Skip to main content
SpringerLink
Log in

From cryptography to hardware: analyzing and protecting embedded Xilinx BRAM for cryptographic applications

  • Regular Paper
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

The design of cryptographic applications needs special care. For instance, physical attacks like side-channel analysis (SCA) are able to recover the secret key, just by observing the activity of the computation, even for mathematically robust algorithms like AES. SCA considers the “leakage” of a well chosen intermediate variable correlated with the secret. Field programmable gate-arrays (FPGA) are often used for hardware implementations for low to medium volume productions or when flexibility is needed. They offer many possibilities for the computation, like small look-up tables (LUT) and embedded block memories (BRAM). Certain countermeasures can be deployed, like dual-rail logic or masking, to resist SCA on FPGA. However to design an effective countermeasure, it is of prime importance for a designer to know the main leakage sources of the device. In this paper, we analyze the leakage source of a Xilinx Virtex V FPGA by studying three different AES architectures. The analysis is based on real measurements by using specific leakage models of the sensitive variable, adapted to each architecture. Our results demonstrate that, BRAM which were considered to leak less traditionally, are found to be equally vulnerable if we change the attack target from address register to output latch. We also show that if the leakage model is known, simple countermeasures with only 16 % overhead can be deployed to overcome the leakage.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18

Similar content being viewed by others

Notes

  1. There are actually several kinds of “ghost peaks”. In this footnote, we give some examples from the SCA literature in order to disambiguate the different origins of wrong key guesses phenomenon. One example is when a high spurious correlation is obtained at an irrelevant position of the trace, which happens when there is a lot of noise and few traces traces available to estimate the CPA. This is illustrated for instance in Fig. 3 of [14] (it is labelled “noisy peak”). Another kind of ghost peak can appear because unrelated activity occurs simultaneously with that being exploited. This has been exemplified in [10, Section 5.1], on the example of a hardware DES. If the attacker applies a mono-bit difference-of-means, then the attack can fail, because the three ignored bits (assumed erroneously to be independent from the one under analysis) leak information that overcomes the target bit, and fools the attacker into finding an incorrect key. In this section, we account for another type of ghost peaks, that happen later in time than the primary leakage, for a leakage model that involves the sensitive variable used “transformed”.

References

  1. Grøstl–a SHA-3 candidate. http://www.groestl.info/Groestl.pdf. Accessed 17 Aug 2012

  2. Altera. Stratix-II Device Handbook, vol. 1. http://www.altera.com/literature/hb/stx2/stratix2handbook.pdf

  3. Batina, L., Gierlichs, B., Prouff, E., Rivain, M., Standaert, F.-X., Veyrat-Charvillon, N.: Mutual information analysis: a comprehensive study. J. Cryptol. 24(2), 269–291 (2011)

    Article  MathSciNet  MATH  Google Scholar 

  4. Benoît, O., Peyrin, T.: Side-channel analysis of six SHA-3 candidates. In: CHES. Lecture Notes in Computer Science, vol. 6225, pp. 140–157. Springer, Santa Barbara, CA, USA, 17–20 Aug 2010

  5. Bhasin, S., Guilley, S., Souissi, Y., Graba, T., Danger, J.-L.: Efficient dual-rail implementations in FPGA using Block RAMs. In: ReConFig, pp. 261–267. IEEE Computer Society, 30 Nov to 2 Dec 2011. Cancún, Quintana Roo, México. doi:10.1109/ReConFig.2011.32 (2011)

  6. Bhasin, S., Selmane, N., Guilley, S., Danger, J.-L.: Security evaluation of different AES implementations against practical setup time violation attacks in FPGAs. In: HOST (Hardware Oriented Security and Trust), pp. 15–21, 27 July 2009. IEEE Computer Society. doi:10.1109/HST.2009.5225057; In conjunction with DAC-2009, Moscone Center, San Francisco, CA, USA

  7. Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: CRYPTO 97, LNCS, vol. 1294, pp. 1513–1521. Springer, Berlin (1997)

  8. Bogdanov, A., Knudsen, L.R., Leander, G., Paar, L., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight Block Cipher. In: CHES. Lecture Notes in Computer Science, vol. 4727, pp. 450–466, 10–13 September 2007. Springer, Vienna (2007)

  9. Brier, É., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: CHES. LNCS, vol. 3156, pp. 16–29, 11–13 Aug 2004. Springer, Cambridge (2004)

  10. Canovas, C., Clediere, J.: What do S-boxes say in differential side channel attacks? Cryptology ePrint Archive, Report 2005/311. http://eprint.iacr.org/ (2005)

  11. Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: CRYPTO. LNCS, vol. 1666, 15–19 Aug 1999. Springer, Santa Barbara. ISBN:3-540-66347-9 (1999)

  12. Doget, J., Prouff, E., Rivain, M., Standaert, F.-X.: Univariate side channel attacks and leakage modeling. J. Cryptographic Eng. 1(2), 123–144 (2011)

    Article  Google Scholar 

  13. Drimer, S., Güneysu, T., Paar, C.: DSPs, BRAMs and a Pinch of logic: new recipes for the AES on FPGAs. In: IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM), pp. 99–108. IEEE, Stanford. 14–15 Apr 2008

  14. Guilley, S., Sauvage, L., Danger, J.-L., Selmane, N., Pacalet, R.: Silicon-level solutions to counteract passive and active attacks. In: Breveglieri, L., Gueron, S., Koren, I., Naccache, D., Seifert, J.-P. (eds.) FDTC, pp. 3–17. IEEE Computer Society (2008)

  15. Heuser, A., Schindler, W., Stöttinger, M.: Revealing side-channel issues of complex circuits by enhanced leakage models. In: Rosenstiel, W., Thiele, L. (eds.) DATE, pp. 1179–1184. IEEE (2012)

  16. Kasper, M., Schindler, W., Stöttinger, M.: A stochastic method for security evaluation of cryptographic FPGA implementations. In: Bian, J., Zhou, Q., Athanas, P., Ha, Y., Zhao, K. (eds.) FPT, pp. 146–153. IEEE (2010)

  17. Maghrebi, H., Carlet, C., Guilley, S., Danger, J.-L.: Optimal first-order masking with linear and non-linear bijections. In: Mitrokotsa, A., Vaudenay, S. (eds.) AFRICACRYPT. Lecture Notes in Computer Science, vol. 7374, pp. 360–377. Springer, Berlin (2012)

  18. Maghrebi, H., Prouff, E., Guilley, S., Danger, J.-L.: A first-order leak-free masking countermeasure. In: CT-RSA. LNCS, vol. 7178, pp. 156–170, 27 February to 2 March 2012. Springer, San Francisco (2012). doi:10.1007/978-3-642-27954-6_10

  19. Moradi, A., Kasper, M., Paar, C.: On the portability of side-channel attacks—an analysis of the Xilinx Virtex 4 and Virtex 5 bitstream encryption mechanism. Cryptology ePrint Archive, Report 2011/391. http://eprint.iacr.org/2011/391/ (2011)

  20. Nassar, M., Souissi, Y., Guilley, S., Danger, J.-L.: RSM: a small and fast countermeasure for AES, secure against first- and second-order zero-offset SCAs. In: DATE, pp. 1173–1178, Dresden, Germany, 12–16 March 2012. (TRACK A: “Application Design”, TOPIC A5: “Secure Systems”) http://hal.archives-ouvertes.fr/hal-00666337/en (2012)

  21. NIST/ITL/CSD.: Data Encryption Standard. FIPS PUB 46–3, Oct 1999. http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf

  22. NIST/ITL/CSD.: Advanced Encryption Standard (AES). FIPS PUB 197, Nov 2001. http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf

  23. Prouff, E., Rivain, M.: Theoretical and practical aspects of mutual information based side channel analysis. In: Springer (ed.) ACNS, LNCS, vol. 5536, pp. 499–518, Paris-Rocquencourt, France, 2–5 June 2009

  24. Réal, D., Dubois, V., Guilloux, A.-M., Valette, F., Drissi, M.: SCARE of an unknown hardware Feistel implementation. In: CARDIS. LNCS, vol. 5189, pp. 218–227. Springer, London (2008)

  25. Schindler, W., Lemke, K., Paar, C.: A stochastic model for differential side channel cryptanalysis. In: LNCS (ed.) CHES. LNCS, vol. 3659, pp. 30–46. Springer, Edinburgh, Sept 2005

  26. Shah, S., Velegalati, R., Kaps, J.-P., Hwang. D.: Investigation of DPA resistance of block RAMs in cryptographic implementations on FPGAs. In: Prasanna, V.K., Becker, J., Cumplido, R. (eds.) ReConFig, pp. 274–279. IEEE Computer Society (2010)

  27. TELECOM ParisTech SEN research group. DPA Contest, 2nd edn. http://www.DPAcontest.org/v2/ (2009–2010)

  28. Tiri, K., Verbauwhede, I.: A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation. In: DATE’04, pp. 246–251. IEEE Computer Society, Paris. France. doi:10.1109/DATE.2004.1268856 (February 2004)

  29. Xilinx.: Spartan-6 FPGA Block RAM Resources User Guide—UG383 (v1.5). http://www.xilinx.com/support/documentation/user_guides/ug383.pdf

Download references

Acknowledgments

This research is partly supported by Strategic International Cooperative Program (Joint Research Type), Japan Science and Technology Agency (JST), and the French Agence Nationale pour la Recherche (ANR), via grant for project SPACES (Security evaluation of Physically Attacked Cryptoprocessors in Embedded Systems). The authors wish to thank Julien Francq and Antoine Wurker (EADS/Cassidian, Cyber Security Solutions Center) for insightful discussions about power attacks on AES and Grøstl [1].

Author information

Authors and Affiliations

  1. Department COMELEC, Institut MINES-TELECOM/TELECOM-ParisTech, CNRS LTCI (UMR 5141), 37/39 rue Dareau, 75 014 , Paris, France

    Shivam Bhasin, Sylvain Guilley & Annelie Heuser

  2. Department COMELEC, Institut MINES-TELECOM/TELECOM- ParisTech, CNRS LTCI (UMR 5141), 46 rue Barrault, 75 634 , Paris Cedex 13, France

    Jean-Luc Danger

Authors
  1. Shivam Bhasin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sylvain Guilley
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Annelie Heuser
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jean-Luc Danger
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shivam Bhasin.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Bhasin, S., Guilley, S., Heuser, A. et al. From cryptography to hardware: analyzing and protecting embedded Xilinx BRAM for cryptographic applications. J Cryptogr Eng 3, 213–225 (2013). https://doi.org/10.1007/s13389-013-0048-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-013-0048-4

Keywords

Search

Navigation