Assessment of Hiding the Higher-Order Leakages in Hardware - What Are the Achievements Versus Overheads?

Higher-order side-channel attacks are becoming amongst the major interests of academia as well as industry sector. It is indeed being motivated by the development of countermeasures which can prevent the leakages up to certain orders. As a concrete example, threshold implementation (TI) as an efficient way to realize Boolean masking in hardware is able to avoid first-order leakages. Trivially, the attacks conducted at second (and higher) orders can exploit the corresponding leakages hence devastating the provided security. Hence, the extension of TI to higher orders was being expected which has been presented at ASIACRYPT 2014. Following its underlying univariate settings it can provide security at higher orders, and its area and time overheads naturally increase with the desired security order.

[1]  Eduardo de la Torre,et al.  Automatic generation of identical routing pairs for FPGA implemented DPL logic , 2012, 2012 International Conference on Reconfigurable Computing and FPGAs.

[2]  V. Neelima,et al.  A More Efficient AES Threshold Implementation , 2016 .

[3]  Alessandro Barenghi,et al.  On the vulnerability of FPGA bitstream encryption against power analysis attacks: extracting keys from xilinx Virtex-II FPGAs , 2011, CCS '11.

[4]  Sylvain Guilley,et al.  BCDL: A high speed balanced DPL for FPGA with global precharge and no early evaluation , 2010, 2010 Design, Automation & Test in Europe Conference & Exhibition (DATE 2010).

[5]  Oscar Reparaz A note on the security of Higher-Order Threshold Implementations , 2015, IACR Cryptol. ePrint Arch..

[6]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[7]  Amir Moradi,et al.  Early Propagation and Imbalanced Routing, How to Diminish in FPGAs , 2014, IACR Cryptol. ePrint Arch..

[8]  Emmanuel Prouff,et al.  Statistical Analysis of Second Order Differential Power Analysis , 2009, IEEE Transactions on Computers.

[9]  Thomas Eisenbarth,et al.  Correlation-Enhanced Power Analysis Collision Attack , 2010, CHES.

[10]  Pankaj Rohatgi,et al.  Partitioning attacks: or how to rapidly clone some GSM cards , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[11]  Christof Paar,et al.  Power Analysis of Single-Rail Storage Elements as Used in MDPL , 2009, ICISC.

[12]  Sylvain Guilley,et al.  DPL on Stratix II FPGA: What to Expect? , 2009, 2009 International Conference on Reconfigurable Computing and FPGAs.

[13]  Daisuke Suzuki,et al.  Security Evaluation of DPA Countermeasures Using Dual-Rail Pre-charge Logic Style , 2006, CHES.

[14]  Jean-Sébastien Coron,et al.  An Efficient Method for Random Delay Generation in Embedded Software , 2009, CHES.

[15]  Lionel Torres,et al.  Evaluation on FPGA of triple rail logic robustness against DPA and DEMA , 2009, 2009 Design, Automation & Test in Europe Conference & Exhibition.

[16]  Vincent Rijmen,et al.  Threshold Implementations of all 3x3 and 4x4 S-boxes , 2012, IACR Cryptol. ePrint Arch..

[17]  Jean-Jacques Quisquater,et al.  On the Need of Physical Security for Small Embedded Devices: A Case Study with COMP128-1 Implementations in SIM Cards , 2013, Financial Cryptography.

[18]  Ingrid Verbauwhede,et al.  A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[19]  Vincent Rijmen,et al.  Threshold implementations of small S-boxes , 2014, Cryptography and Communications.

[20]  Thomas Zefferer,et al.  Evaluation of the Masked Logic Style MDPL on a Prototype Chip , 2007, CHES.

[21]  Amir Moradi,et al.  Glitch-free implementation of masking in modern FPGAs , 2012, 2012 IEEE International Symposium on Hardware-Oriented Security and Trust.

[22]  Ingrid Verbauwhede,et al.  Power Analysis of Atmel CryptoMemory - Recovering Keys from Secure EEPROMs , 2012, CT-RSA.

[23]  Stefan Mangard,et al.  Masked Dual-Rail Pre-charge Logic: DPA-Resistance Without Routing Constraints , 2005, CHES.

[24]  Tim Güneysu,et al.  Evaluating the Duplication of Dual-Rail Precharge Logics on FPGAs , 2015, COSADE.

[25]  Amir Moradi,et al.  On the Simplicity of Converting Leakages from Multivariate to Univariate - (Case Study of a Glitch-Resistant Masking Scheme) , 2013, CHES.

[26]  Jens-Peter Kaps,et al.  DPA Resistant AES on FPGA Using Partial DDL , 2010, 2010 18th IEEE Annual International Symposium on Field-Programmable Custom Computing Machines.

[27]  Sylvain Guilley,et al.  Countering early evaluation: an approach towards robust dual-rail precharge logic , 2010, WESS '10.

[28]  Patrick Schaumont,et al.  Prototype IC with WDDL and Differential Routing - DPA Resistance Assessment , 2005, CHES.

[29]  Vincent Rijmen,et al.  Secure Hardware Implementation of Non-linear Functions in the Presence of Glitches , 2009, ICISC.

[30]  Patrick Schaumont,et al.  Secure FPGA circuits using controlled placement and routing , 2007, 2007 5th IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS).

[31]  Akashi Satoh,et al.  Side-channel Attack user reference architecture board SAKURA-W for security evaluation of IC card , 2015, 2015 IEEE 4th Global Conference on Consumer Electronics (GCCE).

[32]  Amir Moradi,et al.  Statistical Tools Flavor Side-Channel Collision Attacks , 2012, EUROCRYPT.

[33]  Christof Paar,et al.  Pushing the Limits: A Very Compact and a Threshold Implementation of AES , 2011, EUROCRYPT.

[34]  Eduardo de la Torre,et al.  A Precharge-Absorbed DPL Logic for Reducing Early Propagation Effects on FPGA Implementations , 2011, 2011 International Conference on Reconfigurable Computing and FPGAs.

[35]  Vincent Rijmen,et al.  Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches , 2011, Journal of Cryptology.

[36]  Tim Güneysu,et al.  Arithmetic Addition over Boolean Masking - Towards First- and Second-Order Resistance in Hardware , 2015, ACNS.

[37]  François-Xavier Standaert,et al.  Shuffling against Side-Channel Attacks: A Comprehensive Study with Cautionary Note , 2012, ASIACRYPT.

[38]  Christophe De Cannière,et al.  KATAN and KTANTAN - A Family of Small and Efficient Hardware-Oriented Block Ciphers , 2009, CHES.

[39]  Vincent Rijmen,et al.  Higher-Order Threshold Implementations , 2014, ASIACRYPT.

[40]  Stefan Mangard,et al.  Successfully Attacking Masked AES Hardware Implementations , 2005, CHES.

[41]  Tim Güneysu,et al.  Generic Side-Channel Countermeasures for Reconfigurable Devices , 2011, CHES.

[42]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[43]  I. Verbauwhede,et al.  A dynamic and differential CMOS logic with signal independent power consumption to withstand differential power analysis on smart cards , 2002, Proceedings of the 28th European Solid-State Circuits Conference.

[44]  Amir Moradi,et al.  Leakage Assessment Methodology - A Clear Roadmap for Side-Channel Evaluations , 2015, CHES.

[45]  Emmanuel Prouff,et al.  Provably Secure Higher-Order Masking of AES , 2010, IACR Cryptol. ePrint Arch..

[46]  Lejla Batina,et al.  A Very Compact "Perfectly Masked" S-Box for AES , 2008, ACNS.

[47]  P. Rohatgi,et al.  A testing methodology for side channel resistance , 2011 .

[48]  Christof Paar,et al.  On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoqCode Hopping Scheme , 2008, CRYPTO.

[49]  Vincent Rijmen,et al.  A Side-Channel Analysis Resistant Description of the AES S-Box , 2005, FSE.

[50]  Amir Moradi,et al.  Side-Channel Resistant Crypto for Less than 2,300 GE , 2011, Journal of Cryptology.

[51]  Alex Biryukov,et al.  A Toolbox for Cryptanalysis: Linear and Affine Equivalence Algorithms , 2003, EUROCRYPT.

[52]  Amir Moradi,et al.  Moments-Correlating DPA , 2016, IACR Cryptol. ePrint Arch..

[53]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[54]  Zhimin Chen,et al.  Dual-Rail Random Switching Logic: A Countermeasure to Reduce Side Channel Leakage , 2006, CHES.