28

  29. Needed “Basic Blocks” identify Partition Protect Security sensitive parts Sensitive / Sensitive Evaluation Non Sensitive Generate useful power traces? Measure the DPA resistance? Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 29

  30. Needed “Basic Blocks” identify Partition Protect Security sensitive parts Sensitive / Sensitive Evaluation Non Sensitive Generate useful power traces? Measure the DPA resistance? Countermeasure and its design flow? Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 30

  31. Needed “Basic Blocks” identify Partition Protect Security sensitive parts Sensitive / Sensitive Evaluation Non Sensitive Generate useful power traces? Measure the DPA resistance? Countermeasure and its design flow? Partition the algorithm? Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 31

  32. Needed “Basic Blocks” identify Partition Protect Security sensitive parts Sensitive / Sensitive Evaluation Non Sensitive Generate useful power traces? Measure the DPA resistance? Countermeasure and its design flow? Partition the algorithm? Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 32

  33. Fast Simulation SPICE level Simulate Complex Design at SPICE level (whole processor) Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 33

  34. Fast Simulation SPICE level Simulate Complex Design at SPICE level (whole processor) Simulated about 400 traces: approximately 20 hours! Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 33

  35. Fast Simulation SPICE level Simulate Complex Design at SPICE level (whole processor) Simulated about 400 traces: approximately 20 hours! Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 33

  36. Careful! Results obtained in simulations are often very different from the ones obtained from the real silicon Check and evaluate if and to which extent simulations results are matching the real measures Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 34

  37. Needed “Basic Blocks” identify Partition Protect Security sensitive parts Sensitive / Sensitive Evaluation Non Sensitive Generate useful power traces? � Measure the DPA resistance? Countermeasure and its design flow? Partition the algorithm? Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 35

  38. Needed “Basic Blocks” identify Partition Protect Security sensitive parts Sensitive / Sensitive Evaluation Non Sensitive Generate useful power traces? � Measure the DPA resistance? Countermeasure and its design flow? Partition the algorithm? Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 36

  39. Information Theory Metric � � � H [ K | L ] = − Pr[ k ] · Pr[ x ] Pr[ l | k, x ] · log 2 Pr[ k | l, x ] dl. x k Add white noise Reduce the dimension using compression Compute the mutual information Francesco Regazzoni 06 June 2014, Šibenik, Croatia P. 37

Recommend


More recommend