IEEE Solid-State Circuits Magazine - Fall 2017 - 45

tamper-resistant piece of software.
It is used when no hardware crypto-
graphic module or trusted element
is available. Mathematically, most
white box schemes are broken, but
specific applications such as digital
rights management still make use of
white box cryptography. However,
this topic will not be further dis-
cussed here.

Future Attacker Models
In the future, we expect that the capa-
bilities of attackers will improve and
that we will evolve from a gray box
testing model toward an immersed
model, as shown in Figure. 3. The IoT
is a complex system with lightweight,
resource-constrained devices at the
edge. These devices communicate
with each other and with mobile por-
table devices, such as phones, per-
sonal computers, lap tops, etc. At the
center, cloud computing and serv-
ers provide extraordinary compute
power to all.
So far, in the gray box model, we
assume that an attacker observes one
device or one communication link at
a time. In the immersed model, we
assume that multiple nodes supported
by malicious servers or botnets can
conspire to attack one poor IoT device.
Thus, besides providing protection
with strong cryptographic algorithms
and strong physical defenses against
side-channel attacks, we also need
strong cryptographic protocols that
protect a system even if individual
nodes fail. In this context, we see
many interesting research challenges.
Because electronics are immersed
into the environment, we need strong
roots of trust. These roots of trust will
be in hardware, they need to be mini-
mal in size, and there should be some
explicit proof that one can trust them.
Included in this set will be physi-
cally unclonable functions to derive
device-specific keys and embedded
true-random-number generators that
can resist a wide range of attacks. Sec-
ond, there is a need to develop more
hardware circuits to support software
security and provide, for instance,

In the immersed model, we assume that
multiple nodes supported by malicious servers
or botnets can conspire to attack one poor
IoT device.
control flow integrity, software integ-
rity, remote attestation, and so on. A
third challenge is the development of
quantum computers. Major classes of
current public key algorithms based
on RSA and elliptic curves will be
broken if/when quantum computers
appear. Mathematicians are develop-
ing a new generation of algorithms,
but the challenge for the digital hard-
ware designer is to implement them,
including all current software, side-
channel, and fault attack counter-
measures. Also lacking currently is
support for security by design meth-
ods and tools.
To conclude, the future of secure
digital hardware design will require
a complex interaction among digital
circuit design, computer arithmetic,
cryptography, and evolving technol-
ogy. And, while in the past, we wor-
ried only about energy and power
minimization, we now have to face
the additional constraint that our cir-
cuits need to be resistant to a wide
range of attacks.

References

[1] D. J. Bernstein. (2004). Cache-timing at-
tacks on AES. [Online]. Available: https://
cr.yp.to/papers.html#cachetiming
[2] D. Boneh, R. DeMillo, and R. Lipton, "On
the importance of eliminating errors in
cryptographic computations," J. Cryptol.,
vol. 14, no. 2, pp. 101-119, Mar. 2001.
[3] N. P. Smart, Ed. ENISA. (2014). Algorithms,
key size and parameters report. [Online].
Available: https://www.enisa.europa.eu/
publications/algorithms-key-size-and-
parameters-report-2014
[4] N. Homma, Y. Hayashi, N. Miura, D. Fu-
jimoto, M. Nagata, and T. Aoki, "Design
methodology and validity verification
for a reactive countermeasure against
em attacks," J. Cryptol., vol. 30, no. 2, pp.
373-391, 2017.
[5] D. Karaklajic, J. Schmidt, and I. Verbau-
whede, "Hardware designer's guide to
fault attacks," IEEE Trans. Very Large Scale
Integration Syst., vol. 21, no. 12, pp. 2295-
2306, 2013.
[6] P. Maene, J. Goetzfried, R. de Clercq, T.
Mueller, F. Freiling, and I. Verbauwhede,
"Hardware-based trusted computing archi-
tectures for isolation and attestation," IEEE
Trans. Computers, 2017, to be published.

[7] O. Reparaz, J. Balasch, and I. Verbau-
whede, "Dude, is my code constant time?"
in Proc. Conf. Design, Automation and Test
in Europe, 2017, p. 6.
[8] O. Reparaz, B. Bilgin, B. Gierlichs, S. Niko-
va, and I. Verbauwhede, "Consolidating
masking schemes," in Advances in Cryptology, Lecture Notes in Computer Science,
vol. 9215, R. Gennaro, and M. J. Robshaw,
Eds. New York: Springer-Verlag, 2015, pp.
764-783.
[9] V. Rozic, O. Reparaz, and I. Verbauwhede,
"A 5.1μJ per point-multiplication elliptic
curve cryptographic processor," Int. J.
Circuit Theory Applicat. vol. 45, no. 2, pp.
170-187, 2016.
[10] S. Gueron. (2012, Aug. 2). Intel advanced
encryption standard (Intel AES) instruc-
tions set-Rev 3.01. [Online]. Available:
https://soft ware.intel.com/en-us/ar-
ticles/intel-advanced-encryption-stan-
dard-aes-instructions-set
[11] S. Satpathy, S. Mathew, V. Suresh, M.
Anders, H. Kaul, A. Agarwal, S. Hsu,
G. K. Chen, and R. Krishnamurthy,
"250mV-950mV 1.1Tbps/W double-affine
mapped Sbox based composite-field
SMS4 encrypt/decrypt accelerator in
14nm tri-gate CMOS," in Proc. VLSI Circuits, 2016.
[12] K. Tiri and I. Verbauwhede, "A digital de-
sign flow for secure integrated circuits,"
IEEE Trans. Computer-Aided Design Integrated Circuits Syst., vol. 25, no. 7, pp.
1197-1208, 2006.

About the Author
Ingrid Verbauwhede (ingrid.verbau-
whede@esat.kuleuven.be) heads the
embedded systems and hardware
team of the research group COSIC at
the KU Leuven in Belgium. She is an
adjunct professor in the Electrical
Engineering Department at the Uni-
versity of California, Los Angeles,
and a member of the Royal Academy
of Belgium for Science and the Arts.
She received a European Research
Council Advanced grant in 2016, as
well as the 2017 IEEE Computer Soci-
ety Technical Achievement Award.
She is a pioneer in the field of effi-
cient and secure implementations of
cryptographic algorithms in embed-
ded contexts on application-specific
ICs, field-programmable gate arrays,
and embedded software.

IEEE SOLID-STATE CIRCUITS MAGAZINE

FA L L 2 0 17

45
https://software.intel.com/en-us/ar http://https:// http://cr.yp.to/papers.html#cachetiming https://www.enisa.europa.eu/
Table of Contents for the Digital Edition of IEEE Solid-State Circuits Magazine - Fall 2017
