Implementation and Evaluation of an SCA-Resistant Embedded Processor

Side-channel analysis (SCA) attacks are a threat for many embedded applications which have a need for security. With embedded processors being at the very heart of such applications, it is desirable to address SCA attacks with countermeasures which "naturally" fit deployment in those processors. This paper describes our work in implementing one such protection concept in an ASIC prototype and our results from a practical evaluation of its security. We are able to demonstrate that the basic principle of limiting the "leaking" portion of the processor works rather well to reduce the side-channel leakage. From this result we can draw valuable conclusions for future embedded processor design. In order to minimize the remaining leakage, the security concept calls for the application of a secure logic style. We used two concrete secure logic styles (iMDPL and DWDDL) in order to demonstrate this increase in security. Unfortunately, neither of these logic styles seems to do a particularly good job as we were still able to attribute SCA leakage to the secure-logic part of the processor. If a better suited logic style can be employed we believe that the overall leakage of the processor can be further reduced. Thus we deem the evaluated security concept as a viable method for protecting embedded processors.

[1]  Patrick Schaumont,et al.  Masking and Dual-Rail Logic Don't Add Up , 2007, CHES.

[2]  Ingrid Verbauwhede,et al.  Cryptographic Hardware and Embedded Systems - CHES 2007, 9th International Workshop, Vienna, Austria, September 10-13, 2007, Proceedings , 2007, CHES.

[3]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[4]  Berk Sunar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2005, 7th International Workshop, Edinburgh, UK, August 29 - September 1, 2005, Proceedings , 2005, CHES.

[5]  Stéphane Badel,et al.  A Design Flow and Evaluation Framework for DPA-Resistant Instruction Set Extensions , 2009, CHES.

[6]  Mitsuru Matsui,et al.  Cryptographic Hardware and Embedded Systems - CHES 2006, 8th International Workshop, Yokohama, Japan, October 10-13, 2006, Proceedings , 2006, CHES.

[7]  Patrick Schaumont,et al.  Changing the Odds Against Masked Logic , 2006, Selected Areas in Cryptography.

[8]  Mario Kirschbaum,et al.  Evaluation of a DPA-Resistant Prototype Chip , 2009, 2009 Annual Computer Security Applications Conference.

[9]  Daisuke Suzuki,et al.  Security Evaluation of DPA Countermeasures Using Dual-Rail Pre-charge Logic Style , 2006, CHES.

[10]  Xilinx Family Efficient Shift Registers, LFSR Counters, and Long Pseudo- Random Sequence Generators , 1996 .

[11]  Stefan Mangard,et al.  Successfully Attacking Masked AES Hardware Implementations , 2005, CHES.

[12]  Pascal Benoit,et al.  Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures , 2010, 2010 International Conference on Field Programmable Logic and Applications.

[13]  Ingrid Verbauwhede,et al.  A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[14]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[15]  Thomas Zefferer,et al.  Evaluation of the Masked Logic Style MDPL on a Prototype Chip , 2007, CHES.

[16]  Sri Parameswaran,et al.  MUTE-AES: A multiprocessor architecture to prevent power analysis based side channel attack of the AES algorithm , 2008, 2008 IEEE/ACM International Conference on Computer-Aided Design.

[17]  Stefan Mangard,et al.  Side-Channel Leakage of Masked CMOS Gates , 2005, CT-RSA.

[18]  Mario Kirschbaum,et al.  SCA-resistant embedded processors: the next generation , 2010, ACSAC '10.

[19]  Stefan Mangard,et al.  Masked Dual-Rail Pre-charge Logic: DPA-Resistance Without Routing Constraints , 2005, CHES.

[20]  Yang Li,et al.  Combination of SW Countermeasure and CPU Modification on FPGA against Power Analysis , 2010, WISA.

[21]  Patrick Schaumont,et al.  Secure FPGA circuits using controlled placement and routing , 2007, 2007 5th IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS).

[22]  Alfred Menezes,et al.  Topics in Cryptology – CT-RSA 2005 , 2005 .

[23]  Henk L. Muller,et al.  Non-deterministic Processors , 2001, ACISP.

[24]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[25]  Johann Großschädl,et al.  Power Analysis Resistant AES Implementation with Instruction Set Extensions , 2007, CHES.

[26]  Christophe Clavier,et al.  Cryptographic Hardware and Embedded Systems - CHES 2009, 11th International Workshop, Lausanne, Switzerland, September 6-9, 2009, Proceedings , 2009, CHES.

[27]  Christof Paar,et al.  Breaking Ciphers with COPACOBANA - A Cost-Optimized Parallel Code Breaker , 2006, CHES.