Protecting the FPGA IPs against Higher-order Side Channel Attacks using Dynamic Partial Reconfiguration

This paper investigates countermeasures to side-channel attacks. A dynamic partial reconfiguration (DPR) method is proposed for field programmable gate arrays (FPGAs)s to make techniques such as differential power analysis (DPA) and correlation power analysis (CPA) difficult and ineffective. We call the technique side-channel power resistance for encryption algorithms using DPR, or SPREAD. SPREAD is designed to reduce cryptographic key related signal correlations in power supply transients by changing components of the hardware implementation on-the-fly using DPR. Replicated primitives within the advanced encryption standard (AES) algorithm, in particular, the substitution-box (SBOX)s, are synthesized to multiple and distinct gate-level implementations. The different implementations change the delay characteristics of the SBOXs, reducing correlations in the power traces, which, in turn, increases the difficulty of side-channel attacks. The effectiveness of the proposed countermeasures depends greatly on this principle; therefore, the focus of this paper is on the evaluation of implementation diversity techniques.

Download Full-text

Higher-Order Lookup Table Masking in Essentially Constant Memory

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2021.i4.546-586 ◽

2021 ◽

pp. 546-586

Author(s):

Annapurna Valiveti ◽

Srinivas Vivek

Keyword(s):

Higher Order ◽

Lookup Table ◽

Side Channel ◽

Pseudorandom Number Generator ◽

Side Channel Attacks ◽

Online Computation ◽

Original Scheme ◽

Memory Complexity ◽

Resource Constrained Devices ◽

Constrained Devices

Masking using randomised lookup tables is a popular countermeasure for side-channel attacks, particularly at small masking orders. An advantage of this class of countermeasures for masking S-boxes compared to ISW-based masking is that it supports pre-processing and thus significantly reducing the amount of computation to be done after the unmasked inputs are available. Indeed, the “online” computation can be as fast as just a table lookup. But the size of the randomised lookup table increases linearly with the masking order, and hence the RAM memory required to store pre-processed tables becomes infeasible for higher masking orders. Hence demonstrating the feasibility of full pre-processing of higher-order lookup table-based masking schemes on resource-constrained devices has remained an open problem. In this work, we solve the above problem by implementing a higher-order lookup table-based scheme using an amount of RAM memory that is essentially independent of the masking order. More concretely, we reduce the amount of RAM memory needed for the table-based scheme of Coron et al. (TCHES 2018) approximately by a factor equal to the number of shares. Our technique is based upon the use of pseudorandom number generator (PRG) to minimise the randomness complexity of ISW-based masking schemes proposed by Ishai et al. (ICALP 2013) and Coron et al. (Eurocrypt 2020). Hence we show that for lookup table-based masking schemes, the use of a PRG not only reduces the randomness complexity (now logarithmic in the size of the S-box) but also the memory complexity, and without any significant increase in the overall running time. We have implemented in software the higher-order table-based masking scheme of Coron et al. (TCHES 2018) at tenth order with full pre-processing of a single execution of all the AES S-boxes on a ARM Cortex-M4 device that has 256 KB RAM memory. Our technique requires only 41.2 KB of RAM memory, whereas the original scheme would have needed 440 KB. Moreover, our 8-bit implementation results demonstrate that the online execution time of our variant is about 1.5 times faster compared to the 8-bit bitsliced masked implementation of AES-128.

Download Full-text

Masked FPGA Bitstream Encryption via Partial Reconfiguration

International Journal of High Speed Electronics and Systems ◽

10.1142/s0129156419400226 ◽

2019 ◽

Vol 28 (03n04) ◽

pp. 1940022

Author(s):

Yanping Gong ◽

Fengyu Qian ◽

Lei Wang

Keyword(s):

Side Channel ◽

Light Weight ◽

Partial Reconfiguration ◽

Hardware Complexity ◽

Side Channel Attacks ◽

Gate Arrays ◽

Critical Design ◽

Iot Applications ◽

Field Programmable ◽

Programmable Gate Arrays

Field Programmable Gate Arrays (FPGA), as one of the popular circuit implementation platforms, provide the flexible and powerful way for different applications. IC designs are configured to FPGA through bitstream files. However, the configuration process can be hacked by side channel attacks (SCA) to acquire the critical design information, even under the protection of encryptions. Reports have shown many successful attacks against the FPGA cryptographic systems during the bitstream loading process to acquire the entire design. Current countermeasures, mostly random masking methods, are effective but also introduce large hardware complexity. They are not suitable for resource-constrained scenarios such as Internet of Things (IoT) applications. In this paper, we propose a new secure FPGA masking scheme to counter the SCA. By utilizing the FPGA partial reconfiguration feature, the proposed technique provides a light-weight and flexible solution for the FPGA decryption masking.

Download Full-text

How to Estimate the Success Rate of Higher-Order Side-Channel Attacks

Advanced Information Systems Engineering - Lecture Notes in Computer Science ◽

10.1007/978-3-662-44709-3_3 ◽

2014 ◽

pp. 35-54 ◽

Cited By ~ 17

Author(s):

Victor Lomné ◽

Emmanuel Prouff ◽

Matthieu Rivain ◽

Thomas Roche ◽

Adrian Thillard

Keyword(s):

Success Rate ◽

Higher Order ◽

Side Channel ◽

Side Channel Attacks

Download Full-text

Adaptive Chosen Plaintext Side-Channel Attacks for Higher-Order Masking Schemes

10.1007/978-3-030-86130-8_14 ◽

2021 ◽

pp. 173-185

Author(s):

Yanbin Li ◽

Yuxin Huang ◽

Ming Tang ◽

Shougang Ren ◽

Huanliang Xu

Keyword(s):

Higher Order ◽

Side Channel ◽

Side Channel Attacks

Download Full-text

Improved Higher-Order Side-Channel Attacks with FPGA Experiments

Cryptographic Hardware and Embedded Systems – CHES 2005 - Lecture Notes in Computer Science ◽

10.1007/11545262_23 ◽

2005 ◽

pp. 309-323 ◽

Cited By ~ 42

Author(s):

Eric Peeters ◽

François-Xavier Standaert ◽

Nicolas Donckers ◽

Jean-Jacques Quisquater

Keyword(s):

Higher Order ◽

Side Channel ◽

Side Channel Attacks

Download Full-text

A Hybrid Approach to Formal Verification of Higher-Order Masked Arithmetic Programs

ACM Transactions on Software Engineering and Methodology ◽

10.1145/3428015 ◽

2021 ◽

Vol 30 (3) ◽

pp. 1-42

Author(s):

Pengfei Gao ◽

Hongyi Xie ◽

Fu Song ◽

Taolue Chen

Keyword(s):

Hybrid Approach ◽

Type System ◽

Higher Order ◽

Statistical Dependence ◽

Side Channel ◽

Side Channel Attacks ◽

Model Counting ◽

Channel Information ◽

Efficient Type ◽

Novel Model

Side-channel attacks, which are capable of breaking secrecy via side-channel information, pose a growing threat to the implementation of cryptographic algorithms. Masking is an effective countermeasure against side-channel attacks by removing the statistical dependence between secrecy and power consumption via randomization. However, designing efficient and effective masked implementations turns out to be an error-prone task. Current techniques for verifying whether masked programs are secure are limited in their applicability and accuracy, especially when they are applied. To bridge this gap, in this article, we first propose a sound type system, equipped with an efficient type inference algorithm, for verifying masked arithmetic programs against higher-order attacks. We then give novel model-counting-based and pattern-matching-based methods that are able to precisely determine whether the potential leaky observable sets detected by the type system are genuine or simply spurious. We evaluate our approach on various implementations of arithmetic cryptographic programs. The experiments confirm that our approach outperforms the state-of-the-art baselines in terms of applicability, accuracy, and efficiency.

Download Full-text