Date: Tuesday 25 March 2014
Time: 14:30 - 16:00
Location / Room: Konferenz 1

Chair:
Paolo Maistri, TIMA, FR

Co-Chair:
Patrick Schaumont, Virginia tech, US

System designers need secure building blocks for robust system protection against physical attacks. This session presents novel hardware designs and analysis on code-based cryptography, random number generators and IP protection mechanisms using watermarking.

Time	Label	Presentation Title Authors
14:30	3.3.1	LIGHTWEIGHT CODE-BASED CRYPTOGRAPHY: QC-MDPC MCELIECE ENCRYPTION ON RECONFIGURABLE DEVICES Speakers: Ingo von Maurich and Tim Güneysu, Ruhr-Universität Bochum, DE Abstract With the break of RSA and ECC cryptosystems in an era of quantum computing, asymmetric code-based cryptography is an established alternative that can be a potential replacement. A major drawback are large keys in the range between 50kByte to several MByte that prevented real-world applications of code-based cryptosystems so far. A recent proposal by Misoczki et al. showed that quasi-cyclic moderate density parity-check (QC-MDPC) codes can be used in McEliece encryption -- reducing the public key to just 0.6kByte to achieve a 80-bit security level. Despite of reasonably small key sizes that could also enable small designs, previous work only report high-performance implementations with high resource consumptions of more than 13,000 slices on a large Xilinx Virtex-6 FPGA for a combined en-/decryption unit. In this work we focus on lightweight implementations of code-based cryptography and demonstrate that McEliece encryption using QC-MDPC codes can be implemented with a significantly smaller resource footprint -- still achieving reasonable performance sufficient for many applications, e.g., challenge-response protocols or hybrid firmware encryption. More precisely, our design requires just 68 slices for the encryption and around 150 slices for the decryption unit and is able to en-/decrypt an input block in 2.2ms and 13.4ms, respectively.
15:00	3.3.2	ON THE ASSUMPTION OF MUTUAL INDEPENDENCE OF JITTER REALIZATIONS IN P-TRNG STOCHASTIC MODELS. Speakers: Patrick Haddad1, Yannick Teglia1, Florent Bernard2 and Viktor Fischer3 1STMicroelectronics, FR; 2Laboratory Hubert Curien, University of Lyon, UJM Saint-Etienne, FR; 3Hubert Curien Laboratory, Jean Monnet University, FR Abstract Security in true random number generation in cryptography is based on entropy per bit at the generator output. The entropy is evaluated using stochastic models. Several recent works propose stochastic models based on assumptions related to selected physical analog phenomena such as noisy signals and on the knowledge of the principle of randomness extraction from the obtained noisy analog signal. However, these assumptions simplify often considerably the underlying analog processes, which include several noise sources. In this paper, we present a new comprehensive multilevel approach, which enables to build the stochastic model based on detailed analysis of noise sources starting at transistor level and on conversion of the noise to the clock jitter exploited at the generator level. Using this approach, we can estimate proportion of the jitter coming only from the thermal noise, which is included in the total clock jitter.
15:30	3.3.3	CLOCK-MODULATION BASED WATERMARK FOR PROTECTION OF EMBEDDED PROCESSORS Speakers: Jedrzej Kufel1, Peter Wilson1, Stephen Hill2, Bashir Al-Hashimi1, Paul N. Whatmough3 and James Myers3 1University of Southampton, GB; 2ARM, US; 3ARM, GB Abstract This paper presents a novel watermark generation technique for the protection of embedded processors. In previous work, a load circuit is used to generate detectable watermark patterns in the ASIC power supply. This approach leads to hardware area overheads. We propose removing the dedicated load circuit entirely, instead to compensate the reduced power consumption the watermark power pattern is emulated by reusing existing clock gated sequential logic as a zero-overhead load circuit and modulating the clock-gating enable signal with the watermark sequence. The proposed technique has been validated through experiments using two ASICs in 65nm CMOS, one with an ARM Cortex-M0 microcontroller and one with a Cortex-A5 microprocessor. Silicon measurement results verify the viability of the technique for embedded processors. Furthermore, the proposed clock modulation technique demonstrates a significant area reduction, without compromising the detection performance. In our experiments an area overhead reduction of 98% was achieved. Through reuse of existing logic and reduction of watermark hardware implementation costs, the proposed clock modulation technique offers an improved robustness against removal attacks.
16:00		End of session Coffee Break in Exhibition Area On Tuesday-Thursday the coffee and lunch breaks will be located in the Exhibition Area (Terrace Level).