Cryptographic Hardware and Embedded Systems – CHES 2014

This paper presents a standard-cell-based semi-automatic design methodology of a new conceptual countermeasure against electromagnetic (EM) analysis and fault-injection attacks. The countermeasure namely EM attack sensor utilizes LC oscillators which detect variations in the EM field around a cryptographic LSI caused by a micro probe brought near the LSI. A dual-coil sensor architecture with an LUT-programming-based digital calibration can prevent a variety of microprobe-based EM attacks that cannot be thwarted by conventional countermeasures. All components of the sensor core are semiautomatically designed by standard EDA tools with a fully-digital standard cell library and hence minimum design cost. This sensor can be therefore scaled together with the cryptographic LSI to be protected. The sensor prototype is designed based on the proposed methodology together with a 128bit-key composite AES processor in 0.18μm CMOS with overheads of only 2respectively. The validity against a variety of EM attack scenarios has been verified successfully.

[1]  Jean-Sébastien Coron,et al.  Higher Order Masking of Look-up Tables , 2014, IACR Cryptol. ePrint Arch..

[2]  Tim Güneysu,et al.  Exploiting the Power of GPUs for Asymmetric Cryptography , 2008, CHES.

[3]  P. L. Montgomery Modular multiplication without trial division , 1985 .

[4]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[5]  Louis Goubin,et al.  A Sound Method for Switching between Boolean and Arithmetic Masking , 2001, CHES.

[6]  Thomas Unterluggauer,et al.  8/16/32 Shades of Elliptic Curve Cryptography on Embedded Processors , 2013, INDOCRYPT.

[7]  Emmanuel Prouff,et al.  Block Ciphers Implementations Provably Secure Against Second Order Side Channel Analysis , 2008, FSE.

[8]  Xuejia Lai,et al.  A Proposal for a New Block Encryption Standard , 1991, EUROCRYPT.

[9]  M. Rabin Probabilistic algorithm for testing primality , 1980 .

[10]  Bruce Dodson,et al.  20 Years of ECM , 2006, ANTS.

[11]  Francisco Rodríguez-Henríquez,et al.  NEON Implementation of an Attribute-Based Encryption Scheme , 2013, ACNS.

[12]  Ricardo Dahab,et al.  NanoECC: Testing the Limits of Elliptic Curve Cryptography in Sensor Networks , 2008, EWSN.

[13]  Matthieu Rivain,et al.  Securing RSA against Fault Analysis by Double Addition Chain Exponentiation , 2009, CT-RSA.

[14]  Carl Pomerance,et al.  A Tale of Two Sieves , 1998 .

[15]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[16]  Sylvain Guilley,et al.  A formal proof of countermeasures against fault injection attacks on CRT-RSA , 2013, Journal of Cryptographic Engineering.

[17]  Jason Yang,et al.  Symmetric Key Cryptography on Modern Graphics Hardware , 2007, ASIACRYPT.

[18]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[19]  Erich Wenger,et al.  Hardware Architectures for MSP430-Based Wireless Sensor Nodes Performing Elliptic Curve Cryptography , 2013, ACNS.

[20]  Giovanni Di Crescenzo,et al.  Perfectly Secure Password Protocols in the Bounded Retrieval Model , 2006, TCC.

[21]  Christof Paar,et al.  Area-time efficient hardware architecture for factoring integers with the elliptic curve method , 2005 .

[22]  Karine Heydemann,et al.  Formal verification of a software countermeasure against instruction skip attacks , 2013, Journal of Cryptographic Engineering.

[23]  Yasuyuki Nogami,et al.  Integer Variable chi-Based Ate Pairing , 2008, Pairing.

[24]  P. L. Montgomery,et al.  An FFT extension of the elliptic curve method of factorization , 1992 .

[25]  Carl Pomerance,et al.  The Quadratic Sieve Factoring Algorithm , 1985, EUROCRYPT.

[26]  D. Shanks Class number, a theory of factorization, and genera , 1971 .

[27]  H. Montgomery Topics in Multiplicative Number Theory , 1971 .

[28]  Milos Drutarovský,et al.  Hardware factorization based on elliptic curve method , 2005, 13th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM'05).

[29]  Louis Goubin,et al.  DES and Differential Power Analysis (The "Duplication" Method) , 1999, CHES.

[30]  Nigel P. Smart,et al.  Toward Acceleration of RSA Using 3D Graphics Hardware , 2007, IMACC.

[31]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[32]  Ronald L. Rivest,et al.  Improved Analysis of Some Simplified Variants of RC6 , 1999, FSE.

[33]  Marc Joye,et al.  Addition with Blinded Operands , 2014, COSADE.

[34]  Elena Trichina,et al.  Multi Fault Laser Attacks on Protected CRT-RSA , 2010, 2010 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[35]  Michael Scott,et al.  On the application of pairing based cryptography to wireless sensor networks , 2009, WiSec '09.

[36]  Tim Güneysu,et al.  High-Performance Integer Factoring with Reconfigurable Devices , 2010, 2010 International Conference on Field Programmable Logic and Applications.

[37]  Silvio Micali,et al.  Physically Observable Cryptography (Extended Abstract) , 2004, TCC.

[38]  Stefan Dziembowski,et al.  Intrusion-Resilience Via the Bounded-Storage Model , 2006, TCC.

[39]  Claude Carlet,et al.  Higher-Order Masking Schemes for S-Boxes , 2012, FSE.

[40]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[41]  Deian Stefan,et al.  Fast Software AES Encryption , 2010, FSE.

[42]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[43]  J. Pollard A monte carlo method for factorization , 1975 .

[44]  J. M. Pollard,et al.  Theorems on factorization and primality testing , 1974, Mathematical Proceedings of the Cambridge Philosophical Society.

[45]  Robert D. Silverman,et al.  AN FFT EXTENSION TO THE P - 1 FACTORING ALGORITHM , 1990 .

[46]  David Vigilant,et al.  RSA with CRT: A New Cost-Effective Solution to Thwart Fault Attacks , 2008, CHES.

[47]  Stefan Mangard,et al.  Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers , 2006, CT-RSA.

[48]  Frederik Vercauteren,et al.  Optimal Pairings , 2010, IEEE Transactions on Information Theory.