SCA-Resistant and High-Performance Embedded Cryptography Using Instruction Set Extensions and Multi-Core Processors

Chen, Zhimin

28 July 2011

Nowadays, we use embedded electronic devices in almost every aspect of our daily lives. They represent our electronic identity; they store private information; they monitor health status; they do confidential communications, and so on. All these applications rely on cryptography and, therefore, present us a research objective: how to implement cryptography on embedded systems in a trustworthy and efficient manner. Implementing embedded cryptography faces two challenges - constrained resources and physical attacks. Due to low cost constraints and power budget constraints, embedded devices are not able to use high-end processors. They cannot run at extremely high frequencies either. Since most embedded devices are portable and deployed in the field, attackers are able to get physical access and to mount attacks as they want. For example, the power dissipation, electromagnetic radiation, and execution time of embedded cryptography enable Side-Channel Attacks (SCAs), which can break cryptographic implementations in a very short time with a quite low cost. In this dissertation, we propose solutions to efficient implementation of SCA-resistant and high-performance cryptographic software on embedded systems. These solutions make use of two state-of-the-art architectures of embedded processors: instruction set extensions and multi-core architectures. We show that, with proper processor micro-architecture design and suitable software programming, we are able to deliver SCA-resistant software which performs well in security, performance, and cost. In comparison, related solutions have either high hardware cost or poor performance or low attack resistance. Therefore, our solutions are more practical and see a promising future in commercial products. Another contribution of our research is the proper partitioning of the Montgomery multiplication over multi-core processors. Our solution is scalable over multiple cores, achieving almost linear speedup with a high tolerance to inter-core communication delays. We expect our contributions to serve as solid building blocks that support secure and high-performance embedded systems. / Ph. D.

embedded systems

embedded security

virtual secure circuit

cryptography

pSHS

side-channel attack

parallel Montgomery multiplication

Jämförelse av C och Rust i en inbyggd miljö : Implementationer av ett trådlöst styrsystem / Comparison of C and Rust in an embedded environment : Implementations of a wireless control system

Sätterman, Viktor, Nygren Karlsson, Arwid

January 2024

Att utveckla pålitlig och säker mjukvara är av stor vikt gällande inbyggda system, och i synnerhet mjukvara som hanterar kritiska tjänster såsom fordonsstyrning. En stor utmaning vid utveckling av inbyggda system är att hantera minnessäkerheten samtidigt som prestandan kvarhålls, ett område där äldre programspråk ofta uppvisar brister som kan leda till säkerhetsrisker och i vissa fall systemkrascher. Denna uppsats undersö- ker möjligheten att använda det relativt nya programspråket Rust i inbyggda system och jämför Rust med det väletablerade språket C. Med hjälp av en mikrokontroller (ESP32-C3-DEVKIT-RUST1), MQTT för kommunikationshantering och de angivna programspråken implementeras en prototyp av ett system för att styra fordon via WiFi. Prototyperna i Rust och C jämförs sedan kvantitativt och kvalitativt. Den kvantitativa jämförelsen fokuserar på prestanda och den kvalitativa jämförelsen på våra upplevelser kring att utveckla systemen i de två programspråken. Resultaten visar på skillnad i den kvantitativa mätningen där C var 15% snabbare samt hade en mer konsekvent exekveringstid. Trots den begränsning givet de bibliotek som finns tillgängligt för Rust anser vi att programspråket är att föredra sett till utvecklingsmiljön, kompilatorn och dokumentation. / To develop reliable and secure software is of great importance regarding embedded systems, and especially software that handles critical functionality such as control systems. A major challange for embedded systems is to manage memory security while maintai- ning performance, an area where older programming languages often show deficiencies that may lead to security risks and in some cases even system crashes. This paper explo- res the possibility to use Rust for embedded systems, and compare this programming language with the already established language C. With the help of a microcontroller (ESP32-C3-DEVKIT-RUST1), MQTT for communication management, and the spe- cified programming languages a prototype of a system for controlling vehicles via Wifi is implemented. The prototypes in Rust and C are then used in a quantitative and qualitative comparison. The quantitative comparison focuses on the performance and the qualitative comparison on the experiences from developing the system in the programming languages. The results shows differencies in the quantitative measurement where C was 15% faster while having a more consistent time of execution. Despite the limitation of available libraries for Rust, we consider the programming language preferable in the terms of environment for development, compiler and documentation.

Rust

Embedded Systems

Control system

C

Rust

Inbyggda system

Styrsystem

C

Embedded Systems

Inbäddad systemteknik

Design of System on Module for embedded system implementations

Niemi, Johan

January 2024

The objective of this thesis is to design a System on Module based on the MCIMX6ULL-EVK to be used in multiple embedded system applications using Altium Designer. The long term goal is to make the design more compact, more cost effective and to make Grepit AB independent from the supply chain issues of other companies. Starting with schematics that were created prior to this project a thorough review was made, the schematics finished and the PCB Layout was designed. The result was a System on Module that was able to boot Linux and to communicate with JTAG

Embedded systems

System on module

PCB design

Hardware design

Embedded Systems

Inbäddad systemteknik

Piano Hero : Interactive musical learning

Ahlzén, Anton, Holma, Ville, Segerberg, Adam, Varahram, Sam, Wiig, Marcus

January 2024

Learning to play the piano usually involves learning to read sheet music and many hours of prac- tice, which can be seen as a tough task for beginners. This project presents an innovative ap- proach to piano learning by integrating a Raspberry Pi, Arduino, and LED lights with a Casio CTK-550 keyboard. This system interprets MusicXML files and visually guides users by lighting up the keys they need to press in the correct order, providing a more intuitive and engaging learn- ing experience. Additionally, it has a playback mode that makes the piano play the chosen song while illuminating the keys played. This allows the user to hear the song being played correctly before using the interactive mode to play the entire song themselves. These modifications to the piano aim to simplify the learning process and ease in new piano players by removing the big initial barrier of understanding sheet music. The project practices sustainability by reusing components from old projects and also follows several UN Sustainable Development Goals. After a few iter- ations, there was a product able to fulfill the goals set in advance. Future improvements could include improved lighting precision, additional learning modes, and more user-friendly file transfer possibilities.

Raspberry Pi

Micro controllers

Arduino

Embedded Systems

Neopixel RGB

Embedded Systems

Inbäddad systemteknik

Central autentisering för ett inbyggt system.

Emil, Söder

January 2018

Central autentisering är en metod som länge har använts för att på ett lätthanterligtsätt administrera användare till olika nätverksresurser såsom datorer, skrivare ochservrar. I en tid när många industrier uppgraderas och byggs ut för att möta nyakrav för att kunna nås från runt om i världen måste många system byggas om.Arbete genomförs tillsammans med HMS Industrial Networks AB och kommer attundersöka möjligheten att autentisera användare mot en inbyggd kontroll ochstyrenhet centralt istället för lokalt vilket det idag är. Teori kommer att blandas medegna experiment av möjliga implementeringar och slutligen utvärderas all fakta ochen slutsats presenteras. / Central authentication is a method that has been around a long time to manage users tovarious network resources, such as computers, printers, and servers. At a time whenmany industries are upgrading and expanding to meet new requirements to be accessedfrom around the world, many systems need to be rebuilt. The work will be donetogether with HMS Industrial Networks AB and will investigate the possibility ofauthenticating users against a built-in controller centrally instead of locally, as it istoday. Theory will be commingled with experiments of possible implementations andfinally evaluated with all the facts and a conclusion will be presented.

Authentication

Kerberos

LDAP

OAuth

CAS

Radius

Embedded

Autentisering

Kerberos

LDAP

OAuth

CAS

Radius

Embedded

Embedded Systems

Inbäddad systemteknik

Övrig annan teknik

Side-Channel Analysis: Countermeasures and Application to Embedded Systems Debugging

Moreno, Carlos

January 2013

Side-Channel Analysis plays an important role in cryptology, as it represents an important class of attacks against cryptographic implementations, especially in the context of embedded systems such as hand-held mobile devices, smart cards, RFID tags, etc. These types of attacks bypass any intrinsic mathematical security of the cryptographic algorithm or protocol by exploiting observable side-effects of the execution of the cryptographic operation that may exhibit some relationship with the internal (secret) parameters in the device. Two of the main types of side-channel attacks are timing attacks or timing analysis, where the relationship between the execution time and secret parameters is exploited; and power analysis, which exploits the relationship between power consumption and the operations being executed by a processor as well as the data that these operations work with. For power analysis, two main types have been proposed: simple power analysis (SPA) which relies on direct observation on a single measurement, and differential power analysis (DPA), which uses multiple measurements combined with statistical processing to extract information from the small variations in power consumption correlated to the data. In this thesis, we propose several countermeasures to these types of attacks, with the main themes being timing analysis and SPA. In addition to these themes, one of our contributions expands upon the ideas behind SPA to present a constructive use of these techniques in the context of embedded systems debugging. In our first contribution, we present a countermeasure against timing attacks where an optimized form of idle-wait is proposed with the goal of making the observable decryption time constant for most operations while maintaining the overhead to a minimum. We show that not only we reduce the overhead in terms of execution speed, but also the computational cost of the countermeasure, which represents a considerable advantage in the context of devices relying on battery power, where reduced computations translates into lower power consumption and thus increased battery life. This is indeed one of the important themes for all of the contributions related to countermeasures to side- channel attacks. Our second and third contributions focus on power analysis; specifically, SPA. We address the issue of straightforward implementations of binary exponentiation algorithms (or scalar multiplication, in the context of elliptic curve cryptography) making a cryptographic system vulnerable to SPA. Solutions previously proposed introduce a considerable performance penalty. We propose a new method, namely Square-and-Buffered- Multiplications (SABM), that implements an SPA-resistant binary exponentiation exhibiting optimal execution time at the cost of a small amount of storage --- O(\sqrt(\ell)), where \ell is the bit length of the exponent. The technique is optimal in the sense that it adds SPA-resistance to an underlying binary exponentiation algorithm while introducing zero computational overhead. We then present several new SPA-resistant algorithms that result from a novel way of combining the SABM method with an alternative binary exponentiation algorithm where the exponent is split in two halves for simultaneous processing, showing that by combining the two techniques, we can make use of signed-digit representations of the exponent to further improve performance while maintaining SPA-resistance. We also discuss the possibility of our method being implemented in a way that a certain level of resistance against DPA may be obtained. In a related contribution, we extend these ideas used in SPA and propose a technique to non-intrusively monitor a device and trace program execution, with the intended application of assisting in the difficult task of debugging embedded systems at deployment or production stage, when standard debugging tools or auxiliary components to facilitate debugging are no longer enabled in the device. One of the important highlights of this contribution is the fact that the system works on a standard PC, capturing the power traces through the recording input of the sound card.

cryptography

embedded systems

embedded systems security

side-channel analysis

timing attacks

power analysis

spa-resistant implementations

embedded systems debugging

Electrical and Computer Engineering

Side-Channel Analysis: Countermeasures and Application to Embedded Systems Debugging

Moreno, Carlos

January 2013

Side-Channel Analysis plays an important role in cryptology, as it represents an important class of attacks against cryptographic implementations, especially in the context of embedded systems such as hand-held mobile devices, smart cards, RFID tags, etc. These types of attacks bypass any intrinsic mathematical security of the cryptographic algorithm or protocol by exploiting observable side-effects of the execution of the cryptographic operation that may exhibit some relationship with the internal (secret) parameters in the device. Two of the main types of side-channel attacks are timing attacks or timing analysis, where the relationship between the execution time and secret parameters is exploited; and power analysis, which exploits the relationship between power consumption and the operations being executed by a processor as well as the data that these operations work with. For power analysis, two main types have been proposed: simple power analysis (SPA) which relies on direct observation on a single measurement, and differential power analysis (DPA), which uses multiple measurements combined with statistical processing to extract information from the small variations in power consumption correlated to the data. In this thesis, we propose several countermeasures to these types of attacks, with the main themes being timing analysis and SPA. In addition to these themes, one of our contributions expands upon the ideas behind SPA to present a constructive use of these techniques in the context of embedded systems debugging. In our first contribution, we present a countermeasure against timing attacks where an optimized form of idle-wait is proposed with the goal of making the observable decryption time constant for most operations while maintaining the overhead to a minimum. We show that not only we reduce the overhead in terms of execution speed, but also the computational cost of the countermeasure, which represents a considerable advantage in the context of devices relying on battery power, where reduced computations translates into lower power consumption and thus increased battery life. This is indeed one of the important themes for all of the contributions related to countermeasures to side- channel attacks. Our second and third contributions focus on power analysis; specifically, SPA. We address the issue of straightforward implementations of binary exponentiation algorithms (or scalar multiplication, in the context of elliptic curve cryptography) making a cryptographic system vulnerable to SPA. Solutions previously proposed introduce a considerable performance penalty. We propose a new method, namely Square-and-Buffered- Multiplications (SABM), that implements an SPA-resistant binary exponentiation exhibiting optimal execution time at the cost of a small amount of storage --- O(\sqrt(\ell)), where \ell is the bit length of the exponent. The technique is optimal in the sense that it adds SPA-resistance to an underlying binary exponentiation algorithm while introducing zero computational overhead. We then present several new SPA-resistant algorithms that result from a novel way of combining the SABM method with an alternative binary exponentiation algorithm where the exponent is split in two halves for simultaneous processing, showing that by combining the two techniques, we can make use of signed-digit representations of the exponent to further improve performance while maintaining SPA-resistance. We also discuss the possibility of our method being implemented in a way that a certain level of resistance against DPA may be obtained. In a related contribution, we extend these ideas used in SPA and propose a technique to non-intrusively monitor a device and trace program execution, with the intended application of assisting in the difficult task of debugging embedded systems at deployment or production stage, when standard debugging tools or auxiliary components to facilitate debugging are no longer enabled in the device. One of the important highlights of this contribution is the fact that the system works on a standard PC, capturing the power traces through the recording input of the sound card.

cryptography

embedded systems

embedded systems security

side-channel analysis

timing attacks

power analysis

spa-resistant implementations

embedded systems debugging

Electrical and Computer Engineering

ARM i inbyggt system : med prototyp / ARM in Embedded System : with Prototype

Abdulhadi, Sami

January 2009

Inbyggda system blir allt vanligare i dagens samhälle. De inbyggda systemen finns i nästan allt nuförtiden, från diverse fordon till leksaker för barn. Dagens teknik innebär bland annat att gårdagens lösningar kan realiseras på en bråkdel av den tidigare ytan. Allt mer blir ytmonterat med mindre och mer komplexa kretsar. Detta är inte alltid till utvecklarnas fördel då montering av prototypkort blir en svår och/eller dyr process. Målet är att ta fram ett inbyggt system med en ARM-processor. Systemet ska innehålla USB-OTG, ethernet, minne av olika slag som FRAM och microSD samt en display med pekskärm för användargränssnitt. Projektet omfattar allt från komponentval till test och verifiering med programkod. Tiden räckte inte till för att få med alla delar som planerats. Resultatet av projektet blev ett prototypkort och två små programsekvenser, en som blinkar två lysdioder på kortet och en som skriver ut en bild på displayen. Detta inbyggda system är i första hand till för utvärdering av ARM-processorer för Mikrodidakt AB. / Embedded systems has become more and more common in today's society. The embedded systems are included in almost everything today, from various vehicles to children's toys. Today's technology means that yesterday's solutions can be realised on a fraction of the area. More and more become surface mounted with smaller and more complex circuits. This is not always an advantage for the developers when assembling and soldering prototype circuit boards become a more difficult and/or an expensive process. The goal is to create an embedded system with an ARM-processor. The system will consist of USB-OTG, ethernet, various memory like FRAM and microSD and a display with touchscreen for user interface. The project includes everything from choice of components to test and verification with program code. The time was too short to include all the parts that was planned. The result of the project was a prototype card and two small program sequences, one that blinks the two light diodes on the card and one that writes a picture on the display. This embedded system is intended for evaluating ARM-processors by Mikrododakt AB.

ARM

Embedded System

Prototype

ARM

inbyggt system

prototyp

Electronics

Elektronik

AN XML-DRIVEN ARCHITECTURE FOR INSTRUMENTATION COCKPIT DISPLAY SYSTEMS

Portnoy, Michael, Berdugo, Albert

10 1900

ITC/USA 2005 Conference Proceedings / The Forty-First Annual International Telemetering Conference and Technical Exhibition / October 24-27, 2005 / Riviera Hotel & Convention Center, Las Vegas, Nevada / Designing and implementing an instrumentation cockpit display system presents many unique challenges. The system must be easy to use, yet highly customizable. Typically, these systems require an experienced programmer to create graphical display screens. Furthermore, most current display systems do not provide for bi-directional communication between the instrumentation system and the display system. This paper discusses an architecture that addresses these issues and other common problems with cockpit displays. This system captures data from the instrumentation system, displays parameters, and returns calculated parameters and status information regarding pilot actions to the instrumentation system. Unlike traditional systems, the configuration of the graphical presentation of the cockpit display can be done by a non-programmer. All communication between the instrumentation system and the cockpit display system is done transparently using XML. The usage of XML in this system facilitates real-time form previewing, cross-platform compatibility, and seamless transitions between project management, graphical configuration, and engineering unit conversions.

Cockpit Display System

XML

On-Board Processing

Embedded Systems

CIGTF Enhanced Precision Reference Systems

Lawrence, Robert S., Gregory, George, Stutz, Derryl, Sanchez, Jerry, Neal, Brent

10 1900

International Telemetering Conference Proceedings / October 20-23, 2003 / Riviera Hotel and Convention Center, Las Vegas, Nevada / The 746th Test Squadron at Holloman AFB has developed and utilized the Central Inertial Guidance Test Facility (CIGTF) High Accuracy Post-processing Reference System (CHAPS). CHAPS is a multi-sensor navigation reference system used to evaluate position, velocity, and attitude performance of Global Positioning System (GPS), Inertial Navigation System (INS), and Embedded GPS/INS (EGI) navigation systems on large vehicles and aircraft. Reference data is processed post-test with accuracy ranges from a meter to sub-meter depending on the reference configuration and test environment (profile, trajectory dynamics, GPS jamming, etc.). The GPS Aided Inertial Navigation Reference (GAINR) system developed by the Air Force Flight Test Center (Edwards AFB) offered other utilization capabilities (test beds and post-processing time). The basic sensor assembly is an EGI navigation system. The data are post-processed with Multisensor Optimal Smoothing Estimation Software (MOSES). Incorporating CHAPS and GAINR capabilities generates a reference system with enhanced accuracy (sub-meter) in a dynamic GPS non-jamming/jamming environment. This paper will present the enhanced reference system combination of CHAPS/GAINR capabilities, characterization process and development methodology.

Reference System

Instrumentation

Data Acquisition System

Embedded Navigation System