SAN FRANCISCO Circuit designers needs to defend against security breaches in digital systems, according to panelists at the International Solid State Circuits Conference. The panel brought together algorithm experts and hardware specialists.
"Security is only as strong as the weakest link in the system," said Ingrid Verbauwhede, professor at Katholieke Universiteit Leuve (Belgium). "Mathematically very strong algorithms have been and are being developed. However, if the key leaks from the integrated circuit, this will be the weakest link," Verbauwhede said. Delay, power consumption or photon emissions provide clues to hackers sufficient to crack many cryptosystems.
Recent AES algorithm and the older DES and triple-DES algorithms need to be integrated into ultra-low power applications such as RFID tags or extremely high-throughput applications such as Gigabit IP routers. At the same time, area and power costs should be as low as possible for customers unwilling to pay extra for security, said Verbauwhede.
Security requirements are growing. In 2005 and 2006, nearly one third of U.S. residents had personal or financial data compromised. What's more, secure systems define the digital economy. Music and software piracy siphons tens of billions of dollars annually from copyright holders. Poorly designed digital rights management schemes anger consumers and expose computers to viruses.
Individuals also require secure communications for privacy, which is being increasingly challenged as governments monitor their own citizens, said panel moderator Norman Rohrer, distinguished engineer in IBM Corp.'s System and Technology Group (Essex Junction, Vt.).
Recent advances in hardware design are dramatically improving the cost, speed, and power of cryptographic hardware. Given a long enough key, these systems generally cannot be broken by brute force.
"However, digital systems are vulnerable to side-channel attacks that deduce information by monitoring side effects of the encryption process," said Rohrer.
Cetin Kaya Koc, a professor at Oregon State University said hardware for public-key cryptography has a long way to go, "requiring advanced algorithms and design techniques in order to satisfy the requirements of the current mobile computing and communication devices as well as large systems such as IPSec routers and SSL servers."
Traditional cryptographic analysis views an implementation as a black box and assumes that the
only information available to an attacker comes from the inputs and outputs of the black box, said
Pankaj Rohatgi, a research staff member in the Internet Security group at IBM's T. J. Watson Research Center (Yorktown Heights, N.Y.). "Under this assumption, most implementations that use well-known cryptographic algorithms are secure provided that sufficiently large key sizes are used."
Added Rohatgi: "Most cryptographic implementations can be easily broken using side-channel information unless measures are explicitly taken to eliminate or mitigate this information leakage."
One solution is to develop a secure ASIC. Chris Curren, chief engineer at EmbedICs (El Segundo, Calif.) said development of a secure ASIC is continually evolving: "Developers continue to refine their countermeasures and leverage improvements in microelectronic technology, and attackers readily share information and learn from prior exploits."
The architecture and implementation of a high volume, secure ASIC must use the most advanced security principles and technologies in an effort to stay ahead of adversaries while balancing the needs for manufacturability, maintainability and cost, said Curren.
EmbedICs has developed ASIC designs ranging from high-volume, commercial security applications to low-volume, high-value applications qualified for government use.