Via Padlock : Security and Usability Evaluation
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Rigorous Cache Side Channel Mitigation Via Selective Circuit Compilation
RiCaSi: Rigorous Cache Side Channel Mitigation via Selective Circuit Compilation B Heiko Mantel, Lukas Scheidel, Thomas Schneider, Alexandra Weber( ), Christian Weinert, and Tim Weißmantel Technical University of Darmstadt, Darmstadt, Germany {mantel,weber,weissmantel}@mais.informatik.tu-darmstadt.de, {scheidel,schneider,weinert}@encrypto.cs.tu-darmstadt.de Abstract. Cache side channels constitute a persistent threat to crypto implementations. In particular, block ciphers are prone to attacks when implemented with a simple lookup-table approach. Implementing crypto as software evaluations of circuits avoids this threat but is very costly. We propose an approach that combines program analysis and circuit compilation to support the selective hardening of regular C implemen- tations against cache side channels. We implement this approach in our toolchain RiCaSi. RiCaSi avoids unnecessary complexity and overhead if it can derive sufficiently strong security guarantees for the original implementation. If necessary, RiCaSi produces a circuit-based, hardened implementation. For this, it leverages established circuit-compilation technology from the area of secure computation. A final program analysis step ensures that the hardening is, indeed, effective. 1 Introduction Cache side channels are unintended communication channels of programs. Cache- side-channel leakage might occur if a program accesses memory addresses that depend on secret information like cryptographic keys. When these secret-depen- dent memory addresses are loaded into a shared cache, an attacker might deduce the secret information based on observing the cache. Such cache side channels are particularly dangerous for implementations of block ciphers, as shown, e.g., by attacks on implementations of DES [58,67], AES [2,11,57], and Camellia [59,67,73]. -
Siderand: a Heuristic and Prototype of a Side-Channel-Based Cryptographically Secure Random Seeder Designed to Be Platform- and Architecture-Agnostic
SideRand: A Heuristic and Prototype of a Side-Channel-Based Cryptographically Secure Random Seeder Designed to Be Platform- and Architecture-Agnostic JV ROIG, Advanced Research Center – Asia Pacific College Generating secure random numbers is vital to the security and privacy infrastructures we rely on today. Having a computer system generate a secure random number is not a trivial problem due to the deterministic nature of computer systems. Servers commonly deal with this problem through hardware-based random number generators, which can come in the form of expansion cards, dongles, or integrated into the CPU itself. With the explosion of network- and internet-connected devices, however, the problem of cryptography is no longer a server-centric problem; even small devices need a reliable source of randomness for cryptographic operations – for example, network devices and appliances like routers, switches and access points, as well as various Internet-of-Things (IoT) devices for security and remote management. This paper proposes a software solution based on side-channel measurements as a source of high- quality entropy (nicknamed “SideRand”), that can theoretically be applied to most platforms (large servers, appliances, even maker boards like RaspberryPi or Arduino), and generates a seed for a regular CSPRNG to enable proper cryptographic operations for security and privacy. This paper also proposes two criteria – openness and auditability – as essential requirements for confidence in any random generator for cryptographic use, and discusses how SideRand meets the two criteria (and how most hardware devices do not). CCS Concepts: • Security and privacy → Cryptography KEYWORDS Cryptographically secure random number generation; side-channel based CSPRNG 1 INTRODUCTION 1.1 Generating Random Numbers for Privacy and Security The ability to generate strong random numbers is essential to cryptography, and central to security and privacy in the IT world. -
MICROPROCESSOR REPORT the INSIDERS’ GUIDE to MICROPROCESSOR HARDWARE Slot Vs
VOLUME 12, NUMBER 1 JANUARY 26, 1998 MICROPROCESSOR REPORT THE INSIDERS’ GUIDE TO MICROPROCESSOR HARDWARE Slot vs. Socket Battle Heats Up Intel Prepares for Transition as Competitors Boost Socket 7 A A look Look by Michael Slater ship as many parts as they hoped, especially at the highest backBack clock speeds where profits are much greater. The past year has brought a great deal The shift to 0.25-micron technology will be central to of change to the x86 microprocessor 1998’s CPU developments. Intel began shipping 0.25-micron A market, with Intel, AMD, and Cyrix processors in 3Q97; AMD followed late in 1997, IDT plans to LookA look replacing virtually their entire product join in by mid-98, and Cyrix expects to catch up in 3Q98. Ahead ahead lines with new devices. But despite high The more advanced process technology will cut power con- hopes, AMD and Cyrix struggled in vain for profits. The sumption, allowing sixth-generation CPUs to be used in financial contrast is stark: in 1997, Intel earned a record notebook systems. The smaller die sizes will enable higher $6.9 billion in net profit, while AMD lost $21 million for the production volumes and make it possible to integrate an L2 year and Cyrix lost $6 million in the six months before it was cache on the CPU chip. acquired by National. New entrant IDT added another com- The processors from Intel’s challengers have lagged in petitor to the mix but hasn’t shipped enough products to floating-point and MMX performance, which the vendors become a significant force. -
World's First High- Performance X86 With
World’s First High- Performance x86 with Integrated AI Coprocessor Linley Spring Processor Conference 2020 April 8, 2020 G Glenn Henry Dr. Parviz Palangpour Chief AI Architect AI Software Deep Dive into Centaur’s New x86 AI Coprocessor (Ncore) • Background • Motivations • Constraints • Architecture • Software • Benchmarks • Conclusion Demonstrated Working Silicon For Video-Analytics Edge Server Nov, 2019 ©2020 Centaur Technology. All Rights Reserved Centaur Technology Background • 25-year-old startup in Austin, owned by Via Technologies • We design, from scratch, low-cost x86 processors • Everything to produce a custom x86 SoC with ~100 people • Architecture, logic design and microcode • Design, verification, and layout • Physical build, fab interface, and tape-out • Shipped by IBM, HP, Dell, Samsung, Lenovo… ©2020 Centaur Technology. All Rights Reserved Genesis of the AI Coprocessor (Ncore) • Centaur was developing SoC (CHA) with new x86 cores • Targeted at edge/cloud server market (high-end x86 features) • Huge inference markets beyond hyperscale cloud, IOT and mobile • Video analytics, edge computing, on-premise servers • However, x86 isn’t efficient at inference • High-performance inference requires external accelerator • CHA has 44x PCIe to support GPUs, etc. • But adds cost, power, another point of failure, etc. ©2020 Centaur Technology. All Rights Reserved Why not integrate a coprocessor? • Very low cost • Many components already on SoC (“free” to Ncore) Caches, memory, clock, power, package, pins, busses, etc. • There often is “free” space on complex SOCs due to I/O & pins • Having many high-performance x86 cores allows flexibility • The x86 cores can do some of the work, in parallel • Didn’t have to implement all strange/new functions • Allows fast prototyping of new things • For customer: nothing extra to buy ©2020 Centaur Technology. -
MPR Article Template
CENTAUR ADDS AI TO SERVER PROCESSOR First x86 SoC to Integrate Deep-Learning Accelerator By Linley Gwennap (December 2, 2019) ................................................................................................................... Centaur is galloping back into the x86 market with Centaur Technology has designed x86 CPUs and pro- an innovative processor design that combines eight high- cessors for Via for more than 20 years, but we’ve heard little performance CPUs with a custom deep-learning accelerator from the Texan design shop since the debut of the dual-core (DLA). The company is the first to announce a server- Nano X2, which was built in a leading-edge 40nm process processor design that integrates a DLA. The new accelerator, (see MPR 1/24/11, “Via Doubles Down at CES”). Henry, called Ncore, delivers better neural-network performance who managed the company since its inception, recently than even the most powerful Xeon, but without incurring handed the reins to new president Al Loper, another long- the high cost of an external GPU card. The Via Technologies time Centaurian. Henry, boasting 50 years of CPU-design subsidiary began testing the silicon in September; we esti- experience, continues as the company’s AI architect. mate the first products based on this design could enter pro- duction in 2H20, although Via has disclosed no product One Tractor Pulling 4,096 Trailers plans. When designing the Ncore accelerator, Centaur was con- Ncore, which operates as a coprocessor, avoids the cerned that the rapid pace of neural-network evolution vogue MAC array, instead relying on a more traditional pro- grammable SIMD engine. But Centaur took the multiple in 4x DDR4 To other CHA SIMD to the extreme, designing a unit that processes 4,096 bytes in parallel to achieve peak performance of 20 trillion operations per second (TOPS) for 8-bit integers (INT8). -
Cryptoprocessing on the Arduino
View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by NORA - Norwegian Open Research Archives Cryptoprocessing on the Arduino Protecting user data using affordable microcontroller development kits Stig Tore Johannesen Master of Science in Informatics Submission date: August 2014 Supervisor: Guttorm Sindre, IDI Co-supervisor: Danilo Gligoroski, ITEM Norwegian University of Science and Technology Department of Computer and Information Science Acknowledgements I would like to thank my thesis advisor, Guttorm Sindre, for all his help during the writing process. I would also like to thank my co-advisor, Danilo Gligoroski, for getting me started on the technical aspect of the report. Thanks are also owed to everyone who helped me by reading through and commenting on the structure and language of this report. i ii Abstract There is a growing trend of data breaches, which this report looks into. The breaches often turn out to have, at their core, an element of either poor security management, or outdated or incorrectly applied security procedures. With this in mind, an affordable off-the-shelf microcontroller development kit is suggested as a way to lessen the impact of data theft during data breaches. Utilising an Arduino Due this report looks at the performance avail- able for cryptoprocessing and key storage, showing that while it is not a viable solution for encrypting large amounts of data, it is however suitable for securely encrypting limited data sets, such as customer data. iii iv Table of Contents 1 Introduction3 1.1 Goal.....................................4 2 Research Methods5 2.1 Possible Methodologies...........................5 2.2 Research Question 1............................6 2.3 Research Question 2............................6 2.4 Research Question 3............................7 2.5 Research Question 4............................7 3 Background9 3.1 Breaches...................................9 3.1.1 Sony Online Entertainment, 2011.................9 3.1.2 LinkedIn, 2012.......................... -
Architecture of VIA Isaiah (NANO)
Architecture of VIA Isaiah (NANO) Jan Davidek dav053 2008/2009 1. Introduction to the VIA Nano™ Processor The last few years have seen significant changes within the microprocessor industry, and indeed the entire IT landscape. Much of this change has been driven by three factors: the increasing focus of both business and consumer on energy efficiency, the rise of mobile computing, and the growing performance requirements of computing devices in a fast expanding multimedia environment. In the microprocessor space, the traditional race for ever faster processing speeds has given way to one that factors in the energy used to achieve those speeds. Performance per watt is the new metric by which quality is measured, with all the major players endeavoring to increase the performance capabilities of their products, while reducing the amount of energy that they require. Based on the recently announced VIA Isaiah Architecture, the new VIA Nano™ processor is a next-generation x86 processor that sets the standard in power efficiency for tomorrow’s immersive internet experience. With advanced power and thermal management features helping to make it the world’s most energy efficient x86 processor architecture, the VIA Nano processor also boasts ultra modern functionality, high-performance computation and media processing, and enhanced VIA PadLock™ hardware security features. Augmenting the VIA C7® family of processors, the VIA Nano processor’s pin compatibility extends the VIA processor platform portfolio, enabling OEMs to offer a wider range of products for different market segments, and furnishing them with the ability to upgrade device performance without incurring the time and cost expense associated with system redesign. -
An Implementation of AES Algorithm on Multicore Processors for High Throughput
บทความวจิ ยั –วชาการิ การประชุมวชาการิ งานวิจยั และพฒนาเชั ิงประยกตุ ์ คร้ังที่ 6 การพฒนาเทคโนโลยั เพี ื่อให้โลกมีสนตั ิสุข ECTI-CARD Proceedings 2014, Chiang Mai, Thailand An implementation of AES algorithm on multicore processors for high throughput Supachai Thongsuk1, Prabhas Chongstitvatana, Ph.D. 2 Department of Computer Engineering Faculty of Engineering, Chulalongkorn University Bangkok, Thailand E-mail: [email protected], [email protected] Abstract Block of data input is 128 bits or 4 words in 4x4 square matrix of AES (Advanced Encryption Standard) algorithm is a block bytes. The 4x4 matrix of bytes is called the state. The number of encryption algorithm established by the U.S. National Institute of iterations depends on the key length. (Table 1) Standards and Technology (NIST) in 2001. It has been adopted by many AES steps data security systems and now used worldwide. Most of AES 1) Key expansion -- Round keys are derived from the cipher key. Each implementations are for single-core processors. To achieve high round requires a separate key block. performance for large data, this work proposed an AES algorithm for multi-core processors. Using parallelism inherent in large data, all 2) Initial round -- Each byte of the state is bitwise XOR with the round cores are working concurrently to speed up the task. key. Keywords: cryptography; AES; Multicore processor; 3) Rounds -- A round consisted of four transformations: SubBytes, ShiftRows, MixColumns, AddRoundKey. 1. Introduction The information security has become an important concern today 4) Final round -- Three transformations: SubBytes, ShiftRows, due to popular use of computers. The AES algorithm is a standard AddRoundKey. -
VIA Technologies Inc. Confidential N D a R Equired
Embedded System Platform VIA Eden-N VIAProcessor Technologies Inc. Confidential Datasheet N D A R equired VIA TECHNOLOGIES, INC. Revision 0.92 October 22, 2004 VIA Eden-N Processor Datasheet October 22, 2004 This is Version 0.92 of the VIA Eden-N Processor Datasheet. © 2003-2004 VIA Technologies, Inc All Rights Reserved. VIA reserves the right to make changes in its products without notice in order to improve design or performance characteristics. This publication neither states nor implies any representations or warranties of any kind, including but not limited to any implied warranty of merchantability or fitness for a particular purpose. No license, express or implied, to any intellectual property rights is granted by this document. VIA makes no representations or warranties with respect to the accuracy or completeness of the con- tents of this publication or the information contained herein, and reserves the right to make. changes at any time, without notice. VIA disclaims responsibility for any consequences resulting from the use of the information included herein. Inc Cyrix and VIA C3 are trademarks of VIA Technologies, Inc. s CentaurHauls is a trademark of Centaur Technology Corporation. e AMD, AMD K6, and Athlon are trademarks of Advanced Micro Devices, Inc. Microsoft and Windows are registered trademarks of Microsoftgi Corporation. l o a Intel, Pentium, Celeron, and MMX are registered trademarks of Intel Corporation.i d Other product names used in this publication are for identification purposes only and maye be trade- marks of their respective companies. nt r hnol i c ide qu e e LIFE SUPPORT POLICY nf T VIA processor products are not authorized for use as componentso in life Rsupport or other medical devices or systems (hereinafter life support devices)A unless a specificC written agreement pertaining to such intended use is executed be- tween the manufacturer and anI officer of VIA. -
The Microarchitecture of Intel and AMD Cpus
3. The microarchitecture of Intel, AMD and VIA CPUs An optimization guide for assembly programmers and compiler makers By Agner Fog. Copenhagen University College of Engineering. Copyright © 1996 - 2012. Last updated 2012-02-29. Contents 1 Introduction ....................................................................................................................... 4 1.1 About this manual ....................................................................................................... 4 1.2 Microprocessor versions covered by this manual........................................................ 6 2 Out-of-order execution (All processors except P1, PMMX)................................................ 8 2.1 Instructions are split into µops..................................................................................... 8 2.2 Register renaming ...................................................................................................... 9 3 Branch prediction (all processors) ................................................................................... 11 3.1 Prediction methods for conditional jumps.................................................................. 11 3.2 Branch prediction in P1............................................................................................. 16 3.3 Branch prediction in PMMX, PPro, P2, and P3 ......................................................... 20 3.4 Branch prediction in P4 and P4E .............................................................................. 21 -
(12) United States Patent (10) Patent No.: US 8,654,970 B2 Olson Et Al
USOO8654970B2 (12) United States Patent (10) Patent No.: US 8,654,970 B2 Olson et al. (45) Date of Patent: Feb. 18, 2014 (54) APPARATUS AND METHOD FOR 7,321,910 B2 1/2008 Crispin IMPLEMENTING INSTRUCTION SUPPORT EE 858 silk et al. FOR THE DATA ENCRYPTION STANDARD 7.433.469 B2 10/2008 Koshy et al. (DES) ALGORITHM 7,454,016 B2 * 1 1/2008 Tsunoo ........................... 380.29 7.460.666 B2 12/2008 Morioka et al. (75) Inventors: Christopher H. Olson, Austin, TX (US); 7,496, 196 B2 * 2/2009 Jalfon et al. .................... 380.29 Gregory F. Grohoski, Bee Cave, TX 7,502.464 B2 3/2009 Macchetti et al. (US); Lawrence A. Spracklen,s Boulders 7,532,7227,502,943 B2 3/20095/2009 CrispinHenry Creek, CA (US) 7,539,876 B2 5/2009 Henry (73) Assignee: Oracle America, Inc., Redwood Shores, (Continued) CA (US) OTHER PUBLICATIONS (*) Notice: Subject to any disclaimer, the term of this Stamenkovic, Z.; Wolf, C.; Schoof, G., Gaisler, J.; "LEON-2: Gen patent is extended or adjusted under 35 eral Purpose Processor for a Wireless Engine.” Design and Diagnos U.S.C. 154(b) by 962 days. tics of Electronic Circuits and systems, 2006 IEEE, vol., no., pp. 48-51, 0-0 0;doi: 10.1109/DDECS 2006. 1649569 URL: http:// (21) Appl. No.: 12/414,755 ieeexplore.ieee.org/stampfstamp.jsp?tp=&arnumber=1649569 &isnumber=34591. (22) Filed: Mar. 31, 2009 (Continued) (65) Prior Publication Data Primary Examiner — Tae Kim US 2010/0246814 A1 Sep. 30, 2010 (74) Attorney, Agent, or Firm — Meyertons Hood Kivlin (51) Int. -
Die VIA Nano-Prozessor Architektur
Fakultät Informatik Institut für Technische Informatik Professur für VLSI-Entwurfssysteme, Diagnostik und Architektur Die VIA Nano-Prozessor Architektur Dresden, 20.05.2009 Gliederung • Einführung • Der Nano • Modelle • Architektur Highlights • Sicherheitsfunktionen • Energiemanagement • Cache subsystem • Struktur • Intel Atom • Performance TU Dresden, 27.05.2009 Folie 2 01 Einführung • Nano ist komplette Neuentwicklung • von Centaur Technology entwickelt • Ziel: • Leistungssteigerung zum C7 • Aber: Strombedarf so gering wie möglich • Warum?: • Wachsender Bedarf an Energie-Effizienz • Mobile computing • Steigende perfomance Anforderungen (Multimedia) TU Dresden, 27.05.2009 Folie 3 02 Der NANO in Fakten • 64 Bit Architektur • Basiert auf VIA Isaiah Architektur • 65 nm Technologie • Out -of -order Issue und Execution • Pin-Kompatible zu C7 • 64 Kbyte L1-Instruction Cache • 1 MB L2 Cache • Spezieller Prefetch-Cache • 95 Millionen Transistoren • TDP von 5-25 W TU Dresden, 27.05.2009 Folie 4 03 Modelle L2100, L2200 (low voltage); TU Dresden, 27.05.2009 Folie 5 04 Architektur Highlights • Superskalar und spekulative in-order fetching • kann 3 x86 Befehle pro Takt dekodieren • Out-of-order execution • Macro- und Micro-fusion • Performancesteigerung durch Befehlskombination • Branch-prediction • 8 verschiedene Vorhersagen in 2 Pipelinestufen • Sicherheitsfunktionen • Energiemanagement • Cache-Subsystem TU Dresden, 27.05.2009 Folie 6 04 Sicherheitsfunktionen Überblick • Verfügt über VSM • Secure execution mode TU Dresden, 27.05.2009 Folie 7 04