From Full-Custom to Fully-Standard Cell Power Analysis Countermeasures
Visualitza/Obre
Estadístiques de LA Referencia / Recolecta
Inclou dades d'ús des de 2022
Cita com:
hdl:2117/99316
Tipus de documentText en actes de congrés
Data publicació2016-11-16
Condicions d'accésAccés obert
Llevat que s'hi indiqui el contrari, els
continguts d'aquesta obra estan subjectes a la llicència de Creative Commons
:
Reconeixement-NoComercial-SenseObraDerivada 3.0 Espanya
Abstract
Side-Channel Analysis (SCA) attacks have become one of the most significant problems in modern
digital systems. These attacks exploit and misuse the information related to the physical behavior of
cryptographic devices such as power consumption, emitted electromagnetic radiation, etc. One of the
most powerful SCA attacks is known as Power Analysis (PA). It does not require any assumptions
regarding the hardware implementation of the cryptographic chip, a complex setup or unique
measurement equipment. PA attacks target power supply monitoring, and fall into the category of passive
non-invasive attacks. This paper presents three methods to counter PA attacks.
The first, called Randomized Multi-Topology Logic (RMTL), is a full-custom countermeasure that
focuses on gate-level randomization. An RMTL gate can be configured dynamically to operate in one of
several topologies, where each topology induces a different power profile. When embedding several
RMTL gates in a crypto-system, the best protection against PA attacks is achieved by a random change
between the topologies of each RMTL gate during run time. Security results examining the RMTL based
implementation clearly show high immunity to PA attacks. However, like many other known hardware
based full-custom countermeasures, implementing the RMTL gates and integrating them in a cryptosystem
requires considerable effort, and make it very difficult to commercialize this technology.
The second methodology focuses on embedding CMOS based gates, dubbed Blurring Gates (BG), into
a crypto-system. This BG based technique is a fully-standard cell design: it is totally synthesizable and
can be implemented with standard flow tools and libraries. Hence, its implementation is definitely much
simpler. BG gates have two modes of operation: static and dynamic. They are placed along the logic path
to distribute the propagation over the whole clock cycle period (or over a predefined part of it). Each BG
can switch randomly between the two operational modes every cycle. This, in turn, blurs the information
passed in a clock cycle over the entire cycle. The embedding configurations result in a powerful hardware
technique with high immunity to PA attacks. Figure 1(a) illustrates a BG based implementation of a
combinatorial logic. Figure 1(b) shows correlation results vs. time for all possible key guesses. As can be
seen, the correct key cannot be revealed. However, the number of required random signals (derived from
the number of the embedded BG units) requires an area overhead for routing and transferring the random
signals from a True Random Number Generator (TRNG) module to the BG gates in a protected way.
The third methodology is a fully-standard cell design. Unlike the first and second countermeasures, in
this technology the area used for routing and transferring random signals from the TRNG-generator to the
BG gates is preserved but a different architecture to integrate the BG gates with the random signals is
required.
Fitxers | Descripció | Mida | Format | Visualitza |
---|---|---|---|---|
FCTRU_2016_27_From_Full_Custom.pdf | 2,155Mb | Visualitza/Obre |