Secure Chip Research Articles

On the provable security of TPM2.0 cryptography APIs

Trusted platform module (TPM), core of trusted computing technique, is one of the most prevalent security chips in the world. In 2013, Trusted Computing Group formally upgraded TPM specification to version 2.0, and introduced a comprehensive and powerful trusted computing technique architecture. However, the new specification is rather complex and thus error prone, which makes it necessary to evaluate TPM2.0's security. In this paper, we focus on cryptography subsystem of TPM2.0. We define the first computation model of TPM2.0 cryptography APIs, and prove their security in this strong model using game sequence and simulation. This proof provides high level confidence on security guarantee of TPM2.0 cryptography subsystem. We also carry out experiments on these APIs and compare them with previous version. The experiment shows that flexibility of TPM2.0 does not reduce its performance, meanwhile, real TPM2.0 product still needs to be improved.

Photonic emission analysis of cipher chips based on time-correlated single-photon counting

When in operation, cipher chips emit photons which can reveal important information about their operation and data. An experimental system based on single-photon counting for the detection, transmission, processing and analysis of photonic emission from CMOS semiconductor integrated circuits has been designed and constructed. Using time-correlated single-photon counting (TCSPC) technology, we have analyzed the photon emission of cipher chip AT89C52, and measured the relationship between its emission intensity and voltage. We have also analyzed in detail the relationship between the photonic emission and the operations and data processed in the chip at the instruction level. Furthermore, we have confirmed the feasibility of our TCSPC technique using an oscilloscope. Our experimental results show that cipher chip photonic emission analysis based on TCSPC technology is a relatively low cost but effective method for optical side-channel attacks, and that it poses a serious practical threat to cipher chip security.

Effect of beam size, finite number of lines, and rotational misalignment on coupled subwavelength gratings.

The effects of beam size, number of lines, and rotational misalignment on coupled subwavelength gratings (CSWGs) were investigated in this paper using optical modeling. Period and thickness of the gratings were optimized for maximum evanescent wave coupling efficiency at a wavelength of 650nm. The size of the input light beam and the number of grating lines were established for discernible transmission of higher diffraction orders, and the half-width at half-maximum for minimum noise was determined. A rotation of the far-field pattern, due to milling one grating on a fiber facet, was calculated and confirmed by simulations. These parameters will be included in a method using CSWGs for electronic chip security.

The theory and practice in the evolution of trusted computing

Trusted computing (TC) is an emerging technology to enhance the security of various computing platforms by a dedicated secure chip (TPM/TCM), which is widely accepted by both the industrial and academic world. This paper attempts to sketch the evolution of TC from the view of our theoretical and engineering work. In theory, we focus on protocol design and security analysis. We have proposed the first ECDAA protocol scheme based on q-SDH assumption, which highlights a new way to design direct anonymous attestation scheme. In technical evolution, we discuss the key technologies of trust chain, trusted network connection and TC testing and evaluation. We break through several key technologies such as trusted boot, OS measurement and remote attestation, and implement a TC system from TPM/TCM to network. We also design and implement a testing and evaluation system of TC platform, which is the first one put into practical application in China. Finally, with the rapid development of cloud computing and mobile applications, TC is moving toward some new directions, such as the trust in cloud and mobile environments, new TPM standard, and flexible trust execution environment trust establishment method.

Efficient Hardware Trojan Detection with Differential Cascade Voltage Switch Logic

Offshore fabrication, assembling and packaging challenge chip security, as original chip designs may be tampered by malicious insertions, known as hardware Trojans (HTs). HT detection is imperative to guarantee the chip performance and safety. Existing HT detection methods have limited capability to detect small-scale HTs and are further challenged by the increased process variation. To increase HT detection sensitivity and reduce chip authorization time, we propose to exploit the inherent feature of differential cascade voltage switch logic (DCVSL) to detect HTs at runtime. In normal operation, a system implemented with DCVSL always produces complementary logic values in internal nets and final outputs. Noncomplementary values on inputs and internal nets in DCVSL systems potentially result in abnormal power behavior and even system failures. By examining special power characteristics of DCVSL systems upon HT insertion, we can detect HTs, even if the HT size is small. Simulation results show that the proposed method achieves up to 100% HT detection rate. The evaluation on ISCAS benchmark circuits shows that the proposed method obtains a HT detection rate in the range of 66% to 98%.

A Method of Detecting Hardware Trojans Based on Side-Channel Analysis

In recent years, integrated circuits subject to hardware Trojans attack in the design and manufacturing process, the security of chip and hardware security was threatened. Some detection methods of have been proposed, the most common of those methods is based on side-channel signal analysis, however, since the effect of process noise, considering only the unilateral information that is difficult to effectively distinguish the noise and Trojans circuit. In this paper, the method still based on side-channel signal, but it is a combination of power and delay which was called the power-delay product (PDP). The idea proposed is verified by the benchmark circuit iscas85, the experimental results show that this method can effectively improve detection probability.

Design and Application of a Secure Chip Key Issuing System

According to chip key’s security problem, this paper has designed a secure chip key issuing system and its application method. The chip key issuing system mainly include chip key issuing machine, key issuing host computer, key management server and cryptographic machine. Every key is protected to transmit and write into chip by conversational key which is agreed between chip key issuing machine and the cryptographic machine beside key management server when chip key is issuing. This chip key issuing system and method can provide effective guarantee to chip key’s security.

EMV: Building the foundation for the future of payments

EMV is a specification jointly developed by Europay, MasterCard and Visa in the 1990s to ensure global interoperability for payment cards using chip technology. It is a move from analogue to digital, introducing a method of ensuring much greater security for transactions. Besides the reduction of fraud, however, there are other benefits in a migration to EMV: the secure chip technology can be embedded within other devices such as key fobs, tablets and mobile phones, and the infrastructure upgrade for EMV can be used to expand functionality and merchant/consumer offers. There are key considerations in migration planning, as with all major projects. For merchants, there is the question whether to support solely contact EMV; and for issuers, of which portfolios to convert, at what pace and whether to segment geographically. This is an extraordinary time in the payments industry, with many new developments happening now. An EMV migration has many benefits, including opportunities to innovate, reduction in fraud and an improved transaction experience.

Design and Implementation of a Trusted SoC Chip

According to the relevant criterion and principle of trusted computed module design and application, we have designed a trusted SoC chip, and have given the implementation of the basic function. In detail, we have discussed the design of trusted SoC chip security architecture and the main module function, the reliability of relevant parameter and transfer strategy of trusted root in chip development and application, together with the simulation and validation of relevant function. At last, we point out that one of the most important further research directions is the trusted measurement of dynamic data and security environment.

칩셋 페어링 접근제한시스템 환경에서 다중 셋톱박스를 지원하는 키 분배 기법

본 논문에서는 유연한 칩셋 페어링 접근제한시스템을 위한 새로운 키 분배 기법을 제안하였다. 칩셋 페어링 접근제한시스템은 셋톱박스에 내장된 보안 칩과 스마트카드를 함께 사용해 CA(Conditional Access) 모듈을 구현한 것으로, 셋톱박스에 내장된 보안 칩은 스마트카드와 셋톱박스 사이에 보안 채널을 형성한다. 즉, 스마트카드는 암호화된 제어단어를 셋톱박스로 출력하고, 셋톱박스는 내장된 보안 칩을 이용해 암호화된 제어단어를 복호화하는 시스템이다. 이 방식은 셋톱박스와 스마트카드를 바인딩 하는 방식으로 하나의 스마트카드는 정해진 하나의 셋톱박스에서만 사용이 가능하다는 단점을 가진다. 제안하는 키 분배 기법은 중국인의 나머지 정리를 이용하여 기존의 칩셋 페어링 접근제한시스템이 가지는 문제를 해결하였다. 우리의 키 분배 기법은 하나의 스마트카드를 다수의 셋톱박스에서 사용하는 것이 가능하며, 큰 변경 없이 현재의 칩셋 페어링 접근제한시스템에 적용이 가능하다는 장점을 가진다. In this paper, we propose a key distribution scheme for flexible chipset pairing conditional access system. Chipset pairing conditional access system is the implementation of CA (Conditional Access) module by using both embedded secure chip in a Set-Top Box(STB) and smartcard, and the secure chip embedded in a STB forms a secure channel between the smartcard and the STB. In short, it is the system that a smartcard outputs encrypted CW (Control Word) to the STB, and the STB decrypts an encrypted CW by using the embedded secure chip. The drawback of this chipset pairing conditional access system is that one smartcard is able to be used for only one specified STB since it is the system using the STB bound to a smartcard. However, the key distribution scheme proposed in this paper overcomes a drawback of current chipset pairing conditional access system by using Chinese Remainder Theorem(CRT). To be specific, with this scheme, one smartcard can be used for multiple, not single, STBs, and applied to current chipset pairing without great changes.

Hamming Distance Model Based Power Analysis for Cryptographic Algorithms

In order to evaluate the security of Application Specific Integrated Circuit (ASIC) implemented cryptographic algorithms at an early design stage, a Hamming distance model based power analysis is proposed. The Data Encryption Standard (DES) algorithm is taken as an example to illustrate the threats of differential power analysis (DPA) attack against the security of ASIC chip. A DPA attack against the ASIC implementation of a DES algorithm is realized based on hamming distance power model (HD model), and it realized the attack by successfully guessing the right 48-bit subkey. This result indicates that the power analysis attack based on the HD model is simple, rapid and effective for the design and evaluation of security chips.

Security chips to battle piracy and counterfeiting

Piracy and counterfeiting are growing international problems. By co-opting a legitimate company's platform, content, or technology, a black market vendor can avoid costs such as R&D, advertising, content creation, safety testing, and regulatory approvals which are a significant part of price for many legitimate products. Benjamin Jun, vice president of technology at Cryptography Research, reports.

Comb Capacitor Structures for On-Chip Physical Uncloneable Function

Planar inter-digitated comb capacitor structures are an excellent tool for on-chip capacitance measurement and evaluation of properties of coating layers with varying composition. These comb structures are easily fabricated in a single step in the last metallization layer of a standard IC process. Capacitive coupling of these structures with a coating layer is modelled based on the electric field distribution to have a detailed understanding of contributing capacitance components. The coating composition is optimized to provide maximum spread in capacitance values of comb capacitor structures. This spread in measured capacitance values can be used to implement a physical uncloneable function (PUF). A PUF is a random function which can be evaluated only with the help of a physical system. We present an on-chip capacitive PUF for chip security and data storage in which the unlock key algorithm is generated from capacitors which are physically linked to the chip in an inseparable way. The strength of this key increases with the spread in capacitance values and measurement accuracy.

DiSC: Benchmarking Secure Chip DBMS

Secure chips, e.g. present in smart cards, USB dongles, i-buttons, are now ubiquitous in applications with strong security requirements. And they require embedded data management techniques. However, secure chips have severe hardware constraints which make traditional database techniques irrelevant. The main problem faced by secure chip DBMS designers is to be able to assess various design choices and trade-offs for different applications. Our solution is to use a benchmark for secure chip DBMS in order to (1) compare different database techniques, (2) predict the limits of on-chip applications, and (3) provide co-design hints. In this paper, we propose DiSC (Data management in Secure Chip), a benchmark which matches these three objectives. This work benefits from our long experience in developing and tuning data management techniques for the smart card. To validate DiSC, we compare the behavior of candidate data management techniques thanks to a cycle-accurate smart card simulator. Finally, we show the applicability of DiSC to future designs involving new hardware platforms and new database techniques.

Securing Designs against Scan-Based Side-Channel Attacks

Traditionally, the only standard method of testing that has consistently provided high fault coverage has been scan test due to the high controllability and high observability this technique provides. The scan chains used in scan test not only allow test engineers to control and observe a chip, but these properties also allow the scan architecture to be used as a means to breach chip security. In this paper, we propose a technique, called Lock & Key, to neutralize the potential for scan-based side-channel attacks. It is very difficult to implement an all inclusive security strategy, but by knowing the attacker, a suitable strategy can be devised. The Lock & Key technique provides a flexible security strategy to modern designs without significant changes to scan test practices. Using this technique, the scan chains are divided into smaller subchains. With the inclusion of a test security controller, access to subchains are randomized when being accessed by an unauthorized user. Random access reduces repeatability and predictability making reverse engineering more difficult. Without proper authorization, an attacker would need to unveil several layers of security before gaining proper access to the scan chain in order to exploit it. The proposed Lock & Key technique is design independent while maintaining a relatively low area overhead.

EMV: The fraud bulldozer

These days everyone has a stake in Chip and PIN security – it can be the topic of the over-the-counter conversation as you pay, of the boardroom executives at a bank, or over a pint at the pub. So how is EMV, the electronic payments standard underlying Chip and PIN shaping up? And what is the modern landscape of payments fraud? Here, Mike Bond, Security Director at Cryptomathic, shares his opinion.

The other side of chip security

Previously in Computer Fraud & Security (May 1998), we covered the problem of chip crime. But by the same token, the chip is helping make property and finance more secure. This article provides something of an overview of key areas such as ‘smart labels’, ‘cryptocontrollers’ and ‘voiceprints’ which constitute ‘biometrics’, which is one of the fastest growing areas of IT security.