Lightweight Cryptography and DPA Countermeasures: A Survey

  • Amir Moradi
  • Axel Poschmann
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6054)

Abstract

The dawning Ubiquitous Computing age demands a new attacker model for the myriads of pervasive computing devices used: since a potentially malicious user is in full control over the pervasive device, additionally to the cryptographic attacks the whole field of physical attacks has to be considered. Most notably are here so-called side channel attacks, such as Differential Power Analysis (DPA) attacks. At the same time, the deployment of pervasive devices is strongly cost-driven, which prohibits expensive countermeasures. In this article we survey a broad range of countermeasures and discuss their suitability for ultra-constrained devices, such as passive RFID-tags. We conclude that adiabatic logic countermeasures, such as 2N-2N2P and SAL, seem to be promising candidates, because they increase the resistance against DPA attacks while at the same time lowering the power consumption of the pervasive device.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Keeloq Algorithm (November 2006), http://en.wikipedia.org/wiki/KeeLoq
  2. 2.
    Akkar, M., Giraud, C.: An Implementation of DES and AES Secure against Some Attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 309–318. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Bogdanov, A., Leander, G., Knudsen, L., Paar, C., Poschmann, A., Robshaw, M., Seurin, Y., Vikkelsoe, C.: PRESENT - An Ultra-Lightweight Block Cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  4. 4.
    Brier, E., Clavier, C., Olivier, F.: Correlation Power Analysis with a Leakage Model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)Google Scholar
  5. 5.
    Canright, D., Batina, L.: A Very Compact “Perfectly Masked” S-Box for AES. In: Bellovin, S.M., Gennaro, R., Keromytis, A.D., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 446–459. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  6. 6.
    Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., Shalmani, M.T.M.: On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoqCode Hopping Scheme. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 203–220. Springer, Heidelberg (2008)Google Scholar
  7. 7.
    Feldhofer, M., Wolkerstorfer, J., Rijmen, V.: AES Implementation on a Grain of Sand. IEE Proceedings on Information Security 152(1), 13–20 (2005)CrossRefGoogle Scholar
  8. 8.
    Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic Analysis: Concrete Results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 251–261. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. 9.
    Gierlichs, B.: DPA-Resistance Without Routing Constraints? – A Cautionary Note About MDPL Security. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 107–120. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  10. 10.
    Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual Information Analysis. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 426–442. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  11. 11.
    Herbst, C., Oswald, E., Mangard, S.: An AES Smart Card Implementation Resistant to Power Analysis Attacks. In: Zhou, J., Yung, M., Bao, F. (eds.) ACNS 2006. LNCS, vol. 3989, pp. 239–252. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  12. 12.
    Ishai, Y., Sahai, A., Wagner, D.: Private Circuits: Securing Hardware against Probing Attacks. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 463–481. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  13. 13.
    Coron, J.-S.: A New DPA Countermeasure Based on Permutation Tables. In: Ostrovsky, R., De Prisco, R., Visconti, I. (eds.) SCN 2008. LNCS, vol. 5229, pp. 278–292. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  14. 14.
    Khatir, M., Moradi, A., Ejlali, A., Shalmani, M.T.M., Salmasizadeh, M.: A Secure and Low-Energy Logic Style using Charge Recovery Approach. In: SLPED 2008, pp. 259–264. ACM, New York (2008)Google Scholar
  15. 15.
    Kocher, P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  16. 16.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  17. 17.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, Heidelberg (2007)MATHGoogle Scholar
  18. 18.
    Mangard, S., Popp, T., Gammel, B.M.: Side-Channel Leakage of Masked CMOS Gates. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 351–365. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  19. 19.
    Mangard, S., Pramstaller, N., Oswald, E.: Successfully Attacking Masked AES Hardware Implementations. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 157–171. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  20. 20.
    Mentens, N., Gierlichs, B., Verbauwhede, I.: Power and Fault Analysis Resistance in Hardware through Dynamic Reconfiguration. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 346–362. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  21. 21.
    Moradi, A., Eisenbarth, T., Poschmann, A., Rolfes, C., Paar, C., Shalmani, M.T.M., Salmasizadeh, M.: Information Leakage of Flip-Flops in DPA-Resistant Logic Styles. Cryptology ePrint Archive, Report 2008/188 (2008), http://eprint.iacr.org/
  22. 22.
    Moradi, A., Khatir, M., Salmasizadeh, M., Shalmani, M.M.: Charge Recovery Logic as a Side Channel Attack Countermeasure. In: ISQED 2009, pp. 686–691 (2009)Google Scholar
  23. 23.
    Moradi, A., Salmasizadeh, M., Shalmani, M.T.M.: Power Analysis Attacks on MDPL and DRSL Implementations. In: Nam, K.-H., Rhee, G. (eds.) ICISC 2007. LNCS, vol. 4817, pp. 259–272. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  24. 24.
    Moradi, A., Shalmani, M.T.M., Salmasizadeh, M.: Dual-Rail Transition Logic: A Logic Style for Counteracting Power Analysis Attacks. Computers and Electrical Engineering 35(2), 359–369 (2009)MATHCrossRefGoogle Scholar
  25. 25.
    Mulder, E.D., Gierlichs, B., Preneel, B., Verbauwhede, I.: Practical DPA Attacks on MDPL. Cryptology ePrint Archive, Report 2009/231 (2009), http://eprint.iacr.org/
  26. 26.
    National Security Agency: TEMPEST: A Signal Problem. Cryptologic Spectrum 2(3) (1972) (declassified 2007) Google Scholar
  27. 27.
    Nikova, S., Rechberger, C., Rijmen, V.: Threshold Implementations Against Side-Channel Attacks and Glitches. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 529–545. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  28. 28.
    Nikova, S., Rijmen, V., Schläffer, M.: Secure Hardware Implementations of Non-Linear Functions in the Presence of Glitches. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 218–234. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  29. 29.
    Oswald, E., Mangard, S., Pramstaller, N., Rijmen, V.: A Side-Channel Analysis Resistant Description of the AES S-box. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 413–423. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  30. 30.
    Popp, T., Kirschbaum, M., Mangard, S.: Practical Attacks on Masked Hardware. In: Fischlin, M. (ed.) RSA Conference 2009. LNCS, vol. 5473, pp. 211–225. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  31. 31.
    Popp, T., Kirschbaum, M., Zefferer, T., Mangard, S.: Evaluation of the Masked Logic Style MDPL on a Prototype Chip. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 81–94. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  32. 32.
    Popp, T., Mangard, S.: Masked Dual-Rail Pre-charge Logic: DPA-Resistance without Routing Constraints. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 172–186. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  33. 33.
    Prouff, E., McEvoy, R.: First-Order Side-Channel Attacks on the Permutation Tables Countermeasure. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 81–96. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  34. 34.
    Rolfes, C., Poschmann, A., Leander, G., Paar, C.: Ultra-Lightweight Implementations for Smart Devices - Security for 1000 Gate Equivalents. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 89–103. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  35. 35.
    Saeki, M., Suzuki, D., Shimizu, K., Satoh, A.: A Design Methodology for a DPA-Resistant Cryptographic LSI with RSL Techniques. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 189–204. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  36. 36.
    Schaumont, P., Tiri, K.: Masking and Dual-Rail Logic Don’t Add Up. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 95–106. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  37. 37.
    Suzuki, D., Saeki, M.: Security Evaluation of DPA Countermeasures Using Dual-Rail Pre-charge Logic Style. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 255–269. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  38. 38.
    Suzuki, D., Saeki, M., Ichikawa, T.: Random Switching Logic: A Countermeasure against DPA based on Transition Probability. Cryptology ePrint Archive, Report 2004/346 (2004), http://eprint.iacr.org/
  39. 39.
    Suzuki, D., Saeki, M., Ichikawa, T.: DPA Leakage Models for CMOS Logic Circuits. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 366–382. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  40. 40.
    Suzuki, D., Saeki, M., Ichikawa, T.: Random Switching Logic: A New Countermeasure against DPA and Second-Order DPA at the Logic Level. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences E90-A(1), 160–168 (2007)CrossRefGoogle Scholar
  41. 41.
    Tillich, S., Herbst, C.: Attacking State-of-the-Art Software Countermeasures - A Case Study for AES. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 228–243. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  42. 42.
    Tiri, K., Akmal, M., Verbauwhede, I.: A Dynamic and Differential CMOS Logic with Signal Independent Power Consumption to Withstand Differential Power Analysis on Smart Cards. In: ESSCIRC 2002, pp. 403–406 (2002)Google Scholar
  43. 43.
    Tiri, K., Verbauwhede, I.: A Logic Level Design Methodology for a Secure DPA Resistant ASIC or FPGA Implementation. In: DATE 2004, pp. 246–251 (2004)Google Scholar
  44. 44.
    Trichina, E.: Combinational Logic Design for AES Subbyte Transformation on Masked Data, http://eprint.iacr.org/2003/236
  45. 45.
    Trichina, E., Korkishko, T., Lee, K.H.: Small Size, Low Power, Side Channel-Immune AES Coprocessor: Design and Synthesis Results. In: Dobbertin, H., Rijmen, V., Sowa, A. (eds.) AES 2005. LNCS, vol. 3373, pp. 113–127. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  46. 46.
    Virtual Silicon Inc. 0.18 μm VIP Standard Cell Library Tape Out Ready, Part Number: UMCL18G212T3, Process: UMC Logic 0.18 μm Generic II Technology: 0.18μm (July 2004)Google Scholar
  47. 47.
    Weiser, M.: The Computer for the 21st Century. ACM SIGMOBILE Mobile Computing and Communications Review 3(3), 3–11 (1999)CrossRefGoogle Scholar
  48. 48.
    Yang, S., Wolf, W., Vijaykrishnan, N., Serpanos, D.N., Xie, Y.: Power Attack Resistant Cryptosystem Design: A Dynamic Voltage and Frequency Switching Approach. In: DATE 2005, pp. 64–69. IEEE Computer Society, Los Alamitos (2005)Google Scholar
  49. 49.
    Zakeri, B., Salmasizadeh, M., Moradi, A., Tabandeh, M., Shalmani, M.: Compact and Secure Design of Masked AES S-Box. In: Qing, S., Imai, H., Wang, G. (eds.) ICICS 2007. LNCS, vol. 4861, pp. 216–229. Springer, Heidelberg (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Amir Moradi
    • 1
  • Axel Poschmann
    • 2
  1. 1.Horst Görtz Institute for IT SecurityRuhr University BochumGermany
  2. 2.Division of Mathematical Sciences, School of Physical and Mathematical SciencesNanyang Technological UniversitySingapore

Personalised recommendations