iApplianceWeb-iApplianceReview

Sponsor-Editors Sites
" iApplianceReview
" Appliance-Lab
" CyberNode Appliances
" VideoIP Services
" Energy Gateways
" Metering & Appliances
" Netcentric Community
" Techrite Associates

EETimes Sites
" EE TIMES
" EE TIMES ASIA
" EE TIMES CHINA
" EE TIMES FRANCE
" EE TIMES GERMANY
" EE TIMES KOREA
" EE TIMES TAIWAN
" EE TIMES UK

EETimes Network Sites
" CommsDesign
" iApplianceWeb.com
" Microwave Engineering
" EEdesign
" Deepchip.com
" Design & Reuse
" Embedded.com
" Embedded Edge
" Elektronik i Norden
" Planet Analog
" Silicon Strategies

" Byte
" ChannelWeb
" CMP
" CommWeb
" Com. Convergence
" CRN
" Conferences and Events
" DB2
" Dr. Dobbs Journal
" DV.Com
" EBN
" EBN China
" eeProductCenter
" Electronics Express
" Electronics Express
" Internet Week
" Network Computing
" Network Magazine
" NetSeminar Services
" QuestLink
" TechWeb
" VAR Business
" Windows Developer

Four-way encoding aims to beat smartcard hackers

By Luke Collins
iApplianceWeb
(05/28/02, 11:39:39 PM EDT)

A smartcard architecture based on asynchronous design techniques has been proposed as a solution to a hacking technique that could compromise existing crypto-processor designs.

The hack uses light from a flash gun focused through a microscope to create glitches in CMOS circuitry, for example by flipping the value of individual bits of data stored in SRAM cells. Inducing such glitches can cause anomalous results in the smartcard's calculations, revealing valuable information such as encryption keys.

The flashgun attack was described in a presentation by Sergei Skorobogatov, a PhD student in the security group of Cambridge University's computing lab, to an IEEE symposium on security and privacy in California earlier this month.

Countermeasures to the optical attack are described in a paper presented at the IEEE in April.

The paper describes a smartcard architecture in which all data is encoded using a pair of values, so that a logic '1' is represented by a high-low signal pair and a logical '0' by a low-high signal pair. A low-low condition is recognised as a 'clear' signal and a high-high condition is recognised as an error.

Applying a glitch attack to this scheme, either using the optical approach described by Skorobogatov or by manipulating power or clock lines, is ineffective because of the way the data is encoded.

If the system is in 'clear' mode, using a low-low signal, and a glitch drives one of the lines high, the processor will become deadlocked because a new piece of data has apparently materialised unexpectedly in the middle of a calculation.

If a logic '1' or '0' is legitimately represented by the two signals and then glitched, the signal pair will either move to the clear state (low-low) or to the error state (high-high).

In the smartcard design described in the paper, the error signal is interpreted as an alarm, which is then rapidly propagated across the whole chip. This lets the chip clear intermediate values instantly.

The Cambridge University work on tamper-resistant smartcard chips has been extended to look at the protection of asynchronous circuits to power analysis attacks.

Asynchronous designs may be more susceptible to leaking information in the time domain because of their lack of a clock. The paper gives as an example an adder circuit whose duration of operation is dependent on the carry chain propagation. The researches have countered this issue by designing an adder circuit that operates with constant timing, regardless of data. A similar approach is taken to ensure that multipliers do not terminate their operations early even if they are operating on zero values.

The Cambridge smartcard design also takes care to equalise the wire lengths on each bus line so that they do not generate unique power signatures. Similarly, the team has worked to ensure that the logic loading on each line is similar.

The team also looked at introducing random 'noise', such as false operations, in situations where their design could be vulnerable to analysis. But the paper points out that the value of introducing such randomness can be undermined by averaging multiple runs of an algorithm.

The team has recently received a test chip back from manufacturing. The chip includes five 16bit processors based on Cambridge Consultants' XAP architecture, a Montgomery modular exponentiator for fast public key exchange using RSA encryption, an I/O block which includes a smartcard serial port and a distributed one-of-four interconnect scheme.

One of the processors also has a memory protection unit with a bus cryptography unit attached. This is designed to counter attacks that look at data-dependent power consumption by re-encoding the data using a hash look-up to provide a more uniform distribution of power across the range of possible data values.

Similar work by a team at the University of Manchester is intended to create a synthesised asynchronous ARM processor that is more resistant to power analysis than the existing Amulet core.