ParTI – Towards Combined Hardware Countermeasures Against Side-Channel and Fault-Injection Attacks

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9815)

Abstract

Side-channel analysis and fault-injection attacks are known as major threats to any cryptographic implementation. Hardening cryptographic implementations with appropriate countermeasures is thus essential before they are deployed in the wild. However, countermeasures for both threats are of completely different nature: Side-channel analysis is mitigated by techniques that hide or mask key-dependent information while resistance against fault-injection attacks can be achieved by redundancy in the computation for immediate error detection. Since already the integration of any single countermeasure in cryptographic hardware comes with significant costs in terms of performance and area, a combination of multiple countermeasures is expensive and often associated with undesired side effects.

In this work, we introduce a countermeasure for cryptographic hardware implementations that combines the concept of a provably-secure masking scheme (i.e., threshold implementation) with an error detecting approach against fault injection. As a case study, we apply our generic construction to the lightweight LED cipher. Our LED instance achieves first-order resistance against side-channel attacks combined with a fault detection capability that is superior to that of simple duplication for most error distributions at an increased area demand of 12 %.

References

  1. 1.
    Side-channel attack user reference architecture. http://satoh.cs.uec.ac.jp/SAKURA/index.html
  2. 2.
    Bertoni, G., Breveglieri, L., Koren, I., Maistri, P., Piuri, V.: Error analysis and detection procedures for a hardware implementation of the advanced encryption standard. IEEE Trans. Comput. 52(4), 492–505 (2003)CrossRefGoogle Scholar
  3. 3.
    Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  4. 4.
    Bilgin, B., Daemen, J., Nikov, V., Nikova, S., Rijmen, V., Van Assche, G.: Efficient and first-order DPA resistant implementations of keccak. In: Francillon, A., Rohatgi, P. (eds.) CARDIS 2013. LNCS, vol. 8419, pp. 187–199. Springer, Heidelberg (2014)Google Scholar
  5. 5.
    Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., Rijmen, V.: A more efficient AES threshold implementation. In: Pointcheval, D., Vergnaud, D. (eds.) AFRICACRYPT 2014. LNCS, vol. 8469, pp. 267–284. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  6. 6.
    Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., Rijmen, V.: Higher-order threshold implementations. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014, Part II. LNCS, vol. 8874, pp. 326–343. Springer, Heidelberg (2014)Google Scholar
  7. 7.
    Bilgin, B., Nikova, S., Nikov, V., Rijmen, V., Stütz, G.: Threshold implementations of all \(3{\times }3\) and \(4 {\times }4\) S-boxes. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 76–91. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  8. 8.
    Bilgin, B., Nikova, S., Nikov, V., Rijmen, V., Tokareva, N., Vitkup, V.: Threshold implementations of small S-boxes. Crypt. Commun. 7(1), 3–33 (2015)MathSciNetCrossRefMATHGoogle Scholar
  9. 9.
    Blahut, R.E.: Algebraic Codes for Data Transmission. Cambridge University Press, Cambridge (2003)CrossRefMATHGoogle Scholar
  10. 10.
    Bogdanov, A.A., et al.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  11. 11.
    Bringer, J., Carlet, C., Chabanne, H., Guilley, S., Maghrebi, H.: Orthogonal direct sum masking. In: Naccache, D., Sauveron, D. (eds.) WISTP 2014. LNCS, vol. 8501, pp. 40–56. Springer, Heidelberg (2014)Google Scholar
  12. 12.
    Bringer, J., Chabanne, H., Le, T.: Protecting AES against side-channel analysis using wire-tap codes. J. Cryptographic Eng. 2(2), 129–141 (2012)CrossRefGoogle Scholar
  13. 13.
    Clavier, C., Feix, B., Gagnerot, G., Roussellet, M.: Passive and active combined attacks on AES—combining fault attacks and side channel analysis. In: FDTC, pp. 10–19. IEEE Computer Society (2010)Google Scholar
  14. 14.
    Cooper, J., Demulder, E., Goodwill, G., Jaffe, J., Kenworthy, G., Rohatgi, P.: Test Vector Leakage Assessment (TVLA) methodology in practice. In: International Cryptographic Module Conference (2013)Google Scholar
  15. 15.
    Dassance, F., Venelli, A.: Combined fault and side-channel attacks on the AES key schedule. In: FDTC, pp. 63–71. IEEE Computer Society (2012)Google Scholar
  16. 16.
    De Cnudde, T., Bilgin, B., Reparaz, O., Nikov, V., Nikova, S.: Higher-order threshold implementation of the AES S-box. In: CARDIS 2015 (2015)Google Scholar
  17. 17.
    Gierlichs, B., Schmidt, J.-M., Tunstall, M.: Infective computation and dummy rounds: fault protection for block ciphers without check-before-output. In: Hevia, A., Neven, G. (eds.) LatinCrypt 2012. LNCS, vol. 7533, pp. 305–321. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  18. 18.
    Goodwill, G., Jun, B., Jaffe, J., Rohatgi, P.: A testing methodology for side channel resistance validation. In: NIST Non-invasive Attack Testing Workshop (2011)Google Scholar
  19. 19.
    Guo, J., Peyrin, T., Poschmann, A., Robshaw, M.: The LED block cipher. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 326–341. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  20. 20.
    Guo, X., Mukhopadhyay, D., Jin, C., Karri, R.: Security analysis of concurrent error detection against differential fault analysis. J. Cryptographic Eng. 5(3), 153–169 (2015)CrossRefGoogle Scholar
  21. 21.
    Karpovsky, M.G., Kulikowski, K.J., Taubin, A.: Differential fault analysis attack resistant architectures for the advanced encryption standard. In: Quisquater, J.-J., Paradinas, P., Deswarte, Y., El Kalam, A.A. (eds.) CARDIS. IFIP, vol. 153, pp. 177–192. Kluwer/Springer, USA (2004)Google Scholar
  22. 22.
    Karpovsky, M.G., Kulikowski, K.J., Taubin, A.: Robust protection against fault-injection attacks on smart cards implementing the advanced encryption standard. In: DSN, pp. 93–101. IEEE Computer Society (2004)Google Scholar
  23. 23.
    Karri, R., Kuznetsov, G., Gössel, M.: Parity-based concurrent error detection of substitution-permutation network block ciphers. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 113–124. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  24. 24.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  25. 25.
    MacWilliams, F.J., Sloane, N.: The Theory of Error Correcting Codes. North-Holland Mathematical Library. North-Holland Publishing Co., New York (1977). Includes indexMATHGoogle Scholar
  26. 26.
    Mangard, S., Popp, T., Gammel, B.M.: Side-channel leakage of masked CMOS gates. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 351–365. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  27. 27.
    Mangard, S., Pramstaller, N., Oswald, E.: Successfully attacking masked AES hardware implementations. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 157–171. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  28. 28.
    Moradi, A.: Wire-tap codes as side-channel countermeasure — an FPGA-based experiment. In: Meier, W., Mukhopadhyay, D. (eds.) INDOCRYPT 2014. LNCS, vol. 8885, pp. 341–359. Springer, Switzerland (2014)Google Scholar
  29. 29.
    Moradi, A., Poschmann, A., Ling, S., Paar, C., Wang, H.: Pushing the limits: a very compact and a threshold implementation of AES. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 69–88. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  30. 30.
    Moradi, A., Schneider, T.: Side-channel analysis protection and low-latency in action - case study of PRINCE and Midori. Cryptology ePrint Archive, Report 2016/481 (2016). http://eprint.iacr.org/
  31. 31.
    Moradi, A., Wild, A.: Assessment of hiding the higher-order leakages in hardware. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 453–474. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  32. 32.
    Nikova, S., Rechberger, C., Rijmen, V.: Threshold implementations against side-channel attacks and glitches. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 529–545. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  33. 33.
    Nikova, S., Rijmen, V., Schläffer, M.: Secure hardware implementation of nonlinear functions in the presence of glitches. J. Cryptology 24(2), 292–321 (2011)MathSciNetCrossRefMATHGoogle Scholar
  34. 34.
    NIST: FIPS PUB 197: advanced encryption standard, 14 June 2016. http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
  35. 35.
    Patranabis, S., Chakraborty, A., Nguyen, P.H., Mukhopadhyay, D.: A biased fault attack on the time redundancy countermeasure for AES. In: Mangard, S., Poschmann, A.Y. (eds.) COSADE 2015. LNCS, vol. 9064, pp. 189–203. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  36. 36.
    Poschmann, A., Moradi, A., Khoo, K., Lim, C., Wang, H., Ling, S.: Side-channel resistant crypto for less than 2,300 GE. J. Cryptology 24(2), 322–345 (2011)MathSciNetCrossRefMATHGoogle Scholar
  37. 37.
    Prouff, E., Roche, T.: Higher-order glitches free implementation of the AES using secure multi-party computation protocols. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 63–78. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  38. 38.
    Reparaz, O., Bilgin, B., Nikova, S., Gierlichs, B., Verbauwhede, I.: Consolidating masking schemes. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 764–783. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  39. 39.
    Roche, T., Lomné, V., Khalfallah, K.: Combined fault and side-channel attack on protected implementations of AES. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 65–83. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  40. 40.
    Roscian, C., Sarafianos, A., Dutertre, J., Tria, A.: Fault model analysis of laser-induced faults in SRAM memory cells. In: FDTC, pp. 89–98. IEEE Computer Society (2013)Google Scholar
  41. 41.
    Sasdrich, P., Moradi, A., Güneysu, T.: Affine equivalence and its application to tightening threshold implementations. In: Dunkelman, O., et al. (eds.) SAC 2015. LNCS, vol. 9566, pp. 263–276. Springer, Heidelberg (2016). doi:10.1007/978-3-319-31301-6_16. http://eprint.iacr.org/2015/749 CrossRefGoogle Scholar
  42. 42.
    Schneider, T., Moradi, A.: Leakage assessment methodology. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 495–513. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  43. 43.
    Schneider, T., Moradi, A., Güneysu, T.: Arithmetic addition over boolean masking. In: Malkin, T., et al. (eds.) ACNS 2015. LNCS, vol. 9092, pp. 559–578. Springer, Heidelberg (2015). doi:10.1007/978-3-319-28166-7_27 CrossRefGoogle Scholar
  44. 44.
    Shahverdi, A., Taha, M., Eisenbarth, T.: Silent simon: a threshold implementation under 100 slices. In: HOST 2015, pp. 1–6. IEEE (2015)Google Scholar
  45. 45.
    Sunar, B., Gaubatz, G., Savas, E.: Sequential circuit design for embedded cryptographic applications resilient to adversarial faults. IEEE Trans. Comput. 57(1), 126–138 (2008)MathSciNetCrossRefGoogle Scholar
  46. 46.
    Tiri, K., Verbauwhede, I.: A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation. In: DATE, pp. 246–251. IEEE Computer Society (2004)Google Scholar
  47. 47.
    Virtual Silicon Inc.: \(0.18\,\upmu \)m VIP Standard cell library tape out ready, part number: UMCL18G212T3, process: UMC logic \(0.18\,\upmu \)m Generic II technology: 0.18 \(\upmu \)m, July 2004Google Scholar
  48. 48.
    Xiaofei Guo, D.M., Karri, R.: Provably secure concurrent error detection against differential fault analysis. Cryptology ePrint Archive, Report 2012/552 (2012). http://eprint.iacr.org/

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  1. 1.Horst Görtz Institute for IT SecurityRuhr-Universität BochumBochumGermany
  2. 2.University of Bremen and DFKIBremenGermany

Personalised recommendations