Static power side-channel analysis of a threshold implementation prototype chip

The static power consumption of modern CMOS devices has become a substantial concern in the context of the side-channel security of cryptographic hardware. The continuous growth of the leakage power dissipation in nanometer-scaled CMOS technologies is not only inconvenient for effective low power designs, but does also create a new target for power analysis adversaries. In this paper, we present the first experimental results of a static power side-channel analysis targeting an ASIC implementation of a provably first-order secure hardware masking scheme. The investigated 150 nm CMOS prototype chip realizes the PRESENT-80 lightweight block cipher as a threshold implementation and allows us to draw a comparison between the information leakage through its dynamic and static power consumption. By employing a sophisticated measurement setup dedicated to static power analysis, including a very low-noise DC amplifier as well as a climate chamber, we are able to recover the key of our target implementation with significantly less traces compared to the corresponding dynamic power analysis attack. In particular, for a successful third-order attack exploiting the static currents, less than 200 thousand traces are needed. Whereas for the same attack in the dynamic power domain around 5 million measurements are required. Furthermore, we are able to show that only-first-order resistant approaches like the investigated threshold implementation do not significantly increase the complexity of a static power analysis. Therefore, we firmly believe that this side channel can actually become the target of choice for real-world adversaries against masking countermeasures implemented in advanced CMOS technologies.

[1]  A. Trifiletti,et al.  Leakage Power Analysis attacks: Well-defined procedure and first experimental results , 2009, 2009 International Conference on Microelectronics - ICM.

[2]  Vincent Rijmen,et al.  Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches , 2011, Journal of Cryptology.

[3]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[4]  Alessandro Trifiletti,et al.  Analysis of data dependence of leakage current in CMOS cryptographic hardware , 2007, GLSVLSI '07.

[5]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[6]  Alessandro Trifiletti,et al.  Leakage Power Analysis Attacks: A Novel Class of Attacks to Nanometer Cryptographic Circuits , 2010, IEEE Transactions on Circuits and Systems I: Regular Papers.

[7]  Alessandro Trifiletti,et al.  Effectiveness of Leakage Power Analysis Attacks on DPA-Resistant Logic Styles Under Process Variations , 2014, IEEE Transactions on Circuits and Systems I: Regular Papers.

[8]  S. Shiney Immaculate,et al.  Analysis of Leakage Power Attacks on DPA Resistant Logic Styles: A Survey , 2014 .

[9]  Alessandro Trifiletti,et al.  Implementation of the PRESENT-80 block cipher and analysis of its vulnerability to Side Channel Attacks Exploiting Static Power , 2016, 2016 MIXDES - 23rd International Conference Mixed Design of Integrated Circuits and Systems.

[10]  Amir Moradi,et al.  Side-Channel Leakage through Static Power - Should We Care about in Practice? , 2014, CHES.

[11]  Amir Moradi,et al.  On the Simplicity of Converting Leakages from Multivariate to Univariate - (Case Study of a Glitch-Resistant Masking Scheme) , 2013, CHES.

[12]  Wayne P. Burleson,et al.  Leakage-based differential power analysis (LDPA) on sub-90nm CMOS cryptosystems , 2008, 2008 IEEE International Symposium on Circuits and Systems.

[13]  Alessandro Trifiletti,et al.  Leakage Power Analysis attacks against a bit slice implementation of the Serpent block cipher , 2014, 2014 Proceedings of the 21st International Conference Mixed Design of Integrated Circuits and Systems (MIXDES).

[14]  Amir Moradi,et al.  Side-Channel Resistant Crypto for Less than 2,300 GE , 2011, Journal of Cryptology.

[15]  Patrick Schaumont,et al.  Prototype IC with WDDL and Differential Routing - DPA Resistance Assessment , 2005, CHES.

[16]  Amir Moradi,et al.  Side-channel attacks from static power: When should we care? , 2015, 2015 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[17]  Amir Moradi,et al.  Moments-Correlating DPA , 2016, IACR Cryptol. ePrint Arch..

[18]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.