Cryptographic Algorithms on the GA144 Asynchronous Multi-Core Processor
- 326 Downloads
Pervasive computing has turned many ordinary commodity products to smart and digital computing devices. Though these devices are mostly equipped with low-cost processors offering limited computing power, they are often requested to handle user-sensitive data. This evidently calls for the integration of different security services that typically involves computationally expensive cryptography. In this context, lightweight cryptographic constructions came recently up to minimize the computational burden on such constrained devices. Unfortunately, many of those constructions were too simplistic to preserve long-lasting confidence in their security. Therefore we aim for another approach in this work and implement standardized and well-established cryptography on an alternative, lightweight platform, namely an asynchronous GA144 ultra-low-powered multi-core processor with 144 tiny cores. We demonstrate that symmetric and asymmetric cryptography such as AES and RSA can be realized on this low-end device. With energy consumption being as low as 0.63 μJ and 22.3 mJ, this platform achieves a performance of 38 μs and 462.9 ms per AES and RSA operation, respectively.This translates to an energy consumption and computation time that is significantly lower than many lightweight implementations reported so far. We finally emphasize that this low-power and asynchronous operation of cryptography does not eliminate the threat of physical attacks, in particular power attacks. We evaluate the side-channel resistance of our design and identified that less than 5,000 measurements are already sufficient to fully recover the 128-bit key of the unprotected AES implementation.
KeywordsGA144 Asynchronous processor Low-power AES RSA Implementation Multi-core Side-channel analysis
This work was supported in part by grant 01ME12025 SecMobil of the German Federal Ministry of Economics and Technology and by the DFG Research Training Group GRK 1817/1.
- 1.Brier, E., Clavier, C., Olivier, F. (2004). Correlation power analysis with a leakage model. In M. Joye & J.-J. Quisquater (Eds.), Cryptographic hardware and embedded systems – CHES’04, LNCS (Vol. 3156, pp. 16–29). Springer.Google Scholar
- 2.Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P. (1999). Towards sound approaches to counteract power-analysis attacks. In M. Wiener (Ed.), Advances in cryptology–CRYPTO’99, LNCS (Vol. 1666, pp. 398–412. Springer).Google Scholar
- 4.Coron, J.-S., & Goubin, L. (2000). On boolean and arithmetic masking against differential power analysis. In C. K. Koç & C. Paar (Eds.), Cryptographic hardware and embedded systems – CHES’00, LNCS (Vol. 1965, pp. 231–237). Springer.Google Scholar
- 5.Eisenbarth, T., Gong, Z., Güneysu, T., Heyse, S., Indesteege, S., Kerckhof, S., Koeune, F., Nad, T., Plos, T., Regazzoni, F., et al. (2012). Compact implementation and performance evaluation of block ciphers in ATtiny devices. Progress in Cryptology-AFRICACRYPT, 2012, 172–187.Google Scholar
- 6.Fournier, J.J.A., Moore, S.W., Li, H., Mullins, R.D., Taylor, G.S. (2003). Security evaluation of asynchronous circuits. In C.D. Walter, Ç.K. Koç, C. Paar (Eds.) CHES, Lecture notes in computer science (Vol. 2779, pp. 137–151). Springer.Google Scholar
- 8.GreenArrays(2014). DB001 - F18A technology reference. http://www.greenarraychips.com/home/documents/greg/DB001-110412-F18A.pdf.
- 9.GreenArrays(2014). DB002 - G144A12 chip reference. http://www.greenarraychips.com/home/documents/greg/DB002-110705-G144A12.pdf.
- 10.GreenArrays(2014). PB003 - F18A computers. http://www.greenarraychips.com/home/documents/greg/PB003-110412-F18A.pdf.
- 11.GreenArrays(2014). PB004 - F18A I/O and peripherals. http://www.greenarraychips.com/home/documents/greg/PB004-110412-F18A-IO.pdf.
- 12.Gura, N., Patel, A., Wander, A., Eberle, H., Shantz, S. (2004). Comparing elliptic curve cryptography and RSA on 8-bit CPUs. In Cryptographic hardware and embedded systems-CHES 2004 (pp. 925–943).Google Scholar
- 13.Hamalainen, P., Alho, T., Hannikainen, M., Hamalainen, T.D. (2006). Design and implementation of low-area and low-power AES encryption hardware core. In 9th EUROMICRO conference on digital system design: architectures, methods and tools, 2006. DSD 2006. (pp. 577–583). IEEE.Google Scholar
- 14.Kaps, J.-P., & Sunar, B. (2006). Energy comparison of AES and SHA-1 for ubiquitous computing. In Emerging directions in embedded and ubiquitous computing (pp. 372–381).Google Scholar
- 15.Kocher, P.C., Jaffe, J., Jun, B. (1999). Differential power analysis. In Advances in cryptology – CRYPTO’99, LNCS (pp. 388–397). Springer.Google Scholar
- 16.Kung, H., & Leiserson, C. (1980). Algorithms for VLSI processor arrays. In Introduction to VLSI systems (pp. 271–292).Google Scholar
- 17.Langer EMV-Technik(2013). Details of near field probe set RF 2. Website as of April. http://www.langer-emv.de/en/produkte/prod_rf2.htm.
- 19.Liu, Z., Großschädl, J., Kizhvatov, I. (2010). Efficient and side-channel resistant RSA implementation for 8-bit AVR microcontrollers. In Workshop on the security of the internet of things-SOCIOT.Google Scholar
- 20.Mangard, S., Oswald, E., Popp, T. (2007). Power analysis attacks: revealing the secrets of smart cards. Springer.Google Scholar
- 21.Menezes, A., Van Oorschot, P., Vanstone, S. (1996). Handbook of applied cryptography. CRC.Google Scholar
- 22.Moradi, A., Barenghi, A., Kasper, T., Paar, C. (2011). On the vulnerability of FPGA bitstream encryption against power analysis attacks: extracting keys from Xilinx Virtex-II FPGAs. In ACM CCS’11 (pp. 111–124). ACM.Google Scholar
- 23.Moradi, A., Kasper, M., Paar, C. (2012). Black-box side-channel attacks highlight the importance of countermeasures - an analysis of the xilinx virtex-4 and virtex-5 bitstream encryption mechanism. In CT-RSA’12, LNCS, (Vol. 7178, pp. 1–18). Springer.Google Scholar
- 24.Moradi, A., Oswald, D., Paar, C., Swierczynski, P. (2013). Side-channel attacks on the bitstream encryption mechanism of Altera Stratix II: facilitating black-box analysis using software reverse-engineering. In Proceedings of the ACM/SIGDA international symposium on field programmable gate arrays – FPGA’13 (pp. 91–100), New York: ACM.Google Scholar
- 25.NIST(2014). FIPS PUB 197: advanced encryption standard. http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf.
- 26.Oswald, D., & Paar, C. (2011). Breaking Mifare DESFire MF3ICD40: Power analysis and templates in the real world. In Cryptographic hardware and embedded systems – CHES’11, LNCS (Vol. 6917, pp. 207–222). Springer.Google Scholar
- 27.Oswald, D., Strobel, D., Schellenberg, F., Kasper, T., Paar, C. (2013). When reverse-engineering meets side-channel analysis – digital lockpicking in practice, SAC’13. to appear.Google Scholar
- 28.Pico Technology(2008). PicoScope 5200 USB PC oscilloscopes. http://www.picotech.com/picoscope5200-specifications.html.
- 29.Rivain, M., & Prouff, E. (2010). Provably secure higher-order masking of AES. In S. Mangard & F.-X. Standaert (Eds.), Cryptographic Hardware and Embedded Systems – CHES’10, LNCS (Vol. 6225, pp. 413–427). Springer.Google Scholar
- 30.Schneider, T., von Maurich, I., Güneysu, T. (2013). Efficient implementation of cryptographic primitives on the GA144 multi-core architecture. In ASAP (pp. 67–74). IEEE.Google Scholar
- 31.Skorobogatov, S., & Woods, C. (2012). Breakthrough silicon scanning discovers backdoor in military chip. In E. Prouff & P. Schaumont (Eds.), Cryptographic hardware and embedded systems – CHES’12, LNCS (Vol. 7428, pp. 23–40). Springer.Google Scholar
- 33.Wander, A.S., Gura, N., Eberle, H., Gupta, V., Shantz, S.C. (2005). Energy analysis of public-key cryptography for wireless sensor networks. In Third IEEE international conference on pervasive computing and communications, 2005. PerCom 2005 (pp. 324–328). IEEE.Google Scholar
- 34.Wang, H., & Li, Q. (2006). Efficient implementation of public key cryptosystems on mote sensors (short paper). In Information and communications security (pp. 519–528).Google Scholar
- 35.Weisstein, E.W.(2010). Variance. Mathworld - A Wolfram web resource. http://mathworld.wolfram.com/Variance.html.