High-Resolution EM Attacks Against Leakage-Resilient PRFs Explained

Unterstein, Florian; Heyszl, Johann; Santis, Fabrizio De; Specht, Robert; Sigl, Georg

doi:10.1007/978-3-319-76953-0_22

Cited by 5 publications

(16 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We found that the remaining security level after an attack on this 2-PRG stage is still 2 120 , or 120 bits. This is significantly higher than the results reported on the Xilinx Spartan 6 platform in [34] where the security level was only 2 48 and we attribute this difference to the smaller feature size (28 nm compared to 45 nm) and the different placement strategy. Note that these results were achieved with a standalone design and not the entire system.…”

Section: Leakage Resilient Authenticated Decryptioncontrasting

confidence: 66%

“…It aims to bound the leakage per execution such that an attacker cannot accumulate information about the processed secret. We use the LR-PRF proposed by Unterstein et al [34] to derive a secret pseudorandom state from public initialization vectors (IVs). Specifically, that means processing two public IVs, IV of b and IV дmac , with the LR-PRF to get two secret IVs, denoted byÎ V of b andÎ V дmac , for the subsequent stream cipher and MAC.…”

Section: Protecting Confidentiality and Integrity Of Hw Ipmentioning

confidence: 99%

“…It establishes a pseudo-random intermediate state (Î V of b andÎ V дmac ) that is unknown to the attacker and allows us to use unprotected decryption and authentication for the actual workload. Internally, the LR-PRF consists of a so called GGM tree PRF [7] and optionally one or more length-doubling pseudorandom generators (2-PRGs) as described in [34]. Both the PRF and the (one or more) 2-PRG stages are implemented using the same hardware AES core that is also used in the stream cipher part.…”

Section: Leakage Resilient Authenticated Decryptionmentioning

confidence: 99%

“…the number of operations with the same key, but different inputs that an attacker can observe) and algorithmic noise from parallel S-boxes. As pointed out in [34], a laboratory analysis is mandatory to assess the security level. We implemented the LR-PRF using an AES core with parallel S-boxes on the Xilinx Zynq-7000 and placed the AES as dense as possible as shown in the floorplan in Figure 6.…”

Section: Leakage Resilient Authenticated Decryptionmentioning

confidence: 99%

“…We implemented the LR-PRF using an AES core with parallel S-boxes on the Xilinx Zynq-7000 and placed the AES as dense as possible as shown in the floorplan in Figure 6. Following the method described in [34] we conducted a localized EM analysis using a near-field EM probe placed on the decapsulated die. We first identified the locations of the S-boxes through a grid scan and then ran template attacks on them using measurements from those locations.…”

Section: Leakage Resilient Authenticated Decryptionmentioning

confidence: 99%

See 4 more Smart Citations

SCA Secure and Updatable Crypto Engines for FPGA SoC Bitstream Decryption

Unterstein

Jacob

Hanley

et al. 2019

Proceedings of the 3rd ACM Workshop on Attacks and Solutions in Hardware Security Workshop

Self Cite

View full text Add to dashboard Cite

FPGA system on chips (SoCs) are ideal computing platforms for edge devices in applications which require high performance through hardware acceleration and updatability due to long operation in the field. A secure update of hardware functionality can in general be achieved by using built-in cryptographic engines and provided secret key storage. However, reported examples have shown that such cryptographic engines may become insecure against side-channel attacks at any later point in time. This leaves already deployed systems vulnerable without any clear mitigation options. To solve this, we propose a comprehensive concept that uses an alternative and side-channel protected cryptographic engine within the FPGA logic instead of the built-in one for the crucial task of bitstream decryption. Remarkably this concept even allows to update the cryptographic engine itself. As proof of concept, we describe an application to the Xilinx Zynq-7020 FPGA SoC in detail using a leakage resilient decryption engine. The lack of accessible secret key storage poses a significant challenge and requires the use of a physical unclonable function (PUF) to generate a device intrinsic secret within the FPGA logic. At the same time this means that no manufacturer provided secret key storage or cryptography is required anymore; only a public key for signature verification of the first stage bootloader and initial static bitstream. We provide empirical results proving the side-channel security of the protected cryptographic engine as well as an evaluation of the PUF quality. The full design and source code is made available to encourage further research in this direction. CCS CONCEPTS • Security and privacy → Side-channel analysis and countermeasures; Embedded systems security; • Hardware → Reconfigurable logic applications.

show abstract

Section: Leakage Resilient Authenticated Decryptioncontrasting

confidence: 66%

Section: Protecting Confidentiality and Integrity Of Hw Ipmentioning

confidence: 99%

Section: Leakage Resilient Authenticated Decryptionmentioning

confidence: 99%

Section: Leakage Resilient Authenticated Decryptionmentioning

confidence: 99%

Section: Leakage Resilient Authenticated Decryptionmentioning

confidence: 99%

See 3 more Smart Citations

SCA Secure and Updatable Crypto Engines for FPGA SoC Bitstream Decryption

Unterstein

Jacob

Hanley

et al. 2019

Proceedings of the 3rd ACM Workshop on Attacks and Solutions in Hardware Security Workshop

Self Cite

View full text Add to dashboard Cite

show abstract

Location, Location, Location: Revisiting Modeling and Exploitation for Location-Based Side Channel Leakages

Andrikos

Batina

Chmielewski

et al. 2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

This publication is distributed under the terms of Article 25fa of the Dutch Copyright Act (Auteurswet) with explicit consent by the author. Dutch law entitles the maker of a short scientific work funded either wholly or partially by Dutch public funds to make that work publicly available for no consideration following a reasonable period of time after the work was first published, provided that clear reference is made to the source of the first publication of the work. This publication is distributed under The Association of Universities in the Netherlands (VSNU) 'Article 25fa implementation' pilot project. In this pilot research outputs of researchers employed by Dutch Universities that comply with the legal requirements of Article 25fa of the Dutch Copyright Act are distributed online and free of cost or other barriers in institutional repositories. Research outputs are distributed six months after their first online publication in the original published version and with proper attribution to the source of the original publication.You are permitted to download and use the publication for personal purposes. Please note that you are not allowed to share this article on other platforms, but can link to it. All rights remain with the author(s) and/or copyrights owner(s) of this work. Any use of the publication or parts of it other than authorised under this licence or copyright law is prohibited. Neither Radboud University nor the authors of this publication are liable for any damage resulting from your (re)use of this publication.If you believe that digital publication of certain material infringes any of your rights or (privacy) interests, please let the Library know, stating your reasons. In case of a legitimate complaint, the Library will make the ma terial

show abstract