CryptoBlaze: 8-Bit Security Microcontroller. Quick Start Training Agenda What is CryptoBlaze? KryptoKit GF(2 m ) Multiplier Customize CryptoBlaze Attacks.

Slides:

Advertisements

Similar presentations

Side-Channel Attacks on RSA with CRT Weakness of RSA Alexander Kozak Jared Vanderbeck.

Advertisements

CoolRunner-II CPLDs in Security. Quick Start Training Agenda Some Security Basics – Security – Cryptography CoolRunner-II Security Features Securing Things.

© 2003 Xilinx, Inc. All Rights Reserved Course Wrap Up DSP Design Flow.

DSPs Vs General Purpose Microprocessors

Are standards compliant Elliptic Curve Cryptosystems feasible on RFID?

Mathematics of Cryptography Part II: Algebraic Structures

Fixed Point Numbers The binary integer arithmetic you are used to is known by the more general term of Fixed Point arithmetic. Fixed Point means that we.

LINEAR FEEDBACK SHIFT REGISTERS, GALOIS FIELDS, AND STREAM CIPHERS Mike Thomsen Cryptography II May 14 th, 2012.

IHP Im Technologiepark Frankfurt (Oder) Germany IHP Im Technologiepark Frankfurt (Oder) Germany ©

TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.

 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.

A Survey of Logic Block Architectures For Digital Signal Processing Applications.

EELE 367 – Logic Design Module 2 – Modern Digital Design Flow Agenda 1.History of Digital Design Approach 2.HDLs 3.Design Abstraction 4.Modern Design Steps.

Octavian Cret, Kalman Pusztai Cristian Vancea, Balint Szente Technical University of Cluj-Napoca, Romania CREC: A Novel Reconfigurable Computing Design.

Implementing Cryptographic Pairings on Smartcards Mike Scott.

A Handel-C Implementation of a Computationally Intensive Problem in GF(3) Joey C. Libby, Jonathan P. Lutes, and Kenneth B. Kent The Handel-C Language Handel-C.

Advanced Information Security 4 Field Arithmetic

Zheming CSCE715.  A wireless sensor network (WSN) ◦ Spatially distributed sensors to monitor physical or environmental conditions, and to cooperatively.

Extensible Processors. 2 ASIP Gain performance by:  Specialized hardware for the whole application (ASIC). −  Almost no flexibility. −High cost.  Use.

Design Technology Center National Tsing Hua University IC-SOC Design Driver Highlights Cheng-Wen Wu.

Instruction Level Parallelism (ILP) Colin Stevens.

Behavioral Design Outline –Design Specification –Behavioral Design –Behavioral Specification –Hardware Description Languages –Behavioral Simulation –Behavioral.

A Dual Field Elliptic Curve Cryptographic Processor Laboratory for Reliable Computing (LaRC) Electrical Engineering Department National Tsing Hua University.

The Design of Improved Dynamic AES and Hardware Implementation Using FPGA 游精允.

Recap – Our First Computer WR System Bus 8 ALU Carry output A B S C OUT F 8 8 To registers’ input/output and clock inputs Sequence of control signal combinations.

Computer ArchitectureFall 2008 © August 25, CS 447 – Computer Architecture Lecture 3 Computer Arithmetic (1)

CHES20021 Scalable and Unified Hardware to Compute Montgomery Inverse in GF(p) and GF(2 n ) A. Gutub, A. Tenca, E. Savas, and C. Koc Information Security.

+ CS 325: CS Hardware and Software Organization and Architecture Integers and Arithmetic Part 4.

Announcements: Quizzes graded, but not in gradebook. (Current grade gives 0 on the parts you shouldn’t have done .) Quizzes graded, but not in gradebook.

Educational Computer Architecture Experimentation Tool Dr. Abdelhafid Bouhraoua.

FPGA Based Fuzzy Logic Controller for Semi- Active Suspensions Aws Abu-Khudhair.

Generating Random Numbers in Hardware. Two types of random numbers used in computing: --”true” random numbers: ++generated from a physical source (e.g.,

Viterbi Decoder Project Alon weinberg, Dan Elran Supervisors: Emilia Burlak, Elisha Ulmer.

CoolRunner™-II Advanced Features - II. Quick Start Training Advanced CoolRunner-II Techniques-II On the Fly Reconfiguration (OTF) – Understanding OTF.

1 Solid State Storage (SSS) System Error Recovery LHO 08 For NASA Langley Research Center.

An Introduction Chapter Chapter 1 Introduction2 Computer Systems  Programmable machines  Hardware + Software (program) HardwareProgram.

CPSC 3730 Cryptography and Network Security

Computer Arithmetic. Instruction Formats Layout of bits in an instruction Includes opcode Includes (implicit or explicit) operand(s) Usually more than.

Cryptography and Network Security Introduction to Finite Fields.

LOGO Hardware side of Cryptography Anestis Bechtsoudis Patra 2010.

ASIP Architecture for Future Wireless Systems: Flexibility and Customization Joseph Cavallaro and Predrag Radosavljevic Rice University Center for Multimedia.

8-1 Embedded Systems Fixed-Point Math and Other Optimizations.

Advanced Information Security 6 SIDE CHANNEL ATTACKS Dr. Turki F. Al-Somani 2015.

Gaj1P230/MAPLD 2004 Elliptic Curve Cryptography over GF(2 m ) on a Reconfigurable Computer: Polynomial Basis vs. Optimal Normal Basis Representation Comparative.

1 Fly – A Modifiable Hardware Compiler C. H. Ho 1, P.H.W. Leong 1, K.H. Tsoi 1, R. Ludewig 2, P. Zipf 2, A.G. Oritz 2 and M. Glesner 2 1 Department of.

Session 1 Stream ciphers 1.

Chapter 4 – Finite Fields

Data Security and Encryption (CSE348) 1. Lecture # 12 2.

March 29, 2005Week 11 1 EE521 Analog and Digital Communications James K. Beard, Ph. D. Tuesday, March 29, 2005

RISC Architecture RISC vs CISC Sherwin Chan.

Linear Feedback Shift Register. 2 Linear Feedback Shift Registers (LFSRs) These are n-bit counters exhibiting pseudo-random behavior. Built from simple.

Module : Algorithmic state machines. Machine language Machine language is built up from discrete statements or instructions. On the processing architecture,

EE3A1 Computer Hardware and Digital Design

Cryptography and Network Security Chapter 4. Introduction  will now introduce finite fields  of increasing importance in cryptography AES, Elliptic.

The Instruction Set Architecture. Hardware – Software boundary Java Program C Program Ada Program Compiler Instruction Set Architecture Microcode Hardware.

CS 232: Computer Architecture II Prof. Laxmikant (Sanjay) Kale Floating point arithmetic.

Hardware Implementations of Finite Field Primitives

William Stallings Computer Organization and Architecture 8th Edition

Programmable Logic Devices

D. Cheung – IQC/UWaterloo, Canada D. K. Pradhan – UBristol, UK

Advanced Information Security 6 Side Channel Attacks

CS 232: Computer Architecture II

Elliptic Curve Cryptography over GF(2m) on a Reconfigurable Computer:

Chapter 10 Error Detection and Correction

Presentation transcript:

CryptoBlaze: 8-Bit Security Microcontroller

Quick Start Training Agenda What is CryptoBlaze? KryptoKit GF(2 m ) Multiplier Customize CryptoBlaze Attacks CryptoBlaze Support

Quick Start Training What is CryptoBlaze? A fully customizable soft microcontroller – PicoBlaze – 49 baseline16-bit instructions – 8 general-purpose 8-bit registers Set of Cryptographic processor architecture extensions (“KryptoKit”) – Field operations – S-Boxes – LFSR extensions

Quick Start Training PicoBlaze

Quick Start Training PicoBlaze Baseline Instruction Set

Quick Start Training KryptoKit * irreducible polynomial in trinomial or pentanomial form

Quick Start Training What is a Galois Field? Finite Field with binary operands Has all the math properties for closure on addition, multiplication, commutivity, etc. An extension field permits polynomial notation and algebraic manipulation Commonly used to describe Linear Feedback Shift Registers Very interesting properties appropriate to CPLDs

Quick Start Training Finite Field Arithmetic Field Arithmetic is cool – All operands ultimately the same number of bits – Suitable for fixed word size applications Cryptography Channel coding (Reed Solomon, BCH, Viterbi, etc.) Digital signal processing Addition for Galois Fields is just EX-OR Multiplication can be done with Add/Shift – Needs polynomial “modulo” correction

Quick Start Training Example: GF(2 3 ) Multiply Example of 8 Bit Multiplication 57 * 83 = C1 (reduction polynomial = X 8 + X X + 1 = ) (57) x (83) _______ (answer, must be reduced) EX-OR _____ (must be reduced again!) EX-OR ___ = C1 (done! ie, stop when msb=1)

Quick Start Training GF(2 m ) Multiplier/Adder Natural extension of Berlekamp-Massey structure Based on work of Johannes Großschädl Compiled & simulated Works in serial or parallel modes Can use DualEdge clocking for performance Operates up to: 250+ MHz Built up to 163 bits long in CoolRunner-II App Note on GF(2 m ) Multiplier (Xapp 371)

Quick Start Training GF(2 4 ) Multiplier

Quick Start Training Res. MS bit =1? Subtract Polynomial Left shift Result (fill with 0) Result = Result (A i AND B) Result = 0 Loop = 3 Loop = Loop -1 Loop = 0? Done Yes No Yes No The Flow

Quick Start Training CryptoBlaze =PicoBlaze with Field Operations GF(2 3 ) MPY

Quick Start Training Applications ECC-Error Channel Coding – Reed-Solomon – BCH operations ECC-elliptic curve cryptography RSA Advanced Encryption Standard

Quick Start Training CoolRunner-II Enhanced Security Multiple security bits Nonvolatile Reconfigurable Multiple metal layers Difficult to reverse engineer Double Data Rate Operation DataGate

Quick Start Training Design Your Own Start with baseline instrs. - delete unused ones Add choice of elements from KryptoKit Evaluate tradeoffs of S/W vs. H/W solutions – First identify bottlenecks – Second evaluate replacement H/W Invent new instructions Tune the processor to suit your requirements Easy to add to VHDL and the assembler

Quick Start Training Attacks Anything that can get a cryptographic module to reveal its “secret” is an attack – Brute force attack (lots of trials) – Chosen text attacks – Side channel Timing attacks Power analysis Tempest attack Usually targets the protocol

Quick Start Training Power Analysis: Kerckhoffs meets Kirchoff Looks at the current flow into a chip over time Distinguishes “different” power behavior to reveal inner behavior of algorithm Usually focuses on microprocessors, with knowledge of algorithm and instruction set Easily identifies loop/branching behavior – loop behavior correlates to keystream bits CryptoBlaze method permits tuning of the processor to increase difficulty of Power Analysis

Quick Start Training Basic Idea inputoutput  - +

Quick Start Training Power Attack Strategies Loop behavior is identified with Power Analysis Loop unrolling helps Breaking up loops helps Modifying instructions helps Modifying hardware helps – bogus randomizing hardware Homogenizing execution time helps Main idea: changing the hardware helps! Power tuning is possible

Quick Start Training CryptoBlaze Conclusion Building specialized processors can improve: – Performance – Power consumption – Security Development support available free from Xilinx – Basic reference design – Cross Assembler – Krypto Kit Fully supported by Xilinx Design Software