The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.03 - July-September (2008 vol.5)
pp: 164-176
ABSTRACT
The design flow of a digital cryptographic device must take into account the evaluation of its security against attacks based on side channels observation. The adoption of high level countermeasures, as well as the verification of the feasibility of new attacks, presently require the execution of timeconsuming physical measurements on the prototype product or the simulation at a low abstraction level. Starting from these assumptions, we developed an exploration approach centered on high level simulation, in order to evaluate the actual implementation of a cryptographic algorithm, being it software or hardware based. The simulation is performed within a unified tool based on SystemC, that can model a software implementation running on a microprocessor-based architecture or a dedicated hardware implementation as well as mixed software-hardware implementations with cycle-accurate resolution. Here we describe the tool and provide a large set of design explorations and characterizations based on actual implementations of the AES cryptographic algorithm, demonstrating how the execution of a large set of experiments allowed by the fast simulation engine can lead to important improvements in the knowledge and the identification of the weaknesses in cryptographic algorithm implementations.
INDEX TERMS
Simulation, Special-Purpose and Application-Based Systems, Cryptographic controls
CITATION
Francesco Menichelli, Renato Menicocci, Mauro Olivieri, Alessandro Trifiletti, "High-Level Side-Channel Attack Modeling and Simulation for Security-Critical Systems on Chips", IEEE Transactions on Dependable and Secure Computing, vol.5, no. 3, pp. 164-176, July-September 2008, doi:10.1109/TDSC.2007.70234
REFERENCES
[1] P.C. Kocher, “Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems,” Lecture Notes in Computer Science, vol. 1109, pp. 104-113, 1996.
[2] P. Kocher, J. Jaffe, and B. Jun, “Differential Power Analysis,” Lecture Notes in Computer Science, vol. 1666, pp. 388-397, 1999.
[3] E. Biham and A. Shamir, “Differential Fault Analysis of Secret KeyCryptosystems,” Lecture Notes in Computer Science, vol. 1294, pp. 513-525, 1997.
[4] K. Tiri, M. Akmal, and I. Verbauwhede, “A Dynamic and Differential CMOS Logic with Signal Independent Power Consumption to Withstand Differential Power Analysis on Smartcards,” Proc. 28th European Solid-State Circuits Conf., pp.403-406, 2002.
[5] K. Tiri and I. Verbauwhede, “Charge Recycling Sense Amplifier Based Logic: Securing Low-Power Security IC's against Differential Power Analysis,” Cryptology ePrint Archive, Report 2004/067, 2004.
[6] T. Popp and S. Mangard, “Masked Dual-Rail Pre-Charge Logic:DPA-Resistance without Routing Constraints,” Proc. Seventh Int'l Workshop Cryptographic Hardware and Embedded Systems, pp. 172-186, 2005.
[7] G.B. Ratanpal, R.D. Williams, and T.N. Blalock, “An On-Chip Signal Suppression Countermeasure to Power Analysis Attacks,” IEEE Trans. Dependable and Secure Computing, vol. 1, no. 3, pp.179-189, July-September 2004.
[8] T. Popp and S. Mangard, “Masked Dual-Rail Pre-Charge Logic: DPA-Resistance without Routing Constraints,” Proc. Seventh Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES'05), pp. 172-186, 2005.
[9] W. Fischer and B.M. Gammel, “Masking at Gate Level in the Presence of Glitches,” Proc. Seventh Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '05), pp. 187-200, 2005.
[10] M. Bucci, M. Guglielmo, R. Luzzi, and A. Trifiletti, “A Power Consumption Randomization Countermeasure for DPA-Resistant Cryptographic Processors,” Proc. 14th Int'l Workshop Power and Timing Modeling, Optimization and Simulation, pp. 481-490, 2004.
[11] A. Shamir, “Protecting Smart Cards from Passive Power Analysis with Detached Power Supplies,” Proc. Second Int'l Workshop Cryptographic Hardware and Embedded Systems, pp. 71-77, 2000.
[12] J.D. Golic and C. Tymen, “Multiplicative Masking and Power Analysis of AES,” Proc. Fourth Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '02), pp. 198-212, 2002.
[13] E. Trichina and L. Korkishko, “Secure and Efficient AES Software Implementation for Smart Cards,” Proc. Fifth Int'l Workshop Information Security Applications (WISA '04), pp. 425-439, 2004.
[14] E. Oswald and K. Schramm, “An Efficient Masking Scheme for AES Software Implementations,” Proc. Sixth Int'l Workshop Information Security Applications (WISA '05), pp. 292-305, 2006.
[15] D. Marculescu, R. Marculescu, and M. Pedram, “Information Theoretic Measures for Power Analysis,” IEEE Trans. Computer-Aided Design of Integrated Circuits and Systems, vol. 15, no. 6, pp.599-610, 1996.
[16] E. Macii, M. Pedram, and F. Somenzi, “High-Level Power Modeling, Estimation, and Optimization,” Proc. 34th Design Automation Conf. (DAC '97), pp. 504-511, 1997.
[17] M. Nemani and F.N. Najm, “Towards a High-Level Power Estimation Capability [Digital ICS],” IEEE Trans. Computer-Aided Design of Integrated Circuits and Systems, vol. 15, no. 6, pp. 588-598, 1996.
[18] R.J. Evans and P. Franzon, “Energy Consumption Modeling andOptimization for SRAMS,” IEEE J. Solid-State Circuits, vol. 30, no. 5, pp. 571-579, 1995.
[19] E. Macii, O.G. Koufopavlou, and V. Paliouras, Proc. 14th Int'l Workshop Integrated Circuit and System Design, Power and Timing Modeling, Optimization and Simulation (PATMOS), 2004.
[20] V. Tiwari, S. Malik, and A. Wolfe, “Power Analysis of Embedded Software: A First Step towards Software Power Minimization,” IEEE Trans. Very Large Scale Integration (VLSI) Systems, vol. 2, no. 4, pp. 437-445, 1994.
[21] C. Brandolese, F. Salice, W. Fornaciari, and D. Sciuto, “Static Power Modeling of 32-bit Microprocessors,” IEEE Trans. Computer-Aided Design of Integrated Circuits and Systems, vol. 21, no. 11, pp. 1306-1316, 2002.
[22] M. Renaudin, F. Bouesse, P. Proust, J.P. Tual, L. Sourgen, and F. Germain, “High Security Smartcards,” Proc. Conf. Design, Automation and Test in Europe (DATE '04), pp. 228-233, 2004.
[23] K. Tiri and I. Verbauwhede, “A VLSI Design Flow for Secure Side-Channel Attack Resistant ICs,” Proc. Conf. Design, Automation and Test in Europe (DATE '05), pp. 58-63, 2005.
[24] J.J.A. Fournier, S.W. Moore, H. Li, R.D. Mullins, and G.S. Taylor, “Security Evaluation of Asynchronous Circuits,” Proc. Fifth Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES'03), pp. 137-151, 2003.
[25] H. Li, A.T. Markettos, and S.W. Moore, “Security Evaluation against Electromagnetic Analysis at Design Time,” Proc. SeventhInt'l Workshop Cryptographic Hardware and Embedded Systems (CHES'05), pp. 280-292, 2005.
[26] L. Benini, A. Macii, E. Macii, E. Omerbegovic, F. Pro, and M. Poncino, “Energy-Aware Design Techniques for Differential Power Analysis Protection,” Proc. 40th Design Automation Conf. (DAC '03), pp. 36-41, 2003.
[27] S.B. Örs, F.K. Gürkaynak, E. Oswald, and B. Preneel, “Power-Analysis Attack on an ASIC AES Implementation,” Proc. IEEE Int'l Conf. Information Technology: Coding and Computing (ITCC '04), pp.546-552, 2004.
[28] J. den Hartog, J. Verschuren, E.P. de Vink, J. de Vos, and W. Wiersma, “PINPAS: A Tool for Power Analysis of Smartcards,” Proc. SEC '03, pp. 453-457, 2003.
[29] J.I. den Hartog and E.P. de Vink, “Virtual Analysis and Reduction of Side-Channel Vulnerabilities of Smartcards,” Proc. Second Int'l Workshop Formal Aspect of Security and Trust (FAST '04), pp. 85-98, Aug. 2004.
[30] S. Yang, W. Wolf, N. Vijaykrishnan, D.N. Serpanos, and Y. Xie, “Power Attack Resistant Cryptosystem Design: A Dynamic Voltage and Frequency Switching Approach,” Proc. Design, Automation and Test in Europe Conf. (DATE '05), pp. 64-69, 2005.
[31] N. Vijaykrishnan, M.T. Kandemir, M.J. Irwin, H.S. Kim, and W. Ye, “Energy-Driven Integrated Hardware-Software Optimizations Using SimplePower,” Proc. 27th Ann. Int'l Symp. Computer Architecture (ISCA '00), pp. 95-106, 2000.
[32] SystemC Language Reference Manual Version 2.0, http:/www.systemc.org, 2007.
[33] L. Benini, D. Bertozzi, A. Bogliolo, F. Menichelli, and M. Olivieri, “MPARM: Exploring the Multi-Processor SoC Design Space with SystemC,” J. VLSI Signal Processing, vol. 41, no. 2, pp. 169-182, 2005.
[34] V. Tiwari, S. Malik, A. Wolfe, and M. Lee, “Instruction Level Power Analysis and Optimization of Software,” J. VLSI Signal Processing, pp. 1-18, 1996.
[35] C. Brandolese, W. Fornaciari, F. Salice, and D. Sciuto, “Energy Estimation for 32-Bit Microprocessors,” Proc. Eighth Int'l Workshop Hardware/Software Codesign (CODES '00), pp. 24-28, 2000.
[36] T. Simunic, L. Benini, and G.D. Micheli, “Cycle-Accurate Simulation of Energy Consumption in Embedded Systems,” Proc. 36thDesign Automation Conf. (DAC '99), pp. 867-872, 1999.
[37] W. Ye, N. Vijaykrishnan, M.T. Kandemir, and M.J. Irwin, “The Design and Use of Simplepower: A Cycle-Accurate Energy Estimation Tool,” Proc. 37th Design Automation Conf. (DAC '00), pp. 340-345, 2000.
[38] G.A.D. Sarta and D. Trifone, “A Data Dependent Approach to Instruction Level Power Estimation,” Proc. IEEE Alessandro Volta Memorial Workshop Low-Power Design, pp. 182-190, 1999.
[39] Advanced Encryption Standard (AES), FIPS, Nov. 2001.
[40] E. Brier, C. Clavier, and F. Olivier, “Correlation Power Analysis with a Leakage Model,” Proc. Sixth Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '04), pp. 16-29, 2004.
[41] Rijndael Algorithm, http://efgh.com/softwarerijndael.htm, 2007.
[42] ARM7TDMI Datasheet. ARM, 1995.
17 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool