Hardware Security: from Concept to Application
Florent Bruguier, Pascal Benoit, and Lionel Torres
LIRMM, UMR CNRS 5506
University of Montpellier,
Montpellier, France
Email: firstname.lastname@lirmm.fr
Abstract—With the advent of the Internet of Things (IoT),
electronics devices are everywhere in our lives. This omnipresence
implies a growing of security issues (data or identity theft, hostile
takeover of sensitive equipments. . . ). To counter security vul-
nerabilities, ”Security by Design” methods are being developed.
It advises to think about security from the beginning of the
conception at both software and hardware levels. Therefore, it is
necessary to create new pedagogical support to form engineers
to this method. In this context, the French national coordination
for microelectronics education has launched a program targeting
hardware security instruction. Four main courses were developed
addressing students from high-school level to PhD level. This
paper presents the three-day Master/PhD training which includes
theoretical lectures and practical labs. Since 2014, more than 1000
students have followed this training.
Index Terms—Security, Data Security, Cryptography, Educa-
tion, Embedded System Security, Side-Channel Attacks, Power
Analysis, Electromagnetic Analysis
I. I NTRODUCTION
Nowadays, we are using more and more digital systems.
This is even more true with the advent of connected objects.
These mobile or embedded systems constitute what we call the
Internet of Things (IoT). They upset the habits of users and
respond to emerging needs in many areas such as audiovisual,
culture, health, tourism, transport ... Their number is estimated
at 15 billion today and they should be between 50-80 billion
worldwide in 2025.
However, their omnipresence is increasing the likelihood of
exposure. Fridges, cars, toys or medical devices connected. . . ,
the list of examples of objects found to have vulnerabilities
never stops growing [1]–[3].
The hardware and software implementation of such systems
has become their main Achilles heel. The analysis of physical
parameters of a circuit such as the power consumption, the
electromagnetic emissions or the execution time could be used
for attacking it [4]–[6]. These attacks, called side channel
attacks, allow in a minimum of time and with little effort to
discover the encryption keys ensuring the security of a circuit.
To adapt to this kind of threat, it is necessary to train
and educate new generations of developers, designers but
also users. In this context, the Montpellier division of the
”Coordination National de Formation en Micro-électronique et
nanotechnologies” (CNFM, National Coordination of Training
in Microelectronics and Nanotechnology) chooses to develop
978-1-4673- 8584-8/16/$31.00
2016
c European Union
Authorized licensed use limited to: NXP Semiconductors. Downloaded on September 11,2020 at 06:36:23 UTC from IEEE Xplore. Restrictions apply.
Lilian Bossuet
Laboratoire Hubert Curien, UMR CNRS 5516
University of Lyon
Saint-Etienne, France
Email: lilian.bossuet@univ-st-etienne.fr
a training project and a platform around hardware security.
The CNFM is a french public interest group which organizes
joint working so that skills and facilities can be pooled across
all the French educational institutions that teach micro- and
nanoelectronics [7].
This paper describes an education program focussed on
hardware security. The main course is a three-day training for
Master/PhD in microelectronics. The remainder of this paper
is organised as follow. In section II, objectives, audiences and
pedagogical issues of each training are proposed. Then, an
overview of the main training is offered. Lectures and labs are
described in details. Finally, outcomes from security courses
are produced.
II. O BJECTIVES , AUDIENCES , AND PEDAGOGICAL ISSUES
The main goal of this educational project is to provide
hardware security skills to students from high school to
PhD level in electronics/microelectronics. It also includes the
training of microelectronics engineers which are already in
place and want to acquire new skills.
Four main courses have been developed during this project.
Each of them is dedicated to a specific audience and have
its own pedagogical issues as depicted in Table I. They are
respectively named as follows:
• Introduction Course
• Dedicated Conference
• Three-day Master/PhD Training
• Continued Training
A. Introduction Course
This one introduces the main cryptography principles. It
seeks to make the students aware of security issues in today
society and realize the importance of mathematics, physics
and electronics knowledge to solve these problems. The pos-
sibility of using covert channels like power consumption and
electromagnetic emissions for finding the secret key of a
cryptosystem is also presented.
More in details, this course begins by some examples, drawn
from real life cases. It is followed by the explanation of the
Caesar’s code starting from a didactic example. The concept
of secret key is deduced from there. Students are asked to
propose some solutions to find an unknown secret key in
such encryption technique. The Vigenere cipher is derived
from this discussion. A video showing the principle of the

T HE FOUR COURSES DEVELOPED ON
Course
Introduction Course
Dedicated Conference
Three-day Master/PhD Training
Continued Training
Enigma machines is then broadcast to students. It allows
to make a transition to modern cryptography concepts [8].
Symmetric and asymmetric ciphers are deeply explained. They
are followed by an explanation on how a credit card works
and some of these flaws are introduced [9]. Afterwards, an
overview of physical attacks is done. Power analysis and
Electromagnetic analysis are depicted more in details.
This course could be teach at high school level and also into
any scientific bachelor degrees. This type of students doesn’t
have any expertise into this field so the main pedagogical issue
is to provide an affordable content. The second issue is to keep
students alert all the course long since this course is not a part
of their main curriculum. Note that this course could be adapt
for introducing hardware security concepts to professionals.
The Introduction Course is a one hour long one. Since it
doesn’t require specific hardware, it could be tell everywhere
in France by one of our instructor.
B. Dedicated Conference
The audience of this three-hour conference is composed of
microelectronics master students and non-expert PhD students.
It allows students understanding the challenges of digital
society and more particularly hardware security issues and
solutions.
More in details, this course begins by a terminology and
definition part. Challenges in digital security are exposed.
History of cryptography is then addressed allowing to intro-
duces modern cryptography principles such as symmetric and
asymmetric cryptosystems. Some algorithms are presented in
details (DES, AES, RSA...). The second part of this conference
is dedicated to physical attacks. An overview of those ones is
proposed. Afterwards, the students are made aware of side-
channel attacks and more particularly to power and electro-
magnetic analysis. Finally, to prevent such kind of attacks,
countermeasures are deeply exposed.
This three-hour course could be done everywhere in France
by one of our instructor.
C. Three-day Master/PhD Training
The Three-day Master/PhD Training is a specialised course.
It is dedicated to microelectronics master students and PhD
students. In addition to understand the challenges of digital
society, this course allows students assimilating the principles
of cryptosystems. They can implement some side-channel
attacks and perform electromagnetic analysis using a dedi-
cated equipment. They also study the major countermeasure
techniques.
Authorized licensed use limited to: NXP Semiconductors. Downloaded on September 11,2020 at 06:36:23 UTC from IEEE Xplore. Restrictions apply.
TABLE I
THE FINMINA PROJECT
Audience Duration Place
High school / Bachelor students 1 hour On-site
Master students 3 hours On-site
Master / PhD students 3 days Montpellier
Microelectonics engineers 2-3 days Montpellier
The main pedagogical issue is that the workload within the
program is heavy. It is necessary to gauge the students in order
to be sure that they have enough prerequisites and they are able
to understand all the discussed concepts.
This training is done at CNFM on Montpellier because it
requires specific equipments that can’t be easily moved to
other places. The SECNUM electromagnetic analysis platform
is part of these equipments [10].
D. Continued Training
The Continued Training is a course dedicated to micro-
electronics engineers who want to enhanced their skills in
cryptography and security aspects. Some special sessions are
also organised to microelectronics professors who want to
become confident with hardware security. This course presents
the same program than the Three-day Master/PhD Training.
The main difference is that, depending on the expectations of
the public, it is possible to adapt the program.
The main pedagogical issue is that the skills and the exper-
tise of trainees could be very heterogeneous. It is important
to adapt this course to each group of trainees and also try to
have homogeneous groups. As the precedent training, this one
could be done only at CNFM due to equipment constrains.
III. OVERVIEW OF THE T HREE -DAY M ASTER /P H D
T RAINING
The Three-day Master/PhD training is normally given in
three consecutive days. It is divided into 6 main lectures and
2 labs for a total of 21 hours as depicted in Table II.
The main strengths of this course are to provide very quickly
the basic concepts of cryptography, the hardware implementa-
tion and the potential vulnerabilities of these principles. They
also allow to put into practice attacks and countermeasures
mechanisms on simple examples.
A. Main prerequisites
Understanding and learning hardware security and more par-
ticularly the side-channel aspects needs a considerable amount
of knowledge. That’s why this course is only affordable to
fifth-years master students and PhD students on electrical
engineering or computer sciences.
The main prerequisites are listed below:
• CMOS technology principles: it is necessary that students
are aware of CMOS technology functioning and more
particularly the power consumption of CMOS logical
gates.
 • Measurement: the students must have a good knowledge
of measurement techniques including the use of oscillo-
scope.
• Signal theory: For processing data and especially com-
puting correlation values, it is prerequisite that students
have some background on signal theory.
• Matlab tool [11]: Matlab tool is used all along the labs for
coding the attacks and also to synchronize measurements.
The instructor helps students to use this tool, but they
must at least know the basis of this one.
TABLE II
D ESCRIPTION OF THE LECTURES AND LABS PROPOSED DURING
T HREE - DAY M ASTER /P H D T RAINING COURSE
Type Topics summary Duration
Lecture #1 Introduction to digital security and 120 minutes
cryptography: terminology, defini-
tions, history, and substitution and
transposition cipher techniques.
Lecture #2 Presentation of symmetric and 120 minutes
asymmetric cryptographic algo-
rithms: theory and practical exam-
ples (DES, AES, and RSA).
Lecture #3 Overview of physical attacks, focus 210 minutes
on Side-channel attacks and more
particularly on power analysis tech-
niques (SPA, DPA, and CPA).
Lab #1 DPA implementation on the first 210 minutes
round of a software AES using
power measurements from a Smart-
card
Lecture #4 Electromagnetic analysis: princi- 120 minutes
ple, advantages and weaknesses of
such method
Lab #2 Correlation Electromagnetic Ana- 270 minutes
lysis on an AES cryptoprocessor
implemented on FPGA
Lecture #5 Digest on success attack metrics 90 minutes
and examples based on lab #2 ex-
periments
Lecture #6 Countermeasures for hardware and 120 minutes
software cryptosystems
B. Lectures description
This part proposes an overview of the different lectures done
on the Three-day Master/PhD training.
1) Lecture #1: First of all, an introduction to digital security
and cryptography is proposed. It consists in an overview of
the specific terminology used in security and the correspond-
ing definitions (cryptography, cryptology, cryptanalysis, secret
key. . . ). The notions of integrity, confidentiality and availa-
bility are also exposed. Then, a history of principal cipher
techniques is offered. It allows to introduce substitution and
transposition techniques, which bring to modern cryptography.
2) Lecture #2: The next lecture is about modern cryp-
tographic cryptosystems. The principles of symmetric and
asymmetric algorithms are addressed first. Advantages and
weaknesses of each one are tackled in advance of studying
some practical examples. Data Encryption Standard (DES)
Authorized licensed use limited to: NXP Semiconductors. Downloaded on September 11,2020 at 06:36:23 UTC from IEEE Xplore. Restrictions apply.
[12], Advance Encryption Standard (AES) [13], and RSA [14]
cryptosystems are described in details. The main objective for
the students is to understand how each cryptosystem works
and more particularly the basic steps of each round.
3) Lecture #3: This lecture focuses on physical attacks.
First, an overview of those ones is proposed [15]. The diffe-
rent existing methods are exposed following the three main
categories (invasive, semi-invasive and non-invasive). Then,
the focus is put on Side-Channel Attacks (SCAs) and more
particularly on Power analysis (PA) [16]. Simple Power Attack
(SPA), Differential Power Analysis (DPA) and Correlation
Power Analysis (CPA) are deeply depicted. The principle of
THE using first-round or last-round to launch the attack is explained
and the notions of Hamming Weight (HW) and Hamming
Distance (HD) are exposed.
4) Lecture #4: The objective of this lecture is to provide
materials to the students to understand and perform Elec-
troMagnetic Analysis (EMA). Electromagnetic phenomenons
in integrated circuits and more specially the ones occurring
during commutations are introduced to the students [17]. Then,
a comparison with PA is proposed and the main differences
are exposed (locality, SNR. . . ).
5) Lecture #5: The lecture #5 consists on a digest on
metrics rating the success of an attack. The different metrics
are exposed and real examples are presented. These ones are
realised using data from the lab #2. In fact, some metrics need
to realize the same attack many times with different inputs.
The fact that each binomial has realized his own attack with
his own data allows the instructor to collect different results
and compute complex metrics, for example guessing entropy
[18] or success rate [19].
6) Lecture #6: The last lecture is dedicated to a very
important point: countermeasures for hardware and software
implementations of cryptosystems. Such countermeasures are
deeply explained at different levels: architectural level, algo-
rithmic level, and system level [20]–[23].
C. Labs description
The two labs of the Three-day Master/PhD Training are the
most important parts of this course. They allow students to
strengthen their skills and permit to verify their understanding
of the different concepts presented during the lectures.
1) Lab #1: Differential Power Analysis: During this lab, the
students objective is to implement a DPA targeting a 128-bits
AES encryption [24], [25]. The AES cryptographic algorithm
is implemented on a Funcard 5 including an AT90S8515A
8-bits microcontroller from Atmel. The smartcard is running
a software implementation of the AES encryption. The DPA
process requires to measure the power during the encryption.
As proposed in [26], the measurements are done before the
beginning of the lab by the instructor. It allows to give the
measurement files directly to the students so they can focus on
developing and understanding the mechanisms of the attack.
Note that the DPA is launched on the first round of the AES
encryption.

Fig. 1. Advanced Encryption Standard [13]. Marks A and B represent special
points used for launching attacks
The AES algorithm is using a 128-bit plaintext with a
128-bit secret key generating a 128-bit cyphertext as shown
in Figure 1. These values are represented by a four-by-
four matrix of one byte. Four transformations are performed
sequentially during 10 rounds [27]:
• AddRoundKey: A XOR operation is performed between
the 128-bit round key and the 128-bit current state.
• SubBytes: each byte of the input matrix is substituted
using a predefined table.
• ShiftRow: the last three rows of the current state are
shifted using a predefined value.
• MixColumn: all columns of the current state are mixed
to obtain the new state.
In the AES algorithm, each byte is computed separately.
So, the secret key could be split into 16 subkeys and each one
could be searched separately. Each subkey is a one byte value
and it exists 28 i.e. 256 possible value for each one. The DPA
proposed here takes place in the first round of the execution.
The plaintexts are assumed to be known. For each subkey
and each possible value of the subkey, the end of the first
SubBytes operation is calculated as depicted in Figure 1. These
computations are renewed for each plaintext. Finally, for each
Authorized licensed use limited to: NXP Semiconductors. Downloaded on September 11,2020 at 06:36:23 UTC from IEEE Xplore. Restrictions apply.
possible value of a subkey, the values obtained at the end of the
SubBytes operation are used for classifying the consumption
traces into two groups. For each group, the mean value of
the consumption is calculated over time. The difference of the
two mean values of the groups is then performed for each
value of a subkey. The higher the mean is, the better the
subkey candidate is.
Before the lab, power measurements are done on the
smartcard by the instructor. For that, the smartcard memory
is first programmed using a binary file including the AES
encryption algorithm and the secret encryption key. Then,
the smartcard is introduced in a modified reader allowing to
measure the current flowing through the circuit. Encryption
requests including plaintexts to be encrypted are sent by a
computer to the smartcard. In the same time, the consumption
was measured using a current probe and an oscilloscope. For
each plaintext, a measurement is done and the corresponding
consumption trace is generated and saved.
At the beginning of the lab, each student receives one file
including the inputs sent to the smartcard; one file including
the consumption traces and one Matlab skeleton file including
some guidances to realise the lab. The students must complete
the Matlab file all along the lab.
The first step is to become confident with the data collected.
To realize this step, the students are asked to plot some of the
consumption traces. Their main objective is to find both the
beginning and the end of the encryption process. Then, they
can deduce the duration of the first round and its approximate
boundaries. It will be used to launch the attack.
Afterwards, the students have to perform the calculation
of the values at the end of the SubBytes for each subkey
candidate. This consists in calculating a xor operation between
each subkey candidate and each plaintext and then replacing
the obtained value by the one corresponding in the AES SBOX
table. To gain time and reduce errors, the table is provided to
the students in the given Matlab file.
Finally, the students have to choose one selection bit for
Fig. 2. Dedicated Electromagnetic Analysis Platform [10].
 Fig. 3. Correlation analysis principle.
each byte and depending on this value, they have to sort the
corresponding traces into two groups. Once these two groups
of data are done, it only remains to calculate each mean value
and find the maximum among those values.
2) Lab #2: Correlation Eletromagnetic Analysis: The se-
cond lab is dedicated to performing a Correlation Electro-
magnetic Analysis (CEMA, [4]) on an AES cryptoprocessor.
The 128-bit AES cryptoprocessor is implemented on a Xilinx
Spartan-3 Starter Kit Board including a XC3S200-4FTG256.
The proposed attack is a correlation analysis computed on
the last round of the AES. This lab is divided into two main
parts: an electromagnetic measurement part and an attack
implementation part.
The first part of this lab is dedicated to electromagnetic
measurements. The goal is to acquire enough traces to find
the secret key. To achieve this, students are using an elec-
tromagnetic bench (Fig. 2). It is composed of a near-field
probe positioned above the chip and connected to a low noise
amplifier. The amplified signal is then captured by a 3.5GHz
oscilloscope. The near field probe could be moved above the
chip using an XYZ stage.
The first step is to set up the bench. It allows students to
become familiar with it. The second step consists in finding
the best locality to place the probe under the circuit. The
students can rely on information about implementation of the
cryptosystem. In fact, during attacks, it is assuming to be in the
best conditions for the attackers, i.e. the attacker knows exactly
the location of the cryptosystem in the chip and the time when
the computation is done. To find this position, students have
to launch some encryption requests. In the same time, they
move the probe in the region of interest and have a look on
the oscilloscope. The trace must evidence clearly each round
of the AES. Finally, the position is verified by the instructor
and a campaign of measurement is launched.
The second part of the lab consists in performing the attack.
The Figure 3 presents the different stages of this one.
First, it is necessary to compute the Hamming distance for
the last round of each encryption. It corresponds to the number
Authorized licensed use limited to: NXP Semiconductors. Downloaded on September 11,2020 at 06:36:23 UTC from IEEE Xplore. Restrictions apply.
of commutation between the output of the 9th round (or the
input of the last round; mark B on the Figure 1) and the
ciphertext. The ciphertext corresponding to each encryption
is considered known. So, the first challenge is to calculate
the value at the input of the last round. It is done using the
value of the cyphertext and calculating reverse value of the
different steps. Inverse operation of xor is xor and shiftrow and
subbytes can be easily reverse [28]. Finally, Hamming distance
is calculate doing a xor operation between the ciphertext and
the calculate value.
Once obtained, the Hamming distance values are correlated
with the values of the traces measured on the first part of the
lab. Pearson correlation can be easily implemented using the
dedicated function in Matlab.
The last step consists in searching the maximum value of
the correlation results. Once located, the students directly read
the value of the secret key.
IV. O UTCOMES
A. Past courses
From September 2014 to December 2015, we have given 16
different courses: 6 Introduction Courses, 7 Specialised Con-
ferences, and 3 Three-day Master/PhD Training. It represents
a total of 794 persons sensitized or formed to the security with
more than 2200 person hours of formation.
More in details, the Three-day Master/PhD Training were
taught to students in final year of engineering school (Poly-
tech’Montpellier), to PhD students in microelectronics, and to
Professors and Associate Professors. The last one’s goal was
to provide sufficient materials to enable attendant to teach in
their turn.
B. Feedbacks from the students
To have real feedbacks on the Three-day Master/PhD Train-
ing, we have realized a survey among the students. A summary
of this survey is proposed on Table IV. With an average score
of 4.43, we can conclude that the course has achieved its
objectives.
 TABLE III
S UMMARY OF THE PAST COURSES

# of persons Duration (hour) # of person hour

Three-day Master/PhD Training
PhD Candidates (Montpellier) 8 21 168
Professionals (Montpellier) 8 14 104
Polytech’Montpellier (Montpellier) 62 14 868
Total 78 1140

TABLE IV
T ECHNOLOGICAL AND C ONTINUED T RAINING RATING ON 5 [7] “Coordination nationale de formation en micorélectronique et nanotech-
nologies,” http://www.cnfm.fr/, accessed: 2016-02-12.
PhD Candidates Professionals [8] A. Kerckhoffs, “La cryptographie militaire,” Journal des Sciences Mil-
itaires, vol. 9, pp. 161–191, 1883.
Course structure 4.00 4.83 [9] Pele, Laurent, “French banking smartcard cracked : the story!”
Content clarity 4.33 4.33 http://www.parodie.com/english/smartcard.htm.
[10] M. Bourrée, F. Bruguier, L. Barthe, P. Benoit, P. Maurine, and L. Torres,
Used tools 4.33 4.33
“Secnum: an open characterizing platform for integrated circuits,” in
Quality of materials 4.33 4.33 European Workshop on Microelectronics Education (EWME), 2012, pp.
Instructor educational quality 4.33 4.67 88–91.
Course understanding 4.5 4.5 [11] “Matlab - the language of technical computing,”
http://www.mathworks.com/products/matlab/, accessed: 2016-02-12.
Overall benefit of the course 4.33 4.83 [12] Des, “Data encryption standard,” in In FIPS PUB 46, Federal Informa-
Average value 4.31 4.55 tion Processing Standards Publication, 1977, pp. 46–2.
[13] FIPS, “Advanced encryption standard (aes),” Federal Information Pro-
cessing Standards Publication, vol. 197, 2001.
[14] R. Rivest, A. Shamir, and L. Adleman, “Cryptographic communications
V. C ONCLUSION system and method,” Sep. 20 1983, uS Patent 4,405,829. [Online].
Available: https://www.google.com/patents/US4405829
This paper has presented several type of courses designed to
[15] M. Tehranipoor and C. Wang, Introduction to hardware security and
form on hardware security which is a critical issue for most trust. Springer Science & Business Media, 2011.
of the company in the embedded systems market including [16] P. Kocher, J. Jaffe, B. Jun, and P. Rohatgi, “Introduction to differential
IoT. This paper has focused on a three days training for power analysis,” Journal of Cryptographic Engineering, vol. 1, no. 1,
pp. 5–27, 2011.
Master and PhD students. This training includes six theoretical [17] T. Ordas, M. Lisart, E. Sicard, P. Maurine, and L. Torres, “Near-field
lectures and two labs. Since 2014, more than 1000 students mapping system to scan in time domain the magnetic emissions of
have followed this training with very good outcomes. The integrated circuits,” in Integrated Circuit and System Design. Power and
Timing Modeling, Optimization and Simulation. Springer, 2009, pp.
specificity of this training is that it is not specific to one 229–236.
University but it is offer to student from all the french [18] F.-X. Standaert, T. Malkin, and M. Yung, “A unified framework for the
Universities by the CNFM. analysis of side-channel key recovery attacks,” Advances in Cryptology-
Eurocrypt 2009, pp. 443–461, 2009.
ACKNOWLEDGMENT [19] M. Rivain, “On the exact success rate of side channel analysis in the
gaussian model,” in Selected Areas in Cryptography. Springer, 2009,
The authors acknowledge the support of the French Agence pp. 165–183.
Nationale de la Recherche (ANR), under grant ANR-11-IDFI- [20] F. Bruguier, P. Benoit, L. Torres, L. Barthe, M. Bourree, and V. Lomne,
0017 (project IDEFI-FINMINA). “Cost-effective design strategies for securing embedded processors,”
IEEE Transactions on Emerging Topics in Computing, 2015.
R EFERENCES [21] S. Ravi, A. Raghunathan, P. Kocher, and S. Hattangady, “Security in em-
bedded systems: Design challenges,” ACM Transactions on Embedded
[1] D. Dagon, T. Martin, and T. Starner, “Mobile phones as computing Computing Systems (TECS), vol. 3, no. 3, pp. 461–491, 2004.
devices: The viruses are coming!” Pervasive Computing, IEEE, vol. 3, [22] T. Popp, S. Mangard, and E. Oswald, “Power analysis attacks and
no. 4, pp. 11–15, 2004. countermeasures,” Design & Test of Computers, IEEE, vol. 24, no. 6,
[2] M. Wolf, A. Weimerskirch, and T. Wollinger, “State of the art: Embed- pp. 535–543, 2007.
ding security in vehicles,” EURASIP Journal on Embedded Systems, vol. [23] S. McNeil, “Solving today’s design security concerns,” Xilinx Corpora-
2007, no. 1, pp. 1–16, 2007. tion, 2010.
[3] D. Halperin, T. S. Heydt-Benjamin, B. Ransford, S. S. Clark, B. Defend,
[24] P. C. Kocher, J. Jaffe, and B. Jun, “Differential Power Analysis,” in
W. Morgan, K. Fu, T. Kohno, and W. H. Maisel, “Pacemakers and
Advances in Cryptology, 1999, pp. 388–397.
implantable cardiac defibrillators: Software radio attacks and zero-power
defenses,” in Security and Privacy, 2008. SP 2008. IEEE Symposium on. [25] S. Mangard, E. Oswald, and T. Popp, Power analysis attacks: Revealing
IEEE, 2008, pp. 129–142. the secrets of smart cards. Springer Science & Business Media, 2008,
[4] E. Brier, C. Clavier, and F. Olivier, “Correlation Power Analysis with a vol. 31.
Leakage Model,” in Proceedings of the 2004 Cryptographic Hardware [26] L. Bossuet, “Teaching fpga security,” in Field-Programmable Technology
and Embedded Systems Workshop, 2004, pp. 16–29. (FPT), 2013 International Conference on. IEEE, 2013, pp. 306–309.
[5] S. Mangard, E. Oswald, and T. Popp, Power Analysis Attacks - Revealing [27] J. Daemen and V. Rijmen, The design of Rijndael: AES-the advanced
the Secrets of Smart Cards. Springer, 2007. encryption standard. Springer Science & Business Media, 2013.
[6] L. Bossuet and G. Gogniat, “Hardware security in embedded systems,” [28] K. Sakiyama, Y. Sasaki, and Y. Li, Security of Block Ciphers: From
Communicating Embedded Systems, pp. 139–174, 2010. Algorithm Design to Hardware Implementation. Wiley, 2015.

Authorized licensed use limited to: NXP Semiconductors. Downloaded on September 11,2020 at 06:36:23 UTC from IEEE Xplore. Restrictions apply.