CSDL Home IEEE Transactions on Dependable and Secure Computing 2008 vol.5 Issue No.03 - July-September

Subscribe

Issue No.03 - July-September (2008 vol.5)

pp: 164-176

ABSTRACT

The design flow of a digital cryptographic device must take into account the evaluation of its security against attacks based on side channels observation. The adoption of high level countermeasures, as well as the verification of the feasibility of new attacks, presently require the execution of timeconsuming physical measurements on the prototype product or the simulation at a low abstraction level. Starting from these assumptions, we developed an exploration approach centered on high level simulation, in order to evaluate the actual implementation of a cryptographic algorithm, being it software or hardware based. The simulation is performed within a unified tool based on SystemC, that can model a software implementation running on a microprocessor-based architecture or a dedicated hardware implementation as well as mixed software-hardware implementations with cycle-accurate resolution. Here we describe the tool and provide a large set of design explorations and characterizations based on actual implementations of the AES cryptographic algorithm, demonstrating how the execution of a large set of experiments allowed by the fast simulation engine can lead to important improvements in the knowledge and the identification of the weaknesses in cryptographic algorithm implementations.

INDEX TERMS

Simulation, Special-Purpose and Application-Based Systems, Cryptographic controls

CITATION

Francesco Menichelli, Renato Menicocci, Mauro Olivieri, Alessandro Trifiletti, "High-Level Side-Channel Attack Modeling and Simulation for Security-Critical Systems on Chips",

*IEEE Transactions on Dependable and Secure Computing*, vol.5, no. 3, pp. 164-176, July-September 2008, doi:10.1109/TDSC.2007.70234REFERENCES

- [1] P.C. Kocher, “Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems,”
Lecture Notes in Computer Science, vol. 1109, pp. 104-113, 1996.- [2] P. Kocher, J. Jaffe, and B. Jun, “Differential Power Analysis,”
Lecture Notes in Computer Science, vol. 1666, pp. 388-397, 1999.- [3] E. Biham and A. Shamir, “Differential Fault Analysis of Secret KeyCryptosystems,”
Lecture Notes in Computer Science, vol. 1294, pp. 513-525, 1997.- [4] K. Tiri, M. Akmal, and I. Verbauwhede, “A Dynamic and Differential CMOS Logic with Signal Independent Power Consumption to Withstand Differential Power Analysis on Smartcards,”
Proc. 28th European Solid-State Circuits Conf., pp.403-406, 2002.- [5] K. Tiri and I. Verbauwhede, “Charge Recycling Sense Amplifier Based Logic: Securing Low-Power Security IC's against Differential Power Analysis,”
Cryptology ePrint Archive, Report 2004/067, 2004.- [6] T. Popp and S. Mangard, “Masked Dual-Rail Pre-Charge Logic:DPA-Resistance without Routing Constraints,”
Proc. Seventh Int'l Workshop Cryptographic Hardware and Embedded Systems, pp. 172-186, 2005.- [8] T. Popp and S. Mangard, “Masked Dual-Rail Pre-Charge Logic: DPA-Resistance without Routing Constraints,”
Proc. Seventh Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES'05), pp. 172-186, 2005.- [9] W. Fischer and B.M. Gammel, “Masking at Gate Level in the Presence of Glitches,”
Proc. Seventh Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '05), pp. 187-200, 2005.- [10] M. Bucci, M. Guglielmo, R. Luzzi, and A. Trifiletti, “A Power Consumption Randomization Countermeasure for DPA-Resistant Cryptographic Processors,”
Proc. 14th Int'l Workshop Power and Timing Modeling, Optimization and Simulation, pp. 481-490, 2004.- [11] A. Shamir, “Protecting Smart Cards from Passive Power Analysis with Detached Power Supplies,”
Proc. Second Int'l Workshop Cryptographic Hardware and Embedded Systems, pp. 71-77, 2000.- [12] J.D. Golic and C. Tymen, “Multiplicative Masking and Power Analysis of AES,”
Proc. Fourth Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '02), pp. 198-212, 2002.- [13] E. Trichina and L. Korkishko, “Secure and Efficient AES Software Implementation for Smart Cards,”
Proc. Fifth Int'l Workshop Information Security Applications (WISA '04), pp. 425-439, 2004.- [14] E. Oswald and K. Schramm, “An Efficient Masking Scheme for AES Software Implementations,”
Proc. Sixth Int'l Workshop Information Security Applications (WISA '05), pp. 292-305, 2006.- [15] D. Marculescu, R. Marculescu, and M. Pedram, “Information Theoretic Measures for Power Analysis,”
IEEE Trans. Computer-Aided Design of Integrated Circuits and Systems, vol. 15, no. 6, pp.599-610, 1996.- [19] E. Macii, O.G. Koufopavlou, and V. Paliouras,
Proc. 14th Int'l Workshop Integrated Circuit and System Design, Power and Timing Modeling, Optimization and Simulation (PATMOS), 2004.- [23] K. Tiri and I. Verbauwhede, “A VLSI Design Flow for Secure Side-Channel Attack Resistant ICs,”
Proc. Conf. Design, Automation and Test in Europe (DATE '05), pp. 58-63, 2005.- [24] J.J.A. Fournier, S.W. Moore, H. Li, R.D. Mullins, and G.S. Taylor, “Security Evaluation of Asynchronous Circuits,”
Proc. Fifth Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES'03), pp. 137-151, 2003.- [25] H. Li, A.T. Markettos, and S.W. Moore, “Security Evaluation against Electromagnetic Analysis at Design Time,”
Proc. SeventhInt'l Workshop Cryptographic Hardware and Embedded Systems (CHES'05), pp. 280-292, 2005.- [27] S.B. Örs, F.K. Gürkaynak, E. Oswald, and B. Preneel, “Power-Analysis Attack on an ASIC AES Implementation,”
Proc. IEEE Int'l Conf. Information Technology: Coding and Computing (ITCC '04), pp.546-552, 2004.- [28] J. den Hartog, J. Verschuren, E.P. de Vink, J. de Vos, and W. Wiersma, “PINPAS: A Tool for Power Analysis of Smartcards,”
Proc. SEC '03, pp. 453-457, 2003.- [29] J.I. den Hartog and E.P. de Vink, “Virtual Analysis and Reduction of Side-Channel Vulnerabilities of Smartcards,”
Proc. Second Int'l Workshop Formal Aspect of Security and Trust (FAST '04), pp. 85-98, Aug. 2004.- [30] S. Yang, W. Wolf, N. Vijaykrishnan, D.N. Serpanos, and Y. Xie, “Power Attack Resistant Cryptosystem Design: A Dynamic Voltage and Frequency Switching Approach,”
Proc. Design, Automation and Test in Europe Conf. (DATE '05), pp. 64-69, 2005.- [32]
SystemC Language Reference Manual Version 2.0, http:/www.systemc.org, 2007.- [34] V. Tiwari, S. Malik, A. Wolfe, and M. Lee, “Instruction Level Power Analysis and Optimization of Software,”
J. VLSI Signal Processing, pp. 1-18, 1996.- [35] C. Brandolese, W. Fornaciari, F. Salice, and D. Sciuto, “Energy Estimation for 32-Bit Microprocessors,”
Proc. Eighth Int'l Workshop Hardware/Software Codesign (CODES '00), pp. 24-28, 2000.- [37] W. Ye, N. Vijaykrishnan, M.T. Kandemir, and M.J. Irwin, “The Design and Use of Simplepower: A Cycle-Accurate Energy Estimation Tool,”
Proc. 37th Design Automation Conf. (DAC '00), pp. 340-345, 2000.- [39]
Advanced Encryption Standard (AES), FIPS, Nov. 2001.- [40] E. Brier, C. Clavier, and F. Olivier, “Correlation Power Analysis with a Leakage Model,”
Proc. Sixth Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '04), pp. 16-29, 2004.- [41]
Rijndael Algorithm, http://efgh.com/softwarerijndael.htm, 2007.- [42]
ARM7TDMI Datasheet. ARM, 1995. |