Candidate: Ahmed Ayoub
Title: A flexible ultralight hardware security module for EPC RFID tags
Date: May 11, 2021
Time: 1:00 PM
Place: REMOTE ATTENDANCE
Supervisor(s): Aagaard, Mark
Due to the rapid growth of using Internet of Things (IoT) devices in daily life, the need to achieve an acceptable level of security and privacy for these devices is rising. Security risks may include privacy threats like gaining sensitive information from a device, and authentication problems from counterfeit or cloned devices. It is more challenging to add security features to extremely constrained devices, such as passive Electronic Product Code (EPC) Radio Frequency Identification (RFID) tags, compared to devices that have more computational and storage capabilities.
EPC RFID tags are simple and low-cost electronic circuits that are commonly used in supply chains, retail stores, and other applications to identify physical objects. Most tags today are simple ``license plates'' that just identify the object they are attached to and have minimal security. Due to the security risks of new applications, there is an important need to implement secure RFID tags. Examples of the security risks for these applications include unauthorized physical tracking and inventorying of tags. The current commercial RFID tag designs use specialized hardware circuits approach. This approach can achieve the lowest area and power consumption; however, it lacks flexibility.
This thesis presents an optimized application-specific instruction set architecture (ISA) for an ultralight Hardware Security Module (HSM). HSMs are computing devices that protect cryptographic keys and operations for a device. The HSM combines all security-related functions for passive RFID tag. The goal of this research is to demonstrate that using an application-specific instruction set processor (ASIP) architecture for ultralight HSMs provides benefits in terms of trade-offs between flexibility, extensibility, and efficiency. Our novel application specific instruction-set architecture allows flexibility on many design levels and achieves acceptable security level for passive EPC RFID tag. Our solution moves a major design effort from hardware to software, which largely reduces the final unit cost.
Our ASIP processor can be implemented with 4,662 gate equivalent units (GEs) for 65 nm CMOS technology excluding cryptographic units and memories. We integrated and analyzed three cryptographic modules: Simeck block cipher, WG-5 stream cipher, and ACE authenticated encryption module. The performance for encryption and decryption operations has been improved by 253$\times$ to 415$\times$ compared to other programmable implementations results while the optimality score has been improved by 252X to 434X. The optimality score is a measure for how efficient is the design with regards to the chip area and the execution time. We increase performance dramatically and increase area by only 0.23-17.97\%. These results fulfill the requirements of extremely constrained devices and allow the inclusion of cryptographic units into the datapath of our ASIP processor.