Biblio

In this work, we implement a complete probabilistic amplitude shaping (PAS) architecture on a field-programmable gate array (FPGA) platform to study the interplay between probabilistic shaping (PS) and forward error correction (FEC). Due to the fully parallelized input–output interfaces based on look up table (LUT) and low computational complexity without high-precision multiplication, hierarchical distribution matching (HiDM) is chosen as the solution for real time probabilistic shaping. In terms of FEC, we select two kinds of the mainstream soft decision-forward error correction (SD-FEC) algorithms currently used in optical communication system, namely Open FEC (OFEC) and soft-decision quasi-cyclic low-density parity-check (SD-QC-LDPC) codes. Through FPGA experimental investigation, we studied the impact of probabilistic shaping on OFEC and LDPC, respectively, based on PS-16QAM under moderate shaping, and also the impact of probabilistic shaping on LDPC code based on PS-64QAM under weak/strong shaping. The FPGA experimental results show that if pre-FEC bit error rate (BER) is used as the predictor, moderate shaping induces no degradation on the OFEC performance, while strong shaping slightly degrades the error correction performance of LDPC. Nevertheless, there is no error floor when the output BER is around 10-15. However, if normalized generalized mutual information (NGMI) is selected as the predictor, the performance degradation of LDPC will become insignificant, which means pre-FEC BER may not a good predictor for LDPC in probabilistic shaping scenario. We also studied the impact of residual errors after FEC decoding on HiDM. The FPGA experimental results show that the increased BER after HiDM decoding is within 10 times compared to post-FEC BER.

Electronic control units (ECU) have been widely used in modern resource-constrained automotive systems, com-municating through the controller area network (CAN) bus. However, they are still facing man-in-the-middle attacks in CAN bus due to the absence of a more effective authenti-cation/encryption mechanism. In this paper, to defend against the attacks more effectively, we propose a unified lightweight authenticated encryption that integrates recent prevalent cryp-tography standardization Isap and Ascon.First, we reuse the common permutation block of ISAP and Asconto support authenticated encryption and encryption/decryption. Second, we provide a flexible and independent switch between authenticated encryption and encryption/decryption to support specific application requirements. Third, we adopt standard CAESAR hardware API as the interface standard to support compatibility between different interfaces or platforms. Experimental results show that our proposed unified lightweight authenticated encryption can reduce 26.09% area consumption on Xilinx Artix-7 FPGA board compared with the state-of-the-arts. In addition, the encryption overhead of the proposed design for transferring one CAN data frame is \textbackslashmathbf10.75 \textbackslashmu s using Asconand \textbackslashmathbf72.25 \textbackslashmu s using ISAP at the frequency of 4 MHz on embedded devices.

In advanced metering infrastructure (AMI), the customers' power consumption data is considered private but needs to be revealed to data-driven attack detection frameworks. In this paper, we present a system for privacy-preserving anomaly-based data falsification attack detection over fully homomorphic encrypted (FHE) data, which enables computations required for the attack detection over encrypted individual customer smart meter's data. Specifically, we propose a homomorphic look-up table (LUT) based FHE approach that supports privacy preserving anomaly detection between the utility, customer, and multiple partied providing security services. In the LUTs, the data pairs of input and output values for each function required by the anomaly detection framework are stored to enable arbitrary arithmetic calculations over FHE. Furthermore, we adopt a private information retrieval (PIR) approach with FHE to enable approximate search with LUTs, which reduces the execution time of the attack detection service while protecting private information. Besides, we show that by adjusting the significant digits of inputs and outputs in our LUT, we can control the detection accuracy and execution time of the attack detection, even while using FHE. Our experiments confirmed that our proposed method is able to detect the injection of false power consumption in the range of 11–17 secs of execution time, depending on detection accuracy.

All along, white-box cryptography researchers focus on the design and implementation of certain primitives but less to the practice of the cipher working modes. For example, the Galois/Counter Mode (GCM) requires block ciphers to perform only the encrypting operations, which inevitably facing code-lifting attacks under the white-box security model. In this paper, a code-lifting resisted GCM (which is named WBGCM) is proposed to mitigate this security drawbacks in the white-box context. The basic idea is to combining external encodings with exclusive-or operations in GCM, and therefore two different schemes are designed with external encodings (WBGCM-EE) and maskings (WBGCM-Maksing), respectively. Furthermore, WBGCM is instantiated with Chow et al.'s white-box AES, and the experiments show that the processing speeds of WBGCM-EE and WBGCM-Masking achieves about 5 MBytes/Second with a marginal storage overhead.

Security plays a major role in data transmission and reception. Providing high security is indispensable in communication systems. The RSA (Rivest-Shamir-Adleman) cryptosystem is used widely in cryptographic applications as it offers highly secured transmission. RSA cryptosystem uses Montgomery multipliers and it involves modular exponentiation process which is attained by performing repeated modular-multiplications. This leads to high latency and owing to improve the speed of multiplier, highly efficient modular multiplication methodology needs to be applied. In the conventional methodology, Carry Save Adder (CSA) is used in the multiplication and it consumes more area and it has larger delay, but in the suggested methodology, the Reverse Carry Propagate (RCP) adder is used in the place of CSA adder and the obtained output shows promising results in terms of area and latency. The simulation is done with Xilinx ISE design suite. The proposed multiplier can be used effectively in signal processing, image processing and security based applications.

Network traffic analysis and deep packet inspection are time-consuming tasks, which current processors can not handle at 100 Gbps speed. Therefore security systems need fast packet processing with hardware acceleration. With the growing of encrypted network traffic, it is necessary to extend Intrusion Detection Systems (IDSes) and other security tools by new detection methods. Security tools started to use classifiers trained by machine learning techniques based on decision trees. Random Forest, Compact Random Forest and AdaBoost provide excellent result in network traffic analysis. Unfortunately, hardware architectures for these machine learning techniques need high utilisation of on-chip memory and logic resources. Therefore we propose several optimisations of highly pipelined architecture for acceleration of machine learning techniques based on decision trees. The optimisations use the various encoding of a feature vector to reduce hardware resources. Due to the proposed optimisations, it was possible to reduce LUTs by 70.5 % for HTTP brute force attack detection and BRAMs by 50 % for application protocol identification. Both with only negligible impact on classifiers' accuracy. Moreover, proposed optimisations reduce wires and multiplexors in the processing pipeline, positively affecting the proposed architecture's maximal achievable frequency.

Return-oriented programming(ROP) is a prevalent technique that targets return addresses to hijack control flow. To prevent such attack, researchers mainly focus on either Shadow Stack or MAC-based mechanisms(message code authentication). But Shadow Stack suffers from additional memory overhead and information leakage, while MAC-based mechanisms(e.g. Zipper Stack) impose high runtime overhead for MAC calculations.In this paper, we propose Twine Stack, a hybrid and efficient return address protection mechanism with lightweight hardware extension. It utilizes a tiny hardware shadow stack to realize a new multi-chain Zipper Stack. Specifically, each entry in the shadow stack stores a return address and its MAC in each chain, allowing queueing calculation with just one hash module. At meantime, some return address verifications could be done by comparison with the hardware shadow stack, instead of calculation again. We implemented Twine Stack on RISC-V architecture, and evaluated it on FPGA board. Our experiments show that Twine Stack reduces over 95% hash verifications, and imposes merely 1.38% performance overhead with an area overhead of 974 LUTs and 726 flip flops. The result demonstrates that our hybrid scheme mitigates the drawbacks of each separate scheme.

Logic locking is a well-explored defense mechanism against various types of hardware security attacks. Recent approaches to logic locking replace portions of a circuit with reconfigurable blocks such as look-up tables (LUTs) and switch boxes (SBs) to primarily achieve logic and routing obfuscation, respectively. However, these techniques may incur significant design overhead, and methods that can mitigate the implementation cost for a given security level are desirable. In this paper, we address this challenge by proposing an algorithm for deciding the location and inputs of the LUTs in LUT-based obfuscation to enhance security and reduce design overhead. We then introduce a locking method that combines LUTs with SBs to further robustify LUT-based obfuscation, largely independently of the specific LUT locations. We illustrate the effectiveness of the proposed approaches on a set of ISCAS benchmark circuits.

Structural analysis is the study of finding component functions for a given function. In this paper, we proceed with structural analysis of structures consisting of the S (nonlinear Substitution) layer and the A (Affine or linear) layer. Our main interest is the S1AS2 structure with different substitution layers and large input/output sizes. The purpose of our structural analysis is to find the functionally equivalent oracle F* and its component functions for a given encryption oracle F(= S2 ∘ A ∘ S1). As a result, we can construct the decryption oracle F*−1 explicitly and break the one-wayness of the building blocks used in a White-box implementation. Our attack consists of two steps: S layer recovery using multiset properties and A layer recovery using differential properties. We present the attack algorithm for each step and estimate the time complexity. Finally, we discuss the applicability of S1AS2 structural analysis in a White-box Cryptography environment.

For classical fault analysis, a transient fault is required to be injected during runtime, e.g., only at a specific round. Instead, Persistent Fault Analysis (PFA) introduces a powerful class of fault attacks that allows for a fault to be present throughout the whole execution. One limitation of original PFA as introduced by Zhang et al. at CHES'18 is that the adversary needs know (or brute-force) the faulty values prior to the analysis. While this was addressed at a follow-up work at CHES'20, the solution is only applicable to a single faulty value. Instead, we use the potency of Statistical Fault Analysis (SFA) in the persistent fault setting, presenting Statistical Persistent Fault Analysis (SPFA) as a more general approach of PFA. As a result, any or even a multitude of unknown faults that cause an exploitable bias in the targeted round can be used to recover the cipher's secret key. Indeed, the undesired faults in the other rounds that occur due the persistent nature of the attack converge to a uniform distribution as required by SFA. We verify the effectiveness of our attack against LED and AES.

As the technology is getting advanced continuously the problem for the security of data is also increasing. The hackers are equipped with new advanced tools and techniques to break any security system. Therefore people are getting more concern about data security. The data security is achieved by either software or hardware implementations. In this work Field Programmable Gate Arrays (FPGA) device is used for hardware implementation since these devices are less complex, more flexible and provide more efficiency. This work focuses on the hardware execution of one of the security algorithms that is the Advanced Encryption Standard (AES) algorithm. The AES algorithm is executed on Vivado 2014.2 ISE Design Suite and the results are observed on 28 nanometers (nm) Artix-7 FPGA. This work discusses the design implementation of the AES algorithm and the resources consumed in implementing the AES design on Artix-7 FPGA. The resources which are consumed are as follows-Slice Register (SR), Look-Up Tables (LUTs), Input/Output (I/O) and Global Buffer (BUFG).

An ideal lattice is defined over a ring learning with errors (Ring-LWE) problem. Polynomial multiplication over the ring is the most computational and time-consuming block in lattice-based cryptography. This paper presents the first hardware design of the polynomial multiplication for LAC, one of the Round-2 candidates of the NIST PQC Standardization Process, which has byte-level modulus p=251. The proposed architecture supports polynomial multiplications for different degree n (n=512/1024/2048). For designing the scheme, we used the Vivado HLS compiler, a high-level synthesis based hardware design methodology, which is able to optimize software algorithms into actual hardware products. The design of the scheme takes 274/280/291 FFs and 204/217/208 LUTs on the Xilinx Artix-7 family FPGA, requested by NIST PQC competition for hardware implementation. Multiplication core uses only 1/1/2 pieces of 18Kb BRAMs, 1/1/1 DSPs, and 90/94/95 slices on the board. Our timing result achieved in an alternative degree n with 5.052/4.3985/5.133ns.

The core operation of public-key cryptosystem e.g. elliptic curve cryptography (ECC) is the modular multiplication. It is the heavy computational block and the most costly cryptographic operation. Area-Efficient hardware architecture of 256-bit modified interleaved modular multiplication (IMM) is represented in this research. The novelty of this work is the device area minimization with keeping computational time as minimum as possible i.e., 2.09 μs for ECC with Koblitz Curve. In this research, IMM is implemented using a fewer number of resources such as 421 slices, 514 FF pairs, 522 registers, 1770 LUTs, and 1463 LUT-FF pairs. This hardware implementation provides a maximum frequency of 122.883 MHz and area-time (AT) product 0.879 and throughput rate 122.49 Mbps on Virtex-7 FPGA technology which is better than the other related recent works. The proposed design saves approximately 61.75% to 93.16% slice LUTs, 95.76% to 133.69% LUT-FF pairs, and 103.8% to 168.65% occupied slices on the Virtex-7 FPGA for the 256-bit prime field. This proposed hardware implementation design also keeps less AT product which is the most crucial parameter for ECC operation. To our best knowledge, this design provides better performance than the recently available designs for IMM for ECC operation.

To protect data in cloud servers, fully homomorphic encryption (FHE) is an effective solution. In addition to encrypting data, FHE allows a third party to evaluate arithmetic circuits (i.e., computations) over encrypted data without decrypting it, guaranteeing protection even during the calculation. However, FHE supports only addition and multiplication. Functions that cannot be directly represented by additions or multiplications cannot be evaluated with FHE. A naïve implementation of such arithmetic operations with FHE is a bit-wise operation that encrypts numerical data as a binary string. This incurs huge computation time and storage costs, however. To overcome this limitation, we propose an efficient protocol to evaluate multi-input functions with FHE using a lookup table. We extend our previous work, which evaluates a single-integer input function, such as f(x). Our extended protocol can handle multi-input functions, such as f(x,y). Thus, we propose a new method of constructing lookup tables that can evaluate multi-input functions to handle general functions. We adopt integer encoding rather than bit-wise encoding to speed up the evaluations. By adopting both permutation operations and a private information retrieval scheme, we guarantee that no information from the underlying plaintext is leaked between two parties: a cloud computation server and a decryptor. Our experimental results show that the runtime of our protocol for a two-input function is approximately 13 minutes, when there are 8,192 input elements in the lookup table. By adopting a multi-threading technique, the runtime can be further reduced to approximately three minutes with eight threads. Our work is more practical than a previously proposed bit-wise implementation, which requires 60 minutes to evaluate a single-input function.

Nowadays, physical tampering and counterfeiting of electronic devices are still an important security problem and have a great impact on large-scale and distributed applications, such as Internet-of-Things. Physical Unclonable Functions (PUFs) have the potential to be a fundamental means to guarantee intrinsic hardware security, since they promise immunity against most of known attack models. However, inner nature of PUF circuits hinders a wider adoption since responses turn out to be noisy and not stable during time. To overcome this issue, most of PUF implementations require a fuzzy extraction scheme, able to recover responses stability by exploiting error correction codes (ECCs). In this paper, we propose a Reed-Muller (RM) ECC design, meant to be embedded into a fuzzy extractor, that can be efficiently configured in terms of area/delay constraints in order to get reliable responses from PUFs. We provide implementation details and experimental evidences of area/delay efficiency through syntheses on medium-range FPGA device.

Bloom filters (BFs) are fast and space-efficient data structures used for set membership queries in many applications. BFs are required to satisfy three key requirements: low space cost, high-speed lookups, and fast updates. Prior works do not satisfy these requirements at the same time. The standard BF does not support deletions of items and the variants that support deletions need additional space or performance overhead. The state-of-the-art cuckoo filters (CF) has high performance with seemingly low space cost. However, the CF suffers a critical issue of varying space cost per item. This is because the exclusive-OR (XOR) operation used by the CF requires the total number of buckets to be a power of two, leading to the space inflation. To address the issue, in this paper we propose a scalable variant of the cuckoo filter called additive and subtractive cuckoo filter (ASCF). We aim to improve the space efficiency while sustaining comparably high performance. The ASCF uses the addition and subtraction (ADD/SUB) operations instead of the XOR operation to compute an item's two candidate bucket indexes based on its fingerprint. Experimental results show that the ASCF achieves both low space cost and high performance. Compared to the CF, the ASCF reduces up to 1.9x space cost per item while maintaining the same lookup and update throughput. In addition, the ASCF outperforms other filters in both space cost and performance.

In many industry Internet of Things applications, resources like CPU, memory, and battery power are limited and cannot afford the classic cryptographic security solutions. Silicon physical unclonable function (PUF) is a lightweight security primitive that exploits manufacturing variations during the chip fabrication process for key generation and/or device authentication. However, traditional weak PUFs such as ring oscillator (RO) PUF generate chip-unique key for each device, which restricts their application in security protocols where the same key is required to be shared in resource-constrained devices. In this article, in order to address this issue, we propose a PUF-based key sharing method for the first time. The basic idea is to implement one-to-one input-output mapping with lookup table (LUT)-based interstage crossing structures in each level of inverters of RO PUF. Individual customization on configuration bits of interstage crossing structure and different RO selections with challenges bring high flexibility. Therefore, with the flexible configuration of interstage crossing structures and challenges, crossover RO PUF can generate the same shared key for resource-constrained devices, which enables a new application for lightweight key sharing protocols.

This paper presents a scheme of intellectual property protection of hardware circuit based on digital compression coding technology. The aim is to solve the problem of high embedding cost and low resource utilization of IP watermarking. In this scheme, the watermark information is preprocessed by dynamic compression coding around the idle circuit of FPGA, and the free resources of the surrounding circuit are optimized that the IP watermark can get the best compression coding model while the extraction and detection of IP core watermark by activating the decoding function. The experimental results show that this method not only expands the capacity of watermark information, but also reduces the cost of watermark and improves the security and robustness of watermark algorithm.

White-box cryptography protects cryptographic software in a white-box attack context (WBAC), where the dynamic execution of the cryptographic software is under full control of an adversary. Protecting AES in the white-box setting attracted many scientists and engineers, and several solutions emerged. However, almost all these solutions have been badly broken by various efficient white-box attacks, which target compositions of key-embedding lookup tables. In 2014, Luo, Lai, and You proposed a new WBAC-oriented AES implementation, and claimed that their implementation is secure against both Billet et al.'s attack and De Mulder et al.'s attack. In this study, based on the existing table-composition-targeting cryptanalysis techniques, the authors show that the secret key of the Luo-Lai-You (LLY) implementation can be recovered with a time complexity of about 244. Furthermore, the authors propose a new white-box AES implementation based on table lookups, which is shown to be resistant against the existing table-composition-targeting white-box attacks. The authors, key-embedding tables are obfuscated with large affine mappings, which cannot be cancelled out by table compositions of the existing cryptanalysis techniques. Although their implementation requires twice as much memory as the LLY WBAES to store the tables, its speed is about 63 times of the latter.

Recently, gray-box attacks on white-box cryptographic implementations have succeeded. These attacks are more efficient than white-box attacks because they can be performed without detailed knowledge of the target implementation. The success of the gray-box attack is reportedly due to the unbalanced encodings used to generate the white-box lookup table. In this paper, we propose a method to protect the gray-box attack against white-box implementations. The basic idea is to apply the masking technique before encoding intermediate values during the white-box lookup table generation. Because we do not require any random source in runtime, it is possible to perform efficient encryption and decryption using our method. The security and performance analysis shows that the proposed method can be a reliable and efficient countermeasure.

Functionally safe control logic design without full duplication is difficult due to the complexity of random control logic. The Reorder buffer (ROB) is a control logic function commonly used in high performance computing systems. In this study, we focus on a safe ROB design used in an industry quality Network-on-Chip (NoC) Advanced eXtensible Interface (AXI) Network Interface (NI) block. We developed and applied area efficient safe design techniques including partial duplication, Error Detection Code (EDC) and invariance checking with formal proofs and showed that we can achieve a desired safe Diagnostic Coverage (DC) requirement with small area and power overheads and no performance degradation.

The deployment of smart devices in IoT applications are increasing with tremendous pace causing severe security concerns, as it trade most of private information. To counter that security issues in low resource applications, lightweight cryptographic algorithms have been introduced in recent past. In this paper we propose efficient hardware architecture of piccolo lightweight algorithm uses 64 bits block size with variable key size of length 80 and 128 bits. This paper introduces novel hardware architecture of piccolo-80, to supports high speed RFID security applications. Different design strategies are there to optimize the hardware metrics trade-off for particular application. The algorithm is implemented on different family of FPGAs with different devices to analyze the performance of design in 4 input LUTs and 6 input LUTs implementations. In addition, the results of hardware design are evaluated and compared with the most relevant lightweight block ciphers, shows the proposed architecture finds its utilization in terms of speed and area optimization from the hardware resources. The increment in throughput with optimized area of this architecture suggests that piccolo can applicable to implement for ultra-lightweight applications also.

Artificial intelligence technology such as neural network (NN) is widely used in intelligence module for Internet of Things (IoT). On the other hand, the risk of illegal attacks for IoT devices is pointed out; therefore, security countermeasures such as an authentication are very important. In the field of hardware security, the physical unclonable functions (PUFs) have been attracted attention as authentication techniques to prevent the semiconductor counterfeits. However, implementation of the dedicated hardware for both of NN and PUF increases circuit area. Therefore, this study proposes a new area constraint aware PUF for intelligence module. The proposed PUF utilizes the propagation delay time from input layer to output layer of NN. To share component for operation, the proposed PUF reduces the circuit area. Experiments using a field programmable gate array evaluate circuit area and PUF performance. In the result of circuit area, the proposed PUF was smaller than the conventional PUFs was showed. Then, in the PUF performance evaluation, for steadiness, diffuseness, and uniqueness, favorable results were obtained.

The imbalance relationship between FPGA hardware/software providers and FPGA users challenges the assurance of secure design on FPGAs. Existing efforts on FPGA security primarily focus on reverse engineering the downloaded FPGA configuration, retrieving the authentication code or crypto key stored on the embedded memory in FPGAs, and countermeasures for the security threats above. In this work, we investigate new security threats from malicious FPGA tools, and identify stealthy attacks that could occur during FPGA deployment. To address those attacks, we exploit the principles of moving target defense (MTD) and propose a FPGA-oriented MTD (FOMTD) method. Our method is composed of three defense lines, which are formed by an improved user constraint file, random selection of design replicas, and runtime submodule assembling, respectively. The FPGA emulation results show that the proposed FOMTD method reduces the hardware Trojan hit rate by 60% over the baseline, at the cost of 10.76% more power consumption.

Drones are increasingly being used as mobile data collectors for various monitoring services. However, since they may move around in unattended hostile areas with valuable data, they can be the targets of malicious physical/cyber attacks. These attacks may aim at stealing privacy-sensitive data, including secret keys, and eavesdropping on communications between the drones and the ground station. To detect tampered drones, a code attestation technique is required. However, since attestation itself does not guarantee that the data in the drones' memory are not leaked, data collected by the drones must be protected and secret keys for secure communications must not be leaked. In this paper, we present a solution integrating techniques for software-based attestation, data encryption and secret key protection. We propose an attestation technique that fills up free memory spaces with data repositories. Data repositories consist of pseudo-random numbers that are also used to encrypt collected data. We also propose a group attestation scheme to efficiently verify the software integrity of multiple drones. Finally, to prevent secret keys from being leaked, we utilize a technique that converts short secret keys into large look-up tables. This technique prevents attackers from abusing free space in the data memory by filling up the space with the look-up tables. To evaluate the integrated solution, we implemented it on AR.Drone and Raspberry Pi.