On the exploitation of a high-throughput SHA-256 FPGA design for HMAC

Michail, Harris E.; Athanasiou, George S.; Kelefouras, Vasilios; Theodoridis, George; Goutis, C.E.

doi:10.1145/2133352.2133354

Cited by 41 publications

(43 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, the SHA-256 hashing on a dedicated crypto-engine clocked at 170MHz requires 0.125 cycles/byte according to [32], which is about 10x faster than the software implementation reported in Table V. As another example, AES encryption performed on a separate engine clocked at 340MHz requires 0.69 cycles/byte [19], which is about 1.6x faster than encryption that uses Intel's AES-NI instructions.…”

Section: B Overhead Of Compartment Operationsmentioning

confidence: 99%

Iso-X: A Flexible Architecture for Hardware-Managed Isolated Execution

Evtyushkin

Elwell

Özsoy

et al. 2014

2014 47th Annual IEEE/ACM International Symposium on Microarchitecture

View full text Add to dashboard Cite

Abstract-We consider the problem of how to provide an execution environment where the application's secrets are safe even in the presence of malicious system software layers. We propose Iso-X -a flexible, fine-grained hardware-supported framework that provides isolation for security-critical pieces of an application such that they can execute securely even in the presence of untrusted system software. Isolation in Iso-X is achieved by creating and dynamically managing compartments to host critical fragments of code and associated data. Iso-X provides fine-grained isolation at the memory-page level, flexible allocation of memory, and a low-complexity, hardwareonly trusted computing base. Iso-X requires minimal additional hardware, a small number of new ISA instructions to manage compartments, and minimal changes to the operating system which need not be in the trusted computing base. The run-time performance overhead of Iso-X is negligible and even the overhead of creating and destroying compartments is modest. Iso-X offers higher memory flexibility than the recently proposed SGX design from Intel, allowing both fluid partitioning of the available memory space and dynamic growth of compartments. An FPGA implementation of Iso-X runtime mechanisms shows a negligible impact on the processor cycle time.

show abstract

Section: B Overhead Of Compartment Operationsmentioning

confidence: 99%

Iso-X: A Flexible Architecture for Hardware-Managed Isolated Execution

Evtyushkin

Elwell

Özsoy

et al. 2014

2014 47th Annual IEEE/ACM International Symposium on Microarchitecture

View full text Add to dashboard Cite

show abstract

“…As below, we separately discuss other implementations of SHA-256 circuit and other implementations of HMAC-SHA-256 circuit. 6.1.1 Scan-based Attack against Other SHA-256 Circuit Implementations As far as we know, basic iterative SHA-256 circuit [29], [40], two-unrolled SHA-256 circuit [41], [42], pipelining SHA-256 circuit [43], [44], two-unrolled pipelining SHA-256 circuit [45], four-unrolled pipelining SHA-256 circuit [45], and compact SHA-256 circuit [46] are proposed as SHA-256 circuit implementations.…”

Section: Scan-based Attack Against Other Sha-256/hmac-sha-256 Circuitmentioning

confidence: 99%

“…This implementation is the simplest and has a small area compared to Ref. [42]. However, there are other HMAC-SHA-256 circuit implementations that utilize two SHA-256 circuit blocks inside [42].…”

Section: Scan-based Attack Against Other Hmac-sha-256mentioning

confidence: 99%

“…[42]. However, there are other HMAC-SHA-256 circuit implementations that utilize two SHA-256 circuit blocks inside [42]. Now, let SHA a and SHA b be the two SHA-256 circuit blocks in the HMAC-SHA-256 circuit.…”

Section: Scan-based Attack Against Other Hmac-sha-256mentioning

confidence: 99%

“…For example, Ref. [42] proposes the HMAC-SHA-256 circuit implementation in this case. In this circuit implementation, when a message M is inserted into SHA a , only the message M which is dependent on M is inserted into SHA b .…”

Section: Scan-based Attack Against Other Hmac-sha-256mentioning

confidence: 99%

See 2 more Smart Citations

Scan-based Side-channel Attack against HMAC-SHA-256 Circuits Based on Isolating Bit-transition Groups Using Scan Signatures

Oku

Yanagisawa

Togawa

2018

IPSJ Transactions on System LSI Design Methodology

View full text Add to dashboard Cite

Abstract:A scan chain is used by scan-path test, one of design-for-test techniques, which can control and observe internal registers in an LSI chip. On the other hand, a scan-based side-channel attack is focused on which can restore secret information by exploiting the scan data obtained from a scan chain inside the crypto chip during cryptographic processing. In this paper, we propose a scan-based attack method against a hash generator circuit called HMAC-SHA-256. Our proposed method is composed of three steps; Firstly, we isolate 64 bit-transition groups from a scan data using scan signatures based on the property of the HMAC-SHA-256 algorithm. Secondly, we classify these 64 bittransition groups into 32 pairs. Lastly, we find out the correspondence between the scan data and the internal registers in the target HMAC-SHA-256 circuit. Our proposed method restores the secret information by the three steps above, even if the scan chain includes registers other than the target hash generator circuit and hence it becomes too long. Experimental results show that our proposed method successfully restores two secret keys of the HMAC-SHA-256 circuit using up to 425 input messages in 7.5 hours.

show abstract

A Configurable Implementation of the SHA-256 Hash Function

Martino

Cilardo

2019

Advances on P2P, Parallel, Grid, Cloud and Internet Computing

View full text Add to dashboard Cite

On the exploitation of a high-throughput SHA-256 FPGA design for HMAC

Cited by 41 publications

References 20 publications

Iso-X: A Flexible Architecture for Hardware-Managed Isolated Execution

Iso-X: A Flexible Architecture for Hardware-Managed Isolated Execution

Scan-based Side-channel Attack against HMAC-SHA-256 Circuits Based on Isolating Bit-transition Groups Using Scan Signatures

A Configurable Implementation of the SHA-256 Hash Function

Contact Info

Product

Resources

About