Implementation of the PRESENT-80 block cipher and analysis of its vulnerability to Side Channel Attacks Exploiting Static Power
17
Citation
23
Reference
10
Related Paper
Citation Trend
Abstract:
In this work, the implementation of the PRESENT-80 block cipher in a 40nm CMOS technology, and its vulnerability to Side Channel Attacks Exploiting Static Power is investigated. In the last two decades, several countermeasures to thwart DPA/CPA attacks based on the exploitation of dynamic power consumption have been proposed. In particular, WDDL logic style is a gate-level countermeasure, to Power Analysis Attacks exploiting dynamic Power. It has been demonstrated that, in deep sub-micron technologies, the static power consumption is no more negligible as in the past and malicious attackers can benefit from the dependability of the static power consumption on the processed data: Leakage Power Analysis (LPA) has been proposed to recover sensible information. The possibility to recover the secret key from a protected secure implementation exploiting static power is not a minor threat, and we analyze this vulnerability with actual security metrics and with an information theoretic approach, showing that gate level countermeasures such as WDDL can be successfully attacked exploiting static power instead of dynamic power.Keywords:
Power analysis
Dynamic demand
Vulnerability
Countermeasure
Power analysis is a branch of side channel attacks where power consumption data is used as the side channel to attack the system. First using a device like an oscilloscope power traces are collected when the cryptographic device is doing the cryptographic operation. Then those traces are statistically analysed using methods such as Correlation Power Analysis (CPA) to derive the secret key of the system. Being possible to break Advanced Encryption Standard (AES) in few minutes, power analysis attacks have become a serious security issue for cryptographic devices such as smart card. As the first phase of our project, we build a testbed for doing research on power analysis attacks. As power analysis is a practical type of attack in order to do any research, a testbed is the first requirement. Since building a test bed is a complicated process, having a pre-built testbed would save the time of future researchers. The second phase of our project is to attack the latest cryptographic algorithm called Speck which has been released by National Security Agency (NSA) for use in embedded systems. In spite it has lot of differences to AES making impossible to directly use the power analysis approach used for AES, we introduce novel approaches to break Speck in less than an hour. In the third phase of the project, we select few already introduced countermeasures and practically attack them on our testbed to do a comparative analysis. We show that software countermeasures such as random instruction injection and randomly shuffling S-boxes are good enough for their simplicity and cost. But we identify the possible threat due to the problem of generating a good seed for the pseudo-random algorithm running on the microcontroller. We attempt to address this issue by using a hardware-based true random generator that amplifies a random electrical signal and samples to generate a proper seed.
Power analysis
Testbed
Cite
Citations (22)
The implementation of cryptographic algorithms on both software and hardware introduced an access to occurrences of undesirable events of secret information leakage known as Side-Channel leakage. Information analysis methods which analyze the Side-Channel leakage to deduce parts of the secret cryptographic key are called Side-Channel Attacks (SCA). Differential Side-Channel Analysis (DSCA) attack as one of these SCA is the dominating one because of its efficiency and relatively low cost compared to other SCA. In this paper we propose the Upper Tailed T-test statistical method as an effective distinguisher for Differential Side-Channel Analysis. We show how the analysis using the Upper Tailed T-Test saves the attacker 40% of the efforts required in revealing parts of the key in comparison to traditional methods.
Power analysis
Information leakage
Leakage (economics)
Cite
Citations (0)
In recent years, static power side-channel analysis attacks have emerged as a serious threat to cryptographic implementations, overcoming state-of-the-art countermeasures against side-channel attacks. The continued down-scaling of semiconductor process technology, which results in an increase of the relative weight of static power in the total power budget of circuits, will only improve the viability of static power side-channel analysis attacks. Yet, despite the threat posed, limited work has been invested into mitigating this class of attack. In this work we address this gap. We observe that static power side-channel analysis relies on stopping the target circuit's clock over a prolonged period, during which the circuit holds secret information in its registers. We propose Borrowed Time, a countermeasure that hinders an attacker's ability to leverage such clock control. Borrowed Time detects a stopped clock and triggers a reset that wipes any registers containing sensitive intermediates, whose leakages would otherwise be exploitable. We demonstrate the effectiveness of our countermeasure by performing practical Correlation Power Analysis attacks under optimal conditions against an AES implementation on an FPGA target with and without our countermeasure in place. In the unprotected case, we can recover the entire secret key using traces from 1,500 encryptions. Under the same conditions, the protected implementation successfully prevents key recovery even with traces from 1,000,000 encryptions.
Power analysis
Countermeasure
Leverage (statistics)
Timing attack
Static timing analysis
Cite
Citations (0)
The static power consumption of modern CMOS devices has become a substantial concern in the context of the side-channel security of cryptographic hardware. The continuous growth of the leakage power dissipation in nanometer-scaled CMOS technologies is not only inconvenient for effective low power designs, but does also create a new target for power analysis adversaries. In this paper, we present the first experimental results of a static power side-channel analysis targeting an ASIC implementation of a provably first-order secure hardware masking scheme. The investigated 150 nm CMOS prototype chip realizes the PRESENT-80 lightweight block cipher as a threshold implementation and allows us to draw a comparison between the information leakage through its dynamic and static power consumption. By employing a sophisticated measurement setup dedicated to static power analysis, including a very low-noise DC amplifier as well as a climate chamber, we are able to recover the key of our target implementation with significantly less traces compared to the corresponding dynamic power analysis attack. In particular, for a successful third-order attack exploiting the static currents, less than 200 thousand traces are needed. Whereas for the same attack in the dynamic power domain around 5 million measurements are required. Furthermore, we are able to show that only-first-order resistant approaches like the investigated threshold implementation do not significantly increase the complexity of a static power analysis. Therefore, we firmly believe that this side channel can actually become the target of choice for real-world adversaries against masking countermeasures implemented in advanced CMOS technologies.
Power analysis
Dynamic demand
Information leakage
Application-specific integrated circuit
Cite
Citations (22)
The side-channel information (power consumption, electromagnetic radiation, etc.) leaked unintentionally from a cryptographic system during a cryptographic process can be used by attackers to reveal secret data using side-channel analysis. Some of the most common side-channel analysis are SPA (Simple Power Analysis), DPA (Differential Power Analysis), SEMA (Simple Electromagnetic Analysis) and DEMA (Differential Electromagnetic Analysis). Although it is relatively easy to analyze the side-channel information obtained from the ASIC or FPGA implementations, the analysis of a side channel information of cryptographic operations running in an operating system (OS) has different difficulties - for example, alignment of measurements and extracting crypto process signal through noises of other OS operations. In this study, side-channel attacks are performed against two different realizations of the RSA Algorithm by using electromagnetic radiation related with power consumption of a cryptographic operation implemented on Raspberry Pi platform. The first realization of the RSA Algorithm is implemented using unprotected binary algorithm and then private key bits of the RSA Algorithm are get individually by using SEMA attack. For the second realization, the RSA Algorithm is implemented by using a protected binary algorithm in order to resist against to SEMA attack. In presented work, the first bit of the private key has been found using 1800 measurements with the distance of mean test and correlation analysis.
Power analysis
Realization (probability)
Cite
Citations (3)
This article explores the use of artificial noise to defend against power analysis and power analysis-based side-channel attacks on AES encryption. The study covers both hardware and open-source software components for performing power analysis and provides an analysis of attack performance. It also explains how security measures against side-channel attacks can be implemented without disrupting system operation.
Power analysis
Cite
Citations (0)
Side-channel attacks are proven to be efficient tools in attacking cryptographic devices.
Dynamic power leakage has been used as a source for many well-known side-channel
attack algorithms. As process technology size shrinks, the relative amount of static
power consumption increases accordingly, and reaches a significant level in sub-100-
nm chips, potentially changing the nature of side-channel analysis based on power
consumption. In this thesis, we demonstrate our work in side-channel attacks exploiting
static power leakage. Our research interest is particularly focused on profiled attacks.
Firstly, we present recent developments of static power analysis and provide our
results to further support some of the conclusions in existing publications. We also
give a description of the template attack we developed for static power analysis of
block ciphers. This template attack uses new distinguishers which are previously
applied to other data analysis fields. The results of our study are achieved using
simulations in a 45-nm and 65-nm CMOS environment, and demonstrate the viability
of static-power-based template attacks.
Secondly, we bring kernel density estimation into the scenario of static power
analysis. We compare the performance of the kernel method and conventional Gaussian
distinguisher. It is demonstrated in our experiments that the static power leakage
may not satisfy multivariate Gaussian distribution, in which case the kernel method
results in better attack outcomes.
Thirdly, we perform template attacks on a masked S-box circuit using static and
dynamic power leakage. We are the first to compare static power and dynamic power in the scenario of profiled attacks against masked devices. The attacks are shown
to be successful, and by performing multiple attacks and adding Gaussian noise, we
conclude that in the 45-nm environment, dynamic power analysis requires a high
sampling rate for the oscilloscopes, while the results of static-power-based attacks are
more sensitive to additive noise.
Lastly, we attempt to combine static and dynamic power leakage in order to take
the advantage of both leakage sources. With the help of deep learning technology, we
are able to propose more complex schemes to combine different leakage sources. Three
combining schemes are proposed and evaluated using a masked S-box circuit simulated
with 45-nm library. The experiment results show that the hierarchical LSTM proposal
performs the best or close to the best in all test cases.
Power analysis
Dynamic demand
Kernel (algebra)
S-box
Cite
Citations (0)
Cryptographic devices are vulnerable to so-called Side Channel Attacks. As attackers become smarter, hardware designers and chip manufacturers need to keep up with the security demands against these Side Channel Attacks. Side Channel Attacks such as timing analysis, power consumption analysis or electromagnetic analysis, are based upon the principle that the attacker observes the behavior of the side channel (power, electromagnetic emission etc.) while a cryptographic device is performing its operations. The side channel reveals the attacker valuable information about the secret key which ultimately enables the attacker to derive the secret key. There are several counter measures that minimize the side channel information. This thesis analyzes the influence of using asynchronous logic as a practical countermeasure against Power Analysis attacks by implementing the AES Rijndael cryptographic algorithm in a FPGA device. A Power Analysis attack is a form of a Side Channel Attack where the attacker observes the behavior of the the power consumption during a cryptographic operation. A feasible asynchronous logic design style is chosen and implemented in a FPGA. In order to compare its effectiveness, a synchronous (clocked) hardware design is made in the same design structure of the AES algorithm. Power Analysis attacks are performed on both designs, and the results are compared.
Power analysis
Countermeasure
Cryptographic nonce
Cite
Citations (0)
The static power consumption of modern CMOS devices has become a substantial concern in the context of the side-channel security of cryptographic hardware. The continuous growth of the leakage power dissipation in nanometer-scaled CMOS technologies is not only inconvenient for effective low power designs, but does also create a new target for power analysis adversaries. In this paper, we present the first experimental results of a static power side-channel analysis targeting an ASIC implementation of a provably first-order secure hardware masking scheme. The investigated 150 nm CMOS prototype chip realizes the PRESENT-80 lightweight block cipher as a threshold implementation and allows us to draw a comparison between the information leakage through its dynamic and static power consumption. By employing a sophisticated measurement setup dedicated to static power analysis, including a very low-noise DC amplifier as well as a climate chamber, we are able to recover the key of our target implementation with significantly less traces compared to the corresponding dynamic power analysis attack. In particular, for a successful third-order attack exploiting the static currents, less than 200 thousand traces are needed. Whereas for the same attack in the dynamic power domain around 5 million measurements are required. Furthermore, we are able to show that only-first-order resistant approaches like the investigated threshold implementation do not significantly increase the complexity of a static power analysis. Therefore, we firmly believe that this side channel can actually become the target of choice for real-world adversaries against masking countermeasures implemented in advanced CMOS technologies.
Power analysis
Dynamic demand
Information leakage
Application-specific integrated circuit
Cite
Citations (0)
The additional information (side effects) in Elliptic Curve Cryptography (ECC) hardware can be used to attack cryptographic systems. Additional information related to time, power consumption and electromagnetic radiation. Side channel attacks have been done with SPA (Simple Power Analysis), DPA (Differential Power Analysis), SEMA (Simple Electromagnetic Analysis) and DEMA (Differential Electromagnetic Analysis). Some scalar multiplication algorithm can be used to countermeasure SPA attack on elliptic curve cryptography. In this study, conducted experiments side-channel attacks ECC hardware implementations use binary algorithms by observing power consumption of ECC processor on FPGA. Experimental of side-channel attack is conducted to guess the secret key for data encryption and decryption by looking at the physical differences on hardware side effects. In this study, side-channel attack experimental is successful 100% get the key by analyzing of power consumption ECC processor.
Power analysis
Scalar multiplication
Cite
Citations (20)