Hardware Security

Embedded systems in many applications consist of multiple different chips and are physically accessible to owners, users, and also possible adversaries. Therefore, they are at risk from attackers with advanced skills in electronics, communication engineering, implementation engineering or hardware attacks. Such attackers can also obtain access to internal interfaces, such as debugging interfaces, or interfaces of integrated memory chip directly. For these reasons, it is essential to target a high level of hardware security from the very beginning while designing such systems. A comprehensive and tailored design approach and the application of specific cryptographic algorithms is required to establish a high hardware security level according to the respectively relevant threats and circumstances. In most cases, the integration of dedicated security chips with specific features and properties into the embedded system is necessary to protect against such modern hardware attacks.

However, comprehensive security designs with standardised cryptographic algorithms for embedded systems are no longer enough. Adversaries have advanced skills in the side-channel analysis of cryptographic implementations and in fault attacks on such. For example, a key can be cracked by measuring the current consumption. It is therefore essential to use advanced protective measures.

A promising approach in the field of hardware security is the use of Physical Unclonable Functions (PUFs). One possible application of this technology is the derivation of cryptographic keys from the unique physical properties of individual chips of the same type. The resulting keys are ‘stored’ in the physical properties and are therefore extremely difficult to read out.

Expertise

Fraunhofer AISEC analyses the hardware security of products and systems. In an ultra-modern hardware security lab, attacks on security are analysed using both white-box and black-box scenarios. The range of analyses extends from simple physical attacks, such as reading out memory, to highly complex sideband analyses or fault attacks. Security experts analyse potentially available proprietary encryption algorithms and their applications, and provide support in the selection and secure use of suitable cryptographic algorithms. Fraunhofer AISEC also provides support in the implementation of protected cryptographic algorithms and security against side-channel and fault attacks. In side-channel analysis, the main focus of the laboratory is on high-resolution measurements of the magnetic field of security chips. In fault attacks on security chips, the main focus is set on laser fault injection using a station developed in-house to carry out attacks using two separated laser beams.

In many cases it is appropriate to use dedicated security chips. However, there are a many products from different manufacturers. Based on the specific circumstances of each case in terms of security functionality and cost, Fraunhofer AISEC supports companies in choosing suitable chips and in developing and implementing tailored security architectures at a reasonable cost.

Skills and services at a glance

  • Hardware security evaluation for embedded systems, and assessment by attack analysis.
  • Tailored hardware security designs with solutions for specific security levels and costs
  • Tailored security solutions based on the selection of commercially available security chips.
  • Side-channel analysis and fault attacks on embedded systems and development of countermeasures.
  • Development of measuring systems for side-channel analysis and fault attacks to suit customer requirements.
  • Implementations of security functionality and cryptographic algorithms based on microcontrollers and FPGAs.

2018

  • C. Wedig Reinbrecht, B. Endres Forlin, A. Zankl, J. Sepulveda. “Earthquake – A NoC-based optimized differential collision cache attack for MPSoCs”. In: Design Automation and Test in Europe, DATE 2018. to appear. Dresden, Germany, 2018.
  • P. Koppermann, F. De Santis, J. Heyszl and G. Sigl. “Fast FPGA implementations of Diffie-Hellman on the Kummer surface of a genus-2 curve”. In: Transactions on Cryptographic Hardware and Embedded Systems, TCHES 2018, to appear. 

 

2017

  • V. Immler, R. Specht and F. Unterstein. “Your Rails Cannot Hide From Localized EM: How Dual-Rail Logic Fails on FPGAs”. In: Conference on Cryptographic Hardware and Embedded Systems, CHES 2017.
  • M. Green, L. Rodrigues-Lima, A. Zankl, G. Irazoqui, J. Heyszl and T. Eisenbarth. “AutoLock: Why Cache Attacks on ARM Are Harder Than You Think”. In: 26th USENIX Security Symposium (USENIX Security 17). Vancouver, BC: USENIX Association, 2017. URL: https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/green.
  • P. Koppermann, F. De Santis, J. Heyszl, and G. Sigl. “Automatic generation of high-performance modular multipliers for arbitrary mersenne primes on FPGAs”. In: 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). 2017, pp. 35–40.
  • J. Obermaier, R. Specht and G. Sigl. “FuzzyGlitch: A Practical Ring Oscillator Based Clock Glitch Attack”. In: 22nd International Conference on Applied Electronics. To appear. IEEE, Sept. 2017.
  • J. Sepúlveda, M. Gross, A. Zankl and G. Sigl. “Exploiting Bus Communication to Improve Cache Attacks on Systems-on-Chips”. In: 2017 IEEE Computer Society Annual Symposium on VLSI (ISVLSI). to appear. 2017.
  • F. Unterstein, J. Heyszl, F. De Santis and R. Specht. “Dissecting Leakage Resilient PRFs with Multivariate Localized EM Attacks A Practical Security Evaluation on FPGA”. In: Proceedings of 8th International Workshop on Constructive Side-Channel Analysis and Secure Design (COSADE 2017). Springer. 2017.
  • N. Jacob, C. Rolfes, A. Zankl, J. Heyszl and G. Sigl. “Compromising FPGA SoCs using Malicious Hardware Blocks”. In: Design Automation and Test in Europe, DATE 2017. Lausanne, Switzerland, 2017.
  • B. Gulmezoglu, A. Zankl, T. Eisenbarth and B. Sunar. “PerfWeb: How to Violate Web Privacy with Hardware Performance Events”. In: Computer Security – ESORICS 2017: 22nd European Symposium on Research in Computer Security, Oslo, Norway, September 11-15, 2017. to appear. Cham: Springer International Publishing, 2017.
  • P. Koppermann, F. De Santis, J. Heyszl and G. Sigl. “Low-latency X25519 hardware implementation: breaking the 100 microseconds barrier”. In: Microprocessors and Microsystems (2017). ISSN: 01419331. DOI: http://dx.doi.org/10.1016/j.micpro.2017.07.001.
  • N. Jacob, J. Wittmann, J. Heyszl, R. Hesselbarth, F. Wilde, M. Pehl, G. Sigl and K. Fisher. “Securing FPGA SoC Configurations Independent of Their Manufacturers”. In: 30th IEEE International System-on-Chip Conference. 2017.
  • J. Sepúlveda, A. Zankl, D. Flórez and G. Sigl. “Towards Protected MPSoC Communication for Information Protection against a Malicious NoC”. In: Procedia Computer Science 108 (2017). International Conference on Computational Science, ICCS 2017, 12-14 June 2017, Zurich, Switzerland, pp. 1103 –1112.
  • V. Immler, R. Specht and F. Unterstein. “Your Rails Cannot Hide From Localized EM: How Dual-Rail Logic Fails on FPGAs”. In: Conference on Cryptographic Hardware and Embedded Systems, CHES 2017.
  • N. Jacob, J. Heyszl, A. Zankl, C. Rolfes and G. Sigl. “How to Break Secure Boot on FPGA SoCs through Malicious Hardware”. In: Conference on Cryptographic Hardware and Embedded Systems, CHES 2017.

2016

  • A. Zankl, K. Miller, J. Heyszl and G. Sigl. “Towards Efficient Evaluation of a Time-Driven Cache Attack on Modern Processors”. In: Computer Security (ESORICS 2016), 21th European Symposium on Research in Computer Security, Heraklion, Greece, 2016.
  • B. Selmke, J. Heyszl and G. Sigl. “Attack on a DFA protected AES by simultaneous laser fault injections”. en. In: Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2016). Santa Barbara, CA, USA, 2016.
  • R. Nyberg, J. Heyszl, D. Heinz, and G. Sigl. “Enhancing Fault Emulation of Transient Faults by Separating Combinational and Sequential Fault Propagation.” In: ACM Great Lakes Symposium on VLSI. Ed. by Ayse Kivilcim Coskun, Martin Margala, Laleh Behjat, and Jie Han. ACM, 2016, pp. 209–214.
  • P. Koppermann, F. De Santis, J. Heyszl and G. Sigl. “X25519 Hardware Implementation for Low-Latency Applications”. en. In: Euromicro Conference on Digital System Design (DSD 2016). Limassol, Cyprus, 2016.
  • R. Hesselbarth and G. Sigl. “Fast and Reliable PUF Response Evaluation from Unsettled Bistable Rings”. en. In: Euromicro Conference on Digital System Design (DSD 2016). Limassol, Cyprus, 2016.
  • H. Seuschek, J. Heyszl and F. De Santis. "A Cautionary Note: SideChannel Leakage Implications of Deterministic Signature Schemes". In: Proceedings of the Third Workshop on Cryptography and Security in Computing Systems. ACM. 2016, pp. 7–12.

 

2015

  • B. Selmke, S. Brummer and J. Heyszl. "Precise Laser Fault injections into 90nm and 45nm SRAM-cells". In: Smart Card Research and Advanced Applications - 14th International Conference, CARDIS 2015, Bochum.
  • D. Adam, S. Tverdyshev, C. Rolfes, T. Sandmann, S. Baehr, O. Sander, J. Becker and U. Baumgarten. “Two Architecture Approaches for MILS Systems in Mobility Domains (Automobile, Railway and Avionik)”. In: International Workshop on MILS: Architecture and Assurance for Secure Systems (MILS 2015). 2015.
  • R. Nyberg, J. Heyszl and G. Sigl. “Efficient Fault Emulation through Splitting Combinational and Sequential Fault Propagation”. In: 1st International Workshop on Resiliency in Embedded Electronic. 2015.
  • R. Nyberg, J. Heyszl, D. Rabe and G. Sigl. "Closing the gap between speed and configurability of multi-bit fault emulation environments for security and safety–critical designs". In: Microprocessors and Microsystems Embedded Hardware Design 39.8 (2015), pp. 1119–1129. Microprocessors and Microsystems (2015)
  • R. Specht, J. Heyszl, M. Kleinsteuber and G. Sigl. "Improving Non-Profiled Attacks on Exponentiations Based on Clustering and Extracting Leakage from Multi-Channel High-Resolution EM Measurements". In: Constructive Side-Channel Analysis and Secure Design (COSADE), 2015 6th International Workshop Berlin.
  • J. Heyszl and F. Thiel. "Geldspielgeräte in Zukunft mit geprüfter Sicherheit". Datenschutz und Datensicherheit-DuD 39 (4) 2015.
  • D. Adam, S. Tverdyshev, C. Rolfes and T. Sandmann. "Two Architecture Approaches for MILS Systems in Mobility Domains (Automobile, Railway and Avionik)". International Workshop on MILS: Architecture and Assurance for Secure Systems, 2015.