Hardware Security

Side-channel attacks differ fundamentally from conventional attack on cryptographic algorithms. In the latter case, attackers try to solve a complex mathematical problem or try to search the entire key space to break cryptographic systems. By contrast, side channel attacks operate on information caused by the implementation like the runtime, the power consumption or the electro-magnetic emission. An attacker can use this information to gain knowledge about the secrets stored inside the device. With the state-of-the-art measurement equipment of our hardware lab we evaluate the side-channel security of cryptographic devices. We use this experience to design and implement countermeasures which are fitted to a specific target platform.

Physical attacks aim at extracting secret information from an electronic device. Besides the passive side channel analysis, which restrict on observing the environment of the device, there are also active attacks, so called fault attacks, which try to distrub the device in an applicable manner. In combination with knowledge about the working principle of a cryptographic algorithm, the deliberatly inducted faults can be exploited to gather information about the internally used secrect key.

In order to inject faults, various techniques are effective. Common methods are based on driving a device outside its specified operational conditions (supply voltage level, system clock frequency or temperature). Beyond that, there are more complex techniques like e.g. Laser-based Fault Injection. Focused laser light causes a photo-electric effect which enables to induce faults at a very high precision (temporal and local). This gives the attacker more control and enables to perform a wider range of attacks.

In our hardware test lab we have two different laser stations to carry out fault attacks and evaluate the security of specific devices or countermeasures.

From a security point of view IoT presents several unsolved challenges, which are mainly due to a specific set of domain characteristics. Typical IoT devices are expected to have long operational life span, constrained computational resources, battery capacity and monetary budget. Because of such characteristics many of the well established security technologies cannot be directly transferred into the IoT domain. At Fraunhofer AISEC we contribute to this area by exploring novel hardware and software design patterns which aim to increase the resilience of constrained IoT devices against cyber attacks.

Wireless sensor networks can be considered the sensory organs of the Internet of Things. In many applications, sensor data must be considered sensitive and thus be encrypted and authenticated. However, due to the large number of resource constrained sensor nodes, key management is challenging and tedious. Research at Fraunhofer AISEC paves the way for key management solutions, which permit both secure and user-friendly wireless sensor networks.

FPGAs are becoming very attractive platforms for embedded devices due to reconfigurability and fast time-to-market at acceptable costs. Integrating custom designs, even for high security tasks, has never been easier. Yet, untrusted hardware cores from third parties can undermine the system security from the inside. Our thorough reviewing process identifies vulnerabilities in the system architecture and helps fix them at early design stages. The ubiquity of embedded systems also introduces threats from external attackers getting hold of devices for in-depth analysis. Debug interfaces and external memory modules are promising targets to retrieve intellectual property stored in firmware and to enable counterfeiting.

Our solutions for secure boot, firmware encryption, and secure key storage offer advanced protection for devices in the field. On the software level, operating systems and hypervisors try to isolate applications, while micro-controllers try to protect software from unauthorized read-out. Yet, manipulating and observing shared processor resources allows to bypass protection in both cases. Even trusted execution environments (TEEs) are not secure. Our strategies for system-level hardening and our rigorous software testing methods help restore the isolation and protection of security critical applications.

Machine learning and modern statistical methods can be useful in different circumstances where data needs to be analyzed to expose complex statistical dependencies. We use a variety of advanced statistical algorithms to, for example, evaluate large amounts of data in side-channel analyses of cryptographic implementations or to detect anomalies in sensor networks on resource-limited platforms.

PUFs are circuits on silicon chips that exploit manufacturing variations to generate a device unique bitstring that can be used as a secret, to bind cryptographic keys to it, or for identifying the chip.

In particular they can be used in FPGA applications to provide user accessible secure keystorage, without having to rely on manufacturer provided security features, which may be vulnerable to attacks or are not trusted.

Our research includes improved and novel implementations of PUF circuits on FPGAs as well as their integration into FPGA and other embedded systems. An array of over 200 FPGAs allows us to analyze the statistical properties of our PUF implementations.

2018

• R. Hesselbarth, F. Wilde, C. Gu and H. Neil. “Large Scale RO PUF Analysis over Slice Type, Evaluation Time and Temperature on 28nm Xilinx FPGAs”. en. In: IEEE International Symposium on Hardware Oriented Security and Trust (HOST). Washington DC, USA, 2018.
• S. Hristozov, J. Heyszl, S. Wagner and G. Sigl. “Practical Runtime Attestation for Tiny IoT Devices”. In: NDSS Workshop on Decentralized IoT Security and Standards (DISS) 2018, San Diego, CA, USA. 2018. ISBN: 1891562517. DOI: https://dx.doi.org/10.14722/diss.2018.23011.
• S. Weiser, A. Zankl, R. Spreitzer, K. Miller, S. Mangard and G. Sigl. “DATA – Differential Address Trace Analysis: Finding Address-based Side-Channels in Binaries”. In: 27th USENIX Security Symposium (USENIX Security 18). to appear. Baltimore, MD: USENIX Association, 2018. URL: https://www.usenix.org/conference/usenixsecurity18/presentation/weiser.
• F. Unterstein, J. Heyszl, F. De Santis, R. Specht and G. Sigl. “High-Resolution EM Attacks Against Leakage-Resilient PRFs Explained - And An Improved Construction”. In: Cryptographers Track RSA Conference (CTRSA 2018). Springer, 2018.
• C. Reinbrecht, B. Forlin, A. Zankl and J. Sepulveda. “Earthquake – A NoC-based optimized differential cache-collision attack for MPSoCs”. In: Design, Automation & Test in Europe Conference & Exhibition, DATE 2018, Dresden, Germany, March 1923, 2018. IEEE, 2018, pp. 648–653. ISBN: 9783981926309. DOI: 10.23919/DATE.2018.8342090. URL: https://doi.org/10.23919/DATE.2018.8342090.
• P. Koppermann, F. De Santis, J. Heyszl and G. Sigl. “Fast FPGA implementations of Diffie-Hellman on the Kummer surface of a genus-2 curve”. In: IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018.1 (2018), pp. 1–17. DOI: 10.13154/tches.v2018.i1.1-17. URL: https://doi.org/10.13154/tches.v2018.i1.1-17.

2017

• V. Immler, R. Specht and F. Unterstein. “Your Rails Cannot Hide From Localized EM: How Dual-Rail Logic Fails on FPGAs”. In: Conference on Cryptographic Hardware and Embedded Systems, CHES 2017.
• M. Green, L. Rodrigues-Lima, A. Zankl, G. Irazoqui, J. Heyszl and T. Eisenbarth. “AutoLock: Why Cache Attacks on ARM Are Harder Than You Think”. In: 26th USENIX Security Symposium (USENIX Security 17). Vancouver, BC: USENIX Association, 2017. URL: https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/green.
  
• P. Koppermann, F. De Santis, J. Heyszl and G. Sigl. “Automatic generation of high-performance modular multipliers for arbitrary mersenne primes on FPGAs”. In: 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). 2017, pp. 35–40.
  
• J. Obermaier, R. Specht and G. Sigl. “FuzzyGlitch: A Practical Ring Oscillator Based Clock Glitch Attack”. In: 22nd International Conference on Applied Electronics. To appear. IEEE, Sept. 2017.
• J. Sepúlveda, M. Gross, A. Zankl and G. Sigl. “Exploiting Bus Communication to Improve Cache Attacks on Systems-on-Chips”. In: 2017 IEEE Computer Society Annual Symposium on VLSI, ISVLSI 2017, Bochum, Germany, July 35, 2017. 2017, pp. 284–289. ISBN: 9781509067626.
  DOI: 10.1109/ISVLSI.2017.57. URL: https://doi.org/10.1109/ISVLSI.2017.57.
  
• F. Unterstein, J. Heyszl, F. De Santis and R. Specht. “Dissecting Leakage Resilient PRFs with Multivariate Localized EM Attacks - A Practical Security Evaluation on FPGA”. In: Proceedings of 8th International Workshop on Constructive Side-Channel Analysis and Secure Design (COSADE 2017). Springer. 2017.
• N. Jacob, C. Rolfes, A. Zankl, J. Heyszl and G. Sigl. “Compromising FPGA SoCs using Malicious Hardware Blocks”. In: Design Automation and Test in Europe, DATE 2017. Lausanne, Switzerland, 2017.
• B. Gulmezoglu, A. Zankl, T. Eisenbarth and B. Sunar. “PerfWeb: How to Violate Web Privacy with Hardware Performance Events”. In: Computer Security – ESORICS 2017: 22^nd European Symposium on Research in Computer Security, Oslo, Norway, September 11-15, 2017, Proceedings, Part II. Ed. by Simon N. Foley, Dieter Gollmann, and Einar Snekkenes. Cham: Springer International Publishing, 2017, pp. 80–97. ISBN: 9783319663999.
  DOI: 10.1007/978-3-319-66399-9_5. URL: https://doi.org/10.1007/978-3-319-66399-9_5.
  
• P. Koppermann, F. De Santis, J. Heyszl and G. Sigl. “Low-latency X25519 hardware implementation: breaking the 100 microseconds barrier”. In: Microprocessors and Microsystems (2017). ISSN: 01419331. DOI: http://dx.doi.org/10.1016/j.micpro.2017.07.001.
• N. Jacob, J. Wittmann, J. Heyszl, R. Hesselbarth, F. Wilde, M. Pehl, G. Sigl and K. Fisher. “Securing FPGA SoC Configurations Independent of Their Manufacturers”. In: 30th IEEE International System-on-Chip Conference. 2017.
• J. Sepúlveda, A. Zankl, D. Flórez and G. Sigl. “Towards Protected MPSoC Communication for Information Protection against a Malicious NoC”. In: International Conference on Computational Science, ICCS 2017, 12-14 June 2017, Zurich, Switzerland. Vol. 108. Procedia Computer Science. Elsevier, 2017, pp. 1103 –1112. DOI: 10.1016/j.procs.2017.05.139. URL: https://doi.org/10.1016/j.procs.2017.05.139.
  
• V. Immler, R. Specht and F. Unterstein. “Your Rails Cannot Hide From Localized EM: How Dual-Rail Logic Fails on FPGAs”. In: Conference on Cryptographic Hardware and Embedded Systems, CHES 2017.
• N. Jacob, J. Heyszl, A. Zankl, C. Rolfes and G. Sigl. “How to Break Secure Boot on FPGA SoCs through Malicious Hardware”. In: Conference on Cryptographic Hardware and Embedded Systems, CHES 2017.

2016

• A. Zankl, K. Miller, J. Heyszl and G. Sigl. “Towards Efficient Evaluation of a Time-Driven Cache Attack on Modern Processors”. In: Computer Security (ESORICS 2016), 21th European Symposium on Research in Computer Security, Heraklion, Greece, 2016.
• B. Selmke, J. Heyszl and G. Sigl. “Attack on a DFA protected AES by simultaneous laser fault injections”. en. In: Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2016). Santa Barbara, CA, USA, 2016.
• R. Nyberg, J. Heyszl, D. Heinz, and G. Sigl. “Enhancing Fault Emulation of Transient Faults by Separating Combinational and Sequential Fault Propagation.” In: ACM Great Lakes Symposium on VLSI. Ed. by Ayse Kivilcim Coskun, Martin Margala, Laleh Behjat, and Jie Han. ACM, 2016, pp. 209–214.
• P. Koppermann, F. De Santis, J. Heyszl and G. Sigl. “X25519 Hardware Implementation for Low-Latency Applications”. en. In: Euromicro Conference on Digital System Design (DSD 2016). Limassol, Cyprus, 2016.
• R. Hesselbarth and G. Sigl. “Fast and Reliable PUF Response Evaluation from Unsettled Bistable Rings”. en. In: Euromicro Conference on Digital System Design (DSD 2016). Limassol, Cyprus, 2016.
• H. Seuschek, J. Heyszl and F. De Santis. "A Cautionary Note: SideChannel Leakage Implications of Deterministic Signature Schemes". In: Proceedings of the Third Workshop on Cryptography and Security in Computing Systems. ACM. 2016, pp. 7–12.

2015

• B. Selmke, S. Brummer and J. Heyszl. "Precise Laser Fault injections into 90nm and 45nm SRAM-cells". In: Smart Card Research and Advanced Applications - 14th International Conference, CARDIS 2015, Bochum.
• D. Adam, S. Tverdyshev, C. Rolfes, T. Sandmann, S. Baehr, O. Sander, J. Becker and U. Baumgarten. “Two Architecture Approaches for MILS Systems in Mobility Domains (Automobile, Railway and Avionik)”. In: International Workshop on MILS: Architecture and Assurance for Secure Systems (MILS 2015). 2015.
• R. Nyberg, J. Heyszl and G. Sigl. “Efficient Fault Emulation through Splitting Combinational and Sequential Fault Propagation”. In: 1st International Workshop on Resiliency in Embedded Electronic. 2015.
  
• R. Nyberg, J. Heyszl, D. Rabe and G. Sigl. "Closing the gap between speed and configurability of multi-bit fault emulation environments for security and safety–critical designs". In: Microprocessors and Microsystems Embedded Hardware Design 39.8 (2015), pp. 1119–1129. Microprocessors and Microsystems (2015)
• R. Specht, J. Heyszl, M. Kleinsteuber and G. Sigl. "Improving Non-Profiled Attacks on Exponentiations Based on Clustering and Extracting Leakage from Multi-Channel High-Resolution EM Measurements". In: Constructive Side-Channel Analysis and Secure Design (COSADE), 2015 6th International Workshop Berlin.
• J. Heyszl and F. Thiel. "Geldspielgeräte in Zukunft mit geprüfter Sicherheit". Datenschutz und Datensicherheit-DuD 39 (4) 2015.
• D. Adam, S. Tverdyshev, C. Rolfes and T. Sandmann. "Two Architecture Approaches for MILS Systems in Mobility Domains (Automobile, Railway and Avionik)". International Workshop on MILS: Architecture and Assurance for Secure Systems, 2015.