Visit Cryptographic Engineering Research Group
George Mason University

14 November 2008, Whittemore 457

This seminar will provide an overview of research projects being done at the Cryptographic Engineering Research Group (CERG) at George Mason University. CERG consists of three faculty members (Kris Gaj, David Hwang, and Jens-Peter Kaps) and their graduate students. The seminar will discuss several previous and current projects performed at CERG in the area of novel hardware architectures for cryptography and cryptanalysis, fair and efficient comparison of cryptographic algorithms and implementations, ultra-low power cryptography, and side-channel attacks in FPGAs.

In this presentation, we show an on-chip communication channel using thermal means. We utilize standard digital gates to sense the temperature variation of the chip. We refer to this as digital gate-based on-chip thermal communication. The advantage of this kind of communication method is that it can detect the thermal variation without analog circuits or dedicated thermal sensor. A possible application for this design is a covert communication channel, where we build a communication between two parts of a circuit without wire connections.

The tiny encryption algorithm (TEA) was developed by Wheeler and Needham as a simple computer program for encryption. This presentation shows the first design-space exploration of hardware implementations of the extended tiny encryption algorithm. It presents efficient implementations of XTEA on FPGAs and ASICs for ultra-low power applications such as RFID tags and wireless sensor nodes as well as fully pipelined designs for high speed applications. A novel ultra-low power implementation is introduced which consumes less area and energy than a comparable AES implementation. Furthermore, XTEA is compared with stream ciphers from the eSTREAM portfolio and lightweight ciphers. The high speed implementations of XTEA operate at 20.6 Gbps (FPGA) or 36.6 Gbps (ASIC).

The flexibility and adaptability brought by modern software, low-cost microprocessors, and smart antennas have made software-defined and cognitive radios a reality. However, the advantages of such radios can be offset by the lack of security and reliability of the underlying software, hardware, and protocols. Consequently, the emergence of software defined radio (SDR) and software-based cognitive radio (CR) have brought about new security threats that have not been considered previously. In particular, the programmability of SDR and CR devices raises serious security concerns. Perhaps, one of the most serious concerns is the possibility that adversaries may attempt to manipulate radio software and/or hardware to gain operational advantages (e.g., transmit at a power higher than the authorized limit or on the wrong frequency) or launch attacks against incumbent networks. In this talk, I will give an overview of security threats to CR networks and related technical challenges.

Montgomery modular multiplication is one of the fundamental operations used in public key cryptography, including RSA, Elliptic Curve Cryptosystems, Pairing-Based Schemes, and many others. At CHES 1999, Tenca and Koc proposed the now-classical architecture for implementing Montgomery multiplication in hardware. With parameters optimized for minimum latency, this architecture performs a single Montgomery multiplication in approximately 2n clock cycles, where n is the size of operands in bits. In this talk we present two new hardware architectures that are able to perform the same operation in approximately n clock cycles with almost the same clock period. One of these architectures outperforms the design by Tenca and Koc by a factor of at least 1.7 in terms of latency, and by at least 25% in terms of the product latency times area, for several most common operand sizes used in cryptography.

Side-channel attacks on the power consumption of a circuit correlate the variations of the power consumption with the internal data processing of that circuit, and can reveal internal secrets. For example, cryptographic circuits can be power-analyzed to reveal their secret keys. The use of the subthreshold-voltage circuits to implement those circuits makes their side-channel power analysis significantly more difficult. The reduced operating voltage, as well as the proportionally larger leakage, result in power variations that are orders of magnitude less than the super-threshold case, and hence much more difficult to measure. This talk will present an analysis of subthreshold voltage technology for secure circuit design, and propose potential applications.

Third-party developers of hardware intellectual property face the challenge of protecting their IP while demonstrating their product design to system integrators (i.e. their customers). System integrators, on the other hand, need to ensure that a third-party developer's IP can meet the exact performance requirements of the system before purchasing the IP. The research presented in this talk attempts to solve this problem in the specific case of digital signal processing systems. Techniques are presented which protect IP and guarantee performance to satisfy all parties prior to an IP contract agreement.

Intentional tampering in the internal circuit structure by implanting Trojans can result in disastrous operational consequences. While a faulty manufacturing leads to a nonfunctional device, effect of an external implant can be far more detrimental. Therefore, effective detection and diagnosis of such maligned ICs in the post silicon testing phase is imperative, if the parts are intended to be used in mission critical applications. We propose a novel sustained vector methodology that proves to be very effective in detecting the presence of a Trojan in an IC. Each vector is repeated multiple times at the input of both the genuine and the Trojan circuits that ensures the reduction of extraneous toggles within the genuine circuit. Regions showing wide variations in the power behavior are analyzed to isolate the infected gate(s). Experimental results on benchmark circuits show that this approach can magnify the behavioral difference between a genuine and infected IC by orders of magnitude.