A formal study of two physical countermeasures against side channel attacks

Abstract

Secure electronic circuits must implement countermeasures against a wide range of attacks. Often, the protection against side channel attacks requires to be tightly integrated within the functionality to be protected. It is now part of the designer’s job to implement them. But this task is known to be error-prone, and with current development processes, countermeasures are evaluated often very late (at circuit fabrication). To improve the confidence of the designer in the efficiency of the countermeasure, we suggest in this article to resort to formal methods early in the design flow for two reasons. First of all, we intend to check that the process of transformation of the design from the vulnerable description to the protected one does not alter the functionality. Second, we wish to prove that the security properties (that can derive from a formal security functional specification) are indeed met after transformation. Our first contribution is to show how such a framework can be setup (in COQ) for netlist-level protections. The second contribution is to illustrate that this framework indeed allows to detect vulnerabilities in dual-rail logics, with the examples of wave differential dynamic logic and balanced cell-based differential logic.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

References

  1. 1.

    Bouesse, G.F., Sicard, G., Renaudin, M.: Path swapping method to improve DPA resistance of quasi delay insensitive asynchronous circuits. In: Goubin, L., Matsui, M. (eds.) CHES. Lecture Notes in Computer Science, vol. 4249, pp. 384–398. Springer, Berlin (2006)

  2. 2.

    Braibant, T.: Coquet: a coq library for verifying hardware. In: Jouannaud, J.-P., Shao, Z. (eds.) CPP. Lecture Notes in Computer Science, vol. 7086, pp. 330–345. Springer, Berlin (2011)

  3. 3.

    Chen, Z., Zhou, Y.: Dual-rail random switching logic: a countermeasure to reduce side channel leakage. In: CHES, October 10–13, Yokohama, Japan. LNCS, vol. 4249, pp. 242–254. Springer, Berlin (2006). doi:10.1007/11894063_20

  4. 4.

    Common Criteria ($aka$ CC) for Information Technology Security Evaluation (ISO/IEC 15408) (2013). http://www.commoncriteriaportal.org/

  5. 5.

    The Coq Development Team. The Coq Proof Assistant Reference Manual Version 7.2. INRIA-Rocquencourt, December 2001. http://coq.inria.fr/doc-eng.html

  6. 6.

    Coupet-Grimal, S., Jakubiec, L.: Certifying circuits in type theory. Formal Aspects Comput. 16(4), 352–373 (2004)

    MATH  Article  Google Scholar 

  7. 7.

    Danger, J.-L., Guilley, S., Bhasin, S., Nassar, M.: Overview of dual rail with precharge logic styles to thwart implementation-level attacks on hardware cryptoprocessors—new attacks and improved counter measures. In: SCS, 6–8 November, Jerba, Tunisia, pp. 1–8. IEEE, New York (2009). doi:10.1109/ICSCS.2009.5412599

  8. 8.

    He, W., de la Torre, E., Riesgo, T.: An interleaved EPE-immune PA-DPL structure for resisting concentrated EM side channel attacks on FPGA implementation. In: Schindler, W., Huss, S.A. (eds.) COSADE. Lecture Notes in Computer Science, vol. 7275, pp. 39–53. Springer, Berlin (2012)

  9. 9.

    Nassar, M., Bhasin, S., Danger, J.-L., Duc, G., Guilley, S.: BCDL: a high performance balanced DPL with global precharge and without early-evaluation. In: DATE’10, 8–12 March 2010, Dresden, Germany, pp. 849–854. IEEE Computer Society, New York (2010)

  10. 10.

    Nikova, S., Rijmen, V., Schläffer, M.: Secure hardware implementation of non-linear functions in the presence of glitches. In: ICISC, Seoul, Korea. Lecture Notes in Computer Science, vol. 5461, pp. 218–234. Springer, Berlin (2008)

  11. 11.

    Paulin-Mohring, C.: Circuits as streams in Coq : verification of a sequential multiplier. In: Berardi, S., Coppo, M. (eds.) Types for Proofs and Programs, TYPES’95. Lecture Notes in Computer Science, vol. 1158 (1996)

  12. 12.

    Popp, T., Mangard, S.: Masked dual-rail pre-charge logic: DPA-resistance without routing constraints. In: CHES. LNCS, vol. 3659, pp. 172–186 (2005). doi:10.1007/11545262_13

  13. 13.

    Quémard, J.-P.: Cryptographic algorithms and security mechanisms conformance testing, 10 2010. N10801 NWIP, Draft 6 ISO/IEC JTC 1/SC 27 N

  14. 14.

    Soares, R., Calazans, N., Lomné, V., Maurine, P., Torres, L., Robert, M.: Evaluating the robustness of secure triple track logic through prototyping. In: SBCCI’08: Proceedings of the 21st Symposium on Integrated Circuits and System Design, Gramado, Brazil, pp. 193–198. ACM, New York (2008)

  15. 15.

    Tiri, K., Verbauwhede, I.: A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation. In: Proceedings of DATE’2004, Paris, France, pp. 246–251 (2004)

Download references

Acknowledgments

The authors wish to thank Renaud Pacalet, from LabSoC (Sophia-Antipolis, France), for insightful comments and pieces of advice. We are also grateful to the anonymous reviewers of PROOFS 2012 (Leuven, Belgium), who helped improve the preliminary version of this paper. This work has been supported partly by the French research agency (ANR), via the “SEFPGA” project (Secure embedded Field Programmable Gates Array), also endorsed by the System@tic competitivity cluster, and the joint French-Japan ANR-JSP “SPACES” project (Security evaluation of Physically Attacked Cryptoprocessors in Embedded Systems). Besides, this work has benefited from a grant funded by a French DoD (DGA) in the framework of the “BCDL” RAPID project.

Author information

Affiliations

Authors

Corresponding author

Correspondence to Sylvain Guilley.

Appendix A: Formalisation in the COQ proof assistant

Appendix A: Formalisation in the COQ proof assistant

In this appendix section, we give a flavour of the COQ formalisation.

Combinational circuits

We define the type of gates as a record type parametrised by the type A of the alphabet on which the gates operate. The words over A are simply represented by list of elements of type A.

We assume that the gates come with a typing function gate_wf and a partial evaluation function gate_eval. The two properties gate_eval_wf_prop and gate_wf_eval _prop express the fact that the typing function and the evaluation function are defined consistently, as we explained in Sect. 3.3.

figurea2

The type of combinational circuits is an inductive type parametrised by the type of underlying gates.

figurea3

The circuits \((\mathbf{I }^n)_{n \in \mathbb{N }}\) are computed by a recursive function in COQ.

figurea4
figurea5

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Briais, S., Danger, JL. & Guilley, S. A formal study of two physical countermeasures against side channel attacks. J Cryptogr Eng 3, 169–180 (2013). https://doi.org/10.1007/s13389-013-0054-6

Download citation

Keywords

  • Side-channel attacks
  • Implementation-level countermeasures
  • Dual-rail with precharge logics
  • WDDL
  • BCDL
  • Formal proof
  • COQ