Energy-Efficient Multi-Key Security Scheme for Wireless Sensor Network

This paper proposes multi-key encryption scheme and engine architecture (MKE) that increases security and optimizes energy efficiency of sensor networks, while minimizing modifications to existing implementations. The scheme improves security of AES against correlation power analysis (CPA) attack by employing MKE engine, breaking the correlation between power consumption and the used key. Other schemes utilize complex hardware designs, for example by using the inhomogeneous s-boxes that reduce energy efficiency of the engine. In contrast, the proposed hardware engine uses a randomly sequence of few keys to encode subsequent blocks of a messages. Additionally, the scheme improves security of AES against brute-force attacks for a given key size by utilizing multiple keys to encrypt subsequent blocks of a message. In contrast, a typical security upgrade would require a larger key size and encryption engine, which would increase cost and energy consumption of the devices. Both analytical and simulation results are presented in this paper

Robustness Analysis of Real-Time Scheduling Against Differential Power Analysis Attacks

Item does not contain fulltextISVLSI 2014 IEEE Computer Society Annual Symposium on VLSI, 9-11 July 2014, Tampa, Florid

Physical Time-Varying Transfer Functions as Generic Low-Overhead Power-SCA Countermeasure

Mathematically-secure cryptographic algorithms leak significant side channel information through their power supplies when implemented on a physical platform. These side channel leakages can be exploited by an attacker to extract the secret key of an embedded device. The existing state-of-the-art countermeasures mainly focus on the power balancing, gate-level masking, or signal-to-noise (SNR) reduction using noise injection and signature attenuation, all of which suffer either from the limitations of high power/area overheads, performance degradation or are not synthesizable. In this article, we propose a generic low-overhead digital-friendly power SCA countermeasure utilizing physical Time-Varying Transfer Functions (TVTF) by randomly shuffling distributed switched capacitors to significantly obfuscate the traces in the time domain. System-level simulation results of the TVTF-AES implemented in TSMC 65nm CMOS technology show > 4000x MTD improvement over the unprotected implementation with nearly 1.25x power and 1.2x area overheads, and without any performance degradation

A Secure Neuromemristive Primitive to Mitigate Correlation Power Analysis on SHA-3 Hash Function

Passing messages to soldiers on the battle field, conducting online banking, and downloading files on the internet are very different applications that all share one thing in common, concerns over security of the data being processed. Data security depends on the cryptographic systems that take into account both the algorithmic weakness and the weaknesses of the hardware devices they are implemented on. The current dominant hardware design medium is complementary metal-oxide-semi-conductor (CMOS). CMOS has been shown to leak more power as the technology node size decreases. The leaked power has a strong correlation with the bits being manipulated inside a device. These power leakages have brought on a class of power analysis that is able to extract secret information being processed in the algorithm with far less computational power than brute force guessing. Recently, many hardware designs have been proposed which have shown resistance against different forms of power analysis by changing hardware layouts; however, these designs are realized in the same technology, CMOS, that causes the side channel attack problem. There are many emerging technologies that are becoming more practical to implement in conjunction with CMOS. Of these, neuromemristive systems have two characteristics that can be exploited to prevent side channel attacks: low power operation and stochastic behavior. Attacks were conducted on both CMOS and neuromemrisitve based mitigations of the SHA-3 algorithm. In this thesis, digital side channel attack mitigations are created to exploit dual-rail logic. A secure neuromemristive primitive is designed using neural logic blocks that, to the best of our knowledge, have not been considered by others in mitigation of power analysis. Also, an in-depth analysis of power attacks on linear functions compared to typical non-linear attack points is conducted. Metrics such as number of power traces used for the Correlation Power Analysis (CPA), correlation coefficients, confidence ratios, power consumption, and transistor count were used to compare circuit performance. Success rate of guessing a key during SHA-3 operations, while configured as a MAC, was used as a system benchmark. It was found that CMOS is effective in countermeasures when masking linear functions, with the ability to use current standard cells, in ASIC design. If reconfigurable circuits are considered, the neuromemristive circuit had the overall best mitigation strength with almost complete decoupling of input data to power dissipated; moreover, this design offered low power operation and small form factor compared to the original circuit

Power Analysis of Sub-threshold Logics for Security Applications

Requirements of ultra-low power for many portable devices have drawn increased attention to digital sub-threshold logic design. Major reductions in power consumption and frequency of operation degradation due to the exponential decrease of the drain current in the sub-threshold region has made this logic an excellent choice, particularly for ultra-low power applications where performance is not the primary concern. Examples include RFID, wireless sensor networks and biomedical implantable devices. Along with energy consumption, security is another compelling requirement for these applications. Power analysis attacks, such as Correlation Power Analysis (CPA), are a powerful type of side channel attacks that are capable of performing a non-invasive attack with minimum equipment. As such, they present a serious threat to devices with secret information inside. This research analyzes sub-threshold logics from a previously unexplored perspective, side channel information leakage. Various transistor level and RTL circuits are implemented in the sub-threshold region as well as in the strong inversion region (normally the standard region of operation) using a 65 nm process. Measures, such as Difference of Mean Energies (DME), Normalized Energy Deviation (NED) and Normalized Standard Deviation (NSD) are employed to evaluate the implemented architectures. A CPA attack is also performed on more complex designs and the obtained correlation coefficients are used to compare sub-threshold and strong inversion logics. This research demonstrates that sub-threshold does not only increase the security against side channel attacks, but can also decrease the amount of leaked information. This research also shows that a circuit operating at sub-threshold consumes considerably less energy than the same circuit operating in strong inversion and the level of its instantaneous power consumption is significantly lower. Therefore, the noise power required to cover the secret information decreases and the attack may be dramatically more difficult due to major increase in the number of required power traces and run time. Thus, this research is important for identifying sub-threshold as a future viable technology for secure embedded applications

Energy-efficient task-scheduling and networking protocols for secure wireless networks

The performance of wireless networks is dependent on a number of factors including the available energy, energy-efficiency, data processing delay, transmission delay, routing decisions, security overhead, etc. Traditionally, due to limited resources, nodes were tasked with only collecting measurements and sending them to a base station or central unit for processing. With increased capabilities of microprocessors the data processing is pushed more toward network and its more capable nodes. This thesis focuses to virtualize the processing resources of the entire network and dynamically distribute processing steps along the routing path while optimizing performance. Additionally, a new multi-key encryption (MKE) scheme is proposed to optimize efficiency while enhancing security. The main benefit of the MKE scheme is the improved resilience of the advanced encryption standard (AES) against correlation power analysis (CPA) attack by breaking the correlation between power consumption and the used secret key. The MKE security scheme is analyzed with network implementation and studied for its effects on network parameters such as network connectivity, resilience against node capture and energy efficiency of the scheme. Moreover, a new analysis methodology is proposed to quantify a resilience of a network against node capture such that the strength of the underlying security mechanisms is taken into account. Furthermore, the tradeoff between security and network performance is addressed by the proposed task-scheduling scheme. Also, the proposed methodology does not make assumption of homogenous [sic] network that is often used in literature to simplify analysis and scheme design. In contrast, the proposed formulation is generic, thus allowing heterogeneous nodes to be used while guaranteeing network performance. Consequently, the proposed scheme creates a wireless computing cloud where the processing tasks are dynamically assigned to the nodes using the Dynamic Programming (DP) methodology. The processing and transmission decisions are analytically derived from network models in order to optimize the utilization of network resources including: available energy, processing capacity, security overhead, bandwidth etc. As a result, the online optimization of network resources is achieved --Abstract, page iv

Where Star Wars Meets Star Trek: SABER and Dilithium on the Same Polynomial Multiplier

Secure communication often require both encryption and digital signatures to guarantee the confidentiality of the message and the authenticity of the parties. However, post-quantum cryptographic protocols are often studied independently. In this work, we identify a powerful synergy between two finalist protocols in the NIST standardization process. In particular, we propose a technique that enables SABER and Dilithium to share the exact same polynomial multiplier. Since polynomial multiplication plays a key role in each protocol, this has a significant impact on hardware implementations that support both SABER and Dilithium. We estimate that existing Dilithium implementations can add support for SABER with only a 4% increase in LUT count. A minor trade-off of the proposed multiplier is that it can produce inexact results with some limited inputs. We thus carry out a thorough analysis of such cases, where we prove that the probability of these events occurring is near zero, and we show that this characteristic does not affect the security of the implementation. We then implement the proposed multiplier in hardware to obtain a design that offers competitive performance/area trade-offs. Our NTT implementation achieves a latency of 519 cycles while consuming 2,012 LUTs and only 331 flip-flops when implemented on an Artix-7 FPGA. We also propose a shuffling-based method to provide side-channel protection with low overhead during polynomial multiplication. Finally, we evaluate the side-channel security of the proposed design on a Sakura-X FPGA board

Information Leakage in Code-based Masking: A Systematic Evaluation by Higher-Order Attacks

Code-based masking is a recent line of research on masking schemes aiming at provably counteracting side-channel attacks. It generalizes and unifies many masking schemes within a coding-theoretic formalization. In code-based masking schemes, the tuning parameters are the underlying linear codes, whose choice significantly affects the side-channel resilience. In this paper, we investigate the exploitability of the information leakage in code-based masking and present attack-based evaluation results of higher-order optimal distinguisher (HOOD). Particularly, we consider two representative instances of code-based masking, namely inner product masking (IPM) and Shamir\u27s secret sharing (SSS) based masking. Our results do confirm the state-of-the-art theoretical derivatives in an empirical manner with numerically simulated measurements. Specifically, theoretical results are based on quantifying information leakage; we further complete the panorama with attack-based evaluations by investigating the exploitability of the leakage. Moreover, we classify all possible candidates of linear codes in IPM with 2 and 3 shares and (3,1)-SSS based masking, and highlight both optimal and worst codes for them. Relying on our empirical evaluations, we therefore recommend investigating the coding-theoretic properties to find the best linear codes in strengthening instances of code-based masking. As for applications, our attack-based evaluation directly empowers designers, by employing optimal linear codes, to enhance the protection of code-based masking. Our framework leverages simulated leakage traces, hence allowing for source code validation or patching in case it is found to be attackable