GALS System Design:
Side Channel Attack Secure Cryptographic Accelerators
Chapter 1:
Introduction
Disclaimer:
This is the www enabled version of my thesis. This has been converted from
the sources of the original file by using TTH, some perl
and some hand editing.
There is also a PDF.
This is essentially as it is, but includes formatting for A4, and some of the color pictures
from the presentation.
Contents
1 Introduction
2 GALS System Design
3 Cryptographic Accelerators
4 Secure AES Implementation Using GALS
5 Designing GALS Systems
6 Conclusion
A 'Guessing' Effort for Keys
B List of Abbreviations
Bibliography
Footnotes
This thesis combines two relatively different areas of research. On
one hand, the Globally-Asynchronous Locally Synchronous (GALS) design
methodology and on the other hand the design of secure cryptographic
systems are covered in this thesis. In the end, the GALS design methodology
is applied to a cryptographic system to increase its security against
certain attacks.
GALS has been introduced as a design methodology that will facilitate
the design of multi-million transistor integrated circuits in the
future. Instead of designing a completely synchronous system where
a global clock signal has to be distributed over the entire circuit
with considerable effort, GALS allows individual modules to be clocked
independently. This has two important consequences. The most visible
result is that all problems related to global clock distribution and
meeting timing constraints at the final stage of design are virtually
eliminated. Secondly, the GALS methodology dictates a clear separation
between functionality that is provided by the locally synchronous
part, and the communication that is asynchronous. Modules designed
in this way can be re-used much more easier.
The Integrated Systems Laboratory (IIS) of the Swiss Federal Institute
of Zurich has been one of the leading research institutes in GALS
research, especially in practical realizations of GALS systems. The
Marilyn design developed as part of Jens Muttersbach's Ph.D.
research is the first successfully integrated GALS system, and the
Shir-Khan design developed as part of Thomas Villiger's Ph.D.
research is the largest implemented GALS system to date.
Despite all these advantages GALS has so far not seen universal acceptance
and has remained a niche technology at best. Among the most frequently
cited reasons is the lack of design tool support and a test methodology.
The GALS design flow demonstrated in this thesis uses conventional
design tools for most of the design stages. Furthermore, a test methodology
that combines standard stuck-at fault testing for the locally synchronous
parts with a functional test for the asynchronous communication is
presented. While the GALS design flow presented here may not be of
industrial quality, it is not far from it.
GALS design is typically seen as a replacement for conventional design
methods. It was presented as a 'fix' for clock distribution and top-level
timing problems of standard synchronous design. However, GALS also
offers several new and interesting opportunities to designers. In
this thesis, the ability of using independent clock domains of GALS
is exploited to increase the security of cryptographic accelerator
circuits.
Unlike previous GALS research that was mainly project based, the experience
on cryptographic hardware design started off as student semester thesis
projects. Cryptographic algorithms are well suited as examples for
students learning how to design digital micro-chips. The first Advanced
Encryption Standard (AES) implementation at the IIS was realized during
the winter semester 2001/2002. Unfortunately a post-processing error
resulted in several shorts on the circuits. While the basic functionality
of the chip could be verified on one sample after extensive micro-surgery,
the AES algorithm was implemented a second time the following year.
This implementation, called Fastcore, also included many features
that were missing in the first one.
Cryptographic algorithms like AES are basically secure against algorithmic
attacks. But once such algorithms are implemented, be it on dedicated
hardware or as software on a micro-controller, different physical
properties of the algorithm can be observed. Over the years, sophisticated
attacks were developed that enabled attackers to break cryptographic
devices by such observations. A very popular and extremely efficient
method is the so-called Differential Power Analysis (DPA) attack that
is based on observing the power consumption of a system implementing
the cryptographic algorithm.
For the most part, cryptographers are not good hardware designers,
and hardware designers are equally bad cryptographers. It is therefore
not very surprising that chip designers, upon reading mostly theoretical
papers on DPA attacks, regard them as interesting, but not really
practically applicable for dedicated chips. Following such a dispute,
the aforementioned Fastcore design was successfully attacked
using the DPA method. This was the first successful practical DPA
attack on a micro-chip implementing the AES algorithm.
In the following semesters, several other AES chips were developed
as part of semester and diploma theses, each using a set of different
ideas for countermeasures against similar DPA attacks. The GALS-based
AES implementation presented in this thesis is a result of this continued
involvement in the field of cryptographic security. Cryptographic
security is a difficult problem, and it would be foolish to imagine
that the approach presented here will solve the problem completely.
However, it presents a fresh and different solution that could prove
to be a step in the right direction.
This thesis gives a comprehensive overview of the GALS design methodology
and it presents a unique implementation of the AES algorithm using
GALS. The final design called Acacia is as fast as its synchronous
counterpart while allowing efficient countermeasures against DPA attacks
to be implemented. The GALS methodology used for the design has been
refined, new port controllers have been designed, and for the first
time a viable test methodology for a GALS system has been presented.
A brief overview of the GALS design methodology is given in Chapter
2. The GALS subject is then rested until the example design is presented
later in Chapter 4. Before that, Chapter 3 includes a short introduction
to cryptography, and it describes the Advanced Encryption Standard
(AES) in detail. The AES algorithm is examined from a hardware designers
view, and solutions that result in different area and throughput configurations
are compared. The chapter concludes with a discussion on cryptographic
security. The secure AES implementation using GALS is introduced in
Chapter 4. The following Chapter 5 is dedicated to a series of topics
related to GALS design. These include the design flow and test methodology
as well as a discussion on how a standard synchronous design can be
converted to GALS. Finally Chapter 6 presents a summary and draws
conclusions.
File translated from
TEX
by
TTH,
version 3.77.
On 20 Dec 2006, 15:44.