Design Time Evaluation for Side-Channel Attack Resistant Cryptographic Implementations

Traditionally, most cryptographic algorithms were executed on server computers with high computational power; stored in physically secure locations. Improvements in technology have brought omnipresent embedded devices, which encompass our daily lives. Secure communication using such devices is additionally hindered from two additional aspects. Firstly, the majority of cryptographic algorithms were made for computers with significant processing power - whereas resources of embedded devices are often scarce. Secondly, recent research has shown that physical attacks, in particular Side-Channel Attacks (SCA), give an entire new perspective to the attacker. For example, power analysis attacks, DPA [5], CPA [2] or MIA [4], exploit information inherently present in the instantaneous power consumption of a digital circuit during operation. Because of their non-invasive nature, power analysis attacks are acknowledged as major threat to hardware security. In fact, multiple commercial devices with security functionalities have been recently broken by these techniques [1, 3, 6]. Amongst the embedded devices, passively powered devices are most widely used, while being most constrained in terms of resource and power-budget. For example, Radio Frequency IDentification (RFID) tags are often used for identification, access management, shipment tracking, and are available to handle contactless payment. Therefore, securing passively powered devices, and devices alike, is an imperative in the near future. Consequently, the cryptographic community strives towards the development of lightweight algorithms that require little computational power to execute, while being resilient to SCA. From the mathematical point of view problem is well understood, and many lightweight algorithms are present, e.g., PRESENT block cipher [7]. Also, here exist crude measures such as the size of the state to estimate the area, or the number of operations to estimate the delay. Nevertheless, they lack models and metrics for accurate design comparison, and SCA evaluation. Simulation is a powerful tool in hardware design that allows pre-silicon evaluations of digital circuits. Optimization techniques for typical design parameters are long-studied and well integrated into EDA (Electronic Design Automation) tools. This is the case for instance for area and delay. They are estimated at various stages in the hardware design flow and optimized according to the application requirements. Already at high level, e.g. at register transfer level, hardware designers have access to rather accurate delay or area models. These are embedded in standard cell libraries, and they are used both for simulation purposes and by synthesis tools. Models to estimate power consumption are less accurate but still exist. They are targeted towards low-power/low-energy design, a particular constraint for e.g. battery-operated devices. The side channel resistance of hardware circuits is mostly evaluated at post-silicon level, the last stage in hardware design. This has several shortcomings. Post-manufacturing analysis is a manual and time-consuming process that requires a high degree of lab expertise. For semiconductor companies, the window for addressing security vulnerabilities at this stage is strongly constrained by the time-to-market. Moreover, the maturity of the design can be an obstacle if substantial circuit modifications are required. Our research aims to overcome these issues by integrating side channel security into EDA design flows. Along with area, delay or low-power optimizations, our goal is to introduce SCA security as an extra design constraint. The main research challenge consists in developing accurate and efficient tools for power simulation. These are different from current models for low-power design, which focus on parameters such as peak or average power consumption. Assessing SCA security requires to model the instantaneous power consumption of a cryptographic circuit over time. To the best of our knowledge, such models are completely lacking. References [1] J. Balasch, B. Gierlichs, R. Verdult, L. Batina, and I. Verbauwhede, "Power Analysis of Atmel CryptoMemory - Recovering Keys from Secure EEPROMs," in Topics in Cryptology - CT-RSA 2012, O. Dunkelman, ed., vol. 7178 of Lecture Notes in Computer Science, Springer, 2012, pp. 19-34. [2] E. Brier, C. Clavier, and F. Olivier, Correlation Power Analysis with a Leakage Model, in Cryptographic Hardware and Embedded Systems - CHES 2004, M. Joye and J.-J. Quisquater, eds., vol. 3156 of Lecture Notes in Computer Science, Springer, 2004, pp. 16-29. [3] T. Eisenbarth, T. Kasper, A. Moradi, C. Paar, M. Salmasizadeh, and M. T. M. Shalmani, On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoq Code Hopping Scheme, in CRYPTO, D. Wagner, ed., vol. 5157 of Lecture Notes in Computer Science, Springer, Advances in Cryptology - CRYPTO 2008, pp. 203-220. [4] B. Gierlichs, L. Batina, P. Tuyls, and B. Preneel, Mutual Information Analysis, in Cryptographic Hardware and Embedded Systems - CHES 2008, E. Oswald and P. Rohatgi, eds., vol. 5154 of Lecture Notes in Computer Science, Springer, 2008, pp. 426-442. [5] P. C. Kocher, J. Jaffe, and B. Jun, Differential Power Analysis, in Advances in Cryptology - CRYPTO '99, M. J. Wiener, ed., vol. 1666 of Lecture Notes in Computer Science, Springer, 1999, pp. 388-397. [6] D. Oswald and C. Paar, Breaking Mifare DESFire MF3ICD40: Power Analysis and Templates in the Real World, in Cryptographic Hardware and Embedded Systems - CHES 2011, B. Preneel and T. Takagi, eds., vol. 6917 of Lecture Notes in Computer Science, Springer, 2011, pp. 207-222. [7] : A. Bogdanov, L. R. Knudsen, G. Leander, C. Paar, A. Poschmann, M. J. B. Robshaw, Y. Seurin, C. Vikkelsoe, PRESENT: An Ultra-Lightweight Block Cipher, in Cryptographic Hardware and Embedded Systems - CHES 2007, Volume 4727 of the series Lecture Notes in Computer Science pp 450-466.status: publishe