Feature Papers in Hardware Security II

A special issue of Cryptography (ISSN 2410-387X). This special issue belongs to the section "Hardware Security".

Deadline for manuscript submissions: closed (20 October 2023) | Viewed by 41826

Special Issue Editor


E-Mail Website
Guest Editor
Department of Electrical and Computer Engineering, University of New Mexico, Albuquerque, NM 87131, USA
Interests: hardware security and trust and design for manufacturability
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

This is a Special Issue for high-quality papers by Editorial Board Members and papers invited by the Editorial Office and the Editor-in-Chief.

Papers will be published free of charge in an open access form after peer review.

We invite authors to submit research papers on topics related to hardware-based authentication; encryption and secure boot protocols for resource-constrained embedded systems, on novel side-channel analysis attacks and countermeasures, on PUFs for ICs and printed circuit boards (PCBs) capable of providing security, trust and detection of tamper, on hardware Trojan attacks, analysis, detection methods and countermeasures, on supply-chain authentication and hardware assurance methods, on hardware-based security and trust primitives for RFID (radio frequency identification); IoT; autonomous vehicles; embedded medical; and industrial control; communication and other types of critical infrastructure; and on reverse engineering techniques and countermeasures to protect ICs and IPs through obfuscation and active metering schemes.

Prof. Dr. Jim Plusquellic
Guest Editor

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Cryptography is an international peer-reviewed open access quarterly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1600 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • hardware security and trust
  • physical unclonable functions
  • side channel attacks and countermeasures
  • microprocessor security.

Related Special Issue

Published Papers (19 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

Jump to: Review

29 pages, 7443 KiB  
Article
Detour-RS: Reroute Attack Vulnerability Assessment with Awareness of the Layout and Resource
by Minyan Gao, Liton Kumar Biswas, Navid Asadi and Domenic Forte
Cryptography 2024, 8(2), 13; https://doi.org/10.3390/cryptography8020013 - 06 Apr 2024
Viewed by 391
Abstract
Recent decades have witnessed a remarkable pace of innovation and performance improvements in integrated circuits (ICs), which have become indispensable in an array of critical applications ranging from military infrastructure to personal healthcare. Meanwhile, recent developments have brought physical security to the forefront [...] Read more.
Recent decades have witnessed a remarkable pace of innovation and performance improvements in integrated circuits (ICs), which have become indispensable in an array of critical applications ranging from military infrastructure to personal healthcare. Meanwhile, recent developments have brought physical security to the forefront of concern, particularly considering the valuable assets handled and stored within ICs. Among the various invasive attack vectors, micro-probing attacks have risen as a particularly menacing threat. These attacks leverage advanced focused ion beam (FIB) systems to enable post-silicon secret eavesdropping and circuit modifications with minimal traceability. As an evolved variant of micro-probing attacks, reroute attacks possess the ability to actively disable built-in shielding measures, granting access to the security-sensitive signals concealed beneath. To address and counter these emerging challenges, we introduce a layout-level framework known as Detour-RS. This framework is designed to automatically assess potential vulnerabilities, offering a systematic approach to identifying and mitigating exploitable weaknesses. Specifically, we employed a combination of linear and nonlinear programming-based approaches to identify the layout-aware attack costs in reroute attempts given specific target assets. The experimental results indicate that shielded designs outperform non-shielded structures against reroute attacks. Furthermore, among the two-layer shield configurations, the orthogonal layout exhibits better performance compared to the parallel arrangement. Furthermore, we explore both independent and dependent scenarios, where the latter accounts for potential interference among circuit edit locations. Notably, our results demonstrate a substantial near 50% increase in attack cost when employing the more realistic dependent estimation approach. In addition, we also propose time and gas consumption metrics to evaluate the resource consumption of the attackers, which provides a perspective for evaluating reroute attack efforts. We have collected the results for different categories of target assets and also the average resource consumption for each via, required during FIB reroute attack. Full article
(This article belongs to the Special Issue Feature Papers in Hardware Security II)
Show Figures

Figure 1

15 pages, 1512 KiB  
Article
NLU-V: A Family of Instruction Set Extensions for Efficient Symmetric Cryptography on RISC-V
by Hakan Uzuner and Elif Bilge Kavun
Cryptography 2024, 8(1), 9; https://doi.org/10.3390/cryptography8010009 - 29 Feb 2024
Viewed by 1134
Abstract
Cryptographic primitives nowadays are not only implemented in high-performance systems but also in small-scale systems, which are increasingly powered by open-source processors, such as RISC-V. In this work, we leverage RISC-V’s modular base instruction set and architecture to propose a generic instruction set [...] Read more.
Cryptographic primitives nowadays are not only implemented in high-performance systems but also in small-scale systems, which are increasingly powered by open-source processors, such as RISC-V. In this work, we leverage RISC-V’s modular base instruction set and architecture to propose a generic instruction set extension (ISE) for symmetric cryptography. We adapt the work from Engels et al. in ARITH’13, the non-linear/linear instruction set extension (NLU), which presents a generic hardware/software co-design solution for efficient symmetric crypto implementations through a hardware unit extending the 8-bit AVR instruction set. These new instructions realize non-linear and linear layers, which are widely used to implement the block ciphers in symmetric cryptography. Our proposal modifies and extends the NLU instructions to a 32-bit RISC-V architecture; hence, we call the proposed ISE ‘NLU-V’. The proposed architecture is integrated into the open-source RISC-V implementation ‘Icicle’ and synthesized on a Xilinx Kintex-7 XC7K160T FPGA. The area overhead for the proposed NLU-V ISE is 1088 slice registers and 4520 LUTs. As case studies, the PRESENT and AES block ciphers are implemented using the new ISE on RISC-V in assembly. Our evaluation metric to showcase the performance gain, Z ‘time-area-product (TAP)’ (the execution time in clock cycles times code memory consumption), reflects the impact of the proposed family of instructions on the performance of the cipher implementations. The simulations show that the NLU-V achieves 89% gain for PRESENT and 68% gain for AES. Further, the NLU-V requires 44% less lines of code for the PRESENT and 23% less for the AES implementation. Full article
(This article belongs to the Special Issue Feature Papers in Hardware Security II)
Show Figures

Figure 1

25 pages, 761 KiB  
Article
Locking-Enabled Security Analysis of Cryptographic Circuits
by Devanshi Upadhyaya, Maël Gay and Ilia Polian
Cryptography 2024, 8(1), 2; https://doi.org/10.3390/cryptography8010002 - 05 Jan 2024
Viewed by 1459
Abstract
Hardware implementations of cryptographic primitives require protection against physical attacks and supply chain threats. This raises the question of secure composability of different attack countermeasures, i.e., whether protecting a circuit against one threat can make it more vulnerable against a different threat. In [...] Read more.
Hardware implementations of cryptographic primitives require protection against physical attacks and supply chain threats. This raises the question of secure composability of different attack countermeasures, i.e., whether protecting a circuit against one threat can make it more vulnerable against a different threat. In this article, we study the consequences of applying logic locking, a popular design-for-trust solution against intellectual property piracy and overproduction, to cryptographic circuits. We show that the ability to unlock the circuit incorrectly gives the adversary new powerful attack options. We introduce LEDFA (locking-enabled differential fault analysis) and demonstrate for several ciphers and families of locking schemes that fault attacks become possible (or consistently easier) for incorrectly unlocked circuits. In several cases, logic locking has made circuit implementations prone to classical algebraic attacks with no fault injection needed altogether. We refer to this “zero-fault” version of LEDFA by the term LEDA, investigate its success factors in-depth and propose a countermeasure to protect the logic-locked implementations against LEDA. We also perform test vector leakage assessment (TVLA) of incorrectly unlocked AES implementations to show the effects of logic locking regarding side-channel leakage. Our results indicate that logic locking is not safe to use in cryptographic circuits, making them less rather than more secure. Full article
(This article belongs to the Special Issue Feature Papers in Hardware Security II)
Show Figures

Figure 1

22 pages, 567 KiB  
Article
Residue Number System (RNS) and Power Distribution Network Topology-Based Mitigation of Power Side-Channel Attacks
by Ravikumar Selvam and Akhilesh Tyagi
Cryptography 2024, 8(1), 1; https://doi.org/10.3390/cryptography8010001 (registering DOI) - 21 Dec 2023
Viewed by 1459
Abstract
Over the past decade, significant research has been performed on power side-channel mitigation techniques. Logic families based on secret sharing schemes, such as t-private logic, that serve to secure cryptographic implementations against power side-channel attacks represent one such countermeasure. These mitigation techniques [...] Read more.
Over the past decade, significant research has been performed on power side-channel mitigation techniques. Logic families based on secret sharing schemes, such as t-private logic, that serve to secure cryptographic implementations against power side-channel attacks represent one such countermeasure. These mitigation techniques are applicable at various design abstraction levels—algorithm, architecture, logic, physical, and gate levels. One research question is when can the two mitigation techniques from different design abstraction levels be employed together gainfully? We explore this notion of the orthogonality of two mitigation techniques with respect to the RNS secure logic, a logic level power side-channel mitigation technique, and power distribution network (PDN), with the decoupling capacitance, a mitigation technique at physical level. Machine learning (ML) algorithms are employed to measure the effectiveness of power side-channel attacks in terms of the success rate of the adversary. The RNS protected LED block cipher round function is implemented as the test circuit in both tree-style and grid-style PDN using the FreePDK 45 nm technology library. The results show that the success rate of an unsecured base design 68.96% for naive Bayes, 67.44% with linear discriminant analysis, 67.51% for quadratic discriminant analysis, and 66.58% for support vector machine. It is reduced to a success rate of 19.68% for naive Bayes, 19.62% with linear discriminant analysis, 19.10% for quadratic discriminant analysis, and 10.54% in support vector machine. Grid-type PDN shows a slightly better reduction in success rate compared to the tree-style PDN. Full article
(This article belongs to the Special Issue Feature Papers in Hardware Security II)
Show Figures

Figure 1

23 pages, 689 KiB  
Article
Garbled Circuits Reimagined: Logic Synthesis Unleashes Efficient Secure Computation
by Mingfei Yu, Dewmini Sudara Marakkalage and Giovanni De Micheli
Cryptography 2023, 7(4), 61; https://doi.org/10.3390/cryptography7040061 - 23 Nov 2023
Viewed by 1449
Abstract
Garbled circuit (GC) is one of the few promising protocols to realize general-purpose secure computation. The target computation is represented by a Boolean circuit that is subsequently transformed into a network of encrypted tables for execution. The need for distributing GCs among parties, [...] Read more.
Garbled circuit (GC) is one of the few promising protocols to realize general-purpose secure computation. The target computation is represented by a Boolean circuit that is subsequently transformed into a network of encrypted tables for execution. The need for distributing GCs among parties, however, requires excessive data communication, called garbling cost, which bottlenecks system performance. Due to the zero garbling cost of XOR operations, existing works reduce garbling cost by representing the target computation as the XOR-AND graph (XAG) with minimal structural multiplicative complexity (MC). Starting with a thorough study of the cipher-text efficiency of different types of logic primitives, for the first time, we propose XOR-OneHot graph (X1G) as a suitable logic representation for the generation of low-cost GCs. Our contribution includes (a) an exact algorithm to synthesize garbling-cost-optimal X1G implementations for small-scale functions and (b) a set of logic optimization algorithms customized for X1Gs, which together form a robust optimization flow that delivers high-quality X1Gs for practical functions. The effectiveness of the proposals is evidenced by comprehensive evaluations: compared with the state of the art, 7.34%, 26.14%, 13.51%, and 4.34% reductions in garbling costs are achieved on average for the involved benchmark suites, respectively, with reasonable runtime overheads. Full article
(This article belongs to the Special Issue Feature Papers in Hardware Security II)
Show Figures

Figure 1

20 pages, 10162 KiB  
Article
Secure Instruction and Data-Level Information Flow Tracking Model for RISC-V
by Geraldine Shirley Nicholas, Dhruvakumar Vikas Aklekar, Bhavin Thakar and Fareena Saqib
Cryptography 2023, 7(4), 58; https://doi.org/10.3390/cryptography7040058 - 16 Nov 2023
Cited by 1 | Viewed by 1732
Abstract
With the proliferation of electronic devices, third-party intellectual property (3PIP) integration in the supply chain of the semiconductor industry and untrusted actors/fields have raised hardware security concerns that enable potential attacks, such as unauthorized access to data, fault injection and privacy invasion. Different [...] Read more.
With the proliferation of electronic devices, third-party intellectual property (3PIP) integration in the supply chain of the semiconductor industry and untrusted actors/fields have raised hardware security concerns that enable potential attacks, such as unauthorized access to data, fault injection and privacy invasion. Different security techniques have been proposed to provide resilience to secure devices from potential vulnerabilities; however, no one technique can be applied as an overarching solution. We propose an integrated Information Flow Tracking (IFT) technique to enable runtime security to protect system integrity by tracking the flow of data from untrusted communication channels. Existing hardware-based IFT schemes are either fine-, which are resource-intensive, or coarse-grained models, which have minimal precision logic, providing either control-flow or data-flow integrity. No current security model provides multi-granularity due to the difficulty in balancing both the flexibility and hardware overheads at the same time. This study proposes a multi-level granularity IFT model that integrates a hardware-based IFT technique with a gate-level-based IFT (GLIFT) technique, along with flexibility, for better precision and assessments. Translation from the instruction level to the data level is based on module instantiation with security-critical data for accurate information flow behaviors without any false conservative flows. A simulation-based IFT model is demonstrated, which translates the architecture-specific extensions into a compiler-specific simulation model with toolchain extensions for Reduced Instruction Set Architecture (RISC-V) to verify the security extensions. This approach provides better precision logic by enhancing the tagged mechanism with 1-bit tags and implementing an optimized shadow logic that eliminates the area overhead by tracking the data for only security-critical modules. Full article
(This article belongs to the Special Issue Feature Papers in Hardware Security II)
Show Figures

Figure 1

29 pages, 986 KiB  
Article
Hardware Implementations of Elliptic Curve Cryptography Using Shift-Sub Based Modular Multiplication Algorithms
by Yamin Li
Cryptography 2023, 7(4), 57; https://doi.org/10.3390/cryptography7040057 - 10 Nov 2023
Viewed by 2897
Abstract
Elliptic curve cryptography (ECC) over prime fields relies on scalar point multiplication realized by point addition and point doubling. Point addition and point doubling operations consist of many modular multiplications of large operands (256 bits for example), especially in projective and Jacobian coordinates [...] Read more.
Elliptic curve cryptography (ECC) over prime fields relies on scalar point multiplication realized by point addition and point doubling. Point addition and point doubling operations consist of many modular multiplications of large operands (256 bits for example), especially in projective and Jacobian coordinates which eliminate the modular inversion required in affine coordinates for every point addition or point doubling operation. Accelerating modular multiplication is therefore important for high-performance ECC. This paper presents the hardware implementations of modular multiplication algorithms, including (1) interleaved modular multiplication (IMM), (2) Montgomery modular multiplication (MMM), (3) shift-sub modular multiplication (SSMM), (4) SSMM with advance preparation (SSMMPRE), and (5) SSMM with CSAs and sign detection (SSMMCSA) algorithms, and evaluates their execution time (the number of clock cycles and clock frequency) and required hardware resources (ALMs and registers). Experimental results show that SSMM is 1.80 times faster than IMM, and SSMMCSA is 3.27 times faster than IMM. We also present the ECC hardware implementations based on the Secp256k1 protocol in affine, projective, and Jacobian coordinates using the IMM, SSMM, SSMMPRE, and SSMMCSA algorithms, and investigate their cost and performance. Our ECC implementations can be applied to the design of hardware security module systems. Full article
(This article belongs to the Special Issue Feature Papers in Hardware Security II)
Show Figures

Figure 1

17 pages, 1791 KiB  
Article
A High-Efficiency Modular Multiplication Digital Signal Processing for Lattice-Based Post-Quantum Cryptography
by Trong-Hung Nguyen, Cong-Kha Pham and Trong-Thuc Hoang
Cryptography 2023, 7(4), 46; https://doi.org/10.3390/cryptography7040046 - 25 Sep 2023
Cited by 1 | Viewed by 1949
Abstract
The Number Theoretic Transform (NTT) has been widely used to speed up polynomial multiplication in lattice-based post-quantum algorithms. All NTT operands use modular arithmetic, especially modular multiplication, which significantly influences NTT hardware implementation efficiency. Until now, most hardware implementations used Digital Signal Processing [...] Read more.
The Number Theoretic Transform (NTT) has been widely used to speed up polynomial multiplication in lattice-based post-quantum algorithms. All NTT operands use modular arithmetic, especially modular multiplication, which significantly influences NTT hardware implementation efficiency. Until now, most hardware implementations used Digital Signal Processing (DSP) to multiply two integers and optimally perform modulo computations from the multiplication product. This paper presents a customized Lattice-DSP (L-DSP) for modular multiplication based on the Karatsuba algorithm, Vedic multiplier, and modular reduction methods. The proposed L-DSP performs both integer multiplication and modular reduction simultaneously for lattice-based cryptography. As a result, the speed and area efficiency of the L-DSPs are 283 MHz for 77 SLICEs, 272 MHz for 87 SLICEs, and 256 MHz for 101 SLICEs with the parameters q of 3329, 7681, and 12,289, respectively. In addition, the N1 multiplier in the Inverse-NTT (INTT) calculation is also eliminated, reducing the size of the Butterfly Unit (BU) in CRYSTAL-Kyber to about 104 SLICEs, equivalent to a conventional multiplication in the other studies. Based on the proposed DSP, a Point-Wise Matrix Multiplication (PWMM) architecture for CRYSTAL-Kyber is designed on a hardware footprint equivalent to 386 SLICEs. Furthermore, this research is the first DSP designed for lattice-based Post-quantum Cryptography (PQC) modular multiplication. Full article
(This article belongs to the Special Issue Feature Papers in Hardware Security II)
Show Figures

Figure 1

22 pages, 1804 KiB  
Article
Timing-Attack-Resistant Acceleration of NTRU Round 3 Encryption on Resource-Constrained Embedded Systems
by Eros Camacho-Ruiz, Macarena C. Martínez-Rodríguez, Santiago Sánchez-Solano and Piedad Brox
Cryptography 2023, 7(2), 29; https://doi.org/10.3390/cryptography7020029 - 01 Jun 2023
Viewed by 1771
Abstract
The advent of quantum computing with high processing capabilities will enable brute force attacks in short periods of time, threatening current secure communication channels. To mitigate this situation, post-quantum cryptography (PQC) algorithms have emerged. Among the algorithms evaluated by NIST in the third [...] Read more.
The advent of quantum computing with high processing capabilities will enable brute force attacks in short periods of time, threatening current secure communication channels. To mitigate this situation, post-quantum cryptography (PQC) algorithms have emerged. Among the algorithms evaluated by NIST in the third round of its PQC contest was the NTRU cryptosystem. The main drawback of this algorithm is the enormous amount of time required for the multiplication of polynomials in both the encryption and decryption processes. Therefore, the strategy of speeding up this algorithm using hardware/software co-design techniques where this operation is executed on specific hardware arises. Using these techniques, this work focuses on the acceleration of polynomial multiplication in the encryption process for resource-constrained devices. For this purpose, several hardware multiplications are analyzed following different strategies, taking into account the fact that there are no possible timing information leaks and that the available resources are optimized as much as possible. The designed multiplier is encapsulated as a fully reusable and parametrizable IP module with standard AXI4-Stream interconnection buses, which makes it easy to integrate into embedded systems implemented on programmable devices from different manufacturers. Depending on the resource constraints imposed, accelerations of up to 30–45 times with respect to the software-level multiplication runtime can be achieved using dedicated hardware, with a device occupancy of around 5%. Full article
(This article belongs to the Special Issue Feature Papers in Hardware Security II)
Show Figures

Figure 1

18 pages, 1188 KiB  
Article
A Novel FPGA Implementation of the NAND-PUF with Minimal Resource Usage and High Reliability
by Riccardo Della Sala and Giuseppe Scotti
Cryptography 2023, 7(2), 18; https://doi.org/10.3390/cryptography7020018 - 03 Apr 2023
Cited by 6 | Viewed by 2020
Abstract
In this work we propose a novel implementation on recent Xilinx FPGA platforms of a PUF architecture based on the NAND SR-latch (referred to as NAND-PUF in the following) which achieves an extremely low resource usage with very good overall performance. More specifically, [...] Read more.
In this work we propose a novel implementation on recent Xilinx FPGA platforms of a PUF architecture based on the NAND SR-latch (referred to as NAND-PUF in the following) which achieves an extremely low resource usage with very good overall performance. More specifically, a 4 bit NAND-PUF macro has been designed referring to the Artix-7 platform occupying only 2 slices. The optimum excitation sequence has been determined by analysing the reliability versus the excitation time of the PUF cells under supply voltage variations. A 128 bit NAND-PUF has been tested on 16 FPGA boards under supply voltage and temperature variations and measured performances have been compared against state-of-the-art PUFs from the literature. The comparison has shown that the proposed PUF implementation exhibits the best reliability performance while occupying the minimum FPGA resource usage achieved in the PUF literature. Full article
(This article belongs to the Special Issue Feature Papers in Hardware Security II)
Show Figures

Figure 1

13 pages, 5853 KiB  
Article
SCANN: Side Channel Analysis of Spiking Neural Networks
by Karthikeyan Nagarajan, Rupshali Roy, Rasit Onur Topaloglu, Sachhidh Kannan and Swaroop Ghosh
Cryptography 2023, 7(2), 17; https://doi.org/10.3390/cryptography7020017 - 27 Mar 2023
Viewed by 2149
Abstract
Spiking neural networks (SNNs) are quickly gaining traction as a viable alternative to deep neural networks (DNNs). Compared to DNNs, SNNs are computationally more powerful and energy efficient. The design metrics (synaptic weights, membrane threshold, etc.) chosen for such SNN architectures are often [...] Read more.
Spiking neural networks (SNNs) are quickly gaining traction as a viable alternative to deep neural networks (DNNs). Compared to DNNs, SNNs are computationally more powerful and energy efficient. The design metrics (synaptic weights, membrane threshold, etc.) chosen for such SNN architectures are often proprietary and constitute confidential intellectual property (IP). Our study indicates that SNN architectures implemented using conventional analog neurons are susceptible to side channel attack (SCA). Unlike the conventional SCAs that are aimed to leak private keys from cryptographic implementations, SCANN (SCA̲ of spiking n̲eural n̲etworks) can reveal the sensitive IP implemented within the SNN through the power side channel. We demonstrate eight unique SCANN attacks by taking a common analog neuron (axon hillock neuron) as the test case. We chose this particular model since it is biologically plausible and is hence a good fit for SNNs. Simulation results indicate that different synaptic weights, neurons/layer, neuron membrane thresholds, and neuron capacitor sizes (which are the building blocks of SNN) yield distinct power and spike timing signatures, making them vulnerable to SCA. We show that an adversary can use templates (using foundry-calibrated simulations or fabricating known design parameters in test chips) and analysis to identify the specifications of the implemented SNN. Full article
(This article belongs to the Special Issue Feature Papers in Hardware Security II)
Show Figures

Figure 1

18 pages, 3644 KiB  
Article
Early Detection of Clustered Trojan Attacks on Integrated Circuits Using Transition Delay Fault Model
by Navya Mohan and J. P. Anita
Cryptography 2023, 7(1), 4; https://doi.org/10.3390/cryptography7010004 - 28 Jan 2023
Viewed by 1723
Abstract
The chances of detecting a malicious reliability attack induced by an offshore foundry are grim. The hardware Trojans affecting a circuit’s reliability do not tend to alter the circuit layout. These Trojans often manifest as an increased delay in certain parts of the [...] Read more.
The chances of detecting a malicious reliability attack induced by an offshore foundry are grim. The hardware Trojans affecting a circuit’s reliability do not tend to alter the circuit layout. These Trojans often manifest as an increased delay in certain parts of the circuit. These delay faults easily escape during the integrated circuits (IC) testing phase, hence are difficult to detect. If additional patterns to detect delay faults are generated during the test pattern generation stage, then reliability attacks can be detected early without any hardware overhead. This paper proposes a novel method to generate patterns that trigger Trojans without altering the circuit model. The generated patterns’ ability to diagnose clustered Trojans are also analyzed. The proposed method uses only single fault simulation to detect clustered Trojans, thereby reducing the computational complexity. Experimental results show that the proposed algorithm has a detection ratio of 99.99% when applied on ISCAS’89, ITC’99 and IWLS’05 benchmark circuits. Experiments on clustered Trojans indicate a 46% and 34% improvement in accuracy and resolution compared to a standard Automatic Test Pattern Generator (ATPG)Tool. Full article
(This article belongs to the Special Issue Feature Papers in Hardware Security II)
Show Figures

Figure 1

23 pages, 2251 KiB  
Article
Shift Register, Reconvergent-Fanout (SiRF) PUF Implementation on an FPGA
by Jim Plusquellic
Cryptography 2022, 6(4), 59; https://doi.org/10.3390/cryptography6040059 - 11 Nov 2022
Cited by 1 | Viewed by 1936
Abstract
Physical unclonable functions (PUFs) are gaining traction as an attractive alternative to generating and storing device keying material over traditional secure non-volatile memory (NVM) technologies. In this paper, we propose an engineered delay-based PUF called the shift-register, reconvergent-fanout (SiRF) PUF, and present an [...] Read more.
Physical unclonable functions (PUFs) are gaining traction as an attractive alternative to generating and storing device keying material over traditional secure non-volatile memory (NVM) technologies. In this paper, we propose an engineered delay-based PUF called the shift-register, reconvergent-fanout (SiRF) PUF, and present an analysis of the statistical quality of its bitstrings using data collected from a set of FPGAs subjected to extended industrial temperature-voltage environmental conditions. The SiRF PUF utilizes the Xilinx shift register primitive and an engineered network of logic gates that are designed to distribute signal paths over a wide region of the FPGA fabric using a MUXing scheme similar in principle to the shift-rows permutation function within the Advanced Encryption Standard algorithm. The shift register is utilized in a unique fashion to enable individual paths through a Xilinx 5-input LUT to be selected as a source of entropy by the challenge. The engineered logic gate network utilizes reconvergent-fanout as a means of adding entropy, eliminating bias and increasing uncertainty with respect to which paths are actually being timed and used in post-processing to produce the secret key or authentication bitstring. The SiRF PUF is a strong PUF build on top of a network with 10’s of millions of possible paths. Full article
(This article belongs to the Special Issue Feature Papers in Hardware Security II)
Show Figures

Figure 1

13 pages, 518 KiB  
Article
Hardware Limitations of Lightweight Cryptographic Designs for IoT in Healthcare
by Kyriaki Tsantikidou and Nicolas Sklavos
Cryptography 2022, 6(3), 45; https://doi.org/10.3390/cryptography6030045 - 01 Sep 2022
Cited by 8 | Viewed by 3718
Abstract
Security is an important aspect of healthcare applications that employ Internet of Things (IoT) technology. More specifically, providing privacy and ensuring the confidentiality, integrity and authenticity of IoT-based designs are crucial in the health domain because the collected data are sensitive, and the [...] Read more.
Security is an important aspect of healthcare applications that employ Internet of Things (IoT) technology. More specifically, providing privacy and ensuring the confidentiality, integrity and authenticity of IoT-based designs are crucial in the health domain because the collected data are sensitive, and the continuous availability of the system is critical for the user’s wellbeing. However, the IoT consists of resource-constrained devices that increase the difficulty of implementing high-level-security schemes. Therefore, in the current paper, renowned lightweight cryptographic primitives and their most recent architecture, to the best of the authors’ knowledge, are investigated. Their security, architecture characteristics and overall hardware limitations are analyzed and collected in tables. Finally, all the algorithms are compared based on their effectiveness in securing healthcare applications, the utilized device and the overall implementation efficiency. Full article
(This article belongs to the Special Issue Feature Papers in Hardware Security II)
Show Figures

Figure 1

24 pages, 1656 KiB  
Article
Node Monitoring as a Fault Detection Countermeasure against Information Leakage within a RISC-V Microprocessor
by Donald E. Owen, Jr., Jithin Joseph, Jim Plusquellic, Tom J. Mannos and Brian Dziki
Cryptography 2022, 6(3), 38; https://doi.org/10.3390/cryptography6030038 - 03 Aug 2022
Cited by 1 | Viewed by 2341
Abstract
Advanced, superscalar microprocessors (μP) are highly susceptible to wear-out failures because of their highly complex, densely packed circuit structure and extreme operational frequencies. Although many types of fault detection and mitigation strategies have been proposed, none have addressed the specific [...] Read more.
Advanced, superscalar microprocessors (μP) are highly susceptible to wear-out failures because of their highly complex, densely packed circuit structure and extreme operational frequencies. Although many types of fault detection and mitigation strategies have been proposed, none have addressed the specific problem of detecting faults that lead to information leakage events on I/O channels of the μP. Information leakage can be defined very generally as any type of output that the executing program did not intend to produce. In this work, we restrict this definition to output that represents a security concern, and in particular, to the leakage of plaintext or encryption keys, and propose a counter-based countermeasure to detect faults that cause this type of leakage event. Fault injection (FI) experiments are carried out on two RISC-V microprocessors emulated as soft cores on a Xilinx multi-processor System-on-chip (MPSoC) FPGA. The μP designs are instrumented with a set of counters that records the number of transitions that occur on internal nodes. The transition counts are collected from all internal nodes under both fault-free and faulty conditions, and are analyzed to determine which counters provide the highest fault coverage and lowest latency for detecting leakage faults. We show that complete coverage of all leakage faults is possible using only a single counter strategically placed within the branch compare logic of the μPs. Full article
(This article belongs to the Special Issue Feature Papers in Hardware Security II)
Show Figures

Figure 1

22 pages, 1751 KiB  
Article
Side-Channel Attacks on Masked Bitsliced Implementations of AES
by Anca Rădulescu and Marios O. Choudary
Cryptography 2022, 6(3), 31; https://doi.org/10.3390/cryptography6030031 - 28 Jun 2022
Viewed by 2729
Abstract
In this paper, we provide a detailed analysis of CPA and Template Attacks on masked implementations of bitsliced AES, targeting a 32-bit platform through the ChipWhisperer side-channel acquisition tool. Our results show that Template Attacks can recover the full AES key successfully within [...] Read more.
In this paper, we provide a detailed analysis of CPA and Template Attacks on masked implementations of bitsliced AES, targeting a 32-bit platform through the ChipWhisperer side-channel acquisition tool. Our results show that Template Attacks can recover the full AES key successfully within 300 attack traces even on the masked implementation when using a first-order attack (no pre-processing). Furthermore, we confirm that the SubBytes operation is overall a better target for Template Attacks due to its non-linearity, even in the case of bitsliced implementations, where we can only use two bits per key byte target. However, we also show that targeting the AddRoundKey can be used to attack bitsliced implementations and that, in some cases, it can be more efficient than the SubBytes attack. Full article
(This article belongs to the Special Issue Feature Papers in Hardware Security II)
Show Figures

Figure 1

17 pages, 667 KiB  
Article
A Memory Hierarchy Protected against Side-Channel Attacks
by Ezinam Bertrand Talaki, Olivier Savry, Mathieu Bouvier Des Noes and David Hely
Cryptography 2022, 6(2), 19; https://doi.org/10.3390/cryptography6020019 - 20 Apr 2022
Cited by 3 | Viewed by 3131
Abstract
In the vulnerability analysis of System on Chips, memory hierarchy is considered among the most valuable element to protect against information theft. Many first-order side-channel attacks have been reported on all its components from the main memory to the CPU registers. In this [...] Read more.
In the vulnerability analysis of System on Chips, memory hierarchy is considered among the most valuable element to protect against information theft. Many first-order side-channel attacks have been reported on all its components from the main memory to the CPU registers. In this context, memory hierarchy encryption is widely used to ensure data confidentiality. Yet, this solution suffers from both memory and area overhead along with performance losses (timing delays), which is especially critical for cache memories that already occupy a large part of the spatial footprint of a processor. In this paper, we propose a secure and lightweight scheme to ensure the data confidentiality through the whole memory hierarchy. This is done by masking the data in cache memories with a lightweight mask generator that provides masks at each clock cycle without having to store them. Only 8-bit Initialization Vectors are stored for each mask value to enable further recomputation of the masks. The overall security of the masking scheme is assessed through a mutual information estimation that helped evaluate the minimum number of attack traces needed to succeed a profiling side-channel attack to 592 K traces in the attacking phase, which provides an acceptable security level in an analysis where an example of Signal to Noise Ratio of 0.02 is taken. The lightweight aspect of the generator has been confirmed by a hardware implementation that led to resource utilization of 400 LUTs. Full article
(This article belongs to the Special Issue Feature Papers in Hardware Security II)
Show Figures

Figure 1

Review

Jump to: Research

30 pages, 6799 KiB  
Review
FPGA-Based PUF Designs: A Comprehensive Review and Comparative Analysis
by Kusum Lata and Linga Reddy Cenkeramaddi
Cryptography 2023, 7(4), 55; https://doi.org/10.3390/cryptography7040055 - 01 Nov 2023
Viewed by 2517
Abstract
Field-programmable gate arrays (FPGAs) have firmly established themselves as dynamic platforms for the implementation of physical unclonable functions (PUFs). Their intrinsic reconfigurability and profound implications for enhancing hardware security make them an invaluable asset in this realm. This groundbreaking study not only dives [...] Read more.
Field-programmable gate arrays (FPGAs) have firmly established themselves as dynamic platforms for the implementation of physical unclonable functions (PUFs). Their intrinsic reconfigurability and profound implications for enhancing hardware security make them an invaluable asset in this realm. This groundbreaking study not only dives deep into the universe of FPGA-based PUF designs but also offers a comprehensive overview coupled with a discerning comparative analysis. PUFs are the bedrock of device authentication and key generation and the fortification of secure cryptographic protocols. Unleashing the potential of FPGA technology expands the horizons of PUF integration across diverse hardware systems. We set out to understand the fundamental ideas behind PUF and how crucially important it is to current security paradigms. Different FPGA-based PUF solutions, including static, dynamic, and hybrid systems, are closely examined. Each design paradigm is painstakingly examined to reveal its special qualities, functional nuances, and weaknesses. We closely assess a variety of performance metrics, including those related to distinctiveness, reliability, and resilience against hostile threats. We compare various FPGA-based PUF systems against one another to expose their unique advantages and disadvantages. This study provides system designers and security professionals with the crucial information they need to choose the best PUF design for their particular applications. Our paper provides a comprehensive view of the functionality, security capabilities, and prospective applications of FPGA-based PUF systems. The depth of knowledge gained from this research advances the field of hardware security, enabling security practitioners, researchers, and designers to make wise decisions when deciding on and implementing FPGA-based PUF solutions. Full article
(This article belongs to the Special Issue Feature Papers in Hardware Security II)
Show Figures

Figure 1

17 pages, 293 KiB  
Review
Secure Firmware Update: Challenges and Solutions
by Luigi Catuogno and Clemente Galdi
Cryptography 2023, 7(2), 30; https://doi.org/10.3390/cryptography7020030 - 01 Jun 2023
Cited by 1 | Viewed by 2697
Abstract
The pervasiveness of IoT and embedded devices allows the deployment of services that were unthinkable only few years ago. Such devices are typically small, run unattended, possibly on batteries and need to have a low cost of production. As all software systems, this [...] Read more.
The pervasiveness of IoT and embedded devices allows the deployment of services that were unthinkable only few years ago. Such devices are typically small, run unattended, possibly on batteries and need to have a low cost of production. As all software systems, this type of devices need to be updated for different reasons, e.g., introducing new features, improving/correcting existing functionalities or fixing security flaws. At the same time, because of their low-complexity, standard software distribution platforms and techniques cannot be used to update the software. In this paper we review the current limitations posed to software distribution systems for embedded/IoT devices, consider challenges that the researchers in this area have been identifying and propose the corresponding solutions. Full article
(This article belongs to the Special Issue Feature Papers in Hardware Security II)
Back to TopTop