Abstract
The secret key used in a cryptosystem can be retrieved by physical attacks such as side-channel analysis (SCA) and fault analysis (FA) attacks. Traditionally, countermeasures for different physical attacks are developed in a separate fashion. To lay a solid foundation for countermeasure development for the emerging combined attacks, it is imperative to thoroughly study how the countermeasure for one attack affects the efficiency of other attack. In this work, we use a FPGA-based platform to investigate whether and how the FA countermeasure can influence the efficiency of the correlation power analysis (CPA) attack. Unlike the previous work using simulations on the S-Box only, our assessments are based on the FPGA emulation of the entire AES. In addition to considering different error detection codes, we compare the key retrieval speed of the CPA attack in the scenarios of using different power models, redundancy types for fault detection, modules under fault protection, and practical FPGA synthesis optimization. Furthermore, we propose a new countermeasure that integrates dynamic masking and error deflection to simultaneously thwart CPA and FA attacks. Experimental results show that for 100,000 power traces, our method successfully prevents the key leakage while other methods leak at least five AES subkey bytes. Meanwhile, our simulation also confirms that the proposed method reduces the success rate of FA attacks by up to 90 % over the other methods.
References
Amiel F, Villegas K, Feix B, and Marcel L (2007) Passive and active combined attacks: Combining fault attacks and side channel analysis, in Proc. Workshop on FDTC , pp. 92–102
Avirneni NDP, Somani AK (2014) Countering power analysis attacks using reliable and aggressive designs. IEEE Trans Comput 63(6):1408–1420
Bar-El H, Choukri H, Naccache D, Tunstall M, and Whelan C, (2004) The Sorcerer’s apprentice guide to fault attacks, Cryptology ePrint Archive, Report 2004/10
Barenghi A, Breveglieri. L, Koren I, Naccache D (2012) Fault injection attacks on cryptographic devices: Theory, practice, and countermeasures. Proc. IEEE 100(11):3056–3076
Bertoni G, Breveglieri L, Koren I, Maistri P and Piuri V (2002) A parity code based fault detection for an implementation of the Advanced Encryption Standard, In Proc. DFT Workshop, pp. 51–59
Bertoni G, Brevegelieri L, Koren I, Maistri P, Piuri V (2003) Error analysis and detection procedures for a hardware implementation of the advanced encryption standard. IEEE Trans. Computers 52(4):492–505
Breveglieri L, Koren I, and Maistri P, (2005) Incorporating Error Detection and Online Reconfiguration into a Regular Architecture for the Advanced Encryption Standard, in Proc. DFT, pp. 72–80
Brier E, Clavier C, and Olivier F (2004) Correlation power analysis with a leakage model, in Lecture Notes in Computer Science, 3156:16–29, Springer, Berlin
Canright D (2005) A Very Compact Rijndael S-box, Technical Report: NPS-MA-05-001, Naval Postgraduate School
Clavier C, Feix B, Gagnerot G, and Roussellet M (2010) Passive and active combined attacks on AES: Combining fault attacks and side channel analysis, in Proc. Workshop on FDTC , pp. 10–19
Daemen J and Rijmen V. (1999) Resistance against Implementation Attacks: A Comparative Study of the AES Proposals, in Proc. Second Advanced Encryption Standard (AES) Candidate Conference, pp. 1–11
Dassance F and Venelli A (2012) Combined Attacks on the AES Key Schedule, in Proc. Workshop on FDTC, pp. 63–71
Goodwill G, Jun B,Jaffe J, Rohatgi P (2011) A testing methodology for SideChannel resistance validation, In Proc. NIST Non-Invasive Attack Testing Workshop
Güneysu T, Moradi A (2011) Generic side-channel counter-measures for reconfigurable devices. CHES 11:33–48
Hajra S, Rebeiro C, Bhasin S , Bajaj G, Sharma S, Guilley S, and Mukhopadhyay D (2014) DRECON: DPA resistant encryption by construction, In AFRICACRYPT, 8469:420–439
https://github.com/freecores/aes_decrypt_fpga/tree/master/rtl/ verilog
Joye M, Manet P, and Rigaud J, (2007) Strengthening hardware AES implementations against fault attacks, in Proc. IET Info Security, 1(3):106–110
Karri R and Guo X (2012) Invariance-based concurrent error detection for advanced encryption standard, in Proc. DAC, pp. 573–578
Karri R, Wu K, Mishra P, Kim Y (2002) Concurrent error detection schemes for fault-based Side-Channel cryptanalysis of symmetric block ciphers. IEEE Trans. CAD 21(12):1509–1517
Karri R , Kuznetsov G and Goessel M (2003) Parity-Based Concurrent Error Detection of Substitution-Permutation Network Block Ciphers, Proc. Int’l Workshop Cryptographic Hardware and Embedded Systems (CHES ‘03), pp. 113–124
Kermani M. M and Reyhani-Masoleh A (2006) Parity-Based Fault Detection Architecture of S-box for Advanced Encryption Standard, In Proc. DFT’06, pp. 572–580
Kocher P, Jaffe J, and Jun B (1999) Differential Power Analysis, in Proc. Crypto’99, pp.388–397
Lomne. V, Roche T, and Thillard A, (2012) On the need of randomness in fault attack countermeasures—Application to AES, In: Proc. Workshop on FDTC , pp. 85–94
Luo P, Fei Y, Zhang L, and Ding AA (2014) Side-channel power analysis of different protection schemes against fault attacks on AES, in Proc. ReConFigurable Computing and FPGAs (ReConFig), pp. 1–6
Maingot V and Leveugle R (2006) Error detection code efficiency for secure chips, in Proc. ICECS, pp 561–564
Maingot V and Leveugle R (2007) On the use of error correcting and detecting codes in secured circuits, in Proc. PRIME, pp. 245–248
Maistri P, Leveugle R (2008) Double-data-rate computation as a countermeasure against fault analysis. IEEE Trans Comput 57(11):1528–1539
Mathew J, Rahaman H, Jabir A. M, Mohanty A.M. S. P, and Pradhan D. K (2010) On the design of different concurrent EDC schemes for s-box and gf(p), in Proc. ISQED, pp. 211–218
Moradi, A and Wild A (2015) Assessment of Hiding the Higher-Order Leakages in Hardware, In Proc. CHES pp. 453–474
Moradi A, Mischke O, Eisenbarth T (2010) Correlation-enhanced power analysis collision attack. In: Proc. CHES, pp.125–139
Moradi A, Mischke O, Paar C, Li Y, Ohta K, Sakiyama K (2011) On the power of fault sensitivity analysis and collision side-channel attacks in a combined setting, In CHES’11, LNCS, vol. 6917, pp. 292–311
Moradi. A, Shalmani M. T. M, and Salmasizadeh M, (2006) A generalized method of differential fault attack against AES cryptosystem, in Proc. CHES, 4249:91–100
Mozaffari-Kermani M, Reyhani-Masoleh A (2010) Concurrent structure-independent fault detection schemes for the advanced encryption standard. IEEE Trans Computers 59(5):608–622
National Inst. of Standards and Technology (2001) Federal Information Processing Standard Publication 197, the advanced encryption standard (AES), Nov 2001
O’Flynn C and Chen Z 2014 Chipwhisperer: An opensource platform for hardware embedded security research, in Proc. Prouff pp. 243–260.
O’Flynn C and Chen Z.D (2015) Side channel power analysis of an AES-256 bootloader, in Proc. CCECE, pp 750–755
Oswald E, Mangard S, Pramstaller N, and Rijmen V, (2005) A side-channel analysis resistant description of the AES S-box, in Proc. Fast Software Encryption (FSE). Lecture Notes in Computer Science, (Springer, Berlin), 3557:413–423
Pahlevanzadeh H, Dofe J, and Yu Q (2016) Assessing CPA resistance of AES with different fault tolerance mechanisms, in Proc the 21st ASP-DAC, pp 661–666
Patranabis S, Roy DB, Mukhopadhyay D (2016) Using Tweaks to Design Fault Resistant Ciphers, In Proc.VLSID, pp. 585–586
Prouff E and Rivain M (2013) Masking against side-channel attacks: A formal security proof, in Proc. EUROCRYPT, LNCS, 7881:142–159. Springer, Heidelberg
Regazzoni F, Eisenbarth T, Grossschadl J, and Breveglieri L, (2007) Power Attacks Resistance of Cryptographic S-boxes with added Error Detection Circuits, in Proc. DFT, pp. 508–516.
Regazzoni F, Eisenbarth T, Breveglieri L, Ienne P, and Koren I (2008) Can knowledge regarding the presence of countermeasures against fault attacks simplify power attacks on cryptographic devices, in Proc. DFT, pp 202–210
Roche T, Lomne V, and Khalfallah K, (2011) Combined Fault and Side- Channel Attack on Protected Implementations of AES, in Proc. Prouff, pp. 65–83
Roy SS, Jarvinen K, and Verbauwhede I (2015) Lightweight Coprocessor for Koblitz Curves: 283-Bit ECC Including Scalar Conversion with only 4300 Gates, In Proc. CHES’ 15 102–122
Schramm K, Paar C (2006) Higher order masking of the AES. In: Pointcheval D (ed) Topics in Cryptology-CT-RSA 2006, volume 3860 of lecture notes in computer science, pp. 208–225. Springer
Tunstall M, Mukhopadhyay D, and Ali S (2011) Differential fault analysis of the advanced encryption standard using a single fault. In Information Security Theory and Practice. Security and Privacy of Mobile Devices in Wireless Communication, pp. 224–233. Springer Berlin Heidelberg
Yen CH, Wu BF (2006) Simple Error Detection Methods for Hardware Implementation of Advanced Encryption Standard. IEEE Trans Computers 55(6):720–731
Author information
Authors and Affiliations
Corresponding author
Additional information
Responsible Editor: O. Sinanoglu
Rights and permissions
About this article
Cite this article
Dofe, J., Pahlevanzadeh, H. & Yu, Q. A Comprehensive FPGA-Based Assessment on Fault-Resistant AES against Correlation Power Analysis Attack. J Electron Test 32, 611–624 (2016). https://doi.org/10.1007/s10836-016-5598-9
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10836-016-5598-9