Side-channel attacks and countermeasures in the design of secure IC's devices for cryptographic applications

Abstract--- A lot of devices which are daily used have to guarantee the retention of sensible data. Sensible data are ciphered by a secure key by which only the key holder can get the data. For this reason, to protect the cipher key against possible attacks becomes a main issue. The research activities in hardware cryptography are involved in finding new countermeasures against various attack scenarios and, in the same time, in studying new attack methodologies. During the PhD, three different logic families to counteract Power Analysis were presented and a novel class of attacks was studied. Moreover, two different activities related to Random Numbers Generators have been addressed

Differential Power Analysis Attacks to Precharged Busses: a General Analysis for Symmetric-Key Cryptographic Algorithms

In this paper, a general model of multi-bit Differential Power Analysis (DPA) attacks to precharged busses is discussed, with emphasis on symmetric-key cryptographic algorithms. Analysis provides a deeper insight into the dependence of the DPA effectiveness (i.e., the vulnerability of cryptographic chips) on the parameters that define the attack, the algorithm and the processor architecture in which the latter is implemented. To this aim, the main parameters that are of interest in practical DPA attacks are analytically derived under appropriate approximations, and a novel figure of merit to measure the DPA effectiveness of multi-bit attacks is proposed. This figure of merit allows for identifying conditions that maximize the effectiveness of DPA attacks, i.e. conditions under which a cryptographic chip should be tested to assess its robustness. Several interesting properties of DPA attacks are derived, and suggestions to design algorithms and circuits with higher robustness against DPA are given. The proposed model is validated in the case of DES and AES algorithms with both simulations on an MIPS32 architecture and measurements on an FPGA-based implementation of AES. The model accuracy is shown to be adequate, as the resulting error is always lower than 10%, and typically of a few percentage points