Combined SCA and DFA Countermeasures Integrable in a FPGA Design Flow

2010 Workshop on Fault Diagnosis and Tolerance in Cryptography

Sauvage

Danger

et al. 2010

Self Cite

Abstract-Fault injections constitute a major threat to the security of embedded systems. Errors occurring in the cryptographic algorithms have been shown to be extremely dangerous, since powerful attacks can exploit few of them to recover the full secrets. Most of the resistance techniques to perturbation attacks have relied so far on the detection of faults. We present in this paper another strategy, based on the resilience against fault attacks. The core idea is to allow an erroneous result to be outputted, but with the assurance that this faulty information conveys no information about the secrets concealed in the chip. We first underline the benefits of FIR: false positive are never raised, secrets are not erased uselessly in case of uncompromising faults injections, which increases the card lifespan if the fault is natural and not malevolent, and FIR enables a high potential of resistance even in the context of multiple faults. Then we illustrate two families of fault injection resilience (FIR) schemes suitable for symmetric encryption. The first family is a protocollevel scheme that can be formally proved resilient. The second family mobilizes a special logic-level architecture of the cryptographic module. We notably detail how a countermeasure of this later family, namely dual-rail with precharge logic style, can both protect both against active and passive attacks, thereby bringing a combined global protection of the device. The cost of this logic is evaluated as lower than detection schemes. Finally, we also give some ideas about the modalities of adjunction of FIR to some certification schemes.

“…However, it has been noticed that these styles can also natively withstand some perturbation attacks [57], [58], [73], [11]. It has already been underlined in Sec.…”

Section: Dual-rail With Precharge Logic As Amentioning

confidence: 81%

“…This property is especially true at the netlist level for logics free from EPE [11]. Indeed, the fanout of each gate is double w.r.t.…”

Section: Revisiting the Comparison Resilience Vs Detectionmentioning

confidence: 99%

See 1 more Smart Citation

Fault Injection Resilience

2010 Workshop on Fault Diagnosis and Tolerance in Cryptography

Sauvage

Danger

et al. 2010

Self Cite

“…Also, hiding is a countermeasure against most fault injection attacks since the attacker erases the value stored redundantly in one pair of wires by changing only one of them. The case of symmetric faults is covered in [38] and of arbitrary faults in [39]. An interesting noting is that by associating masking and hiding, the protection extends to semi-invasive and invasive attacks.…”

Section: General Picturementioning

confidence: 99%

Vade mecum on side-channels attacks and countermeasures for the designer and the evaluator

2011 6th International Conference on Design &Amp; Technology of Integrated Systems in Nanoscale Era (DTIS)

Meynard

Nassar

et al. 2011

Self Cite

Abstract-Implementation-level attacks are nowadays well known and most designers of security embedded systems are aware of them. However, both the number of vulnerabilities and of protections have seriously grown since the first public reporting of these threats in 1996. It is thus difficult to assess the correct countermeasures association to cover all the possible attack pathes. The goal of this paper is to give a clear picture of the possible adequation between actually risks and mitigation techniques. A specific focus is made on two protection techniques addressing primarily side-channel attacks: masking and hiding. For the first time, we provide with a way to estimate a tradeoff depending on the environmental conditions (amount of noise) and on the designer skills (ability to balance the design). This tradeoff is illustrated in a decision diagram, helpful for the security designer to justify choices and to account for the cost overhead.

“…Unfortunately, this logic has never proved to be glitch-free, nor of constant activity (because of unwanted spurious glitches). Some logic-level upgrades of WDDL have also been proposed, amongst which iMDPL [14], DRSL [6], STTL [15,16], SecLib [17], WDDL w/o early evaluation [18], and BCDL [19]. All those styles can be mapped onto an FPGA fabric and are thus concerned with dual-rail balancing.…”

Section: Introductionmentioning

confidence: 99%

Exploiting Dual-Output Programmable Blocks to Balance Secure Dual-Rail Logics

Sauvage

Nassar

International Journal of Reconfigurable Computing

et al. 2010

Self Cite

FPGA design of side-channel analysis countermeasures using unmasked dual-rail with precharge logic appears to be a great challenge. Indeed, the robustness of such a solution relies on careful differential placement and routing whereas both FPGA layout and FPGA EDA tools are not developed for such purposes. However, assessing the security level which can be achieved with them is an important issue, as it is directly related to the suitability to use commercial FPGA instead of proprietary custom FPGA for this kind of protection. In this article, we experimentally gave evidence that differential placement and routing of an FPGA implementation can be done with a granularity fine enough to improve the security gain. However, so far, this gain turned out to be lower for FPGAs than for ASICs. The solutions demonstrated in this article exploit the dual-output of modern FPGAs to achieve a better balance of dual-rail interconnections. However, we expect that an in-depth analysis of routing resources power consumption could still help reduce the interconnect differential leakage.