Side-Channel Power Resistance for Encryption Algorithms Using Implementation Diversity

Bow, Ivan; Bete, Nahome; Saqib, Fareena; Che, Wenjie; Patel, Chintan; Robucci, Ryan; Chan, Calvin; Plusquellic, Jim

doi:10.3390/cryptography4020013

Cited by 8 publications

(4 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In their work, Bow et al (2020) present Side-Channel Power Resistance for Encryption Algorithms Using Implementation Diversity (SPREAD). This paper is a power countermeasure proof-of-concept that shows that input-to-output delays are distinct for each circuit structure used.…”

Section: Related Workmentioning

confidence: 99%

“…This research will also only utilize a synthesis-directed circuit variant generation method as opposed to SPREAD which also includes additional hardware for a circuit-directed approach. To introduce gate-level diversity, we will use a program encryption toolkit (Forbes, 2017) to generate equivalent circuits that vary in size and composition where the method in (Bow et al, 2020) exclude specific gate types when generating netlists for each version. Lastly, the proposed countermeasure will be not only be assessed for power analysis resistance but for localized EM analysis resistance as well.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Circuit-Variant Moving Target Defense for Side-Channel Attacks

Mullins¹,

Baggett²,

Andel³

et al. 2022

iccws

View full text Add to dashboard Cite

The security of cryptosystems involves preventing an attacker's ability to obtain information about plaintext. Traditionally, this has been done by prioritizing secrecy of the key through complex key selection and secure key exchange. With the emergence of side-channel analysis (SCA) attacks, bits of a secret key may be derived by correlating key values with physical properties of cryptographic process execution. Information such as power consumption and electromagnetic (EM) radiation side-channel properties can be observed during encryption or decryption. These signals reflect data-dependent system behaviours that may reveal secret key information. Power and EM SCA attacks require several measurements of the target process to amplify the signal of interest, filter out noise, and derive the secret key through statistical analysis methods. Differential power and EM analysis attacks rely on correlating actual side-channel measurements to hypothetical models. The goal of this research is to increase the complexity of both power and EM SCA by introducing structural and spatial randomization of the target hardware. We propose a System-on-a-Chip (SOC) countermeasure that will periodically reconfigure an AES scheme using randomly located S-box circuit variants. We hypothesize that changing the location of the target modules between encryption runs will result in a nonconstant EM signal strength for any given point on the chip, increasing the number of traces needed to perform a localized EM SCA attack. Further, each of the S-box circuit variants will consist of functionally equivalent, structurally diverse hardware. By diversifying the implementations at the gate-level, we aim to vary the power behaviour observed by the attacker and disrupt the correlation between the hypothetical and actual power consumption, increasing the complexity of power SCA. This moving target defense aims to disrupt side-channel collection and correlation needed to successfully implement an attack.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Circuit-Variant Moving Target Defense for Side-Channel Attacks

Mullins¹,

Baggett²,

Andel³

et al. 2022

iccws

View full text Add to dashboard Cite

show abstract

“…Compared to the approach in [8] where the circuit structure is fixed, there is much more freedom during synthesis to change the structure of the circuit. The work in [11] also explores synthesis level changes by using sub-sets of a standard cell library while synthesizing the Sbox, resulting in different structural realizations of the Sbox. However, unlike the work in [10], this approach lacks flexibility to generate a large number of distinct variants.…”

Section: Background and Previous Workmentioning

confidence: 99%

The Benefits and Costs of Netlist Randomization Based Side-Channel Countermeasures: An In-Depth Evaluation

Ali

Becher

Ziener

2022

JLPEA

View full text Add to dashboard Cite

Exchanging FPGA-based implementations of cryptographic algorithms during run-time using netlist randomized versions has been introduced recently as a unique countermeasure against side channel attacks. Using partial reconfiguration, it is possible to shuffle between structurally different but functionally similar versions of a cryptographic implementation. The resulting varying power profile enhances the resistance against power-based side channel attacks. While side channel leakage is reduced, costs in terms of additional resources and/or lowered throughput are often increased due to the overheads of the required online partial reconfiguration. In this work, we provide an in-depth evaluation of the leakage-area-throughput trade-off.

show abstract

“…Another signifi cant area of research has been the focus on enhancing resistance to side-channel attacks, which exploit physical implementations of cryptographic algorithms. Innovations in block cipher modes are increasingly incorporating countermeasures against such attacks, ensuring that security is maintained not only at the algorithmic level but also in practical implementations [24].…”

Section: Introductionmentioning

confidence: 99%

Enhancing cryptographic robustness with dual key chaining

Muhammad,

Yasir

2024

Trends Comput Sci Inf Technol

View full text Add to dashboard Cite

In this paper, we introduce an advanced mode of operation for block ciphers, named Dual Key Chaining Mode (DKC), aimed at bolstering cryptographic security for safeguarding sensitive information. Building upon the foundations laid by established modes while adhering to guidelines set by the National Institute of Standards and Technology (NIST), DKC innovates through a dual-key mechanism and the generation of highly unpredictable values. This novel approach markedly enhances security, particularly against chosen plaintext attacks, a common vulnerability in traditional modes. Through rigorous mathematical analysis, we demonstrate DKC’s superiority, proving its indistinguishability under chosen plaintext attacks (IND-CPA) and showing that an adversary cannot practically distinguish DKC-encrypted ciphertexts from those produced by a random permutation. Our security proof employs a structured approach, contrasting DKC with conventional modes to highlight its robust defense mechanisms and its capacity to mitigate error propagation, reduce chain dependency, and resist pattern recognition attacks. The DKC mode not only surpasses existing standards in cryptographic security but also offers significant improvements in efficiency and security complexity, making it particularly suited for environments demanding stringent data protection. This study’s findings underscore DKC’s potential as a leading candidate for securing communication channels, financial transactions, and cloud storage services against an array of cryptographic attacks.

show abstract

Side-Channel Power Resistance for Encryption Algorithms Using Implementation Diversity

Cited by 8 publications

References 22 publications

Circuit-Variant Moving Target Defense for Side-Channel Attacks

Circuit-Variant Moving Target Defense for Side-Channel Attacks

The Benefits and Costs of Netlist Randomization Based Side-Channel Countermeasures: An In-Depth Evaluation

Enhancing cryptographic robustness with dual key chaining

Contact Info

Product

Resources

About