当前位置:
X-MOL 学术
›
Microelectron. Reliab.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
Securing RSA hardware accelerators through residue checking
Microelectronics Reliability ( IF 1.6 ) Pub Date : 2021-01-01 , DOI: 10.1016/j.microrel.2020.114021 Ana Lasheras , Ramon Canal , Eva Rodríguez , Luca Cassano
Microelectronics Reliability ( IF 1.6 ) Pub Date : 2021-01-01 , DOI: 10.1016/j.microrel.2020.114021 Ana Lasheras , Ramon Canal , Eva Rodríguez , Luca Cassano
Abstract Circuits for the hardware acceleration of cryptographic algorithms are ubiquitously deployed in consumer and industrial products. Although being secure from a mathematical point of view, such accelerators may expose several vulnerabilities strictly related to the hardware implementation. Differential fault analysis (DFA) and hardware Trojan horses (HWTs) may be exploited to steal secret information from the circuit or to interfere with its nominal functioning. It is therefore important to protect cryptographic hardware accelerators against such attacks in an efficient way. In this paper, we propose a lightweight technique for protecting circuits implementing the RSA algorithm against DFA and HWTs at runtime. The proposed solution relies on residue checking which is a well-known technique belonging to traditional fault tolerance. Residue checking is here applied to RSA circuits in order to detect any modification of the output of the circuit possibly induced by the occurrence of a fault or the activation of a HWT. When this happens, the protection technique reacts to the attack by obfuscating the circuit's output (i.e. generating a random output). An experimental campaign (99% confidence and 1% error) demonstrated that, when dealing with DFA, the proposed solution detected 100% of the fault attacks that leaked information to the attacker. Moreover, we applied the proposed technique to all the HWT infected implementations of the RSA algorithm available in the Trust-Hub benchmark suite achieving a 100% HWT detection. The overhead introduced by the proposed solution is a maximum area increase below 3%, about 18% dynamic power consumption increase while it has no impact on the operating frequency.
中文翻译:
通过残留检查保护 RSA 硬件加速器
摘要 用于加密算法硬件加速的电路无处不在地部署在消费和工业产品中。尽管从数学的角度来看是安全的,但此类加速器可能会暴露几个与硬件实现严格相关的漏洞。差分故障分析 (DFA) 和硬件特洛伊木马 (HWT) 可能被用来从电路中窃取秘密信息或干扰其正常功能。因此,以有效的方式保护加密硬件加速器免受此类攻击非常重要。在本文中,我们提出了一种轻量级技术,用于保护在运行时针对 DFA 和 HWT 实施 RSA 算法的电路。所提出的解决方案依赖于残留检查,这是属于传统容错的一种众所周知的技术。残差检查在此应用于 RSA 电路,以检测可能由故障发生或 HWT 激活引起的电路输出的任何修改。发生这种情况时,保护技术通过混淆电路的输出(即生成随机输出)来对攻击做出反应。一项实验性活动(99% 的置信度和 1% 的错误率)表明,在处理 DFA 时,所提出的解决方案检测到 100% 将信息泄露给攻击者的故障攻击。此外,我们将所提出的技术应用于 Trust-Hub 基准套件中可用的 RSA 算法的所有 HWT 感染实现,实现了 100% 的 HWT 检测。提议的解决方案引入的开销是最大面积增加低于 3%,
更新日期:2021-01-01
中文翻译:
通过残留检查保护 RSA 硬件加速器
摘要 用于加密算法硬件加速的电路无处不在地部署在消费和工业产品中。尽管从数学的角度来看是安全的,但此类加速器可能会暴露几个与硬件实现严格相关的漏洞。差分故障分析 (DFA) 和硬件特洛伊木马 (HWT) 可能被用来从电路中窃取秘密信息或干扰其正常功能。因此,以有效的方式保护加密硬件加速器免受此类攻击非常重要。在本文中,我们提出了一种轻量级技术,用于保护在运行时针对 DFA 和 HWT 实施 RSA 算法的电路。所提出的解决方案依赖于残留检查,这是属于传统容错的一种众所周知的技术。残差检查在此应用于 RSA 电路,以检测可能由故障发生或 HWT 激活引起的电路输出的任何修改。发生这种情况时,保护技术通过混淆电路的输出(即生成随机输出)来对攻击做出反应。一项实验性活动(99% 的置信度和 1% 的错误率)表明,在处理 DFA 时,所提出的解决方案检测到 100% 将信息泄露给攻击者的故障攻击。此外,我们将所提出的技术应用于 Trust-Hub 基准套件中可用的 RSA 算法的所有 HWT 感染实现,实现了 100% 的 HWT 检测。提议的解决方案引入的开销是最大面积增加低于 3%,
京公网安备 11010802027423号