Opendata, web and dolomites
  1. home
  2. trasparenza
  3. open h2020
  4. cathedral
  5. reports

Report

Teaser, summary, work performed and final results

Periodic Reporting for period 2 - Cathedral (Post-Snowden Circuits and Design Methods for Security)

Teaser

The final goal of the Cathedral ERC project is to create essential electronic components to support next generation electronic devices with a strong built-in level of trust and security. Electronics are integrating/invading into the human environment at an amazing speed. This...

Summary

The final goal of the Cathedral ERC project is to create essential electronic components to support next generation electronic devices with a strong built-in level of trust and security.

Electronics are integrating/invading into the human environment at an amazing speed. This (r)evolution is called the Internet-of-Things, also called the Internet-of-Everything (IoE) or next the Tactile Internet. It is estimated that the number of IOT devices will reach 125 billion by 2030. Small distributed devices and embedded sensors are connected to the body, integrated in our autonomous driving car, our smart home, and intelligent work place. The IOT sensors pick up data, process part of it locally, send the data over wireless and wired links, 5G being one such technology, over the Internet into the cloud, where the data is processed and analysed. In the other direction, somewhere from the cloud, instructions can be given which control the actuators at the end points of the internet, whether it be medical devices or valves in smart factories or brakes of a self-driving car. Adding security and privacy to this IoE is a huge challenge: the devices are distributed, easily accessible, have extremely low computation and storage capabilities, are battery operated and are very difficult to upgrade remotely. Adding security taking these constraints of area, power, energy into account, is a first major challenge.

The IOT revolution is supported by scaled down CMOS technologies. This same CMOS technology gives also more computational power to the attacker. Indeed, post-Snowden society realizes that the attack capabilities of intelligence agencies, and following close of organized crime and other hackers, are orders of magnitude stronger than imagined. Moreover, new technologies are appearing. One of the most important ones is quantum computing. Huge investments are made into quantum computing, illustrated e.g. by the EU Quantum Flagship recently launched. Quantum computers are however devastating for existing public key algorithms, as they can break the underlying computational problems. Thus the cryptographic algorithms behind many currently used protocols need to be replaced. These new so-called post-quantum secure cryptographic algorithms also need efficient and secure implementations in our IT infrastructure, both in the cloud as well as on the IOT devices. Efficient and secure implementations of the new generation of post-quantum algorithms is a second major challenge addressed in the Cathedral project.

An extra challenge comes from the fact that IOT devices are spread into the environment and thus that the attacker is able to observe the device while in operation. The devices therefore also need countermeasures against information leakage through side-channel. These are attacks that use side information, such as data dependent variations in execution time, the behaviour of the cache or data dependent variations in power consumption to deduce information on the inner operations of the IOT device. Evaluations for side-channel information leakage and developing countermeasures against such attacks is a third major challenge of this project. Security is as strong as the weakest link. Therefore, strong emphasis is placed on the interaction and interface between components and on supporting design methods to create secure and efficient digital hardware.

Objectives:
As is clear from the many security failures that we witness in IOT and internet connected devices, there is a strong demand to re-establish trust in these systems. However, bridging the requirements of these in opposite directions moving revolutions requires a rethinking on how security and privacy is addressed. While, we cannot solve the complete security and privacy problem in one project, our focus is on the digital hardware, the root of trust. Without secure and trusted hardware, the software and systems built on top of it, cannot be secure. Protection, relies on high-quali

Work performed

Cathedral is a project organized from the bottom-up. Similar to constructing a cathedral we start with the building blocks at the foundation without losing sight over the other parts of the edifice. We took into account two important evolutions in our research field. One is the threat from quantum computers: indeed the investments into quantum computing in general are immense, which means that the computation capability of quantum computers will probably scale quickly. Thus we need to come up with novel post-quantum secure cryptographic building blocks. The other is the recent discovery in 2018 of micro-architectural side-channel attacks: the most well-known ones be Spectre, Meltdown and Foreshadow. These are software attacks that abuse properties of the digital hardware. Within the context of our work on trusted computing and HW/SW co-design we put more emphasis on this topic.
These two topics receive and will continue to receive extra attention in our research. More details about the progress in our research over the first 2.5 years of the project are given below.

Integrated circuits are made in CMOS semiconductor technology: this is the case for the ASIC, FPGA’s and processors we use. A first main topic is the usage of process variations and intrinsic physical variations to create hardware entangled security building blocks. Random numbers are essential in cryptographic protocols to create freshness, nonces, temporary keys and more.
We have derived novel True Random Number Generators and Physically Unclonable Functions. The Edge-Sampling TRNG is available with a stochastic model and formal security evaluation, which is required to obtain security certification. On the topic of PUFs, we have in collaboration with the reliability group of imec created and fabricated a novel PUF based on soft-oxide breakdown. We have also performed experiments to investigate if RRAM technology can be utilized as reconfigurable PUF: our conclusion is that one should be very cautious when using the reconfiguration option, as there is correlation between consecutive configurations. In addition a new FPGA compatible PUF was developed, which we call Monte-Carlo PUF.

At the circuit level, we mostly focus on side-channel and fault attacks on IOT devices and countermeasures. Countermeasures at circuit level are expensive in area cost: we worked on narrowing the gap between theory and practice by focusing on masking styles that are more hardware efficient and reduce the randomness requirements. In literature so far, the effectiveness of countermeasures are typically evaluated only after implementation and fabrication. This is time consuming and expensive. Hence we are working on a design environment so that information leakage can be detected and countermeasures can be evaluated at different stages during design.

Developing building blocks for post-quantum secure cryptographic algorithms is essential to keep our IT infrastructure secure for the next decades as mentioned before. We therefore put a lot of effort into the feasibility and implementation aspects of the novel mathematical building blocks developed for this purpose. We especially focus on the building blocks for lattice based crypto, from basic building blocks such as constant time discrete Gaussian sampler, over special purpose multipliers to actual encryption, decryption and key encapsulation modules. We target different platforms: FPGA, micro-controllers, co-processor architectures and probably in the future ASIC.

In the context of trusted computing and HW/SW co-design, we investigated two aspects: hardware support mechanisms for software security and hardware acceleration by means of instruction-set extensions or co-processor design. The ultimate goal is to reduce the trust a user has to put in software by providing control-flow integrity and software integrity, as well as code and data confidentiality. We’re also working on hardware acceleration for (somewhat) homomorphic

Final results

The final objective of the Cathedral ERC project is to be able to design secure embedded systems, using secure design methods, and with a comprehensive security evaluation. To obtain this ultimate goal, we will continue on the building blocks as well as a cross-building block topics.

Beyond state of the art, to be continued until the end of the project are the following main topics:
• Our designs of novel TRNG and PUF will include a formal security evaluation. Especially for PUFs formal security evaluation is missing. Beyond state of the art is the close collaboration with the reliability group of imec. Their insight into the physics and associated models into sources of entropy are essential to build quality security profiles for PUFs and TRNGs. We are investigating novel unconventional sources of randomness, such as RRAM technology and soft oxide breakdown.
• Beyond state of the art is also our work on the implementation aspects of post-quantum secure cryptographic algorithms. Our close collaboration with mathematicians has resulted into a submission in the NIST post-quantum competition. PhD students D’Anvers, Karmaka and Sinha Roy are main authors of the SABER submission to NIST together with mathematician and crypto expert Prof. F. Vercauteren. At present, SABER has reached the second round of the competition. The quality and originality of this submission is the fact that the mathematical concepts and security parameters have been chosen with efficient hardware implementations in mind. We are continuing to evaluate its performance on different hardware platforms. We also compare with the other candidates.
• Recently, NIST has announced a different competition on ‘lightweight’ cryptography. Here our input and expertise to the cryptographers to design lightweight algorithms is essential. The close collaboration has resulted into a novel authenticated encryption with associated data (AEAD) scheme. This algorithm has only recently been submitted. Further analysis and design will be done in the 2nd half of the ERC project.
• Design for security is a continuous process. We evaluate the resistance of implementations against many categories of attacks: information leakage through electro-magnetic radiations, through power consumptions or through timing variations. Our hardware security lab also allows us to perform active attacks, ranging from clock and power glitching to actual laser attacks. From these evaluations, we improve and create new countermeasures, which are more difficult to attack. We continuously aim at translating the know-how gained this way into design methods which are generically applicable.
Thus at the end of the project, we will obtain novel cryptographic hardware and embedded systems to support post-quantum cryptographic algorithms, together with a set of design methods which can be broadly applied. These techniques will be applied to challenging use cases: on the cloud site we plan to further use our know-how on lattice based crypto to support homomorphic encryption and on the IOT side to integrate extremely lightweight crypto enhanced with a suitable set of countermeasures.