Community Research and Development Information Service - CORDIS

H2020

HECTOR Report Summary

Project ID: 644052
Funded under: H2020-EU.2.1.1.

Periodic Reporting for period 1 - HECTOR (HARDWARE ENABLED CRYPTO AND RANDOMNESS)

Reporting period: 2015-03-01 to 2016-08-31

Summary of the context and overall objectives of the project

Security has become a critical requirement for most applications. Robust security typically requires strong hardware foundations. HECTOR’s objective is to bridge the gap between the mathematical heaven of theoretically secure cryptographic algorithms and challenges to implement them securely and efficiently into hardware. The project focuses on how to improve the hardware friendliness, efficiency and robustness of 3 elementary security building blocks, namely implementations of crypto algorithms, random numbers generators, and physically unclonable functions, as well as potential efficiency gains when looking at how these interact together instead of considering them separately.

For true random number generators (TRNGs), the requirement is to fulfil demanding security requirements such as specified by the AIS20/31 standard in order to guarantee the generation of enough entropy, and/or detect and report when this is no longer the case. From a design point of view, besides the efficiency of the TRNG cell, the main ambition is to propose a process allowing to meet the requirements while minimizing the necessary expertise, design-iterations, and efforts.

For physically unclonable functions (PUFs), the first objective is to obtain hardware designs allowing to achieve proper entropy, robustness, and security. Compared to TRNGs, so far there is no AIS20/31-like framework for PUFs. The other objective is to research if such an approach could be proposed.

Cryptography relies on good random numbers for keys, protocols and side-channels protection. On one hand, the project is assuming the availability of good random numbers, and researching more hardware-efficient crypto approaches. Efficiency is addressed both from the design-process point of view, researching how to minimize the path towards a validated, protected crypto implementation, as well as from a crypto building block and system efficiency point of view, with research on authenticated encryption and hardware-friendlier crypto algorithms. The project is also investigating if there are efficiency gains to be made by relaxing TRNG quality requirements, and through more random-tolerant crypto designs.

Work performed from the beginning of the project to the end of the period covered by the report and main results achieved so far

The project is structured around six work packages.
WP1 was about capturing, studying and specifying requirements for the work to be performed within the technical work packages:
1) A common evaluation platform has been defined. It includes an FPGA-based motherboard with low-noise and adjustable voltage regulators and features to ease security characterization. A range of lower-cost daughter modules will allow evaluating HECTOR primitives implemented in different FPGA families and ASICs.
2) Demonstration scenarios have been refined. This allowed defining the TRNG, PUF and Crypto building blocks that will need to be delivered by the related work packages to the demonstration work package, as well as the hardware platforms that will need to be developed.
3) Opportunities, requirements and constraints from the consortium’s commercial partners have been studied and documented, in order to minimize adoption barriers, maximize alignment of efforts, and ease future commercial exploitation of results.
The evaluation platforms have been designed, manufactured, and distributed, together with sample firmware and FPGA-designs.

WP2 is focusing on TRNG and PUFs. A set of candidate principles for FPGA and ASIC implementations have been proposed. Comparison and evaluation criteria have been defined. Preliminary implementations have been performed and provided objective data to help compare and rank the candidates against the identified criteria. The relative importance of the criteria and best candidates actually depend on technology (FPGA family, ASIC), application and market constraints.
The next objective will be to implement and evaluate at least one of the selected TRNG and PUF principles into FPGAs and ASICs. Compared to the initial FPGA evaluations, these designs should include dedicated embedded tests and post-processing. These efforts have started. An ASIC test chip has been designed in order to tackle design-reproducibility challenges encountered with one of the selected TRNG principles and understand if and how ASIC technology can allow achieving proper control.

WP3 is focusing on cryptographic algorithms and countermeasures. Since these rely heavily on random numbers (cryptographic keys, random IVs, masking), a first line of research is to study the effect of non-ideal randomness on the cryptographic primitives and the effectiveness of countermeasures. Known-key and related-key attacks have been studied. To test the effect of weak random numbers on commonly used side-channel countermeasures, Matlab scripts to generate standardized sets of degraded random numbers have been developed. Each data set has an isolated defect that can be tested as described in AIS20/31, without ‘contamination’ of other types of defects.
The second objective of WP3 is to develop efficient implementations of cryptographic algorithms and countermeasures. The consortium has been very active in the CAESAR competition on authentication encryption, and 5 of the 15 round 3 candiates have been proposed by the consortium. An important improvement in the usage of the sponge construction for Authenticated Encryption has been introduced, which eases the interface between a TRNG/PUF, its cryptograhic post processing and the cryptographic algorithm itself. In HECTOR there is also a strong focus on the evaluation of side-channel protection of HW implementations at design time. Different approaches, both bottom-up as top-down, are being studied and compared.

WP4 which hadn’t started during the reporting period will focus on demonstrating how the technical developments from WP2 and WP3 can be combined to achieve efficient implementations in relevant applicative use cases.

WP5 is focused on dissemination, communication, exploitation, standardization and training. So far the project generated 15 articles and publications, participated to 9 conferences and workshops, and 25 dissemination-related activities. The project also participated to key cryptography and TRNG related standardization efforts and events, most notably the CAESAR authenticated encryption competition and the NIST TRNG workshop.

WP6 is the project management work package. All the necessary processes and tools are in place for efficient project management and to ensure proper execution.

Progress beyond the state of the art and expected potential impact (including the socio-economic impact and the wider societal implications of the project so far)

HECTOR intends to enable stronger European knowledge integration through collaboration among key complementary security and value chain actors. More specifically:
- Capitalizing on Europe’s AIS31 leadership, we aim to ease the design of TRNGs with provable entropy guarantees and robustness to physical attacks, paving the way for more robust products and lower cost security certifications.
- Researching how an approach similar to AIS31 could be proposed for PUFs, addressing one of the remaining obstacles towards adoption, increasing end-products security and capitalizing on the related R&D efforts.
- Capitalizing on the strong crypto expertise within the consortium (AES, SHA-3 inventors), pursuing promising ideas in the field of resource-efficient and highly-secure hardware crypto. For example for through sponge based Authenticated-Encryption schemes.
- Illustrating how HECTOR primitives could be combined to achieve highly efficient and secure implementations of European-relevant use cases.

Over time, successful adoptions of HECTOR results into products of partners covering very complementary applicative domains should provide a first way to propagate the benefits to a wide range of applications and actors of the respective value chains.

Dissemination of HECTOR results through teaching, publications and other dissemination events or contributions to standardization should allow to extend the propagation of those benefits beyond the project’s commercial partners’ respective value chains.
So far the project generated 15 scientific articles and publications, participated to 9 conferences and workshops, and 25 dissemination-related activities. The project participated to key cryptography and TRNG related standardization events, most notably the CAESAR authenticated encryption competition and the NIST TRNG workshop. The consortium is in close contact with key TRNG, PUF and cryptography standardization actors and initiatives.

Related information

Record Number: 194856 / Last updated on: 2017-02-15