FPGA based optimization for masked AES implementation

Masking methods are popularly used to defend against power analysis attacks in embedded systems. Apart from power analysis attack, there also exists glitch attack when porting the design to gate level. In this paper, we firstly divided the existing masking methods into different types according to their functions, masking value and applications. Secondly, we compared different masked S-box hardware implementation. Finally, we proposed the masked AES encryption with 32-bit and 128-bit data path hardware implementation. The experimental results show that our proposed design takes up less hardware resources and has the ability to defend against differential power analysis(DPA) and glitch attacks.

[1]  Hongying Liu,et al.  An Approach of Using Different Positions of Double Registers to Protect AES Hardware Structure from DPA , 2010, 2010 Third International Symposium on Electronic Commerce and Security.

[2]  Elena Trichina,et al.  Combinational Logic Design for AES SubByte Transformation on Masked Data , 2003, IACR Cryptol. ePrint Arch..

[3]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[4]  Jovan Dj. Golic,et al.  Multiplicative Masking and Power Analysis of AES , 2002, CHES.

[5]  David A. Wagner,et al.  Towards Efficient Second-Order Power Analysis , 2004, CHES.

[6]  Louis Goubin,et al.  A Sound Method for Switching between Boolean and Arithmetic Masking , 2001, CHES.

[7]  Elisabeth Oswald,et al.  An Efficient Masking Scheme for AES Software Implementations , 2005, WISA.

[8]  Daisuke Suzuki,et al.  Random Switching Logic: A Countermeasure against DPA based on Transition Probability , 2004, IACR Cryptol. ePrint Arch..

[9]  Rita Mayer-Sommer,et al.  Smartly Analyzing the Simplicity and the Power of Simple Power Analysis on Smartcards , 2000, CHES.

[10]  Thomas S. Messerges,et al.  Investigations of Power Analysis Attacks on Smartcards , 1999, Smartcard.

[11]  Ingrid Verbauwhede,et al.  An FPGA Implementation of Rijndael: Trade-offs for side-channel security , 2004 .

[12]  Johannes Blömer,et al.  Provably Secure Masking of AES , 2004, IACR Cryptol. ePrint Arch..

[13]  Stefan Mangard,et al.  Successfully Attacking Masked AES Hardware Implementations , 2005, CHES.

[14]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[15]  Christof Paar,et al.  Higher Order Masking of the AES , 2006, CT-RSA.

[16]  Debdeep Mukhopadhyay,et al.  Effect of glitches against masked AES S-box implementation and countermeasure , 2009, IET Inf. Secur..

[17]  Kyung-Hee Lee,et al.  Small Size, Low Power, Side Channel-Immune AES Coprocessor: Design and Synthesis Results , 2004, AES Conference.

[18]  Mi-Jung Noh,et al.  DPA-Resistant Finite Field Multipliers and Secure AES Design , 2006, ISPEC.

[19]  Jovan Dj. Golic Techniques for Random Masking in Hardware , 2007, IEEE Transactions on Circuits and Systems I: Regular Papers.

[20]  R. Menicocci,et al.  Universal masking on logic gate level , 2004 .

[21]  Emmanuel Prouff,et al.  Statistical Analysis of Second Order Differential Power Analysis , 2009, IEEE Transactions on Computers.

[22]  Simon Heron,et al.  Encryption: Advanced Encryption Standard (AES) , 2009 .

[23]  Siddika Berna Ors Yalcin,et al.  Power Analysis Resistant Hardware Implementations of AES , 2007, 2007 14th IEEE International Conference on Electronics, Circuits and Systems.

[24]  Marc Joye,et al.  On Second-Order Differential Power Analysis , 2005, CHES.

[25]  Stefan Mangard,et al.  Masked Dual-Rail Pre-charge Logic: DPA-Resistance Without Routing Constraints , 2005, CHES.

[26]  Christophe Giraud,et al.  An Implementation of DES and AES, Secure against Some Attacks , 2001, CHES.

[27]  Stefan Mangard,et al.  A Simple Power-Analysis (SPA) Attack on Implementations of the AES Key Expansion , 2002, ICISC.

[28]  Elena Trichina,et al.  Simplified Adaptive Multiplicative Masking for AES , 2002, CHES.

[29]  Stefan Mangard,et al.  An AES Smart Card Implementation Resistant to Power Analysis Attacks , 2006, ACNS.

[30]  Wieland Fischer,et al.  Masking at Gate Level in the Presence of Glitches , 2005, CHES.

[31]  Bart Preneel,et al.  Power-analysis attack on an ASIC AES implementation , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[32]  François-Xavier Standaert,et al.  Security analysis of higher-order Boolean masking schemes for block ciphers (with conditions of perfect masking) , 2008, IET Inf. Secur..

[33]  Elisabeth Oswald,et al.  An ASIC Implementation of the AES SBoxes , 2002, CT-RSA.

[34]  Thomas S. Messerges,et al.  Securing the AES Finalists Against Power Analysis Attacks , 2000, FSE.

[35]  Kuan Jen Lin,et al.  Overcoming glitches and dissipation timing skews in design of DPA-resistant cryptographic hardware , 2007 .

[36]  Lejla Batina,et al.  A Very Compact "Perfectly Masked" S-Box for AES , 2008, ACNS.

[37]  Debdeep Mukhopadhyay,et al.  Design of a Differential Power Analysis Resistant Masked AES S-Box , 2007, INDOCRYPT.

[38]  Vincent Rijmen,et al.  A Side-Channel Analysis Resistant Description of the AES S-Box , 2005, FSE.

[39]  Elena Trichina,et al.  Secure AES Hardware Module for Resource Constrained Devices , 2004, ESAS.

[40]  A. Ghazel,et al.  SRAM-FPGA implementation of masked S-Box based DPA countermeasure for AES , 2008, 2008 3rd International Design and Test Workshop.