Hardware architecture implemented on FPGA for protecting cryptographic keys against side-channel attacks

This paper presents a new hardware architecture designed for protecting the key of cryptographic algorithms against attacks by side-channel analysis (SCA). Unlike previous approaches already published, the fortress of the proposed architecture is based on revealing a false key. Such a false key is obtained when the leakage information, related to either the power consumption or the electromagnetic radiation (EM) emitted by the hardware device, is analysed by means of a classical statistical method. In fact, the trace of power consumption (or the EM) does not reveal any significant sign of protection in its behaviour or shape. Experimental results were obtained by using a Virtex 5 FPGA, on which a 128-bit version of the standard AES encryption algorithm was implemented. The architecture could easily be extrapolated to an ASIC device based on standard cell libraries. The system is capable of concealing the real key when various attacks are performed on the AES algorithm, using two statistical methods which are based on correlation, the Welch’s t-test and the difference of means.Peer ReviewedPostprint (author's final draft

Security analysis of higher-order Boolean masking schemes for block ciphers (with conditions of perfect masking)

Side-channel attacks are an important class of cryptanalytic techniques against cryptographic' implementations and masking is a frequently considered solution to improve the resistance of a cryptographic implementation against side-channel attacks. The security of higher-order Boolean masking schemes in various contexts is analysed. The results presented are 2-fold. First, the definitions of higher-order side-channel attacks with the related security notions are formalised and certain security weaknesses in recently proposed masking schemes are put forward. Second, the conditions upon which a substitution box in a block cipher can be perfectly masked by Boolean values in order to counteract side-channel attacks are investigated. That is, can the leakages' statistical distributions at a masked S-box output (over all possible masks) be independent of the secret key targeted in the attacks? The consequences of this requirement are studied in two commonly considered leakage models, namely the Hamming weight and distance models, and conditions on the substitution boxes are derived. As a result of the analysis, it appears that these conditions are not achievable as they lead to evident cryptanalytic weaknesses. Thus, it is formally confirmed that masking cannot be used as a stand-alone countermeasure and cannot offer provable security against side-channel attacks

Research on performance enhancement for electromagnetic analysis and power analysis in cryptographic LSI

制度:新 ; 報告番号:甲3785号 ; 学位の種類:博士(工学) ; 授与年月日:2012/11/19 ; 早大学位記番号:新6161Waseda Universit