Journal of Signal Processing Systems

, Volume 77, Issue 1–2, pp 151–167 | Cite as

Cryptographic Algorithms on the GA144 Asynchronous Multi-Core Processor

Implementation and Side-Channel Analysis
  • Tobias Schneider
  • Ingo von Maurich
  • Tim Güneysu
  • David Oswald
Article

Abstract

Pervasive computing has turned many ordinary commodity products to smart and digital computing devices. Though these devices are mostly equipped with low-cost processors offering limited computing power, they are often requested to handle user-sensitive data. This evidently calls for the integration of different security services that typically involves computationally expensive cryptography. In this context, lightweight cryptographic constructions came recently up to minimize the computational burden on such constrained devices. Unfortunately, many of those constructions were too simplistic to preserve long-lasting confidence in their security. Therefore we aim for another approach in this work and implement standardized and well-established cryptography on an alternative, lightweight platform, namely an asynchronous GA144 ultra-low-powered multi-core processor with 144 tiny cores. We demonstrate that symmetric and asymmetric cryptography such as AES and RSA can be realized on this low-end device. With energy consumption being as low as 0.63 μJ and 22.3 mJ, this platform achieves a performance of 38 μs and 462.9 ms per AES and RSA operation, respectively.This translates to an energy consumption and computation time that is significantly lower than many lightweight implementations reported so far. We finally emphasize that this low-power and asynchronous operation of cryptography does not eliminate the threat of physical attacks, in particular power attacks. We evaluate the side-channel resistance of our design and identified that less than 5,000 measurements are already sufficient to fully recover the 128-bit key of the unprotected AES implementation.

Keywords

GA144 Asynchronous processor Low-power AES RSA Implementation Multi-core Side-channel analysis 

Notes

Acknowledgments

This work was supported in part by grant 01ME12025 SecMobil of the German Federal Ministry of Economics and Technology and by the DFG Research Training Group GRK 1817/1.

References

  1. 1.
    Brier, E., Clavier, C., Olivier, F. (2004). Correlation power analysis with a leakage model. In M. Joye & J.-J. Quisquater (Eds.), Cryptographic hardware and embedded systems – CHES’04, LNCS (Vol. 3156, pp. 16–29). Springer.Google Scholar
  2. 2.
    Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P. (1999). Towards sound approaches to counteract power-analysis attacks. In M. Wiener (Ed.), Advances in cryptology–CRYPTO’99, LNCS (Vol. 1666, pp. 398–412. Springer).Google Scholar
  3. 3.
    Chen, J.-H., Shieh, M.-D., Lin, W.-C. (2010). A high-performance unified-field reconfigurable cryptographic processor. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 18(8), 1145–1158.CrossRefGoogle Scholar
  4. 4.
    Coron, J.-S., & Goubin, L. (2000). On boolean and arithmetic masking against differential power analysis. In C. K. Koç & C. Paar (Eds.), Cryptographic hardware and embedded systems – CHES’00, LNCS (Vol. 1965, pp. 231–237). Springer.Google Scholar
  5. 5.
    Eisenbarth, T., Gong, Z., Güneysu, T., Heyse, S., Indesteege, S., Kerckhof, S., Koeune, F., Nad, T., Plos, T., Regazzoni, F., et al. (2012). Compact implementation and performance evaluation of block ciphers in ATtiny devices. Progress in Cryptology-AFRICACRYPT, 2012, 172–187.Google Scholar
  6. 6.
    Fournier, J.J.A., Moore, S.W., Li, H., Mullins, R.D., Taylor, G.S. (2003). Security evaluation of asynchronous circuits. In C.D. Walter, Ç.K. Koç, C. Paar (Eds.) CHES, Lecture notes in computer science (Vol. 2779, pp. 137–151). Springer.Google Scholar
  7. 7.
    Goodman, J., & Chandrakasan, A.P. (2001). An energy-efficient reconfigurable public-key cryptography processor. IEEE Journal of Solid-State Circuits, 36(11), 1808–1820.CrossRefGoogle Scholar
  8. 8.
    GreenArrays(2014). DB001 - F18A technology reference. http://www.greenarraychips.com/home/documents/greg/DB001-110412-F18A.pdf.
  9. 9.
    GreenArrays(2014). DB002 - G144A12 chip reference. http://www.greenarraychips.com/home/documents/greg/DB002-110705-G144A12.pdf.
  10. 10.
  11. 11.
    GreenArrays(2014). PB004 - F18A I/O and peripherals. http://www.greenarraychips.com/home/documents/greg/PB004-110412-F18A-IO.pdf.
  12. 12.
    Gura, N., Patel, A., Wander, A., Eberle, H., Shantz, S. (2004). Comparing elliptic curve cryptography and RSA on 8-bit CPUs. In Cryptographic hardware and embedded systems-CHES 2004 (pp. 925–943).Google Scholar
  13. 13.
    Hamalainen, P., Alho, T., Hannikainen, M., Hamalainen, T.D. (2006). Design and implementation of low-area and low-power AES encryption hardware core. In 9th EUROMICRO conference on digital system design: architectures, methods and tools, 2006. DSD 2006. (pp. 577–583). IEEE.Google Scholar
  14. 14.
    Kaps, J.-P., & Sunar, B. (2006). Energy comparison of AES and SHA-1 for ubiquitous computing. In Emerging directions in embedded and ubiquitous computing (pp. 372–381).Google Scholar
  15. 15.
    Kocher, P.C., Jaffe, J., Jun, B. (1999). Differential power analysis. In Advances in cryptology – CRYPTO’99, LNCS (pp. 388–397). Springer.Google Scholar
  16. 16.
    Kung, H., & Leiserson, C. (1980). Algorithms for VLSI processor arrays. In Introduction to VLSI systems (pp. 271–292).Google Scholar
  17. 17.
    Langer EMV-Technik(2013). Details of near field probe set RF 2. Website as of April. http://www.langer-emv.de/en/produkte/prod_rf2.htm.
  18. 18.
    Liu, B., & Baas, B. (2013). Parallel AES encryption engines for many-core processor arrays. IEEE Transactions on Computers, 62(3), 536–547.CrossRefMathSciNetGoogle Scholar
  19. 19.
    Liu, Z., Großschädl, J., Kizhvatov, I. (2010). Efficient and side-channel resistant RSA implementation for 8-bit AVR microcontrollers. In Workshop on the security of the internet of things-SOCIOT.Google Scholar
  20. 20.
    Mangard, S., Oswald, E., Popp, T. (2007). Power analysis attacks: revealing the secrets of smart cards. Springer.Google Scholar
  21. 21.
    Menezes, A., Van Oorschot, P., Vanstone, S. (1996). Handbook of applied cryptography. CRC.Google Scholar
  22. 22.
    Moradi, A., Barenghi, A., Kasper, T., Paar, C. (2011). On the vulnerability of FPGA bitstream encryption against power analysis attacks: extracting keys from Xilinx Virtex-II FPGAs. In ACM CCS’11 (pp. 111–124). ACM.Google Scholar
  23. 23.
    Moradi, A., Kasper, M., Paar, C. (2012). Black-box side-channel attacks highlight the importance of countermeasures - an analysis of the xilinx virtex-4 and virtex-5 bitstream encryption mechanism. In CT-RSA’12, LNCS, (Vol. 7178, pp. 1–18). Springer.Google Scholar
  24. 24.
    Moradi, A., Oswald, D., Paar, C., Swierczynski, P. (2013). Side-channel attacks on the bitstream encryption mechanism of Altera Stratix II: facilitating black-box analysis using software reverse-engineering. In Proceedings of the ACM/SIGDA international symposium on field programmable gate arrays – FPGA’13 (pp. 91–100), New York: ACM.Google Scholar
  25. 25.
    NIST(2014). FIPS PUB 197: advanced encryption standard. http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf.
  26. 26.
    Oswald, D., & Paar, C. (2011). Breaking Mifare DESFire MF3ICD40: Power analysis and templates in the real world. In Cryptographic hardware and embedded systems – CHES’11, LNCS (Vol. 6917, pp. 207–222). Springer.Google Scholar
  27. 27.
    Oswald, D., Strobel, D., Schellenberg, F., Kasper, T., Paar, C. (2013). When reverse-engineering meets side-channel analysis – digital lockpicking in practice, SAC’13. to appear.Google Scholar
  28. 28.
    Pico Technology(2008). PicoScope 5200 USB PC oscilloscopes. http://www.picotech.com/picoscope5200-specifications.html.
  29. 29.
    Rivain, M., & Prouff, E. (2010). Provably secure higher-order masking of AES. In S. Mangard & F.-X. Standaert (Eds.), Cryptographic Hardware and Embedded Systems – CHES’10, LNCS (Vol. 6225, pp. 413–427). Springer.Google Scholar
  30. 30.
    Schneider, T., von Maurich, I., Güneysu, T. (2013). Efficient implementation of cryptographic primitives on the GA144 multi-core architecture. In ASAP (pp. 67–74). IEEE.Google Scholar
  31. 31.
    Skorobogatov, S., & Woods, C. (2012). Breakthrough silicon scanning discovers backdoor in military chip. In E. Prouff & P. Schaumont (Eds.), Cryptographic hardware and embedded systems – CHES’12, LNCS (Vol. 7428, pp. 23–40). Springer.Google Scholar
  32. 32.
    Truong, D., Cheng, W., Mohsenin, T., Yu, Z., Jacobson, A., Landge, G., Meeuwsen, M., Watnik, C., Tran, A., Xiao, Z., Work, E., Webb, J., Mejia, P., Baas, B. (2009). A 167-processor computational platform in 65 nm CMOS. IEEE Journal of Solid-State Circuits, 44(4), 1130–1144.CrossRefGoogle Scholar
  33. 33.
    Wander, A.S., Gura, N., Eberle, H., Gupta, V., Shantz, S.C. (2005). Energy analysis of public-key cryptography for wireless sensor networks. In Third IEEE international conference on pervasive computing and communications, 2005. PerCom 2005 (pp. 324–328). IEEE.Google Scholar
  34. 34.
    Wang, H., & Li, Q. (2006). Efficient implementation of public key cryptosystems on mote sensors (short paper). In Information and communications security (pp. 519–528).Google Scholar
  35. 35.
    Weisstein, E.W.(2010). Variance. Mathworld - A Wolfram web resource. http://mathworld.wolfram.com/Variance.html.
  36. 36.
    Zhang, F., Dojen, R., Coffey, T. (2011). Comparative performance and energy consumption analysis of different AES implementations on a wireless sensor network node. International Journal of Sensor Networks, 10(4), 192–201.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  • Tobias Schneider
    • 1
  • Ingo von Maurich
    • 1
  • Tim Güneysu
    • 1
  • David Oswald
    • 1
  1. 1.Horst Görtz Institute for IT-SecurityRuhr University BochumBochumGermany

Personalised recommendations