Three Challenges of Secure Embedded System Design:

Performance, Battery life and Robustness

Nachiketh Potlapally

Department of Electrical Engineering

Princeton University

Princeton, NJEmail: npotlapa@princeton.edu

Embedded System Applications Require Security

E-walletPortfolio management usingMicrosoft money

Server

RFID tag1.28-1.92 MHz,

128-512 bit ROM,32-128 bit RAM,

10000 gate logic,Battery (active)

Smart card66 MHz, 240 KB ROM,

16 KB RAM, 912 KB EEPROM

Crypto co-processor,Battery (active)

Cell-phone/PDA200 MHz,16MB RAM,

64MB Flash,Crypto co-processor,

Battery

Network

Sensitive embedded system applications need security protocols to provide confidentiality, integrity and authentication

E-passport

Cryptographic algorithms

Confidentiality, Integrity and Authentication

Confidentiality Integrity Authentication

- Table lookup- Permutations- Multiplication- Modular addition- Modular multiplication- Fixed shift/rotate- Variable shift/rotate

- Multiplication- Addition- Logical operations- Fixed shift/rotate

- Modular exponentiation- Point multiplication on Elliptic curves

Symmetric algorithms(DES, AES, 3DES, RC5)

Asymmetric algorithms(RSA, ECC, DH, ECDH)

Hash algorithms(MD4, HMAC, SHA-1)

Security protocols

Security objectives

Crypto algorithms arecomputationally

intensive

Challenges in Implementing Security on Embedded Systems

Embedded systems- Low-end processors- Battery energy supply

Security protocols

Reduced performance

Shorter batterylife

3DES and SHA require 130 MIPS @ 2 Mbps

(Intel SA-1100 delivers 150 MIPS at 133 MHz )

Sensoria WINS nodeneeds 21.5 mJ/bit to

transmit. RSA imposesoverhead of 42 mJ/bit

Susceptibility toside-channel attacks

Infer cryptographic keysfrom non-invasive probing

of implementation characteristics

Objectives in design of secure embedded systems: Good performance, long battery life and

robustness to attacks

My Research Experience

1. “Algorithm Exploration for Efficient Public-Key Security Processing for Wireless Handsets”, DATE022. “Optimizing Public-key Encryption”, ICC023. “System-level Design methodologies for a Wireless Security Processing Platform”, DAC024. “Analyzing the Energy Consumption of Security Protocols”, ISLPED035. “Impact of Configurability and Extensibility on IPSec Protocol Execution on Embedded Processors”, VLSID066. “Satisfiability-based Framework for Enabling Side-channel Attacks on Cryptographic Software”, DATE067. “A Study of the Energy Consumption Characteristics of Cryptographic Algorithms and Security Protocols”, IEEE Transactions on Mobile Computing, February 20068. “Aiding Side-channel Attacks on Cryptographic Software with Satisfiability-based Analysis”,

IEEE Transactions on VLSI Systems, April 20069. “Configuration and Extension of Embedded Processors to Optimize IPSec Protocol Execution”, IEEE Transactions on VLSI Systems. (To appear)10. “Verifying Data Integrity with Few Queries to Untrusted Memory”, (In Submission)

1. Optimizing public-key algo. software performance [1,2]2. Custom instruction design for public-key algo. [3]3. Accelerating symmetric and hash algo. through custom instructions [5,9]4. Optimizing IPSec protocol performance [5,9]5. Reducing performance overhead of memory checking [10]

1. Analyzing energy consumption of cryptographic algorithms [4,7]2. Optimize energy consumption of SSL protocol [4,7]3. Reduce energy consumed by memory bus in memory integrity checking [10]

1. Satisfiability-based framework for enabling side-channel attacks on embedded cryptographic software [6,8]

Performance

Battery life

Robustness

Publications:

Design ofsecure

embeddedsystems

Outline

• Part 1: Robustness of secure embedded systems– Satisfiability-based side-channel attacks on

cryptographic software

• Part 2: Battery life of secure embedded systems– Analyze energy consumption of cryptographic

algorithms and security protocols

• Future work

Part 1: RobustnessSatisfiability-based Side-channel

Attacks on Cryptographic Software

Logical Inferences on Leaked Intermediate Values Can Expose Secret Key

Memory bus

On-chipsecure memory

Cryptographic algorithm software

Plaintext

Ciphertext

Secretkey

Intermediatevariables

Logicalinferences

Protect theseVariables too!

Robustness: Talk Outline

• Information leakage in software implementations– Active and passive leakage

• Logical cryptanalysis framework– Satisfiability (SAT) solver– Proposed cryptanalysis flow

• Experimental setup• Results: DES, 3DES, and AES

– Sensitive intermediate variables

Cryptanalysis: Theoretical View

BlackBox

Cryptographic algorithmimplementation

Plaintext

Ciphertext

Secret key

Secure storage

Cryptographic algorithms are provably secureagainst mathematical cryptanalysis under the

black-box assumption

Applications

Cryptanalysis: Software Leakage

Operating system

System library

Hardware

System calls

System calls

Library calls

Machine instructions

Persistence ofswapped data

(Garfinkel & Shelat, S&P 03)

Memory busmonitoring

(Anderson & Kuhn, USENIX 96)

Sensitive residualdata in buffers

(Chow et al., USENIX 04)

Proactive cacheprobing

(C. Percival, Tech. Rep.)

Sensitive datain core dumps

(Broadwell et al., USENIX 03)

Hacking run-timestack

(V. Paretsky, Dr. Dobbs 05)

Software

Plaintext

CiphertextOn-chip

secure memory

Cryptanalysis Using Leaked Intermediate Values

1

2

3

4

5

Data-flow graph of a crypto function

Exposed intermediate computation

Hidden computation

Implied computation

Implication path

Exposure of intermediate values may aidcomputation of protected secret key bits

via logical implications

V1

V2V3

V5

V4

V6

V7V8

Secret key

Plaintext

Ciphertext

V9

V10

V11 6

Key is protected from exposure

7

Logical Cryptanalysis Framework

Plaintext P

Ciphertext C

Constraints

Known plaintext +Known ciphertext +Exposed variables

Circuit description

Logical Analysis/Implication

Engine

Theorem prover,Satisfiabilitysolver, ….

Secret key K

Secret Key

Satisfiability (SAT) Solvers

• SAT solver finds satisfying Boolean assignment to variables in a conjunctive normal form (CNF) formula– Gives a proof if no such assignment exists

• SAT solver has a powerful logical implication engine in the form of Boolean constraint propagation (BCP)

• Circuits can be converted to CNF in linear time

x

yz

(z+x) (z+y) (z+x+y)

x

yz

(z+x) (z+y) (z+x+y)

x

yz

(z+x+y) (z+x+y) (z+x+y) (z+x+y)

AND OR XOR

CNF CNF CNF

SAT-based Cryptanalysis Framework

(z+x+y) (z+x+y) (z+x+y) (z+x+y)(z+x) (z+y) (z+x+y)

….

(z+x) (z+y) (z+x+y)Ψ (P, C, K)

CNF formula ofcryptographic

algorithm,

Plaintext P Secret key K

Ciphertext C

CNF conversion

Ψ(P, C, K)

Set plaintext and ciphertext

values inΨ(P, C, K)

SATsolver

K’ = 110..1(consistent with the values set)

Timeout

Set values of exposed variables inΨ (P, C, K)

Constraints

CNF conversion : DES

Li

Li+1

Ri

Ri+1

Ki

P E

S1

S2

S7

S8…

Converting z=F(x,y) to CNF

z = F(x,y)(z F(x,y)) (F(x,y) z)

(z + F(x,y)) (F(x,y) + z)

≡

≡

Algorithm Clauses Literals

DES

3DES 20328 104928

6904 35232

....

Round 1

Round 2

Round i

Round 16

Plaintext

Ciphertext

K1

K2

Ki

K16

K

Secretkey

Keysetup

......

32 32

48

Experimental Setup

CNF generator

Cryptographic algorithm software

Plaintext,Ciphertext

Exposedvariable values

Xtensa ISS

RTLgenerator

xt-gcccompiler

Memory trafficanalyzer

MiniSAT solver

Secret key &Sensitive variables

Results: DES & 3DESLi Ri

Ri +1Li +1

F

Ki

Li Ri

Ri +1Li +1

Li +2 Ri +2

F

F

Ki

Ki +1

Li Ri

Ri +1Li +1

Li +2

Li +3

Li +4

Ri +2

Ri +3

Ri +4

F

F

F

F

Ki

Ki +1

Ki +2

Ki +3

Sensitive variable set

1

Sensitive variable set

2

Sensitivevariable set

3

Results: DES and 3DES

0

200

400

600

800

1000

1200

1400

1 2 4 8 16 32

0

5

10

15

20

25

30

2 4 8 16 32Plaintext-ciphertext pairs Plaintext-ciphertext pairs

Tim

e ta

ken

by

SA

T s

olv

er(s

eco

nd

s)

Tim

e ta

ken

by

SA

T s

olv

er(s

eco

nd

s)

Sensitive variable set 1 Sensitive variable set 3

DES

3DES

1. Sensitive variable sets 1 and 2: 1165 seconds (on average) with four plaintext-ciphertext pairs and corresponding intermediate variable values2. Sensitive variable set 3: 750 seconds (on average) with four plaintext-ciphertext pairs and corresponding intermediate variable values

Results: AES

Algorithm Literals Clauses

AES 10240 542432

Rounds

10

5 seconds (on average) to get the 128-bit AES key with one plaintext-ciphertext pair and 128-bit input and

output of any one round

CNF conversion

Results of side-channel cryptanalysis

Conclusions

• Presented a SAT-based framework for cryptanalysis

• Identified the set of sensitive intermediate variables in DES, 3DES and AES

• Future work:– Improve analysis techniques to reduce the

size of sensitive variable set– Combine with traditional side-channel attacks

Part 2: Battery LifeAnalyzing the Energy Consumption

of Cryptographic Algorithms andSecurity Protocols

Impact of Security Processing on Battery Life: Battery Gap

• Security processing is computationally intensive• Drains battery faster

0 100 200No. of Transactions

Battery runsout of power

Battery runsout of power

Mobile Node• Motorola DragonBall MC68328• Sensoria WINS NG RF Subsystem

( 10 Kbps, 10mW power )• Sensoria WINS NG Battery Pack

( 7.2 V supplying 26 kJ)

Source: Network Associates Inc.

There is a need for energy-efficient security protocols

Battery life: Outline

• Experimental setup• Analysis of energy consumption of

cryptographic algorithms– Symmetric algorithms– Public-key algorithms

• Analysis of energy consumption of SSL security protocol

• Discussion: Optimizing SSL• Conclusions

Dataacquisition card

Client

Powermeasurement

system

LabVIEW programmingenvironment

Serial

Senseresistor

Labpowersupply

TCP

IP

SSLHTTPS

Linux

IPSec Wireless

LAN/WAN

Server

iPAQ H3670SA-1100 StrongARM

@206MHz64MB RAM, 16MB ROM

SCB-68I/O connector

Experimental Set-up

Battery life: Outline

• Experimental setup• Analysis of energy consumption of

cryptographic algorithms– Symmetric algorithms– Public-key algorithms

• Analysis of energy consumption of SSL security protocol

• Discussion: Optimizing SSL• Conclusions

Symmetric Algorithms

…

Round 1

Round 2

Round N

Plaintext P

Ciphertext C

Key setup

Secret keyK

K1

K2

KN

Implementsconfusion

and diffusionoperations

...Round i

Ki

....…

..

Energy Consumption Results: Impact of Symmetric Algorithm Parameters

Symmetric algorithm parameters influence system energy consumption- Number of rounds of execution

RC5

• Cipher parameters affect energy and security• Energy-security trade-offs possible in symmetric algos.

247 295 2119 > >Cryptanalytic difficulty

0.1

1

10

100

1000

10000

Key Setup

Enc/Dec

Key Setup 27.53 87.04 7.96 37.63 7.87 32.94 95.97 66.54 3166.3

Enc/Dec 2.08 6.04 1.47 1.47 1.21 1.73 3.93 0.79 0.81

DES 3DES IDEA CAST AES RC2 RC4 RC5BLOWFISH

Ene

rgy

cons

umpt

ion

(log

ari

thm

ic s

cale

)

(µJ)(µJ/byte)

Energy Consumption Results: Symmetric Algorithms

Symmetric algorithms have widely varying energy consumption values- BLOWFISH has the greatest key setup cost, but very low enc/dec cost- 3DES has the highest enc/dec cost

Symmetric Algorithm Block Cipher Modes

Symmetricalgorithm

Plaintext

Ciphertext

Symmetricalgorithm

Plaintext_0

Ciphertext_0

Initializationvector

Symmetricalgorithm

Ciphertext_1

Plaintext_1

….

ECB modes CBC mode

Symmetricalgorithm

Plaintext_0

Ciphertext_0

Symmetricalgorithm

Ciphertext_1

Plaintext_1

….

Key Key Key

Initializationvector

Key Key

OFB/CFB mode

128

192

256

En

erg

y c

on

su

mp

tio

n (

uJ

)

(uJ)(uJ/Byte)

2

4

6

8

10

12

Key setup ECB CBC CFB OFB

Key size

AES

Energy Consumption Results: Impact of Symmetric Algorithm Modes

Symmetric algorithm parameters influence system energy consumption- Key size- Cipher mode (ECB, CBC, CFB, OFB)

Energy Consumption Results:Impact of Table Lookups & Loop Unrolling

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

Zero One Four

Full unroll

No unroll

Partial unroll

En

erg

y c

on

su

mp

tio

n (

J)

Number of tables per round

Degree of unrolling

• Many tables and full loop unrolling increase the number of memory accesses• Optimal energy with one table and partial unrolling

Maximumenergy

Minimum energy

60KB file, 128-bit key AES

Energy Consumption Results:Processor vs. Memory Energy in AES

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

Zero One Four

Memory

Processor

En

erg

y c

on

su

mp

tio

n (

J)

Number of tables per round

• Table lookups replace arithmetic instructions with loads and stores• Energy consumption rises when tables affect caching behavior

Partial loop unrolling

60KB file, 128-bit key AES

• Constructed using trap-door one way functions– Computationally infeasible to invert without ‘trap-door’

information

• Security is based on hard mathematical problems– Integer factorization (RSA)– Discrete logarithm in Integer field (DH, DSA)– Discrete logarithm in Elliptic fields (ECDH)

• Two applications of public-key algorithms– Authentication using digital signatures– Key exchange for symmetric algorithms

Public-key Algorithms

0

100

200

300

400

500

600

RSA DSA ECDSA

Key Gen

Sign

Verify

En

erg

y co

nsu

mp

tio

n (

mJ)

(1024-bit) (1024-bit) (160-bit)

Energy Consumption Results: Public-key Algorithms (Digital Signature)

• RSA and ECDSA exhibit complementary energy consumption for sign and verify operations

Energy Consumption Results: Public-key Algorithms (Key Exchange)

0

200

400

600

800

1000

1200

DH DH ECDH

Key Gen

Key Exch

(1024-bit)

En

erg

y co

nsu

mp

tio

n (

mJ)

(160-bit)(512-bit)

• Increasing key size drastically affects the energy consumption• ECDH is more energy efficient than DH

Battery life: Outline

• Experimental setup• Analysis of energy consumption of cryptographic

algorithms– Symmetric algorithms– Public-key algorithms

• Analysis of energy consumption of SSL security protocol

• Discussion: Optimizing SSL• Conclusions

Secure Sockets Layer (SSL)

IP

TCP

SSL Record Protocol

SSLHand-shake

SSLChangeCipher SSL

Alert

Application data

Fragment

CompressedFragment

MAC trailer

Padding

Encrypteddata

SSL record

SSL header

Compression

Message Integrity

Padding

Encryption

SSL Record Assembly

Confidentiality, Integrity

Authentication,Key exchange

Protocol

Asymmetric

Symmetric

Hash

En

erg

y co

nsu

mp

tio

nb

reak

up

60%

40%

80%

20%

100%

1K 100K 1M

Transaction size (bytes)

0%

41% 44% 46%

Energy Break-up of SSL Processing

• For small transactions, asymmetric algorithm energy dominates• For large transactions, symmetric algorithm energy dominates• Non-crypto processing accounts for more than 40% of the energy

Battery life: Outline

• Experimental setup• Analysis of energy consumption of cryptographic

algorithms– Symmetric algorithms– Public-key algorithms

• Analysis of energy consumption of SSL security protocol

• Discussion: Optimizing SSL• Conclusions

0

200

400

600

800

1000

1200

RSA ECC RSA ECC

Client authenticationoverhead

No clientauthentication

Ene

rgy

cons

umpt

ion

(mJ)

Client operations

Server operations

Optimizing SSL Handshake

SSL Handshake Optimizations- Presence/absence of security services (such as client authentication)- Choice of asymmetric cipher (RSA vs ECC)

Optimizing the SSL Record Stage

SSL Record Optimizations- Choice of cipher suite (e.g., ECC-AES-MD5 vs. ECC-BLOWFISH-MD5) is influenced by the size of the data transmitted.- Choice of cipher parameters (key size, number of rounds)

Key

setup

Enc/

Dec

AES 7.87 1.21

Blowfish 3167 0.81

Key

setup

Enc/

Dec

3DES 87 6.04

RC5 66.54 0.8

Conclusions

• Comprehensive analysis of energy consumption of cryptographic algorithms and security protocols

• Energy-security trade-offs possible in security protocols– Will tolerate lower security for reduced energy

consumption– Parameters identified include

• Symmetric algorithm used in record stage• Asymmetric algorithm used in handshake• Key-size of asymmetric algorithms• Number of rounds in symmetric algorithms• Size of data to be transmitted

Future Work

Future Research: Robust, Light-weight Security

Security objectives

Security protocols

Cryptographicalgorithms

Hardware-softwarearchitectures

Layered Security Implementation

Scalable security protocols with variable rounds and per round complexity - Scalable Fiat-Shamir identification protocol

1. Devise novel algorithms based on hard problems with simpler operations - Learning parity with noise2. Algorithms based on energy efficient operations - LFSR-based hashing - Polynomial arithmetic-based algorithms

1. Efficient embedded architectures for newer crypto algorithms - NTRU2. Low-cost architectures for side-channel attack resistance - Can leakage current provide side-channel information?3. Hardware measures to tackle malware (viruses, worms)

Acknowledgements

• Princeton University– Prof. Niraj Jha and Prof. Ruby Lee– Group members

• NEC Labs America– Dr. Anand Raghunathan– Dr. Srivaths Ravi

Thank you!