Hardware Security

Embedded systems in many applications consist of multiple different chips and are physically accessible to owners, users, and also possible adversaries. Therefore, they are at risk from attackers with advanced skills in electronics, communication engineering, implementation engineering or hardware attacks. Such attackers can also obtain access to internal interfaces, such as debugging interfaces, or interfaces of integrated memory chip directly. For these reasons, it is essential to target a high level of hardware security from the very beginning while designing such systems. A comprehensive and tailored design approach and the application of specific cryptographic algorithms is required to establish a high hardware security level according to the respectively relevant threats and circumstances. In most cases, the integration of dedicated security chips with specific features and properties into the embedded system is necessary to protect against such modern hardware attacks.

However, comprehensive security designs with standardised cryptographic algorithms for embedded systems are no longer enough. Adversaries have advanced skills in the side-channel analysis of cryptographic implementations and in fault attacks on such. For example, a key can be cracked by measuring the current consumption. It is therefore essential to use advanced protective measures.

A promising approach in the field of hardware security is the use of Physical Unclonable Functions (PUFs). One possible application of this technology is the derivation of cryptographic keys from the unique physical properties of individual chips of the same type. The resulting keys are ‘stored’ in the physical properties and are therefore extremely difficult to read out.

Expertise

Fraunhofer AISEC analyses the hardware security of products and systems. In an ultra-modern hardware security lab, attacks on security are analysed using both white-box and black-box scenarios. The range of analyses extends from simple physical attacks, such as reading out memory, to highly complex sideband analyses or fault attacks. Security experts analyse potentially available proprietary encryption algorithms and their applications, and provide support in the selection and secure use of suitable cryptographic algorithms. Fraunhofer AISEC also provides support in the implementation of protected cryptographic algorithms and security against side-channel and fault attacks. In side-channel analysis, the main focus of the laboratory is on high-resolution measurements of the magnetic field of security chips. In fault attacks on security chips, the main focus is set on laser fault injection using a station developed in-house to carry out attacks using two separated laser beams.

In many cases it is appropriate to use dedicated security chips. However, there are a many products from different manufacturers. Based on the specific circumstances of each case in terms of security functionality and cost, Fraunhofer AISEC supports companies in choosing suitable chips and in developing and implementing tailored security architectures at a reasonable cost.

Skills and services at a glance

  • Hardware security evaluation for embedded systems, and assessment by attack analysis.
  • Tailored hardware security designs with solutions for specific security levels and costs
  • Tailored security solutions based on the selection of commercially available security chips.
  • Side-channel analysis and fault attacks on embedded systems and development of countermeasures.
  • Development of measuring systems for side-channel analysis and fault attacks to suit customer requirements.
  • Implementations of security functionality and cryptographic algorithms based on microcontrollers and FPGAs.

2016 - 2015

2016

  • H. Seuschek, J. Heyszl and F. De Santis. "A Cautionary Note: SideChannel Leakage Implications of Deterministic Signature Schemes". In: Proceedings of the Third Workshop on Cryptography and Security in Computing Systems. ACM. 2016, pp. 7–12.

 

2015

  • B. Selmke, S. Brummer and J. Heyszl. "Precise Laser Fault injections into 90nm and 45nm SRAM-cells". In: Smart Card Research and Advanced Applications - 14th International Conference, CARDIS 2015, Bochum.
  • R. Nyberg, J. Heyszl, D. Rabe and G. Sigl. "Closing the gap between speed and configurability of multibit fault emulation environments for security and safety–critical designs". Microprocessors and Microsystems (2015)
  • R. Specht, J. Heyszl, M. Kleinsteuber and G. Sigl. "Improving Non-Profiled Attacks on Exponentiations Based on Clustering and Extracting Leakage from Multi-Channel High-Resolution EM Measurements". In: Constructive Side-Channel Analysis and Secure Design (COSADE), 2015 6th International Workshop Berlin.
  • J. Heyszl and F. Thiel. "Geldspielgeräte in Zukunft mit geprüfter Sicherheit". Datenschutz und Datensicherheit-DuD 39 (4) 2015.
  • D. Adam, S. Tverdyshev, C. Rolfes and T. Sandmann. "Two Architecture Approaches for MILS Systems in Mobility Domains (Automobile, Railway and Avionik)". International Workshop on MILS: Architecture and Assurance for Secure Systems, 2015.

2014

  • B. Heinz, J. Heyszl and F. Stumpf. "Side-channel analysis of a high-throughput AES peripheral with countermeasures". Integrated Circuits (ISIC), 2014 14th International Symposium.
  • R. Specht, J. Heyszl and G. Sigl. "Investigating measurement methods for high-resolution electromagnetic field side-channel analysis". Integrated Circuits (ISIC), 2014 14th International Symposium.
  • N. Jacob, D. Merli, J. Heyszl and G. Sigl. "Hardware Trojans: current challanges and approches". IET Computers & Digital Techniques 8 (6) 2014.
  • S. Belaid, F. De Santis, J. Heyszl, S. Mangard, M. Medwed, JM. Schmidt, FX. Standaert and S. Tillich. "Towards fresh re-keying with leakage-resilient PRFs: chipher design principles and analysis". Journal of Cryptographic Engineering 4 (3) 2014 -> Abstract
  • R. Nyberg, J. Nolles, J. Heyszl, D. Rabe, and G. Sigl. "Closing the Gap between Speed and Configurability of Multi-bit Fault Emulation Environments for Security and Safety-Critical Designs". Digital System Design (DSD), 2014 17th Euromicro Conference.

2013 - 2010

  • O. Khalid, C. Rolfes and A. Ibing. "On implementing trusted boot for embedded systems". Hardware-Oriented Security and Trust (HOST), 2013 IEEE International Symposium.
  • J. Heyszl, A. Ibing, S. Mangard, F. De Santis and G. Sigl. "Clustering algorithms for non-profiled single-execution attacks on exponentiations". CARDIS 2013.
  • J. Heyszl, D. Merli, B. Heinz, F. De Santis and G. Sigl. "Strengths and limitations of high-resolution electromagnetic field measurements for side-channel analysis". In: 11th international conference, CARDIS 2012 : Graz, Austria, Lecture Notes in Computer Science 7771. Springer-Verlag. -> Abstract
  • J. Heyszl, S. Mangard, B. Heinz, F. Stumpf and G. Sigl. "Localized electromagnetic analysis of cryptographic implementations". In: The Cryptographers' Track at the RSA Conference: San Francisco, CA, USA, 2012. Lecture Notes in Computer Science 7178. Springer-Verlag. -> Abstract
  • A. Janning, J. Heyszl, F. Stumpf, G. Sigl. "A cost-effective FPGA-based fault simulation environment". In: Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2011, Nara, Japan -> Abstract
  • D. Merli, D. Schuster, F. Stumpf and G. Sigl. "Semi-invasive EM attack on FPGA RO PUFs and countermeasures". In: Workshop on Embedded Systems Security, WESS'11, Taipei 2011 -> Abstract
  • D. Merli, D. Schuster, F. Stumpf and G. Sigl. "Side-Channel Analysis of PUFs and Fuzzy Extractors". In: 4th International Conference on Trust and Trustworthy Computing (Trust 2011), Lecture Notes in Computer Science, Pittsburgh, PA USA, June 2011. Springer-Verlag. -> Abstract
  • J. Heyszl and F. Stumpf. "Efficient One-Pass Entity Authentication based on ECC for Constrained Devices". In: IEEE Int. Symposium on Hardware-Oriented Security and Trust, pages 88–93 , Anaheim, USA, June 2010. IEEE Computer Society. -> Abstract
  • D. Merli, F. Stumpf and C. Eckert. "Improving the quality of ring oscillator PUFs on FPGAs". In: 5th Workshop on Embedded Systems Security, WESS 2010. -> Abstract