Skip to main content
SpringerLink
Log in

Your rails cannot hide from localized EM: how dual-rail logic fails on FPGAs—extended version

  • CHES 2017
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

Protecting cryptographic implementations against side-channel attacks is a must to prevent leakage of processed secrets. As a cell-level countermeasure, so-called DPA-resistant logic styles have been proposed to prevent a data-dependent power consumption. As most of the DPA-resistant logic is based on dual rails, properly implementing them is a challenging task on FPGAs which is due to their fixed architecture and missing freedom in the design tools. While previous works show a significant security gain when using such logic on FPGAs, we demonstrate this only holds for power analysis. In contrast, our attack using high-resolution electromagnetic analysis is able to exploit local characteristics of the placement and routing such that only a marginal security gain remains, therefore creating a severe threat. To further analyze the properties of both attack and implementation, we develop a custom placer to improve the default placement of the analyzed AES S-box. Different cost functions for the placement are tested and evaluated w.r.t. the resulting side-channel resistance on a Spartan-6 FPGA. As a result, we are able to more than double the resistance of the design compared to cases not benefiting from the custom placement.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13

Similar content being viewed by others

Notes

  1. We omitted results from probes with \(100\upmu \hbox {m}\) and \(250\upmu \hbox {m}\) due to similarity reasons. In contrast, a probe with \(3\upmu \hbox {m}\) was almost equivalent to a power-based measurement.

  2. \(\mathrm {d} = \mathrm {abs}(x_s - x_m) + \mathrm {abs}(y_s - y_m)\), i.e., the rectangular distance over the grid.

  3. Our results can also be mapped onto BCDL [30] since it is similar to DPLnoEE.

  4. At a later point in time, \(en_o\) becomes active in order to check the correct functionality of the circuit. This is not covered by the recorded power and EM traces.

References

  1. Betz, V., Rose, J.: VPR: a new packing, placement and routing tool for FPGA research. In: Luk, W., Cheung, P.Y.K., Glesner, M. (eds.) Field-Programmable Logic and Applications. FPL 1997. Lecture Notes in Computer Science, vol. 1304. Springer, Berlin, Heidelberg (1997)

  2. Bhasin, S., Guilley, S., Flament, F., Selmane, N., Danger, J.L.: Countering early evaluation: an approach towards robust dual-rail precharge logic. In: WESS 2010, p. 6. ACM (2010)

  3. Canright, D.: A very compact S-box for AES. In: CHES 2005, LNCS, vol. 3659, pp. 441–455. Springer (2005)

  4. Cheng, C.L.E.: RISA: accurate and efficient placement routability modeling. In: Proceedings of the 1994 IEEE/ACM International Conference on Computer-aided Design, ICCAD ’94. IEEE Computer Society Press, Los Alamitos, CA, USA (1994)

  5. Cnudde, T.D., Bilgin, B., Gierlichs, B., Nikov, V., Nikova, S., Rijmen, V.: Does coupling affect the security of masked implementations? Cryptology ePrint Archive, Report 2016/1080 (2016)

  6. De Mulder, E., Buysschaert, P., Ors, S., Delmotte, P., Preneel, B., Vandenbosch, G., Verbauwhede, I.: Electromagnetic analysis attack on an FPGA implementation of an elliptic curve cryptosystem. In: Computer as a Tool, 2005. EUROCON 2005. The International Conference on, vol. 2, pp. 1879–1882 (2005)

  7. Durvaux, F., Standaert, F.X.: From Improved Leakage Detection to the Detection of Points of Interests in Leakage Traces, pp. 240–262. Springer, Berlin (2016)

    MATH  Google Scholar 

  8. Federal Information Processing Standards Publication (FIPS 197). Advanced Encryption Standard (AES) (2001)

  9. Giechaskiel, I., Eguro, K.: Information leakage between FPGA long wires. CoRR (2016). http://arxiv.org/abs/1611.08882

  10. Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual information analysis. In: CHES 2008, LNCS, vol. 5154, pp. 426–442. Springer (2008)

  11. Guilley, S., Hoogvorst, P., Mathieu, Y., Pacalet, R.: The "backend duplication" method. In: CHES 2005, LNCS, vol. 3659, pp. 383–397. Springer (2005)

  12. Güneysu, T., Moradi, A.: Generic side-channel countermeasures for reconfigurable devices. In: CHES 2011, LNCS, vol. 6917. Springer (2011)

  13. He, W., Herrmann, A.: Placement security analysis for side-channel resistant dual-rail scheme in FPGA. In: Proceedings of the Second Workshop on Cryptography and Security in Computing Systems, CS2 ’15 (2015)

  14. He, W., Otero, A., de la Torre, E., Riesgo, T.: Automatic generation of identical routing pairs for FPGA implemented DPL logic. In: ReConFig 2012. IEEE (2012)

  15. He, W., de la Torre, E., Riesgo, T.: A Precharge-absorbed DPL logic for reducing early propagation effects on FPGA implementations. In: ReConFig 2011. IEEE Computer Society (2011)

  16. Herbst, C., Oswald, E., Mangard, S.: An AES Smart Card Implementation Resistant to Power Analysis Attacks. In: ACNS 2006, LNCS, vol. 3989, pp. 239–252. Springer (2006)

  17. Heyszl, J., Mangard, S., Heinz, B., Stumpf, F., Sigl, G.: Localized electromagnetic analysis of cryptographic implementations. In: Dunkelman, O. (ed.) Topics in Cryptology—CT-RSA 2012, Lecture Notes in Computer Science, vol. 7178, pp. 231–244. Springer, Berlin (2012)

  18. Heyszl, J., Merli, D., Heinz, B., Santis, F.D., Sigl, G.: Strengths and limitations of high-resolution electromagnetic field measurements for side-channel analysis. In: Smart Card Research and Advanced Applications—11th International Conference, CARDIS, pp. 248–262 (2012)

  19. Immler, V., Specht, R., Unterstein, F.: Your rails cannot hide from localized EM: how dual-rail logic fails on FPGAS. In: Fischer W., Homma N. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2017—19th International Conference, Taipei, Taiwan, September 25–28, 2017, Proceedings, Lecture Notes in Computer Science, vol. 10529, pp. 403–424. Springer (2017)

  20. Kaps, J.P., Velegalati, R.: DPA resistant AES on FPGA using partial DDL. In: FCCM 2010, pp. 273–280. IEEE Computer Society (2010)

  21. Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: CRYPTO 1999, LNCS, vol. 1666, pp. 388–397. Springer (1999)

  22. Lavin, C., Padilla, M., Lamprecht, J., Lundrigan, P., Nelson, B., Hutchings, B., Wirthlin, M.: RapidSmith—A Library for Low-Level Manipulation of Partially Placed-and-Routed FPGA Designs. Technical repot, Brigham Young University (2012)

  23. Lomné, V., Maurine, P., Torres, L., Robert, M., Soares, R., Calazans, N.: Evaluation on FPGA of triple rail logic robustness against DPA and DEMA. In: DATE 009, pp. 634–639. IEEE (2009)

  24. Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, Berlin (2007)

    MATH  Google Scholar 

  25. Mangard, S., Schramm, K.: Pinpointing the side-channel leakage of masked AES hardware implementations. In: CHES (2006)

  26. Moradi, A., Eisenbarth, T., Poschmann, A., Paar, C.: Power analysis of Single-Rail storage elements as used in MDPL. In: ICISC 2009, LNCS, vol. 5984, pp. 146–160. Springer (2009)

  27. Moradi, A., Immler, V.: Early propagation and imbalanced routing, how to diminish in FPGAs. In: Batina, L., Robshaw, M. (eds.) Cryptographic Hardware and Embedded Systems-CHES 2014. CHES 2014. Lecture Notes in Computer Science, vol. 8731. Springer, Berlin, Heidelberg (2014)

  28. Moradi, A., Standaert, F.X.: Moments-correlating DPA. In: Proceedings of the 2016 ACM Workshop on Theory of Implementation Security, pp. 5–15. ACM (2016)

  29. Nam, G.J., Villarrubia, P.G.: Placement: Introduction/Problem Formulation. In: Alpert C.J., Mehta D.P., Sapatnekar S.S. (eds.) Handbook of Algorithms for Physical Design Automation, 1 edn., chap. 14, pp. 277 – 287. Auerbach Publications (2008)

  30. Nassar, M., Bhasin, S., Danger, J.L., Duc, G., Guilley, S.: BCDL: a high speed balanced DPL for FPGA with global precharge and no early evaluation. In: DATE 2010, pp. 849–854. IEEE (2010)

  31. Nikova, S., Rijmen, V., Schläffer, M.: Secure hardware implementation of nonlinear functions in the presence of glitches. J. Cryptol. 24(2), 292–321 (2011)

    Article  MathSciNet  MATH  Google Scholar 

  32. Oswald, E., Mangard, S., Pramstaller, N., Rijmen, V.: A side-channel analysis resistant description of the AES S-box. In: FSE 2005, LNCS, vol. 3557, pp. 413–423. Springer (2005)

  33. Peeters, E., Standaert, F.X., Quisquater, J.J.: Power and electromagnetic analysis: improved model, consequences and comparisons. Integr. VLSI J. 40, 52–60 (2007)

    Article  Google Scholar 

  34. Quisquater, J.J., Samyde, D.: Electromagnetic analysis (EMA): measures and counter-measures for smart cards. In: Attali, I., Jensen, T. (eds.) Smart Card Programming and Security, Lecture Notes in Computer Science, vol. 2140, pp. 200–210. Springer, Berlin (2001)

    Chapter  Google Scholar 

  35. Sauvage, L., Guilley, S., Danger, J.L., Mathieu, Y., Nassar, M.: Successful attack on an FPGA-based WDDL DES cryptoprocessor without place and route constraints. In: Proceedings of the Conference on Design, Automation and Test in Europe, DATE ’09 (2009)

  36. Sauvage, L., Nassar, M., Guilley, S., Flament, F., Danger, J.L., Mathieu, Y.: DPL on Stratix II FPGA: What to Expect? In: ReConFig 2009, pp. 243–248. IEEE Computer Society (2009)

  37. Schindler, W., Lemke, K., Paar, C.: A stochastic model for differential side channel cryptanalysis. In: International Workshop on Cryptographic Hardware and Embedded Systems, pp. 30–46. Springer (2005)

  38. Specht, R., Heyszl, J., Kleinsteuber, M., Sigl, G.: Improving non-profiled attacks on exponentiations based on clustering and extracting leakage from multi-channel high-resolution EM measurements, pp. 3–19. Springer International Publishing, Cham (2015)

  39. Standaert, F.X., Malkin, T., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: EUROCRYPT 2009, LNCS, vol. 5479, pp. 443–461. Springer (2009)

  40. Suzuki, D., Saeki, M.: Security evaluation of DPA countermeasures using dual-rail Pre-charge logic style. In: Goubin, L., Matsui, M. (eds.) Cryptographic Hardware and Embedded Systems-CHES 2006, vol. 4249. Springer, Berlin, Heidelberg (2006)

  41. Swartz, W.: Placement using simulated annealing. In: Alpert, C.J., Mehta, D.P., Sapatnekar, S.S. (eds.) Handbook of Algorithms for Physical Design Automation, pp. 311–325. Auerbach Publications, Boca Raton (2008)

    Google Scholar 

  42. Tiri, K., Hwang, D., Hodjat, A., Lai, B.C., Yang, S., Schaumont, P., Verbauwhede, I.: Prototype IC with WDDL and differential routing—DPA resistance assessment (2005)

  43. Tiri, K., Verbauwhede, I.: A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation. In: DATE 2004, pp. 246–251. IEEE Computer Society (2004)

  44. Tiri, K., Verbauwhede, I.: Place and route for secure standard cell design. In: CARDIS 2004, pp. 143–158. Kluwer (2004)

  45. Unterstein, F., Heyszl, J., De Santis, F., Specht, R.: Dissecting leakage resilient prfs with multivariate localized EM attacks—a practical security evaluation on FPGA. In: Constructive Side-Channel Analysis and Secure Design: 8th International Workshop, April 13–14, 2017. Springer International Publishing, Paris, France

  46. Wild, A., Moradi, A., Güneysu, T.: GliFreD: Glitch-Free Duplication—Towards Power-Equalized Circuits on FPGAs (2015). http://eprint.iacr.org/2015/124

  47. Yu, P., Schaumont, P.: Secure FPGA circuits using controlled placement and routing. In: CODES+ISSS 2007, pp. 45–50. ACM (2007)

Download references

Author information

Authors and Affiliations

  1. Fraunhofer Institute for Applied and Integrated Security, Garching, Germany

    Vincent Immler, Robert Specht & Florian Unterstein

Authors
  1. Vincent Immler
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Robert Specht
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Florian Unterstein
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vincent Immler.

Additional information

This paper is an extended version of the paper [19], presented at CHES 2017. In comparison with it, the novelties are: Additional experimental results from the performed attacks, more specifically: analysis results obtained by the stochastic approach that are aligned with heatmaps of the EM measurement. Moreover, a more detailed analysis and discussion of the placement and routing results is included.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Immler, V., Specht, R. & Unterstein, F. Your rails cannot hide from localized EM: how dual-rail logic fails on FPGAs—extended version. J Cryptogr Eng 8, 125–139 (2018). https://doi.org/10.1007/s13389-018-0185-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-018-0185-x

Keywords

Search

Navigation