Course Name: Hardware Security

Faculty Name: Prof Debdeep Mukhopadhyay

Department : Computer Science and Engineering

Topic
Lecture 02: Introduction to Hardware Security (Part 2)
Concepts Covered:

 Root of Trust and TPM

Hardware Attacks

Side Channels and Trust in Hardware

 A Hardware Design Flow

 Hardware Root-of-Trust (RoT)
• Secure Boot: In a trusted boot, a hardware based root of trust initiates the
chain of trust by measuring the initial BIOS code.
• Measurement here means computing a cryptographic hash function over the software’s
binary, as well as any inputs, libraries, or configuration files used.
• The BIOS then measures and executes the bootloader, and the bootloader in turn
then measures and executes the operating system.
• It will halt the system if any attempt is made to execute a program that is not in
the approved list (L*). If If
Trusted Boot: L=⌀ Execute Execute
System Prog P1, System Prog P2,
(Hardware) Conf C1 (P1,C1) Conf C2
Measure Measure
m1 m2 Append: LL||m2
Append: LL||m1
References: Bryan Parno, et. al., Bootstrapping Trust in Modern Computers, Springer
 Trusted Platform Modules (TPM)
• Definition: "A Trusted Platform is a computing
platform that has a trusted component, probably in
the form of built-in hardware, which it uses to create
a foundation of trust for software processes.”-S.
Pearson.
• I/O: Low Pin Count Bus (LPC)
• Secure Controller: Controls internal TPM execution
flow and verifies commands
• EEPROM: Stores TPM Keys [Endorsement Keys (EK),
Storage Root Key (SRK)], Other data like Owner
Authorization Data, EK Certificate
• The EK and SRK never leaves the IC boundary.
References: http://www.cs.unh.edu/~it666/reading_list/Hardware/tpm_fundamentals.pdf
 TPM Cryptographic Hardware
Trusted
• Asymmetric Key Generation: RSA Key Platform
Module
Generator, Supports 1024-2048 bits installed on a
• RSA Encryption Engine: RSA operations motherboard

• SHA-1 engine: Hashing to measure integrity stored in

Platform Configuration Registers (PCR).
PCRhash(PCR||hash(newcode)).
• Random Noise Generator: True random generator to be
used for cryptographic operations
• Tick Counter: Provides an audit trail of TPM commands
• Security Features: Active Shield, Voltage fluctuation
detectors, high frequency sensors, Reset filters, etc.
References: http://www.cs.unh.edu/~it666/reading_list/Hardware/tpm_fundamentals.pdf
 TPM 2.0
• TPM 2.0 is not backward compatible.: RSA Key Generator,
Supports 1024-2048 bits
• Specification requires SHA-1 and SHA-256
• Elliptic Curve Cryptosystems (NIST P-256, Barreto-Naehrig
256-bit curves)
• 128-bit AES encryption
• Many other algorithms are also defined.

References: https://en.wikipedia.org/wiki/Trusted_Platform_Module#TPM_1.2_vs_TPM_2.0
 Hardware Attacks on TPMs
• In 2010, researchers presented an attack against TPM in Black
Hat Conference
• Extract secrets from a single TPM by inserting a probe and spying
on the internal bus of an Infineon SLE 66 CL PC.
• In 2015, reports on Differential Power Analysis (DPA) were
reported to extract the secret keys.

References: https://en.wikipedia.org/wiki/Trusted_Platform_Module#TPM_1.2_vs_TPM_2.0
 Hardware Attacks
• Side Channel Attacks: Monitoring of analog
signals, like time, power, Electro-magnetics,
sound, etc.
• Fault Attacks: Physical perturbation of Vcc,
clock, temperature, UV light, X-Rays, Laser
• Invasive Attacks: Probe data, modify circuit!
• Modern Focused Ion Beam (FIB) machines can
create test points and modify the chip structure
from the rear side thus overcoming
sophisticated top metal mesh protections and
sensors
• Expensive but feasible!
References: http://www.cs.unh.edu/~it666/reading_list/Hardware/tpm_fundamentals.pdf
Hardware Security bridges the gap between Theory
and Practice
Message Message
E D
Communication
Ka Channel Kb
leaked
Alice Bob
Information
Side Channels in the real world
Through which a cryptographic module
leaks information to its environment
Mallory unintentionally
Cryptographic Theory has limitations.
There is an absence of theory for the reality!
Even mathematically strong ciphers leak in the real world!
 Hardware Security Design Goals

Performance: Security:
Speed, Clock Side Channel Attacks,
Frequency, Latency Fault Attacks
Fast Arithmetic Lightweight
Countermeasures

Cost:
Area, Power,
Energy
 Hardware Design Flow on FPGAs
What is an FPGA?
• Field Programmable Gate Arrays.

• Array of logic cells connected via routing channels.

• Special I/O cells.

• Logic cells are mainly lookup tables (LUT) with associated

registers.
Application of FPGAs
• Prototyping:
• Ensemble of Gate arrays used to emulate a circuit before
manufacturing
• Faster and more accurate simulation
• Less cost Production:
• Very less time to market
• Better performance of modern FPGAs
• Reconfigurable Computing:
• Same hardware used to configure on the fly
• Partial Reconfiguration also possible!
• Special Purpose Computing Platform:
• Dedicated to solve one problem
• Can be attached to general purpose computers
 A Classic Example of DES Cracker
• In 1998, a custom hardware attack was mounted against the Data Encryption
Standard :
• $250,000 to build and decrypted DES cipher in 56 hours
• In 2006, COPACOBANA (Cost-Optimized PArallel COde Breaker) was built:
• Consists of commercially available, reconfigurable integrated circuits.
• $10,000 and decrypts DES cipher in around 6.4 days
• Cost decrease by roughly a factor of 25
• Adjusting for inflation over 8 years yields an even higher improvement of about 30x.
• Since 2007, SciEngines GmbH, a spin-off company of the two project partners of
COPACOBANA has enhanced and developed successors of COPACOBANA.
• In 2008 their COPACOBANA RIVYERA reduced the time to break DES to the current
record of less than one day, using 128 Spartan-3 5000's

[Source: http://en.wikipedia.org/wiki/Custom_hardware_attack]
COPACOBANA Components

References:
http://www.copacobana.org/paper/copacobana_gettingstarted.pdf
FPGA Architecture • I/O Block:
• Located around the
periphery of the
core of the chip
• Programmable
Connectivity to the
chip
• Logic Blocks:
• Configurable Logic
Blocks (CLBs)
• Surrounded by
routing logic
• Connected by
switch blocks, or
Switch Block: Connects wires in adjacent channels through
connections blocks
programmable switches
Connection Block: Connects the wire segments around CLBs to its
inputs and outputs also through programmable switches
Components of the CLB
LUT (Look Up Table) for
Combinational Flip-flops/
implementing any function
Logic Latches
with k-inputs (k is 4 or 6)
(Sequential
Logic)

16
Design Flow
Design Entry in schematic, ABEL, VHDL,
and/or Verilog. Vendors include Synopsys,
1
Aldec (Xilinx Foundation), Mentor,
Cadence, Viewlogic, and 35 others.

Implementation includes Placement &

Routing and bitstream generation using
2
Xilinx’s M1 Technology. Also, analyze timing,
view layout, and more.
M1 Technology

Download directly to the Xilinx

hardware device(s) with 3
unlimited reconfigurations* !!

XC4000 XC4000 XC4000

*XC9500 has 10,000 write/erase cycles

Nexys-III Board (A Sample Hardware Board)

FPGA

Source: www.digilent.com
A Simple Design Problem

• Design a 2 bit adder:

• Input : ‘a’ and ‘b’

• Output: s = a + b
Design Files
module adder(a, b, s);

input [1:0] a, b;
output [2:0] s;

assign s = a + b;

endmodule
The Xilinx Design Environment

Device
Specifications
For the Nexys-
III
Board
New Project Wizard
Device Settings

Device
Specifications
For the Nexys-III
Board
Click New Source
Create a Verilog File ‘adder.v’

Click
‘Next’->’Next’
‘adder.v’
module adder(a, b, s);

input [1:0] a, b;
output [2:0] s;

assign s = a + b;

endmodule
Writing Test Bench

Add the top module as

‘adder’
File ‘testadder.v’
module testadder; initial begin
// Initialize Inputs
a = 0;
// Inputs b = 0;
reg [1:0] a;
reg [1:0] b; // Wait 100 ns for global

// Outputs //reset to finish

#100;
wire [2:0] s;
// Add stimulus here
// Instantiate the Unit Under Test a = 2'b01;
// (UUT) b = 2'b11;
adder uut (
.a(a), #1
.b(b), a = 2'b11;
b = 2'b11;
.s(s));
end
endmodule
Simulated Behavioral Model
Adding User Constraint File (UCF) for Synthesis
NET "a[0]" LOC = T10;
NET "a[1]" LOC = T9;
NET "b[0]" LOC = V9;
NET "b[1]" LOC = M8;
NET "s[0]" LOC = U16;
NET "s[1]" LOC = V16;
NET "s[2]" LOC = U15;

(SEE THE NEXYS-III BOARD FOR

DESCRIPTIONS)

Go to Implement and Press

Synthesize-XST (Xilinx Synthesis
Technology)
Steps of Design Automation
• RTL Design: Description of the design in a HDL (Hardware Design
Language):
• Data/Control Paths, Module description, integration, testing.
• RTL Elaboration: Inferring of data-path to be realized by special
components internal to the FPGA. The control path gets elaborated
to finite state machines (FSM), or Boolean equations.
• Architecture Independent Optimization: Data-path optimized by
techniques like constant propagation, strength reduction,
expression optimizations. Control paths are optimized by FSM
encoding, state minimizations.
Steps of Design Automation
• Mapping: Various elements of the design are optimally assigned to FPGA
resources. Data-path elements get inferred to adders, multipliers, memory
elements. Control-path are realized in the FPGA logic block. The optimizations
depend on the FPGA fabric, the LUT structures, etc.
• Placement: Decides the physical locations and inter-connections of each logic
block.
• Placement Driven Optimizations: In order to reduce the inter-connects, the initial
placement is updated.
• Routing: The CLBs and the wires are interconnected using restricted
programmable switches.
• Bit-Stream Generation: Final Step! It takes the routed design as input, and
produces the bit stream to program the logic and inter-connects (every thing is
a switch which can be programmed)
 Open Adept tool from Digilent
• Connect the Nexys-III board to the USB
• Look for the USB Prog port in the board (AND NOT THE UART)

• Click Initialize Chain

• Should show the device XC6SLX16

• Select the bit file: adder.bit and Program the FPGA

• Check with the switch inputs, and see the result on the three LEDs
(correspond with the UCF File)
References:
 Debdeep Mukhopadhyay and Rajat Subhra Chakraborty, Hardware Security:
Design, Threats and Safeguards, CRC Press
Conclusion:
TPM a hardware security co-processor to work as a root of
trust
Hardware Attacks are still possible in the form of side
channel attacks
FPGAs provide a reconfigurable platform for hardware
design
FPGA design flow takes the RTL description to the
final prototype in the form of bit-files