Basic Hardware Design

Full Course: https://www.youtube.com/playlist?list=PLUoixF7agmItZuTTXCFfY4J4p0ad2qbKs Slides are just shortened version of Stefan Mangard’s course slides: Secure Implementation of Cryptographic Algorithms #internetofthings #cryptography #cybersecurity Basic Hardware Design Physical attacks target the physical implementation of a chip In fact, the attacks specifically exploit the way hardware is built It is the nature of physical attacks that they target a system as whole with all its details To understand the attacks it is necessary to to have a basic understanding of a system from the transistor to the application The vast majority of IC designs are synchronous designs Properties of synchronous designs: There is a state stored in memory elements (registers, RAM, flip-flops, ...) There are combinatorial circuit elements that can do computations There is a clock signal that triggers the update the memory elements Synchronous systems are essentially a finite state machine (FSM) that is triggered by the clock signal Development Process of Hardware Up to a certain level the design of digital hardware is very similar to the design of a software Like in software, abstraction is used to cope with the high complexities of today’s systems During hardware design and manufacturing there are many levels of abstraction The design process typically first starts by completely modeling the hardware in software The high-level model is then continuously refined until there is a description of the design at register-transfer-level (RTL) At RTL level, digital hardware is described using a so-called hardware description languages (HDLs) (e.g. Verilog, VHDL) At this level hardware can essentially be viewed as a finite state machine that updates its state in each clock cycle For each manufacturing technology typically a library of logic gates is created. Each gate is able to perform basic operations such as NAND, NOR, ... The synthesis tool maps the functionality described in HDL to the logical gates of the library The output of the synthesis is a netlist; Essentially it’s simply a graph, where each node corresponds to a gate ”In electronic design, a netlist is a description of the connectivity of an electronic circuit. In its simplest form, a netlist consists of a list of the electronic components in a circuit and a list of the nodes they are connected to” (wikipedia) Layout In the next step, the gates are placed and connected In this step many physical aspects need to be taken into account - Close placement of gates that are connected - Minimalization of routing overhead - Coupling of wires ... The layout is a geometrical description of the design. It describes which material should be placed where After the layout has been created it is sent to the semiconductor fabrication plant Current technologies for security ICs are 120nm, 90nm, 65nm Wafer sizes 200nm, 300nm In electronics, a wafer is a thin slice of semiconductor, such as a crystalline silicon, used for the fabrication of integrated circuits and, in photovoltaics, to manufacture solar cells. The wafer serves as the substrate for microelectronic devices built in and upon the wafer (wikipedia) Sawing, Testing and Packaging After the wafer has been produced, the following steps need to be conducted Sawing: Cut the individual ICs out of the wafer Testing: No manufacturing process is perfect. Hence, it is necessary to test each IC. As all the functionality needs to be tested, this essentially means that there is unlimited access to the chip in test mode: It is a serious problem, if an attacker can get a chip into test mode Packaging: The IC is finally packaged and ready to be shipped to the customer Optimization Goals All the tools and manufacturing steps have been developed with the goal to optimize the following properties AREA: The area of a chip is directly proportional to its cost. Hence, every saving in terms of area maps directly to money THROUGHPUT: Whenever there is a chance to optimize performance, this chance is used in a design POWER CONSUMPTION: The power consumption is critical especially in contact-less applications Data-Dependencies in Software Obtaining different timing for different data in software essentially means that there must be different execution paths for different data i.e. Depending on the data not always the same sequence of instructions is executed DO NOT PERFORM CONDITIONAL BRANCHES THAT DEPEND ON SECRET INFORMATION!!!!!! Do not use WHILE statements that use secret values in the loop condition (e.g. strcmp) Do not perform conditional branches based on key bits Do not perform conditional branches based on intermediate values of a cryptographic algorithm Data-Dependencies in Hardware For secure implementation of cryptographic algorithms it is necessary to know the timing behavior of the underlying hardware