High Efficiency Power Side-Channel Attack Immunity using Noise Injection in Attenuated Signature Domain

With the advancement of technology in the last few decades, leading to the widespread availability of miniaturized sensors and internet-connected things (IoT), security of electronic devices has become a top priority. Side-channel attack (SCA) is one of the prominent methods to break the security of an encryption system by exploiting the information leaked from the physical devices. Correlational power attack (CPA) is an efficient power side-channel attack technique, which analyses the correlation between the estimated and measured supply current traces to extract the secret key. The existing countermeasures to the power attacks are mainly based on reducing the SNR of the leaked data, or introducing large overhead using techniques like power balancing. This paper presents an attenuated signature AES (AS-AES), which resists SCA with minimal noise current overhead. AS-AES uses a shunt low-drop-out (LDO) regulator to suppress the AES current signature by 400x in the supply current traces. The shunt LDO has been fabricated and validated in 130 nm CMOS technology. System-level implementation of the AS-AES along with noise injection, shows that the system remains secure even after 50K encryptions, with 10x reduction in power overhead compared to that of noise addition alone.Comment: IEEE International Symposium on Hardware Oriented Security and Trust (HOST) 201

ElectroMagnetic Analysis and Fault Injection onto Secure Circuits

International audienceImplementation attacks are a major threat to hardware cryptographic implementations. These attacks exploit the correlation existing between the computed data and variables such as computation time, consumed power, and electromagnetic (EM) emissions. Recently, the EM channel has been proven as an effective passive and active attack technique against secure implementations. In this paper, we review the recent results obtained on this subject, with a particular focus on EM as a fault injection tool

ＡＥＳ暗号回路に対するクロック間衝突を用いた電磁波解析

Kocher らによる差分電力解析の提案以降，サイドチャネル解析（SCA：Side Channel Analysis）が注目され，盛んに研究されている．SCA とは暗号回路が漏洩する物理情報を解析し，回路内部の秘密情報の特定する手法である．SCA で利用する物理情報は処理時間や消費電力，漏洩電磁波など様々である．中でも漏洩電磁波を用いた電磁波解析(EMA：Electro-Magnetic Analysis)は測定するプローブの位置や対象とする回路のレイアウトにより，異なる物理的特徴を有する電磁波形が取得可能である．この局所性と呼ばれる性質により，EMA は解析対象となる演算の処理に強く依存した漏洩電磁波を取得できることが知られている．そのため，回路全体の消費電力を利用する電力解析と比較して，効率的な解析が可能になると考えられている．本研究ではEMA の局所性に着目し，AES 暗号に対するクロック間衝突を用いた電磁波解析(CC-EMA：Clockwise Collision EMA)という新たな鍵復元アルゴリズムを提案する．対象とするAES 暗号実装は1 ラウンドを1 サイクルで行うループアーキテクチャ構造を有する．このような実装におけるクロック間衝突とは，連続した2 ラウンド間でAES 暗号回路内のS-box 回路への入力値のハミング距離が0 の時のことである．提案手法ではEMA の局所性を利用して解析対象となるS-box 回路で発生するクロック間衝突時の漏洩電磁波を識別し鍵復元を行なう．CC-EMA鍵復元アルゴリズムは閾値法と多数決法で構成することで，従来手法である相関電磁波解析(CEMA：Correlation EMA)と比べてAES の鍵復元時の計算量を1/256 に減らすことに成功した．さらに，本研究では，シミュレーションを用いてCC-EMA とCEMA を比較し，解析に必要な電磁波形数(解析コスト)の評価を行なう．我々は様々な環境下で取得した漏洩電磁波を想定した解析効率の評価を行なうため，サイドチャネル情報モデルを構築し，シミュレーションにより解析コストを定量化する．本シミュレーションにより，どのような環境下でCC-EMA が効率的にAES 暗号回路の鍵を復元できるかを示す．また，S-box 回路が並列に実装されたAES 暗号回路では鍵値によりクロック間衝突の発生頻度が異なることを明らかにする．我々は測定環境だけではなく鍵値に依存したCC-EMA の解析コストの定量化も行なう．これらのシミュレーション結果から，測定環境や鍵値によってはCC-EMA の解析効率がCEMA を上回ることを示す．電気通信大学201

Mixup Data Augmentation for Deep Learning Side-Channel Attacks

Following the current direction in Deep Learning (DL), more recent papers have started to pay attention to the efficiency of DL in breaking cryptographic implementations. Several works focus on techniques to boost the efficiency of existing architectures by data augmentation, regularization, etc. In this work, we investigate using mixup data augmentation \cite{zhang2017mixup} in order to improve the efficiency of DL-based Side-Channel Attacks (SCAs). We validated the soundness of the mixup on real traces collected from the ChipWhisperer board \cite{cw} and from the ASCAD database \cite{benadjila2020deep}. The obtained results have proven that using mixup data augmentation decreases the number of measurements needed to reveal the secret key compared to the non-augmented case

Secure Autonomous UAVs Fleets by Using New Specific Embedded Secure Elements

International audienc

An Efficient Side-Channel Protected AES Implementation with Arbitrary Protection Order

Passive physical attacks, like power analysis, pose a serious threat to the security of digital circuits. In this work, we introduce an efficient sidechannel protected Advanced Encryption Standard (AES) hardware design that is completely scalable in terms of protection order. Therefore, we revisit the private circuits scheme of Ishai et al. [13] which is known to be vulnerable to glitches. We demonstrate how to achieve resistance against multivariate higher-order attacks in the presence of glitches for the same randomness cost as the private circuits scheme. Although our AES design is scalable, it is smaller, faster, and less randomness demanding than other side-channel protected AES implementations. Our first-order secure AES design, for example, requires only 18 bits of randomness per S-box operation and 6 kGE of chip area. We demonstrate the flexibility of our AES implementation by synthesizing it up to the 15th protection order

Hardware security, vulnerabilities, and attacks: a comprehensive taxonomy

Information Systems, increasingly present in a world that goes towards complete digitalization, can be seen as complex systems at the base of which is the hardware. When dealing with the security of these systems to stop possible intrusions and malicious uses, the analysis must necessarily include the possible vulnerabilities that can be found at the hardware level, since their exploitation can make all defenses implemented at web or software level ineffective. In this paper, we propose a meaningful and comprehensive taxonomy for the vulnerabilities affecting the hardware and the attacks that exploit them to compromise the system, also giving a definition of Hardware Security, in order to clarify a concept often confused with other domains, even in the literature

An investigation into the signals leakage from a smartcard based on different runtime code

This paper investigates the power leakage of a smartcard. It is intended to answer two vital questions: what information is leaked out when different characters are used as output; and does the length of the output affect the amount of the information leaked. The investigation determines that as the length of the output is increased more bus lines are switched from a precharge state to a high state. This is related to the output array in the code increasing its length. Furthermore, this work shows that the output for different characters generates a different pattern. This is due to the fact that various characters needs different amount of bytes to be executed since they have different binary value. Additionally, the information leaked out can be directly linked to the smartcard’s interpreter