Abstract
The Internet-of-Things today gives rise to a number of applications that require lightweight cryptographic primitives, such as block ciphers for secure and efficient computation using very little resources. This paper addresses the open problem of design-for-security methodologies for constructing such lightweight block ciphers with combined protection against both side channel and fault attacks. We propose novel design strategies that, unlike existing methodologies, are equipped with target-specific design choices. Our first proposal is the incorporation of lightweight linear layers that combine good diffusion properties with fault attack resistance via fault space transformation. Our second proposal is to make S-Box choices using a new metric called the modified transparency order, so as to facilitate a lightweight masking strategy where the mask is only periodically refreshed. Our third and final proposal is to implement a cipher-dependent multi-round shuffling technique that is lightweight and affords greater security than the standard shuffling schemes in the literature. Each of our propositions are assembled into one single construction for a PRESENT-like block cipher, that consumes 15% less look-up tables on a Xilinx xc5vlx50 FPGA than all existing threshold implementations of PRESENT, and provides good security guarantees against both fault and side-channel attacks. In particular, it resists both classical and biased fault attacks, and does not exceed the safety threshold against side-channel attacks over 50,000 power traces, collected on a SASEBO GII board.
Similar content being viewed by others
References
Kocher P, Jaffe J, Jun J (1999) Differential power analysis. In: Advances in cryptology, CRYPTO’99. Springer, pp 388–397
Tunstall M, Mukhopadhyay D, Ali S (2011) Differential fault analysis of the advanced encryption standard using a single fault. In: Information security theory and practice. Security and privacy of mobile devices in wireless communication. Springer, pp 224–233
Benini L, Macii A, Macii E, Omerbegovic E, Pro F, Poncino M (2003) Energy-aware design techniques for differential power analysis protection. In: Proceedings of the 40th design automation conference, DAC 2003, Anaheim, CA, USA June 2-6, 2003, pp 36–41
Standaert F-X, Peeters E, Quisquater J-J (2005) On the masking countermeasure and higher-order power analysis attacks. In: International conference on information technology: coding and computing, 2005. ITCC 2005, vol 1. IEEE, pp 562–567
Moradi A, Poschmann A (2010) Lightweight cryptography and dpa countermeasures: a survey. In: Financial cryptography and data security. Springer, pp 68–79
Guo X, Karri R (2013) Recomputing with permuted operands: a concurrent error detection approach. IEEE Trans Comput-Aided Design Integ Circuits Syst 32(10):1595–1608
Tupsamudre H, Bisht S, Mukhopadhyay D (2014) Destroying fault invariant with randomization. In: Cryptographic hardware and embedded systems–CHES 2014. Springer, pp 93–111
Thuy Ngo X, Bhasin S, Danger J-L, Guilley S, Najm Z (2015) Linear complementary dual code improvement to strengthen encoded circuit against hardware trojan horses. In: 2015 IEEE international symposium on hardware oriented security and trust (HOST). IEEE, pp 82–87
Ghalaty N, Yuce B, Taha M, Schaumont P (2014) Differential fault intensity analysis. In: Proceedings 2014 workshop on fault diagnosis and tolerance in cryptography (FDTC), vol 2014. IEEE, pp 49–58
Patranabis S, Chakraborty A, Nguyen PH, Mukhopadhyay D (2015) A biased fault attack on the time redundancy countermeasure for AES. In: Constructive side-channel analysis and secure design. Springer, pp 189–203
(2001). FIPS PUB 197. Advanced Encryption Standard. National Institute of Standards and Technology
Bogdanov A, Knudsen LR, Leander G, Paar C, Poschmann A, Robshaw MJB, Seurin Y, Vikkelsoe C (2007) PRESENT: an ultralightweight block cipher. In: Cryptographic hardware and embedded systems - CHES 2007, 9th international workshop, Vienna, Austria, September 10-13, 2007, Proceedings, pp 450–466
Beaulieu R, Shors D, Smith J, Treatman-Clark S, Weeks B, Wingers L (2015) The SIMON and SPECK lightweight block ciphers. In: Proceedings of the 52nd annual design automation conference, San Francisco, CA, USA, June 7-11, 2015, pp 175: 1–175:6
Karpovsky M, Kulikowski KJ, Taubin A (2004) Robust protection against fault-injection attacks on smart cards implementing the advanced encryption standard. In: 2004 international conference on dependable systems and networks. IEEE, pp 93–101
Regazzoni F, Eisenbarth T, Breveglieri L, Ienne P, Koren I (2008) Can knowledge regarding the presence of countermeasures against fault attacks simplify power attacks on cryptographic devices?. In: IEEE international symposium on defect and fault tolerance of VLSI systems, 2008. DFTVS’08. IEEE, pp 202–210
Patranabis S, Chakraborty A, Mukhopadhyay D, Chakrabarti PP (2017) Fault space transformation: a generic approach to counter differential fault analysis and differential fault intensity analysis on aes-like block ciphers. IEEE Trans Inf Forensics Secur 12(5):1092–1102
Albrecht MR, Driessen B, Kavun EB, Leander G, Paar C, Yalçın T (2014) Block ciphers–focus on the linear layer (feat. pride). In: Advances in cryptology–CRYPTO 2014. Springer, pp 57–76
Bogdanov A, Knudsen LR, Leander G, Paar C, Poschmann A, Robshaw MJB, Seurin Y, Vikkelsoe C (2007) PRESENT: an ultra-lightweight block cipher. Springer, Berlin
Banik S, Pandey SK, Peyrin T, Sasaki Y, Sim SM, Todo Y (2017) GIFT: a small present - towards reaching the limit of lightweight encryption. In: CHES, volume 10529 of lecture notes in computer science. Springer, pp 321–345
Maghrebi H, Danger J-L, Flament F, Guilley S, Sauvage L (2009) Evaluation of countermeasure implementations based on Boolean masking to thwart side-channel attacks. In: 2009 3rd international conference on signals, circuits and systems (SCS). IEEE, pp 1–6
Chakraborty K, Sarkar S, Maitra S, Mazumdar B, Mukhopadhyay D, Prouff E (2017) Redefining the transparency order. Des Codes Crypt 82(1-2):95–115
Mangard S (2004) Hardware countermeasures against DPA–a statistical analysis of their effectiveness. In: Topics in cryptology–CT-RSA 2004. Springer, pp 222–235
Edwards C (2015) Growing pains for deep learning. Commun ACM 58(7):14–16
Schneider T, Moradi A (2015) Leakage assessment methodology. In: Cryptographic hardware and embedded systems–CHES 2015. Springer, pp 495–513
Piret G, Quisquater J-J (2003) A differential fault attack technique against SPN structures, with application to the AES and KHAZAD. In: Cryptographic hardware and embedded systems, CHES 2003. Springer, pp 77–88
Robisson B, Manet P (2007) Differential behavioral analysis. In: Cryptographic hardware and embedded systems - CHES 2007, 9th international workshop, Vienna, Austria, September 10-13, 2007, Proceedings, pp 413–426
Blömer J, Seifert J-P (2003) Fault based cryptanalysis of the advanced encryption standard (AES). In: Wright RN (ed) Financial cryptography, volume 2742 of lecture notes in computer science. Springer, pp 162–181
Malkin T, Standaert FX, Yung M (2005) A comparative cost/security analysis of fault attack countermeasures. In: 2005 workshop on fault diagnosis and tolerance in cryptography (FDTC). IEEE, pp 109–123
Maistri P, Leveugle R (2008) Double-data-rate computation as a countermeasure against fault analysis. IEEE Trans Comput 57(11):1528–1539
Joye M, Manet P, Rigaud J-B (2007) Strengthening hardware AES implementations against fault attacks. IET Inf Secur 1(3):106–110
Karri R, Kuznetsov G, Goessel M (2003) Parity-based concurrent error detection of substitution-permutation network block ciphers. In: Cryptographic hardware and embedded systems-CHES 2003. Springer, pp 113–124
Patranabis S, Chakraborty A, Mukhopadhyay D (2015) Fault tolerant infective countermeasure for AES. In: Security, privacy, and applied cryptography engineering. Springer, pp 190–209
Bringer J, Carlet C, Chabanne H, Guilley S, Maghrebi H (2014) Orthogonal direct sum masking. In: Information security theory and practice. Securing the internet of things. Springer, pp 40–56
Danger J-L, Guilley S, Bhasin S, Nassar M, Sauvage L (2009) Overview of dual rail with precharge logic styles to thwart implementation-level attacks on hardware cryptoprocessors. SCS 00431261:1–7
He W, Breier J, Bhasin S, Chattopadhyay A (2016) Bypassing parity protected cryptography using laser fault injection in cyber-physical system. In: Proceedings of the 2nd ACM international workshop on cyber-physical system security. ACM, pp 15–21
Junod P, Vaudenay S (2005) Perfect diffusion primitives for block ciphers. In: Selected areas in cryptography. Springer, pp 84–99
Brinkmann M, Leander G (2008) On the classification of APN functions up to dimension five. Des Codes Crypt 49(1-3):273–288
Mukhopadhyay D, Chowdhury DR (2011) A parallel efficient architecture for large cryptographically robust n × k (k>n/2) mappings. IEEE Trans Comput 60(3):375–385
Anderson R, Biham E, Lars K (1998) Serpent: a proposal for the advanced encryption standard. NIST AES Proposal 174:349– 354
Guo J, Peyrin T, Poschmann A (2011) The photon family of lightweight hash functions. In: Advances in cryptology–CRYPTO 2011. Springer, pp 222–239
Guo J, Peyrin T, Poschmann A, Robshaw M (2011) The led block cipher. In: Cryptographic hardware and embedded systems–CHES 2011. Springer, pp 326–341
Augot D, Finiasz M (2014) Direct construction of recursive MDS diffusion layers using shortened BCH codes. In: Fast software encryption. Springer, pp 3–17
Sim SM, Khoo K, Oggier F, Peyrin T (2015) Lightweight MDS involution matrices. In: International workshop on fast software encryption. Springer, pp 471–493
Li Y, Wang M (2016) On the construction of lightweight circulant involutory MDS matrices. In: International conference on fast software encryption. Springer, pp 121–139
Liu M, Sim SM (2016) Lightweight MDS generalized circulant matrices. In: International conference on fast software encryption. Springer, pp 101–120
Sarkar S, Syed H (2016) Lightweight diffusion layer: importance of toeplitz matrices. IACR Transactions on Symmetric Cryptology 2016(1):95–113
Jean J, Peyrin T, Sim SM, Tourteaux J (2017) Optimizing implementations of lightweight building blocks. IACR Transactions on Symmetric Cryptology 2017(4):130–168
Avanzi R (2017) The QARMA block cipher family. almost mds matrices over rings with zero divisors, nearly symmetric even-mansour constructions with non-involutory central rounds, and search heuristics for low-latency S-Boxes. IACR Transactions on Symmetric Cryptology 2017(1):4–44
Chen C-L, Hsiao MY (1984) Error-correcting codes for semiconductor memory applications: a state-of-the-art review. IBM J Res Dev 28(2):124–134
Costello D, Lin S (2004) Error control coding. New Jersey
Rodríguez-Henríquez F, Saqib NA, Perez AD, Koc CK (2007) Cryptographic algorithms on reconfigurable hardware. Springer, Berlin
Mukhopadhyay D, Chakraborty RS (2014) Hardware security : design, threats, and safeguards. CRC Press, Boca Raton
Guilley S, Hoogvorst P, Pacalet R (2004) Differential power analysis model and some results. In: Quisquater JJ, Paradinas P, Deswarte Y, El Kalam AA (eds) Smart card research and advanced applications VI – CARDIS 2004. Kluwer Academic Publishers, pp 127–142
Prouff E (2005) DPA attacks and S-Boxes. In: Handschuh H, Gilbert H (eds) Fast software encryption – FSE 2005, volume 3557 of lecture notes in computer science. Springer, pp 424–442
Whitnall C, Oswald E (2011) A comprehensive evaluation of mutual information analysis using a fair evaluation framework. In: Rogaway P (ed) CRYPTO, volume 6841 of lecture notes in computer science. Springer, pp 316–334
Kavun EB, Yalçin T (2011) RAM-based ultra-lightweight FPGA implementation of PRESENT. In: 2011 international conference on reconfigurable computing and FPGAs, ReConFig 2011, Cancun, Mexico, November 30 - December 2, 2011, pp 280–285
Roy DB, Das P, Mukhopadhyay D (2015) ECC on your fingertips: a single instruction approach for lightweight ECC design in GF(p). In: Selected areas in cryptography - SAC 2015 - 22nd international conference, Sackville, NB, Canada, August 12-14, 2015, Revised Selected Papers, pp 161–177
Borghoff J, Canteaut A, Güneysu T, Kavun EB, Knezevic M, Knudsen LR, Leander G, Nikov V, Paar C, Rechberger C, Rombouts P, Thomsen SS, Yalçin T (2012) PRINCE - a low-latency block cipher for pervasive computing applications - extended abstract. In: Wang X, Sako K (eds) Advances in cryptology - ASIACRYPT 2012 - 18th international conference on the theory and application of cryptology and information security, Beijing, China, December 2-6, 2012. Proceedings, volume 7658 of lecture notes in computer science. Springer, pp 208– 225
Dobraunig C, Eichlseder M, Mangard S, Mendel F (2014) On the security of fresh re-keying to counteract side-channel and fault attacks. In: International conference on smart card research and advanced applications. Springer, pp 233–244
Chen C, Farmani M, Eisenbarth T (2016) A tale of two shares: why two-share threshold implementation seems worthwhile-and why it is not. IACR Cryptology ePrint Archive 2016:434
Poschmann A, Moradi A, Khoo K, Lim C-W, Wang H, Ling S (2011) Side-channel resistant crypto for less than 2,300 GE. J Cryptol 24(2):322–345
Moradi A, Wild A (2015) Assessment of hiding the higher-order leakages in hardware - what are the achievements versus overheads?. In: Cryptographic hardware and embedded systems - CHESS 2015 - 17th international workshop, Saint-Malo, France, September 13-16, 2015, Proceedings, pp 453–474
Sasdrich P, Moradi A, Güneysu T (2015) Affine equivalence and its application to tightening threshold implementations. In: Selected areas in cryptography - SAC 2015 - 22nd international conference, Sackville, NB, Canada, August 12-14, 2015, revised selected papers, pp 263–276
De Cnudde T, Nikova S (2016) More efficient private circuits II through threshold implementations. In: 2016 workshop on fault diagnosis and tolerance in cryptography, FDTC 2016, Santa Barbara, CA, USA, August 16, 2016, pp 114–124
Cnudde TD, Nikova S (2017) Securing the present block cipher against combined side-channel analysis and fault attacks. IEEE Trans Very Large Scale Integr VLSI Syst 25:3291–3301
Schneider T, Moradi A, Güneysu T (2016) Parti - towards combined hardware countermeasures against side-channel and fault-injection attacks. In: Advances in cryptology - CRYPTO 2016 - 36th annual international cryptology conference, Santa Barbara, CA, USA, August 14-18, 2016, Proceedings, Part II, pp 302–332
Guo J, Peyrin T, Poschmann A, Robshaw MJB (2011) The LED block cipher. In: Cryptographic hardware and embedded systems - CHES 2011 - 13th international workshop, Nara, Japan, September 28 - October 1, 2011, Proceedings, pp 326–341
Acknowledgments
The authors would like to thank the anonymous reviewers of Journal of Hardware and Systems Security for their helpful comments and suggestions.
Funding
This study is supported by to the Intel Corporation, USA for partial funding of the work under the project “LightCrypto: Ultra-Light-weight Robust Crypto-Architectures for Performance and Energy.”
Author information
Authors and Affiliations
Corresponding author
Additional information
The authors would like to thank Intel Corporation, USA for partial funding of the work under the project “LightCrypto: Ultra-Light-weight Robust Crypto-Architectures for Performance and Energy”.
Rights and permissions
About this article
Cite this article
Patranabis, S., Roy, D.B., Chakraborty, A. et al. Lightweight Design-for-Security Strategies for Combined Countermeasures Against Side Channel and Fault Analysis in IoT Applications. J Hardw Syst Secur 3, 103–131 (2019). https://doi.org/10.1007/s41635-018-0049-y
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s41635-018-0049-y