Blogartikel_ChipSynthesis_Felix_Oberhansl_Fraunhofer_AISEC

Fraunhofer AISEC commissioned by the German Federal Office for Information Security (BSI): New study on the synthesis of cryptographic hardware implementations

The study by Fraunhofer AISEC on the security of cryptographic hardware implementations focuses on physical attacks on hardware, such as side-channel attacks and fault attacks, as well as measures to defend against them. These protective mechanisms can potentially be compromised by optimizations in the chip design process. The study shows that protective measures should be integrated into complex design processes and taken into account in hardware design synthesis in order to be resilient to hardware attacks. The findings will help hardware designers to develop robust and secure chips.

Have you ever felt uncomfortable entering your personal details on a website? Only 4.6% of Germans consider the internet to be highly secure when it comes to their personal data [1]. A number of data leaks, as well as posts on this blog, indicate that this concern is not without reason. In a connected world, it is essential that people can trust technical solutions. For electronic devices, this means, among other things, that an attacker in the vicinity of the device cannot steal any sensitive data.

Trustworthiness of electronic devices

If an attacker has physical access to a device, they are not limited solely to software attacks. They can also attack the underlying hardware and exploit any vulnerabilities. Passive side-channel attacks are an example of this. This involves measuring the power consumption or electromagnetic radiation of a device as a way of drawing conclusions about its confidential data. So-called fault attacks, which deliberately cause physical interference, also pose a threat to devices. For example, a chip can be forced to function incorrectly due to brief malfunctions in the clock or voltage signal, known as glitches. Furthermore, targeted laser or electromagnetic impulses can also be utilized for fault attacks in order to override security measures or to enable statistical attacks on confidential data.

In the Common Criteria (CC) Protection Profiles (PP), protection classes are established for this type of attack. They contain information about whether a device offers effective protection against attackers with a certain amount of knowledge, time and equipment. The practical lab test is carried out by certified testing laboratories. However, drawing up the final test report, which is sent to the responsible certifying body, is often the culmination of a long series of lab tests. Preliminary examinations in secure environments, such as Fraunhofer AISEC’s hardware security lab, allow for early and cost-effective detection of vulnerabilities. For product manufacturers, this process is a double-edged sword. On the one hand, manufacturers want their products to be thoroughly tested, but on the other hand, they want to bring their products to market as quickly as possible. The »Security Evaluation of Hardware Design Synthesis« study conducted by Fraunhofer AISEC on behalf of the German Federal Office for Information Security (BSI) looks at an essential step in the development of a microchip in this context: »front end synthesis«.  Front end synthesis is the first step in chip development in which a general technical description is translated into technology-dependent components of a chip.

Chip development — a complex process

The development of modern chips is a complex process and usually starts with a concept in which the required components, for example a microcontroller and its peripherals, are defined. This is followed by a description at the so-called »Register Transfer Level« (RTL), where the functionality of the integrated circuit from one cycle to the next is specified in detail in »Hardware Description Languages« (HDL). This is followed by a first synthesis step of all selected components, which is often also referred to as »front end synthesis« or »RTL synthesis«. In this step, the functional description at the RTL level is converted into a technology-dependent netlist that contains only elementary logical gates such as NAND and XOR. These gates are defined in a »Process Design Kit« (PDK). For each process in which a chip manufacturer offers production, there is a PDK that defines the standard cells and other design regulations. The various steps of the synthesis are carried out with dedicated »Electronic Design Automation« (EDA) software, which optimizes the circuit, for example, in terms of size or maximum frequency, while ensuring that it functions properly. Taking the netlist as a starting point, the backend design process results in the so-called »tape-out«, which contains all the information needed by the foundry to manufacture the integrated circuit.

The study conducted by Fraunhofer AISEC on behalf of the BSI looks at front end or RTL synthesis. This development step is essential for hardening a chip against side channel attacks and fault attacks, as countermeasures are often integrated at RTL level.

Vulnerability of hardware design synthesis

In order to secure hardware, side channel attacks can be made more difficult or prevented entirely, for example, by using »masking«. For the masking technique, confidential information is distributed across numerous data structures, referred to as shares, which are processed by the circuit. For what is known as »second-order masking«, one share is randomly selected. The second share is formed from the first share and the confidential data. The two shares can now be processed in such a way that, in the first statistical moment (mean) of a physical side channel (e.g., electromagnetic radiation), there is no dependence on the processed data. The desired result of the calculation can then be obtained by recombining the shares. Measures to counter fault attacks often rely on redundant circuits that detect incorrect values. Other forms of redundancy, such as temporal repetition or encoded data, can also be used.

While researchers in the field of hardware security often have a good overview of hardware attacks and countermeasures, there is a lack of research into how countermeasures can be integrated into complex design processes. The study »Security Evaluation of Hardware Design Synthesis« tackles this issue and shows how the effectiveness of security measures against fault attacks is compromised by hardware synthesis. We demonstrate that under certain circumstances, net lists generated by synthesis tools have only limited resilience against hardware attacks. The study takes the perspective of hardware designers and looks at what needs to be considered during hardware synthesis. It presents methods for identifying potential weaknesses at an early stage.

Potentially fatal re-timing

The masking process is considered a countermeasure to side-channel attacks. Based on state-of-the-art research, we are introducing the robust »Probing Model«. This model makes it possible to verify the formal soundness of a masking implementation. The robustness of the model takes into account physical effects such as different signal propagation delays. The model assumes an attacker who, with limited information (so-called probes), attempts to recombine confidential information. Such information can be contained as a digital signal (1 or 0), but it can also arise from switching operations caused, for example, by different signal propagation delays.

We present a detailed case study of a masked AES S-box and look at the »re-timing optimization« that is performed during synthesis and which represents a potentially fatal modification for masked implementations. We demonstrate how re-timing can lead to unwanted side-channel leaks. We introduce open-source verification tools from current research that can detect such effects without requiring lab tests. The study looks at methodological approaches that can be used to assemble masked implementations from a few elementary modules. In addition, we analyze the optimizations in the synthesis tool yosys, which is available as open source and allows insights into hardware synthesis.

Hardening after hardware synthesis is rarely effective

The effectiveness of measures against fault attacks after hardware synthesis must also be critically examined. Hardening against fault attacks and the optimizations performed by synthesis tools stand opposed to one another. The latter optimize the circuits so that as few cells as possible have to be placed in order to keep manufacturing costs down. This involves removing redundant structures. In our study, we use the verification tool SYNFI. This can be used to test how many bit errors are detected by a module protected by redundancy. The BSI study includes case studies examining various optimization strategies, the influence of the standard cells of the PDK and the influence of timing optimizations. For example, it can be observed that the effectiveness of countermeasures decreases sharply with the increase of the target frequency of the circuit. This behavior seems to be the result of parallel structures, which are introduced to optimize the critical path and fan-outs. However, it is difficult to identify specific effects and trace them back to atomic optimization steps for commercial tools.

Further security-critical steps in the chip design process

There are also potential security challenges at other steps of the chip design process. Our study provides initial indications of this and shows that even identical RTL implementations can lead to varying degrees of chip resilience depending on the RTL synthesis. Thus, the security of a chip cannot be assessed solely on the basis of an RTL description. Only a lab analysis of the actual product can conclusively show whether vulnerabilities exist or whether a device is sufficiently hardened. The good news for product manufacturers is that there are already verification approaches that can be used to detect potential vulnerabilities caused by RTL synthesis early and automatically. For these to be widely applicable, however, the commercial EDA software must become more open and transparent and the verification approaches must become more practical.

Bibliography

[1]  Deutschland sicher im Netz – Sicherheitsindex 2024, ARIX Research, Juni 2024

Authors
Felix_Oberhansl_Fraunhofer_AISEC
Felix Oberhansl

Felix Oberhansl has been working as a research associate at Fraunhofer AISEC since 2022. His research focuses on trustworthy electronics. To this goal, he looks at physical attacks via side channels and fault injection and the development of secure hardware.

Tobias_Stelzer_Fraunhofer_AISEC_Cybersecurity_Blog
Tobias Stelzer

Tobias Stelzer has been a research associate at Fraunhofer AISEC since 2023 and is researching efficient hardware implementations for cryptography.

Grau_Logo_Blog_Author
Marc Schink

Marc Schink is a researcher in the Hardware Security department at Fraunhofer AISEC. His focus is on the discovery of vulnerabilities in hardware and software. He has already carried out several vulnerability reporting procedures for products from well-known national and international manufacturers.

Most Popular

Never want to miss a post?

Please submit your e-mail address to be notified about new blog posts.
 
Bitte füllen Sie das Pflichtfeld aus.
Bitte füllen Sie das Pflichtfeld aus.
Bitte füllen Sie das Pflichtfeld aus.

* Mandatory

* Mandatory

By filling out the form you accept our privacy policy.

Leave a Reply

Your email address will not be published. Required fields are marked *

Other Articles

Fraunhofer AISEC commissioned by the German Federal Office for Information Security (BSI): New study on the synthesis of cryptographic hardware implementations

The study by Fraunhofer AISEC on the security of cryptographic hardware implementations focuses on physical attacks on hardware, such as side-channel attacks and fault attacks, as well as measures to defend against them. These protective mechanisms can potentially be compromised by optimizations in the chip design process. The study shows that protective measures should be integrated into complex design processes and taken into account in hardware design synthesis in order to be resilient to hardware attacks. The findings will help hardware designers to develop robust and secure chips.

Read More »

Faster detection and rectification of security vulnerabilities in software with CSAF

The Common Security Advisory Framework (CSAF) is a machine-readable format for security notices and plays a crucial role in implementing the security requirements of the Cyber Resilience Act (CRA): Security vulnerabilities can be detected and rectified faster by automatically creating and sharing security information. Fraunhofer AISEC has now published the software library »kotlin-csaf«, which implements the CSAF standard in the Kotlin programming language.

Read More »

Privacy By Design: Integrating Privacy into the Software Development Life Cycle

As data breaches and privacy violations continue to make headlines, it is evident that mere reactive measures are not enough to protect personal data. Therefore, behind every privacy-aware organization lies an established software engineering process that systematically includes privacy engineering activities. Such activities include the selection of privacy-enhancing technologies, the analysis of potential privacy threats, as well as the continuous re-evaluation of privacy risks at runtime.
In this blog post, we give an overview of some of these activities which help your organization to build and operate privacy-friendly software by design. In doing so, we focus on risk-based privacy engineering as the driver for »Privacy by Design«.

Read More »
Headerbild zum Blogartikel "Neue Studie zu Laser-basiertem Fehlerangriff auf XMSS" im Cybersecurityblog des Fraunhofer AISEC

Fraunhofer AISEC commissioned by the German Federal Office for Information Security (BSI): new study of laser-based fault attacks on XMSS

To ensure the security of embedded systems, the integrity and authenticity of the software must be verified, for example through signatures. However, targeted hardware attacks enable malware to be used to take over the system. What risks are modern cryptographic implementations exposed to? What countermeasures need to be taken? To answer these questions, Fraunhofer AISEC was commissioned by the German Federal Office for Information Security (BSI) to carry out a study of laser-based fault attacks on XMSS. The focus is on a hash-based, quantum-secure scheme for creating and verifying signatures based on the Winternitz One-Time-Signature (WOTS) scheme.

Read More »