Subscribe

Issue No.11 - November (2008 vol.57)

pp: 1482-1497

Sylvain Guilley , GET/ENST, PARIS

Laurent Sauvage , GET/ENST, PARIS

Philippe Hoogvorst , GET/ENST, PARIS

Renaud Pacalet , GET/ENST, Sophia Antipolis

Guido Marco Bertoni , STMicroelectronics, AGRATE B.za

Sumanta Chaudhuri , Institut TELECOM, TELECOM ParisTech CNRS LTCI

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TC.2008.109

ABSTRACT

Power-constant logic styles are promising solutions to counter-act side-channel attacks on sensitive cryptographic devices. Recently, one vulnerability has been identified in a standard-cell based power-constant logic called WDDL. Another logic, nicknamed SecLib, is considered and does not present the flaw of WDDL. In this paper, we evaluate the security level of WDDL and SecLib. The methodology consists in embedding in a dedicated circuit one unprotected DES co-processor along with two others, implemented in WDDL and in SecLib. One essential part of this article is to describe the conception of the cryptographic ASIC, devised to foster side-channel cryptanalyses, in a view to model the strongest possible attacker. The same analyses are carried out successively on the three DES modules. We conclude that, provided the backend of the WDDL module is carefully designed, its vulnerability cannot be exploited by the state-of-the-art attacks. Similarly, the SecLib DES module resists all assaults. However, using a principal component analysis, we show that WDDL is more vulnerable than SecLib. The statistical dispersion of WDDL, that reflects the correlation between the secrets and the power dissipation, is proved to be an order of magnitude higher than that of SecLib.

INDEX TERMS

Types and Design Styles, Power Management

CITATION

Sylvain Guilley, Laurent Sauvage, Philippe Hoogvorst, Renaud Pacalet, Guido Marco Bertoni, Sumanta Chaudhuri, "Security Evaluation of WDDL and SecLib Countermeasures against Power Attacks",

*IEEE Transactions on Computers*, vol.57, no. 11, pp. 1482-1497, November 2008, doi:10.1109/TC.2008.109REFERENCES

- [1] M.-L. Akkar and C. Giraud, “An Implementation of DES and AES Secure against Some Attacks,”
Proc. Third Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '01), pp.309-318, May 2001.- [3] VSI Alliance,
On-Chip Bus Development Working Group. Virtual Component Interface (VCI) Standard Version 2 (OCB 2 2.0), http:/www.vsia.org/, Apr. 2001.- [4] C. Archambeau, É. Peeters, F.-X. Standaert, and J.-J. Quisquater, “Template Attacks in Principal Subspaces,”
Proc. Eighth Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '06), vol. 4249, pp. 1-14, 2006.- [5] G.F. Bouesse, M. Renaudin, B. Robisson, E. Beigné, P.-Y. Liardet, S. Prevosto, and J. Sonzogni, “DPA on Quasi Delay Insensitive Asynchronous Circuits: Concrete Results,”
Proc. Conf. Design of Circuits and Integrated Systems (DCIS '04), pp. 24-26, Nov. 2004.- [6] É. Brier, C. Clavier, and F. Olivier, “Correlation Power Analysis with a Leakage Model,”
Proc. Sixth Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '04), vol. 3156, pp. 16-29, Aug. 2004, doi:10.1007/b99451. - [7] M. Bucci, L. Giancane, R. Luzzi, and A. Trifiletti, “Three-Phase Dual-Rail Pre-Charge Logic,”
Proc. Eighth Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '06), pp. 232-241, 2006.- [8] S. Chari, J.R. Rao, and P. Rohatgi, “Template Attacks,”
Proc. Fourth Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '02), pp. 13-28, Aug. 2002.- [9]
Proc. Circuits Multi-Projets (CMP '08), http:/cmp.imag.fr/, 2008.- [10] F. Regazzoni et al.,
A Simulation-Based Methodology for Evaluating DPA-Resistance of Cryptographic Functional Units with Application to CMOS and MCML Technologies, SAMOS IC, July 2007.- [11] P.N. Fahn and P.K. Pearson, “IPA: A New Class of Power Attacks,”
Proc. First Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '99), p. 173, Aug. 1999, ISSN 0302-9743. - [12] K. Gandolfi, C. Mourtel, and F. Olivier, “Electromagnetic Analysis: Concrete Results,”
Proc. Third Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '01), pp. 251-261, 2001.- [13] B. Gierlichs, “DPA-Resistance without Routing Constraints? A Cautionary Note about MDPL Security,”
Proc. Ninth Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '07), pp. 107-120, Sept. 2007.- [14] C. Giraud and H. Thiebeauld, “A Survey on Fault Attacks,”
Proc. Sixth Smart Card Research and Advanced Application IFIP Conf. (CARDIS '04), pp. 159-176, 2004.- [15] S. Guilley, F. Flament, R. Pacalet, P. Hoogvorst, and Y. Mathieu, “Security Evaluation of a Secured Quasi-Delay Insensitive Library,”
Proc. Conf. Design of Circuits and Integrated Systems (DCIS '08), DCIS, full text in HAL, http://hal.archives-ouvertes. fr/hal-00283405 en/, pp. 1-7, Nov. 2008.- [18] S. Guilley, P. Hoogvorst, Y. Mathieu, and R. Pacalet, “The “Backend Duplication” Method,”
Proc. Seventh Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '05), pp. 383-397, Aug. 2005.- [20] S. Guilley, P. Hoogvorst, R. Pacalet, and J. Schmidt, “Improving Side-Channel Attacks by Exploiting Substitution Boxes Properties,”
Proc. Third Int'l Workshop Boolean Functions: Cryptography and Applications (BFCA '07), pp. 1-25, May 2007.- [22] I.T. Jolliffe,
Principal Component Analysis. Springer Series in Statistics, ISBN: 0387954422, 2002.- [23] P. Kocher, J. Jaffe, and B. Jun, “Differential Power Analysis,”
Proc. 19th Ann. Int'l Cryptology Conf. (CRYPTO '99), pp. 388-397, 1999.- [24] T.-H. Le, J. Clédière, C. Canovas, B. Robisson, C. Servière, and J.-L. Lacoume, “A Proposition for Correlation Power Analysis Enhancement,”
Proc. Eighth Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '06), pp. 174-186, 2006.- [25] F. Macé, F.-X. Standaert, J.-J. Quisquater, and J.-D. Legat, “A Design Methodology for Secured ICS Using Dynamic Current Mode Logic,”
Proc. 15th Int'l Workshop Integrated Circuit and System Design, Power and Timing Modeling, Optimization and Simulation (PATMOS '05), pp. 550-560, 2005.- [26] S. Mangard, E. Oswald, and T. Popp,
Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, http:/www.dpabook.org/, ISBN 0-387-30857-1, Dec. 2006.- [27] S. Mangard, T. Popp, and B.M. Gammel, “Side-Channel Leakage of Masked CMOS Gates,”
Proc. RSA Conf. Cryptographers' Track (CT-RSA '05), vol. 3376, pp. 351-365, 2005.- [28] S. Mangard, N. Pramstaller, and E. Oswald, “Successfully Attacking Masked AES Hardware Implementations,”
Proc. Seventh Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '05), pp. 157-171, Sept. 2005.- [29] T.S. Messerges, E.A. Dabbish, and R.H. Sloan, “Investigations of Power Analysis Attacks on Smartcards,”
Proc. USENIX Workshop Smartcard Technology (Smartcard '99), pp. 151-162, May 1999.- [30] NIST/ITL/CSD,
Data Encryption Standard (DES), FIPS PUB 46-3, Oct. 1999.- [31] E. Oswald, S. Mangard, N. Pramstaller, and V. Rijmen, “A Side-Channel Analysis Resistant Description of the AES S-Box,”
Proc. 12th Ann. Fast Software Encryption Workshop (FSE '05), pp. 413-423, Feb. 2005.- [33] G. Piret, “A Note on the Plaintexts Choice in Power Analysis Attacks,” technical report, École Normale Supérieure (ENS), http://www.di.ens.fr/ piret/publpower.pdf , Nov. 2005.
- [34] T. Popp, M. Kirschbaum, T. Zefferer, and S. Mangard, “Evaluation of the Masked Logic Style MDPL on a Prototype Chip,”
Proc. Ninth Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '07), pp. 81-94, Sept. 2007.- [35] T. Popp and S. Mangard, “Masked Dual-Rail Pre-Charge Logic: DPA-Resistance without Routing Constraints,”
Proc. Seventh Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '05), pp. 172-186, Sept. 2005.- [36] J.M. Rabaey, A. Chandrakasan, and B. Nikolic,
Digital Integrated Circuits. Prentice Hall, ISBN-10: 0130909963, 2003.- [37] C. Rechberger and E. Oswald, “Practical Template Attacks,”
Proc. Workshop Information Security Applications (WISA '04), pp.443-457, Aug. 2004.- [38]
SCARD European Sixth Framework Programme (FP6) Project Website, http:/www.scard-project.eu, 2008.- [40] D. Suzuki and M. Saeki, “Security Evaluation of DPA Countermeasures Using Dual-Rail Pre-Charge Logic Style,”
Proc. Eighth Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '06), pp. 255-269, 2006.- [41] K. Tiri, M. Akmal, and I. Verbauwhede, “A Dynamic and Differential CMOS Logic with Signal Independent Power Consumption to Withstand Differential Power Analysis on Smart Cards,”
Proc. European Solid-State Circuits Conf. (ESSCIRC '02), pp.403-406, Sept. 2002.- [43] K. Tiri, “Side-Channel Attack Pitfalls,”
Proc. 44th Design Automation Conf. (DAC '07), pp. 15-20, June 2007.- [44] K. Tiri, D. Hwang, A. Hodjat, B.-C. Lai, S. Yang, P. Schaumont, and I. Verbauwhede, “Prototype IC with WDDL and Differential Routing—DPA Resistance Assessment,”
Proc. Seventh Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '05), pp.354-365, Sept. 2005.- [45] K. Tiri and I. Verbauwhede, “Place and Route for Secure Standard Cell Design,”
Proc. IFIP World Computer Congress/Smart Card Research and Advanced Application IFIP Conf. (WCC/CARDIS '04), pp.143-158, Aug. 2004.- [46] K. Tiri and I. Verbauwhede, “Secure Logic Synthesis,”
Proc. 14th Int'l Conf. Field Programmable Logic and Application (FPL '04), pp.1052-1056, Aug. 2004.- [47] K. Tiri and I. Verbauwhede, “Synthesis of Secure FPGA Implementations,”
Proc. Int'l Workshop Logic and Synthesis (IWLS '04), pp.224-231, June 2004. |