Secure Silicon: Towards Virtual Prototyping
Visualitza/Obre
Estadístiques de LA Referencia / Recolecta
Inclou dades d'ús des de 2022
Cita com:
hdl:2117/99412
Tipus de documentText en actes de congrés
Data publicació2016-11-14
Condicions d'accésAccés obert
Llevat que s'hi indiqui el contrari, els
continguts d'aquesta obra estan subjectes a la llicència de Creative Commons
:
Reconeixement-NoComercial-SenseObraDerivada 3.0 Espanya
Abstract
Evaluating security vulnerabilities of software implementations at design step is of primary
importance for applications developers, while it has received litte attention from scientific
communauty. In this paper, we describe virtual prototyping of an implementation of
Elliptic curve cryptography (ECC), aiming to make it secure against first-order horizontal
and vertical side-channel attacks (SCAs). Reproducing information leakage as close to
reality as possible requires bit- and clock-cycle accuracy, we got with Mentor Graphics
Modelsim tool, simulating the execution of the ECC software implementations on PULPino,
an open-source 32-bit microcontroller based on the recently released RISC-V instruction
set architecture. For each clock cycle, we compute the number of bit toggles into
microcontroller's registers, an image of the power consumption, and watch the program
counter to identify the assembly instruction executed, then the corresponding C function.
We first start with a naive double-and-add implementation relying on cryptographic
primitives of the mbed TLS library, formerly PolarSSL before acquisition by ARM. The
virtual analysis pinpoints differences in the way the double function on one side and the
add function on the other side manage variables and internal operations, which can be used
for horizontal SCAs. We propose some modifications of the C code, hence independent of
the considered microcontroller, with an overhead extremely small compared to that of the
double-and-add-always countermeasure. Then, we reiterate analyses, still for the mbed
TLS library, but using the regular Montgomery ladder version, most used in practice as
more efficient.
Fitxers | Descripció | Mida | Format | Visualitza |
---|---|---|---|---|
FCTRU_2016_54_Secure_Silicon.pdf | 684,5Kb | Visualitza/Obre |