C Ryptography and C Ryptanalysis on R Econfigurable D

With the rise of the Internet, the number of information processing systems has significantly increased in many fields of daily life. To enable commodity products to communicate, socalled embedded computing systems are integrated into these products. However, many of these small systems need to satisfy strict application requirements with respect to cost-efficiency and performance. In some cases, such a system also needs to drive cryptographic algorithms for maintaining data security – but without significantly impacting the overall system performance. With these constraints, most small microprocessors, which are typically employed in embedded systems, cannot provide the necessary number of cryptographic computations. Dedicated hardware is required to handle such computationally challenging cryptography. This thesis presents novel hardware implementations for use in cryptography and cryptanalysis. The first contribution of this work is the development of novel high-performance implementations for symmetric and asymmetric cryptosystems on reconfigurable hardware. More precisely, most presented architectures target hardware devices known as Field Programmable Gate Arrays (FPGAs) which consist of a large number of generic logic elements that can be dynamically configured and interconnected to build arbitrary circuits. The novelty of this work is the usage of dedicated arithmetic function cores – available in some modern FPGA devices – for cryptographic hardware implementations. These arithmetic functions cores (also denoted as DSP blocks) were originally designed to improve filtering functions in Digital Signal Processing (DSP) applications. The thesis at hand investigates how these embedded function cores can be used to significantly accelerate the operation of symmetric block ciphers such as AES (FIPS 197 standard) as well as asymmetric cryptography, e.g., Elliptic Curve Cryptography (ECC) over NIST primes (FIPS 186-2/3 standard). Graphics Processing Units (GPU) on modern graphics cards provide computational power exceeding that of most recent CPU generations. In addition to FPGAs, this work also demonstrates how graphics cards can be used for high performance asymmetric cryptography. For the first time in open literature, the standardized asymmetric cryptosystem RSA (PKCS #1) and ECC over the NIST prime P-224 are implemented on an NVIDIA 8800 GTS graphics card, making use of the Compute Uniform Device Architecture (CUDA) programming model. A second aspect of this thesis is cryptanalysis based on FPGA-based hardware architectures. All cryptographic methods involve an essential trade-off between efficiency and security margin, i.e., a higher security requires more (and more complex) computations leading to degraded performance of the cryptosystem. Hence, to maintain efficiency, the designer of a cryptosystem must carefully adapt the security margin according to the computational power of a potential attacker with high but limited computing resources. It is therefore essential to determine the cost performing an attack on a cryptosystem as precisely as possible using a concrete metric like the required financial costs to attack a specific cryptographic setup. In this context, another contribution of this thesis is the design and enhancement of an FPGA-based cluster platform (COPACOBANA) which was developed to provide a computational platform with optimal cost-performance ratio for cryptanalytic applications. COPACOBANA is used to mount brute-force and advanced attacks on the weak DES cryptosystem, which was the worldwide and long-lasting standard for block ciphers (FIPS 46-3 standard) until superseded by AES. Due to its popularity for many years, various legacy and recent products still rely on the security of DES. As an example, a class of recent one-time password token generators are broken in this work. Furthermore, this thesis discusses attacks on the Elliptic Curve Discrete Logarithm Problem (ECDLP) used in context with ECC cryptosystems as well as Factorization Problem (FP), which is the basis for the well-known RSA system. A third and last contribution of this thesis considers the protection of reconfigurable systems themselves and contained security-related components. Typically, logical functions in FPGAs are dynamically configured from SRAM cells and lookup tables used as function generators. Since the configuration is loaded at startup and also can be modified during runtime, an attacker can easily compromise the functionality of the hardware circuit. This is particularly critical for security related functions in the logical elements of an FPGA, e.g., the attacker could be able to extract secret information stored in the FPGA just by manipulating its configuration. As a countermeasure, FPGA vendors already allow the use of encrypted configuration files with some devices to prevent unauthorized tampering of circuit components. However, in practical scenarios the secure installation of secret keys required for configuration decryption by the FPGA is an issue left to the user to solve. This work presents an efficient solution for this problem which hardly requires any changes to the architecture of recent FPGA devices. Finally, this thesis presents a solution on how to install a trustworthy security kernel – also known as Trusted Platform Module (TPM) – within the dynamic configuration of an FPGA. A major advantage of this approach with respect to the PC domain is the prevention of bus eavesdropping between TPM and application since all functionality is encapsulated in a Systemon-a-Chip (SoC) architecture. Additionally, the functionality of the TPM can easily be extended or updated in case a security component has been compromised without need to replace the entire chip or product.