Concurrent Error Detection for Reliable SHA-3 Design

Similar documents
ECE 545 Project Deliverables

Physical Layer: Outline

Multiple Source Multiple. using Network Coding

A Scalable Recurrent Neural Network Framework for Model-free

Least Squares Optimal Filtering with Multirate Observations

Determining the Accuracy of Modal Parameter Estimation Methods

Chapter 3 Digital Transmission Fundamentals

, which yields. where z1. and z2

Bootstrap Method > # Purpose: understand how bootstrap method works > obs=c(11.96, 5.03, 67.40, 16.07, 31.50, 7.73, 11.10, 22.38) > n=length(obs) >

Building research leadership consortia for Quantum Technology Research Hubs. Call type: Expression of Interest

CHAPTER 2 Algebraic Expressions and Fundamental Operations

making triangle (ie same reference angle) ). This is a standard form that will allow us all to have the X= y=

A New Evaluation Measure. J. Joiner and L. Werner. The problems of evaluation and the needed criteria of evaluation

Time, Synchronization, and Wireless Sensor Networks

Methods for Determination of Mean Speckle Size in Simulated Speckle Pattern

ENG2410 Digital Design Arithmetic Circuits

Perfrmance f Sensitizing Rules n Shewhart Cntrl Charts with Autcrrelated Data Key Wrds: Autregressive, Mving Average, Runs Tests, Shewhart Cntrl Chart

Lecture 02 CSE 40547/60547 Computing at the Nanoscale

CHAPTER 4 DIAGNOSTICS FOR INFLUENTIAL OBSERVATIONS

Chapter 3 Digital Transmission Fundamentals

Fall 2013 Physics 172 Recitation 3 Momentum and Springs

CPM plans: the short, the medium and the long

ENG2410 Digital Design Sequencing and Control

Early detection of mining truck failure by modelling its operation with neural networks classification algorithms

Linearization of the Output of a Wheatstone Bridge for Single Active Sensor. Madhu Mohan N., Geetha T., Sankaran P. and Jagadeesh Kumar V.

Chapter 3: Cluster Analysis

Tooth Surface Design for Variable Transmission Ratio Bevel Gearing

Support-Vector Machines

LCA14-206: Scheduler tooling and benchmarking. Tue-4-Mar, 11:15am, Zoran Markovic, Vincent Guittot

Rigid Body Dynamics (continued)

Public Key Cryptography. Tim van der Horst & Kent Seamons

LED Quantity 3 SL-SPOT 3 UH

ROUNDING ERRORS IN BEAM-TRACKING CALCULATIONS

Power plants Robustificaton based On fault DetectIon (PRODI)

Revised 2/07. Projectile Motion

Performance Bounds for Detect and Avoid Signal Sensing

UBIMET. Climate Change Adaptation Strategies

Cambridge Assessment International Education Cambridge Ordinary Level. Published

Five Whys How To Do It Better

Application Of Mealy Machine And Recurrence Relations In Cryptography

CS 477/677 Analysis of Algorithms Fall 2007 Dr. George Bebis Course Project Due Date: 11/29/2007

APPLICATION GUIDE (v4.1)

Distributions, spatial statistics and a Bayesian perspective

Lecture 2: Supervised vs. unsupervised learning, bias-variance tradeoff

NTP Clock Discipline Principles

Math Foundations 20 Work Plan

o o IMPORTANT REMINDERS Reports will be graded largely on their ability to clearly communicate results and important conclusions.

Algebraic properties of SHA-3 and notable cryptanalysis results

Physics 2010 Motion with Constant Acceleration Experiment 1

Comprehensive Exam Guidelines Department of Chemical and Biomolecular Engineering, Ohio University

A Simple Set of Test Matrices for Eigenvalue Programs*

2/3 Axis Position Indicator

0606 ADDITIONAL MATHEMATICS

Scalability Evaluation of Big Data Processing Services in Clouds

Peripheral Zone Card.

Space Shuttle Ascent Mass vs. Time

A.H. Helou Ph.D.~P.E.

Lecture 2: Supervised vs. unsupervised learning, bias-variance tradeoff

Level Control in Horizontal Tank by Fuzzy-PID Cascade Controller

Design and Simulation of Dc-Dc Voltage Converters Using Matlab/Simulink

Image Processing Adam Finkelstein & Tim Weyrich Princeton University

the results to larger systems due to prop'erties of the projection algorithm. First, the number of hidden nodes must

ENG2410 Digital Design Sequential Circuits: Part A

Checking the resolved resonance region in EXFOR database

Main Menu. SEG Houston 2009 International Exposition and Annual Meeting. Summary

Edexcel GCSE Physics

AMERICAN PETROLEUM INSTITUTE API RP 581 RISK BASED INSPECTION BASE RESOURCE DOCUMENT BALLOT COVER PAGE

Guaranteeing Reliability with Vibration Simulation and Testing. Dr. Nathan Blattau

Packaging in trays T 850 Traysealer

THERMAL-VACUUM VERSUS THERMAL- ATMOSPHERIC TESTS OF ELECTRONIC ASSEMBLIES

and the custmer, by seeing all the tests run crrectly, t reduce defect rates in such a way that the successive test-cycle verhead becmes neglectable,

NUMBERS, MATHEMATICS AND EQUATIONS

This project has received funding from the European Union s Horizon 2020 research and innovation programme under grant agreement number

In the OLG model, agents live for two periods. they work and divide their labour income between consumption and

Chapter 3 Kinematics in Two Dimensions; Vectors

1. Transformer A transformer is used to obtain the approximate output voltage of the power supply. The output of the transformer is still AC.

Study of DDR Asymmetric Rt/Ft in Existing IBIS-AMI Flow

Churn Prediction using Dynamic RFM-Augmented node2vec

Hess Law - Enthalpy of Formation of Solid NH 4 Cl

Internal vs. external validity. External validity. This section is based on Stock and Watson s Chapter 9.

Administrativia. Assignment 1 due thursday 9/23/2004 BEFORE midnight. Midterm exam 10/07/2003 in class. CS 460, Sessions 8-9 1

Hubble s Law PHYS 1301

Unit Project Descriptio

BASD HIGH SCHOOL FORMAL LAB REPORT

Last Updated: Oct 14, 2017

A Comparison of Methods for Computing the Eigenvalues and Eigenvectors of a Real Symmetric Matrix. By Paul A. White and Robert R.

Chapter Summary. Mathematical Induction Strong Induction Recursive Definitions Structural Induction Recursive Algorithms

Purpose: Use this reference guide to effectively communicate the new process customers will use for creating a TWC ID. Mobile Manager Call History

GENESIS Structural Optimization for ANSYS Mechanical

Hiding in plain sight

Large Sample Hypothesis Tests for a Population Proportion

Figure 1a. A planar mechanism.

CMSC 425: Lecture 9 Basics of Skeletal Animation and Kinematics

High penetration of renewable resources and the impact on power system stability. Dharshana Muthumuni

A Fast and Key-Efficient Reduction from Chosen-Ciphertext to Known-Plaintext Security

Synchronous Motor V-Curves

Subject description processes

and the Doppler frequency rate f R , can be related to the coefficients of this polynomial. The relationships are:

Name: Block: Date: Science 10: The Great Geyser Experiment A controlled experiment

Transcription:

5/18/2016 1 Cncurrent Errr Detectin fr Reliable SHA-3 Design Pei LUO 1 Cheng LI 2 Yunsi FEI 1 1. Nrtheastern Universit Energ-Efficient and Secure Sstems Lab http://nueess.ce.neu.edu Electrical & Cmputer Engineering Department Nrtheastern Universit 2. Intel Labs

5/18/2016 2 Outline Mtivatin Preliminar f SHA-3 Prtectin f peratins in SHA-3 Fault injectin attacks simulatin results Cnclusin

5/18/2016 3 Mtivatin Widel use f Keccak SHA-3 has been standardied b NIST [1] Keccak based candidates enter the 2 nd rund f CAESAR cmpetitin cmpetitin fr authenticated encrptin Fault injectin attacks n SHA-3 Single-bit faults injected at the penultimate rund input can be used t cnquer SHA-3 [2] Our wrk shws that attackers need nl 17 single-bte faults t cnquer SHA-3 Technlg scales dwn transient faults increase - reliabilit [1] Dwrkin Mrris J. "SHA-3 Standard: Permutatin-Based Hash and Etendable-Output Functins." Federal Inf. Prcess. Stds. NIST FIPS-202 August 2015. [2] Bagheri Nasur Navid Ghaedi and Smitra Kumar Sanadha. "Differential Fault Analsis f SHA-3." Prgress in Crptlg INDOCRYPT 2015. Springer Internatinal Publishing 2015. 253-269.

5/18/2016 4 Mtivatin Hw t prtect SHA-3 against randm errrs and fault injectin attacks? Intrduce redundanc int the sstem Imprve reliabilit but nt against fault injectins Make use f rund rtatin invariance prpert [1] [2] Intrduce high redundanc f either area r time cnsumptin f ROT 1 f ROT Intrduce errr detectin cdes Parit checking cde is efficient and widel used Ke pint: hw t make use f the features f Keccak [1] Baat-Sarmadi et al. "Efficient and cncurrent reliable realiatin f the secure crptgraphic SHA-3 algrithm." Cmputer-Aided Design f Integrated Circuits and Sstems IEEE Transactins n 33.7 2014: 1105-1109. [2] Lu Pei et al. "An Imprvement f Bth Securit and Reliabilit fr Keccak Implementatins n Smart Card."

5/18/2016 5 Outline Mtivatin Preliminar f SHA-3 Prtectin f each peratin in SHA-3 Fault injectin attacks simulatin results Cnclusin

5/18/2016 6 Preliminar f SHA-3

5/18/2016 7 Preliminar f SHA-3 24 runds 5 peratins in each rund

Preliminar f SHA-3 1 1 1 i 4 0 i 4 0 i + θ θ θ θ 5/18/2016 8

5/18/2016 9 Preliminar f SHA-3 ρ changes the psitins f bits alng each lane

5/18/2016 10 Preliminar f SHA-3 changes π the psitins f bits inside each slice

Preliminar f SHA-3 2 1 invlves nnlinear peratins : i i i + + χ χ χ χ χ 5/18/2016 11

5/18/2016 12 Outline Mtivatin Preliminar f SHA-3 Prtectin f peratins in SHA-3 Fault injectin attacks simulatin results Cnclusin

5/18/2016 13 Prtectin structure θ θ Prtectr ρ' ρ' Prtectr χ ι χ' Prtectr

θ Prtectin f 1 i 4 0 4 0 4 0 4 0 θ θ Which can be simplified as: 5/18/2016 14

θ Prtectin f ] [ ] [ 4 0 4 0 i 4 0 4 0 i P P θ θ θ θ [0...63] 1 ] [ ] [ i + P P θ θ 5/18/2016 15 Parit checking f peratin θ is ver efficient

5/18/2016 16 Prtectin f ρ and π Bth ρ and π are bit rtatin peratins withut changing the value Bth ρ and π are implemented using wire in hardware n registers intrduced Faults in ρ will prpagate directl int π Prtectin f ρ and π: Can be mitted fr higher efficienc Can be cmbined tgether

pitfall a - f Prtectin χ b a e e a e d d e d c c d c b b c b a a a e e d d c c b b a e d c b a peratin as the input f ne rw f Dente e d c b a χ 5/18/2016 17 If a flips with a 50% prbabilit the errr ma nt change the parit

χ Prtectin f 2 1 in which ] [ 2 ] [ ] [ ] [ i i and and i i P P P P + + + χ χ χ χ χ χ χ 5/18/2016 18 Avid t cmpress bits in each rw Invlves nl AND and XOR peratins

5/18/2016 19 Outline Mtivatin Preliminar f SHA-3 Prtectin f each peratin in SHA-3 Fault injectin attacks simulatin results Cnclusin

5/18/2016 20 Fault injectin attacks simulatin Mdeled in VHDL [1] 45 nm Opencell librar Snthesied in Cadence Encunter RTL Cmpiler Placed and ruted using Cadence Encunter Overhead estimated using Cncurrent Surces 1.1 V 25 Celsius degree Faults injected at gate level Randml inject stuck-at-0 and stuck-at-1 faults int up t ten gates [1] http://keccak.neken.rg/keccakvhdl-3.1.ip

5/18/2016 21 Simulatin results Prpsed: cmbine prtectin f χ and ι ρ and π unprtected Design 2: prtect χ and ι separatel ρ and π unprtected Design 3: cmbine prtectin f χ and ι prtect ρ and π tgether um 2 Area Timing Pwer Nrmalied % ns Nrmalied % mw Nrmalied % Errr Cverage Original 41611.7 100.00 3.892 100.00 17.95 100.00 0% Prpsed 52867.2 127.05 4.500 115.62 26.69 148.69 83.60% Design 2 62429.4 150.01 5.476 140.70 41.78 232.76 83.34% Design 3 66621.0 160.10 4.381 112.56 44.07 245.52 89.89%

5/18/2016 22 Simulatin results Prpsed: cmbine prtectin f χ and ι leave ρ and π unprtected Design 2: prtect χ and ι separatel leave ρ and π unprtected Design 3: cmbine prtectin f χ and ι prtect ρ and π tgether um 2 Area Timing Pwer Nrmalied % ns Nrmalied % mw Nrmalied % Errr Cverage Original 41611.7 100.00 3.892 100.00 17.95 100.00 0% Prpsed 52867.2 127.05 4.500 115.62 26.69 148.69 83.60% Design 2 62429.4 150.01 5.476 140.70 41.78 232.76 83.34% Design 3 66621.0 160.10 4.381 112.56 44.07 245.52 89.89%

5/18/2016 23 Simulatin results Prpsed: cmbine prtectin f χ and ι leave ρ and π unprtected Design 2: prtect χ and ι separatel leave ρ and π unprtected Design 3: cmbine prtectin f χ and ι prtect ρ and π tgether um 2 Area Timing Pwer Nrmalied % ns Nrmalied % mw Nrmalied % Errr Cverage Original 41611.7 100.00 3.892 100.00 17.95 100.00 0% Prpsed 52867.2 127.05 4.500 115.62 26.69 148.69 83.60% Design 2 62429.4 150.01 5.476 140.70 41.78 232.76 83.34% Design 3 66621.0 160.10 4.381 112.56 44.07 245.52 89.89%

5/18/2016 24 Simulatin results The prpsed scheme has lw verhead and high errr cverage Prtectin f χ and ι can be cmbined fr lwer verhead Prtectin f ρ and π can be saved fr hardware implementatins Prtectin f ρ and π shuld be implemented fr pipelined design

5/18/2016 25 Outline Mtivatin Preliminar f SHA-3 Prtectin f each peratin in SHA-3 Fault injectin attacks simulatin results Cnclusin

5/18/2016 26 Cnclusin SHA-3 shuld be prtected against randm errrs r fault injectin attacks Our wrk Eplit the features f SHA-3 fr efficient errr detectin design Overhead is small while the errr detectin rate is high Future wrk is t eplre mre efficient errr detectin methds fr SHA-3

5/18/2016 27 Acknwledgment The authrs wuld like t thank Dr. Re Xiafei Gu at Intel fr his help This wrk was supprted in part b Natinal Science Fundatin under grants SaTC-1314655 and MRI- 1337854

5/18/2016 28 Thanks!

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback