Gate-Level Masking under a Path-Based Leakage Metric

Leiserson, Andrew; Marson, Mark E.; Wachs, Megan

doi:10.1007/978-3-662-44709-3_32

Cited by 26 publications

(20 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the second scenario the input mask is chosen uniformly at random. As done in [5], we use externally applied masking to ensure that no leakage is due to input and output logic. The zero-mask case corresponds to an unprotected implementation and is used to analyze the leakage behavior of the circuit as well as to show that the measurement setup is able to properly capture leakages.…”

Section: Evaluation Resultsmentioning

confidence: 99%

“…Similarly 1-private logic only promises resistance to one internal signal being probed. We follow the evaluation methodology established by works such as [3], [4], [5], which use Correlation Power Analysis (CPA) [6] and the Correlation Enhanced Collision Analysis (CCA) [7] to analyze their designs for first-order side channel leakage.…”

Section: Motivationmentioning

confidence: 99%

“…CCA has two interesting properties: it detects only first order leakages and it does not require a leakage model, making it a good leakage detection mechanism [4], [5]. In this attack, traces from a collection are separated into two sets of equal size.…”

Section: Power Analysismentioning

confidence: 99%

See 2 more Smart Citations

Power analysis of the t-private logic style for FPGAs

Goddard

LaJeunesse

Eisenbarth

2015

2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)

View full text Add to dashboard Cite

The goal of t-private circuits is to protect information processed by the circuit. This work presents the first practical power analysis evaluation of t-private logic style for FPGAs. Following the synthesis technique introduced at HOST 2012, a t-private S-box of the Present block cipher is synthesized and analyzed with respect to side channel leakage. The analysis is performed on simulated power traces as well as real power measurements taken from an implementation on a Virtex 5 FPGA. Classical Correlation power analysis and Correlation enhanced collision analysis are applied to detect first order leakages. Our results reveal a remaining first-order side channel attack vulnerability. I. MOTIVATIONImplementation attacks are a common threat to cryptographic cores in hardware. In many embedded applications, the attacker has physical access to the chip containing the crypto core. That access can be abused to recover critical secrets, namely cryptographic keys. Common attack techniques include invasive attacks such as probing as well as non-invasive attacks such as power, EM and timing attacks. Power and EM side channel attacks are particularly interesting, because, unlike probing attacks, the equipment and hardware specific knowledge necessary to perform them is minimal. At the same time, power and EM attacks are extremely difficult to completely prevent. One of the common and well studied techniques to hinder power analysis is masking. Masking splits internal states of logic into two or more random shares so that secret information can only be extracted from their combination. It has been found that masking can be overcome by higher order side channel analysis. However, if implemented correctly, first order (or in general lower order) side channel attacks are prevented, while higher order attacks are known to need much higher number of traces to succeed, yielding a practical security for many applications. Nevertheless, the price is high in terms of the introduced area overhead and the care that is needed to implement the masking countermeasure correctly.t-private circuits are a countermeasure that have originally been proposed to counter probing attacks. It is fairly similar to the above-described approaches, as it is also based on the principle of secret sharing. In [1] the authors show a methodology where t-private circuits can be efficiently mapped to FPGAs. While side channel resistance is not explicitly claimed in [1], the work suggests that t-private circuits protect against a stronger adversary, i.e. the probing adversary that can observe internal states directly, instead of an aggregate leakage through the common power supply. The application of the t-private logic as a Differential Power Analysis (DPA) countermeasure was studied in more detail in [2]. That work describes their method of finding circuits with a low DPA robustness and replacing that logic with a t-private countermeasure to mitigate these problems. The paper, however, does not describe the overall DPA resistance of t-private logic.In this wo...

show abstract

Section: Evaluation Resultsmentioning

confidence: 99%

Section: Motivationmentioning

confidence: 99%

See 1 more Smart Citation

Power analysis of the t-private logic style for FPGAs

Goddard

LaJeunesse

Eisenbarth

2015

2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)

View full text Add to dashboard Cite

show abstract

“…T-test is a statistical method used to judge whether two sample sets come from the same group. It is used to evaluate the power leakage of circuits in Refs [17][18][19]. Compared with power analysis attack, t-test can quantitatively analyze the DPA-resistant ability of circuits, which is more convincing.…”

Section: Leakage Quantificationmentioning

confidence: 99%

A Countermeasure against DPA on SIMON with an Area-Efficient Structure

Zhang

Zhou

et al. 2019

Electronics

View full text Add to dashboard Cite

Differential power analysis (DPA) is an effective side channel attack method, which poses a critical threat to cryptographic algorithms, especially lightweight ciphers such as SIMON. In this paper, we propose an area-efficient countermeasure against DPA on SIMON based on the power randomization. Firstly, we review and analyze the architecture of SIMON algorithm. Secondly, we prove the threat of DPA attack to SIMON by launching actual DPA attack on SIMON 32/64 circuit. Thirdly, a low-cost power randomization scheme is proposed by combining fault injection with double rate technology, and the corresponding circuit design is implemented. To the best of our knowledge, this is the first scheme that applies the combination of fault injection and double rate technology to the DPA-resistance. Finally, the t-test is used to evaluate the security mechanism of the proposed designs with leakage quantification. Our experimental results show that the proposed design implements DPA-resistance of SIMON algorithm at certain overhead the cost of 47.7% LUTs utilization and 39.6% registers consumption. As compared to threshold implementation and bool mask, the proposed scheme has greater advantages in resource consumption.

show abstract

“…In order to avoid the leakage of sensitive information, it is essential to carry out research on the CA defense strategy of AES to design a safe and reliable AES circuit. The defense strategy of CA can be divided into two categories [10]: one is to reduce the fluctuation of the power curve to reduce the amount of leaked information [11,12,13,14,15,16]; another method is to destroy the data relevance between the power curve and key by increasing the redundant power consumption or random noise [17,18,19,20,21,22,23]. The technology of Random Delay Insertion (RDI) is proposed to reduce the correlation between the power consumption and intermediate processed data.…”

Section: Introductionmentioning

confidence: 99%

A new method for resisting collision attack based on parallel random delay S-box

Fang

Zhang

et al. 2019

IEICE Electron. Express

View full text Add to dashboard Cite

Collision Attack (CA) has posed a huge threat to the security of AES circuit. To protect sensitive information, it's necessary to do research on defense strategy of CA. This letter proposes a new method to defense CA through the implementation of random delay based parallel S-box. It can destroy the consistency of the power consumption curves, confuse the judgment of the collision and the setting of the collision threshold to achieve the goal of resisting the CA. Compared to the well-known random mask method and other CA countermeasures, our strategy can defense CA without changing the AES round transformation architecture and bring extra resource overhead.

show abstract

Gate-Level Masking under a Path-Based Leakage Metric

Cited by 26 publications

References 28 publications

Power analysis of the t-private logic style for FPGAs

Power analysis of the t-private logic style for FPGAs

A Countermeasure against DPA on SIMON with an Area-Efficient Structure

A new method for resisting collision attack based on parallel random delay S-box

Contact Info

Product

Resources

About