CSDL Home IEEE Transactions on Dependable and Secure Computing 2010 vol.7 Issue No.03 - July-September

Subscribe

Issue No.03 - July-September (2010 vol.7)

pp: 226-239

Massimo Alioto , University of Siena, Siena

Massimo Poli , University of Siena, Siena

Santina Rocchi , University of Siena, Siena

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TDSC.2009.1

ABSTRACT

In this paper, a general model of multibit Differential Power Analysis (DPA) attacks to precharged buses is discussed, with emphasis on symmetric-key cryptographic algorithms. Analysis provides a deeper insight into the dependence of the DPA effectiveness (i.e., the vulnerability of cryptographic chips) on the parameters that define the attack, the algorithm, and the processor architecture in which the latter is implemented. To this aim, the main parameters that are of interest in practical DPA attacks are analytically derived under appropriate approximations, and a novel figure of merit to measure the DPA effectiveness of multibit attacks is proposed. This figure of merit allows for identifying conditions that maximize the effectiveness of DPA attacks, i.e., conditions under which a cryptographic chip should be tested to assess its robustness. Several interesting properties of DPA attacks are derived, and suggestions to design algorithms and circuits with higher robustness against DPA are given. The proposed model is validated in the case of DES and AES algorithms with both simulations on an MIPS32 architecture and measurements on an FPGA-based implementation of AES. The model accuracy is shown to be adequate, as the resulting error is always lower than 10 percent and typically of a few percentage points.

INDEX TERMS

Differential power analysis (DPA), Data Encryption Standard (DES), Advanced Encryption Standard (AES), security, single-rail precharged bus, modeling, smartcards, VLSI.

CITATION

Massimo Alioto, Massimo Poli, Santina Rocchi, "Differential Power Analysis Attacks to Precharged Buses: A General Analysis for Symmetric-Key Cryptographic Algorithms",

*IEEE Transactions on Dependable and Secure Computing*, vol.7, no. 3, pp. 226-239, July-September 2010, doi:10.1109/TDSC.2009.1REFERENCES

- [1] W. Rankl and W. Effing,
Smart Card Handbook. John Wiley & Sons, 1999.- [2] A. Menezes, P. Van Oorschot, and S. Vanstone,
Handbook of Applied Cryptography. CRC Press, 1997.- [3] T.S. Messerges, E.A. Dabbish, and R.H. Sloan, "Examining Smart-Card Security under the Threat of Power Analysis Attacks,"
IEEE Trans. Computers, vol. 51, no. 5, pp. 541-552, May 2002.- [4] P. Kocher, "Timing Attacks on Implementations of Diffie-Hellman RSA, DSS, and Other Systems,"
Proc. 16th Ann. Int'l Cryptology Conf. Advances in Cryptology (CRYPTO '96), pp. 104-113, 1996.- [5] J.F. Dhem, F. Koeune, P.A. Leroux, P. Mestré, J.J. Quisquater, and J.L. Willems, "A Practical Implementation of the Timing Attack,"
Proc. Smart Card Research Advanced Application Conf. (CARDIS '98), 1998.- [6] E. Biham and A. Shamir, "Differential Fault Analysis of Secret Key Cryptosystems,"
Proc. Int'l Cryptology Conf. Advances in Cryptology (CRYPTO '97), pp. 513-525, 1997.- [7] D. Boneh, R. DeMillo, and R. Lipton, "On the Importance of Checking Cryptographic Protocols for Faults,"
Proc. Int'l Cryptology Conf. Advances in Cryptology (CRYPTO '97), pp. 37-51, 1997.- [8] P. Kocher, J. Jaffe, and B. Jun, "Differential Power Analysis,"
Proc. Int'l Cryptology Conf. Advances in Cryptology (CRYPTO '99), pp. 388-397, 1999.- [9] T.S. Messerges, E.A. Dabbish, and R.H. Sloan, "Investigations of Power Analysis Attacks on Smartcards,"
Proc. USENIX Workshop Smartcard Technology, pp. 151-161, 1999.- [10] W. van Eck, "Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk,"
Computers Security, vol. 4, pp. 269-286, 1985.- [11] C. Clavier, J.-S. Coron, and N. Dabbous, "Differential Power Analysis in Presence of Hardware Countermeasures,"
Proc. Workshop Cryptographic Hardware and Embedded Systems (CHES '00), pp. 252-263, 2000.- [12] D.D. Hwang, K. Tiri, A. Hodjat, B.-C. Lai, S. Yang, P. Schaumont, and I. Verbauwhede, "AES-Based Security Coprocessor IC in 0.18-mm CMOS with Resistance to Differential Power Analysis Side-Channel Attacks,"
IEEE J. Solid-State Circuits, vol. 41, no. 4, pp. 781-791, Apr. 2006.- [13] M. Alioto, M. Poli, S. Rocchi, and V. Vignoli, "Techniques to Enhance the Resistance of Precharged Busses to Differential Power Analysis,"
Proc. Int'l Workshop Power and Timing Modeling, Optimization and Simulation (PATMOS 2006), pp. 624-633, Sept. 2006.- [14] K. Tiri and I. Verbauwhede, "A VLSI Design Flow for Secure Side-Channel Attack Resistant ICs,"
Proc. Design, Automation and Test in Europe, 2005 (DATE '05), pp. 58-63, 2005.- [15] Z. Toprak and Y. Leblebici, "Low-Power Current Mode Logic for Improved DPA-Resistance in Embedded Systems,"
Proc. IEEE Int'l Symp. Circuits and Systems, 2005 (ISCAS '05), pp. 1059-1062, May 2005.- [16] S. Yang, W. Wolf, N. Vijaykrishnan, D.N. Serpanos, and Y. Xie, "Power Attack Resistant Cryptosystem Design: A Dynamic Voltage and Frequency Switching Approach,"
Proc. Design, Automation and Test in Europe Conf. Exhibition (DATE '05), pp. 64-69, 2005.- [17] K.J. Kulikowski, M. Su, A. Smirnov, A. Taubin, M.G. Karpovsy, and D. MacDonald, "Delay Insensitive Encoding and Power Analysis: A Balancing Act,"
Proc. 11th IEEE Int'l Symp. Asynchronous Circuits and Systems, 2005 (ASYNC '05), pp. 116-125, Mar. 2005.- [18] G.F. Bouesse, M. Renaudin, S. Dumont, and F. Germain, "DPA on Quasi Delay Insensitive Asynchronous Circuits: Formalization and Improvement,"
Proc. Design, Automation and Test in Europe, 2005 (DATE '05), pp. 424-429, 2005.- [19] M. Bucci, M. Guglielmo, R. Luzzi, and A. Trifiletti, "A Power Consumption Randomization Countermeasure for DPA-Resistant Cryptographic Processors,"
Proc. Int'l Workshop Power and Timing Modeling, Optimization and Simulation (PATMOS '04), pp. 481-490, 2004.- [20] G.B. Ratanpal, R.D. Williams, and T.N. Blalock, "An On-Chip Signal Suppression Countermeasure to Power Analysis Attacks,"
IEEE Trans. Dependable Secure Computing, vol. 1, no. 3, pp. 179-189, July-Sept. 2004.- [21] M. Bucci, R. Luzzi, M. Guglielmo, and A. Trifiletti, "A Countermeasure against Differential Power Analysis Based on Random Delay Insertion,"
Proc. IEEE Int'l Symp. Circuits and Systems, 2005 (ISCAS '05), pp. 3547-3550, May 2005.- [22] K. Tiri and I. Verbauwhede, "Charge Recycling Sense Amplifier Based Logic: Securing Low Power Security IC's Against DPA,"
Proc. 30th European Solid-State Circuits Conf. 2004 (ESSCIRC 2004), pp. 179-182, Sept. 2004.- [23] X. Zhuang, T. Zhang, and S. Pande, "HIDE: An Infrastructure for Efficiently Protecting Information Leakage on the Address Bus,"
Proc. Int'l Conf. Architectural Support for Programming Languages and Operating Systems (ASPLOS '04), pp. 72-84, 2004.- [24] K. Tiri, M. Akmal, and I. Verbauwhede, "A Dynamic and Differential CMOS Logic with Signal Independent Power Consumption to Withstand Differential Power Analysis on Smart Cards,"
Proc. 28th European Solid-State Circuits Conf. (ESSCIRC '02), pp. 403-406, 2002.- [25] P. Rakers, L. Connell, and D. Russell, "Secure Contactless Smartcard ASIC with DPA Protection,"
IEEE Trans. Solid-State Circuits, vol. 36, no. 3, pp. 559-565, Mar. 2001.- [26] M.A. Hasan, "Power Analysis Attacks and Algorithmic Approaches to Their Countermeasures for Koblitz Curve Cryptosystems,"
IEEE Trans. Computer, vol. 50, no. 10, pp. 1071-1083, Oct. 2001.- [27] A. Shamir, "Protecting Smart Cards form Passive Power Analysis with Detached Power Supplies,"
Proc. Workshop Cryptographic Hardware and Embedded Systems (CHES '00), pp. 71-77, 2000.- [28] L. Goubin and J. Patarin, "DES and Differential Power Analysis (The "Duplication" Method),"
Proc. Workshop Cryptographic Hardware and Embedded Systems (CHES '99), pp. 158-172, 1999.- [29] S. Mangard, "Hardware Countermeasures against DPA - A Statistical Analysis of Their Effectiveness,"
Proc. RSA Conf. 2004 Cryptographers' Track (CT-RSA 2004), Feb. 2004.- [30] S. Mangard, E. Oswald, and T. Popp,
Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, 2007.- [31] M. Alioto, M. Poli, S. Rocchi, and V. Vignoli, "Power Modeling of Precharged Address Bus and Application to Multi-Bit DPA Attacks to DES Algorithm,"
Proc. Int'l Workshop Power and Timing Modeling, Optimization and Simulation (PATMOS '06), 2006.- [32] R. Elbaz, L. Torres, G. Sassatelli, P. Guillemin, C. Anguille, C. Buatois, and J.B. Rigaud, "Hardware Engines for Bus Encryption: A Survey of Existing Techniques,"
Proc. Design, Automation and Test in Europe (DATE 2005), pp. 40-45, Mar. 2005.- [33] DES - Federal Information Processing Standards Publication (FIPS PUB) 46-3, http://csrc.nist.gov/publications/fips/fips46-3 fips46-3.pdf, 2009.
- [34] AES - Federal Information Processing Standards Publication (FIPS PUB) 197, http://csrc.nist.gov/publications/fips/fips197 fips-197.pdf, 2009.
- [35] A. Papoulis,
Probability, Random Variables, and Stochastic Processes. McGraw-Hill, 1965.- [36] J. Rabaey,
Digital Integrated Circuits (A Design Perspective). Prentice-Hall, 1996.- [37] C. Shannon, "Communication Theory of Secrecy Systems,"
Bell Systems Technical J., vol. 28, pp. 656-715, 1949.- [38] R.B. Lin and C.M. Tsai, "Theoretical Analysis of Bus-Invert Coding,"
IEEE Trans. VLSI Systems, vol. 10, no. 6, pp. 929-935, Dec. 2002.- [39] W. Stallings,
Cryptography and Network Security: Principles and Practice, third ed., Prentice-Hall, 2003.- [40] M. Abramowitz and I.A. Stegun,
Handbook of Mathematical Functions: With Formulas, Graphs, and Mathematical Tables. Dover Publications, 1965.- [41] MIPS Technologies Inc., http:/www.mips.com, 2009.
- [42] J. Irwin and D. Page, "Using Media Processors for Low-Memory AES Implementation,"
Proc. IEEE Int. Conf. Appl.-Specific Systems, Architectures, Processors, pp. 144-154, June 2003.- [43] K. Tiri, D. Hwang, A. Hodjat, B. Lai, S. Yang, P. Schaumont, and I. Verbauwhede, "A Side-Channel Leakage Free Coprocessor IC in 0.18mm CMOS for Embedded AES-Based Cryptographic and Biometric Processing,"
Proc. Design Automation Conf. (DAC 2005), pp. 222-227, 2005.- [44] G.F. Bouesse, M. Renaudin, and S. Dumont, "DPA on Quasi Delay Insensitive Asynchronous Circuits: Formalization and Improvement,"
Proc. Design, Automation and Test in Europe (DATE '05), pp. 424-429, 2005.- [45] J.I. den Hartog and E.P. de Vink, "Virtual Analysis and Reduction of Side-Channel Vulnerabilities of Smartcards,"
Proc. Second Int'l Workshop Formal Aspect of Security and Trust (FAST '04), pp. 85-98, 2004.- [46] A. Schuster and E. Oswald, "Differential Power Analysis of an AES Implementation," SCA-Lab technical report series, www.iaik.tu-graz.ac.at/research/sca-labindex.php , 2009.
- [47] M. Alioto, L. Giancane, G. Scotti, and A. Trifiletti, "Leakage Power Analysis Attacks: a Novel Class of Attacks to Nanometer Cryptographic Circuits,"
IEEE Trans. Circuits and Systems, part I, vol. 57, no. 2, pp. 355-367, Feb. 2010.- [48] M. Alioto, M. Poli, S. Rocchi, "A General Power Model of Differential Power Analysis Attacks to Static Logic Circuits,"
IEEE Trans. VLSI Systems, vol. 18, no. 5, pp. 711-724, May 2010. |