Skip to main content
SpringerLink
Log in

Understanding the limitations and improving the relevance of SPICE simulations in side-channel security evaluations

  • Special Section on Proofs 2013
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

Simulation is a very powerful tool for hardware designers. It generally allows the preliminary evaluation of a chip’s performance before its final tape out. As security against side-channel attacks is an increasingly important issue for cryptographic devices, simulation also becomes a desirable option for preliminary evaluation in this case. However, its relevance highly depends on the proper modeling of all the attack peculiarities. For example, several works in the literature directly exploit SPICE-like simulations without considering measurement peripherals. But the outcome of such analyses may be questionable, as witnessed by the recent results of Renauld et al. at CHES 2011, which showed how far the power traces of an AES S-box implemented using a dynamic and differential logic style fabricated in 65nm CMOS can lie from their post-layout simulations. One important difference was found in the linear dependencies between the (simulated and actual) traces and the S-box input/output bits. While simulations exhibited highly non-linear traces, actual measurements were much more linear. As linearity is a crucial parameter for the application of non-profiled side-channel attacks (which are only possible under the assumption of “sufficiently linear leakages”), this observation motivated us to study the reasons of such differences. Consequently, this work discusses the relevance of simulation in security evaluations, and highlights its dependency on the proper modeling of measurement setups. For this purpose, we present a generic approach to build an adequate model to represent measurement artifacts, based upon real data from equipment providers for our AES S-box case study. Next, we illustrate the transformation of simulated leakages, from highly non-linear to reasonably linear, exploiting our model and regression-based side-channel analysis. While improving the relevance of simulations in security evaluations, our results also raise doubts regarding the possibility to design dual-rail implementations with highly non-linear leakages.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

Notes

  1. The noise-freeness naturally depends on the sampling, but in view of our low-noise measurements, we were able to extract well estimated means in our experiments.

  2. Gaussian noise is added to the simulated traces in a post processing step assuming the noise-free simulated traces to provide the means of our leakages.

  3. Strictly speaking, there are \(256^2\) transitions that could be considered. To reduce the cost of our analysis, we only considered transitions between 0 and a value between 0 and 255. From past experiments, we do not expect this restriction to have a strong impact on our conclusions, in particular for the part related to the leakages linearity.

  4. Models for the package [19] and QFP socket [3] do not exactly correspond to our setup (e.g. they differ in pin count)—but were the only publicly available ones.

References

  1. Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Cryptographic Hardware and Embedded Systems—CHES 2004: 6th International Workshop Cambridge, MA, USA, August 11–13, 2004. Proceedings, Lecture Notes in Computer Science, vol. 3156, pp. 16–29. Springer (2004). doi:10.1007/978-3-540-28632-5_2

  2. Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Proceedings of Cryptographic Hardware and Embedded Systems, CHES, pp. 13–28 (2002)

  3. Giga Test Labs: ARIES Electronics 64 Pin QFP (0.55 mm) Test Socket, Electrical Characterisation 0.05–3.05 GHz. Characterisation report (1997)

  4. Hassoune, I., Macé, F., Flandre, D., Legat, J.D.: Dynamic differential self-timed logic families for robust and low-power security ICs. Integration 40(3), 355–364 (2007)

    Google Scholar 

  5. Iokibe, K., Amano, T., Okamoto, K., Toyota, Y.: Equivalent circuit modeling of cryptographic integrated circuit for information security design. Electromagn. Compat. IEEE Trans. 55(3), 581–588 (2013). doi:10.1109/TEMC.2013.2250505

    Article  Google Scholar 

  6. Iokibe, K., Higashi, R., Tsuda, T., Ichikawa, K., Nakamura, K., Toyota, Y., Koga, R.: Modeling of microcontroller with multiple power supply pins for conducted emi simulations. In: Advanced Packaging and Systems Symposium, 2008. EDAPS 2008. Electrical Design of, pp. 135–138 (2008). doi:10.1109/EDAPS.2008.4736018

  7. Kamel, D., Renauld, M., Bol, D., Standaert, F.X., Flandre, D.: Analysis of dynamic differential swing limited logic for low-power secure applications. J. Low Power Electron. Appl. 1(2), 98–126 (2012). url:http://www.mdpi.com/2079-9268/2/1/98/

  8. Li, H., Markettos, A., Moore, S.: Security evaluation against electromagnetic analysis at design time. In: Rao, J., Sunar, B. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2005, Lecture Notes in Computer Science, pp. 280–292. Springer, Berlin (2005)

    Chapter  Google Scholar 

  9. Macé, F., Standaert, F.X., Quisquater, J.J.: Information theoretic evaluation of side-channel resistant logic styles. In: Paillier, P., Verbauwhede, I. (eds.) CHES, Lecture Notes in Computer Science, pp. 427–442. Springer, Berlin (2007)

    Google Scholar 

  10. Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks—Revealing the Secrets of Smart Cards. Springer, Berlin (2007)

    MATH  Google Scholar 

  11. Mangard, S., Popp, T., Gammel, B.M.: Side-channel leakage of masked CMOS gates. In: Menezes, A. (ed.) CT-RSA, Lecture Notes in Computer Science, pp. 351–365. Springer, Berlin (2005)

    Google Scholar 

  12. Nakamura, K.: EMC macro-model (LECCS-core) for multiple power-supply pin LSI. In: Proceeding of the EMC’04, Sendai, June (2004). url:http://ci.nii.ac.jp/naid/10018460119/en/

  13. Regazzoni, F., Cevrero, A., Standaert, F.X., Badel, S., Kluter, T., Brisk, P., Leblebici, Y., Lenne, P.: A design flow and evaluation framework for DPA-Resistant instruction set extensions. In: Clavier, C., Gaj, K. (eds.) CHES, Lecture Notes in Computer Science, pp. 205–219. Springer, Berlin (2009)

  14. Regazzoni, F., Eisenbarth, T., Poschmann, A., Großschädl, J., Gürkaynak, F.K., Macchetti, M., Deniz, Z.T., Pozzi, L., Paar, C., Leblebici, Y., Ienne, P.: Evaluating resistance of mcml technology to power analysis attacks using a simulation-based methodology. Trans. Comput. Sci. 4, 230–243 (2009)

    Google Scholar 

  15. Renauld, M., Kamel, D., Standaert, F.X., Flandre, D.: Information theoretic and security analysis of a 65-nanometer DDSLL AES S-Box. In: Proceedings of Cryptographic Hardware and Embedded Systems, CHES, pp. 223–239 (2011)

  16. Renauld, M., Standaert, F.X., Veyrat-Charvillon, N., Kamel, D., Flandre, D.: A formal study of power variability issues and side-channel attacks for nanoscale devices. In: EUROCRYPT, pp. 109–128 (2011)

  17. Schindler, W., Lemke, K., Paar, C.: A stochastic model for differential side channel cryptanalysis. In: Proceedings of Cryptographic Hardware and Embedded Systems, CHES, Springer, LNCS 3659, pp. 30–46. Springer, Berlin (2005)

  18. Standaert, F.X., Malkin, T.G., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques, EUROCRYPT, pp. 443–461. Springer, Berlin (2009). doi:10.1007/978-3-642-01001-9_26

  19. Texas instruments: AN-1205 electrical performance of packages. Application report (2004).

  20. Tiri, K., Verbauwhede, I.: Simulation models for side-channel information leaks. In: Jr. Joyner, W.H., Martin, G., Kahng, A.B. (eds.) DAC, pp. 228–233. ACM, USA (2005)

    Google Scholar 

  21. Tiri, K., Verbauwhede, I.: A digital design flow for secure integrated circuits. IEEE Trans. CAD Integr. Circuits Syst. 25(7), 1197–1208 (2006)

    Article  Google Scholar 

  22. Veyrat-Charvillon, N., cois Xavier Standaert, F.: Generic side- channel distinguishers: Improvements and limitations. In: Advances in Cryptology—CRYPTO 2011–31st Annual Cryptology Conference, Lecture Notes in Computer Science, vol. 6841, p. 348. Springer, Berlin (2011)

  23. Whitnall, C., Oswald, E., Standaert, F.X.: The myth of generic DPA... and the magic of learning. Cryptology ePrint Archive, Report 2012/256 (2012). url:http://eprint.iacr.org/

Download references

Acknowledgments

This work has been funded in parts by the European Commission through the ERC project 280141 (acronym CRASH), the European ISEC action Grant HOME/2010/ISEC/AG/INT-011 B-CCENTRE project, and the Walloon region WIST program project MIPSs. F.-X. Standaert is an associate researcher of the Belgian Fund for Scientific Research (FNRS-F.R.S.).

Author information

Authors and Affiliations

  1. ICTEAM/ELEN/Crypto Group, Université catholique de Louvain, Louvain-La-Neuve, Belgium

    Dina Kamel, Mathieu Renauld & François-Xavier Standaert

  2. ICTEAM/ELEN, Université catholique de Louvain, Louvain-La-Neuve, Belgium

    Denis Flandre

Authors
  1. Dina Kamel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mathieu Renauld
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Denis Flandre
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. François-Xavier Standaert
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dina Kamel.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kamel, D., Renauld, M., Flandre, D. et al. Understanding the limitations and improving the relevance of SPICE simulations in side-channel security evaluations. J Cryptogr Eng 4, 187–195 (2014). https://doi.org/10.1007/s13389-014-0080-z

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-014-0080-z

Keywords

Search

Navigation