Fraunhofer Institute for Applied and Integrated Security
Fraunhofer Institute for Applied and Integrated Security

Hardware Security

Embedded systems in many applications usally consist of multiple different chips and are physically accessible. Therefore, they are at risk from attackers with advanced skills in electronics, communication engineering, implementation engineering or hardware attacks. Such attackers can also obtain access to internal interfaces, such as debugging interfaces, or interfaces of integrated memory chip directly. For these reasons, it is essential to target a high level of hardware security from the very beginning while designing such systems. A comprehensive and tailored design approach and the application of specific cryptographic algorithms is required to establish a high hardware security level according to the respectively relevant threats and circumstances. In most cases, the integration of dedicated security chips with specific features and properties into the embedded system is necessary to protect against such modern hardware attacks.

Hardware Lab

© Andreas Heddergott

Side channel or fault attacks are a major threat to security devices.

The modern hardware lab at Fraunhofer AISEC offers a wide range of evaluation services for security critical applications and devices.

Further information

Expertise

Expand all Close all

Side-Channel Analysis

Sidechannels & Cryptanalysis
© Andreas Heddergott
Sidechannels & Cryptanalysis

Side-channel attacks differ fundamentally from conventional attack on cryptographic algorithms. In the latter case, attackers try to solve a complex mathematical problem or try to search the entire key space to break cryptographic systems. By contrast, side channel attacks operate on information caused by the implementation like the runtime, the power consumption or the electro-magnetic emission. An attacker can use this information to gain knowledge about the secrets stored inside the device. With the state-of-the-art measurement equipment of our hardware lab we evaluate the side-channel security of cryptographic devices. We use this experience to design and implement countermeasures which are fitted to a specific target platform.

Laser Fault Injection

Physical attacks aim at extracting secret information from an electronic device. Besides the passive side channel analysis, which restrict on observing the environment of the device, there are also active attacks, so called fault attacks, which try to distrub the device in an applicable manner. In combination with knowledge about the working principle of a cryptographic algorithm, the deliberatly inducted faults can be exploited to gather information about the internally used secrect key.

In order to inject faults, various techniques are effective. Common methods are based on driving a device outside its specified operational conditions (supply voltage level, system clock frequency or temperature). Beyond that, there are more complex techniques like e.g. Laser-based Fault Injection. Focused laser light causes a photo-electric effect which enables to induce faults at a very high precision (temporal and local). This gives the attacker more control and enables to perform a wider range of attacks.

In our hardware test lab we have two different laser stations to carry out fault attacks and evaluate the security of specific devices or countermeasures.

Constrained Devices

© Fraunhofer AISEC

From a security point of view IoT presents several unsolved challenges, which are mainly due to a specific set of domain characteristics. Typical IoT devices are expected to have long operational life span, constrained computational resources, battery capacity and monetary budget. Because of such characteristics many of the well established security technologies cannot be directly transferred into the IoT domain. At Fraunhofer AISEC we contribute to this area by exploring novel hardware and software design patterns which aim to increase the resilience of constrained IoT devices against cyber attacks.

IoT & Sensornets

Wireless sensor networks can be considered the sensory organs of the Internet of Things. In many applications, sensor data must be considered sensitive and thus be encrypted and authenticated. However, due to the large number of resource constrained sensor nodes, key management is challenging and tedious. Research at Fraunhofer AISEC paves the way for key management solutions, which permit both secure and user-friendly wireless sensor networks.

FPGA & Micro-Architecture

FPGAs are becoming very attractive platforms for embedded devices due to reconfigurability and fast time-to-market at acceptable costs. Integrating custom designs, even for high security tasks, has never been easier. Yet, untrusted hardware cores from third parties can undermine the system security from the inside. Our thorough reviewing process identifies vulnerabilities in the system architecture and helps fix them at early design stages. The ubiquity of embedded systems also introduces threats from external attackers getting hold of devices for in-depth analysis. Debug interfaces and external memory modules are promising targets to retrieve intellectual property stored in firmware and to enable counterfeiting.

Our solutions for secure boot, firmware encryption, and secure key storage offer advanced protection for devices in the field. On the software level, operating systems and hypervisors try to isolate applications, while micro-controllers try to protect software from unauthorized read-out. Yet, manipulating and observing shared processor resources allows to bypass protection in both cases. Even trusted execution environments (TEEs) are not secure. Our strategies for system-level hardening and our rigorous software testing methods help restore the isolation and protection of security critical applications.

Machine Learning

Machine learning and modern statistical methods can be useful in different circumstances where data needs to be analyzed to expose complex statistical dependencies. We use a variety of advanced statistical algorithms to, for example, evaluate large amounts of data in side-channel analyses of cryptographic implementations or to detect anomalies in sensor networks on resource-limited platforms.

Physical Unclonable Functions

© Andreas Heddergott

PUFs are circuits on silicon chips that exploit manufacturing variations to generate a device unique bitstring that can be used as a secret, to bind cryptographic keys to it, or for identifying the chip.

In particular they can be used in FPGA applications to provide user accessible secure keystorage, without having to rely on manufacturer provided security features, which may be vulnerable to attacks or are not trusted.

Our research includes improved and novel implementations of PUF circuits on FPGAs as well as their integration into FPGA and other embedded systems. An array of over 200 FPGAs allows us to analyze the statistical properties of our PUF implementations.

Services Offering

  • Hardware security evaluation for embedded systems, and assessment by attack analysis
  • Tailored hardware security designs with solutions for specific security levels and costs
  • Security solutions based on the selection of commercially available security chips
  • Side-channel analysis and fault attacks on embedded systems and development of countermeasures
  • Development of measuring systems for side-channel analysis and fault attacks to suit customer requirements
  • Implementations of security functionality and cryptographic algorithms based on microcontrollers and FPGAs
  • Statistical evaluation of PUF implementations on more than 200 FPGAs

Side-Channels in Modern Processors

Searching for data leaks in applications

Researchers of Fraunhofer AISEC and Graz University of Technology have developed a new tool for software security testing. The tool automatically detects those lines of code that reveal secret information to other programs when executed on modern processors. These information leaks leave treacherous traces in the processor and open so-called side channels that can be tapped by malware. This can then be used to reconstruct secrets that endanger the security of the entire system.

The corresponding paper and the source code of the tool are publicly available.

Selected Projects

Projects of security evaluation and the development of security solutions are confidential. Their reference on this website is subject to the prior approval of the industrial partner.

 

IoT-COMMs

The IoT-COMMs Research Center aims to advance research in the core technologies of networking, localization and information security. In particular, the focus is placed on robustness, immunity to interference, short delay times, information security and authenticity.

 

High Performance Center

Secure Networked Systems

Pump manufacturers Edwards and Fraunhofer use digital future technologies for smart manufacturing under field conditions.

 

© ALESSIO

ALESSIO

The collaborative project ALESSIO develops updatable security solutions for embedded systems in application areas with a long service life.

Publications (Selection)

Expand all Close all

2018

  • R. Hesselbarth, F. Wilde, C. Gu and H. Neil. “Large Scale RO PUF Analysis over Slice Type, Evaluation Time and Temperature on 28nm Xilinx FPGAs”. en. In: IEEE International Symposium on Hardware Oriented Security and Trust (HOST). Washington DC, USA, 2018.
  • S. Hristozov, J. Heyszl, S. Wagner and G. Sigl. “Practical Runtime Attestation for Tiny IoT Devices”. In: NDSS Workshop on Decentralized IoT Security and Standards (DISS) 2018, San Diego, CA, USA. 2018. ISBN: 1891562517. DOI: https://dx.doi.org/10.14722/diss.2018.23011.
  • S. Weiser, A. Zankl, R. Spreitzer, K. Miller, S. Mangard and G. Sigl. “DATA – Differential Address Trace Analysis: Finding Address-based Side-Channels in Binaries”. In: 27th USENIX Security Symposium (USENIX Security 18). to appear. Baltimore, MD: USENIX Association, 2018. URL: https://www.usenix.org/conference/usenixsecurity18/presentation/weiser.
  • F. Unterstein, J. Heyszl, F. De Santis, R. Specht and G. Sigl. “High-Resolution EM Attacks Against Leakage-Resilient PRFs Explained - And An Improved Construction”. In: Cryptographers Track RSA Conference (CTRSA 2018). Springer, 2018.
  • C. Reinbrecht, B. Forlin, A. Zankl and J. Sepulveda. “Earthquake – A NoC-based optimized differential cache-collision attack for MPSoCs”. In: Design, Automation & Test in Europe Conference & Exhibition, DATE 2018, Dresden, Germany, March 1923, 2018. IEEE, 2018, pp. 648–653. ISBN: 9783981926309. DOI: 10.23919/DATE.2018.8342090. URL: https://doi.org/10.23919/DATE.2018.8342090.
  • P. Koppermann, F. De Santis, J. Heyszl and G. Sigl. “Fast FPGA implementations of Diffie-Hellman on the Kummer surface of a genus-2 curve”. In: IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018.1 (2018), pp. 1–17. DOI: 10.13154/tches.v2018.i1.1-17. URL: https://doi.org/10.13154/tches.v2018.i1.1-17.

 

2017

  • V. Immler, R. Specht and F. Unterstein. “Your Rails Cannot Hide From Localized EM: How Dual-Rail Logic Fails on FPGAs”. In: Conference on Cryptographic Hardware and Embedded Systems, CHES 2017.
  • M. Green, L. Rodrigues-Lima, A. Zankl, G. Irazoqui, J. Heyszl and T. Eisenbarth. “AutoLock: Why Cache Attacks on ARM Are Harder Than You Think”. In: 26th USENIX Security Symposium (USENIX Security 17). Vancouver, BC: USENIX Association, 2017. URL: https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/green.
  • P. Koppermann, F. De Santis, J. Heyszl and G. Sigl. “Automatic generation of high-performance modular multipliers for arbitrary mersenne primes on FPGAs”. In: 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). 2017, pp. 35–40.
  • J. Obermaier, R. Specht and G. Sigl. “FuzzyGlitch: A Practical Ring Oscillator Based Clock Glitch Attack”. In: 22nd International Conference on Applied Electronics. To appear. IEEE, Sept. 2017.
  • J. Sepúlveda, M. Gross, A. Zankl and G. Sigl. “Exploiting Bus Communication to Improve Cache Attacks on Systems-on-Chips”. In: 2017 IEEE Computer Society Annual Symposium on VLSI, ISVLSI 2017, Bochum, Germany, July 35, 2017. 2017, pp. 284–289. ISBN: 9781509067626.
    DOI: 10.1109/ISVLSI.2017.57. URL: https://doi.org/10.1109/ISVLSI.2017.57.
  • F. Unterstein, J. Heyszl, F. De Santis and R. Specht. “Dissecting Leakage Resilient PRFs with Multivariate Localized EM Attacks - A Practical Security Evaluation on FPGA”. In: Proceedings of 8th International Workshop on Constructive Side-Channel Analysis and Secure Design (COSADE 2017). Springer. 2017.
  • N. Jacob, C. Rolfes, A. Zankl, J. Heyszl and G. Sigl. “Compromising FPGA SoCs using Malicious Hardware Blocks”. In: Design Automation and Test in Europe, DATE 2017. Lausanne, Switzerland, 2017.
  • B. Gulmezoglu, A. Zankl, T. Eisenbarth and B. Sunar. “PerfWeb: How to Violate Web Privacy with Hardware Performance Events”. In: Computer Security – ESORICS 2017: 22nd European Symposium on Research in Computer Security, Oslo, Norway, September 11-15, 2017, Proceedings, Part II. Ed. by Simon N. Foley, Dieter Gollmann, and Einar Snekkenes. Cham: Springer International Publishing, 2017, pp. 80–97. ISBN: 9783319663999.
    DOI: 10.1007/978-3-319-66399-9_5. URL: https://doi.org/10.1007/978-3-319-66399-9_5.
  • P. Koppermann, F. De Santis, J. Heyszl and G. Sigl. “Low-latency X25519 hardware implementation: breaking the 100 microseconds barrier”. In: Microprocessors and Microsystems (2017). ISSN: 01419331. DOI: http://dx.doi.org/10.1016/j.micpro.2017.07.001.
  • N. Jacob, J. Wittmann, J. Heyszl, R. Hesselbarth, F. Wilde, M. Pehl, G. Sigl and K. Fisher. “Securing FPGA SoC Configurations Independent of Their Manufacturers”. In: 30th IEEE International System-on-Chip Conference. 2017.
  • J. Sepúlveda, A. Zankl, D. Flórez and G. Sigl. “Towards Protected MPSoC Communication for Information Protection against a Malicious NoC”. In: International Conference on Computational Science, ICCS 2017, 12-14 June 2017, Zurich, Switzerland. Vol. 108. Procedia Computer Science. Elsevier, 2017, pp. 1103 –1112. DOI: 10.1016/j.procs.2017.05.139. URL: https://doi.org/10.1016/j.procs.2017.05.139.
  • V. Immler, R. Specht and F. Unterstein. “Your Rails Cannot Hide From Localized EM: How Dual-Rail Logic Fails on FPGAs”. In: Conference on Cryptographic Hardware and Embedded Systems, CHES 2017.
  • N. Jacob, J. Heyszl, A. Zankl, C. Rolfes and G. Sigl. “How to Break Secure Boot on FPGA SoCs through Malicious Hardware”. In: Conference on Cryptographic Hardware and Embedded Systems, CHES 2017.

2016

  • A. Zankl, K. Miller, J. Heyszl and G. Sigl. “Towards Efficient Evaluation of a Time-Driven Cache Attack on Modern Processors”. In: Computer Security (ESORICS 2016), 21th European Symposium on Research in Computer Security, Heraklion, Greece, 2016.
  • B. Selmke, J. Heyszl and G. Sigl. “Attack on a DFA protected AES by simultaneous laser fault injections”. en. In: Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2016). Santa Barbara, CA, USA, 2016.
  • R. Nyberg, J. Heyszl, D. Heinz, and G. Sigl. “Enhancing Fault Emulation of Transient Faults by Separating Combinational and Sequential Fault Propagation.” In: ACM Great Lakes Symposium on VLSI. Ed. by Ayse Kivilcim Coskun, Martin Margala, Laleh Behjat, and Jie Han. ACM, 2016, pp. 209–214.
  • P. Koppermann, F. De Santis, J. Heyszl and G. Sigl. “X25519 Hardware Implementation for Low-Latency Applications”. en. In: Euromicro Conference on Digital System Design (DSD 2016). Limassol, Cyprus, 2016.
  • R. Hesselbarth and G. Sigl. “Fast and Reliable PUF Response Evaluation from Unsettled Bistable Rings”. en. In: Euromicro Conference on Digital System Design (DSD 2016). Limassol, Cyprus, 2016.
  • H. Seuschek, J. Heyszl and F. De Santis. "A Cautionary Note: SideChannel Leakage Implications of Deterministic Signature Schemes". In: Proceedings of the Third Workshop on Cryptography and Security in Computing Systems. ACM. 2016, pp. 7–12.

 

2015

  • B. Selmke, S. Brummer and J. Heyszl. "Precise Laser Fault injections into 90nm and 45nm SRAM-cells". In: Smart Card Research and Advanced Applications - 14th International Conference, CARDIS 2015, Bochum.
  • D. Adam, S. Tverdyshev, C. Rolfes, T. Sandmann, S. Baehr, O. Sander, J. Becker and U. Baumgarten. “Two Architecture Approaches for MILS Systems in Mobility Domains (Automobile, Railway and Avionik)”. In: International Workshop on MILS: Architecture and Assurance for Secure Systems (MILS 2015). 2015.
  • R. Nyberg, J. Heyszl and G. Sigl. “Efficient Fault Emulation through Splitting Combinational and Sequential Fault Propagation”. In: 1st International Workshop on Resiliency in Embedded Electronic. 2015.
  • R. Nyberg, J. Heyszl, D. Rabe and G. Sigl. "Closing the gap between speed and configurability of multi-bit fault emulation environments for security and safety–critical designs". In: Microprocessors and Microsystems Embedded Hardware Design 39.8 (2015), pp. 1119–1129. Microprocessors and Microsystems (2015)
  • R. Specht, J. Heyszl, M. Kleinsteuber and G. Sigl. "Improving Non-Profiled Attacks on Exponentiations Based on Clustering and Extracting Leakage from Multi-Channel High-Resolution EM Measurements". In: Constructive Side-Channel Analysis and Secure Design (COSADE), 2015 6th International Workshop Berlin.
  • J. Heyszl and F. Thiel. "Geldspielgeräte in Zukunft mit geprüfter Sicherheit". Datenschutz und Datensicherheit-DuD 39 (4) 2015.
  • D. Adam, S. Tverdyshev, C. Rolfes and T. Sandmann. "Two Architecture Approaches for MILS Systems in Mobility Domains (Automobile, Railway and Avionik)". International Workshop on MILS: Architecture and Assurance for Secure Systems, 2015.

Related Links: