论文信息 - Side-Channel Protection by Randomizing Look-Up Tables on Reconfigurable Hardware - Pitfalls of Memory Primitives

Side-Channel Protection by Randomizing Look-Up Tables on Reconfigurable Hardware - Pitfalls of Memory Primitives

Block Memory Content Scrambling BMS, presented at CHES 2011, enables an effective way of first-order side-channel protection for cryptographic primitives at the cost of a significant reconfiguration time for the mask update. In this work we analyze alternative ways to implement dynamic first-order masking of AES with randomized look-up tables that can reduce this mask update time. The memory primitives we consider in this work include three distributed RAM components RAM32M, RAM64M, and RAM256X1S and one BRAM primitive RAMB8BWER. We provide a detailed study of the area and time overheads of each implementation technique with respect to the operation encryption as well as reconfiguration mask update phase. We further compare the achieved security of each technique to prevent first-order side-channel leakages. Our evaluation is based on one of the most general forms of leakage assessment methodology known as non-specific t-test. Practical SCA evaluations using a Spartan-6 FPGA platform demonstrate that solely the BRAM primitive but none of the distributed RAM elements can be used to realize an SCA-protected implementation.

[1] Sylvain Guilley,et al. RSM: A small and fast countermeasure for AES, secure against 1st and 2nd-order zero-offset SCAs , 2012, 2012 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[2] Stefan Mangard,et al. Power analysis attacks - revealing the secrets of smart cards , 2007 .

[3] Siva Sai Yerubandi,et al. Differential Power Analysis , 2002 .

[4] Hendra Guntur,et al. Side-channel AttacK User Reference Architecture board SAKURA-G , 2014, 2014 IEEE 3rd Global Conference on Consumer Electronics (GCCE).

[5] Julien Bringer,et al. Protecting AES against side-channel analysis using wire-tap codes , 2012, Journal of Cryptographic Engineering.

[6] Thomas Eisenbarth,et al. Correlation-Enhanced Power Analysis Collision Attack , 2010, CHES.

[7] P. Kocher,et al. Differential power analysis, advances in cryptology-CRYPTO'99 , 1999 .

[8] Tim Güneysu,et al. Generic Side-Channel Countermeasures for Reconfigurable Devices , 2011, CHES.

[9] Ingrid Verbauwhede,et al. A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[10] Vincent Rijmen,et al. Higher-Order Threshold Implementations , 2014, ASIACRYPT.

[11] Stefan Mangard,et al. Successfully Attacking Masked AES Hardware Implementations , 2005, CHES.