Lightweight Cryptography and DPA Countermeasures: A Survey

The dawning Ubiquitous Computing age demands a new attacker model for the myriads of pervasive computing devices used: since a potentially malicious user is in full control over the pervasive device, additionally to the cryptographic attacks the whole field of physical attacks has to be considered. Most notably are here so-called side channel attacks, such as Differential Power Analysis (DPA) attacks. At the same time, the deployment of pervasive devices is strongly cost-driven, which prohibits expensive countermeasures. In this article we survey a broad range of countermeasures and discuss their suitability for ultra-constrained devices, such as passive RFID-tags. We conclude that adiabatic logic countermeasures, such as 2N-2N2P and SAL, seem to be promising candidates, because they increase the resistance against DPA attacks while at the same time lowering the power consumption of the pervasive device.

[1]  Christof Paar,et al.  Information Leakage of Flip-Flops in DPA-Resistant Logic Styles , 2008, IACR Cryptol. ePrint Arch..

[2]  Daisuke Suzuki,et al.  A Design Methodology for a DPA-Resistant Cryptographic LSI with RSL Techniques , 2009, CHES.

[3]  Amir Moradi,et al.  Compact and Secure Design of Masked AES S-Box , 2007, ICICS.

[4]  Vincent Rijmen,et al.  Threshold Implementations Against Side-Channel Attacks and Glitches , 2006, ICICS.

[5]  Kyung-Hee Lee,et al.  Small Size, Low Power, Side Channel-Immune AES Coprocessor: Design and Synthesis Results , 2004, AES Conference.

[6]  Jean-Sébastien Coron,et al.  A New DPA Countermeasure Based on Permutation Tables , 2008, SCN.

[7]  Kil-Hyun Nam,et al.  Information Security and Cryptology - ICISC 2007, 10th International Conference, Seoul, Korea, November 29-30, 2007, Proceedings , 2007, ICISC.

[8]  Benedikt Gierlichs DPA-Resistance Without Routing Constraints? , 2007, CHES.

[9]  Stefan Tillich,et al.  Attacking State-of-the-Art Software Countermeasures-A Case Study for AES , 2008, CHES.

[10]  Elena Trichina,et al.  Combinational Logic Design for AES SubByte Transformation on Masked Data , 2003, IACR Cryptol. ePrint Arch..

[11]  Vincent Rijmen,et al.  AES implementation on a grain of sand , 2005 .

[12]  Daisuke Suzuki,et al.  Random Switching Logic: A Countermeasure against DPA based on Transition Probability , 2004, IACR Cryptol. ePrint Arch..

[13]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[14]  Patrick Schaumont,et al.  Masking and Dual-Rail Logic Don't Add Up , 2007, CHES.

[15]  Amir Moradi,et al.  Charge recovery logic as a side channel attack countermeasure , 2009, 2009 10th International Symposium on Quality Electronic Design.

[16]  James H. Aylor,et al.  Computer for the 21st Century , 1999, Computer.

[17]  Amir Moradi,et al.  A secure and low-energy logic style using charge recovery approach , 2008, Proceeding of the 13th international symposium on Low power electronics and design (ISLPED '08).

[18]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[19]  Mark Weiser,et al.  The computer for the 21st Century , 1991, IEEE Pervasive Computing.

[20]  Elisabeth Oswald,et al.  Cryptographic Hardware and Embedded Systems - CHES 2008, 10th International Workshop, Washington, D.C., USA, August 10-13, 2008. Proceedings , 2008, CHES.

[21]  Daisuke Suzuki,et al.  DPA Leakage Models for CMOS Logic Circuits , 2005, CHES.

[22]  Vincent Rijmen,et al.  A Side-Channel Analysis Resistant Description of the AES S-Box , 2005, FSE.

[23]  Neal Koblitz,et al.  Advances in Cryptology — CRYPTO ’96 , 2001, Lecture Notes in Computer Science.

[24]  Narayanan Vijaykrishnan,et al.  Power attack resistant cryptosystem design: a dynamic voltage and frequency switching approach , 2005, Design, Automation and Test in Europe.

[25]  Alfred Menezes,et al.  Topics in Cryptology – CT-RSA 2005 , 2005 .

[26]  Vincent Rijmen,et al.  Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches , 2011, Journal of Cryptology.

[27]  Stefan Mangard,et al.  Side-Channel Leakage of Masked CMOS Gates , 2005, CT-RSA.

[28]  Simon Heron,et al.  Encryption: Advanced Encryption Standard (AES) , 2009 .

[29]  Christophe Clavier,et al.  Cryptographic Hardware and Embedded Systems - CHES 2009, 11th International Workshop, Lausanne, Switzerland, September 6-9, 2009, Proceedings , 2009, CHES.

[30]  Marc Joye,et al.  Cryptographic Hardware and Embedded Systems - CHES 2004 , 2004, Lecture Notes in Computer Science.

[31]  Marc Fischlin,et al.  Topics in Cryptology – CT-RSA 2009 , 2009 .

[32]  Daisuke Suzuki,et al.  Random Switching Logic: A New Countermeasure against DPA and Second-Order DPA at the Logic Level , 2007, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[33]  Ingrid Verbauwhede,et al.  A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[34]  Stefan Mangard,et al.  An AES Smart Card Implementation Resistant to Power Analysis Attacks , 2006, ACNS.

[35]  Stefan Mangard,et al.  Successfully Attacking Masked AES Hardware Implementations , 2005, CHES.

[36]  Bart Preneel,et al.  Mutual Information Analysis , 2008, CHES.

[37]  Ingrid Verbauwhede,et al.  Cryptographic hardware and embedded systems : CHES 2007 : 9th International Workshop, Vienna, Austria, September 10-13, 2007 : proceedings , 2007 .

[38]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[39]  Amir Moradi,et al.  Power Analysis Attacks on MDPL and DRSL Implementations , 2007, ICISC.

[40]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[41]  Christof Paar,et al.  On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoqCode Hopping Scheme , 2008, CRYPTO.

[42]  Jean-Louis Lanet,et al.  Smart Card Research and Advanced Application, 9th IFIP WG 8.8/11.2 International Conference, CARDIS 2010, Passau, Germany, April 14-16, 2010. Proceedings , 2010, CARDIS.

[43]  Ingrid Verbauwhede,et al.  Practical DPA attacks on MDPL , 2009, 2009 First IEEE International Workshop on Information Forensics and Security (WIFS).

[44]  Stefan Mangard,et al.  Masked Dual-Rail Pre-charge Logic: DPA-Resistance Without Routing Constraints , 2005, CHES.

[45]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[46]  Berk Sunar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2005, 7th International Workshop, Edinburgh, UK, August 29 - September 1, 2005, Proceedings , 2005, CHES.

[47]  Ingrid Verbauwhede,et al.  Power and Fault Analysis Resistance in Hardware through Dynamic Reconfiguration , 2008, CHES.

[48]  Bart Preneel,et al.  Mutual Information Analysis A Generic Side-Channel Distinguisher , 2008 .

[49]  Lejla Batina,et al.  A Very Compact "Perfectly Masked" S-Box for AES , 2008, ACNS.

[50]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[51]  David Naccache,et al.  Cryptographic Hardware and Embedded Systems — CHES 2001 , 2001 .

[52]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[53]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[54]  I. Verbauwhede,et al.  A dynamic and differential CMOS logic with signal independent power consumption to withstand differential power analysis on smart cards , 2002, Proceedings of the 28th European Solid-State Circuits Conference.

[55]  Mitsuru Matsui,et al.  Cryptographic Hardware and Embedded Systems - CHES 2006, 8th International Workshop, Yokohama, Japan, October 10-13, 2006, Proceedings , 2006, CHES.

[56]  Christophe Giraud,et al.  An Implementation of DES and AES, Secure against Some Attacks , 2001, CHES.

[57]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[58]  Daisuke Suzuki,et al.  Security Evaluation of DPA Countermeasures Using Dual-Rail Pre-charge Logic Style , 2006, CHES.

[59]  Martijn Stam Beyond Uniformity: Better Security/Efficiency Tradeoffs for Compression Functions , 2008, CRYPTO.

[60]  Stefan Mangard,et al.  Practical Attacks on Masked Hardware , 2009, CT-RSA.

[61]  Christof Paar,et al.  Ultra-Lightweight Implementations for Smart Devices - Security for 1000 Gate Equivalents , 2008, CARDIS.

[62]  Emmanuel Prouff,et al.  First-Order Side-Channel Attacks on the Permutation Tables Countermeasure , 2009, CHES.

[63]  Vincent Rijmen,et al.  Secure Hardware Implementation of Non-linear Functions in the Presence of Glitches , 2009, ICISC.

[64]  Dan Boneh,et al.  Advances in Cryptology - CRYPTO 2003 , 2003, Lecture Notes in Computer Science.

[65]  Benedikt Gierlichs DPA-Resistance Without Routing Constraints? - A Cautionary Note About MDPL Security - , 2007 .

[66]  Amir Moradi,et al.  Dual-rail transition logic: A logic style for counteracting power analysis attacks , 2009, Comput. Electr. Eng..

[67]  Thomas Zefferer,et al.  Evaluation of the Masked Logic Style MDPL on a Prototype Chip , 2007, CHES.