Analysis Of Variance and CPA in SCA

This paper introduces Side-Channel Analysis results obtained on an unprotected circuit characterized by a surprisingly non-linear leakage. While in such a case, Correlation Power Analysis is not adapted, we show that a more generic attack, based on the Analysis Of Variance (AOV) outperfoms CPA. It has the advantage of detecting non-linear leakage, unlike Correlation Power Analysis, and of providing similar or much better results in all cases, with a similar computation time

Memory-Based High-Level Synthesis Optimizations Security Exploration on the Power Side-Channel

High-level synthesis (HLS) allows hardware designers to think algorithmically and not worry about low-level, cycle-by-cycle details. This provides the ability to quickly explore the architectural design space and tradeoffs between resource utilization and performance. Unfortunately, security evaluation is not a standard part of the HLS design flow. In this article, we aim to understand the effects of memory-based HLS optimizations on power side-channel leakage. We use Xilinx Vivado HLS to develop different cryptographic cores, implement them on a Spartan-6 FPGA, and collect power traces. We evaluate the designs with respect to resource utilization, performance, and information leakage through power consumption. We have two important observations and contributions. First, the choice of resource optimization directive results in different levels of side-channel vulnerabilities. Second, the partitioning optimization directive can greatly compromise the hardware cryptographic system through power side-channel leakage due to the deployment of memory control logic. We describe an evaluation procedure for power side-channel leakage and use it to make best-effort recommendations about how to design more secure architectures in the cryptographic domain

Stress, social support and psychological well-being in British chartered accountants

School of Managemen

Explointing FPGA block memories for protected cryptographic implementations

Modern Field Programmable Gate Arrays (FPGAs) are power packed with features to facilitate designers. Availability of features like huge block memory (BRAM), Digital Signal Processing (DSP) cores, embedded CPU makes the design strategy of FPGAs quite different from ASICs. FPGA are also widely used in security-critical application where protection against known attacks is of prime importance. We focus ourselves on physical attacks which target physical implementations. To design countermeasures against such attacks, the strategy for FPGA designers should also be different from that in ASIC. The available features should be exploited to design compact and strong countermeasures. In this paper, we propose methods to exploit the BRAMs in FPGAs for designing compact countermeasures. BRAM can be used to optimize intrinsic countermeasures like masking and dual-rail logic, which otherwise have significant overhead (at least 2X). The optimizations are applied on a real AES-128 co-processor and tested for area overhead and resistance on Xilinx Virtex-5 chips. The presented masking countermeasure has an overhead of only 16% when applied on AES. Moreover Dual-rail Precharge Logic (DPL) countermeasure has been optimized to pack the whole sequential part in the BRAM, hence enhancing the security. Proper robustness evaluations are conducted to analyze the optimization for area and security

High Efficiency Power Side-Channel Attack Immunity using Noise Injection in Attenuated Signature Domain

With the advancement of technology in the last few decades, leading to the widespread availability of miniaturized sensors and internet-connected things (IoT), security of electronic devices has become a top priority. Side-channel attack (SCA) is one of the prominent methods to break the security of an encryption system by exploiting the information leaked from the physical devices. Correlational power attack (CPA) is an efficient power side-channel attack technique, which analyses the correlation between the estimated and measured supply current traces to extract the secret key. The existing countermeasures to the power attacks are mainly based on reducing the SNR of the leaked data, or introducing large overhead using techniques like power balancing. This paper presents an attenuated signature AES (AS-AES), which resists SCA with minimal noise current overhead. AS-AES uses a shunt low-drop-out (LDO) regulator to suppress the AES current signature by 400x in the supply current traces. The shunt LDO has been fabricated and validated in 130 nm CMOS technology. System-level implementation of the AS-AES along with noise injection, shows that the system remains secure even after 50K encryptions, with 10x reduction in power overhead compared to that of noise addition alone.Comment: IEEE International Symposium on Hardware Oriented Security and Trust (HOST) 201

Physical Time-Varying Transfer Functions as Generic Low-Overhead Power-SCA Countermeasure

Mathematically-secure cryptographic algorithms leak significant side channel information through their power supplies when implemented on a physical platform. These side channel leakages can be exploited by an attacker to extract the secret key of an embedded device. The existing state-of-the-art countermeasures mainly focus on the power balancing, gate-level masking, or signal-to-noise (SNR) reduction using noise injection and signature attenuation, all of which suffer either from the limitations of high power/area overheads, performance degradation or are not synthesizable. In this article, we propose a generic low-overhead digital-friendly power SCA countermeasure utilizing physical Time-Varying Transfer Functions (TVTF) by randomly shuffling distributed switched capacitors to significantly obfuscate the traces in the time domain. System-level simulation results of the TVTF-AES implemented in TSMC 65nm CMOS technology show > 4000x MTD improvement over the unprotected implementation with nearly 1.25x power and 1.2x area overheads, and without any performance degradation

Advances in SCA and RF-DNA Fingerprinting Through Enhanced Linear Regression Attacks and Application of Random Forest Classifiers

Radio Frequency (RF) emissions from electronic devices expose security vulnerabilities that can be used by an attacker to extract otherwise unobtainable information. Two realms of study were investigated here, including the exploitation of 1) unintentional RF emissions in the field of Side Channel Analysis (SCA), and 2) intentional RF emissions from physical devices in the field of RF-Distinct Native Attribute (RF-DNA) fingerprinting. Statistical analysis on the linear model fit to measured SCA data in Linear Regression Attacks (LRA) improved performance, achieving 98% success rate for AES key-byte identification from unintentional emissions. However, the presence of non-Gaussian noise required the use of a non-parametric classifier to further improve key guessing attacks. RndF based profiling attacks were successful in very high dimensional data sets, correctly guessing all 16 bytes of the AES key with a 50,000 variable dataset. With variable reduction, Random Forest still outperformed Template Attack for this data set, requiring fewer traces and achieving higher success rates with lower misclassification rate. Finally, the use of a RndF classifier is examined for intentional RF emissions from ZigBee devices to enhance security using RF-DNA fingerprinting. RndF outperformed parametric MDA/ML and non-parametric GRLVQI classifiers, providing up to GS =18.0 dB improvement (reduction in required SNR). Network penetration, measured using rogue ZigBee devices, show that the RndF method improved rogue rejection in noisier environments - gains of up to GS =18.0 dB are realized over previous methods

Residual Vulnerabilities to Power side channel attacks of lightweight ciphers cryptography competition Finalists

The protection of communications between Internet of Things (IoT) devices is of great concern because the information exchanged contains vital sensitive data. Malicious agents seek to exploit those data to extract secret information about the owners or the system. Power side channel attacks are of great concern on these devices because their power consumption unintentionally leaks information correlatable to the device\u27s secret data. Several studies have demonstrated the effectiveness of authenticated encryption with advanced data, in protecting communications with these devices. A comprehensive evaluation of the seven (out of 10) algorithm finalists of the National Institute of Standards and Technology (NIST) IoT lightweight cipher competition that do not integrate built‐in countermeasures is proposed. The study shows that, nonetheless, they still present some residual vulnerabilities to power side channel attacks (SCA). For five ciphers, an attack methodology as well as the leakage function needed to perform correlation power analysis (CPA) is proposed. The authors assert that Ascon, Sparkle, and PHOTON‐Beetle security vulnerability can generally be assessed with the security assumptions “Chosen ciphertext attack and leakage in encryption only, with nonce‐misuse resilience adversary (CCAmL1)” and “Chosen ciphertext attack and leakage in encryption only with nonce‐respecting adversary (CCAL1)”, respectively. However, the security vulnerability of GIFT‐COFB, Grain, Romulus, and TinyJambu can be evaluated more straightforwardly with publicly available leakage models and solvers. They can also be assessed simply by increasing the number of traces collected to launch the attack

RSA Power Analysis Obfuscation: A Dynamic FPGA Architecture

The modular exponentiation operation used in popular public key encryption schemes, such as RSA, has been the focus of many side channel analysis (SCA) attacks in recent years. Current SCA attack countermeasures are largely static. Given sufficient signal-to-noise ratio and a number of power traces, static countermeasures can be defeated, as they merely attempt to hide the power consumption of the system under attack. This research develops a dynamic countermeasure which constantly varies the timing and power consumption of each operation, making correlation between traces more difficult than for static countermeasures. By randomizing the radix of encoding for Booth multiplication and randomizing the window size in exponentiation, this research produces a SCA countermeasure capable of increasing RSA SCA attack protection