SC-DDPL as a Countermeasure against Static Power Side-Channel Attacks

Davide Bellizia; Riccardo Della Sala; Giuseppe Scotti

doi:10.3390/cryptography5030016

SC-DDPL as a Countermeasure against Static Power Side-Channel Attacks

Cryptography ◽

10.3390/cryptography5030016 ◽

2021 ◽

Vol 5 (3) ◽

pp. 16

Author(s):

Davide Bellizia ◽

Riccardo Della Sala ◽

Giuseppe Scotti

Keyword(s):

Integrated Circuits ◽

Cmos Technology ◽

Side Channel ◽

Side Channel Attacks ◽

Key Recovery ◽

Security Metrics ◽

Nanometer Cmos ◽

Secret Keys ◽

Static Power ◽

Cmos Implementation

With the continuous scaling of CMOS technology, which has now reached the 3 nm node at production level, static power begins to dominate the power consumption of nanometer CMOS integrated circuits. A novel class of security attacks to cryptographic circuits which exploit the correlation between the static power and the secret keys was introduced more than ten years ago, and, since then, several successful key recovery experiments have been reported. These results clearly demonstrate that attacks exploiting static power (AESP) represent a serious threat for cryptographic systems implemented in nanometer CMOS technologies. In this work, we analyze the effectiveness of the Standard Cell Delay-based Precharge Logic (SC-DDPL) style in counteracting static power side-channel attacks. Experimental results on an FPGA implementation of a compact PRESENT crypto-core show that the SC-DDPL implementation allows a great improvement of all the security metrics with respect to the standard CMOS implementation and other state-of-the-art countermeasures such as WDDL and MDPL.

Download Full-text

Key Recovery in Public Clouds: A Survey on Cross-VM Side Channel Attacks

Cloud Computing and Security - Lecture Notes in Computer Science ◽

10.1007/978-3-319-48671-0_40 ◽

2016 ◽

pp. 456-467

Author(s):

Stelvio Cimato ◽

Ernesto Damiani ◽

Silvia Mella ◽

Ching-Nung Yang

Keyword(s):

Side Channel ◽

Side Channel Attacks ◽

Key Recovery

Download Full-text

Generic Side-channel attacks on CCA-secure lattice-based PKE and KEMs

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2020.i3.307-335 ◽

2020 ◽

pp. 307-335 ◽

Cited By ~ 2

Author(s):

Prasanna Ravi ◽

Sujoy Sinha Roy ◽

Anupam Chattopadhyay ◽

Shivam Bhasin

Keyword(s):

Experimental Validation ◽

Error Correcting Codes ◽

Public Key ◽

Side Channel ◽

Public Key Encryption ◽

Side Channel Attacks ◽

Key Recovery ◽

Binary Information ◽

Channel Information ◽

Standardization Process

In this work, we demonstrate generic and practical EM side-channel assisted chosen ciphertext attacks over multiple LWE/LWR-based Public Key Encryption (PKE) and Key Encapsulation Mechanisms (KEM) secure in the chosen ciphertext model (IND-CCA security). We show that the EM side-channel information can be efficiently utilized to instantiate a plaintext checking oracle, which provides binary information about the output of decryption, typically concealed within IND-CCA secure PKE/KEMs, thereby enabling our attacks. Firstly, we identified EM-based side-channel vulnerabilities in the error correcting codes (ECC) enabling us to distinguish based on the value/validity of decrypted codewords. We also identified similar vulnerabilities in the Fujisaki-Okamoto transform which leaks information about decrypted messages applicable to schemes that do not use ECC. We subsequently exploit these vulnerabilities to demonstrate practical attacks applicable to six CCA-secure lattice-based PKE/KEMs competing in the second round of the NIST standardization process. We perform experimental validation of our attacks on implementations taken from the open-source pqm4 library, running on the ARM Cortex-M4 microcontroller. Our attacks lead to complete key-recovery in a matter of minutes on all the targeted schemes, thus showing the effectiveness of our attack.

Download Full-text

Implementation of the PRESENT-80 block cipher and analysis of its vulnerability to Side Channel Attacks Exploiting Static Power

2016 MIXDES - 23rd International Conference Mixed Design of Integrated Circuits and Systems ◽

10.1109/mixdes.2016.7529734 ◽

2016 ◽

Cited By ~ 9

Author(s):

Davide Bellizia ◽

Giuseppe Scotti ◽

Alessandro Trifiletti

Keyword(s):

Block Cipher ◽

Side Channel ◽

Side Channel Attacks ◽

Static Power

Download Full-text

Balancing the Leakage Currents in Nanometer CMOS Logic—A Challenging Goal

Applied Sciences ◽

10.3390/app11157143 ◽

2021 ◽

Vol 11 (15) ◽

pp. 7143

Author(s):

Bijan Fadaeinia ◽

Thorben Moos ◽

Amir Moradi

Keyword(s):

Process Variations ◽

Advanced Technology ◽

Side Channel ◽

Leakage Currents ◽

Protection Mechanism ◽

Information Theoretic ◽

Nanometer Cmos ◽

Standard Cells ◽

Analysis Technique ◽

Static Power

The imbalance of the currents leaked by CMOS standard cells when different logic values are applied to their inputs can be exploited as a side channel to recover the secrets of cryptographic implementations. Traditional side-channel countermeasures, primarily designed to thwart the dynamic leakage behavior, were shown to be much less powerful against this static threat. Thus, a special protection mechanism called Balanced Static Power Logic (BSPL) has been proposed very recently. Essentially, fundamental standard cells are re-designed to balance their drain-source leakage current independent of the given input. In this work, we analyze the BSPL concept in more detail and reveal several design issues that limit its effectiveness as a universal logic library. Although balancing drain-source currents remains a valid approach even in more advanced technology generations, we show that it is conceptually insufficient to achieve a fully data-independent leakage behavior in smaller geometries. Instead, we suggest an alternative approach, so-called improved BSPL (iBSPL). To evaluate the proposed method, we use information theoretic analysis. As an attack strategy, we have chosen Moments-Correlating DPA (MCDPA), since this analysis technique does not depend on a particular leakage model and allows a fair comparison. Through these evaluation methods, we show iBSPL demands fewer resources and delivers better balance in the ideal case as well as in the presence of process variations.

Download Full-text

Information Theoretic Security for Broadcasting of Two Encrypted Sources under Side-Channel Attacks †

Entropy ◽

10.3390/e21080781 ◽

2019 ◽

Vol 21 (8) ◽

pp. 781

Author(s):

Bagus Santoso ◽

Yasutada Oohama

Keyword(s):

Secure Communication ◽

Side Information ◽

Physical Phenomenon ◽

Sufficient Conditions ◽

Information Leakage ◽

Side Channel ◽

Side Channel Attacks ◽

Additional Information ◽

Side Channels ◽

Secret Keys

In this paper, we propose a theoretical framework to analyze the secure communication problem for broadcasting two encrypted sources in the presence of an adversary which launches side-channel attacks. The adversary is not only allowed to eavesdrop the ciphertexts in the public communication channel, but is also allowed to gather additional information on the secret keys via the side-channels, physical phenomenon leaked by the encryption devices during the encryption process, such as the fluctuations of power consumption, heat, or electromagnetic radiation generated by the encryption devices. Based on our framework, we propose a countermeasure against such adversary by using the post-encryption-compression (PEC) paradigm, in the case of one-time-pad encryption. We implement the PEC paradigm using affine encoders constructed from linear encoders and derive the explicit the sufficient conditions to attain the exponential decay of the information leakage as the block lengths of encrypted sources become large. One interesting feature of the proposed countermeasure is that its performance is independent from the type of side information leaked by the encryption devices.

Download Full-text

QuadSeal: Quadruple Balancing to Mitigate Power Analysis Attacks with Variability Effects and Electromagnetic Fault Injection Attacks

ACM Transactions on Design Automation of Electronic Systems ◽

10.1145/3443706 ◽

2021 ◽

Vol 26 (5) ◽

pp. 1-36

Author(s):

Darshana Jayasinghe ◽

Aleksandar Ignjatovic ◽

Roshan Ragel ◽

Jude Angelo Ambrose ◽

Sri Parameswaran

Keyword(s):

Power Analysis ◽

Fault Injection ◽

Side Channel ◽

Aging Effects ◽

Side Channel Attacks ◽

Power Analysis Attacks ◽

Injection Attacks ◽

Differential Fault Analysis ◽

Secret Keys ◽

Fault Injection Attacks

Side channel analysis attacks employ the emanated side channel information to deduce the secret keys from cryptographic implementations by analyzing the power traces during execution or scrutinizing faulty outputs. To be effective, a countermeasure must remove or conceal as many as possible side channels. However, many of the countermeasures against side channel attacks are applied independently. In this article, the authors present a novel countermeasure (referred to as QuadSeal ) against Power Analysis Attacks and Electromagentic Fault Injection Attacks (FIAs), which is an extension of the work proposed in Reference [27]. The proposed solution relies on algorithmically balancing both Hamming distances and Hamming weights (where the bit transitions on the registers and gates are balanced, and the total number of 1s and 0s are balanced) by the use of four identical circuits with differing inputs and modified SubByte tables. By randomly rotating the four encryptions, the system is protected against variations, path imbalances, and aging effects. After generating the ciphertext, the output of each circuit is compared against each other to detect any fault injections or to correct the faulty ciphertext to gain reliability. The proposed countermeasure allows components to be switched off to save power or to run four executions in parallel for high performance when resistance against power analysis attacks is not of high priority, which is not available with the existing countermeasures (except software based where source code can be changed). The proposed countermeasure is implemented for Advanced Encryption Standard (AES) and tested against Correlation Power Analysis and Mutual Information Attacks attacks (for up to a million traces), and none of the secret keys was found even after one million power traces (the unprotected AES circuit is vulnerable for power analysis attacks within 5,000 power traces). A detection circuit (referred to as C-FIA circuit) is operated using the algorithmic redundancy presented in four circuits of QuadSeal to mitigate Electromagnetic Fault Injection Attacks. Using Synopsys PrimeTime, we measured the power dissipation of QuadSeal registers and XOR gates to test the effectiveness of Quadruple balancing methodology. We tested the QuadSeal countermeasure with C-FIA circuit against Differential Fault Analysis Attacks up to one million traces; no bytes of the secret key were found. This is the smallest known circuit that is capable of withstanding power-based side channel attacks when electromagnetic injection attack resistance, process variations, path imbalances, and aging effects are considered.

Download Full-text

Automated Generation of Masked Hardware

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2022.i1.589-629 ◽

2021 ◽

pp. 589-629

Author(s):

David Knichel ◽

Amir Moradi ◽

Nicolai Müller ◽

Pascal Sasdrich

Keyword(s):

Integrated Circuits ◽

Performance Metrics ◽

Side Channel ◽

Side Channel Attacks ◽

Transformation Techniques ◽

Automated Generation ◽

Design And Implementation ◽

Trade Offs ◽

Processing Techniques ◽

Over Time

Masking has been recognized as a sound and secure countermeasure for cryptographic implementations, protecting against physical side-channel attacks. Even though many different masking schemes have been presented over time, design and implementation of protected cryptographic Integrated Circuits (ICs) remains a challenging task. More specifically, correct and efficient implementation usually requires manual interactions accompanied by longstanding experience in hardware design and physical security. To this end, design and implementation of masked hardware often proves to be an error-prone task for engineers and practitioners. As a result, our novel tool for automated generation of masked hardware (AGEMA) allows even inexperienced engineers and hardware designers to create secure and efficient masked cryptograhic circuits originating from an unprotected design. More precisely, exploiting the concepts of Probe-Isolating Non-Interference (PINI) for secure composition of masked circuits, our tool provides various processing techniques to transform an unprotected design into a secure one, eventually accelerating and safeguarding the process of masking cryptographic hardware. Ultimately, we evaluate our tool in several case studies, emphasizing different trade-offs for the transformation techniques with respect to common performance metrics, such as latency, area, andrandomness.

Download Full-text

Speed Optimizations in Bitcoin Key Recovery Attacks

Tatra Mountains Mathematical Publications ◽

10.1515/tmmp-2016-0030 ◽

2016 ◽

Vol 67 (1) ◽

pp. 55-68 ◽

Cited By ~ 10

Author(s):

Nicolas Courtois ◽

Guangyan Song ◽

Ryan Castellucci

Keyword(s):

Elliptic Curve ◽

State Of The Art ◽

The State ◽

Side Channel ◽

Side Channel Attacks ◽

Key Recovery ◽

Weak Keys ◽

Key Recovery Attacks

Abstract In this paper, we study and give the first detailed benchmarks on existing implementations of the secp256k1 elliptic curve used by at least hundreds of thousands of users in Bitcoin and other cryptocurrencies. Our implementation improves the state of the art by a factor of 2.5 with a focus on the cases, where side channel attacks are not a concern and a large quantity of RAM is available. As a result, we are able to scan the Bitcoin blockchain for weak keys faster than any previous implementation. We also give some examples of passwords which we have cracked, showing that brain wallets are not secure in practice even for quite complex passwords.

Download Full-text

Tightness of the Suffix Keyed Sponge Bound

IACR Transactions on Symmetric Cryptology ◽

10.46586/tosc.v2020.i4.195-212 ◽

2020 ◽

pp. 195-212

Author(s):

Christoph Dobraunig ◽

Bart Mennink

Keyword(s):

Side Channel ◽

Encryption Scheme ◽

Authenticated Encryption ◽

Side Channel Attacks ◽

Key Recovery ◽

Security Proofs ◽

Generic Attacks ◽

Key Recovery Attacks ◽

Security Bound

Generic attacks are a vital ingredient in the evaluation of the tightness of security proofs. In this paper, we evaluate the tightness of the suffix keyed sponge (SuKS) bound. As its name suggests, SuKS is a sponge-based construction that absorbs the key after absorbing the data, but before producing an output. This absorption of the key can be done via an easy to invert operation, like an XOR, or a hard to invert operation, like a PRF. Using SuKS with a hard to invert absorption provides benefits with respect to its resistance against side-channel attacks, and such a construction is used as part of the authenticated encryption scheme Isap. We derive two key recovery attacks against SuKS with easy to invert key absorption, and a forgery in case of hard to invert key absorption. The attacks closely match the terms in the PRF security bound of SuKS by Dobraunig and Mennink, ToSC 2019(4), and therewith show that these terms are justified, even if the function used to absorb the key is a PRF, and regardless of whether SuKS is used as a PRF or a MAC.

Download Full-text