Yves Mathieu - Academia.edu (original) (raw)
Papers by Yves Mathieu
2018 IEEE 3rd International Verification and Security Workshop (IVSW), 2018
The security evaluation of embedded systems becomes clear and mandatory. Up today, the evaluation... more The security evaluation of embedded systems becomes clear and mandatory. Up today, the evaluation process is limited to certification labs that conduct the analysis on real target devices. This requires appropriate measurement platforms and equipment in addition to real chip analysis skills. In this paper, we put forward a pre-silicon evaluation methodology and tools that allow the security verification at an early stage (virtual target) and running it hands in hands with the functional verification. As of today, such approach can be used as new Electronic Design Automation (EDA) tool to properly satisfy the basics of Design for Security (DFS) concept. From a practical viewpoint, we show a study case to illustrate and provide a better understanding of that approach. Moreover, we propose new evaluation metrics based on Signal to Noise Ratio (SNR) computation, and verified on virtual and real targets respectively based on a comparative study. Likewise, the tool identifies vulnerabilites (thereby anticipating complete families of otherwise numerous, complex and many undiscovered attacks), and returns accurate feedack to the user on the precise line of code (LoC) where the vulnerability lays along with its characterization, including an identification of its severity. This allows the design to input source code to the tool, and to get back in return annotated source code with a collection of LoCs which deserve careful analysis and/or subsequent modification aiming at patching vulnerabilities.
Automated Methods in Cryptographic Fault Analysis, 2019
Side-channel and fault injection attacks are renown techniques to extract keys from cryptographic... more Side-channel and fault injection attacks are renown techniques to extract keys from cryptographic devices. Fortunately, leakage reduction and fault detection countermeasures exist and can be implemented right in the source-code. However, source-code level countermeasures might be altered during the compilation process. Design simulation is an effective means to detect such harmful simplifications. This is a well-known methodology to analyze regressions in terms of side-channel leakage. In this chapter, we explain that protections against fault injection attacks are no exception. First of all, we show that vulnerabilities to those attacks can be easily detected by simulation methods. Second, we highlight that simulation techniques are also highly efficient in detecting logic simplifications which destroy (fully or partly) the countermeasures. Thus, the simulationbased methodology we present in this chapter shows that it is possible to decide quickly which compilation options are safe and which ones are detrimental to the security.
Opening the New Technologies of Information and Communication to the disabled people is a questio... more Opening the New Technologies of Information and Communication to the disabled people is a question of increasing interest nowadays. The TELMA project aims at developing software and hardware bricks for a telecommunication terminal (cellular phone) for hearing impaired users. This terminal will be augmented with original audiovisual functionalities. More specifically, the TELMA terminal will exploit the visual modality of speech in two main tasks. On the one hand, visual speech information is used to improve speech enhancement techniques in adverse environment (environmental noise reduction enables the hearing-impaired to better exploit his/her residual acoustic abilities). On the other hand, the terminal will provide analysis/synthesis of lip movements and Cued Speech gestures. The Cued Speech is a face-to-face communication method used by a part of the oralist hearing-impaired community. It is based on the association of lip shapes with cues formed by the hand at specific locations. The TELMA terminal will translate lipreading + Cued Spech towards acoustic speech, and vice-versa, so that hearing-impaired people can communicate between them and with normal hearing people through telephone networks. To associate scientific developments, economic perspectives and efficient integration of disabled people concerns, the project is build on a partnership between universities (INPG and ENST), industrial/service company (France Télécom, R&D division) and potential users from the hearing-impaired community, under the supervision of health professionals (Grenoble Hospital Center / ORL).
ArXiv, 2016
In this paper we present quaternary and ternary routing tracks for FPGAs, and their implementatio... more In this paper we present quaternary and ternary routing tracks for FPGAs, and their implementation in 28nm FDSOI technology. We discuss the transistor level design of multi-valued repeaters, multiplexers and translators, and specific features of FDSOI technology which make it possible. Next we compare the multi-valued routing architectures with equivalent single driver two-valued routing architectures. We show that for long tracks, it is possible to achieve upto 3x reduction in dynamic switching energy, upto 2x reduction in routing wire area and 10% reduction in area dedicated to routing resources. The multi-valued tracks are slightly more susceptible to process variation. We present a layout method for multivalued standard cells and determine the layout overhead.We conclude with various usage scenarios of these tracks.
IEEE Transactions on Information Forensics and Security, 2021
This study investigates a new side-channel leakage observed in the inner rounds of an unrolled ha... more This study investigates a new side-channel leakage observed in the inner rounds of an unrolled hardware implementation of block ciphers in a chosen-input attack scenario. The side-channel leakage occurs in the first round and it can be observed in the later inner rounds because it arises from path activation bias caused by the difference between two consecutive inputs. Therefore, a new attack that exploits the leakage is possible even for unrolled implementations equipped with countermeasures (masking and/or deglitchers that separate the circuit in terms of glitch propagation) in the round involving the leakage. We validate the existence of such a unique side-channel leakage through a set of experiments with a fully unrolled PRINCE cipher hardware, implemented on a field-programmable gate array (FPGA). In addition, we verify the validity and evaluate the hardware cost of a countermeasure for the unrolled implementation, namely the Threshold Implementation (TI) countermeasure.
2018 21st Euromicro Conference on Digital System Design (DSD)
An SR-latch can be regarded as primitive to build a True Random Number Generation (TRNG) or Physi... more An SR-latch can be regarded as primitive to build a True Random Number Generation (TRNG) or Physically Unclonable Function (PUF). Indeed, when the SR inputs of the latch are tied together and go from an unknown state (i.e. S=R=1) to a memory state (i.e. S=R=0), the behaviour depends on the balance between the NAND or NOR gates composing the latch. With the process mismatch, there is a great chance that the latch converges towards the same state, thus creating a PUF equivalent to a SRAM-PUF or latch-PUF. However, if the latch is well-balanced, it can enter a metastable state and converges to a stable state depending on the input noise, thus making a TRNG. In order to make sure some latches are able to behave like a TRNG, and some like a PUF, we consider a set of latches driven by the same SR signal. A test-chip in 28nm UTBB-FDSOI technology has been designed with 1024 latches in order to analyze the behavior. The FD-SOI technology enables easy change of the performances of gates usin...
signal processing integrated circuit representative of a digitized source image defined by pixels... more signal processing integrated circuit representative of a digitized source image defined by pixels, encoded on M bits, arranged in I rows and J columns. The image processing is performed using M sliding windows W1 to WM N rows and P columns not slip by step each pixel along the lines I but offset from each other of 'a line. The treatment is carried out by operators series acting successively on each bit of each of N + M-1 picture elements. The signals may be introduced in series with the contact pads Q wherein Q = N + M-1 or in parallel with contact pads Q where Q is the first multiple of M equal to or otherwise majorises N + M-1, then the integrated circuit further comprising a parallel processing circuit / serial . Application: image processing .
Codes, Cryptology and Information Security
Deployed widely and embedding sensitive data, IoT devices depend on the reliability of cryptograp... more Deployed widely and embedding sensitive data, IoT devices depend on the reliability of cryptographic libraries to protect user information. However when implemented on real systems, cryptographic algorithms are vulnerable to side channel attacks based on their execution behavior, which can be revealed by measurements of physical quantities such as timing or power consumption. Some countermeasures can be implemented in order to prevent those attacks. However those countermeasures are generally designed at high level description, and when implemented, some residual leakage may persist. In this article we propose a methodology to assess the robustness of the MbedTLS library against timing and cache-timing attacks. This comprehensive study of side-channel security allows us to identify the most frequent weaknesses in software cryptographic code and how those might be fixed. This methodology checks the whole source code, from the top level routines to low level primitives, that are used for the final application. We recover hundreds of lines of code that leak sensitive information.
IEEE Transactions on Computers, 2016
Probing attacks are serious threats on integrated circuits. Security products often include a pro... more Probing attacks are serious threats on integrated circuits. Security products often include a protective layer called <italic>shield</italic> that acts like a digital fence. In this article, we demonstrate a new shield structure that is cryptographically secure. This shield is based on the lightweight block cipher and independent mesh lines to ensure the security against probing attacks of the hardware located behind the shield. Such structure can be proven secure against state-of-the-art invasive attacks. Then, we evaluate the impact of active shield on the performance of security IPs as PUF, TRNG, secure clock and AES using a set of fabricated ASICs with <inline-formula> <tex-math notation="LaTeX">$65\;\text{nm}$</tex-math><alternatives> <inline-graphic xlink:href="ngo-ieq1-2584041.gif" xlink:type="simple"/></alternatives></inline-formula> CMOS technology of STMicroelectronics. Also, the impact of active shield on Side-Channel Attack (SCA) is evaluated.
Lecture Notes in Computer Science, 2005
Several types of logic gates suitable for leakage-proof compu- tations have been put forward (1,2... more Several types of logic gates suitable for leakage-proof compu- tations have been put forward (1,2,3,4). This paper describes a method, called "backend duplication" to assemble secured gates into leakage-proof cryptoprocessors. To the authors' knowledge, this article is the first CAD- oriented publication to address all the aspects involved in the backend design of secured hardware. The "backend duplication" method achieves the place-and-route of differential netlists. It allows for 100 % placement density and for balanced routing of dual-rail signals. Wires of every other metal layer are free to make turns. In addition, the method does not re- quire any modification to the design rules passed to the router. The "backend duplication" method has been implemented in 0.13 µ mA SIC technology and successfully tested on various ciphers. The example of the design of a DES module resistant against side-channel attacks is described into details.
Engineering of Reconfigurable Systems and Algorithms, 2009
System On Chip designs commonly use high performance data processing engines able to execute hard... more System On Chip designs commonly use high performance data processing engines able to execute hardwired algorithms. While the performance of these engines heavily relies on the bandwidth of accesses to external memories, traditional cache architectures and algorithms suffer a lack of effectiveness for highly structured data like in 2D or 3D image processing. In a previous work, Mancini and Eveno proposed the nD-AP Cache (n-Dimensional Adaptive and Predictive Cache) in order to target multidimensional data processing. It has been shown that this cache is efficient for applications where data fetches are performed based on the history of data values. Although, the performance depends strongly on the way that the nD-AP Cache running parameters are tuned, no predefined methodology to set these parameters has been proposed before. In this paper, we study the parameters tuning aspect. Then, we compare the efficiency of the nD-AP Cache to three associative caches. Numerical results indicate that 100% improvement in run time performance can be achieved while keeping relatively low hardware cost.
Proceedings of SPIE, 1998
Hardware implementation of perspective transformations on MPEG-4 video objects. [Proceedings of S... more Hardware implementation of perspective transformations on MPEG-4 video objects. [Proceedings of SPIE 3655, 102 (1998)]. Carolina Miro, Anne Lafage, Quynh-LienNguyen-Phuc, Yves Mathieu. Abstract. Within the European ...
2015 International Conference on IC Design & Technology (ICICDT), 2015
The Wave Dynamic Differential Logic (WDDL) offers an effective way to resist Side Channel Attacks... more The Wave Dynamic Differential Logic (WDDL) offers an effective way to resist Side Channel Attacks (SCA). But, it suffers from early propagation and routing imbalance between dual signals. In this paper, we deal first with the EPE problem. We study the security of BCDL logic, which is known to counter early propagation, and we compare it to WDDL logic. We target a custom tree-based FPGA of 2048 cells. Next, we try to solve the routing imbalance problem by performing an adjacent placement and a timing balance driven routing. Side channel analyses are performed on FPGA circuit implementing PRESENT crypto-processor. Experimental results show that both avoiding early propagation and diminishing routing imbalance by controlling placement and routing tools enhance the design security against SCA.
2018 IEEE 3rd International Verification and Security Workshop (IVSW), 2018
The security evaluation of embedded systems becomes clear and mandatory. Up today, the evaluation... more The security evaluation of embedded systems becomes clear and mandatory. Up today, the evaluation process is limited to certification labs that conduct the analysis on real target devices. This requires appropriate measurement platforms and equipment in addition to real chip analysis skills. In this paper, we put forward a pre-silicon evaluation methodology and tools that allow the security verification at an early stage (virtual target) and running it hands in hands with the functional verification. As of today, such approach can be used as new Electronic Design Automation (EDA) tool to properly satisfy the basics of Design for Security (DFS) concept. From a practical viewpoint, we show a study case to illustrate and provide a better understanding of that approach. Moreover, we propose new evaluation metrics based on Signal to Noise Ratio (SNR) computation, and verified on virtual and real targets respectively based on a comparative study. Likewise, the tool identifies vulnerabilites (thereby anticipating complete families of otherwise numerous, complex and many undiscovered attacks), and returns accurate feedack to the user on the precise line of code (LoC) where the vulnerability lays along with its characterization, including an identification of its severity. This allows the design to input source code to the tool, and to get back in return annotated source code with a collection of LoCs which deserve careful analysis and/or subsequent modification aiming at patching vulnerabilities.
Automated Methods in Cryptographic Fault Analysis, 2019
Side-channel and fault injection attacks are renown techniques to extract keys from cryptographic... more Side-channel and fault injection attacks are renown techniques to extract keys from cryptographic devices. Fortunately, leakage reduction and fault detection countermeasures exist and can be implemented right in the source-code. However, source-code level countermeasures might be altered during the compilation process. Design simulation is an effective means to detect such harmful simplifications. This is a well-known methodology to analyze regressions in terms of side-channel leakage. In this chapter, we explain that protections against fault injection attacks are no exception. First of all, we show that vulnerabilities to those attacks can be easily detected by simulation methods. Second, we highlight that simulation techniques are also highly efficient in detecting logic simplifications which destroy (fully or partly) the countermeasures. Thus, the simulationbased methodology we present in this chapter shows that it is possible to decide quickly which compilation options are safe and which ones are detrimental to the security.
Opening the New Technologies of Information and Communication to the disabled people is a questio... more Opening the New Technologies of Information and Communication to the disabled people is a question of increasing interest nowadays. The TELMA project aims at developing software and hardware bricks for a telecommunication terminal (cellular phone) for hearing impaired users. This terminal will be augmented with original audiovisual functionalities. More specifically, the TELMA terminal will exploit the visual modality of speech in two main tasks. On the one hand, visual speech information is used to improve speech enhancement techniques in adverse environment (environmental noise reduction enables the hearing-impaired to better exploit his/her residual acoustic abilities). On the other hand, the terminal will provide analysis/synthesis of lip movements and Cued Speech gestures. The Cued Speech is a face-to-face communication method used by a part of the oralist hearing-impaired community. It is based on the association of lip shapes with cues formed by the hand at specific locations. The TELMA terminal will translate lipreading + Cued Spech towards acoustic speech, and vice-versa, so that hearing-impaired people can communicate between them and with normal hearing people through telephone networks. To associate scientific developments, economic perspectives and efficient integration of disabled people concerns, the project is build on a partnership between universities (INPG and ENST), industrial/service company (France Télécom, R&D division) and potential users from the hearing-impaired community, under the supervision of health professionals (Grenoble Hospital Center / ORL).
ArXiv, 2016
In this paper we present quaternary and ternary routing tracks for FPGAs, and their implementatio... more In this paper we present quaternary and ternary routing tracks for FPGAs, and their implementation in 28nm FDSOI technology. We discuss the transistor level design of multi-valued repeaters, multiplexers and translators, and specific features of FDSOI technology which make it possible. Next we compare the multi-valued routing architectures with equivalent single driver two-valued routing architectures. We show that for long tracks, it is possible to achieve upto 3x reduction in dynamic switching energy, upto 2x reduction in routing wire area and 10% reduction in area dedicated to routing resources. The multi-valued tracks are slightly more susceptible to process variation. We present a layout method for multivalued standard cells and determine the layout overhead.We conclude with various usage scenarios of these tracks.
IEEE Transactions on Information Forensics and Security, 2021
This study investigates a new side-channel leakage observed in the inner rounds of an unrolled ha... more This study investigates a new side-channel leakage observed in the inner rounds of an unrolled hardware implementation of block ciphers in a chosen-input attack scenario. The side-channel leakage occurs in the first round and it can be observed in the later inner rounds because it arises from path activation bias caused by the difference between two consecutive inputs. Therefore, a new attack that exploits the leakage is possible even for unrolled implementations equipped with countermeasures (masking and/or deglitchers that separate the circuit in terms of glitch propagation) in the round involving the leakage. We validate the existence of such a unique side-channel leakage through a set of experiments with a fully unrolled PRINCE cipher hardware, implemented on a field-programmable gate array (FPGA). In addition, we verify the validity and evaluate the hardware cost of a countermeasure for the unrolled implementation, namely the Threshold Implementation (TI) countermeasure.
2018 21st Euromicro Conference on Digital System Design (DSD)
An SR-latch can be regarded as primitive to build a True Random Number Generation (TRNG) or Physi... more An SR-latch can be regarded as primitive to build a True Random Number Generation (TRNG) or Physically Unclonable Function (PUF). Indeed, when the SR inputs of the latch are tied together and go from an unknown state (i.e. S=R=1) to a memory state (i.e. S=R=0), the behaviour depends on the balance between the NAND or NOR gates composing the latch. With the process mismatch, there is a great chance that the latch converges towards the same state, thus creating a PUF equivalent to a SRAM-PUF or latch-PUF. However, if the latch is well-balanced, it can enter a metastable state and converges to a stable state depending on the input noise, thus making a TRNG. In order to make sure some latches are able to behave like a TRNG, and some like a PUF, we consider a set of latches driven by the same SR signal. A test-chip in 28nm UTBB-FDSOI technology has been designed with 1024 latches in order to analyze the behavior. The FD-SOI technology enables easy change of the performances of gates usin...
signal processing integrated circuit representative of a digitized source image defined by pixels... more signal processing integrated circuit representative of a digitized source image defined by pixels, encoded on M bits, arranged in I rows and J columns. The image processing is performed using M sliding windows W1 to WM N rows and P columns not slip by step each pixel along the lines I but offset from each other of 'a line. The treatment is carried out by operators series acting successively on each bit of each of N + M-1 picture elements. The signals may be introduced in series with the contact pads Q wherein Q = N + M-1 or in parallel with contact pads Q where Q is the first multiple of M equal to or otherwise majorises N + M-1, then the integrated circuit further comprising a parallel processing circuit / serial . Application: image processing .
Codes, Cryptology and Information Security
Deployed widely and embedding sensitive data, IoT devices depend on the reliability of cryptograp... more Deployed widely and embedding sensitive data, IoT devices depend on the reliability of cryptographic libraries to protect user information. However when implemented on real systems, cryptographic algorithms are vulnerable to side channel attacks based on their execution behavior, which can be revealed by measurements of physical quantities such as timing or power consumption. Some countermeasures can be implemented in order to prevent those attacks. However those countermeasures are generally designed at high level description, and when implemented, some residual leakage may persist. In this article we propose a methodology to assess the robustness of the MbedTLS library against timing and cache-timing attacks. This comprehensive study of side-channel security allows us to identify the most frequent weaknesses in software cryptographic code and how those might be fixed. This methodology checks the whole source code, from the top level routines to low level primitives, that are used for the final application. We recover hundreds of lines of code that leak sensitive information.
IEEE Transactions on Computers, 2016
Probing attacks are serious threats on integrated circuits. Security products often include a pro... more Probing attacks are serious threats on integrated circuits. Security products often include a protective layer called <italic>shield</italic> that acts like a digital fence. In this article, we demonstrate a new shield structure that is cryptographically secure. This shield is based on the lightweight block cipher and independent mesh lines to ensure the security against probing attacks of the hardware located behind the shield. Such structure can be proven secure against state-of-the-art invasive attacks. Then, we evaluate the impact of active shield on the performance of security IPs as PUF, TRNG, secure clock and AES using a set of fabricated ASICs with <inline-formula> <tex-math notation="LaTeX">$65\;\text{nm}$</tex-math><alternatives> <inline-graphic xlink:href="ngo-ieq1-2584041.gif" xlink:type="simple"/></alternatives></inline-formula> CMOS technology of STMicroelectronics. Also, the impact of active shield on Side-Channel Attack (SCA) is evaluated.
Lecture Notes in Computer Science, 2005
Several types of logic gates suitable for leakage-proof compu- tations have been put forward (1,2... more Several types of logic gates suitable for leakage-proof compu- tations have been put forward (1,2,3,4). This paper describes a method, called "backend duplication" to assemble secured gates into leakage-proof cryptoprocessors. To the authors' knowledge, this article is the first CAD- oriented publication to address all the aspects involved in the backend design of secured hardware. The "backend duplication" method achieves the place-and-route of differential netlists. It allows for 100 % placement density and for balanced routing of dual-rail signals. Wires of every other metal layer are free to make turns. In addition, the method does not re- quire any modification to the design rules passed to the router. The "backend duplication" method has been implemented in 0.13 µ mA SIC technology and successfully tested on various ciphers. The example of the design of a DES module resistant against side-channel attacks is described into details.
Engineering of Reconfigurable Systems and Algorithms, 2009
System On Chip designs commonly use high performance data processing engines able to execute hard... more System On Chip designs commonly use high performance data processing engines able to execute hardwired algorithms. While the performance of these engines heavily relies on the bandwidth of accesses to external memories, traditional cache architectures and algorithms suffer a lack of effectiveness for highly structured data like in 2D or 3D image processing. In a previous work, Mancini and Eveno proposed the nD-AP Cache (n-Dimensional Adaptive and Predictive Cache) in order to target multidimensional data processing. It has been shown that this cache is efficient for applications where data fetches are performed based on the history of data values. Although, the performance depends strongly on the way that the nD-AP Cache running parameters are tuned, no predefined methodology to set these parameters has been proposed before. In this paper, we study the parameters tuning aspect. Then, we compare the efficiency of the nD-AP Cache to three associative caches. Numerical results indicate that 100% improvement in run time performance can be achieved while keeping relatively low hardware cost.
Proceedings of SPIE, 1998
Hardware implementation of perspective transformations on MPEG-4 video objects. [Proceedings of S... more Hardware implementation of perspective transformations on MPEG-4 video objects. [Proceedings of SPIE 3655, 102 (1998)]. Carolina Miro, Anne Lafage, Quynh-LienNguyen-Phuc, Yves Mathieu. Abstract. Within the European ...
2015 International Conference on IC Design & Technology (ICICDT), 2015
The Wave Dynamic Differential Logic (WDDL) offers an effective way to resist Side Channel Attacks... more The Wave Dynamic Differential Logic (WDDL) offers an effective way to resist Side Channel Attacks (SCA). But, it suffers from early propagation and routing imbalance between dual signals. In this paper, we deal first with the EPE problem. We study the security of BCDL logic, which is known to counter early propagation, and we compare it to WDDL logic. We target a custom tree-based FPGA of 2048 cells. Next, we try to solve the routing imbalance problem by performing an adjacent placement and a timing balance driven routing. Side channel analyses are performed on FPGA circuit implementing PRESENT crypto-processor. Experimental results show that both avoiding early propagation and diminishing routing imbalance by controlling placement and routing tools enhance the design security against SCA.