University of Edinburgh. College of Science and Engineering. School of Informatics.
Abstract
Institute for Computing Systems ArchitectureThe traditional model of cryptography examines the security of the cipher as a
mathematical function. However, ciphers that are secure when specified as mathematical
functions are not necessarily secure in real-world implementations. The physical
implementations of ciphers can be extremely difficult to control and often leak socalled
side-channel information. Side-channel cryptanalysis attacks have shown to
be especially effective as a practical means for attacking implementations of cryptographic
algorithms on simple hardware platforms, such as smart-cards. Adversaries
can obtain sensitive information from side-channels, such as the timing of operations,
power consumption and electromagnetic emissions. Some of the attack techniques
require surprisingly little side-channel information to break some of the best known
ciphers. In constrained devices, such as smart-cards, straightforward implementations
of cryptographic algorithms can be broken with minimal work. Preventing these attacks
has become an active and a challenging area of research.
Power analysis is a successful cryptanalytic technique that extracts secret information
from cryptographic devices by analysing the power consumed during their operation.
A particularly dangerous class of power analysis, differential power analysis
(DPA), relies on the correlation of power consumption measurements. It has been proposed
that adding non-determinism to the execution of the cryptographic device would
reduce the danger of these attacks. It has also been demonstrated that asynchronous
logic has advantages for security-sensitive applications. This thesis investigates the
security and performance advantages of using a network-based asynchronous architecture,
in which the functional units of the datapath form a network. Non-deterministic
execution is achieved by exploiting concurrent execution of instructions both with and
without data-dependencies; and by forwarding register values between instructions
with data-dependencies using randomised routing over the network. The executions of
cryptographic algorithms on different architectural configurations are simulated, and
the obtained power traces are subjected to DPA attacks. The results show that the
proposed architecture introduces a level of non-determinism in the execution that significantly
raises the threshold for DPA attacks to succeed. In addition, the performance
analysis shows that the improved security does not degrade performance