论文信息 - Secure AES engine with a local switched-capacitor current equalizer

Secure AES engine with a local switched-capacitor current equalizer

Hardware implementations of the popular AES encryption algorithm [1,2] provide attackers with important side-channel information (delay, power consumption or EM radiation) that can be used to disclose the secret key of the encryption device. Differential power analysis (DPA) [3–5] is one of the most common side-channel attacks because of its simplicity and effectiveness (Fig. 3.5.1). It performs a statistical analysis of supply-current measurements and either the plaintext or ciphertext to disclose the secret key. These two elements can be easily recorded externally without probing internal signals on the chip. Either the plaintext or ciphertext is used to build a model of the current consumption (e.g., during 0 to 1 transition) using knowledge of the AES algorithm and a key guess. By calculating the correlation between the model and the measured current for each possible key guess the key is discovered. In the AES algorithm, the key consists of 16 blocks of 8b, each of which can be attacked independently since AES is a block cipher. For the 128b secret key, the DPA search space is only 16×28, as opposed to 2128 for a brute-force attack.

David Blaauw | Carlos Tokunaga | D. Blaauw | Carlos Tokunaga

[1] Stefan Mangard,et al. Side-Channel Leakage of Masked CMOS Gates , 2005, CT-RSA.

[2] Berger,et al. 1 A 4-Side Tileable Back Illuminated 3 D-Integrated Mpixel CMOS Image Sensor , 2009 .

[3] Martin Margala,et al. An integrated countermeasure against differential power analysis for secure smart-cards , 2006, 2006 IEEE International Symposium on Circuits and Systems.

[4] Thomas S. Messerges,et al. Using Second-Order Power Analysis to Attack DPA Resistant Software , 2000, CHES.

[5] Robert H. Sloan,et al. Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[6] Paul C. Kocher,et al. Differential Power Analysis , 1999, CRYPTO.

[7] M. Nagata,et al. A built-in technique for probing power supply and ground noise distribution within large-scale digital integrated circuits , 2005, IEEE Journal of Solid-State Circuits.

[8] Christophe Clavier,et al. Differential Power Analysis in the Presence of Hardware Countermeasures , 2000, CHES.

[9] Erik Knudsen,et al. Ways to Enhance Differential Power Analysis , 2002, ICISC.

[10] S. Yang,et al. AES-Based Security Coprocessor IC in 0.18-$muhbox m$CMOS With Resistance to Differential Power Analysis Side-Channel Attacks , 2006, IEEE Journal of Solid-State Circuits.

[11] Vincent Rijmen,et al. The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .