QuadSeal: Quadruple Balancing to Mitigate Power Analysis Attacks with Variability Effects and Electromagnetic Fault Injection Attacks

ACM Trans. Design Autom. Electr. Syst. Pub Date : 2021-01-01 DOI:10.1145/3443706

Darshana Jayasinghe, A. Ignjatović, R. Ragel, Jude Angelo Ambrose, S. Parameswaran

{"title":"QuadSeal: Quadruple Balancing to Mitigate Power Analysis Attacks with Variability Effects and Electromagnetic Fault Injection Attacks","authors":"Darshana Jayasinghe, A. Ignjatović, R. Ragel, Jude Angelo Ambrose, S. Parameswaran","doi":"10.1145/3443706","DOIUrl":null,"url":null,"abstract":"Side channel analysis attacks employ the emanated side channel information to deduce the secret keys from cryptographic implementations by analyzing the power traces during execution or scrutinizing faulty outputs. To be effective, a countermeasure must remove or conceal as many as possible side channels. However, many of the countermeasures against side channel attacks are applied independently. In this article, the authors present a novel countermeasure (referred to as QuadSeal ) against Power Analysis Attacks and Electromagentic Fault Injection Attacks (FIAs), which is an extension of the work proposed in Reference [27]. The proposed solution relies on algorithmically balancing both Hamming distances and Hamming weights (where the bit transitions on the registers and gates are balanced, and the total number of 1s and 0s are balanced) by the use of four identical circuits with differing inputs and modified SubByte tables. By randomly rotating the four encryptions, the system is protected against variations, path imbalances, and aging effects. After generating the ciphertext, the output of each circuit is compared against each other to detect any fault injections or to correct the faulty ciphertext to gain reliability. The proposed countermeasure allows components to be switched off to save power or to run four executions in parallel for high performance when resistance against power analysis attacks is not of high priority, which is not available with the existing countermeasures (except software based where source code can be changed). The proposed countermeasure is implemented for Advanced Encryption Standard (AES) and tested against Correlation Power Analysis and Mutual Information Attacks attacks (for up to a million traces), and none of the secret keys was found even after one million power traces (the unprotected AES circuit is vulnerable for power analysis attacks within 5,000 power traces). A detection circuit (referred to as C-FIA circuit) is operated using the algorithmic redundancy presented in four circuits of QuadSeal to mitigate Electromagnetic Fault Injection Attacks. Using Synopsys PrimeTime, we measured the power dissipation of QuadSeal registers and XOR gates to test the effectiveness of Quadruple balancing methodology. We tested the QuadSeal countermeasure with C-FIA circuit against Differential Fault Analysis Attacks up to one million traces; no bytes of the secret key were found. This is the smallest known circuit that is capable of withstanding power-based side channel attacks when electromagnetic injection attack resistance, process variations, path imbalances, and aging effects are considered.","PeriodicalId":7063,"journal":{"name":"ACM Trans. Design Autom. Electr. Syst.","volume":"77 1","pages":"33:1-33:36"},"PeriodicalIF":0.0000,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Trans. Design Autom. Electr. Syst.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3443706","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Side channel analysis attacks employ the emanated side channel information to deduce the secret keys from cryptographic implementations by analyzing the power traces during execution or scrutinizing faulty outputs. To be effective, a countermeasure must remove or conceal as many as possible side channels. However, many of the countermeasures against side channel attacks are applied independently. In this article, the authors present a novel countermeasure (referred to as QuadSeal ) against Power Analysis Attacks and Electromagentic Fault Injection Attacks (FIAs), which is an extension of the work proposed in Reference [27]. The proposed solution relies on algorithmically balancing both Hamming distances and Hamming weights (where the bit transitions on the registers and gates are balanced, and the total number of 1s and 0s are balanced) by the use of four identical circuits with differing inputs and modified SubByte tables. By randomly rotating the four encryptions, the system is protected against variations, path imbalances, and aging effects. After generating the ciphertext, the output of each circuit is compared against each other to detect any fault injections or to correct the faulty ciphertext to gain reliability. The proposed countermeasure allows components to be switched off to save power or to run four executions in parallel for high performance when resistance against power analysis attacks is not of high priority, which is not available with the existing countermeasures (except software based where source code can be changed). The proposed countermeasure is implemented for Advanced Encryption Standard (AES) and tested against Correlation Power Analysis and Mutual Information Attacks attacks (for up to a million traces), and none of the secret keys was found even after one million power traces (the unprotected AES circuit is vulnerable for power analysis attacks within 5,000 power traces). A detection circuit (referred to as C-FIA circuit) is operated using the algorithmic redundancy presented in four circuits of QuadSeal to mitigate Electromagnetic Fault Injection Attacks. Using Synopsys PrimeTime, we measured the power dissipation of QuadSeal registers and XOR gates to test the effectiveness of Quadruple balancing methodology. We tested the QuadSeal countermeasure with C-FIA circuit against Differential Fault Analysis Attacks up to one million traces; no bytes of the secret key were found. This is the smallest known circuit that is capable of withstanding power-based side channel attacks when electromagnetic injection attack resistance, process variations, path imbalances, and aging effects are considered.

查看原文本刊更多论文

QuadSeal:四重平衡以减轻具有可变性效应的功率分析攻击和电磁故障注入攻击

侧信道分析攻击利用发射的侧信道信息，通过分析执行过程中的功率跟踪或仔细检查错误输出，从加密实现中推断出密钥。为了有效，对抗措施必须消除或隐藏尽可能多的侧信道。然而，许多对抗侧信道攻击的对策是独立应用的。在本文中，作者提出了一种新的对抗功率分析攻击和电磁故障注入攻击(FIAs)的对策(称为QuadSeal)，这是文献[27]中提出的工作的扩展。提出的解决方案依赖于算法平衡汉明距离和汉明权重(其中寄存器和门上的位转换是平衡的，并且1和0的总数是平衡的)，通过使用四个具有不同输入和修改的子字节表的相同电路。通过随机旋转四种加密，系统可以防止变化、路径不平衡和老化效应。生成密文后，对各电路的输出进行比较，检测是否有故障注入或对故障密文进行纠正，以获得可靠性。当对功率分析攻击的抵抗力不是高优先级时，建议的对策允许关闭组件以节省电源或并行运行四个执行以获得高性能，这在现有的对策中是不可用的(除了基于源代码可以更改的软件)。提出的对策是针对高级加密标准(AES)实施的，并针对相关功率分析和互信息攻击(高达一百万走线)进行了测试，即使在一百万走线之后也没有发现密钥(未受保护的AES电路容易受到5000个电源走线以内的功率分析攻击)。检测电路(称为C-FIA电路)使用四种QuadSeal电路中的算法冗余来运行，以减轻电磁故障注入攻击。使用Synopsys PrimeTime，我们测量了QuadSeal寄存器和XOR门的功耗，以测试四分量平衡方法的有效性。我们用C-FIA电路测试了QuadSeal对抗差分故障分析攻击，最多可达一百万道;没有找到密钥字节。处理步骤当考虑到电磁注入攻击阻力、工艺变化、路径不平衡和老化效应时，这是已知最小的能够承受基于功率的侧通道攻击的电路。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ACM Trans. Design Autom. Electr. Syst.

自引率

0.00%

发文量