Advertisement

Practical Attacks on Masked Hardware

  • Thomas Popp
  • Mario Kirschbaum
  • Stefan Mangard
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5473)

Abstract

In this paper we analyze recently introduced questions for masked logic styles in general and for one such logic style called MDPL in particular. The DPA resistance of MDPL suffers significantly from a problem called early propagation, which denotes a data-dependent time of evaluation of logic cells depending on input signal-delay differences. Experiments on a prototype chip show that in case of specific MDPL modules like the analyzed AES coprocessor, early propagation does not unconditionally break the DPA resistance of MDPL. Investigations indicate that this might be due to the regular structure of the particular MDPL circuit, which is assumed to cause only relatively “small” signal delay differences. Furthermore, in this article it is shown that the recently proposed, so-called PDF-attack could not be turned into a successful practical attack in our environment. Finally, the recently raised question whether MDPL has special requirements in terms of the generation of random mask bits or not is discussed theoretically.

Keywords

DPA-Resistant Masked Logic Styles MDPL Prototype Chip Hardware AES PDF-Attack PRNG 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Chen, Z., Zhou, Y.: Dual-Rail Random Switching Logic: A Countermeasure to Reduce Side Channel Leakage. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 242–254. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  2. 2.
    Coron, J.-S., Kocher, P.C., Naccache, D.: Statistics and Secret Leakage. In: Frankel, Y. (ed.) FC 2000. LNCS, vol. 1962, pp. 157–173. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Gierlichs, B.: DPA-Resistance Without Routing Constraints? In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 107–120. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  4. 4.
    Golić, J.D., Menicocci, R.: Universal Masking on Logic Gate Level. IEE Electronic Letters 40(9), 526–527 (2004)CrossRefGoogle Scholar
  5. 5.
    Lin, K.J., Fang, S.C., Yang, S.H., Lo, C.C.: Overcoming Glitches and Dissipation Timing Skews in Design of DPA-Resistant Cryptographic Hardware. In: Lauwereins, R., Madsen, J. (eds.) 2007 Design, Automation and Test in Europe Conference and Exposition (DATE 2007), Nice, France, April 16-20, 2007, pp. 1265–1270. ACM Press, New York (2007)Google Scholar
  6. 6.
    Mangard, S., Aigner, M., Dominikus, S.: A Highly Regular and Scalable AES Hardware Architecture. IEEE Transactions on Computers 52(4), 483–491 (2003)CrossRefGoogle Scholar
  7. 7.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks – Revealing the Secrets of Smart Cards. Springer, Heidelberg (2007)zbMATHGoogle Scholar
  8. 8.
    Mangard, S., Popp, T., Gammel, B.M.: Side-Channel Leakage of Masked CMOS Gates. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 351–365. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Mangard, S., Schramm, K.: Pinpointing the Side-Channel Leakage of Masked AES Hardware Implementations. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 76–90. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  10. 10.
    Moradi, A., Salmasizadeh, M., Shalmani, M.T.M.: Power Analysis Attacks on MDPL and DRSL Implementations. In: Nam, K.-H., Rhee, G. (eds.) ICISC 2007. LNCS, vol. 4817, pp. 259–272. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  11. 11.
    Popp, T., Kirschbaum, M., Zefferer, T., Mangard, S.: Evaluation of the Masked Logic Style MDPL on a Prototype Chip. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 81–94. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  12. 12.
    Popp, T., Mangard, S.: Masked Dual-Rail Pre-Charge Logic: DPA-Resistance without Routing Constraints. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 172–186. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  13. 13.
    Schaumont, P., Tiri, K.: Masking and Dual-Rail Logic Dont Add Up. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 95–106. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  14. 14.
    Suzuki, D., Saeki, M.: Security Evaluation of DPA Countermeasures Using Dual-Rail Pre-charge Logic Style. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 255–269. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Suzuki, D., Saeki, M., Ichikawa, T.: DPA Leakage Models for CMOS Logic Circuits. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 366–382. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  16. 16.
    Suzuki, D., Saeki, M., Ichikawa, T.: Random Switching Logic: A New Countermeasure against DPA and Second-Order DPA at the Logic Level. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences E90-A(1), 160–168 (2007)CrossRefGoogle Scholar
  17. 17.
    Tiri, K., Schaumont, P.: Changing the Odds against Masked Logic. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 134–146. Springer, Heidelberg (2007), http://rijndael.ece.vt.edu/schaum/papers/2006sac.pdf CrossRefGoogle Scholar
  18. 18.
    Trichina, E., Korkishko, T., Lee, K.-H.: Small Size, Low Power, Side Channel-Immune AES Coprocessor: Design and Synthesis Results. In: Dobbertin, H., Rijmen, V., Sowa, A. (eds.) AES 2005. LNCS, vol. 3373, pp. 113–127. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  19. 19.
    Wolkerstorfer, J., Oswald, E., Lamberger, M.: An ASIC implementation of the AES SBoxes. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 67–78. Springer, Heidelberg (2002)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Thomas Popp
    • 1
  • Mario Kirschbaum
    • 1
  • Stefan Mangard
    • 2
  1. 1.Institute for Applied Information Processing and Communications (IAIK)Graz University of TechnologyGrazAustria
  2. 2.Infineon Technologies AGSecurity InnovationNeubibergGermany

Personalised recommendations