Hardware Security Design, Threats, and Safeguards

With the ever-increasing proliferation of e-business practices, great volumes of secure business transactions and data transmissions are routinely carried out in encrypted forms through devices ranging from personal smartcards to business servers. Designed through hardware and embedded systems to meet real-time requirements, the cryptographic algorithms are often computationally intensive. Addressing diverse aspects of hardware security, this book covers cryptographic algorithms and their implementations, side-channel analysis, hardware intellectual property protection, and piracy prevention. It also discusses hardware Trojan threats and evaluates possible solutions.

Beginning with an introduction to cryptography, Hardware Security: Design, Threats, and Safeguards explains the underlying mathematical principles needed to design complex cryptographic algorithms. It then presents efficient cryptographic algorithm implementation methods, along with state-of-the-art research and strategies for the design of very large scale integrated (VLSI) circuits and symmetric cryptosystems, complete with examples of Advanced Encryption Standard (AES) ciphers, asymmetric ciphers, and elliptic curve cryptography (ECC). Gain a Comprehensive Understanding of Hardware Security—from Fundamentals to Practical Applications Since most implementations of standard cryptographic algorithms leak information that can be exploited by adversaries to gather knowledge about secret encryption keys, Hardware Security: Design, Threats, and Safeguards: Details algorithmic- and circuit-level countermeasures for attacks based on power, timing, fault, cache, and scan chain analysis Describes hardware intellectual property piracy and protection techniques at different levels of abstraction based on watermarking Discusses hardware obfuscation and physically unclonable functions (PUFs), as well as Trojan modeling, taxonomy, detection, and prevention Design for Security and Meet Real-Time Requirements If you consider security as critical a metric for integrated circuits (ICs) as power, area, and performance, you’ll embrace the design-for-security methodology of Hardware Security: Design, Threats, and Safeguards.

Part I Mathematical Background Introduction Modular Arithmetic Groups, Rings, and Fields Greatest Common Divisors and Multiplicative Inverse Subgroups, Subrings, and Extensions Groups, Rings, and Field Isomorphisms Polynomials and Fields Construction of Galois Field Extensions of Fields Cyclic Groups of Group Elements Efficient Galois Fields Mapping between Binary and Composite Fields Conclusions Overview of Modern Cryptography Introduction Cryptography: Some Technical Details Block Ciphers Rijndael in Composite Field Elliptic Curves Scalar Multiplications: LSB First and MSB First Approaches Montgomery’s Algorithm for Scalar Multiplication Inversions Conclusions Modern Hardware Design Practices Introduction Components of a Hardware Architecture: Mapping an Algorithm to Hardware Case Study: Binary gcd Processor Enhancing the Performance of a Hardware Design Modelling of the Computational Elements of the gcd Processor Experimental Results Conclusions Hardware Design of the Advanced Encryption Standard (AES) Introduction Algorithmic and Architectural Optimizations for AES Design Circuit for the AES S-Box Implementation of the Mix Column Transformation An Example Reconfigurable Design for the Rijndael Cryptosystem Experimental Results Single Chip Encryptor/Decryptor Conclusions Efficient Design of Finite Field Arithmetic on FPGAs Introduction Finite Field Multiplier Finite Field Multipliers for High Performance Applications Karatsuba Multiplication Karatsuba Multipliers for Elliptic Curves Designing for the FPGA Architecture Analyzing Karatsuba Multipliers on FPGA Platforms Performance Evaluation High Performance Finite Field Inversion Architecture for FPGAs Itoh-Tsujii Inversion Algorithm The Quad ITA Algorithm Experimental Results Generalization of the ITA for 2n Circuit Hardware Architecture for 2n Circuit-Based ITA Area and Delay Estimations for the 2n ITA Obtaining the Optimal Performing ITA Architecture Validation of Theoretical Estimations Conclusions High Speed Implementation of Elliptic Curve Scalar Multiplication on FPGAs Introduction The Elliptic Curve Cryptoprocessor Point Arithmetic on the ECCP The Finite State Machine (FSM) Performance Evaluation Further Acceleration Techniques of the ECC Processor Pipelining Strategies for the Scalar Multiplier Scheduling of the Montgomery Algorithm Finding the Right Pipeline Detailed Architecture of the ECM Implementation Results Conclusion Introduction to Side Channel Analysis Introduction What Are Side Channels? Types of Side Channel Attacks Kocher’s Seminal Works Power Attacks Fault Attacks Cache Attacks Scan Chain-Based Attacks Conclusions Differential Fault Analysis of Ciphers Introduction to Differential Fault Analysis DFA and Associated Fault Models Differential Fault Attacks on AES: Early Efforts State of the Art DFAs on AES Multiple Byte DFA of AES-128 Extension of the DFA to Other Variants of AES DFA of AES Targeting the Key-Schedule CED for AES Conclusions Cache Attacks on Ciphers Memory Hierarchy and Cache Memory Timing Attacks due to CPU Architecture Trace-Driven Cache Attacks Access-Driven Cache Attacks Time-Driven Cache Attacks Countermeasures for Timing Attacks Conclusion Power Analysis of Cipher Implementations Power Attack Set up and Power Traces Power Models Differential Power Analysis using Difference of Mean PKDPA: An Improvement of the DoM Technique Correlation Power Attack Metrics to Evaluate a Side Channel Analysis CPA on Real Power Traces of AES-128 Popular Countermeasures against Power Analysis: Masking Conclusions Testability of Cryptographic Hardware Introduction Scan Chain-Based Attacks on Cryptographic Implementations Scan Attack on Trivium Testability of Cryptographic Designs Conclusion Bibliography Part II Hardware Intellectual Property Protection through Obfuscation Introduction Related Work Functional Obfuscation through State Transition Graph Modification Extension of STG Modification for RTL Designs Obfuscation through Control and Data Flow Graph (CDFG) Modification Measure of Obfuscation Level Results Discussions Conclusions Overview of Hardware Trojans Introduction Trojan Taxonomy and Examples Multi-Level Attack Effect of Hardware Trojan on Circuit Reliability Hardware Trojan Insertion by Direct Modification of FPGA Configuration Bitstream Conclusion Logic Testing-Based Hardware Trojan Detection Introduction Statistical Approach for Trojan Detection Results Summary Side-Channel Analysis Techniques for Hardware Trojans Detection Introduction Motivation for the Proposed Approaches Multiple-Parameter Analysis-Based Trojan Detection Results Integration with Logic-Testing Approach Design Techniques for Hardware Trojan Threat Mitigation Introduction Obfuscation-Based Trojan Detection/Protection Integrated Framework for Obfuscation Results A FPGA-Based Design Technique for Trojan Isolation A Design Infrastructure Approach to Prevent Circuit Malfunction Physically Unclonable Functions: A Root-of-Trust for Hardware Security Introduction Physically Unclonable Function (PUF) Classification of PUFs Realization of Silicon PUFs PUF Performance Metrics for Quality Evaluation Secure PUF: What Makes a PUF Secure? Applications of PUF as a Root-of-Trust Attacks Model: How PUF Security Could Be Compromised Looking Forward: What Lies Ahead for PUFs? Genetic Programming-Based Model Building Attack on PUFs Introduction Background: Genetic Programming and RO-PUFs Methodology Results Bibliography

Dr. Debdeep Mukhopadhyay is an associate professor at the Indian Institute of Technology (IIT) Kharagpur, West Bengal, where he has been instrumental in setting up a side channel analysis laboratory. Previously, he worked as an assistant professor at the IIT Kharagpur and Madras. His research interests include VLSI of cryptographic algorithms and side channel analysis. A popular invited speaker, he has authored around 100 international conference and journal papers, co-authored a textbook on cryptography and network security, reviewed and served on program committees for several international conferences, and collaborated with several organizations including ISRO, DIT, ITI, DRDO, and NTT-Labs Japan. He has been the recipient of the prestigious INSA Young Scientist Award and the INAE Young Engineer Award. Dr. Rajat Subhra Chakraborty is an assistant professor at the Indian Institute of Technology Kharagpur, West Bengal. Previously, he worked as a CAD software engineer at National Semiconductor, Bangalore, Karnataka, India and a co-op at Advanced Micro Devices, Sunnyvale, California, USA. His research interests include design methodology for hardware IPIIC protection, hardware Trojan detection/prevention through design and testing, attacks on hardware implementation of cryptographic algorithms, and reversible watermarking for digital content protection. He has authored over 25 conference and journal publications and presented at numerous events including the 2011 IEEE VLSI Design Conference, where he delivered a tutorial on hardware security.