The implementation of a secure cipher within the embedded electronics of a smart-card can have a large number of weak points, which are unrelated to the cryptographic strength of that cipher. Side-channel information leaks may disclose internal secrets through the cipher's power consumption, execution time, and other physical implementation effects. Affecting hardware as well as software, these leaks show that a secure embedded system is no stronger than its weakest link. This project creates a systematic design approach that iteratively partitions an embedded system into a security-critical and a non-critical part. The partitioning goes across the boundaries of hardware and software and is guided by side-channel estimators. The partitioned components are then safely integrated using secure hardware-software interfaces. The result is a flexible yet secure system design, that combines the flexibility of software with the robustness of hardware. The project's intellectual merit is a design methodology for secure embedded system design. The methodology complements a traditional embedded design approach that focuses on performance and design-cost but not on security and side-channel information leaks. The project trains computer engineers at the undergraduate level in hardware/software codesign, and at the graduate level in secure embedded systems design. The training software from this course forms the basis of the secure design flow, and it is freely distributed on CD-ROM. The software is serving other academic institutions that establish similar undergraduate courses. The secure methodology enables collaboration between embedded system designers and cryptographers, and helps them to build embedded systems that are less prone to attacks and fraud.
This project addresses design methods and techniques to create secure embedded systems, such as key fobs, small embedded computers that run cryptographic functions, smart cards, RFID, and so on. These systems are challenging to design and implement because they need to execute complex cryptographic algorithms in a resource constrained environment (limited energy, limited computational resources). Furthermore, these systems experience a specific threat model to their security, namely an attacker with physical access to the embedded systems' implementation. This project has worked on applications, methods and tools, and implementations of secure embedded systems. In the area of applications, public-key cryptography based on elliptic curves, symmetric-key cryptography, and hash algorithms have been evaluated for embedded implementation. The main effort was on methods and tools. The project proposed new techniques for side-channel analysis (a particular attack on secure embedded systems), and then developed suitable countermeasures for these attacks. The results include a secure circuit style and a novel technique to implement secure microprocessors. Furthermore, the project has developed several tools, including a tool for combined design of embedded systems hardware and software, and a tool for systematic evaluation of side-channel leakageof secure embedded systems. Education is an important result in this project, as well. The project has created two course, one undergraduate course called "Hardware/Software Codesign" and a graduate level course called "Secure Hardware Design". The latter course was also offered as "Handheld Computer Security". To support the undergraduate course, a textbook was written, of which two editions have been published ("A Practical Introduction to Hardware/Software Codesign"). This project has supported 13 Graduate Students and 5 Undergraduate Students. The project resulted in 20 conference papers, 5 journal papers, 1 book chapter, and 2 editions of a textbook.