250 likes | 496 Views
AES Core Verification using Bounded Model Checking and SAT. EECS 578 Final Project Phil Nevius Paul Lee Vashist Vasanthakumar. Agenda. Motivation Intro to AES Core Application of BMC SAT solver Properties Results Conclusion Future Work. Motivation.
E N D
AES Core Verification using Bounded Model Checkingand SAT EECS 578 Final Project Phil Nevius Paul Lee Vashist Vasanthakumar
Agenda • Motivation • Intro to AES Core • Application of BMC • SAT solver • Properties • Results • Conclusion • Future Work
Motivation • Cryptography: The study of keeping secrets • Authentication using encrypted tokens • Side Channel Attacks to Security Processors AES Core DES Core • To protect against organized crime – Russian Mafia • Cryptography: The study of keeping secrets • Authentication using encrypted tokens • Side Channel Attacks to Security Processors AES Core DES Core • To protect against organized crime – Russian Mafia DES Cracking Machine
Intro to AES • Advanced Encryption Standard • Based on “Rijndael,” a cipher developed by Joan Daemen and Vincent Rijmen • Adopted for use by US Government May 26, 2002 • AES advantages: • Fast in both hardware and software • Easy implementation • Requires little memory • AES has fixed block size of 128 bits, and key size of 128, 192, or 256 bits. • Public products use keys of 128 bits • Top secret files use more bits
AES Operation • 4x4 array of bytes forms the state in a 128 bit data block • Each round of encryption consists of 4 stages: • AddRoundKey • SubBytes • ShiftRows • MixColumns • 128 bit keys have 10 rounds of encryption, while 256 bit keys have up to 14 rounds of encryption
affine transformation: b‘, b, and c are 8 bit arrays and c is 01100011 Sub Bytes • Each byte in array updated using 8-bit S-Box look-up table • S-box derived by applying affine transformation to multiplicative inverse of GF(28) • Ensures non-linearity and protection from algebraic property attacks
Shift Rows • Shift rows to the left • Top row unchanged • 2nd row shifts by offset of 1 • 3rd row shifts by offset of 2 • 4th row shifts by offset of 3
Mix Columns • 4 bytes of each column combined using linear transformation to generate 4 byte output • Each column treated as a polynomial over GF(28) • Multiply column modulo x4 + 1 with a fixed polynomial c(x) = 3x3 + x2 + x + 2 • Provides diffusion (redundancy dissipated into cipher)
Add Round Key • For each round, a subkey is expanded from the main key using the key schedule • Key schedule expands key using functions: • Rotate • Rcon (exponentiation of 2 to user-specified value) • S-box replacements • Key schedule core operation to iterate and shuffle key • Each subkey is the same size as the state. • Each byte of subkey is combined with each corresponding byte of the state with using bitwise XOR.
Scan Chain Background • Scan chain based design-for-test • Connect all registers in a design serially, clock test values in and out using a special test clock • Scan test patterns/results in and out to detect manufacturing defects • Boundary Scan Standard: IEEE/ANSI JTAG 1149.1 • Designed for board-level test, applied to on-chip scan chain http://www.engr.udayton.edu/faculty/jloomis/ece446/notes/jtag/jtag1.html
Scan Chain Security • Security of encryption algorithm measured based on unknown intermediate steps • Scan chain allows an attacker to read out and analyze intermediate states between rounds • Vastly reduces input space needed to crack AES (2^128 to 544) • A scan-chain including registers which hold the secret key could reveal the key itself (!)
Securing the Scan Chain • Physical disconnection of scan chain in factory after test • “Security fuses” added to scan chain outputs • “Scrambled” scan chain architecture • Bit order is changed to make intermediate round outputs/key registers harder to identify • Encrypted scan chain architecture • Add an encryption block to the end of the scan chain • Mirror-key register architecture • Don't allow the real key bits to load in test mode
Secure Scan Architecture Mirror Key Architecture: “Scrambled” Architecture: AES Core scan_in scan_out key[124] key[126] key[127] key[125] key[123]
Other Security Issues • Differential Power Analysis • Power consumption of circuits depends on input bits • Monitor spikes in power consumption over many encoding operations (control input message text) • The secret key can be backed out using statistics • Time of execution • Can vary with data if AES is implemented using a microcontroller (different branch conditions) • Not an issue for crypto-core (Encoding always takes 11 cycles) • Physical package security • De-packaged processor can have internal nets probed/set
Security Testing with BMC • We would like to formally prove that our AES design is secure before shipping it • BMC will be applied to simple security properties as a security verification proof-of-concept • Scan Chain Security Verification • Test to ensure key doesn't appear on scan-chain out • Test flow with insecure chain and secure “scrambled” chain • Edge-counting Verilog code has been added to the AES core • Allows us to test variation in # transitions/resistance to DPA
AES Verification Flow Synthesis Testbench simulation before synthesis Code Unrolling SATisfiablity using SAT solvers Verilog2CNF Write Properties
Bounded Model Checking • “Unroll” register-based logic into pure combinational logic • Copy circuit n-times for n-cycles of property verification • Connect next state outputs of n-1th cycle copy to nth cycle current state inputs, remove register from design • Monitor all n copies of system outputs for property violation • After unrolling and register removal, the structural Verilog circuit description is converted into CNF using Verilog2CNF • Properties are added to the output CNF manually and SAT runs on the circuit/property combination
Bounded Model Checking module (input_0, output_0, input_1, output_1, last_0); input input_0, input_1; output output_0, output_1; wire last_0, last_1; AND2 (.A(input_0), .B(last_0), .Z(output_0) ); BUF ( .A(output_0), .Z(last_1) ); AND2 (.A(input_1), .B(last_1), .Z(output_1) ); BUF ( .A(output_1), .Z(last_2) ); endmodule; module (input, output); input input; output output; wire last; AND2 (.A(input), .B(last), .Z(output) ); DFF (.D(output), .Q (last) ); endmodule;
BMC Implementation • A Perl script was developed that automatically unrolls a flat structural Verilog file (GTECH generic gates) • Works with complete synthesized AES core • Performs all register code replacement and renaming • User selects # of cycles deep to unroll to for BMC • Verilog2CNF was sourced from Prof. Bertacco • Modified to handle XNOR4 gates found in AES core • ZChaff was used to run SAT on circuit CNF/property files • Successfully completes SAT for AES core with scan chain
Edge Counting Technique • Count edge transitions of selected logic • Observe total number of transitions between “load” high and “done” high • If( total transitions < 10 % of maximum trans.) do nothing else set not_secure bit to 1 • Make it secure by adding dummy transitions • Total number of transitions is constant
Scan Chain Security Properties • A Perl script was developed that automatically inserts a scan chain into a structural Verilog design • To reduce BMC cycle unrolling depth a subsection of the key loading registers was placed by hand into a 5 register scan chain • A secure “scrambled” version of this chain was also produced • A shift-register/XNOR structure on the scan output sets a single bit high if the key section is appears on the scan chain output AES Core insecure_bit == key[127:123] scan_in 5-bit Shift Register key[127] key[126] key[125] key[124] key[123]
SAT Solving Using CNF • Not_Secure bit added to the code • For both Edge Counting and Scan Chain Cases • Properties to verify whether Not_Secure bit is true • Properties added to the end of the CNF file • Based on the Verilog2CNF converter's map file • zChaff SAT solver used • zChaff is a SAT solver from Princeton • Medal Winner of SAT competitions
Results • Smaller test cases (To verify flow) • Properties proven for smaller blocks like Rcon • Scan chain proves to be insecure • Possible to view the key through scan chain • Unclear if this is a bug in property/flow or scan chain • Edge Counting had problems in synthesis • Works for simulation before synthesis
Future Work • Complete BMC flow application to proving scan-chain security • Implement mirror key secure scan chain and verify security with BMC flow • Debug synthesis of AES core and apply BMC flow to edge-counting property