Efficient Masking Methods Appropriate for the Block Ciphers ARIA and AES

In this paper, we propose efficient masking methods for ARIA and AES. In general, a masked S‐box (MS) block can be constructed in different ways depending on the implementation platform, such as hardware and software. However, the other components of ARIA and AES have less impact on the implementation cost. We first propose an efficient masking structure by minimizing the number of mask corrections under the assumption that we have an MS block. Second, to make a secure and efficient MS block for ARIA and AES, we propose novel methods to solve the table size problem for the MS block in a software implementation and to reduce the cost of a masked inversion which is the main part of the MS block in the hardware implementation.     

Differential Side Channel Analysis Attacks on FPGA Implementations of ARIA

In this paper, we first investigate the side channel analysis attack resistance of various FPGA hardware implementations of the ARIA block cipher. The analysis is performed on an FPGA test board dedicated to side channel attacks. Our results show that an unprotected implementation of ARIA allows one to recover the secret key with a low number of power or electromagnetic measurements. We also present a masking countermeasure and analyze its second‐order side channel resistance by using various suitable preprocessing functions. Our experimental results clearly confirm that second‐order differential side channel analysis attacks also remain a practical threat for masked hardware implementations of ARIA.     

Practical Second‐Order Correlation Power Analysis on the Message Blinding Method and Its Novel Countermeasure for RSA

Recently power attacks on RSA cryptosystems have been widely investigated, and various countermeasures have been proposed. One of the most efficient and secure countermeasures is the message blinding method, which includes the RSA derivative of the binary‐with‐random‐initial‐point algorithm on elliptical curve cryptosystems. It is known to be secure against first‐order differential power analysis (DPA); however, it is susceptible to second‐order DPA. Although second‐order DPA gives some solutions for defeating message blinding methods, this kind of attack still has the practical difficulty of how to find the points of interest, that is, the exact moments when intermediate values are being manipulated. In this paper, we propose a practical second‐order correlation power analysis (SOCPA). Our attack can easily find points of interest in a power trace and find the private key with a small number of power traces. We also propose an efficient countermeasure which is secure against the proposed SOCPA as well as existing power attacks.     

A pre-silicon logic level security verification flow for higher-order masking schemes against glitches on FPGAs

Higher-order masking schemes have been proven in theory to be secure countermeasures against side-channel attacks in the algorithm level. The ISW framework is one of the most acceptable secure models of the existing higher-order masking schemes. However, a gap may exist between scheme and implementation. Several analyses have exhibited the weakness of masking in hardware designs on FPGAs. Firstly, we give the definition of leakage point and introduce three implementation logical flaws: glitch, EDA optimization and intermediate variable of scheme flaw. Secondly, we propose a leakage verification flow for implementing and verifying circuits realized higher-order masking schemes to avoid these leakage points. The flow provides an efficient evaluation method to locate and identify leakage points in masking hardware implementations. With the knowledge of the weaknesses of implementation, the implementation should be modified by corresponding methods to fix flaws, especially for glitch, which has been regarded as the main challenge of masking in hardware designs, we provide a method to remove the leakage point using Dijkstra algorithm with no extra time and area overheads. Finally, the design flow is evaluated on the implementation of Rivain&Prouff masking. Our experiments demonstrate how it automatically locates and protects the implementation. In addition, the experiments are also performed on flawed implementations due to EDA optimization and intermediate variables.     

抗差分功耗分析和差分故障分析的AES算法VLSI设计与实现

提出了一种抗差分功耗分析和差分故障分析的AES算法硬件设计与实现方案,该设计主要采用了数据屏蔽和二维奇偶校验方法相结合的防御措施.在保证硬件安全性的前提下,采用将128bit运算分成4次32bit运算、模块复用、优化运算次序等方法降低了硬件实现成本,同时使用3级流水线结构提高了硬件实现的速度和吞吐率.基于以上技术设计的AES IP核不仅具有抗双重旁道攻击的能力,而且拥有合理的硬件成本和运算性能.     

Low‐Power Design of Hardware One‐Time Password Generators for Card‐Type OTPs

Since card‐type one‐time password (OTP) generators became available, power and area consumption has been one of the main issues of hardware OTPs. Because relatively smaller batteries and smaller chip areas are available for this type of OTP compared to existing token‐type OTPs, it is necessary to implement power‐efficient and compact dedicated OTP hardware modules. In this paper, we design and implement a low‐power small‐area hardware OTP generator based on the Advanced Encryption Standard (AES). First, we implement a prototype AES hardware module using a 350 nm process to verify the effectiveness of our optimization techniques for the SubBytes transform and data storage. Next, we apply the optimized AES to a real‐world OTP hardware module which is implemented using a 180 nm process. Our experimental results show the power consumption of our OTP module using the new AES implementation is only 49.4% and 15.0% of those of an HOTP and software‐based OTP, respectively.     

Mutual Information Analysis for Three‐Phase Dynamic Current Mode Logic against Side‐Channel Attack

To date, many different kinds of logic styles for hardware countermeasures have been developed; for example, SABL, TDPL, and DyCML. Current mode–based logic styles are useful as they consume less power compared to voltage mode–based logic styles such as SABL and TDPL. Although we developed TPDyCML in 2012 and presented it at the WISA 2012 conference, we have further optimized it in this paper using a binary decision diagram algorithm and confirmed its properties through a practical implementation of the AES S‐box. In this paper, we will explain the outcome of HSPICE simulations, which included correlation power attacks, on AES S‐boxes configured using a compact NMOS tree constructed from either SABL, CMOS, TDPL, DyCML, or TPDyCML. In addition, to compare the performance of each logic style in greater detail, we will carry out a mutual information analysis (MIA). Our results confirm that our logic style has good properties as a hardware countermeasure and 15% less information leakage than those secure logic styles used in our MIA.     

Breaking LPA-resistant cryptographic circuits with principal component analysis

In this paper, a novel hardware attack based on principal component analysis (PCA) is proposed to break a leakage power analysis (LPA)-resistant cryptographic circuit (CC) efficiently. Although the added false keys which are used for masking the secret key of the LPA-resistant CC are secure and effective against regular LPA attacks, they may be precisely modeled by eigenvalues and eigenvectors under PCA. After performing the proposed PCA on the LPA-resistant CC, all the added false keys can be removed to expose the corresponding secret key. As shown in the result, only 2000 number of plaintexts are sufficient to crack an LPA-resistant CC by utilizing the proposed PCA-assisted LPA attacks.     

SVM‐Based Speaker Verification System for Match‐on‐Card and Its Hardware Implementation

Using biometrics to verify a person's identity has several advantages over the present practice of personal identification numbers (PINs) and passwords. To gain maximum security in a verification system using biometrics, the computation of the verification as well as the storing of the biometric pattern has to take place in a smart card. However, there is an open issue of integrating biometrics into a smart card because of its limited resources (processing power and memory space). In this paper, we propose a speaker verification algorithm using a support vector machine (SVM) with a very few features, and implemented it on a 32‐bit smart card. The proposed algorithm can reduce the required memory space by a factor of more than 100 and can be executed in real‐time. Also, we propose a hardware design for the algorithm on a field‐programmable gate array (FPGA)‐based platform. Based on the experimental results, our SVM solution can provide superior performance over typical speaker verification solutions. Furthermore, our FPGA‐based solution can achieve a speed‐up of 50 times over a software‐based solution.     

Dynamic inhomogeneous S-Boxes design for efficient AES masking mechanisms

It is an important challenge to implement a lowcost power analysis immune advanced encryption standard （AES） circuit. The previous study proves that substitution boxes （S-Boxes） in AES are prone to being attacked, and hard to mask for its non-linear characteristic. Besides, large amounts of circuit resources in chips and power consumption are spent in protecting S-Boxes against power analysis. Thus, a novel power analysis immune scheme is proposed, which divides the data-path of AES into two parts： inhomogeneous S-Boxes instead of fixed S-Boxes are selected randomly to disturb power and logic delay in the non-linear module; at the same time, the general masking strategy is applied in the linear part of AES. This improved AES circuit was synthesized with united microelectronics corporation （UMC） 0.25 μm 1.8 V complementary metal-oxide-semiconductor （CMOS） standard cell library, and correlation power analysis experiments were executed. The results demonstrate that this secure AES implementation has very low hardware cost and can enhance the AES security effectually against power analysis.     

An Efficient Soft‐Output MIMO Detection Method Based on a Multiple‐Channel‐Ordering Technique

In this paper, we propose an efficient soft‐output signal detection method for spatially multiplexed multiple‐input multiple‐output (MIMO) systems. The proposed method is based on the ordered successive interference cancellation (OSIC) algorithm, but it significantly improves the performance of the original OSIC algorithm by solving the error propagation problem. The proposed method combines this enhanced OSIC algorithm with a multiple‐channel‐ordering technique in a very efficient way. As a result, the log likelihood ratio values can be computed by using a very small set of candidate symbol vectors. The proposed method has been synthesized with a 0.13‐μm CMOS technology for a 4×4 16‐QAM MIMO system. The simulation and implementation results show that the proposed detector provides a very good solution in terms of performance and hardware complexity.     

Techniques for Random Masking in Hardware

A new technique for Boolean random masking of the logic and operation in terms of nand logic gates is proposed and applied for masking the integer addition. The new technique can be used for masking arbitrary cryptographic functions and is more efficient than previously known techniques, recently applied to the Advanced Encryption Standard (AES). New techniques for the conversions from Boolean to arithmetic random masking and vice versa are also developed. They are hardware oriented and do not require additional random bits. Unlike the previous, software-oriented techniques showing a substantial difference in the complexity of the two conversions, they have a comparable complexity being about the same as that of one integer addition only. All the techniques proposed are in theory secure against the first-order differential power analysis on the logic gate level. They can be applied in hardware implementations of various cryptographic functions, including AES, (keyed) SHA-1, IDEA, and RC6     

星形拓扑无线传感器网络低功耗技术研究

针对无线传感器网络在某些特定领域所需的近距离、低功耗无线通信要求,设计并实现了一款基于MSP430F149单片机和CC1100无线芯片的无线通信模块,介绍了系统架构,并从硬件和软件两个方向进行了低功耗优化设计。测试结果表明,利用该无线通信模块设计方案组建的星型网络,具有体积小,功耗低及稳定性高等特点,能满足近距离、低功耗的无线通信要求。     

A prediction‐based and power‐aware virtual machine allocation algorithm in three‐tier cloud data centers

With the increasing popularity of cloud computing services, the more number of cloud data centers are constructed over the globe. This makes the power consumption of cloud data center elements as a big challenge. Hereby, several software and hardware approaches have been proposed to handle this issue. However, this problem has not been optimally solved yet. In this paper, we propose an online cloud resource management with live migration of virtual machines (VMs) to reduce power consumption. To do so, a prediction‐based and power‐aware virtual machine allocation algorithm is proposed. Also, we present a three‐tier framework for energy‐efficient resource management in cloud data centers. Experimental results indicate that the proposed solution reduces the power consumption; at the same time, service‐level agreement violation (SLAV) is also improved.     

基于UEFI的安全模块设计分析

传统BIOS是用汇编语言编写的,一般固化在主板的CMOS芯片中,利用电池来维持BIOS的硬件配置信息,维护和发展都很困难。文章简单分析了基于传统BOIS技术的安全模块软件系统设计和基于UEFI技术的安全模块软件系统设计,针对两种体系的软件维护和安全性进行了对比分析。     

Integral fault analysis of the ARIA cipher

ARIA is a Korean standard block cipher,which is flexible to provide security for software and hardware implementation.Since its introduction,some research of fault analysis is devoted to attacking the last two rounds of ARIA.It is an open problem to know whether provoking faults at some former rounds of ARIA allowed recovering the secret key.An answer was given to solve this problem by showing a novel integral differential fault analysis on two rounds earlier of ARIA.The mathematical analysis and simulating experiments show that the attack can successfully recover its secret key by fault injections.The results in this study describe that the integral fault analysis is a strong threaten to the security of ARIA.The results are beneficial to the analysis of the same type of other block ciphers.     

飞机固态二次配电装置SPDA的余度设计

为提高配电系统可用度,现代飞机广泛采用固态二次配电装置SPDA来取代传统的由继电器/断路器组成的配电系统,它避免了机电式控制装置在开通/关断瞬间产生的电弧,同时也提高了系统使用寿命。SPDA的高可用度除了依赖固态功率控制即SSPC技术外,在系统架构的设计上,采用了余度管理技术。其中计算技术采用了硬件的余度设计思想,而输入/输出模块则采用了软件的余度设计。在定量分析了采用余度管理技术对系统可用度的影响后,得出的结论是采用硬件余度的计算技术的可用度从原有的99.999%提高到99.999 999 98%,采用软件余度的输入/输出模块的可用度从99.998%提高到了99.998 999 99%。     

Multidimensional Differential‐Linear Cryptanalysis of ARIA Block Cipher

ARIA is a 128‐bit block cipher that has been selected as a Korean encryption standard. Similar to AES, it is robust against differential cryptanalysis and linear cryptanalysis. In this study, we analyze the security of ARIA against differential‐linear cryptanalysis. We present five rounds of differential‐linear distinguishers for ARIA, which can distinguish five rounds of ARIA from random permutations using only 284.8 chosen plaintexts. Moreover, we develop differential‐linear attacks based on six rounds of ARIA‐128 and seven rounds of ARIA‐256. This is the first multidimensional differential‐linear cryptanalysis of ARIA and it has lower data complexity than all previous results. This is a preliminary study and further research may obtain better results in the future.     

A Fully Synthesizable Bluetooth Baseband Module for a System‐on‐a‐Chip

Bluetooth is a specification for short‐range wireless communication using the 2.4 GHz ISM band. It emphasizes low complexity, low power, and low cost. This paper describes an area‐efficient digital baseband module for wireless technology. For area‐efficiency, we carefully consider hardware and software partitioning. We implement complex control tasks of the Bluetooth baseband layer protocols in software running on an embedded microcontroller. Hardware‐efficient functions, such as low‐level bitstream link control; host controller interfaces (HCIs), such as universal asynchronous receiver transmitter (UART) and universal serial bus (USB) interfaces; and audio Codec are performed by dedicated hardware blocks. Furthermore, we eliminate FIFOs for data buffering between hardware functional units. The design is done using fully synthesizable Verilog HDL to enhance the portability between process technologies so that our module can be easily integrated as an intellectual property core on system‐on‐a‐chip (SoC) ASICs. A field programmable gate array (FPGA) prototype of this module was tested for functional verification and realtime operation of file and bitstream transfers between PCs. The module was fabricated in a 0.25‐µm CMOS technology, the core size of which was only 2.79 mm×2.80 mm.     

FPGA上抗侧信道攻击的密码算法实现

密码算法在运行时可能会受到侧信道攻击,抗侧信道攻击的FPGA密码算法实现是目前研究的一个热点。通过随机数保护关键数据的S盒移位掩码法被认为是一种有效的防御手段。采用该方式实现的密码算法在提高运行安全性的同时,可能会带来硬件资源开销的增加及加解密速度的降低。通过对SM4算法的实现表明,采用合适的实现方式时S盒移位掩码法抗侧信道攻击实现对算法硬件资源开销及加解密速度影响不是太大,具有一定的实用价值。