DPA, Bitslicing and Masking at 1 GHz

We present DPA attacks on an ARM Cortex-A8 processor running at 1 GHz. This high-end processor is typically found in portable devices such as phones and tablets. In our case, the processor sits in a single board computer and runs a full-fledged Linux operating system. The targeted AES implementation is bitsliced and runs in constant time and constant flow. We show that, despite the complex hardware and software, high clock frequencies and practical measurement issues, the implementation can be broken with DPA starting from a few thousand measurements of the electromagnetic emanation of a decoupling capacitor near the processor. To harden the bitsliced implementation against DPA attacks, we mask it using principles of hardware gate-level masking. We evaluate the security of our masked implementation against first-order and second-order attacks. Our experiments show that successful attacks require roughly two orders of magnitude more measurements.

[1]  Deian Stefan,et al.  Fast Software AES Encryption , 2010, FSE.

[2]  Daniel Page,et al.  Cryptographic Hardware and Embedded Systems - CHES 2005 , 2004 .

[3]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[4]  Christophe Giraud,et al.  An Implementation of DES and AES, Secure against Some Attacks , 2001, CHES.

[5]  Mitsuru Matsui,et al.  How Far Can We Go on the x64 Processors? , 2006, FSE.

[6]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[7]  Stefan Mangard,et al.  Side-Channel Leakage of Masked CMOS Gates , 2005, CT-RSA.

[8]  Tanja Lange,et al.  The Security Impact of a New Cryptographic Library , 2012, LATINCRYPT.

[9]  Dan Page,et al.  Theoretical Use of Cache Memory as a Cryptanalytic Side-Channel , 2002, IACR Cryptol. ePrint Arch..

[10]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[11]  Daniel J. Bernstein,et al.  Cache-timing attacks on AES , 2005 .

[12]  Joseph Bonneau,et al.  Cache-Collision Timing Attacks Against AES , 2006, CHES.

[13]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[14]  Peter Schwabe,et al.  Faster and Timing-Attack Resistant AES-GCM , 2009, CHES.

[15]  Akashi Satoh,et al.  A Compact Rijndael Hardware Architecture with S-Box Optimization , 2001, ASIACRYPT.

[16]  Vijay Kumar,et al.  Efficient Rijndael Encryption Implementation with Composite Field Arithmetic , 2001, CHES.

[17]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[18]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[19]  Zhizhang Chen,et al.  A Case Study of Side-Channel Analysis Using Decoupling Capacitor Power Measurement with the OpenADC , 2012, FPS.

[20]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[21]  Bruno Robisson,et al.  ElectroMagnetic analysis (EMA) of software AES on Java mobile phones , 2011, 2011 IEEE International Workshop on Information Forensics and Security.

[22]  Eli Biham,et al.  A Fast New DES Implementation in Software , 1997, FSE.

[23]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[24]  Vincent Rijmen Efficient Implementation of the Rijndael S-box , 2000 .

[25]  P. Rohatgi,et al.  Mobile Device Security : The case for side channel resistance , 2012 .

[26]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[27]  Louis Goubin,et al.  DES and Differential Power Analysis (The "Duplication" Method) , 1999, CHES.

[28]  Thomas S. Messerges,et al.  Using Second-Order Power Analysis to Attack DPA Resistant Software , 2000, CHES.

[29]  David Canright,et al.  A Very Compact S-Box for AES , 2005, CHES.

[30]  Bruce Schneier,et al.  Side Channel Cryptanalysis of Product Ciphers , 1998, J. Comput. Secur..

[31]  Sylvain Guilley,et al.  A Pre-processing Composition for Secret Key Recovery on Android Smartphone , 2014, WISTP.

[32]  Mitsuru Matsui,et al.  On the Power of Bitslice Implementation on Intel Core2 Processor , 2007, CHES.

[33]  Siddika Berna Ors Yalcin,et al.  Differential power analysis attack considering decoupling capacitance effect , 2009, 2009 European Conference on Circuit Theory and Design.

[34]  Catherine H. Gebotys,et al.  EM Analysis of Rijndael and ECC on a Wireless Java-Based PDA , 2005, CHES.

[35]  Elena Trichina,et al.  Combinational Logic Design for AES SubByte Transformation on Masked Data , 2003, IACR Cryptol. ePrint Arch..

[36]  Robert H. Sloan,et al.  Power Analysis Attacks of Modular Exponentiation in Smartcards , 1999, CHES.

[37]  Elisabeth Oswald,et al.  An ASIC Implementation of the AES SBoxes , 2002, CT-RSA.

[38]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[39]  Robert Könighofer,et al.  A Fast and Cache-Timing Resistant Implementation of the AES , 2008, CT-RSA.

[40]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[41]  Emmanuel Prouff,et al.  Statistical Analysis of Second Order Differential Power Analysis , 2009, IEEE Transactions on Computers.