Current State of Design and Design Methods forSecure Hardware
Patrick Schaumont
Bradley Department of Electrical and Computer EngineeringVirginia Tech
Blacksburg, VA
Shonan Workshop on Design Methods for Secure Hardware
Patrick Schaumont Design Methods for Secure Hardware Shonan Seminar 9/15/2014
About this talk
In this talkDefine design methods for secure hardware design
But this definition is incompleteuntil you ask lots of questions
Patrick Schaumont Design Methods for Secure Hardware Shonan Seminar 9/15/2014
About this talk
In this talkDefine design methods for secure hardware design
But this definition is incompleteuntil you ask lots of questions
Patrick Schaumont Design Methods for Secure Hardware Shonan Seminar 9/15/2014
Secure Hardware Design
Patrick Schaumont Design Methods for Secure Hardware Shonan Seminar 9/15/2014
10 years ago ..
Patrick Schaumont Design Methods for Secure Hardware Shonan Seminar 9/15/2014
.. when AES was still called Rijndael
Rijndael Chip (UCLA)• Full Rijndael (128/192/256 block/key) [Kuo CICC 02]• 173 KGE 180nm (!)
Patrick Schaumont Design Methods for Secure Hardware Shonan Seminar 9/15/2014
Race to the bottom: Low-footprint AES
AES• Since 2001, many AES designs that are very small (or very fast)•We measure progress through metrics (of area, time)
Patrick Schaumont Design Methods for Secure Hardware Shonan Seminar 9/15/2014
Race to the bottom: Low-footprint AES
AES• Since 2001, many AES designs that are very small (or very fast)•We measure progress through metrics (of area, time)
Patrick Schaumont Design Methods for Secure Hardware Shonan Seminar 9/15/2014
Hardware Design vs Secure Hardware Design
Hardware DesignDecomposing functionality into elementary hardware primitives suchas gates and flipflops, under specific constraints: performance, area,power, energy, ..
Secure Hardware DesignHardware design under a given set of threats (probing, faults,side-channel leakage, physical tampering, optical inspection, interferewith manufacturing, ..) with the purpose of thwarting those threats.
⇒ It’s hard to measure ’threat resistance’ (eg. not reported by tools).⇒ Metrics for secure hardware design are not yet common.
Patrick Schaumont Design Methods for Secure Hardware Shonan Seminar 9/15/2014
Hardware Design vs Secure Hardware Design
Hardware DesignDecomposing functionality into elementary hardware primitives suchas gates and flipflops, under specific constraints: performance, area,power, energy, ..
Secure Hardware DesignHardware design under a given set of threats (probing, faults,side-channel leakage, physical tampering, optical inspection, interferewith manufacturing, ..) with the purpose of thwarting those threats.
⇒ It’s hard to measure ’threat resistance’ (eg. not reported by tools).⇒ Metrics for secure hardware design are not yet common.
Patrick Schaumont Design Methods for Secure Hardware Shonan Seminar 9/15/2014
Hardware Design vs Secure Hardware Design
Hardware DesignDecomposing functionality into elementary hardware primitives suchas gates and flipflops, under specific constraints: performance, area,power, energy, ..
Secure Hardware DesignHardware design under a given set of threats (probing, faults,side-channel leakage, physical tampering, optical inspection, interferewith manufacturing, ..) with the purpose of thwarting those threats.
⇒ It’s hard to measure ’threat resistance’ (eg. not reported by tools).⇒ Metrics for secure hardware design are not yet common.
Patrick Schaumont Design Methods for Secure Hardware Shonan Seminar 9/15/2014
Design Methods
Patrick Schaumont Design Methods for Secure Hardware Shonan Seminar 9/15/2014
The computing landscape today
ElementsThe cloud with servers,backbone networking,bulk storageThe swarm of devicesin personal media,home environment,infrastructure
Patrick Schaumont Design Methods for Secure Hardware Shonan Seminar 9/15/2014
The computing landscape today
The CloudHomogeneous: High-end CPUs1000 users per computerCost Sensitive: Maximize users per machinePower Sensitive: Thermal issuesGrows unconstrained: Efficiency through Scale
The Swarm around the CloudHeterogeneous: 32-bit Micro downto dedicated hardware1000 computers per user (eventually ...)Cost Sensitive: Dedicated consumer-oriented devicesEnergy/Power Sensitive: Battery, Energy-harvestingConstrained in environment: Efficiency through Specialization
Patrick Schaumont Design Methods for Secure Hardware Shonan Seminar 9/15/2014
Design Pyramid for Applications in the Swarm
Patrick Schaumont Design Methods for Secure Hardware Shonan Seminar 9/15/2014
Design Pyramid for Applications
Patrick Schaumont Design Methods for Secure Hardware Shonan Seminar 9/15/2014
Design Pyramid for Applications
Patrick Schaumont Design Methods for Secure Hardware Shonan Seminar 9/15/2014
Design Pyramid for Secure Applications
Patrick Schaumont Design Methods for Secure Hardware Shonan Seminar 9/15/2014
Capturing the Trade-off in Security
RiskRisk is the potential for lossRisk = (Probablity of Incident) x (Cost of Incident)
Patrick Schaumont Design Methods for Secure Hardware Shonan Seminar 9/15/2014
Measuring Risk? SCA Example
Risk from Side-channel LeakageEvery encryption leaks some information It in every traceDifferential Techniques (DPA) combine Nt traces in an SCARisk ∼ P(successful SCA) ∼ Nt × It
Patrick Schaumont Design Methods for Secure Hardware Shonan Seminar 9/15/2014
Measuring Risk? SCA Example
Risk from Side-channel LeakageEvery encryption leaks some information It in every traceDifferential Techniques (DPA) combine Nt traces in an SCARisk ∼ P(successful SCA) ∼ Nt × It
Patrick Schaumont Design Methods for Secure Hardware Shonan Seminar 9/15/2014
All-hardware Countermeasures
Protect the hardware implementationCircuits that suppress side-channel leakage (Reduce It )Popular technique: Hiding using dual-rail logic [Tiri’04]Algorithm-independent solution will protect any crypto.cBUT at significant cost: Risk 100x ↓ for Area 3x ↑ and Power 4x ↑
Patrick Schaumont Design Methods for Secure Hardware Shonan Seminar 9/15/2014
All-hardware Countermeasures
Protect the hardware implementationCircuits that suppress side-channel leakage (Reduce It )Popular technique: Hiding using dual-rail logic [Tiri’04]Algorithm-independent solution will protect any crypto.cBUT at significant cost: Risk 100x ↓ for Area 3x ↑ and Power 4x ↑
Patrick Schaumont Design Methods for Secure Hardware Shonan Seminar 9/15/2014
Other SCA Countermeasures
Author Technique Technology SCA Area PerfGain Cost Cost(ratio) (ratio) (ratio)
Tiri’05 Hiding AES, ASIC 120x x3.1 (GE) x3.9 (fclock )Bhasin’11 Hiding AES, FPGA 10.9x x2 (RAM+LUT) x1.3 (fclock )Suzuki’10 Masking AES, ASIC x2.1 (GE) x1.8 (fclock )Moradi’11 Threshold AES, ASIC x4.5 (GE) x1.2 (time)Chen’13 VSC AES, SW 25x x3.3 (KB) x6.5 (time)Rivian’11 Masking AES, SW x36 (time)Genelle’11 Masking AES, SW x12 (time)GE = Gate Equivalent = Area of a NAND2 gate.
Patrick Schaumont Design Methods for Secure Hardware Shonan Seminar 9/15/2014
Crypto that thwarts SCA?
Protect the algorithm, intrinsicallyLimits the lifetime of secret key (Nt �)Technique: Leakage Resilient Cryptography [Dziembowski’08]Algorithm-specific technique: works on only one algorithm at atime
Patrick Schaumont Design Methods for Secure Hardware Shonan Seminar 9/15/2014
Leakage-resilient Design
Author Initializaton PropagationKocher’03 DES DESMedwed’10 GF MulGammel’10 GF Mul w AES AESKocher’11 Hash Tree HashMedwed’12 AES Tree
Patrick Schaumont Design Methods for Secure Hardware Shonan Seminar 9/15/2014
Design Trade-offs for SCA Countermeasures
A trade-off in three dimensions• Risk: Reduction in SCA success probability ∼ Nt × It• Flexibility: Turn off countermeasure when you don’t need it• Performance: Degradation under countermeasure
Patrick Schaumont Design Methods for Secure Hardware Shonan Seminar 9/15/2014
Summary: Metrics for Secure Hardware
Things we understand well• Measuring execution speed, time• Measuring gate count, memory footprint
Things we don’t understand well• Measuring tamper resistance (faults or side-channels)• Measuring probabilisitic properties (entropy for PUF, RNG)
Patrick Schaumont Design Methods for Secure Hardware Shonan Seminar 9/15/2014
Summary: Design Methods for Secure Hardware
Things we understand well• Classic hardware optimization paradigms (speed, area)• Dealing with threats by integrating protected modules• Transformation methods for single, selected threats
Things we don’t understand well• Generic Risk Assessment for a range of threats• Effects of composition and integration (of different countermeasures)• Cross-layer threats
Patrick Schaumont Design Methods for Secure Hardware Shonan Seminar 9/15/2014