A Keccak-Based Wireless Authentication Tag with per-Query Key Update and Power-Glitch Attack Countermeasures
Author(s)Juvekar, Chiraag Shashikant; Lee, Hyung-Min; Kwong, Joyce; Chandrakasan, Anantha P.
MetadataShow full item record
Counterfeiting is a major problem plaguing global supply chains. While small low-cost tagging solutions for supply-chain management exist, security in the face of fault-injection  and side-channel attacks  remains a concern. Power glitch attacks  in particular attempt to leak key-bits by inducing fault conditions during cryptographic operation through the use of over-voltage and under-voltage conditions. This paper presents the design of a secure authentication tag with wireless power and data delivery optimized for compact size and near-field applications. Power-glitch attacks are mitigated through state backup on FeRAM based non-volatile flip-flops (NVDFFs) . The tag uses Keccak  (the cryptographic core of SHA3) to update the key before each protocol invocation, limiting side-channel leakage to a single trace per key. Fig. 1 shows the complete system including the tag, reader, and backend server implemented in this work. Tags are seeded at manufacture and this initial seed is stored in the server database before a tag is affixed to an item. A wireless power and data transfer (WPDT) frontend harvests energy from the reader (433 MHz inductive link) and powers the on-chip authentication engine (AE). On startup the AE updates its key using a PRNG (seeded with the old key) and increments the key index. The AE then responds to the subsequent challenge, by encrypting the challenge under the new key. These challenge-response pairs can be validated by a trusted server to authenticate the tag. Additionally, the server can use the key-index to resynchronize with the tag in the event of packet loss.
DepartmentMassachusetts Institute of Technology. Department of Electrical Engineering and Computer Science
Proceedings of the 2016 IEEE International Solid-State Circuits Conference
Institute of Electrical and Electronics Engineers (IEEE)
Juvekar, Chiraag S., Hyung-Min Lee, Joyce Kwong, and Anantha P. Chandrakasan. "A Keccak-Based Wireless Authentication Tag with per-Query Key Update and Power-Glitch Attack Countermeasures." 2016 IEEE International Solid-State Circuits Conference (January 2016).
Author's final manuscript