A Keccak-Based Wireless Authentication Tag with per-Query Key Update and Power-Glitch Attack Countermeasures

Juvekar, Chiraag S.; Lee, Hyung-Min; Kwong, Joyce; Chandrakasan, Anantha P.

Author(s)

Juvekar, Chiraag Shashikant; Lee, Hyung-Min; Kwong, Joyce; Chandrakasan, Anantha P.

Downloadfinal_submission (1).pdf (4.386Mb)

OPEN_ACCESS_POLICY

Terms of use

Creative Commons Attribution-Noncommercial-Share Alike http://creativecommons.org/licenses/by-nc-sa/4.0/

Metadata

Show full item record

Abstract

Counterfeiting is a major problem plaguing global supply chains. While small low-cost tagging solutions for supply-chain management exist, security in the face of fault-injection [1] and side-channel attacks [2] remains a concern. Power glitch attacks [3] in particular attempt to leak key-bits by inducing fault conditions during cryptographic operation through the use of over-voltage and under-voltage conditions. This paper presents the design of a secure authentication tag with wireless power and data delivery optimized for compact size and near-field applications. Power-glitch attacks are mitigated through state backup on FeRAM based non-volatile flip-flops (NVDFFs) [4]. The tag uses Keccak [5] (the cryptographic core of SHA3) to update the key before each protocol invocation, limiting side-channel leakage to a single trace per key. Fig. 1 shows the complete system including the tag, reader, and backend server implemented in this work. Tags are seeded at manufacture and this initial seed is stored in the server database before a tag is affixed to an item. A wireless power and data transfer (WPDT) frontend harvests energy from the reader (433 MHz inductive link) and powers the on-chip authentication engine (AE). On startup the AE updates its key using a PRNG (seeded with the old key) and increments the key index. The AE then responds to the subsequent challenge, by encrypting the challenge under the new key. These challenge-response pairs can be validated by a trusted server to authenticate the tag. Additionally, the server can use the key-index to resynchronize with the tag in the event of packet loss.

Date issued

2016-01

URI

http://hdl.handle.net/1721.1/101188

Department

Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science

Journal

Proceedings of the 2016 IEEE International Solid-State Circuits Conference

Publisher

Institute of Electrical and Electronics Engineers (IEEE)

Citation

Juvekar, Chiraag S., Hyung-Min Lee, Joyce Kwong, and Anantha P. Chandrakasan. "A Keccak-Based Wireless Authentication Tag with per-Query Key Update and Power-Glitch Attack Countermeasures." 2016 IEEE International Solid-State Circuits Conference (January 2016).

Version: Author's final manuscript

Collections

MIT Open Access Articles

DSpace@MIT