skip to main content
research-article

A DFA-Resistant and Masked PRESENT with Area Optimization for RFID Applications

Published: 28 July 2017 Publication History

Abstract

Radio-Frequency Identification (RFID) tag-based applications are usually resource constrained and security sensitive. However, only about 2,000 gate equivalents in a tag can be budgeted for implementing security components [27]. This requires not only lightweight cryptographic algorithms such as PRESENT (around 1,000 gate equivalents) but also lightweight protections against modern Side Channel Attacks (SCAs). With this budget, the first-order masking and fault detection are two suitable countermeasures to be developed for PRESENT. However, if both countermeasures are applied without any optimization, it will significantly exceed the given area budget. In this work, we optimize area to include both countermeasures to maximize the security for PRESENT within this RFID area budget. The most area-consuming parts of the proposed design are the masked S-boxes and the inverse masked S-boxes. To optimize the area, we have deduced a computational relationship between these two parts, which enables us to reuse the hardware resource of the masked S-boxes to implement the inverse masked S-boxes. The proposed design takes up only 2,376 gates with UMC 65nm CMOS technology. Compared with the unoptimized design, our implementation reduces the overall area by 28.45%. We have tested the effectiveness of the first-order Differential Power Analysis (DPA) and Differential Fault Analysis (DFA) -resistant countermeasures. Experimental results show that we have enhanced the SCA resistance of our PRESENT implementation.

References

[1]
Ray Beaulieu, Douglas Shors, Jason Smith, Stefan Treatman-Clark, Bryan Weeks, and Louis Wingers. 2013. The SIMON and SPECK families of lightweight block ciphers. IACR Cryptology ePrint Archive 2013 (2013), 404. http://eprint.iacr.org/2013/404
[2]
Eli Biham and Adi Shamir. 1997. Differential fault analysis of secret key cryptosystems. In Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO’97), Lecture Notes in Computer Science, Vol. 1294, Burton S. Kaliski Jr. (Ed.). Springer.
[3]
G. R. Blakley. 1979. Safeguarding cryptographic keys. In Proceedings of the National Computer Conference. 313--317.
[4]
Andrey Bogdanov, Lars R. Knudsen, Gregor Leander, Christof Paar, Axel Poschmann, Matthew J. B. Robshaw, Yannick Seurin, and C. Vikkelsoe. 2007. PRESENT: An ultra-lightweight block cipher. In Proceedings of the 9th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’07), Lecture Notes in Computer Science, Vol. 4727, Pascal Paillier and Ingrid Verbauwhede (Eds.). Springer, 450--466.
[5]
Dan Boneh, Richard A. DeMillo, and Richard J. Lipton. 1997. On the importance of checking cryptographic protocols for faults (extended abstract). In Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques, Advances in Cryptology (EUROCRYPT’97), Lecture Notes in Computer Science, Vol. 1233, Walter Fumy (Ed.). Springer, 37--51.
[6]
Julia Borghoff, Anne Canteaut, Tim Güneysu, Elif Bilge Kavun, Miroslav Knezevic, Lars R. Knudsen, Gregor Leander, Ventzislav Nikov, Christof Paar, Christian Rechberger, Peter Rombouts, Søren S. Thomsen, and Tolga Yalçin. 2012. PRINCE—A low-latency block cipher for pervasive computing applications (extended abstract). In Advances in Cryptology (ASIACRYPT 2012), 18th International Conference on the Theory and Application of Cryptology and Information Security, Lecture Notes in Computer Science, Vol. 7658, Xiaoyun Wang and Kazue Sako (Eds.). Springer, 208--225.
[7]
Arnaud Boscher and Helena Handschuh. 2008. Masking does not protect against differential fault attacks. In Proceedings of the 5th International Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC’08), Luca Breveglieri, Shay Gueron, Israel Koren, David Naccache, and Jean-Pierre Seifert (Eds.). IEEE Computer Society, 35--40.
[8]
Christophe De Cannière, Orr Dunkelman, and Miroslav Knezevic. 2009. KATAN and KTANTAN—A family of small and efficient hardware-oriented block ciphers. In Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’09), Lecture Notes in Computer Science, Vol. 5747, Christophe Clavier and Kris Gaj (Eds.). Springer, 272--288.
[9]
D. Canright and Lejla Batina. 2008. A very compact “perfectly masked” s-box for AES. In Proceedings of the 6th International Conference on Applied Cryptography and Network Security (ACNS’08), Lecture Notes in Computer Science, Vol. 5037, Steven M. Bellovin, Rosario Gennaro, Angelos D. Keromytis, and Moti Yung (Eds.). Springer, New York, 446--459.
[10]
Mickaël Cazorla, Kevin Marquet, and Marine Minier. 2013. Survey and benchmark of lightweight block ciphers for wireless sensor networks. IACR Cryptology ePrint Archive 2013 (2013), 295.
[11]
Pierre Dusart, Gilles Letourneux, and Olivier Vivolo. 2003. Differential fault analysis on A.E.S. IACR Cryptology ePrint Archive 2003 (2003), 10. http://eprint.iacr.org/2003/010
[12]
Martin Feldhofer, Sandra Dominikus, and Johannes Wolkerstorfer. 2004. Strong authentication for RFID systems using the AES algorithm. In Proceedings of the 6th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’04), Lecture Notes in Computer Science, Vol. 3156, Marc Joye and Jean-Jacques Quisquater (Eds.). Springer, Cambridge, MA, 357--370.
[13]
Laurie Genelle, Christophe Giraud, and Emmanuel Prouff. 2009. Securing AES implementation against fault attacks. In Proceedings of the 6th International Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC’09), Luca Breveglieri, Israel Koren, David Naccache, Elisabeth Oswald, and Jean-Pierre Seifert (Eds.). IEEE Computer Society, 51--62.
[14]
Nahid Farhady Ghalaty, Bilgiday Yuce, and Patrick Schaumont. 2015. Differential fault intensity analysis on PRESENT and LED block ciphers. In Proceedings of the 6th International Workshop on Constructive Side-Channel Analysis and Secure Design - (COSADE’15), Lecture Notes in Computer Science, Vol. 9064, Stefan Mangard and Axel Y. Poschmann (Eds.). Springer, Berlin, Germany, 174--188.
[15]
Christophe Giraud. 2004. DFA on AES. In Proceedings of the 4th International Conference on Advanced Encryption Standard (AES’04), Lecture Notes in Computer Science, Vol. 3373, Hans Dobbertin, Vincent Rijmen, and Aleksandra Sowa (Eds.). Springer, 27--41.
[16]
Jovan Dj. Golić. 2007. Techniques for random masking in hardware. IEEE Trans. Circuits Syst. I, Reg. Papers 54, 2 (2007), 291--300.
[17]
Louis Goubin and Jacques Patarin. 1999. DES and differential power analysis (the “duplication” method). In Proceedings of the 1st International Workshop on Cryptographic Hardware and Embedded Systems (CHES’99), Lecture Notes in Computer Science, Vol. 1717, Çetin Kaya Koç and Christof Paar (Eds.). Springer, 158--172.
[18]
Philipp Grabher, Johann Großschädl, and Dan Page. 2008. Light-weight instruction set extensions for bit-sliced cryptography. In Proceedings of the 10th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’08), Lecture Notes in Computer Science, Vol. 5154, Elisabeth Oswald and Pankaj Rohatgi (Eds.). Springer, 331--345.
[19]
Jian Guo, Thomas Peyrin, Axel Poschmann, and Matthew J. B. Robshaw. 2011. The LED block cipher. In Proceedings of the 13th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’11), Lecture Notes in Computer Science, Vol. 6917, Bart Preneel and Tsuyoshi Takagi (Eds.). Springer, 326--341.
[20]
Xu Guo, Zhimin Chen, and Patrick Schaumont. 2008. Energy and performance evaluation of an FPGA-based SoC platform with AES and PRESENT coprocessors. In Proceedings of the 8th International Workshop on Embedded Computer Systems: Architectures, Modeling, and Simulation, (SAMOS’08), Lecture Notes in Computer Science, Vol. 5114, Mladen Berekovic, Nikitas J. Dimopoulos, and Stephan Wong (Eds.). Springer, 106--115.
[21]
Xiaofei Guo and Ramesh Karri. 2013. Recomputing with permuted operands: A concurrent error detection approach. IEEE Trans. Comput.-Aided Design Integr. Circuits Syst. 32, 10 (2013), 1595--1608.
[22]
Xiaofei Guo, Debdeep Mukhopadhyay, Chenglu Jin, and Ramesh Karri. 2014. NREPO: Normal basis recomputing with permuted operands. IACR Cryptology ePrint Archive 2014 (2014), 497. http://eprint.iacr.org/2014/497
[23]
Xiaofei Guo, Debdeep Mukhopadhyay, Chenglu Jin, and Ramesh Karri. 2015. Security analysis of concurrent error detection against differential fault analysis. J. Crypt. Eng. 5, 3 (2015), 153--169.
[24]
Deukjo Hong, Jaechul Sung, Seokhie Hong, Jongin Lim, Sangjin Lee, Bonseok Koo, Changhoon Lee, Donghoon Chang, Jaesang Lee, Kitae Jeong, Hyun Kim, Jongsung Kim, and Seongtaek Chee. 2006. HIGHT: A new block cipher suitable for low-resource device. In Proceedings of the 8th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’06), Lecture Notes in Computer Science, Vol. 4249, Louis Goubin and Mitsuru Matsui (Eds.). Springer, 46--59.
[25]
Takanori Isobe and Kyoji Shibutani. 2012. Security analysis of the lightweight block ciphers XTEA, LED and Piccolo. In Proceedings of the 17th Australasian Conference on Information Security and Privacy (ACISP’12), Lecture Notes in Computer Science, Vol. 7372, Willy Susilo, Yi Mu, and Jennifer Seberry (Eds.). Springer, 71--86.
[26]
Marc Joye, Pascal Paillier, and Berry Schoenmakers. 2005. On second-order differential power analysis. In Proceedings of the 7th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’05), Lecture Notes in Computer Science, Vol. 3659, Josyula R. Rao and Berk Sunar (Eds.). Springer, 293--308.
[27]
Ari Juels and Stephen A. Weis. 2005. Authenticating pervasive devices with human protocols. In Proceedings of the 25th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO’05), Lecture Notes in Computer Science, Vol. 3621, Victor Shoup (Ed.). Springer, 293--308.
[28]
Mehran Mozaffari Kermani and Arash Reyhani-Masoleh. 2011b. A lightweight high-performance fault detection scheme for the advanced encryption standard using composite fields. IEEE Trans. Very Large Scale Integr. (VLSI) Syst. 19, 1 (2011), 85--91.
[29]
Mehran Mozaffari Kermani and Arash Reyhani-Masoleh. 2011a. A low-power high-performance concurrent fault detection approach for the composite field s-box and inverse s-box. IEEE Trans. Comput. 60, 9 (2011), 1327--1340.
[30]
Paul C. Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential power analysis. In Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO’99), Lecture Notes in Computer Science, Vol. 1666, Michael J. Wiener (Ed.). Springer, 388--397.
[31]
Gregor Leander, Christof Paar, Axel Poschmann, and Kai Schramm. 2007. New lightweight DES variants. In Proceedings of the 14th International Workshop on Fast Software Encryption (FSE’07), Lecture Notes in Computer Science, Vol. 4593, Alex Biryukov (Ed.). Springer, 196--210.
[32]
Gregor Leander and Axel Poschmann. 2007. On the classification of 4 bit s-boxes. In Proceedings of the 1st International Workshop on Arithmetic of Finite Fields (WAIFI’07), Lecture Notes in Computer Science, Vol. 4547, Claude Carlet and Berk Sunar (Eds.). Springer, 159--176.
[33]
Yang Li, Kazuo Sakiyama, Shigeto Gomisawa, Toshinori Fukunaga, Junko Takahashi, and Kazuo Ohta. Fault sensitivity analysis. In Proceedings of the 12th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’10), Lecture Notes in Computer Science, Stefan Mangard and François-Xavier Standaert (Eds.).
[34]
Chae Hoon Lim and Tymur Korkishko. 2005. mCrypton—A lightweight block cipher for security of low-cost RFID tags and sensors. In Proceedings of the 6th International Workshop on Information Security Applications (WISA’05) Lecture Notes in Computer Science, Vol. 3786, JooSeok Song, Taekyoung Kwon, and Moti Yung (Eds.). Springer, 243--258.
[35]
François Macé, François-Xavier Standaert, and Jean-Jacques Quisquater. 2007. ASIC implementations of the block cipher SEA for constrained applications. In RFID Security—RFIDsec. 103--114.
[36]
Stefan Mangard, Elisabeth Oswald, and Thomas Popp. 2007. Power Analysis Attacks—Revealing the Secrets of Smart Cards. Springer. I--XXIII, 1--337 pages.
[37]
Stefan Mangard, Norbert Pramstaller, and Elisabeth Oswald. 2005. Successfully attacking masked AES hardware implementations. In Proceedings of the 7th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’05), Lecture Notes in Computer Science, Vol. 3659, Josyula R. Rao and Berk Sunar (Eds.). Springer, 157--171.
[38]
Svetla Nikova, Christian Rechberger, and Vincent Rijmen. 2006. Threshold implementations against side-channel attacks and glitches. In Proceedings of the 8th International Conference on Information and Communications Security (ICICS’06), Lecture Notes in Computer Science, Vol. 4307, Peng Ning, Sihan Qing, and Ninghui Li (Eds.). Springer, 529--545.
[39]
Svetla Nikova, Vincent Rijmen, and Martin Schläffer. 2011. Secure hardware implementation of nonlinear functions in the presence of glitches. J. Cryptology 24, 2 (2011), 292--321.
[40]
Siddika Berna Örs, Frank K. Gürkaynak, Elisabeth Oswald, and Bart Preneel. 2004. Power-analysis attack on an ASIC AES implementation. In Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC’04). IEEE Computer Society, USA, 546--552.
[41]
Elisabeth Oswald, Stefan Mangard, Norbert Pramstaller, and Vincent Rijmen. 2005. A side-channel analysis resistant description of the AES S-box. In Proceedings of the 12th International Workshop on Fast Software Encryption (FSE’05), Lecture Notes in Computer Science, Vol. 3557, Henri Gilbert and Helena Handschuh (Eds.). Springer, 413--423.
[42]
Gilles Piret and Jean-Jacques Quisquater. 2003. A differential fault attack technique against SPN structures, with application to the AES and KHAZAD. In Proceedings of the 5th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’03), Lecture Notes in Computer Science, Vol. 2779, Colin D. Walter, Çetin Kaya Koç, and Christof Paar (Eds.). Springer, 77--88.
[43]
Axel Poschmann, Amir Moradi, Khoongming Khoo, Chu-Wee Lim, Huaxiong Wang, and San Ling. 2011. Side-channel resistant crypto for less than 2,300 GE. J. Cryptology 24, 2 (2011), 322--345.
[44]
Emmanuel Prouff, Matthieu Rivain, and Régis Bevan. 2009. Statistical analysis of second order differential power analysis. IEEE Trans. Comput. 58, 6 (2009), 799--811.
[45]
Carsten Rolfes, Axel Poschmann, Gregor Leander, and Christof Paar. 2008. Ultra-lightweight implementations for smart devices —Security for 1000 gate equivalents. In Proceedings of the 8th IFIP WG 8.8/11.2 International Conference on Smart Card Research and Advanced Applications (CARDIS’08), Lecture Notes in Computer Science, Vol. 5189, Gilles Grimaud and François-Xavier Standaert (Eds.). Springer, 89--103.
[46]
SASEBO-GII. http://www.rcis.aist.go.jp/special/sasebo/sasebo-gii-en.ht ml.
[47]
Adi Shamir. 1979. How to share a secret. Commun. ACM 22, 11 (1979), 612--613.
[48]
Kyoji Shibutani, Takanori Isobe, Harunaga Hiwatari, Atsushi Mitsuda, Toru Akishita, and Taizo Shirai. 2011. Piccolo: An ultra-lightweight blockcipher. In Proceedings of the 13th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’11), Lecture Notes in Computer Science, Vol. 6917, Bart Preneel and Tsuyoshi Takagi (Eds.). Springer, 342--357.
[49]
Yi Wang and Yajun Ha. 2013. FPGA-based 40.9-Gbits/s masked AES with area optimization for storage area network. IEEE Trans. Circuits Syst. II, Exp. Briefs 60, 1 (2013), 36--40.
[50]
Yi Wang and Yajun Ha. 2014. A performance and area efficient ASIP for higher-order DPA-resistant AES. IEEE Trans. Emerg. Sel. Topics Circuits Syst. 4, 2 (2014), 190--202.
[51]
Thomas J. Wollinger, Jorge Guajardo, and Christof Paar. 2004. Security on FPGAs: State-of-the-art implementations and attacks. ACM Trans. Embedded Comput. Syst. 3, 3 (2004), 534--574.
[52]
Lin Yang, Meiqin Wang, and Siyuan Qiao. 2009. Side channel cube attack on PRESENT. In Proceedings of the 8th International Conference on Cryptology and Network Security (CANS’09), Lecture Notes in Computer Science, Vol. 5888, Juan A. Garay, Atsuko Miyaji, and Akira Otsuka (Eds.). Springer, 379--391.

Cited By

View all
  • (2024)Characterizing and Optimizing LDPC Performance on 3D NAND Flash MemoriesACM Transactions on Architecture and Code Optimization10.1145/366347821:3(1-26)Online publication date: 14-Sep-2024
  • (2023)Location-and-Preference Joint Prediction for Task Assignment in Spatial CrowdsourcingIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2022.318896042:3(928-941)Online publication date: 1-Mar-2023
  • (2023)ADLPT: Improving 3D NAND Flash Memory Reliability by Adaptive Lifetime Prediction TechniquesIEEE Transactions on Computers10.1109/TC.2022.321411572:6(1525-1538)Online publication date: 1-Jun-2023
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Embedded Computing Systems
ACM Transactions on Embedded Computing Systems  Volume 16, Issue 4
Special Issue on Secure and Fault-Tolerant Embedded Computing and Regular Papers
November 2017
614 pages
ISSN:1539-9087
EISSN:1558-3465
DOI:10.1145/3092956
Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Journal Family

Publication History

Published: 28 July 2017
Accepted: 01 December 2016
Revised: 01 October 2016
Received: 01 May 2016
Published in TECS Volume 16, Issue 4

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. DFA-resistant
  2. PRESENT cipher
  3. RFID
  4. lightweight
  5. side channel attacks

Qualifiers

  • Research-article
  • Research
  • Refereed

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)5
  • Downloads (Last 6 weeks)0
Reflects downloads up to 17 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Characterizing and Optimizing LDPC Performance on 3D NAND Flash MemoriesACM Transactions on Architecture and Code Optimization10.1145/366347821:3(1-26)Online publication date: 14-Sep-2024
  • (2023)Location-and-Preference Joint Prediction for Task Assignment in Spatial CrowdsourcingIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2022.318896042:3(928-941)Online publication date: 1-Mar-2023
  • (2023)ADLPT: Improving 3D NAND Flash Memory Reliability by Adaptive Lifetime Prediction TechniquesIEEE Transactions on Computers10.1109/TC.2022.321411572:6(1525-1538)Online publication date: 1-Jun-2023
  • (2019)Exploiting Process Similarity of 3D Flash Memory for High Performance SSDsProceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture10.1145/3352460.3358311(211-223)Online publication date: 12-Oct-2019

View Options

Login options

Full Access

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media