Skip to main content
SpringerLink
Log in
SpringerLink
Log in

Security of Crypto IP Core: Issues and Countermeasures

  • Chapter
  • First Online:
Fundamentals of IP and SoC Security

  • 1808 Accesses

Abstract

Standard cryptographic System-on-Chip (SoC) design requires the development and reuse of Intellectual Property (IP) cores. These IP-cores often form the root-of-trust of several cryptographic protocols. However, just selecting a mathematically secure cryptographic algorithm and building an IP-core for it does not necessarily guarantee security. Owing to improper design methodologies, such IP-cores can be subjected to powerful attacks, which can lead to the collapse of overall security. Adversaries can observe physical information like power consumption, electromagnetic radiation, time required and using statistical techniques popularly called as side channel analysis (SCA) to get access to sensitive information. The IP-cores can also be subjected to perturbations (either accidental or malicious) to induce faults which can be exploited to recover the key used inside the cipher cores. Along with design, testing and validation of such IP cores also pose unique security challenges. Thus popular test methodologies useful for validating IP cores in conventional SOC designs, can in-turn be used for attacking the IPs. The chapter also discusses suitable countermeasures which can not only mitigate such threats, but also lay the foundations for future IP Design-for-Security.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 139.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. The Heartbleed Bug (2014)

    Google Scholar 

  2. Green, M.: Attack of the week: OpenSSL Heartbleed (2014)

    Google Scholar 

  3. Subramanian, N.: Websites affected by Heartbleed: change your Gmail, Facebook and Yahoo passwords right now (2014)

    Google Scholar 

  4. Team, M.: The Heartbleed Hit List: The Passwords You Need to Change Right Now (2014)

    Google Scholar 

  5. Mukhopadhyay, D., Chakraborty, R.S.: Hardware Security: Design, Threats, and Safeguards. CRC Press (2014)

    Google Scholar 

  6. Chari, S., Rao, J., Rohatgi, P.: Template attacks. In: Kaliski, B., Koç, K., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2002. Lecture Notes in Computer Science, vol. 2523, pp. 13–28. Springer, Berlin (2003)

    Google Scholar 

  7. Bhasin, S., Danger, J., Guilley, S., Najm, Z.: NICV: normalized inter-class variance for detection of side-channel leakage. IACR Cryptol. ePrint Arch. 2013, 717 (2013)

    Google Scholar 

  8. Archambeau, C., Peeters, E., Standaert, F.-X., Quisquater, J.-J.: Template attacks in principal subspaces. In: Goubin, L., Matsui, M. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2006. Lecture Notes in Computer Science, vol. 4249, pp. 1–14. Springer, Berlin (2006)

    Chapter  Google Scholar 

  9. Ishai, Y., Sahai, A., Wagner, D.: Private circuits: securing hardware against probing attacks. In: Proceedings of CRYPTO 2003, pp. 463–481. Springer (2003)

    Google Scholar 

  10. Park, J., Tyagi, A.: \(t\)-Private logic synthesis on FPGAs. In: 2012 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 63–68 (2012)

    Google Scholar 

  11. Park, J., Tyagi, A.: \(t\)-private systems: unified private memories and computation. In: Chakraborty, R., Matyas, V., Schaumont, P. (eds.) Security, Privacy, and Applied Cryptography Engineering. Lecture Notes in Computer Science, vol. 8804, pp. 285–302. Springer International Publishing (2014)

    Google Scholar 

  12. Gomathisankaran, M., Tyagi, A.: Glitch resistant private circuits design using HORNS. In: IEEE Computer Society Annual Symposium on VLSI, ISVLSI 2014, Tampa, FL, USA, July 9–11, 2014, pp. 522–527 (2014)

    Google Scholar 

  13. Park, J., Tyagi, A.: Towards making private circuits practical: DPA resistant private circuits. In: IEEE Computer Society Annual Symposium on VLSI, ISVLSI 2014, Tampa, FL, USA, July 9–11, 2014, pp. 528–533 (2014)

    Google Scholar 

  14. Wong, M., Wong, M., Hijazin, I., Nandi, A.: Composite field GF(((22)2)2) AES s-box with direct computation in gf(24) inversion. In: 2011 7th International Conference on Information Technology in Asia (CITA 11), pp. 1–6 (2011)

    Google Scholar 

  15. Trichina, E.: Combinational logic design for AES subbyte transformation on masked data. IACR Cryptol. ePrint Arch. 2003, 236 (2003)

    Google Scholar 

  16. Mangard, S., Popp, T., Gammel, B.: Side-channel leakage of masked cmos gates. In: Menezes, A. (ed.) Topics in Cryptology CT-RSA 2005. Lecture Notes in Computer Science, vol. 3376, pp. 351–365. Springer, Berlin (2005)

    Chapter  Google Scholar 

  17. Clavier, C., Feix, B., Gagnerot, G., Roussellet, M., Verneuil, V.: Improved collision-correlation power analysis on first order protected aes. In: Preneel, B., Takagi, T. (eds.) Cryptographic Hardware and Embedded Systems CHES 2011. Lecture Notes in Computer Science, vol. 6917, pp. 49–62. Springer, Berlin Heidelberg (2011)

    Chapter  Google Scholar 

  18. Moradi, A.: Statistical tools flavor side-channel collision attacks. In: Pointcheval, D., Johansson, T. (eds.) Advances in Cryptology EUROCRYPT 2012. Lecture Notes in Computer Science, vol. 7237, pp. 428–445. Springer, Berlin (2012)

    Chapter  Google Scholar 

  19. Moradi, A., Mischke, O.: How far should theory be from practice? In: Prouff, E., Schaumont, P. (eds.) Cryptographic Hardware and Embedded Systems CHES 2012. Lecture Notes in Computer Science, vol. 7428, pp. 92–106. Springer, Berlin (2012)

    Chapter  Google Scholar 

  20. Hajra, S., Rebeiro, C., Bhasin, S., Bajaj, G., Sharma, S., Guilley, S., Mukhopadhyay, D.: DRECON: DPA resistant encryption by construction. In: Pointcheval, D., Vergnaud, D. (eds.) Progress in Cryptology - AFRICACRYPT 2014 - 7th International Conference on Cryptology in Africa, Marrakesh, Morocco, May 28–30, 2014. Proceedings. Lecture Notes in Computer Science, vol. 8469, pp. 420–439. Springer (2014)

    Google Scholar 

  21. Liskov, M., Rivest, R.L., Wagner, D.: Tweakable block ciphers. In: Yung, M. (ed.) CRYPTO. Lecture Notes in Computer Science, vol. 2442, pp. 31–46. Springer (2002)

    Google Scholar 

  22. Medwed, M., Standaert, F.-X., Großschädl, J., Regazzoni, F.: Fresh re-keying: security against side-channel and fault attacks for low-cost devices. In: Bernstein, D.J., Lange, T. (ed.) AFRICACRYPT. Lecture Notes in Computer Science, vol. 6055, pp. 279–296. Springer (2010)

    Google Scholar 

  23. Guilley, S., Sauvage, L., Flament, F., Vong, V.-N., Hoogvorst, P., Pacalet, R.: Evaluation of power constant dual-rail logics countermeasures against DPA with design time security metrics. IEEE Trans. Comput. 59(9), 1250–1263 (2010)

    Article  MathSciNet  Google Scholar 

  24. Research Center for Information Security National Institute of Advanced Industrial Science and Technology. Side-channel Attack Standard Evaluation Board SASEBO-GII Specification (Version 1.01) (2009)

    Google Scholar 

  25. Shah, S., Velegalati, R., Kaps, J.-P., Hwang, D.: Investigation of DPA resistance of block RAMs in cryptographic implementations on fpgas. In: Prasanna, V.K., Becker, J., Cumplido, R. (eds.) ReConFig, pp. 274–279. IEEE Computer Society (2010)

    Google Scholar 

  26. Standaert, F.-X., Malkin, T., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) EUROCRYPT. Lecture Notes in Computer Science, vol. 5479, pp. 443–461. Springer (2009)

    Google Scholar 

  27. Ali, S., Chakraborty, R.S., Mukhopadhyay, D., Bhunia, S.: Multi-level attacks: an emerging security concern for cryptographic hardware. In: DATE, pp. 1176–1179. IEEE (2011)

    Google Scholar 

  28. Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski Jr., B.S. (eds.) CRYPTO. Lecture Notes in Computer Science, vol. 1294, pp. 513–525. Springer (1997)

    Google Scholar 

  29. Tunstall, M., Mukhopadhyay, D., Ali, S.S.: Differential fault analysis of the advanced encryption standard using a single fault. In: Ardagna, C.A., Zhou, J. (eds.) WISTP. Lecture Notes in Computer Science, vol. 6633, pp. 224–233. Springer (2011)

    Google Scholar 

  30. Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Proceedings of Eurocrypt. Lecture Notes in Computer Science, vol. 1233, pp. 37–51 (1997)

    Google Scholar 

  31. Blömer, J., Seifert, J.-P.: Fault based cryptanalysis of the advanced encryption standard (AES). In: Financial Cryptography, pp. 162–181 (2003)

    Google Scholar 

  32. Giraud, C.: DFA on AES. In: IACR e-print archive 2003/008, p. 008. http://eprint.iacr.org/2003/008 (2003)

  33. Moradi, A., Shalmani, M.T.M., Salmasizadeh, M.: A generalized method of differential fault attack against AES cryptosystem. In: CHES, pp. 91–100 (2006)

    Google Scholar 

  34. Mukhopadhyay, D.: An improved fault based attack of the advanced encryption standard. In: AFRICACRYPT, pp. 421–434 (2009)

    Google Scholar 

  35. Dusart, G.L.P., Vivolo, O.: Differential fault analysis on AES. In: Cryptology ePrint Archive, pp. 293–306 (2003)

    Google Scholar 

  36. Piret, G., Quisquater, J.: A differential fault attack technique against SPN structures, with application to the AES and Khazad. In: CHES, pp. 77–88 (2003)

    Google Scholar 

  37. Saha, D., Mukhopadhyay, D., Chowdhury, D.R.: A diagonal fault attack on the advanced encryption standard. IACR Cryptol. ePrint Arch. 581 (2009)

    Google Scholar 

  38. Tunstall, M., Mukhopadhyay, D., Ali, S.: Differential fault analysis of the advanced encryption standard using a single fault. In: WISTP, pp. 224–233 (2011)

    Google Scholar 

  39. Agoyan, M., Dutertre, J.-M., Naccache, D., Robisson, B., Tria, A.: When clocks fail: on critical paths and clock faults. In: CARDIS, pp. 182–193 (2010)

    Google Scholar 

  40. Barenghi, A., Hocquet, C., Bol, D., Standaert, F.-X., Regazzoni, F., Koren, I.: Exploring the feasibility of low cost fault injection attacks on sub-threshold devices through an example of a 65 nm AES implementation. In: Proceedings of Workshop RFID Security Privacy, pp. 48–60 (2011)

    Google Scholar 

  41. Khelil, F., Hamdi, M., Guilley, S., Danger, J.L., Selmane, N.: Fault analysis attack on an AES FPGA implementation. In: ESRGroups, pp. 1–5 (2008)

    Google Scholar 

  42. Selmane, N., Guilley, S., Danger, J.-L.: Practical setup time violation attacks on AES. In: European Dependable Computing Conference, pp. 91–96 (2008)

    Google Scholar 

  43. Mukhopadhyay, D.: An improved fault based attack of the advanced encryption standard. In: Preneel, B. (ed.) AFRICACRYPT. Lecture Notes in Computer Science, vol. 5580, pp. 421–434. Springer (2009)

    Google Scholar 

  44. National Institute of Standards and Technology: Advanced Encryption Standard. NIST FIPS PUB 197 (2001)

    Google Scholar 

  45. Ali, S., Mazumdar, B., Mukhopadhyay, D.: A fault analysis perspective for testing of secured soc cores. IEEE Des. Test 30(5), 63–73 (2013)

    Article  Google Scholar 

  46. Kim, C.H.: Improved differential fault analysis on AES key schedule. IEEE Trans. Inf. Forensics Secur. 7(1), 41–50 (2012)

    Article  Google Scholar 

  47. Guo, X.: Fault Attacks and Countermeasures on Symmetric/Key Cryptographic Algorithms. Ph.D. thesis

    Google Scholar 

  48. Wu, K., Karri, R., Kuznetsov, G., Goessel, M.: Low cost concurrent error detection for the advanced encryption standard. In: ITC, pp. 1242–1248 (2004)

    Google Scholar 

  49. Bertoni, G., Breveglieri, L., Koren, I., Maistri, P., Piuri, V.: Error analysis and detection procedures for a hardware implementation of the advanced encryption standard. IEEE Trans. Comput. 52(4), 492–505 (2003)

    Article  Google Scholar 

  50. Mozaffari-Kermani, M., Reyhani-Masoleh, A.: A lightweight high-performance fault detection scheme for the advanced encryption standard using composite field. IEEE Trans. VLSI Syst. 19(1), 85–91 (2011)

    Article  Google Scholar 

  51. Mozaffari-Kermani, M., Reyhani-Masoleh, A.: Concurrent structure-independent fault detection schemes for the advanced encryption standard. IEEE Trans. Comput. 59(5), 608–622 (2010)

    Article  MathSciNet  Google Scholar 

  52. Karpovsky, M., Kulikowski, K.J., Taubin, E., Member, S.: Robust protection against fault-injection attacks of smart cards implementing the advanced encryption standard. In: DNS, pp. 93–101 (2004)

    Google Scholar 

  53. Malkin, T., Standaert, F.-X., Yung, M.: A comparative cost/security analysis of fault attack countermeasures. In: FDTC, pp. 109–123 (2005)

    Google Scholar 

  54. Maistri, P., Leveugle, R.: Double-data-rate computation as a countermeasure against fault analysis. IEEE Trans. Comput. 57(11), 1528–1539 (2008)

    Article  MathSciNet  Google Scholar 

  55. Karri, R., Wu, K., Mishra, P., Kim, Y.: Concurrent error detection schemes of fault based side-channel cryptanalysis of symmetric block ciphers. IEEE Trans. Comput.-Aid. Des. 21(12), 1509–1517 (2002)

    Article  Google Scholar 

  56. Guo, X., Karri, R.: Recomputing with permuted operands: a concurrent error detection approach. IEEE Trans. Comput.-Aid. Des. Integr. Circ. Syst. 32(10), 1595–1608 (2013)

    Article  Google Scholar 

  57. Kapoor, R.: Security vs. test quality: Are they mutually exclusive? In: ITC’04: Proceedings of the International Test Conference, Washington, DC, USA, 2004, p. 1413. IEEE Computer Society (2004)

    Google Scholar 

  58. Yang, B., Wu, K., Karri, R.: Scan based side channel attack on dedicated hardware implementations of data encryption standard. In: ITC’04: Proceedings of the International Test Conference, pp. 339–344, Washington, DC, USA, 2004. IEEE Computer Society (2004)

    Google Scholar 

  59. Mukhopadhyay, D., Chakraborty, R.: Testability of cryptographic hardware and detection of hardware trojans. In: 2011 20th Asian Test Symposium (ATS), pp. 517–524 (2011)

    Google Scholar 

  60. Stallings, W.: Cryptography and Network Security: Principles and Practice. Pearson Education (2002)

    Google Scholar 

  61. Wu, K., Yang, B., Karri, R.: Secure scan: a design-for-test architecture for crypto-chips. In: DAC’05: Proceedings of \(42^{nd}\) Design Automation Conference, pp. 135–140 (2005)

    Google Scholar 

  62. Yang, B., Wu, K., Karri, R.: Secure scan: a design-for-test architecture for crypto chips. IEEE Trans. Comput.-Aid. Des. Integr. Circ. Syst. 25(10), 2287–2293 (2006)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. IIT, Kharagpur, India

    Debapriya Basu Roy & Debdeep Mukhopadhyay

Authors
  1. Debapriya Basu Roy
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Debdeep Mukhopadhyay
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Debapriya Basu Roy .

Editor information

Editors and Affiliations

  1. University of Florida , Gainesville, Florida, USA

    Swarup Bhunia

  2. NXP Semiconductors (United States) , Austin, Texas, USA

    Sandip Ray

  3. Advanced Computing and Microelectronics, Indian Statistical Institute, Kolkata, India

    Susmita Sur-Kolay

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this chapter

Cite this chapter

Roy, D.B., Mukhopadhyay, D. (2017). Security of Crypto IP Core: Issues and Countermeasures. In: Bhunia, S., Ray, S., Sur-Kolay, S. (eds) Fundamentals of IP and SoC Security. Springer, Cham. https://doi.org/10.1007/978-3-319-50057-7_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-50057-7_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-50055-3

  • Online ISBN: 978-3-319-50057-7

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation