Effectiveness of Leakage Power Analysis Attacks on DPA-Resistant Logic Styles Under Process Variations

This paper extends the analysis of the effectiveness of Leakage Power Analysis (LPA) attacks to cryptographic VLSI circuits on which circuit level countermeasures against Differential Power Analysis (DPA) are adopted. Security metrics used for assessing the DPA-resistance of crypto core implementations, such as the minimum number to disclosure (MTD) and the asymptotic correlation coefficient, have been extended to the case of LPA. The LPA-resistance has been evaluated in terms of MTD as a function of the on chip noise. Noise variances up to 10000 times greater than the signal variance have been taken into account and LPA attacks have been successfully executed for all the logic styles under analysis using less than 100000 measurements. Moreover the role of process variations has been investigated through extensive Monte Carlo simulations in order to evaluate their impact on the leakage model for the logic styles under analysis. Results show that LPA attacks can be successfully carried out on the different anti-DPA logic styles even in presence of process variations. To the best of our knowledge, this work proves for the first time the effectiveness of LPA attacks in a real scenario where on chip noise and process variations are taken into account.

[1]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[2]  Denis Flandre,et al.  A Formal Study of Power Variability Issues and Side-Channel Attacks for Nanoscale Devices , 2011, EUROCRYPT.

[3]  Narayanan Vijaykrishnan,et al.  Masking the Energy Behavior of DES Encryption , 2003, DATE.

[4]  Wayne P. Burleson,et al.  Leakage-based differential power analysis (LDPA) on sub-90nm CMOS cryptosystems , 2008, 2008 IEEE International Symposium on Circuits and Systems.

[5]  Bart Preneel,et al.  Mutual Information Analysis A Generic Side-Channel Distinguisher , 2008 .

[6]  A. Trifiletti,et al.  Leakage Power Analysis attacks: Well-defined procedure and first experimental results , 2009, 2009 International Conference on Microelectronics - ICM.

[7]  Walter A. Hendricks,et al.  The Sampling Distribution of the Coefficient of Variation , 1936 .

[8]  Massimo Alioto,et al.  Differential Power Analysis Attacks to Precharged Buses: A General Analysis for Symmetric-Key Cryptographic Algorithms , 2010, IEEE Transactions on Dependable and Secure Computing.

[9]  Wayne P. Burleson,et al.  Analysis and mitigation of process variation impacts on Power-Attack Tolerance , 2009, 2009 46th ACM/IEEE Design Automation Conference.

[10]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[11]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[12]  Ingrid Verbauwhede,et al.  A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[13]  I. Verbauwhede,et al.  A dynamic and differential CMOS logic with signal independent power consumption to withstand differential power analysis on smart cards , 2002, Proceedings of the 28th European Solid-State Circuits Conference.

[14]  Sani R. Nassif Modeling and forecasting of manufacturing variations (embedded tutorial) , 2001, ASP-DAC '01.

[15]  Massoud Pedram,et al.  Leakage current reduction in CMOS VLSI circuits by input vector control , 2004, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[16]  Alessandro Trifiletti,et al.  Analysis of data dependence of leakage current in CMOS cryptographic hardware , 2007, GLSVLSI '07.

[17]  Ingrid Verbauwhede,et al.  A digital design flow for secure integrated circuits , 2006, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[18]  Wei Zhang,et al.  Masking the energy behavior of DES encryption [smart cards] , 2003, 2003 Design, Automation and Test in Europe Conference and Exhibition.

[19]  Stefan Mangard,et al.  Masked Dual-Rail Pre-charge Logic: DPA-Resistance Without Routing Constraints , 2005, CHES.

[20]  Alessandro Trifiletti,et al.  Delay-Based Dual-Rail Precharge Logic , 2011, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[21]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[22]  Alessandro Trifiletti,et al.  Impact of Process Variations on LPA Attacks Effectiveness , 2009, 2009 Second International Conference on Computer and Electrical Engineering.

[23]  Jan M. Rabaey,et al.  Digital Integrated Circuits: A Design Perspective , 1995 .

[24]  Alessandro Trifiletti,et al.  Leakage Power Analysis attacks: Theoretical analysis and impact of variations , 2009, 2009 16th IEEE International Conference on Electronics, Circuits and Systems - (ICECS 2009).

[25]  Patrick Schaumont,et al.  Prototype IC with WDDL and Differential Routing - DPA Resistance Assessment , 2005, CHES.

[26]  Alessandro Trifiletti,et al.  Leakage Power Analysis attacks: Effectiveness on DPA resistant logic styles under process variations , 2011, 2011 IEEE International Symposium of Circuits and Systems (ISCAS).

[27]  F. Drasgow,et al.  The polyserial correlation coefficient , 1982 .

[28]  Sani R. Nassif Modeling and forecasting of manufacturing variations , 2000, 2000 5th International Workshop on Statistical Metrology (Cat.No.00TH8489.

[29]  Ross Anderson,et al.  Serpent: A Proposal for the Advanced Encryption Standard , 1998 .

[30]  Alessandro Trifiletti,et al.  Leakage Power Analysis Attacks: A Novel Class of Attacks to Nanometer Cryptographic Circuits , 2010, IEEE Transactions on Circuits and Systems I: Regular Papers.

[31]  Massimo Alioto,et al.  A General Power Model of Differential Power Analysis Attacks to Static Logic Circuits , 2008, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[32]  Ingrid Verbauwhede,et al.  Simulation models for side-channel information leaks , 2005, Proceedings. 42nd Design Automation Conference, 2005..

[33]  Alessandro Trifiletti,et al.  Three-Phase Dual-Rail Pre-charge Logic , 2006, CHES.