From Cryptography to Hardware: Analyzing Embedded Xilinx BRAM for Cryptographic Applications

Design of cryptographic applications need special care. For instance, physical attacks like Side-Channel Analysis (SCA) are able to recover the secret key, just by observing the activity of the computation, even for mathematically robust algorithms like AES. SCA considers the "leakage" of a well chosen intermediate variable correlated with the secret. Field programmable gate-arrays (FPGA) are often used for hardware implementations for low to medium volume productions or when flexibility is needed. They offer many possibilities for the computation, like small Look-Up Tables (LUT) and embedded block memories (BRAM). Certain countermeasures can be deployed, like dual-rail logic or masking, to resist SCA on FPGA. However to design an effective countermeasure, it is of prime importance for a designer to know the main leakage sources of the device. In this article, we analyze the leakage source of a Xilinx Virtex V FPGA by studying 3 different AES architectures. The analysis is based on real measurements by using specific leakage models of the sensitive variable, adapted to each architecture. Our results demonstrate that, BRAM which were considered to leak less traditionally, are found to be equally vulnerable if we change the attack target from address register to output latch. Hence by providing important clues about the leakage, this study allows the designers to enhance the robustness of their implementation in FPGA.

[1]  Simon Heron,et al.  Encryption: Advanced Encryption Standard (AES) , 2009 .

[2]  Sylvain Guilley,et al.  RSM: A small and fast countermeasure for AES, secure against 1st and 2nd-order zero-offset SCAs , 2012, 2012 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[3]  Christof Paar,et al.  Black-Box Side-Channel Attacks Highlight the Importance of Countermeasures - An Analysis of the Xilinx Virtex-4 and Virtex-5 Bitstream Encryption Mechanism , 2012, CT-RSA.

[4]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[5]  Denis Réal,et al.  SCARE of an Unknown Hardware Feistel Implementation , 2008, CARDIS.

[6]  Emmanuel Prouff,et al.  Theoretical and practical aspects of mutual information-based side channel analysis , 2010, Int. J. Appl. Cryptogr..

[7]  Sylvain Guilley,et al.  Security evaluation of different AES implementations against practical setup time violation attacks in FPGAs , 2009, 2009 IEEE International Workshop on Hardware-Oriented Security and Trust.

[8]  Stratix II Device Handbook, Volume 1 , 2006 .

[9]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[10]  Tim Güneysu,et al.  DSPs, BRAMs and a Pinch of Logic: New Recipes for AES on FPGAs , 2008, 2008 16th International Symposium on Field-Programmable Custom Computing Machines.

[11]  Jens-Peter Kaps,et al.  Investigation of DPA Resistance of Block RAMs in Cryptographic Implementations on FPGAs , 2010, 2010 International Conference on Reconfigurable Computing and FPGAs.

[12]  Florian Mendel,et al.  Symmetric Cryptography , 2009 .

[13]  Thomas Peyrin,et al.  Side-Channel Analysis of Six SHA-3 Candidates , 2010, CHES.

[14]  Sylvain Guilley,et al.  Efficient Dual-Rail Implementations in FPGA Using Block RAMs , 2011, 2011 International Conference on Reconfigurable Computing and FPGAs.

[15]  Cécile Canovas,et al.  What do S-boxes Say in Differential Side Channel Attacks? , 2005, IACR Cryptol. ePrint Arch..

[16]  Lejla Batina,et al.  Mutual Information Analysis: a Comprehensive Study , 2011, Journal of Cryptology.

[17]  Ralph Howard,et al.  Data encryption standard , 1987 .

[18]  Sylvain Guilley,et al.  Silicon-level Solutions to Counteract Passive and Active Attacks , 2008, 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography.

[19]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.