ABSTRACT
This paper proposes a new ASIC design flow using latch retiming and random clock-gating to cope with power analysis side-channel attacks. We cast the side-channel attack problem as a combination of retiming and clock-gating problems and solve the problems using only existing EDA tool chains. In particular, we achieve light weight time-shifting obfuscation against DPA (Differential Power Analysis) and CPA (Correlation Power Analysis) attacks by changing when to latch randomly. Our proposed LRCG (Latch-based Random Clock-Gating) method incurs only 13% of hardware area overhead that is significantly smaller than other balancing and masking countermeasures which require 100% and 294% overhead, respectively. Our experimental results show that LRCG incurs only negligible performance and energy consumption penalty, while successfully preventing DPA and CPA attacks in all cases.
- M.-L. Akkar and C. Giraud. An implementation of DES and AES, secure against some attacks. In Proc. CHES, pages 309--318, 2001. Google ScholarDigital Library
- J. Ambrose, R. Ragel, and S. Parameswaran. RIJID: Random code injection to mask power analysis based side channel attacks. In Proc. DAC, pages 489--492, June 2007. Google ScholarDigital Library
- E. Brier, C. Clavier, and F. Olivie. Correlation power analysis with a leakage model. In Proc. CHES, pages 16--29, 2004.Google ScholarCross Ref
- J.-S. Coron and L. Goubin. On boolean and arithmetic masking against differential power analysis. In Proc. CHES, pages 231--237, 2000. Google ScholarDigital Library
- C. Gebotys. A table masking countermeasure for low-energy secure embedded systems. IEEE Trans. VLSI Syst., 14(7):740--753, July 2006. Google ScholarDigital Library
- B. Ghavami and H. Pedram. An automatic design flow for implementation of side channel attacks resistant crypto-chips. In PATMOS, pages 330--339, 2007. Google ScholarDigital Library
- J. D. Golic and C. Tymen. Multiplicative masking and power analysis of AES. In Proc. CHES, pages 198--212, 2003. Google ScholarDigital Library
- S. Guilley, P. Hoogvorst, Y. Mathieu, R. Pacalet, and J. Provost. CMOS structures suitable for secured hardware. In Proc. DATE, pages 1414--1415, 2004. Google ScholarDigital Library
- M. Khatir, A. Moradi, A. Ejlali, M. T. M. Shalmani, and M. Salmasizadeh. A secure and low-energy logic style using charge recovery approach. In Proc. ISLPED, pages 259--264, 2008. Google ScholarDigital Library
- P. C. Kocher, J. Jaffe, and B. Jun. Differential power analysis. In Proc. CRYPTO, pages 388--397, 1999. Google ScholarDigital Library
- H. Lee, S. Paik, and Y. Shin. Pulse width allocation with clock skew scheduling for optimizing pulsed latch-based sequential circuits. In Proc. ICCAD, pages 224--229, Nov. 2008. Google ScholarDigital Library
- T. S. Messerges, E. A. Dabbish, and R. H. Sloan. Investigations of power analysis attacks on smartcards. In Proc. USENIX Workshop on Smartcard Technology, page 17, Berkeley, CA, USA, 1999. USENIX Association. Google ScholarDigital Library
- S. Morioka and A. Satoh. An optimized S-Box circuit architecture for low power AES design. In Proc. CHES, pages 172--186, 2002. Google ScholarDigital Library
- M. Nassar, Y. Souissi, S. Guilley, and J.-L. Danger. RSM: a small and fast countermeasure for AES, secure against 1st and 2nd-order zero-offset SCAs. In Proc. DATE, pages 1173--1178, Mar. 2012.Google ScholarCross Ref
- T. Popp and S. Mangard. Masked dual-rail pre-charge logic: DPA-resistance without routing constraints. In Proc. CHES, pages 172--186, 2005. Google ScholarDigital Library
- M. Saeki, D. Suzuki, K. Shimizu, and A. Satoh. A design methodology for a DPA-resistant cryptographic LSI with RSL techniques. In Proc. CHES, pages 189--204, 2009. Google ScholarDigital Library
- A. Satoh, S. Morioka, K. Takano, and S. Munetoh. A compact rijndael hardware architecture with S-Box optimization. In Proc. ASIACRYPT, pages 239--254, 2001. Google ScholarDigital Library
- P. Schaumont and K. Tiri. Masking and dual-rail logic don't add up. In Proc. CHES, pages 95--106, 2007. Google ScholarDigital Library
- T. Sugawara, N. Homma, T. Aoki, and A. Satoh. Differential power analysis of AES ASIC implementations with various S-box circuits. In Proc. ECCTD, pages 395--398, Aug. 2009.Google ScholarCross Ref
- C. Sui, J. Wu, Y. Shi, Y.-B. Kim, and M. Choi. Random dynamic voltage scaling design to enhance security of NCL s-box. In Proc. IEEE International Midwest Symposium on Circuits and Systems, pages 1--4, Aug. 2011.Google ScholarCross Ref
- K. Tanimura and N. Dutt. ExCCel: Exploration of complementary cells for efficient DPA attack resistivity. In HOST, pages 52--55, Jun. 2010.Google ScholarCross Ref
- K. Tiri, M. Akmal, and I. Verbauwhede. A dynamic and differential CMOS logic with signal independent power consumption to withstand differential power analysis on smart cards. In Proc. ESSCIRC, pages 403--406, Sept. 2002.Google Scholar
- K. Tiri, D. Hwang, A. Hodjat, B. Lai, S. Yang, P. Schaumont, and I. Verbauwhede. Prototype ic with wddl and differential routing - DPA resistance assessment. In Proc. CHES, pages 354--365, 2005. Google ScholarDigital Library
- K. Tiri, D. Hwang, A. Hodjat, B. Lai, S. Yang, P. Schaumont, and I. Verbauwhede. A side-channel leakage free coprocessor IC in 0.18um CMOS for embedded AES-based cryptographic and biometric processing. In Proc. DAC, pages 222--227, June 2005. Google ScholarDigital Library
- K. Tiri and I. Verbauwhede. Securing encryption algorithms against DPA at the logic level: Next generation smart card technology. In Proc. CHES, pages 125--136, 2003.Google ScholarCross Ref
- K. Tiri and I. Verbauwhede. Charge recycling sense amplifler based logic: securing low power security ICs against DPA. In Proc. ESSCIRC, pages 179--182, Sept. 2004.Google Scholar
- K. Tiri and I. Verbauwhede. A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation. In Proc. DATE, volume 1, pages 246--251 Vol.1, Feb. 2004. Google ScholarDigital Library
- K. Tiri and I. Verbauwhede. Design method for constant power consumption of differential logic circuits. In Proc. DATE, pages 628--633, 2005. Google ScholarDigital Library
- K. Tiri and I. Verbauwhede. A vlsi design flow for secure side-channel attack resistant ICs. In Proc. DATE, volume 3, pages 58--63, Mar. 2005. Google ScholarDigital Library
- K. Tiri and I. Verbauwhede. A digital design flow for secure integrated circuits. IEEE Trans. Comput.-Aided Design Integr. Circuits Syst., 25(7):1197--1208, July 2006. Google ScholarDigital Library
- I. Verbauwhede, K. Tiri, D. Hwang, and P. Schaumonr. Circuits and design techniques for secure ICs resistant to side-channel attacks. In Proc. ICICDT, pages 1--4, 2006.Google Scholar
- S. Yang, W. Wolf, N. Vijaykrishnan, D. Serpanos, and Y. Xie. Power attack resistant cryptosystem design: a dynamic voltage and frequency switching approach. In Proc. DATE, volume 3, pages 64--69, Mar. 2005. Google ScholarDigital Library
- P. Yu and P. Schaumont. Secure FPGA circuits using controlled placement and routing. In Proc. CODES+ISSS, pages 45--50, 2007. Google ScholarDigital Library
Index Terms
- LRCG: latch-based random clock-gating for preventing power analysis side-channel attacks
Recommendations
An overview of side channel analysis attacks
ASIACCS '08: Proceedings of the 2008 ACM symposium on Information, computer and communications securityDuring the last ten years, power analysis attacks have been widely developed under many forms. They analyze the relation between the power consumption or electromagnetic radiation of a cryptographic device and the handled data during cryptographic ...
Assessing Correlation Power Analysis (CPA) Attack Resilience of Transistor-Level Logic Locking
GLSVLSI '21: Proceedings of the 2021 on Great Lakes Symposium on VLSILogic locking has demonstrated its potential to protect the intellectual property of integrated circuits (ICs). The security strength of logic locking is typically evaluated through functional and structural analysis-based attacks. There is limited work ...
A proposition for correlation power analysis enhancement
CHES'06: Proceedings of the 8th international conference on Cryptographic Hardware and Embedded SystemsCryptographic devices are vulnerable to the nowadays well known side channel leakage analysis. Secret data can be revealed by power analysis attacks such as Simple Power Analysis (SPA), Differential Power Analysis (DPA) and Correlation Power Analysis (...
Comments