Periodic Reporting for period 4 - Cathedral (Post-Snowden Circuits and Design Methods for Security)
Período documentado: 2021-03-01 hasta 2022-02-28
The ultimate objective of the Cathedral ERC project is to create essential electronic components to support next generation electronic devices with a strong built-in level of trust and security.
Electronics are integrating/invading into the human environment at an amazing speed. This (r)evolution is called the Internet-of-Things. It is estimated that the number of IOT devices will reach 125 billion by 2030. Small distributed devices and embedded sensors are connected to the body, integrated in our autonomous driving car, our smart home, and intelligent work place. Adding security and privacy to this IOT is a huge challenge: the devices are distributed, easily accessible, have extremely low computation and storage capabilities, are battery operated and are very difficult to upgrade remotely. Adding security taking these constraints of area, power, energy into account, is a first major achievement.
The IOT revolution is enabled by scaled down CMOS technologies. Also new technologies are appearing, the most important one being quantum computing. Quantum computers are however devastating for existing public key algorithms, as they can break the underlying computational problems. Thus the cryptographic algorithms behind many currently used protocols need to be replaced. These new post-quantum secure cryptographic algorithms also need efficient and secure implementations in our IT infrastructure, both in the cloud as well as on the IOT devices. Efficient and secure implementations of the new generation of post-quantum algorithms is a second major achievement.
An extra challenge comes from the fact that IOT devices are all around into the environment and thus that the attacker is able to observe the device while in operation. The devices therefore also need countermeasures against information leakage through side-channels. These attacks use side information, such as data dependent variations in execution time, the behaviour of the cache or data dependent variations in power consumption to deduce information on the inner operations of the IOT device. During the project, micro-architectural side-channel attacks were fully developed and gained a lot of attention. Evaluations for side-channel information leakage and developing countermeasures against such attacks is a third major achievement of this project.
Security is as strong as the weakest link. Therefore, strong emphasis is placed on the interaction and interface between components and on supporting design methods to create secure and efficient digital hardware.
Electronics are integrating/invading into the human environment at an amazing speed. This (r)evolution is called the Internet-of-Things. It is estimated that the number of IOT devices will reach 125 billion by 2030. Small distributed devices and embedded sensors are connected to the body, integrated in our autonomous driving car, our smart home, and intelligent work place. Adding security and privacy to this IOT is a huge challenge: the devices are distributed, easily accessible, have extremely low computation and storage capabilities, are battery operated and are very difficult to upgrade remotely. Adding security taking these constraints of area, power, energy into account, is a first major achievement.
The IOT revolution is enabled by scaled down CMOS technologies. Also new technologies are appearing, the most important one being quantum computing. Quantum computers are however devastating for existing public key algorithms, as they can break the underlying computational problems. Thus the cryptographic algorithms behind many currently used protocols need to be replaced. These new post-quantum secure cryptographic algorithms also need efficient and secure implementations in our IT infrastructure, both in the cloud as well as on the IOT devices. Efficient and secure implementations of the new generation of post-quantum algorithms is a second major achievement.
An extra challenge comes from the fact that IOT devices are all around into the environment and thus that the attacker is able to observe the device while in operation. The devices therefore also need countermeasures against information leakage through side-channels. These attacks use side information, such as data dependent variations in execution time, the behaviour of the cache or data dependent variations in power consumption to deduce information on the inner operations of the IOT device. During the project, micro-architectural side-channel attacks were fully developed and gained a lot of attention. Evaluations for side-channel information leakage and developing countermeasures against such attacks is a third major achievement of this project.
Security is as strong as the weakest link. Therefore, strong emphasis is placed on the interaction and interface between components and on supporting design methods to create secure and efficient digital hardware.
All papers, conference contributions, presentations are available in a separate list and also on our Google scholar page:
https://scholar.google.com/citations?hl=en&user=ZyG1ZGgAAAAJ&view_op=list_works&sortby=pubdate
Please also check our list of EU publications in this periodic report under the tab 'publications' above
This list emphasises the results, exploitation and dissemination beyond the publications and citations.
• Achievement: patent. On the design of True Random Number Generators, the most important achievement we obtained is its portability across different CMOS technologies and FPGAs. Portability of TRNG modules is essential if we want to reuse TRNGs between different technology nodes. A novel approach is published and a patent granted (US patent US10761809). TRNGs and PUFs are essential roots of trust in any embedded system.
• Impact: invitation as partner. As an outcome, we are a partner in the EU Flagship Quantum Computing, QRANGE project. QRANGE is a project on quantum random number generator. Our expertise, as non-quantum partner, is to dissemination our TRNG knowledge into quantum context.
• Impact: NIST standardization. The design, development, implementation and evaluation on a variety of platforms (micro-controllers, FPGA, ASIC) of post-quantum cryptographic algorithms as proposed for the NIST standardization effort, requires the development of new computational building blocks (e.g. NTT based multipliers), and especially new masking techniques to protect against side-channel attacks. These building blocks are generic and can be reused as building blocks for future lattice based crypto designs.
• We have expanded and operate an electronics hardware security lab. Our expertise is recognized by other research groups in the world. We have hosted visiting researchers o.a. from Purdue university, NAIST (Japan), and others to evaluate the side channel and attack resistance of their design. This has resulted in joined publications.
• New development during project: Micro-architectural side-channel attacks are a new discovery during this project time frame. We have contributed to this topic by a highly visible cited paper at the A* conference Usenix 2021.
• The intellectual property (IP) and building blocks are a foundation to support the implementation and acceleration of new generations of cryptographic algorithms and applications, o.a. Fully Homomorphic encryption and Multi Party Computation.
Our work in Cathedral has resulted in 82 publications (33 journal, 40 conference and 9 other), 10 PhDs have graduated between 2017 and 2021 and one patent was granted. To conclude, the electronics security cathedral has become a much sturdier building with stronger foundations, yet as is with all cathedrals, the building is never finished and challenging new topics start from these foundations.
https://scholar.google.com/citations?hl=en&user=ZyG1ZGgAAAAJ&view_op=list_works&sortby=pubdate
Please also check our list of EU publications in this periodic report under the tab 'publications' above
This list emphasises the results, exploitation and dissemination beyond the publications and citations.
• Achievement: patent. On the design of True Random Number Generators, the most important achievement we obtained is its portability across different CMOS technologies and FPGAs. Portability of TRNG modules is essential if we want to reuse TRNGs between different technology nodes. A novel approach is published and a patent granted (US patent US10761809). TRNGs and PUFs are essential roots of trust in any embedded system.
• Impact: invitation as partner. As an outcome, we are a partner in the EU Flagship Quantum Computing, QRANGE project. QRANGE is a project on quantum random number generator. Our expertise, as non-quantum partner, is to dissemination our TRNG knowledge into quantum context.
• Impact: NIST standardization. The design, development, implementation and evaluation on a variety of platforms (micro-controllers, FPGA, ASIC) of post-quantum cryptographic algorithms as proposed for the NIST standardization effort, requires the development of new computational building blocks (e.g. NTT based multipliers), and especially new masking techniques to protect against side-channel attacks. These building blocks are generic and can be reused as building blocks for future lattice based crypto designs.
• We have expanded and operate an electronics hardware security lab. Our expertise is recognized by other research groups in the world. We have hosted visiting researchers o.a. from Purdue university, NAIST (Japan), and others to evaluate the side channel and attack resistance of their design. This has resulted in joined publications.
• New development during project: Micro-architectural side-channel attacks are a new discovery during this project time frame. We have contributed to this topic by a highly visible cited paper at the A* conference Usenix 2021.
• The intellectual property (IP) and building blocks are a foundation to support the implementation and acceleration of new generations of cryptographic algorithms and applications, o.a. Fully Homomorphic encryption and Multi Party Computation.
Our work in Cathedral has resulted in 82 publications (33 journal, 40 conference and 9 other), 10 PhDs have graduated between 2017 and 2021 and one patent was granted. To conclude, the electronics security cathedral has become a much sturdier building with stronger foundations, yet as is with all cathedrals, the building is never finished and challenging new topics start from these foundations.
The Cathedral ERC project resulted in a set of design methods and building blocks for secure embedded systems. Beyond state of the art, are the following main topics:
• Our designs of novel TRNG and PUF include a formal security evaluation. Beyond state of the art is the close collaboration with the reliability group of imec. Together with them, we investigate novel unconventional sources of randomness, such as RRAM technology and soft oxide breakdown.
• Beyond state of the art is also our work on the implementation aspects of post-quantum secure cryptographic algorithms. Our close collaboration with mathematicians has resulted into a finalist SABER in the NIST post-quantum competition. PhD students D’Anvers, Karmaka and Sinha Roy, (now all 3 graduated) are main authors of the SABER submission together with mathematician and crypto expert Prof. F. Vercauteren. The quality and originality of this submission is the fact that the mathematical concepts and security parameters are designed taking into account efficient hardware and embedded software.
• Design for security is a continuous process. We evaluate the resistance of implementations against many categories of attacks: information leakage through electro-magnetic radiations, power consumptions or timing variations. Our hardware security lab also allows us to perform active attacks, ranging from clock and power glitching to actual laser attacks. From these evaluations, we improve and create new countermeasures, which are more difficult to attack.
• At the time of writing the ERC Cathedral project proposal in 2015, we speculated that implementation aspects of homomorphic encryption would be a future research topic and possible application for the Cathedral methodology. At this moment, fully homomorphic encryption and multi-party computation have evolved from niche into important mathematical directions, which urgently need hardware and cloud acceleration. This is our current research direction, founded on top of the Cathedral.
• Our designs of novel TRNG and PUF include a formal security evaluation. Beyond state of the art is the close collaboration with the reliability group of imec. Together with them, we investigate novel unconventional sources of randomness, such as RRAM technology and soft oxide breakdown.
• Beyond state of the art is also our work on the implementation aspects of post-quantum secure cryptographic algorithms. Our close collaboration with mathematicians has resulted into a finalist SABER in the NIST post-quantum competition. PhD students D’Anvers, Karmaka and Sinha Roy, (now all 3 graduated) are main authors of the SABER submission together with mathematician and crypto expert Prof. F. Vercauteren. The quality and originality of this submission is the fact that the mathematical concepts and security parameters are designed taking into account efficient hardware and embedded software.
• Design for security is a continuous process. We evaluate the resistance of implementations against many categories of attacks: information leakage through electro-magnetic radiations, power consumptions or timing variations. Our hardware security lab also allows us to perform active attacks, ranging from clock and power glitching to actual laser attacks. From these evaluations, we improve and create new countermeasures, which are more difficult to attack.
• At the time of writing the ERC Cathedral project proposal in 2015, we speculated that implementation aspects of homomorphic encryption would be a future research topic and possible application for the Cathedral methodology. At this moment, fully homomorphic encryption and multi-party computation have evolved from niche into important mathematical directions, which urgently need hardware and cloud acceleration. This is our current research direction, founded on top of the Cathedral.