The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.09 - September (2010 vol.59)
pp: 1250-1263
Sylvain Guilley , TELECOM ParisTech, Paris
Laurent Sauvage , TELECOM ParisTech, Paris
Florent Flament , TELECOM ParisTech, Paris
Vinh-Nga Vong , Airbus, Toulouse, France
Philippe Hoogvorst , CNRS, Paris
Renaud Pacalet , TELECOM ParisTech, Paris
ABSTRACT
Cryptographic circuits are nowadays subject to attacks that no longer focus on the algorithm but rather on its physical implementation. Attacks exploiting information leaked by the hardware implementation are called side-channel attacks (SCAs). Among these attacks, the differential power analysis (DPA) established by Paul Kocher et al. in 1998 represents a serious threat for CMOS VLSI implementations. Different countermeasures that aim at reducing the information leaked by the power consumption have been published. Some of these countermeasures use sophisticated back-end-level constraints to increase their strength. As suggested by some preliminary works (e.g., by Li from Cambridge University), the prediction of the actual security level of such countermeasures remains an open research area. This paper tackles this issue on the example of the AES SubBytes primitive. Thirteen implementations of SubBytes, in unprotected, WDDL, and SecLib logic styles with various back-end-level arrangements are studied. Based on simulation and experimental results, we observe that static evaluations on extracted netlists are not relevant to classify variants of a countermeasure. Instead, we conclude that the fine-grained timing behavior is the main reason for security weaknesses. In this respect, we prove that SecLib, immune to early-evaluation problems, is much more resistant against DPA than WDDL.
INDEX TERMS
cryptography, implementation-level security, side-channel analysis, leakage metrics, AES SubBytes, dual-rail with precharge logics (DPL), attacks on DPL, backend-level protections.
CITATION
Sylvain Guilley, Laurent Sauvage, Florent Flament, Vinh-Nga Vong, Philippe Hoogvorst, Renaud Pacalet, "Evaluation of Power Constant Dual-Rail Logics Countermeasures against DPA with Design Time Security Metrics", IEEE Transactions on Computers, vol.59, no. 9, pp. 1250-1263, September 2010, doi:10.1109/TC.2010.104
REFERENCES
[1] P. Kocher, J. Jaffe, and B. Jun, "Differential Power Analysis: LeakingSecrets," Proc. Ann. Int'l Conf. Cryptology (CRYPTO '99), pp. 388-397, http://www.cryptography.com/resources/ whitepapers DPA.pdf, Aug. 1999.
[2] É. Brier, C. Clavier, and F. Olivier, "Correlation Power Analysis with a Leakage Model," Proc. Workshop Cryptographic Hardware and Embedded Systems (CHES '04), pp. 16-29, Aug. 2004.
[3] J.-L. Danger, S. Guilley, S. Bhasin, and M. Nassar, "Overview of Dual Rail with Precharge Logic Styles to Thwart Implementation-Level Attacks on Hardware Cryptoprocessors,—New Attacks and Improved Counter-Measures," Proc. Workshop Secure Control Systems (SCS), Nov. 2009.
[4] K. Tiri and I. Verbauwhede, "A Logic Level Design Methodology for a Secure DPA Resistant ASIC or FPGA Implementation," Proc. Conf. Design, Automation, and Test in Europe (DATE '04), pp. 246-251, Feb. 2004.
[5] S. Guilley, F. Flament, R. Pacalet, P. Hoogvorst, and Y. Mathieu, "Security Evaluation of a Secured Quasi-Delay Insensitive Library," Proc. Conf. Design of Circuits and Integrated Systems (DCIS '08), pp. 1-7, http://hal.archives-ouvertes.fr/hal-00283405 en/, Nov. 2008.
[6] T. Popp and S. Mangard, "Masked Dual-Rail Pre-Charge Logic: DPA-Resistance without Routing Constraints," Proc. Workshop Cryptographic Hardware and Embedded Systems (CHES '05), pp. 172-186, Sept. 2005.
[7] P. Schaumont and K. Tiri, "Masking and Dual Rail Logic Don't Add Up," Proc. Workshop Cryptographic Hardware and Embedded Systems (CHES), pp. 95-106, 2007.
[8] NIST/ITL/CSD, "FIPS PUB 197: Advanced Encryption Standard (AES)," http://csrc.nist.gov/publications/fips/fips197 fips-197. pdf, Nov. 2001.
[9] S. Guilley, P. Hoogvorst, Y. Mathieu, R. Pacalet, and J. Provost, "CMOS Structures Suitable for Secured Hardware," Proc. Conf. Design, Automation, and Test in Europe (DATE '04), pp. 1414-1415, Feb. 2004.
[10] S. Moore, R. Anderson, R. Mullins, G. Taylor, and J.J.A. Fournier, "Balanced Self-Checking Asynchronous Logic for Smart Card Applications," J. Microprocessors and Microsystems, vol. 27, pp. 421-430, Oct. 2003.
[11] V. Rijmen, "Efficient Implementation of the Rijndael S-Box," Informal Communication, 2000.
[12] A. Rudra, P.K. Dubey, C.S. Jutla, V. Kumar, J.R. Rao, and P. Rohatgi, "Efficient Rijndael Encryption Implementation with Composite Field Arithmetic," Proc. Workshop Cryptographic Hardware and Embedded Systems (CHES), pp. 171-184, May 2001.
[13] J. Wolkerstorfer, E. Oswald, and M. Lamberger, "An ASIC Implementation of the AES SBoxes," Proc. The Cryptographer's Track at the RSA Conf. Topics in Cryptology (CT-RSA), pp. 67-78, 2002.
[14] G. Bertoni, M. Macchetti, L. Negri, and P. Fragneto, "Power-Efficient ASIC Synthesis of Cryptographic S-Boxes," Proc. 14th ACM Great Lakes Symp. VLSI (GLSVLSI '04), pp. 277-281, Apr. 2004.
[15] M. Giaconia, M. Macchetti, F. Regazzoni, and K. Schramm, "Area and Power Efficient Synthesis of DPA-Resistant Cryptographic S-Boxes," Proc. Int'l Conf. VLSI Design, pp. 731-737, Jan. 2007.
[16] S. Tillich, M. Feldhofer, and J. Großschädl, "Area, Delay, and Power Characteristics of Standard-Cell Implementations of the AES S-Box," Proc. Int'l Symp. Systems, Architectures, Modeling, and Simulation (SAMOS), pp. 457-466, July 2006.
[17] S. Tillich, M. Feldhofer, T. Popp, and J. Großschädl, "Area, Delay, and Power Characteristics of Standard-Cell Implementations of the AES S-Box," J. Signal Processing Systems, vol. 50, no. 2, pp. 251-261, 2008.
[18] D. Suzuki and M. Saeki, "Security Evaluation of DPA Countermeasures Using Dual-Rail Pre-charge Logic Style," Proc. Workshop Cryptographic Hardware and Embedded Systems (CHES '06), pp. 255-269, 2006.
[19] M. Shams, J. Ebergen, and M. Elmasry, "Modeling and Comparing CMOS Implementations of the C-Element," IEEE Trans. Very Large Scale Integration Systems, vol. 6, no. 4, pp. 563-567, Dec. 1998.
[20] S. Guilley, P. Hoogvorst, Y. Mathieu, and R. Pacalet, "The 'Backend Duplication' Method," Proc. Workshop Cryptographic Hardware and Embedded Systems (CHES '05), pp. 383-397, Aug. 2005.
[21] S. Guilley, F. Flament, R. Pacalet, P. Hoogvorst, and Y. Mathieu, "Secured CAD Back-End Flow for Power-Analysis Resistant Cryptoprocessors," IEEE Design and Test of Computers, special issue on Design and Test of ICs for Secure Embedded Computing, vol. 24, no. 6, pp. 546-555, Nov./Dec. 2007.
[22] K. Gandolfi, C. Mourtel, and F. Olivier, "Electromagnetic Analysis: Concrete Results," Proc. Workshop Cryptographic Hardware and Embedded Systems (CHES '01), pp. 251-261, May 2001.
[23] S. Guilley, S. Chaudhuri, L. Sauvage, P. Hoogvorst, R. Pacalet, and G.M. Bertoni, "Security Evaluation of WDDL and SecLib Countermeasures against Power Attacks," IEEE Trans. Computers, vol. 57, no. 11, pp. 1482-1497, Nov. 2008.
[24] S. Mangard, N. Pramstaller, and E. Oswald, "Successfully Attacking Masked AES Hardware Implementations," Proc. Workshop Cryptographic Hardware and Embedded Systems (CHES '05), pp. 157-171, Sept. 2005.
[25] S. Guilley, P. Hoogvorst, and R. Pacalet, "Differential Power Analysis Model and Some Results," Proc. Int'l Conf. Smart Card Research and Advanced Application (CARDIS '04), pp. 127-142, Aug. 2004.
[26] E. Prouff, "DPA Attacks and S-Boxes," Proc. Int'l Symp. Foundations of Software Eng. (FSE '05), pp. 424-441, Feb. 2005.
[27] C. Carlet, "On Highly Nonlinear S-Boxes and Their Inability to Thwart DPA Attacks," Proc. Int'l Conf. Cryptology in India (INDOCRYPT '05), pp. 49-62, Dec. 2005.
[28] S. Guilley, P. Hoogvorst, R. Pacalet, and J. Schmidt, "Improving Side-Channel Attacks by Exploiting Substitution Boxes Properties," Proc. Int'l Workshop Boolean Functions: Cryptography and Applications (BFCA), pp. 1-25, http://www.liafa.jussieu.fr/bfca/booksBFCA07.pdf , May 2007.
[29] Institute of Electrical and Electronics Engineers, "IEEE Standard VHDL (Very High Speed Integrated Circuits Description Language) Reference Manual," pp. 1-300, http:/www.ieee.org/, 2002.
[30] C. Archambeau, É. Peeters, F.-X. Standaert, and J.-J. Quisquater, "Template Attacks in Principal Subspaces," Proc. Workshop Cryptographic Hardware and Embedded Systems (CHES), pp. 1-14, 2006.
[31] F. Macé, F.-X. Standaert, and J.-J. Quisquater, "Information Theoretic Evaluation of Side-Channel Resistant Logic Styles," Proc. Workshop Cryptographic Hardware and Embedded Systems (CHES), pp. 427-442, Sept. 2007.
[32] F. Regazzoni, A. Cevrero, F.-X. Standaert, S. Badel, T. Kluter, P. Brisk, Y. Leblebici, and P. Ienne, "A Design Flow and Evaluation Framework for DPA-Resistant Instruction Set Extensions," Proc. Workshop Cryptographic Hardware and Embedded Systems (CHES), pp. 205-219, Sept. 2009.
[33] K. Tiri and I. Verbauwhede, "Place and Route for Secure Standard Cell Design," Proc. IFIP World Congress (WCC)/Int'l Conf. Smart Card Research and Advanced Application (CARDIS), pp. 143-158, Aug. 2004.
[34] É. Peeters, "Towards Security Limits of Embedded Hardware Devices: From Practice to Theory," PhD dissertation, Ucl Crypto Group, Univ. catholique de Louvain, Nov. 2006.
[35] N. Hanley, R. McEvoy, M. Tunstall, C. Whelan, C. Murphy, and W.P. Marnane, "Correlation Power Analysis of Large Word Sizes," Proc. Irish Signals and System Conf. (ISSC), pp. 145-150, Sept. 2007.
[36] S. Guilley, S. Chaudhuri, L. Sauvage, T. Graba, J.-L. Danger, P. Hoogvorst, V.-N. Vong, and M. Nassar, "Place-and-Route Impact on the Security of DPL Designs in FPGAs," Proc. IEEE Int'l Workshop Hardware-Oriented Security and Trust (HOST), pp. 29-35, June 2008.
[37] H. Li, A. Markettos, and S. Moore, "A Security Evaluation Methodology for Smart Cards against Electromagnetic Analysis," Proc. 39th Ann. Int'l Carnahan Conf. Security Technology (CCST '05), pp. 208-211, Oct. 2005.
[38] G.D. Natale, M.-L. Flottes, and B. Rouzeyre, "An Integrated Validation Environment for Differential Power Analysis," Proc. IEEE Int'l Symp. Electronic Design, Test and Applications (DELTA), pp. 527-532, Jan. 2008.
[39] A. Satoh, "Side-Channel Attack Standard Evaluation Board, SASEBO," project of the AIST—Research Center for Information Security (RCIS), http://www.rcis.aist.go.jp/specialSASEBO /, 2010.
[40] EveSoC Software "A Side-Channel Eavesdropping System-on-Chip," http://sourceforge.net/projectsevesoc/, 2010.
17 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool