Design and characterisation of an AES chip embedding countermeasures

In critical communication infrastructures, hardware accelerators are often used to speed up cryptographic calculations. Their resistance to physical attacks determines how secure the overall infrastructure is. In this paper, we describe the implementation and characterisation of an AES accelerator embedding security features against physical attacks. This AES chip is implemented in HCMOS9gp 130 nm STM technology. The countermeasure is based on duplication and works on complemented values in parallel. The chip was tested against side channel attacks showing the efficiency of the proposed countermeasure against such attacks. Fault injection tests based on the use of local laser shoots showed that the fault detection mechanism did indeed react as expected. However, using clock set-up time violations, 80% of the secret key were retrieved in less than 40 hours, thus illustrating the limits of the duplication countermeasure against a global fault attack which was published after the chip was designed.

[1]  Christophe Giraud,et al.  An Implementation of DES and AES, Secure against Some Attacks , 2001, CHES.

[2]  David Blaauw,et al.  Secure AES engine with a local switched-capacitor current equalizer , 2009, 2009 IEEE International Solid-State Circuits Conference - Digest of Technical Papers.

[3]  Bruno Robisson,et al.  Differential Behavioral Analysis , 2007, CHES.

[4]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[5]  Marc Joye,et al.  Strengthening hardware AES implementations against fault attacks , 2007, IET Inf. Secur..

[6]  George S. Taylor,et al.  Security Evaluation of Asynchronous Circuits , 2003, CHES.

[7]  Ramesh Karri,et al.  Parity-Based Concurrent Error Detection of Substitution-Permutation Network Block Ciphers , 2003, CHES.

[8]  Dirk Fox,et al.  Advanced Encryption Standard (AES) , 1999, Datenschutz und Datensicherheit.

[9]  David Naccache,et al.  When Clocks Fail: On Critical Paths and Clock Faults , 2010, CARDIS.

[10]  Bart Preneel,et al.  Mutual Information Analysis A Generic Side-Channel Distinguisher , 2008 .

[11]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[12]  David Naccache,et al.  How to flip a bit? , 2010, 2010 IEEE 16th International On-Line Testing Symposium.

[13]  Michael Tunstall,et al.  Round Reduction Using Faults , 2005 .

[14]  Sylvain Guilley,et al.  The "Backend Duplication" Method , 2005, CHES.

[15]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[16]  Quynh H. Dang,et al.  Secure Hash Standard | NIST , 2015 .

[17]  Alexander Taubin,et al.  Automated Design of Cryptographic Devices Resistant to Multiple Side-Channel Attacks , 2006, CHES.

[18]  Rita Mayer-Sommer,et al.  Smartly Analyzing the Simplicity and the Power of Simple Power Analysis on Smartcards , 2000, CHES.

[19]  Lionel Torres,et al.  Evaluating the robustness of secure triple track logic through prototyping , 2008, SBCCI '08.

[20]  Sri Parameswaran,et al.  Multiprocessor information concealment architecture to prevent power analysis-based side channel attacks , 2011, IET Comput. Digit. Tech..

[21]  Ingrid Verbauwhede,et al.  Securing Encryption Algorithms against DPA at the Logic Level: Next Generation Smart Card Technology , 2003, CHES.

[22]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[23]  Moti Yung,et al.  A Comparative Cost/Security Analysis of Fault Attack Countermeasures , 2006, FDTC.

[24]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[25]  Marc Joye,et al.  Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis , 2000, IEEE Trans. Computers.

[26]  Mark G. Karpovsky,et al.  Robust protection against fault-injection attacks on smart cards implementing the advanced encryption standard , 2004, International Conference on Dependable Systems and Networks, 2004.

[27]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[28]  George S. Taylor,et al.  Balanced self-checking asynchronous logic for smart card applications , 2003, Microprocess. Microsystems.

[29]  Sylvain Guilley,et al.  Evaluation of Power Constant Dual-Rail Logics Countermeasures against DPA with Design Time Security Metrics , 2010, IEEE Transactions on Computers.

[30]  Christophe Giraud,et al.  DFA on AES , 2004, AES Conference.

[31]  Ralph Howard,et al.  Data encryption standard , 1987 .

[32]  Jean-Jacques Quisquater,et al.  A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[33]  Simon Heron,et al.  Encryption: Advanced Encryption Standard (AES) , 2009 .

[34]  Israel Koren,et al.  A parity code based fault detection for an implementation of the Advanced Encryption Standard , 2002, 17th IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems, 2002. DFT 2002. Proceedings..

[35]  Jean-Jacques Quisquater,et al.  A Practical Implementation of the Timing Attack , 1998, CARDIS.

[36]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[37]  Ross J. Anderson,et al.  Optical Fault Induction Attacks , 2002, CHES.

[38]  Selma Laabidi Méthodologie de conception de composants intégrés protégés contre les attaques par corrélation , 2010 .

[39]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[40]  Patrick Schaumont,et al.  Implementing virtual secure circuit using a custom-instruction approach , 2010, CASES '10.

[41]  Gilles Sicard,et al.  Comparing transient-fault effects on synchronous and on asynchronous circuits , 2009, 2009 15th IEEE International On-Line Testing Symposium.

[42]  Markus G. Kuhn,et al.  Low Cost Attacks on Tamper Resistant Devices , 1997, Security Protocols Workshop.

[43]  Bart Preneel,et al.  Mutual Information Analysis , 2008, CHES.