You Are Here Home Other project topics Security Evaluation of the Three AES Architectures against SCA

Security Evaluation of the Three AES Architectures against SCA

Project topics and materials 0

Get Complete Project Material File(s) Now! »

Protecting Cryptographic Implementations at the Component Level

Designing robust crypto-processor can be started at the RTL level. Different implementations of components of a cryptographic algorithm can vary its robustness against SCA and FA. By components we mean the sub-operations performed during a round of cryptographic algorithms. This added robustness can come from several reasons like lesser contribution to the power/EMsignature, less delay etc. Please note that higher robustness means that the implementation may still be broken howevermore effort will be needed. Often different implementation of the non-linear component of the cryptographic algorithm offer different resistance against attacks. We present three different implementations of AES on FPGA which differ in the s-box architecture. Details of AES crypto-processor and different s-box architectures are described in the following.

Security Evaluation of the Three AES Architectures against SCA

To evaluate the three implementation against SCA,we acquired the traces fromAltera Stratix FPGA. The traces were acquired using a EM probe fixed near one of the decoupling capacitors of the FPGA. Thereafter we launched a correlation power analysis (CPA) on the acquired traces. 5000 traces were acquired independently for each implementation. A CPA using Hamming distance model was performed on the last round of AES. The results are presented in Table 3.2, in terms Minimum Traces to Disclose the key (MTD) for the first 8 s-boxes of AES. It can be inferred from Table 3.2 that s-box in LUT are the weakest against SCA while s-box in RAM are the strongest. This is due to the construction of RAM in the FPGA which is foundry-made fixed size hardware and not a programmable block. Therefore the power leakage can be less data dependent. Similar results have been presented by Kaps et al. in [64]. As the EMprobe collects localized activity, we find that some s-boxes are easier to break than others. A different position of EMprobe might change the scenario.

Security Evaluation of the Three AES Architectures against FA

In our architecture, the propagation delays in the datapath are larger than the ones in key schedule. Therefore global perturbations on the power lines will affect only the datapath. At higher voltages (i.e. close to the nominal voltage) only single faults occur. As we keep decreasing the voltage, setup times for more than one path are violated to inject multiple faults(uncovered). Our method can be adapted to perform other DFA on AES like the one propose by Kim et al. [65] where a fault is injected in the key schedule. Figures 3.8, 3.9, 3.10 show the occurrence of faults for the three architectures. Faults are divided in two categories: single i.e. faults on one byte of the AES state (datapath register) before SubBytes or multiple i.e. faults on more than one byte or in the keypath. In all the three figures the distribution of single faults is in a “bell-shape” which corresponds to a fault model where errors are caused by a setup violation on critical combinatorial path. This is because as the voltage is slightly reduced, single faults appear with low frequency. Further reduction in voltage first causes an increases in the frequency of appearence of single fault followed by a decrease after a certain point. At this point multiple faults start appearing.

READ  Three-body losses in strongly interacting Bose gases 

Table of contents :

Abstract
List of Figures
List of Tables
Glossary
Résumé Français
1 Introduction 
1.1 Motivation
1.2 Organization
1.3 Contributions
2 General Background 
2.1 Modern Cryptography
2.2 Symmetric Key Cryptography
2.2.1 Data Encryption Standard
2.2.2 Advanced Encryption Standard
2.3 Public-Key Cryptography
2.3.1 RSA
2.3.2 Elliptic Curve Cryptography
2.4 Physical Cryptanalysis
2.4.1 Fault Attacks
2.4.2 Side Channel Attacks
2.5 Side Channel AttackModel & Distinguisher
2.5.1 LeakageModel
2.5.2 Simple Power Analysis
2.5.3 Differential Power Analysis
2.5.4 Correlation Power Analysis
2.5.5 Mutual Information Analysis
2.6 Need for Countermeasures
2.6.1 Countermeasures against FA
2.6.2 Countermeasures against SCA
2.7 Field Programmable Gate Arrays
2.7.1 Generic FPGA Design Flow
3 Protecting Cryptographic Circuits at the RTL Level 
3.1 Protecting Cryptographic Implementations at the Component Level
3.1.1 AES Co-processor
3.1.2 Experimental setup and data acquisition
3.1.3 Cost Comparison of the Three AES Architectures
3.1.4 Security Evaluation of the Three AES Architectures against SCA
3.1.5 Security Evaluation of the Three AES Architectures against FA
3.1.6 Discussion
3.2 Unrolling Cryptographic Circuits as a Countermeasure
3.2.1 Rationale of the Countermeasure
3.2.2 Fully unrolled DES implementation on ASIC
3.2.3 Security Evaluation of the Proposed Countermeasure
3.2.4 Attack on the Unrolled DES
3.2.5 Evaluation Based onMutual InformationMetric
3.3 Conclusions
4 DPL Countermeasures for FPGA 
4.1 Dual-Rail with Precharge Logic
4.1.1 Dual-Rail with Precharge Logic Protocol
4.1.2 DPL Flaw: Early Propagation Effect
4.1.3 DPL Flaw: Technological Imbalance
4.2 Wave Dynamic Differential Logic
4.2.1 Basic theory of WDDL
4.2.2 Design Flow for WDDL Implementation on FPGA
4.2.3 WDDL Implementation and Synthesis Results
4.3 Security Evaluation of WDDL against SCA
4.4 Security Evaluation of WDDL against FA
4.4.1 Experimental Result
4.4.2 Theoretical Fault Analysis
4.5 DPL: State of the Art
4.5.1 WDDL Variants
4.5.2 SDDL
4.5.3 Partial DDL
4.5.4 MDPL
4.5.5 DRSL
4.5.6 STTL
4.5.7 DPL styles Comparison
4.6 Security Evaluation of DPL against FA
4.6.1 FaultModel
4.6.2 Faults Transformation
4.6.3 Propagation of NULL Values Through Substitution Boxes
4.6.4 Analysis of the FA Protection of DPL
4.6.5 Low-cost countermeasure against setup time violation attacks
4.7 Conclusions
5 Novel DPL countermeasures for FPGA 
5.1 DPL without Early Propagation Effect (DPL w/o EPE)
5.1.1 Rationale of the Proposed Logic
5.1.2 Implementation on FPGA
5.1.3 Evaluation of Early Propagation Effect
5.1.4 Balanced Placement
5.1.5 Evaluation of Balanced Placement
5.2 Balanced-Cell Based Dual-Rail Logic (BCDL)
5.2.1 Synchronization to counter EPE
5.2.2 Area Optimization
5.2.3 Performance Optimization
5.2.4 Implementation of AES BCDL on FPGA
5.2.5 Improving AES BCDL to reduce routing imbalance on FPGA
5.2.6 Security Evaluation of BCDL against SCA on Altera Stratix II
5.2.7 Initial Results on Xilinx Virtex V FPGA
5.3 Conclusions
6 Advanced Evaluation Techniques 
6.1 Evaluation Tools for DPL Implementations
6.1.1 Template Attacks
6.1.2 StochasticModel Attack
6.1.3 Experimental Results
6.1.4 Discussion
6.2 Combination ofMeasurements
6.2.1 Theoretical Background
6.2.2 Practical results
6.3 Conclusions
7 Conclusion and Perspectives 
7.1 Summary
7.2 Perspectives
List of Publications
Bibliography

GET THE COMPLETE PROJECT

Related Posts

Mechanism of ice accretion on insulator surface 

Fine scale habitat selection by forest

Raw materials and their impact on anode quality

Bacterial coloniza tion of winter flounder (pseudopleuronectes americanus)

Stereodivergence in asymmetric catalysis: towards selecting the configuration of consecutively formed stereogenic centers in a single pot catalytic process

BIOLOGICAL STUDIES OF TWO NATURAL N-ACYL HOMOSERINE LACTONES