Digital computing devices continue to be increasingly dispersed within our everyday environments. Computers are "embedded" into everyday appliances in order to serve predominantly one of two purposes: Either take over the functionality of analog electronic components or enable new services in their own right. While such digital computing capabilities are arguably a key enabler for exciting new applications, the potential hazards should not be overlooked. Problems which exist in the much more familiar domain of desktop computing (e.g., development of correct software) are now introduced into these new fields. At the same time, embedded computers also face new challenges, e.g., severe restrictions of resources like computing power, memory, and energy.
One of the more pressing problems of embedded computing is the provision of adequate security mechanisms. While there are some robust solutions available for the desktop domain, resource restrictions often prevent their direct application for embedded devices. The basic problem is constituted by the fact that modern cryptographic algorithms still present a significant overhead for such constrained systems.
As most embedded processors will be charged with the execution of cryptographic algorithms, it is worthwhile to revisit these processors’ capabilities in this regard and to consider the benefits of "tweaking" their functionality towards these specific workloads. The main vehicle for such a tweaking is the addition of custom instructions into the default instruction set architecture of the processor. Such instruction set extensions have been highly successful in areas like multimedia and digital signal processing. In this thesis we examine instruction set extensions for cryptography, with a special focus on secret-key algorithms.
Three main goals are pursued within this thesis. The first goal is the investigation of potential new instructions (design space exploration) and the proposal of worthwhile candidates. The second goal is concerned with the efficient implementation of the proposed instructions and the evaluation of their effectiveness in a realistic setup. This activity has lead to the creation of the LEON2-CIS embedded processor, which is a variant of the SPARC V8-compatible LEON2 processor and which incorporates all of the instructions which we propose in this thesis. The LEON2-CIS is available under the GNU LGPL in order to document our efforts and to provide a basis for further research. The third goal of this thesis is concerned with strategies for securing embedded processors against the threat of implementation attacks (most importantly side channel attacks).
This thesis collects our research work from the last years, most of which has already been disseminated through academic publication. The publications have been put into a coherent form and have been complemented with new material. In addition to documenting our work, we have strived to provide references to relevant publications by research groups dealing with related topics.