Three Design Dimensions of Secure Embedded Systems

  • Patrick Schaumont
  • Aydin Aysu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8204)


This contribution explores the design dimensions, the primary quality factors of a design, of secure embedded systems design. Design dimensions define the design space, and they enable a designer to distinguish a high-quality design from a low-quality design. Besides well-known dimensions such as performance and flexibility, secure embedded systems design introduces a new one: risk, or the potential for loss. Risk is on equal footing with flexibility and performance. The design challenges for risk cannot be met by optimizing for performance or flexibility alone. Hence, secure-embedded system design requires a trade-off between flexibility, performance, and risk. We illustrate this trade-off for each pair of factors through several driver applications, including parallel cryptography, integration of physical unclonable functions and side-channel countermeasures.


Design Methods Hardware/Software Codesign Montgomery Multiplication PUFs Countermeasure 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aarestad, J., Ortiz, P., Acharyya, D., Plusquellic, J.: HELP: A Hardware-Embedded Delay PUF. IEEE Design Test 30(2), 17–25 (2013)CrossRefGoogle Scholar
  2. 2.
    Anderson, R.J.: Security Engineering - A Guide to Building Dependable Distributed Systems, 2nd edn. Wiley (2008)Google Scholar
  3. 3.
    Aroms, E.: NIST Special Publication 800-39 Managing Information Security Risk. Create Space, Paramount, CA (2012)Google Scholar
  4. 4.
    Bhasin, S., Guilley, S., Souissi, Y., Graba, T., Danger, J.L.: Efficient Dual-Rail Implementations in FPGA Using Block RAMs. In: ReConFig, pp. 261–267 (2011),
  5. 5.
    Brocious, C.: My Arduino can beat up your hotel room lock. Black Hat 2012 (July 2012),
  6. 6.
    Chakraborty, R., Lamech, C., Acharyya, D., Plusquellic, J.: A Transmission Gate Physical Unclonable Function and on-chip Voltage-to-digital Conversion Technique. In: DAC, p. 59 (2013),
  7. 7.
    Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards Sound Approaches to Counteract Power-Analysis Attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999), CrossRefGoogle Scholar
  8. 8.
    Chen, Z., Schaumont, P.: A Parallel Implementation of Montgomery Multiplication on Multicore Systems: Algorithm, Analysis, and Prototype. IEEE Trans. Computers 60(12), 1692–1703 (2011), MathSciNetCrossRefGoogle Scholar
  9. 9.
    Chen, Z., Sinha, A., Schaumont, P.: Using Virtual Secure Circuit to Protect Embedded Software from Side-Channel Attacks. IEEE Trans. Computers 62(1), 124–136 (2013), MathSciNetCrossRefGoogle Scholar
  10. 10.
    Helfmeier, C., Boit, C., Nedospasov, D., Seifert, J.P.: Cloning Physically Unclonable Functions. In: IEEE Int. Symposium on Hardware-Oriented Security and Trust, HOST (2013)Google Scholar
  11. 11.
    Coron, J.-S., Kizhvatov, I.: Analysis and Improvement of the Random Delay Countermeasure of CHES 2009. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 95–109. Springer, Heidelberg (2010), CrossRefGoogle Scholar
  12. 12.
    Fan, J., Reparaz, O., Rozic, V., Verbauwhede, I.: Low-energy Encryption for Medical Devices: Security Adds an Extra Design Dimension. In: DAC 2013 (2013),
  13. 13.
    Fan, J., Sakiyama, K., Verbauwhede, I.: Elliptic Curve Cryptography on Embedded Multicore Systems. Design Autom. for Emb. Sys. 12(3), 231–242 (2008), CrossRefGoogle Scholar
  14. 14.
    Gajski, D.D., Abdi, S., Gerstlauer, A., Schirner, G.: Embedded System Design: Modeling, Synthesis and Verification, 1st edn. Springer Publishing Company, Incorporated (2009)CrossRefGoogle Scholar
  15. 15.
    Gammel, B., Fischer, W., Mangard, S.: Generating a Session Key for Authentication and Secure Data Transfer. US Patent Application US 2010/0316217 (December 2010)Google Scholar
  16. 16.
    Gassend, B., van Dijk, M., Clarke, D.E., Torlak, E., Devadas, S., Tuyls, P.: Controlled Physical Random Functions and Applications. ACM Trans. Inf. Syst. Secur. 10(4) (2008),
  17. 17.
    Genelle, L., Prouff, E., Quisquater, M.: Thwarting Higher-Order Side Channel Analysis with Additive and Multiplicative Maskings. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 240–255. Springer, Heidelberg (2011), CrossRefGoogle Scholar
  18. 18.
    Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual Information Analysis. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 426–442. Springer, Heidelberg (2008), CrossRefGoogle Scholar
  19. 19.
    Giorgi, P., Imbert, L., Izard, T.: Parallel Modular Multiplication on Multi-core Processors. In: IEEE Symposium on Computer Arithmetic, pp. 135–142 (2013),
  20. 20.
    Goodwill, G., Jun, B., Jaffe, J., Rohatgi, P.: A Testing Methodology for Side-channel Resistance Validation. In: NIAT (2011)Google Scholar
  21. 21.
    Gura, N., Patel, A., Wander, A., Eberle, H., Shantz, S.C.: Comparing elliptic curve cryptography and RSA on 8-bit CPUs. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 119–132. Springer, Heidelberg (2004), CrossRefGoogle Scholar
  22. 22.
    Henzler, S.: Time-to-digital converter basics. In: Time-to-Digital Converters. Springer Series in Advanced Microelectronics, vol. 29, pp. 5–18. Springer, Netherlands (2010), CrossRefGoogle Scholar
  23. 23.
    Hutter, M., Wenger, E.: Fast Multi-precision Multiplication for Public-Key Cryptography on Embedded Microprocessors. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 459–474. Springer, Heidelberg (2011), CrossRefGoogle Scholar
  24. 24.
    Kaihara, M.E., Takagi, N.: Bipartite Modular Multiplication Method. IEEE Trans. Computers 57(2), 157–164 (2008), MathSciNetCrossRefGoogle Scholar
  25. 25.
    Koç, C.K., Acar, T., Kaliski, B.: Analyzing and Comparing Montgomery Multiplication Algorithms. IEEE Micro 16(3), 26–33 (1996)CrossRefGoogle Scholar
  26. 26.
    Koç, C.K., Walter, C.D.: Montgomery Arithmetic. In: Encyclopedia of Cryptography and Security (2005),
  27. 27.
    Kocher, P.C.: Complexity and the Challenges of Securing SoCs. In: Proceedings of the 48th Design Automation Conference, DAC 2011, pp. 328–331. ACM, New York (2011), Google Scholar
  28. 28.
    Kocher, P.C., Lee, R., McGraw, G., Raghunathan, A.: Security as a New Dimension in Embedded System Design. In: Proceedings of the 41st Annual Design Automation Conference, DAC 2004, pp. 753–760. ACM, New York (2004)Google Scholar
  29. 29.
    Kocher, P.C., Jaffe, J., Jun, B., Rohatgi, P.: Introduction to Differential Power Analysis. J. Cryptographic Engineering 1(1), 5–27 (2011), CrossRefGoogle Scholar
  30. 30.
    Maes, R., Verbauwhede, I.: Physically unclonable functions: A study on the state of the art and future research directions. In: Sadeghi, A.R., Naccache, D. (eds.) Towards Hardware-Intrinsic Security. Information Security and Cryptography, pp. 3–37. Springer, Heidelberg (2010),
  31. 31.
    Maiti, A., Schaumont, P.: A Novel Microprocessor-intrinsic Physical Unclonable Function. In: FPL, pp. 380–387 (2012),
  32. 32.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks - Revealing the Secrets of Smart Cards. Springer (2007)Google Scholar
  33. 33.
    Merli, D., Schuster, D., Stumpf, F., Sigl, G.: Side-Channel Analysis of PUFs and Fuzzy Extractors. In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, A.-R., Sasse, A., Beres, Y. (eds.) TRUST 2011. LNCS, vol. 6740, pp. 33–47. Springer, Heidelberg (2011),
  34. 34.
    Montgomery, P.L.: Modular Multiplication without Trial Division. Mathematics of Computation 44(170), 519–521 (1985)MathSciNetCrossRefzbMATHGoogle Scholar
  35. 35.
    Moradi, A., Poschmann, A., Ling, S., Paar, C., Wang, H.: Pushing the Limits: A Very Compact and a Threshold Implementation of AES. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 69–88. Springer, Heidelberg (2011), CrossRefGoogle Scholar
  36. 36.
    Popp, T., Kirschbaum, M., Zefferer, T., Mangard, S.: Evaluation of the Masked Logic Style MDPL on a Prototype Chip. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 81–94. Springer, Heidelberg (2007), CrossRefGoogle Scholar
  37. 37.
    Rabaey, J.: Low Power Design Essentials, 1st edn. Springer Publishing Company, Incorporated (2009)CrossRefGoogle Scholar
  38. 38.
    Regazzoni, F., Cevrero, A., Standaert, F.-X., Badel, S., Kluter, T., Brisk, P., Leblebici, Y., Ienne, P.: A Design Flow and Evaluation Framework for DPA-Resistant Instruction Set Extensions. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 205–219. Springer, Heidelberg (2009), CrossRefGoogle Scholar
  39. 39.
    Rivain, M., Prouff, E.: Provably Secure Higher-Order Masking of AES. IACR Cryptology ePrint Archive 2010, 441 (2010),
  40. 40.
    Rostami, M., Burleson, W., Koushanfar, F., Juels, A.: Balancing Security and Utility in Medical Devices? In: DAC 2013 (2013),
  41. 41.
    Rührmair, U., Sehnke, F., Sölter, J., Dror, G., Devadas, S., Schmidhuber, J.: Modeling attacks on physical unclonable functions. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, pp. 237–249. ACM, New York (2010), CrossRefGoogle Scholar
  42. 42.
    Sakiyama, K., Knezevic, M., Fan, J., Preneel, B., Verbauwhede, I.: Tripartite Modular Multiplication. Integration 44(4), 259–269 (2011), Google Scholar
  43. 43.
    Schaumont, P.R.: A Practical Introduction to Hardware/Software Codesign, 2nd edn. Springer Publishing Company, Incorporated (2013)CrossRefGoogle Scholar
  44. 44.
    Suh, G.E., O’Donnell, C.W., Devadas, S.: AEGIS: A single-chip secure processor. Inf. Sec. Techn. Report 10(2), 63–73 (2005), CrossRefGoogle Scholar
  45. 45.
    Suzuki, D., Saeki, M., Shimizu, K., Satoh, A., Matsumoto, T.: A Design Methodology for a DPA-Resistant Circuit with RSL Techniques. IEICE Transactions 93-A(12), 2497–2508 (2010), CrossRefGoogle Scholar
  46. 46.
    Taha, M., Schaumont, P.: A Key Management Scheme for DPA-protected Authenticated Encryption. In: DIAC 2013: Directions in Authenticated Ciphers (August 2013)Google Scholar
  47. 47.
    Tiri, K., Hwang, D., Hodjat, A., Lai, B.-C., Yang, S., Schaumont, P., Verbauwhede, I.: Prototype IC with WDDL and Differential Routing - DPA Resistance Assessment. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 354–365. Springer, Heidelberg (2005), CrossRefGoogle Scholar
  48. 48.
    Verbauwhede, I., Schaumont, P.: Skiing the Embedded Systems Mountain. ACM Trans. Embedded Comput. Syst. 4(3), 529–548 (2005), CrossRefGoogle Scholar
  49. 49.
    Wilson, P., Frey, A., Mihm, T., Kershaw, D., Alves, T.: Implementing Embedded Security on Dual-Virtual-CPU Systems. IEEE Design Test of Computers 24(6), 582–591 (2007)CrossRefGoogle Scholar
  50. 50.
    Oren, Y., Sadeghi, A.-R., Wachsmann, C.: On the Effectiveness of the Remanence Decay Side-Channel to Clone Memory-based PUFs. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 107–125. Springer, Heidelberg (2013)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Patrick Schaumont
    • 1
  • Aydin Aysu
    • 1
  1. 1.Secure Embedded Systems, Center for Embedded Systems for Critical Applications, Bradley Department of ECEVirginia TechBlacksburgUSA

Personalised recommendations