Non-deterministic processors: FPGA-based analysis of area, performance and security

Finding a suitable balance between performance and physical security can be a significant challenge when implementing cryptographic software. Although asymmetric primitives often afford inexpensive countermeasures against side-channel attack as a result of flexibility in the underlying mathematics, symmetric primitives are generally not as fortunate. The previously proposed NONDET processor architecture attempts to address this problem by securing generic workloads via micro-architectural countermeasures against DPA attack; in this paper we present the first concrete investigation of NONDET using AES as a case study. Our results indicate that versus an implementation of AES with no countermeasures, NONDET can significantly increase the number of acquisitions required for a successful DPA attack. Alternatively, versus an implementation using traditional software-based countermeasures such as randomisation and masking, NONDET can produce significant improvements in performance and memory footprint.

[1]  Henk L. Muller,et al.  Random Register Renaming to Foil DPA , 2001, CHES.

[2]  Henk L. Muller,et al.  Non-deterministic Processors , 2001, ACISP.

[3]  Stefan Mangard,et al.  Hardware Countermeasures against DPA ? A Statistical Analysis of Their Effectiveness , 2004, CT-RSA.

[4]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[5]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[6]  Nigel P. Smart,et al.  Instruction stream mutation for non-deterministic processors , 2002, Proceedings IEEE International Conference on Application- Specific Systems, Architectures, and Processors.

[7]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[8]  Henk L. Muller,et al.  Probabilistic Instruction Execution: The MAYBE Predicate , 2003 .

[9]  Christophe Clavier,et al.  Differential Power Analysis in the Presence of Hardware Countermeasures , 2000, CHES.

[10]  Marc Joye,et al.  On Second-Order Differential Power Analysis , 2005, CHES.

[11]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[12]  I. Verbauwhede,et al.  A dynamic and differential CMOS logic with signal independent power consumption to withstand differential power analysis on smart cards , 2002, Proceedings of the 28th European Solid-State Circuits Conference.

[13]  Ingrid Verbauwhede,et al.  A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[14]  Stefan Mangard,et al.  An AES Smart Card Implementation Resistant to Power Analysis Attacks , 2006, ACNS.

[15]  Sri Parameswaran,et al.  RIJID: Random Code Injection to Mask Power Analysis based Side Channel Attacks , 2007, 2007 44th ACM/IEEE Design Automation Conference.

[16]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[17]  Stefan Tillich,et al.  Attacking State-of-the-Art Software Countermeasures-A Case Study for AES , 2008, CHES.

[18]  Nigel P. Smart,et al.  Nondeterministic Multithreading , 2007, IEEE Transactions on Computers.

[19]  Srivaths Ravi,et al.  Security in embedded systems: Design challenges , 2004, TECS.

[20]  D. Page,et al.  A Fetch Resident Split Jump Mechanism for Non-Deterministic Processors , 2001 .

[21]  Srivaths Ravi,et al.  Security as a new dimension in embedded system design , 2004, Proceedings. 41st Design Automation Conference, 2004..