Dynamic Polymorphic Reconfiguration to Effectively “CLOAK” a Circuit’s Function

Today\u27s society has become more dependent on the integrity and protection of digital information used in daily transactions resulting in an ever increasing need for information security. Additionally, the need for faster and more secure cryptographic algorithms to provide this information security has become paramount. Hardware implementations of cryptographic algorithms provide the necessary increase in throughput, but at a cost of leaking critical information. Side Channel Analysis (SCA) attacks allow an attacker to exploit the regular and predictable power signatures leaked by cryptographic functions used in algorithms such as RSA. In this research the focus on a means to counteract this vulnerability by creating a Critically Low Observable Anti-Tamper Keeping Circuit (CLOAK) capable of continuously changing the way it functions in both power and timing. This research has determined that a polymorphic circuit design capable of varying circuit power consumption and timing can protect a cryptographic device from an Electromagnetic Analysis (EMA) attacks. In essence, we are effectively CLOAKing the circuit functions from an attacker

Asynchronous Advanced Encryption Standard Hardware with Random Noise Injection for Improved Side-Channel Attack Resistance

This work presents the design, hardware implementation, and performance analysis of novel asynchronous AES (advanced encryption standard) Key Expander and Round Function, which offer increased side-channel attack (SCA) resistance. These designs are based on a delay-insensitive (DI) logic paradigm known as null convention logic (NCL), which supports useful properties for resisting SCAs including dual-rail encoding, clock-free operation, and monotonic transitions. Potential benefits include reduced and more uniform switching activities and reduced signal-to-noise (SNR) ratio. A novel method to further augment NCL AES hardware with random voltage scaling technique is also presented for additional security. Thereby, the proposed components leak significantly less side-channel information than conventional clocked approaches. To quantitatively verify such improvements, functional verification and WASSO (weighted average simultaneous switching output) analysis have been carried out on both conventional synchronous approach and the proposed NCL based approach using Mentor Graphics ModelSim and Xilinx simulation tools. Hardware implementation has been carried out on both designs exploiting a specified side-channel attack standard evaluation FPGA board, called SASEBO-GII, and the corresponding power waveforms for both designs have been collected. Along with the results of software simulations, we have analyzed the collected waveforms to validate the claims related to benefits of the proposed cryptohardware design approach

SoK: SCA-secure ECC in software – mission impossible?

This paper describes an ECC implementation computing the X25519 keyexchange protocol on the Arm Cortex-M4 microcontroller. For providing protections against various side-channel and fault attacks we first review known attacks and countermeasures, then we provide software implementations that come with extensive mitigations, and finally we present a preliminary side-channel evaluation. To our best knowledge, this is the first public software claiming affordable protection against multiple classes of attacks that are motivated by distinct real-world application scenarios. We distinguish between X25519 with ephemeral keys and X25519 with static keys and show that the overhead to our baseline unprotected implementation is about 37% and 243%, respectively. While this might seem to be a high price to pay for security, we also show that even our (most protected) static implementation is at least as efficient as widely-deployed ECC cryptographic libraries, which offer much less protection

Key Randomization Countermeasures to Power Analysis Attacks on Elliptic Curve Cryptosystems

It is essential to secure the implementation of cryptosystems in embedded devices agains side-channel attacks. Namely, in order to resist differential (DPA) attacks, randomization techniques should be employed to decorrelate the data processed by the device from secret key parts resulting in the value of this data. Among the countermeasures that appeared in the literature were those that resulted in a random representation of the key known as the binary signed digit representation (BSD). We have discovered some interesting properties related to the number of possible BSD representations for an integer and we have proposed a different randomization algorithm. We have also carried our study to the $\tau$-adic representation of integers which is employed in elliptic curve cryptosystems (ECCs) using Koblitz curves. We have then dealt with another randomization countermeasure which is based on randomly splitting the key. We have investigated the secure employment of this countermeasure in the context of ECCs

Countermeasure implementation and effectiveness analysis for AES resistance against side channel attacks

Side Channel Analysis (SCA) is composed of a bunch of techniques employed to extract secret information from hardware operations through statistical analyses of execution data. For instance, the secret key of a crypto-algorithmic implementation could be targeted and its value could be retrieved. The data is obtained by measuring the power consumption or electromagnetic radiation of a device while performing an operation due to the linear relationship between the currents flowing through the circuitry during the execution of chip operations. Side channel is one of the most widely used attack methods in cryptanalysis. In order to avoid such attacks, the algorithmic implementations can be protected from side channel leakage with the use of different countermeasures. These countermeasures can be built on either software or hardware. The objective is to reduce, or even completely eliminate, the leakage of the device related to confidential data. Generally speaking, there are two main approaches to do so. The first aims to reduce the side channel observability, while the second intends to undermine the predictability of the data. This project focuses on designing and implementing different countermeasures that protect cryptographic implementations from side channel attacks, and test and analyze them afterwards. The countermeasures will be implemented in software and then tested though Correlation Power Analysis in a hardware device. The Advanced Encryption Standard (AES) algorithm will be used as a base structure, in order to improve its cryptographic security with the different countermeasures designed. However, the election of AES does not reduce the scope of this project since the implemented countermeasures could be applied to other cryptographic algorithms as well

A Differential Power Analysis Resistant Randomized Algorithm using Multiple AES Ciphers

Differential power analysis (DPA) side channel attacks have been shown to have great effectiveness in breaking ciphers (such as the Advanced Encryption Standard or AES) that were previously though to be unbreakable. There are currently many methods published that prevent differential power analysis on AES. The method proposed for this project is based on the increased usage of multiprocessors and multicore processors. By using multiple copies of the same AES cipher, a randomly chosen cipher is used to encrypt each plaintext. The other ciphers are then used to obfuscate the data made available to the attacker for DPA in the hope of making DPA impossible or require a statistically large amount of data that it is practically impossible to run successfully

Exploitation of Unintentional Information Leakage from Integrated Circuits

Unintentional electromagnetic emissions are used to recognize or verify the identity of a unique integrated circuit (IC) based on fabrication process-induced variations in a manner analogous to biometric human identification. The effectiveness of the technique is demonstrated through an extensive empirical study, with results presented indicating correct device identification success rates of greater than 99:5%, and average verification equal error rates (EERs) of less than 0:05% for 40 near-identical devices. The proposed approach is suitable for security applications involving commodity commercial ICs, with substantial cost and scalability advantages over existing approaches. A systematic leakage mapping methodology is also proposed to comprehensively assess the information leakage of arbitrary block cipher implementations, and to quantitatively bound an arbitrary implementation\u27s resistance to the general class of differential side channel analysis techniques. The framework is demonstrated using the well-known Hamming Weight and Hamming Distance leakage models, and approach\u27s effectiveness is demonstrated through the empirical assessment of two typical unprotected implementations of the Advanced Encryption Standard. The assessment results are empirically validated against correlation-based differential power and electromagnetic analysis attacks

Side Channel Information Leakage: Design and Implementation of Hardware Countermeasure

Deployment of Dynamic Differential Logics (DDL) appears to be a promising choice for providing resistance against leakage of side channel information. However, the resistance provided by these logics is too costly for widespread area-constrained applications. Implementation of a secure DDL-based countermeasure also requires a complex layout methodology for balancing the load at the differential outputs. This thesis, unlike previous logic level approaches, presents a novel exploitation of static and single-ended logic for designing the side channel countermeasure. The proposed technique is used in the implementation of a protected crypto core consisting of the AES “AddRoundKey” and “SubByte” transformation. The test chip including the protected and unprotected crypto cores is fabricated in 180nm CMOS technology. A correlation analysis on the unprotected core results in revealing the key at the output of the combinational networks and the registers. The quality of the measurements is further improved by introducing an enhanced data capturing method that inserts a minimum power consuming input as a reference vector. In comparison, no key-related information is leaked from the protected core even with an order of magnitude increase in the number of averaged traces. For the first time, fabricated chip results are used to validate a new logic level side channel countermeasure that offers lower area and reduced circuit design complexity compared to the DDL-based countermeasures. This thesis also provides insight into the side channel vulnerability of cryptosystems in sub-90nm CMOS technology nodes. In particular, data dependency of leakage power is analyzed. The number of traces to disclose the key is seen to decrease by 35% from 90nm to 45nm CMOS technology nodes. Analysis shows that the temperature dependency of the subthreshold leakage has an important role in increasing the ability to attack future nanoscale crypto cores. For the first time, the effectiveness of a circuit-based leakage reduction technique is examined for side channel security. This investigation demonstrates that high threshold voltage transistor assignment improves resistance against information leakage. The analysis initiated in this thesis is crucial for rolling out the guidelines of side channel security for the next generation of Cryptosystem.1 yea