Skip to main content
SpringerLink
Log in

Lightweight Design-for-Security Strategies for Combined Countermeasures Against Side Channel and Fault Analysis in IoT Applications

  • Published:
Journal of Hardware and Systems Security Aims and scope Submit manuscript

Abstract

The Internet-of-Things today gives rise to a number of applications that require lightweight cryptographic primitives, such as block ciphers for secure and efficient computation using very little resources. This paper addresses the open problem of design-for-security methodologies for constructing such lightweight block ciphers with combined protection against both side channel and fault attacks. We propose novel design strategies that, unlike existing methodologies, are equipped with target-specific design choices. Our first proposal is the incorporation of lightweight linear layers that combine good diffusion properties with fault attack resistance via fault space transformation. Our second proposal is to make S-Box choices using a new metric called the modified transparency order, so as to facilitate a lightweight masking strategy where the mask is only periodically refreshed. Our third and final proposal is to implement a cipher-dependent multi-round shuffling technique that is lightweight and affords greater security than the standard shuffling schemes in the literature. Each of our propositions are assembled into one single construction for a PRESENT-like block cipher, that consumes 15% less look-up tables on a Xilinx xc5vlx50 FPGA than all existing threshold implementations of PRESENT, and provides good security guarantees against both fault and side-channel attacks. In particular, it resists both classical and biased fault attacks, and does not exceed the safety threshold against side-channel attacks over 50,000 power traces, collected on a SASEBO GII board.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13

Similar content being viewed by others

References

  1. Kocher P, Jaffe J, Jun J (1999) Differential power analysis. In: Advances in cryptology, CRYPTO’99. Springer, pp 388–397

  2. Tunstall M, Mukhopadhyay D, Ali S (2011) Differential fault analysis of the advanced encryption standard using a single fault. In: Information security theory and practice. Security and privacy of mobile devices in wireless communication. Springer, pp 224–233

  3. Benini L, Macii A, Macii E, Omerbegovic E, Pro F, Poncino M (2003) Energy-aware design techniques for differential power analysis protection. In: Proceedings of the 40th design automation conference, DAC 2003, Anaheim, CA, USA June 2-6, 2003, pp 36–41

  4. Standaert F-X, Peeters E, Quisquater J-J (2005) On the masking countermeasure and higher-order power analysis attacks. In: International conference on information technology: coding and computing, 2005. ITCC 2005, vol 1. IEEE, pp 562–567

  5. Moradi A, Poschmann A (2010) Lightweight cryptography and dpa countermeasures: a survey. In: Financial cryptography and data security. Springer, pp 68–79

  6. Guo X, Karri R (2013) Recomputing with permuted operands: a concurrent error detection approach. IEEE Trans Comput-Aided Design Integ Circuits Syst 32(10):1595–1608

    Article  Google Scholar 

  7. Tupsamudre H, Bisht S, Mukhopadhyay D (2014) Destroying fault invariant with randomization. In: Cryptographic hardware and embedded systems–CHES 2014. Springer, pp 93–111

  8. Thuy Ngo X, Bhasin S, Danger J-L, Guilley S, Najm Z (2015) Linear complementary dual code improvement to strengthen encoded circuit against hardware trojan horses. In: 2015 IEEE international symposium on hardware oriented security and trust (HOST). IEEE, pp 82–87

  9. Ghalaty N, Yuce B, Taha M, Schaumont P (2014) Differential fault intensity analysis. In: Proceedings 2014 workshop on fault diagnosis and tolerance in cryptography (FDTC), vol 2014. IEEE, pp 49–58

  10. Patranabis S, Chakraborty A, Nguyen PH, Mukhopadhyay D (2015) A biased fault attack on the time redundancy countermeasure for AES. In: Constructive side-channel analysis and secure design. Springer, pp 189–203

  11. (2001). FIPS PUB 197. Advanced Encryption Standard. National Institute of Standards and Technology

  12. Bogdanov A, Knudsen LR, Leander G, Paar C, Poschmann A, Robshaw MJB, Seurin Y, Vikkelsoe C (2007) PRESENT: an ultralightweight block cipher. In: Cryptographic hardware and embedded systems - CHES 2007, 9th international workshop, Vienna, Austria, September 10-13, 2007, Proceedings, pp 450–466

  13. Beaulieu R, Shors D, Smith J, Treatman-Clark S, Weeks B, Wingers L (2015) The SIMON and SPECK lightweight block ciphers. In: Proceedings of the 52nd annual design automation conference, San Francisco, CA, USA, June 7-11, 2015, pp 175: 1–175:6

  14. Karpovsky M, Kulikowski KJ, Taubin A (2004) Robust protection against fault-injection attacks on smart cards implementing the advanced encryption standard. In: 2004 international conference on dependable systems and networks. IEEE, pp 93–101

  15. Regazzoni F, Eisenbarth T, Breveglieri L, Ienne P, Koren I (2008) Can knowledge regarding the presence of countermeasures against fault attacks simplify power attacks on cryptographic devices?. In: IEEE international symposium on defect and fault tolerance of VLSI systems, 2008. DFTVS’08. IEEE, pp 202–210

  16. Patranabis S, Chakraborty A, Mukhopadhyay D, Chakrabarti PP (2017) Fault space transformation: a generic approach to counter differential fault analysis and differential fault intensity analysis on aes-like block ciphers. IEEE Trans Inf Forensics Secur 12(5):1092–1102

    Article  Google Scholar 

  17. Albrecht MR, Driessen B, Kavun EB, Leander G, Paar C, Yalçın T (2014) Block ciphers–focus on the linear layer (feat. pride). In: Advances in cryptology–CRYPTO 2014. Springer, pp 57–76

  18. Bogdanov A, Knudsen LR, Leander G, Paar C, Poschmann A, Robshaw MJB, Seurin Y, Vikkelsoe C (2007) PRESENT: an ultra-lightweight block cipher. Springer, Berlin

    MATH  Google Scholar 

  19. Banik S, Pandey SK, Peyrin T, Sasaki Y, Sim SM, Todo Y (2017) GIFT: a small present - towards reaching the limit of lightweight encryption. In: CHES, volume 10529 of lecture notes in computer science. Springer, pp 321–345

  20. Maghrebi H, Danger J-L, Flament F, Guilley S, Sauvage L (2009) Evaluation of countermeasure implementations based on Boolean masking to thwart side-channel attacks. In: 2009 3rd international conference on signals, circuits and systems (SCS). IEEE, pp 1–6

  21. Chakraborty K, Sarkar S, Maitra S, Mazumdar B, Mukhopadhyay D, Prouff E (2017) Redefining the transparency order. Des Codes Crypt 82(1-2):95–115

    Article  MathSciNet  MATH  Google Scholar 

  22. Mangard S (2004) Hardware countermeasures against DPA–a statistical analysis of their effectiveness. In: Topics in cryptology–CT-RSA 2004. Springer, pp 222–235

  23. Edwards C (2015) Growing pains for deep learning. Commun ACM 58(7):14–16

    Article  Google Scholar 

  24. Schneider T, Moradi A (2015) Leakage assessment methodology. In: Cryptographic hardware and embedded systems–CHES 2015. Springer, pp 495–513

  25. Piret G, Quisquater J-J (2003) A differential fault attack technique against SPN structures, with application to the AES and KHAZAD. In: Cryptographic hardware and embedded systems, CHES 2003. Springer, pp 77–88

  26. Robisson B, Manet P (2007) Differential behavioral analysis. In: Cryptographic hardware and embedded systems - CHES 2007, 9th international workshop, Vienna, Austria, September 10-13, 2007, Proceedings, pp 413–426

  27. Blömer J, Seifert J-P (2003) Fault based cryptanalysis of the advanced encryption standard (AES). In: Wright RN (ed) Financial cryptography, volume 2742 of lecture notes in computer science. Springer, pp 162–181

  28. Malkin T, Standaert FX, Yung M (2005) A comparative cost/security analysis of fault attack countermeasures. In: 2005 workshop on fault diagnosis and tolerance in cryptography (FDTC). IEEE, pp 109–123

  29. Maistri P, Leveugle R (2008) Double-data-rate computation as a countermeasure against fault analysis. IEEE Trans Comput 57(11):1528–1539

    Article  MathSciNet  MATH  Google Scholar 

  30. Joye M, Manet P, Rigaud J-B (2007) Strengthening hardware AES implementations against fault attacks. IET Inf Secur 1(3):106–110

    Article  Google Scholar 

  31. Karri R, Kuznetsov G, Goessel M (2003) Parity-based concurrent error detection of substitution-permutation network block ciphers. In: Cryptographic hardware and embedded systems-CHES 2003. Springer, pp 113–124

  32. Patranabis S, Chakraborty A, Mukhopadhyay D (2015) Fault tolerant infective countermeasure for AES. In: Security, privacy, and applied cryptography engineering. Springer, pp 190–209

  33. Bringer J, Carlet C, Chabanne H, Guilley S, Maghrebi H (2014) Orthogonal direct sum masking. In: Information security theory and practice. Securing the internet of things. Springer, pp 40–56

  34. Danger J-L, Guilley S, Bhasin S, Nassar M, Sauvage L (2009) Overview of dual rail with precharge logic styles to thwart implementation-level attacks on hardware cryptoprocessors. SCS 00431261:1–7

    Google Scholar 

  35. He W, Breier J, Bhasin S, Chattopadhyay A (2016) Bypassing parity protected cryptography using laser fault injection in cyber-physical system. In: Proceedings of the 2nd ACM international workshop on cyber-physical system security. ACM, pp 15–21

  36. Junod P, Vaudenay S (2005) Perfect diffusion primitives for block ciphers. In: Selected areas in cryptography. Springer, pp 84–99

  37. Brinkmann M, Leander G (2008) On the classification of APN functions up to dimension five. Des Codes Crypt 49(1-3):273–288

    Article  MathSciNet  MATH  Google Scholar 

  38. Mukhopadhyay D, Chowdhury DR (2011) A parallel efficient architecture for large cryptographically robust n × k (k>n/2) mappings. IEEE Trans Comput 60(3):375–385

    Article  MathSciNet  MATH  Google Scholar 

  39. Anderson R, Biham E, Lars K (1998) Serpent: a proposal for the advanced encryption standard. NIST AES Proposal 174:349– 354

    Google Scholar 

  40. Guo J, Peyrin T, Poschmann A (2011) The photon family of lightweight hash functions. In: Advances in cryptology–CRYPTO 2011. Springer, pp 222–239

  41. Guo J, Peyrin T, Poschmann A, Robshaw M (2011) The led block cipher. In: Cryptographic hardware and embedded systems–CHES 2011. Springer, pp 326–341

  42. Augot D, Finiasz M (2014) Direct construction of recursive MDS diffusion layers using shortened BCH codes. In: Fast software encryption. Springer, pp 3–17

  43. Sim SM, Khoo K, Oggier F, Peyrin T (2015) Lightweight MDS involution matrices. In: International workshop on fast software encryption. Springer, pp 471–493

  44. Li Y, Wang M (2016) On the construction of lightweight circulant involutory MDS matrices. In: International conference on fast software encryption. Springer, pp 121–139

  45. Liu M, Sim SM (2016) Lightweight MDS generalized circulant matrices. In: International conference on fast software encryption. Springer, pp 101–120

  46. Sarkar S, Syed H (2016) Lightweight diffusion layer: importance of toeplitz matrices. IACR Transactions on Symmetric Cryptology 2016(1):95–113

    Google Scholar 

  47. Jean J, Peyrin T, Sim SM, Tourteaux J (2017) Optimizing implementations of lightweight building blocks. IACR Transactions on Symmetric Cryptology 2017(4):130–168

    Google Scholar 

  48. Avanzi R (2017) The QARMA block cipher family. almost mds matrices over rings with zero divisors, nearly symmetric even-mansour constructions with non-involutory central rounds, and search heuristics for low-latency S-Boxes. IACR Transactions on Symmetric Cryptology 2017(1):4–44

    Google Scholar 

  49. Chen C-L, Hsiao MY (1984) Error-correcting codes for semiconductor memory applications: a state-of-the-art review. IBM J Res Dev 28(2):124–134

    Article  Google Scholar 

  50. Costello D, Lin S (2004) Error control coding. New Jersey

  51. Rodríguez-Henríquez F, Saqib NA, Perez AD, Koc CK (2007) Cryptographic algorithms on reconfigurable hardware. Springer, Berlin

    Google Scholar 

  52. Mukhopadhyay D, Chakraborty RS (2014) Hardware security : design, threats, and safeguards. CRC Press, Boca Raton

    Book  Google Scholar 

  53. Guilley S, Hoogvorst P, Pacalet R (2004) Differential power analysis model and some results. In: Quisquater JJ, Paradinas P, Deswarte Y, El Kalam AA (eds) Smart card research and advanced applications VI – CARDIS 2004. Kluwer Academic Publishers, pp 127–142

  54. Prouff E (2005) DPA attacks and S-Boxes. In: Handschuh H, Gilbert H (eds) Fast software encryption – FSE 2005, volume 3557 of lecture notes in computer science. Springer, pp 424–442

  55. Whitnall C, Oswald E (2011) A comprehensive evaluation of mutual information analysis using a fair evaluation framework. In: Rogaway P (ed) CRYPTO, volume 6841 of lecture notes in computer science. Springer, pp 316–334

  56. Kavun EB, Yalçin T (2011) RAM-based ultra-lightweight FPGA implementation of PRESENT. In: 2011 international conference on reconfigurable computing and FPGAs, ReConFig 2011, Cancun, Mexico, November 30 - December 2, 2011, pp 280–285

  57. Roy DB, Das P, Mukhopadhyay D (2015) ECC on your fingertips: a single instruction approach for lightweight ECC design in GF(p). In: Selected areas in cryptography - SAC 2015 - 22nd international conference, Sackville, NB, Canada, August 12-14, 2015, Revised Selected Papers, pp 161–177

  58. Borghoff J, Canteaut A, Güneysu T, Kavun EB, Knezevic M, Knudsen LR, Leander G, Nikov V, Paar C, Rechberger C, Rombouts P, Thomsen SS, Yalçin T (2012) PRINCE - a low-latency block cipher for pervasive computing applications - extended abstract. In: Wang X, Sako K (eds) Advances in cryptology - ASIACRYPT 2012 - 18th international conference on the theory and application of cryptology and information security, Beijing, China, December 2-6, 2012. Proceedings, volume 7658 of lecture notes in computer science. Springer, pp 208– 225

  59. Dobraunig C, Eichlseder M, Mangard S, Mendel F (2014) On the security of fresh re-keying to counteract side-channel and fault attacks. In: International conference on smart card research and advanced applications. Springer, pp 233–244

  60. Chen C, Farmani M, Eisenbarth T (2016) A tale of two shares: why two-share threshold implementation seems worthwhile-and why it is not. IACR Cryptology ePrint Archive 2016:434

    MATH  Google Scholar 

  61. Poschmann A, Moradi A, Khoo K, Lim C-W, Wang H, Ling S (2011) Side-channel resistant crypto for less than 2,300 GE. J Cryptol 24(2):322–345

    Article  MathSciNet  MATH  Google Scholar 

  62. Moradi A, Wild A (2015) Assessment of hiding the higher-order leakages in hardware - what are the achievements versus overheads?. In: Cryptographic hardware and embedded systems - CHESS 2015 - 17th international workshop, Saint-Malo, France, September 13-16, 2015, Proceedings, pp 453–474

  63. Sasdrich P, Moradi A, Güneysu T (2015) Affine equivalence and its application to tightening threshold implementations. In: Selected areas in cryptography - SAC 2015 - 22nd international conference, Sackville, NB, Canada, August 12-14, 2015, revised selected papers, pp 263–276

  64. De Cnudde T, Nikova S (2016) More efficient private circuits II through threshold implementations. In: 2016 workshop on fault diagnosis and tolerance in cryptography, FDTC 2016, Santa Barbara, CA, USA, August 16, 2016, pp 114–124

  65. Cnudde TD, Nikova S (2017) Securing the present block cipher against combined side-channel analysis and fault attacks. IEEE Trans Very Large Scale Integr VLSI Syst 25:3291–3301

  66. Schneider T, Moradi A, Güneysu T (2016) Parti - towards combined hardware countermeasures against side-channel and fault-injection attacks. In: Advances in cryptology - CRYPTO 2016 - 36th annual international cryptology conference, Santa Barbara, CA, USA, August 14-18, 2016, Proceedings, Part II, pp 302–332

  67. Guo J, Peyrin T, Poschmann A, Robshaw MJB (2011) The LED block cipher. In: Cryptographic hardware and embedded systems - CHES 2011 - 13th international workshop, Nara, Japan, September 28 - October 1, 2011, Proceedings, pp 326–341

Download references

Acknowledgments

The authors would like to thank the anonymous reviewers of Journal of Hardware and Systems Security for their helpful comments and suggestions.

Funding

This study is supported by to the Intel Corporation, USA for partial funding of the work under the project “LightCrypto: Ultra-Light-weight Robust Crypto-Architectures for Performance and Energy.”

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Indian Institute of Technology Kharagpur, Kharagpur, 721302, West Bengal, India

    Sikhar Patranabis, Debapriya Basu Roy, Anirban Chakraborty & Debdeep Mukhopadhyay

  2. Department of Electrical Engineering, Indian Institute of Technology Kharagpur, Kharagpur, 721302, West Bengal, India

    Naveen Nagar & Astikey Singh

  3. Intel Labs, Intel Corporation 2111 NE 25th Ave, Hillsboro, OR, 97124, USA

    Santosh Ghosh

Authors
  1. Sikhar Patranabis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Debapriya Basu Roy
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Anirban Chakraborty
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Naveen Nagar
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Astikey Singh
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Debdeep Mukhopadhyay
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Santosh Ghosh
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sikhar Patranabis.

Additional information

The authors would like to thank Intel Corporation, USA for partial funding of the work under the project “LightCrypto: Ultra-Light-weight Robust Crypto-Architectures for Performance and Energy”.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Patranabis, S., Roy, D.B., Chakraborty, A. et al. Lightweight Design-for-Security Strategies for Combined Countermeasures Against Side Channel and Fault Analysis in IoT Applications. J Hardw Syst Secur 3, 103–131 (2019). https://doi.org/10.1007/s41635-018-0049-y

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s41635-018-0049-y

Keywords

Search

Navigation