On Secure Embedded Token Design

Within a broader context of mobile and embedded computing, the design of practical, secure tokens that can store and/or process security-critical information remains an ongoing challenge. One aspect of this challenge is the threat of information leakage through side-channel attacks, which is exacerbated by any resource constraints. Along these lines, this paper extends previous work on use of Yao circuits via two contributions. First, we show how careful analysis can fix the maximum number of leakage occurrences observed during a DPA attack, effectively bounding leakage from a Yao-based token. To achieve this we use modularised Yao circuits, which also support our second contribution: the first Yao-based implementation of a secure authentication payload, namely HMAC based on SHA-256.

[1]  Yehuda Lindell,et al.  An Efficient Protocol for Secure Two-Party Computation in the Presence of Malicious Adversaries , 2007, EUROCRYPT.

[2]  Jonathan Katz,et al.  On the Security of the Free-XOR Technique , 2012, IACR Cryptol. ePrint Arch..

[3]  Benny Pinkas,et al.  Fairplay - Secure Two-Party Computation System , 2004, USENIX Security Symposium.

[4]  Joan Boyar,et al.  A New Combinational Logic Minimization Technique with Applications to Cryptology , 2010, SEA.

[5]  François-Xavier Standaert,et al.  Fresh Re-keying II: Securing Multiple Parties against Side-Channel and Fault Attacks , 2011, CARDIS.

[6]  Craig Gentry,et al.  i-Hop Homomorphic Encryption and Rerandomizable Yao Circuits , 2010, IACR Cryptol. ePrint Arch..

[7]  Patrick Schaumont,et al.  Secure FPGA circuits using controlled placement and routing , 2007, 2007 5th IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS).

[8]  Moti Yung,et al.  A New Randomness Extraction Paradigm for Hybrid Encryption , 2009, EUROCRYPT.

[9]  Abhi Shelat,et al.  Efficient Secure Computation with Garbled Circuits , 2011, ICISS.

[10]  Andrew Chi-Chih Yao,et al.  How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[11]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[12]  Elaine B. Barker,et al.  The Keyed-Hash Message Authentication Code (HMAC) | NIST , 2002 .

[13]  Benny Pinkas,et al.  FairplayMP: a system for secure multi-party computation , 2008, CCS.

[14]  Moti Yung,et al.  Leakage Resilient Cryptography in Practice , 2010, Towards Hardware-Intrinsic Security.

[15]  Ahmad-Reza Sadeghi,et al.  Garbled Circuits for Leakage-Resilience: Hardware Implementation and Evaluation of One-Time Programs - (Full Version) , 2010, CHES.

[16]  Thomas Zefferer,et al.  Evaluation of the Masked Logic Style MDPL on a Prototype Chip , 2007, CHES.

[17]  Jean-Sébastien Coron,et al.  A New Algorithm for Switching from Arithmetic to Boolean Masking , 2003, CHES.

[18]  William P. Marnane,et al.  Differential Power Analysis of HMAC Based on SHA-2, and Countermeasures , 2007, WISA.

[19]  Lior Malka,et al.  VMCrypt: modular software architecture for scalable secure computation , 2011, CCS '11.

[20]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[21]  Vladimir Kolesnikov,et al.  Improved Garbled Circuit: Free XOR Gates and Applications , 2008, ICALP.

[22]  Tal Rabin Advances in Cryptology - CRYPTO 2010, 30th Annual Cryptology Conference, Santa Barbara, CA, USA, August 15-19, 2010. Proceedings , 2010, CRYPTO.

[23]  Moni Naor Advances in Cryptology - EUROCRYPT 2007, 26th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Barcelona, Spain, May 20-24, 2007, Proceedings , 2007, EUROCRYPT.

[24]  Ingrid Verbauwhede,et al.  Cryptographic Hardware and Embedded Systems - CHES 2007, 9th International Workshop, Vienna, Austria, September 10-13, 2007, Proceedings , 2007, CHES.

[25]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[26]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[27]  Joseph Bonneau,et al.  What's in a Name? , 2020, Financial Cryptography.

[28]  Robin Milner,et al.  On Observing Nondeterminism and Concurrency , 1980, ICALP.

[29]  Mario Kirschbaum,et al.  Implementation and Evaluation of an SCA-Resistant Embedded Processor , 2011, CARDIS.

[30]  Srivaths Ravi,et al.  Security in embedded systems: Design challenges , 2004, TECS.

[31]  Stefan Mangard,et al.  Cryptographic Hardware and Embedded Systems, CHES 2010, 12th International Workshop, Santa Barbara, CA, USA, August 17-20, 2010. Proceedings , 2010, CHES.

[32]  Christof Paar,et al.  DPA on n-Bit Sized Boolean and Arithmetic Operations and Its Application to IDEA, RC6, and the HMAC-Construction , 2004, CHES.

[33]  Jonathan Katz,et al.  Faster Secure Two-Party Computation Using Garbled Circuits , 2011, USENIX Security Symposium.

[34]  Moni Naor,et al.  Privacy preserving auctions and mechanism design , 1999, EC '99.

[35]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[36]  Benny Pinkas,et al.  Secure Two-Party Computation is Practical , 2009, IACR Cryptol. ePrint Arch..

[37]  Srivaths Ravi,et al.  Security as a new dimension in embedded system design , 2004, Proceedings. 41st Design Automation Conference, 2004..

[38]  Benny Pinkas,et al.  Fairplay - Secure Two-Party Computation System (Awarded Best Student Paper!) , 2004 .

[39]  Jean-Louis Lanet,et al.  Smart Card Research and Advanced Application, 9th IFIP WG 8.8/11.2 International Conference, CARDIS 2010, Passau, Germany, April 14-16, 2010. Proceedings , 2010, CARDIS.

[40]  Tanja Lange,et al.  Progress in Cryptology - AFRICACRYPT 2010, Third International Conference on Cryptology in Africa, Stellenbosch, South Africa, May 3-6, 2010. Proceedings , 2010, AFRICACRYPT.

[41]  François-Xavier Standaert,et al.  Fresh Re-keying: Security against Side-Channel and Fault Attacks for Low-Cost Devices , 2010, AFRICACRYPT.

[42]  Ahmad-Reza Sadeghi,et al.  TASTY: tool for automating secure two-party computations , 2010, CCS '10.

[43]  Abhi Shelat,et al.  Billion-Gate Secure Computation with Malicious Adversaries , 2012, USENIX Security Symposium.

[44]  Ahmad-Reza Sadeghi,et al.  Embedded SFE: Offloading Server and Network Using Hardware Tokens , 2010, Financial Cryptography.