Securing implementations of feedback-shift-register-based ciphers using compiler optimizations and co-processors

Los algoritmos basados en registros de desplazamiento con realimentación (en inglés FSR) se han utilizado como generadores de flujos pseudoaleatorios en aplicaciones con recursos limitados como los sistemas de apertura sin llave. Se considera canal primario a aquel que se utiliza para realizar una transmisión de información. La aparición de los ataques de canal auxiliar (en inglés SCA), que explotan información filtrada inintencionadamente a través de canales laterales como el consumo, las emisiones electromagnéticas o el tiempo empleado, supone una grave amenaza para estas aplicaciones, dado que los dispositivos son accesibles por un atacante. El objetivo de esta tesis es proporcionar un conjunto de protecciones que se puedan aplicar de forma automática y que utilicen recursos ya disponibles, evitando un incremento sustancial en los costes y alargando la vida útil de aplicaciones que puedan estar desplegadas. Explotamos el paralelismo existente en algoritmos FSR, ya que sólo hay 1 bit de diferencia entre estados de rondas consecutivas. Realizamos aportaciones en tres niveles: a nivel de sistema, utilizando un coprocesador reconfigurable, a través del compilador y a nivel de bit, aprovechando los recursos disponibles en el procesador. Proponemos un marco de trabajo que nos permite evaluar implementaciones de un algoritmo incluyendo los efectos introducidos por el compilador considerando que el atacante es experto. En el campo de los ataques, hemos propuesto un nuevo ataque diferencial que se adapta mejor a las condiciones de las implementaciones software de FSR, en las que el consumo entre rondas es muy similar. SORU2 es un co-procesador vectorial reconfigurable propuesto para reducir el consumo energético en aplicaciones con paralelismo y basadas en el uso de bucles. Proponemos el uso de SORU2, además, para ejecutar algoritmos basados en FSR de forma segura. Al ser reconfigurable, no supone un sobrecoste en recursos, ya que no está dedicado en exclusiva al algoritmo de cifrado. Proponemos una configuración que ejecuta múltiples algoritmos de cifrado similares de forma simultánea, con distintas implementaciones y claves. A partir de una implementación sin protecciones, que demostramos que es completamente vulnerable ante SCA, obtenemos una implementación segura a los ataques que hemos realizado. A nivel de compilador, proponemos un mecanismo para evaluar los efectos de las secuencias de optimización del compilador sobre una implementación. El número de posibles secuencias de optimizaciones de compilador es extremadamente alto. El marco de trabajo propuesto incluye un algoritmo para la selección de las secuencias de optimización a considerar. Debido a que las optimizaciones del compilador transforman las implementaciones, se pueden generar automáticamente implementaciones diferentes combinamos para incrementar la seguridad ante SCA. Proponemos 2 mecanismos de aplicación de estas contramedidas, que aumentan la seguridad de la implementación original sin poder considerarse seguras. Finalmente hemos propuesto la ejecución paralela a nivel de bit del algoritmo en un procesador. Utilizamos la forma algebraica normal del algoritmo, que automáticamente se paraleliza. La implementación sobre el algoritmo evaluado mejora en rendimiento y evita que se filtre información por una ejecución dependiente de datos. Sin embargo, es más vulnerable ante ataques diferenciales que la implementación original. Proponemos una modificación del algoritmo para obtener una implementación segura, descartando parcialmente ejecuciones del algoritmo, de forma aleatoria. Esta implementación no introduce una sobrecarga en rendimiento comparada con las implementaciones originales. En definitiva, hemos propuesto varios mecanismos originales a distintos niveles para introducir aleatoridad en implementaciones de algoritmos FSR sin incrementar sustancialmente los recursos necesarios. ABSTRACT Feedback Shift Registers (FSR) have been traditionally used to implement pseudorandom sequence generators. These generators are used in Stream ciphers in systems with tight resource constraints, such as Remote Keyless Entry. When communicating electronic devices, the primary channel is the one used to transmit the information. Side-Channel Attack (SCA) use additional information leaking from the actual implementation, including power consumption, electromagnetic emissions or timing information. Side-Channel Attacks (SCA) are a serious threat to FSR-based applications, as an attacker usually has physical access to the devices. The main objective of this Ph.D. thesis is to provide a set of countermeasures that can be applied automatically using the available resources, avoiding a significant cost overhead and extending the useful life of deployed systems. If possible, we propose to take advantage of the inherent parallelism of FSR-based algorithms, as the state of a FSR differs from previous values only in 1-bit. We have contributed in three different levels: architecture (using a reconfigurable co-processor), using compiler optimizations, and at bit level, making the most of the resources available at the processor. We have developed a framework to evaluate implementations of an algorithm including the effects introduced by the compiler. We consider the presence of an expert attacker with great knowledge on the application and the device. Regarding SCA, we have presented a new differential SCA that performs better than traditional SCA on software FSR-based algorithms, where the leaked values are similar between rounds. SORU2 is a reconfigurable vector co-processor. It has been developed to reduce energy consumption in loop-based applications with parallelism. In addition, we propose its use for secure implementations of FSR-based algorithms. The cost overhead is discarded as the co-processor is not exclusively dedicated to the encryption algorithm. We present a co-processor configuration that executes multiple simultaneous encryptions, using different implementations and keys. From a basic implementation, which is proved to be vulnerable to SCA, we obtain an implementation where the SCA applied were unsuccessful. At compiler level, we use the framework to evaluate the effect of sequences of compiler optimization passes on a software implementation. There are many optimization passes available. The optimization sequences are combinations of the available passes. The amount of sequences is extremely high. The framework includes an algorithm for the selection of interesting sequences that require detailed evaluation. As existing compiler optimizations transform the software implementation, using different optimization sequences we can automatically generate different implementations. We propose to randomly switch between the generated implementations to increase the resistance against SCA.We propose two countermeasures. The results show that, although they increase the resistance against SCA, the resulting implementations are not secure. At bit level, we propose to exploit bit level parallelism of FSR-based implementations using pseudo bitslice implementation in a wireless node processor. The bitslice implementation is automatically obtained from the Algebraic Normal Form of the algorithm. The results show a performance improvement, avoiding timing information leakage, but increasing the vulnerability against differential SCA.We provide a secure version of the algorithm by randomly discarding part of the data obtained. The overhead in performance is negligible when compared to the original implementations. To summarize, we have proposed a set of original countermeasures at different levels that introduce randomness in FSR-based algorithms avoiding a heavy overhead on the resources required.

Floating-point exponentiation units for reconfigurable computing

The high performance and capacity of current FPGAs makes them suitable as acceleration co-processors. This article studies the implementation, for such accelerators, of the floating-point power function xy as defined by the C99 and IEEE 754-2008 standards, generalized here to arbitrary exponent and mantissa sizes. Last-bit accuracy at the smallest possible cost is obtained thanks to a careful study of the various subcomponents: a floating-point logarithm, a modified floating-point exponential, and a truncated floating-point multiplier. A parameterized architecture generator in the open-source FloPoCo project is presented in details and evaluated.

Operating infrastructure for an FPGA and ARM system

Advances in FPGA technology and higher processing capabilities requirements have pushed to the emerge of All Programmable Systems-on-Chip, which incorporate a hard designed processing system and a programmable logic that enable the development of specialized computer systems for a wide range of practical applications, including data and signal processing, high performance computing, embedded systems, among many others. To give place to an infrastructure that is capable of using the benefits of such a reconfigurable system, the main goal of the thesis is to implement an infrastructure composed of hardware, software and network resources, that incorporates the necessary services for the operation, management and interface of peripherals, that coompose the basic building blocks for the execution of applications. The project will be developed using a chip from the Zynq-7000 All Programmable Systems-on-Chip family.

A many-core co-processor for embedded parallel computing on FPGA

Single processor architectures are unable to provide the required performance of high performance embedded systems. Parallel processing based on general-purpose processors can achieve these performances with a considerable increase of required resources. However, in many cases, simplified optimized parallel cores can be used instead of general-purpose processors achieving better performance at lower resource utilization. In this paper, we propose a configurable many-core architecture to serve as a co-processor for high-performance embedded computing on Field-Programmable Gate Arrays. The architecture consists of an array of configurable simple cores with support for floating-point operations interconnected with a configurable interconnection network. For each core it is possible to configure the size of the internal memory, the supported operations and number of interfacing ports. The architecture was tested in a ZYNQ-7020 FPGA in the execution of several parallel algorithms. The results show that the proposed many-core architecture achieves better performance than that achieved with a parallel generalpurpose processor and that up to 32 floating-point cores can be implemented in a ZYNQ-7020 SoC FPGA.

A Co-Processor Approach for Efficient Java Execution in Embedded Systems

This thesis deals with a hardware accelerated Java virtual machine, named REALJava. The REALJava virtual machine is targeted for resource constrained embedded systems. The goal is to attain increased computational performance with reduced power consumption. While these objectives are often seen as trade-offs, in this context both of them can be attained simultaneously by using dedicated hardware. The target level of the computational performance of the REALJava virtual machine is initially set to be as fast as the currently available full custom ASIC Java processors. As a secondary goal all of the components of the virtual machine are designed so that the resulting system can be scaled to support multiple co-processor cores. The virtual machine is designed using the hardware/software co-design paradigm. The partitioning between the two domains is flexible, allowing customizations to the resulting system, for instance the floating point support can be omitted from the hardware in order to decrease the size of the co-processor core. The communication between the hardware and the software domains is encapsulated into modules. This allows the REALJava virtual machine to be easily integrated into any system, simply by redesigning the communication modules. Besides the virtual machine and the related co-processor architecture, several performance enhancing techniques are presented. These include techniques related to instruction folding, stack handling, method invocation, constant loading and control in time domain. The REALJava virtual machine is prototyped using three different FPGA platforms. The original pipeline structure is modified to suit the FPGA environment. The performance of the resulting Java virtual machine is evaluated against existing Java solutions in the embedded systems field. The results show that the goals are attained, both in terms of computational performance and power consumption. Especially the computational performance is evaluated thoroughly, and the results show that the REALJava is more than twice as fast as the fastest full custom ASIC Java processor. In addition to standard Java virtual machine benchmarks, several new Java applications are designed to both verify the results and broaden the spectrum of the tests.

Architectural-Physical Co-Design of 3D CPUs with Micro-Fluidic Cooling

The performance, energy efficiency and cost improvements due to traditional technology scaling have begun to slow down and present diminishing returns. Underlying reasons for this trend include fundamental physical limits of transistor scaling, the growing significance of quantum effects as transistors shrink, and a growing mismatch between transistors and interconnects regarding size, speed and power. Continued Moore's Law scaling will not come from technology scaling alone, and must involve improvements to design tools and development of new disruptive technologies such as 3D integration. 3D integration presents potential improvements to interconnect power and delay by translating the routing problem into a third dimension, and facilitates transistor density scaling independent of technology node. Furthermore, 3D IC technology opens up a new architectural design space of heterogeneously-integrated high-bandwidth CPUs. Vertical integration promises to provide the CPU architectures of the future by integrating high performance processors with on-chip high-bandwidth memory systems and highly connected network-on-chip structures. Such techniques can overcome the well-known CPU performance bottlenecks referred to as memory and communication wall. However the promising improvements to performance and energy efficiency offered by 3D CPUs does not come without cost, both in the financial investments to develop the technology, and the increased complexity of design. Two main limitations to 3D IC technology have been heat removal and TSV reliability. Transistor stacking creates increases in power density, current density and thermal resistance in air cooled packages. Furthermore the technology introduces vertical through silicon vias (TSVs) that create new points of failure in the chip and require development of new BEOL technologies. Although these issues can be controlled to some extent using thermal-reliability aware physical and architectural 3D design techniques, high performance embedded cooling schemes, such as micro-fluidic (MF) cooling, are fundamentally necessary to unlock the true potential of 3D ICs. A new paradigm is being put forth which integrates the computational, electrical, physical, thermal and reliability views of a system. The unification of these diverse aspects of integrated circuits is called Co-Design. Independent design and optimization of each aspect leads to sub-optimal designs due to a lack of understanding of cross-domain interactions and their impacts on the feasibility region of the architectural design space. Co-Design enables optimization across layers with a multi-domain view and thus unlocks new high-performance and energy efficient configurations. Although the co-design paradigm is becoming increasingly necessary in all fields of IC design, it is even more critical in 3D ICs where, as we show, the inter-layer coupling and higher degree of connectivity between components exacerbates the interdependence between architectural parameters, physical design parameters and the multitude of metrics of interest to the designer (i.e. power, performance, temperature and reliability). In this dissertation we present a framework for multi-domain co-simulation and co-optimization of 3D CPU architectures with both air and MF cooling solutions. Finally we propose an approach for design space exploration and modeling within the new Co-Design paradigm, and discuss the possible avenues for improvement of this work in the future.

Estudo inicial da degradação in vivo de poli(L-co-D,L ácido lático), sintetizado em laboratório, aplicado como prótese tibial em coelhos

The copolymer poly (L-co-D,L lactic acid), PLDLA, has gained prominence in the field of temporary prostheses due to the fact that their time of degradation is quite compatible with the requirement in the case of osseous fracture. In this work the in vivo degradation of devices from copolymer, as a system of plates and screws, used in fixation of the tibia of rabbits was studied. The devices were implanted in 15 adult rabbits, albinos, New Zealand race, and they were used as control devices of alloys of titanium (Ti-6Al-4V/ V grade). The use of copolymers, synthesized in the laboratory, was tested in the repair of fracture in rabbits'tibias, being assessed in the following times: 2 weeks, 2 months and 3 months. Morphological analysis of tissue surrounding the plate and screw system, for 2 weeks of implantation, showed the presence of osteoblasts, indicating a pre bone formation. After 2 months there was new bone formation in the region in contact with the polymer. This bone growth occurred simultaneously with the process of PLDLA degradation, invading the region where there was polymer and after 3 months there was an intense degradation of the copolymer and hence greater tissue invasion compared to 2 months which characterized bone formation in a region where the polymer degraded. The in vivo degradation study of the devices for PLDLA by means of histological evaluations during the period of consolidation of the fracture showed the efficiency of plate and screw system, and it was possible to check formation of bone tissue at the implantation site, without the presence of inflammatory reaction

Cation size effects-modified phase and PTCR development in Er3+ and Ca2+ co-doped BaTiO3 ceramics during sintering

Development of the positive temperature coefficient of resistivity (PTCR) in Er3+ and Ca2+ co-doped ferroelectric BaTiO3 was studied in this work, with Er3+ being used to act as a donor doping. Irrespective of all the materials showing high densities after sintering at 1200 to 1300 ºC, these revealed insulator at the lowest sintering temperature, changing to semiconducting and PTCR-type materials only when the sintering temperature was further increased. Observations from X-ray diffraction help correlating this effect with phase development in this formulated (Ba,Ca,Er)TiO3 system, considering the formation of initially two separated major (Ba,Ca)TiO3- and minor (Ca,Er)TiO3-based compounds, as a consequence of cation size-induced stress energy effects. Thus, appearance and enhancement here of the semiconducting and PTCR responses towards higher sintering temperatures particularly involve the incorporation of Er3+ into the major phase, rendering finally possible the generation and "percolative-like" migration of electrons throughout the whole material.

Óxidos do tipo perovskita para reação de redução de no com CO

In this work, the perovskite-type oxides LaNiO3, LaMnO3, La0,7Sr0,3NiO3 and La0,7Sr0,3MnO3 were prepared by co-precipitation and tested in the NO reduction with CO at 400 and 500 ºC for 10 h. The catalysts were characterized by X-ray diffraction, temperature programmed reduction with hydrogen, nitrogen adsorption and chemical analysis. The nonstoichiometric oxygen was quantified by temperature programmed reduction, and the catalytic tests showed that the La0,7Sr0,3MnO3 catalyst presented the higher performance for the reduction reaction of NO with CO. The partial substitution of lanthanum by strontium increased the NO conversion and the N2 yield.

Co-eletrodeposição oscilatória de cobre e estanho

It is investigated in the present contribution the oscillatory co-electrodeposition of CuSn on a polycrystalline gold surface in the presence of Triton X-100 surfactant and citric acid as additive, in acidic media. The experiments were conducted under potentiostatic control and the system dynamics characterized in terms of the morphology and stability of the current oscillations. Besides modulations in the frequency and amplitude of the current oscillations, several patterned states were observed, including relaxation-like and mixed mode oscillations. The oscillations were found to be very robust and some time series presented regular motions up to about two hours.

Áreas de vulnerabilidade para co-infecção HIV-aids/TB em Ribeirão Preto, SP

OBJETIVO: Identificar áreas de vulnerabilidade para os casos novos de co-infecção HIV/tuberculose (TB). MÉTODOS: Estudo descritivo ecológico realizado por meio do georreferenciamento dos casos novos de HIV/TB notificados em Ribeirão Preto, SP, em 2006. Os dados foram obtidos do sistema de informação estadual paulista de notificação de TB. Os casos novos de co-infecção HIV/TB foram analisados conforme características sociodemográficas e clínicas e, posteriormente, georreferenciados na base cartográfica do município segundo endereço residencial. Os setores do município foram categorizados em três níveis socioeconômicos: inferior, intermediário e superior, com base na análise de componentes principais das variáveis do censo demográfico de 2000 (renda, instrução e percentagem de domicílios com cinco ou mais moradores). Foi calculada a incidência da co-infecção HIV/TB para cada nível socioeconômico. RESULTADOS: A co-infecção HIV/TB acometeu mais adultos do sexo masculino em idade economicamente ativa e a forma pulmonar da TB foi a mais comum. A distribuição espacial mostrou que as incidências nas áreas com níveis socioeconômicos intermediários e inferiores (8,3 e 11,5 casos por 100 mil habitantes, respectivamente) foram superiores àquela (4,8 casos por 100 mil habitantes) de nível socioeconômico superior. CONCLUSÕES: A taxa de incidência de co-infecção HIV/TB analisada por níveis socioeconômicos mostrou padraÞo espacial de distribuiçaÞo não homogêneo e apresentou valores mais altos em áreas de maior vulnerabilidade social. O estudo diagnosticou aìreas geograìficas prioritaìrias para o controle da co-infecção e a tecnologia do sistema de informação geográfica pode ser empregada no planejamento das ações em saúde pelos gestores municipais.

Prótese total articulada de joelho utilizada no tratamento de osteossarcoma apendicular em cão

O objetivo do trabalho foi reportar o planejamento cirúrgico, a técnica operatória, a instrumentação e os resultados da substituição completa do terço médio distal do fêmur, do platô tibial e da articulação do joelho por prótese em um cão acometido por osteossarcoma no fêmur esquerdo. A prótese foi confeccionada em aço, apresentando três componentes articulados, mantendo o movimento semelhante à articulação do joelho. As porções femorais e tibiais da prótese foram cimentadas aos respectivos ossos, após ostectomia do fêmur e do platô tibial. O animal foi submetido a seis sessões de quimioterapia, com doxorrubicina e carboplatina, intercaladas mensalmente, objetivando inibir o crescimento de possíveis metástases pulmonares. Durante os seis primeiros dias, o animal apresentou neuropraxia e impotência funcional do membro. Aos 10 dias, o cão iniciou leve apoio e aos 30 dias já utilizava o membro pélvico de forma mais efetiva, porém, o ângulo de extensão da articulação foi reduzido de 150° a 100° devido à contratura muscular e à fibrose na região da fossa poplítea. Após um ano de observação, não houve melhora do ângulo de extensão do joelho, porém, o animal fazia uso do membro com claudicação. Aos 425 dias de pós-operatório, o animal veio a óbito por insuficiência renal. Nesse tempo não ocorreram metástases pulmonares ou locais visíveis radiograficamente, mas o proprietário não permitiu a realização da necropsia do paciente, sendo impossível confirmar outros dados que pudessem esclarecer melhor a causa morte. Conclui-se que a substituição total do joelho de cão é uma cirurgia factível, que permite a preservação e a utilização do membro após ressecção da neoplasia, embora outras pesquisas devam ser conduzidas para obtenção de melhores resultados pós-cirúrgicos.

Meningoencefalite necrotizante de cão Maltês

A Meningoencefalite Necrotizante (MEN) é uma encefalopatia causada por uma disfunção inflamatória de característica necrotizante. O objetivo deste relato é descrever os aspectos clínicos e anatomopatológicos da Meningoencefalite Necrotizante (MEN) em um cão Maltês. A doença tem um caráter necrótico único e está relacionada intimamente à Encefalite do Cão Pug (ECP) devido a suas semelhanças, bem como à Leucoencefalite Necrotizante (LEN). Embora o primeiro relato de caso de ECP tenha mais de 15 anos e o primeiro relato de caso de MEN em Maltês tenha 11 anos, há muito a ser revelado sobre a etiologia e os mecanismos imunopatológicos da doença. Neste trabalho, relata-se o caso de um cão Maltês com sinais que foram compatíveis com a MEN. Foram detectadas nas imagens macroscópicas, cavitação cerebral, e na microscopia, perda de células do parênquima em certas regiões do córtex cerebral. A partir dessas descobertas descreve-se o primeiro caso de MEN em cão Maltês no Brasil.

Microstructural Evidence of beta Co(2)Si- phase Stability in the Co-Si System

The aim of this work was to verify the stability of the beta Co(2)Si phase in the Co-Si system. The samples were produced via arc-melting and characterized through Scanning Electron Microscopy (SEM) and Differential Thermal Analysis (DTA). The results have confirmed the stability of the beta Co(2)Si phase, however, a modification of the shape of beta CoSi phase field is proposed in order to fully explain the results.

High levels of T lymphocyte activation in Leishmania-HIV-1 co-infected individuals despite low HIV viral load

Background: Concomitant infections may influence HIV progression by causing chronic activation leading to decline in T-cell function. In the Americas, visceral (AVL) and tegumentary leishmaniasis (ATL) have emerged as important opportunistic infections in HIV-AIDS patients and both of those diseases have been implicated as potentially important co-factors in disease progression. We investigated whether leishmaniasis increases lymphocyte activation in HIV-1 co-infected patients. This might contribute to impaired cellular immune function. Methods: To address this issue we analyzed CD4(+) T absolute counts and the proportion of CD8(+) T cells expressing CD38 in Leishmania/HIV co-infected patients that recovered after anti-leishmanial therapy. Results: We found that, despite clinical remission of leishmaniasis, AVL co-infected patients presented a more severe immunossupression as suggested by CD4(+) T cell counts under 200 cells/mm(3), differing from ATL/HIV-AIDS cases that tends to show higher lymphocytes levels (over 350 cells/mm(3)). Furthermore, five out of nine, AVL/HIV-AIDS presented low CD4(+) T cell counts in spite of low or undetectable viral load. Expression of CD38 on CD8(+) T lymphocytes was significantly higher in AVL or ATL/HIV-AIDS cases compared to HIV/AIDS patients without leishmaniasis or healthy subjects. Conclusions: Leishmania infection can increase the degree of immune system activation in individuals concomitantly infected with HIV. In addition, AVL/HIV-AIDS patients can present low CD4(+) T cell counts and higher proportion of activated T lymphocytes even when HIV viral load is suppressed under HAART. This fact can cause a misinterpretation of these laboratorial markers in co-infected patients.