The Internet of Things (IoT) has grown dramatically over the past years. Largely autonomous, lightweight devices with an internet connection have been integrated into many aspects of daily life; from consumer products to industrial processes and from medical applications to critical infrastructures. Cisco predicts that by 2023, more than half of the internet connections will belong to IoT devices. With the impact of cybercrime ever growing, currently leading to a loss of 600 billion US dollar per year according to McAfee, the Internet of Things has become an attractive target. Successful attacks have already been demonstrated on smart cars, home security cameras, heart defibrillators, the Ukrainian power grid and military drones, just to name a few. Attacks of this nature are expected to intensify as more ’things’ are connected to the internet, either by criminals looking for quick money, companies sabotaging com­ petitors or countries waging cyber warfare. This demonstrates the need for strong security for IoT devices. Attacks on IoT devices can come from three distinct direction: The network, the software or the hardware level. Where network protocols and software applications can be updated when issues are found, this is not the case for hardware, which must be designed to be secure from the start. Further­ more, the way IoT devices are installed in the field makes hardware based attacks particularly relevant. Examples include the probing of traces and pins, fault injections to cause unintended behaviour, mod­ ifications of the firmware, side­channel analysis, stealing of data etcetera. Countering many of these attacks requires integrity verification of the attached memory chips of a device, to make sure that the ap­ plications have not been tampered with. Existing security measures implemented in high performance processors, such as Intel SGX and more recently AMD SEV, can encrypt and secure the memory of a system. These implementations however are not available for the lightweight microcontrollers and processors generally found in IoT devices. ARM TrustZone is a common security solution found in embedded devices to provide protection against untrusted software, but does not defend against hard­ ware tampering. As such, a lightweight solution is required aimed at the constrained environments presented by IoT devices, to ensure the integrity of external memory modules. This thesis presents the Embedded Memory Security (EMS) module as a way to ensure the integrity and authenticity of data and applications, as well as its confidentiality if required. It is targeted at lightweight systems with a small hardware budget. The module sits on­die with the central processor of the device and secures all data being transferred between it and external memory. Integrity is verified through Message Authentication Codes (MAC) generated with SipHash for each memory transfer. The lightweight block cipher Prince is used to provide confidentiality through encryption. Five variants of this module with different levels of security and optimizations are developed and integrated into a processor development platform. Benchmark runs showed that under realistic cache conditions, their impact was limited to a 25% increase in execution time at worst. Three attacks were performed on the platform with the modules, indicating that they protect against several types of hardware attacks on memory. Finally, the hardware cost in area requirements was determined and found to be less than half of the microcontroller­class RI5CY core, excluding its caches, and only 3% of the Linux­capable Ariane core. In addition to the EMS modules, two security extensions are proposed that utilize the modules to provide a secure method of updating devices.

Within a world that increasingly relies on connected devices, security and reliability have become more important then ever. Whereas failures in digital components used to have a limited effect, nowadays an attack on a critical digital infrastructure impacts our daily lives on a huge scale. Due to these impacts it is estimated that the financial burden of cybercrime is going to increase to 6 trillion dollars by 2021. These costs are estimated to increase even more with the ever increasing amount of connected devices to the internet. To limit this problem, new ways of protecting digital systems must be developed. However, to be able to protect something, it is first necessary to identify the possible threats. In order to do so, vulnerabilities in digital systems have to be found. Preferably before a potential attacker finds them. This thesis looks for such vulnerabilities with respect to Thermal Side Channel Attacks. Whilst power side channel analysis has been around since the mid 90s, the amount of research on thermal side channel analysis has been very limited. However, when it comes to non-invasive side channel analysis, thermals can be of great use. Compared to power side channel analysis, it is much easier to do a non invasive thermal measurement. In some cases, the sensors for thermals are already included and available in the chip itself. This makes them a very suitable target. To perform Thermal Side Channel Attacks, three passive side channel attacks were developed based on existing power attacks. These attacks, Simple Thermal Analysis, Correlation Thermal Analysis and Convolutional Neural Network Thermal Analysis aimed at retrieving a private key from a RSA decryption. Because the thermal traces show a very different behaviour compared to the power traces, some extensive pre-processing techniques had to be developed. This pre-processing consists of removing a drifting offset and filtering unwanted frequencies in the collected trace. To further improve the attack success, a novel attack was created to retrieve the private key from a Montgommery Ladder based RSA implementation. This protected RSA algorithm is used as a counter measure against many side channel attacks. Using Progressive Correlation Thermal Analysis (PCTA), it was possible to attack this algorithm. As this attack does not exist in the power domain, it was also converted to work with power traces referred to as Progressive Correlation Power Analysis (PCPA). Using this technique, the existence of a Thermal Side Channel Attack was proven by successfully attacking multiple temperature traces and retrieving the private key.