谢满德,沈海斌,竺红卫

DOI: https://doi.org/10.3969/j.issn.1004-3365.2004.06.003

2004-01-01

Abstract:The fundamental principle of differential power analysis (DPA) attacks against universal cryptosystems and a particular theory of DPA attacks against data encryption standard (DES) algorithm are described in detail. An improved algorithm is proposed for DPA. Based on the analysis of noise characteristics of the power signals, an approach to modeling the signal-to-noise ratio (SNR) is proposed and corresponding theory is demonstrated. Finally, experimental results of the algorithm are presented.

Cong Chen,Xiangyu Li,Liji Wu,Xiangmin Zhang

DOI: https://doi.org/10.1109/ICSICT.2010.5667831

2010-01-01

Abstract:In this paper, an automatic general-purpose Differential Power Analysis (DPA) System for cryptographic devices is designed and implemented. This system aims at testing the security of cryptographic devices, e.g., Smart Card, FPGA and ASIC circuit against DPA attacks. To verify the effectiveness of the system, a DPA attack was successfully carried out by it on an AES cryptographic ASIC chip which had countermeasures implemented in it. The experimental results showed that the correct cipher key of this AES chip could be obtained during less than 3 hours of data processing time with at least 5000 power traces.

Yan Ting Ren,Li Ji Wu

DOI: https://doi.org/10.4028/www.scientific.net/amr.718-720.2376

2013-01-01

Advanced Materials Research

Abstract:In order to test the security of cryptographic devices against Side Channel Attacks (SCA), an automatic general-purpose power analysis system (TH-PAS-01) is designed and implemented. TH-PAS-01 is scalable and can be applied to many cryptographic devices when specific modules are installed. Using the system TH-PAS-01, correlation power analysis (CPA) are carried out on an AES chip under two working models: normal and shuffling mode. The security level of the countermeasure provided by the target chip is verified by TH-PAS-01. The experimental results show that the correct key of the AES chip is obtained with around 50,000 power traces when the chip was working under normal mode, while the whole key bits are not obtained with 960,000 power traces when the chip works under shuffling mode. The automatic general-purpose system TH-PAS-01 is feasible for security analysis on power analysis for cryptographic devices.

Qian Lei,Liji Wu,Shaohui Zhang,Xiangmin Zhang,Xiangyu Li,Liyang Pan,Zhimeng Dong

DOI: https://doi.org/10.1109/cis.2015.102

2015-01-01

Abstract:Side-channel analysis is becoming a major threat to the security chips of smart cards, including power analysis, electromagnetic analysis and fault injection. Based on software hardware co-design, we implemented a side-channel analysis platform covering CPA/DPA/TA/CA methods, which could effectively reveal the secret keys on security chips. Our work integrates power analysis, electromagnetic analysis and fault injection into single platform, which contains regular international cryptographic algorithm of AES/3DES/ RSA/ECC and China standard cryptographic algorithm of SM2/SM3/SM4. And a novel UML model for software implementation is proposed. Six smart card products with countermeasures have been analyzed on our platform, and all keys have been revealed successfully. Particularly, the key of a contactless smart card product was revealed by 350,000 power traces, and compared to the foreign report out of 1,000,000 power traces, we have about 65% increase on efficiency of revealing keys.

Weijia Wang,Yu Yu,François-Xavier Standaert,Junrong Liu,Zheng Guo,Dawu Gu,Francois-Xavier Standaert

DOI: https://doi.org/10.1109/tifs.2017.2787985

IF: 7.231

2018-05-01

IEEE Transactions on Information Forensics and Security

Abstract:Differential power analysis (DPA), as a very practical type of side-channel attacks, has been widely studied and used for the security analysis of cryptographic implementations. However, as the development of the chip industry leads to smaller technologies, the leakage of cryptographic implementations in nanoscale devices tends to be nonlinear (i.e., leakages of intermediate bits are no longer independent) and unpredictable. These phenomena make some existing side-channel attacks not perfectly suitable, i.e., decreasing their performance and making some common used prior power models (e.g., Hamming weight) to be much less respected in practice. To solve the above issues, we introduce the regularization process from statistical learning to the area of side-channel attack and propose the ridge-based DPA. We also apply the cross-validation technique to search for the most suitable value of the parameter for our new attack methods. In addition, we present theoretical analyses to deeply investigate the properties of ridge-based DPA for nonlinear leakages. We evaluate the performance of ridge-based DPA in both simulation-based and practical experiments, comparing to the state-to-the-art DPAs. The results confirm the theoretical analysis. Further, our experiments show the robustness of ridge-based DPA to cope with the difference between the leakages of profiling and exploitation power traces. Therefore, by showing a good adaptability to the leakage of the nanoscale chips, the ridge-based DPA is a good alternative to the state-to-the-art ones.

computer science, theory & methods,engineering, electrical & electronic

Huaxin Wang,Yiwen Gao,Yuejun Liu,Qian Zhang,Yongbin Zhou

DOI: https://doi.org/10.1186/s42400-024-00209-9

2024-06-05

Abstract:During the standardisation process of post-quantum cryptography, NIST encourages research on side-channel analysis for candidate schemes. As the recommended lattice signature scheme, CRYSTALS-Dilithium, when implemented on hardware, has seen limited research on side-channel analysis, and current attacks are incomplete or requires a substantial quantity of traces. Therefore, we conducted a more complete analysis to investigate the leakage of an FPGA implementation of CRYSTALS-Dilithium using the Correlation Power Analysis (CPA) method, where with a minimum of 70,000 traces partial private key coefficients can be recovered. Furthermore, we optimise the attack by extracting Point-of-Interests using known information due to parallelism (named CPA-PoI) and by iteratively utilising parallel leakages (named CPA-ITR). Our experimental results show that CPA-PoI reduces the number of traces by up to 16.67%, CPA-ITR by up to 25%, and both increase the number of recovered key coefficients by up to 55.17% and 93.10% using the same number of traces. They outperfom the CPA method. As a result, it suggests that the FPGA implementation of CRYSTALS-Dilithium is more vulnerable than thought before to side-channel analysis.

guoyu qian,ying zhou,yueying xing,yibo fan,yukiyasu tsunoo,satoshi goto

DOI: https://doi.org/10.1109/ASICON.2009.5351546

2009-01-01

Abstract:Research on Differential Power Analysis (DPA) is becoming more and more popular nowadays. Against different hardware, DPA attack will lead to different results, e.g. attack on FPGA is easy but on ASIC is relatively difficult. However, how could we draw the conclusion that we finish a successful attack? How to build the connection between result data and successful rate is a meaningful topic. Same data with different statistical processing method will lead to different results. In this paper, we focus on DPA attack against an ASIC implementation. We analyzed two current statistical methods, pointed out the limitations. Then, we proposed a weighted statistical analysis method. According to number of traces and repetitions, we adjust the weight value. Finally, we improved the accuracy and efficiency of DPA attack on ASIC by reducing the number of traces used in attack.

Jianwei Yang,Fan Dai,Jielin Wang,Jianmin Zeng,Zhang,Jun Han,Xiaoyang Zeng

DOI: https://doi.org/10.1587/elex.15.20180084

2018-01-01

IEICE Electronics Express

Abstract:Power analysis attacks are major concerns among all kinds of side channel attacks. This paper proposes three kinds of countermeasures for Differential Power Analysis (DPA) attacks by fully exploiting characteristics of a many-core processor: (1) Data-level parallelism, (2) Random Dynamic Task Scheduling (RDTS), and (3) Random Dynamic Adjustment (RDA), which combines RDTS, Random Dynamic Frequency Scaling (RDFS) and Random Dynamic Phase Adjustment (RDPA). For the first time these techniques are applied to a multicore processor from the perspective of secure system design. AES algorithm with mentioned countermeasures is implemented on an 8-core processor. Simulation results show that these countermeasures considerably improve the system security with little performance overhead.

Han Gan,Hongxin Zhang,Muhammad Saad Khan,Xueli Wang,Fan Zhang,Pengfei He

DOI: https://doi.org/10.1109/cc.2017.8068768

2017-01-01

China Communications

Abstract:Correlation power analysis (CPA) has become a successful attack method about crypto-graphic hardware to recover the secret keys. However, the noise influence caused by the random process interrupts (RPIs) becomes an important factor of the power analysis attack efficiency, which will cost more traces or attack time. To address the issue, an improved method about empirical mode decomposition (EMD) was proposed. Instead of restructuring the decomposed signals of intrinsic mode functions (IMFs), we extract a certain intrinsic mode function (IMF) as new feature signal for CPA attack. Meantime, a new attack assessment is proposed to compare the attack effectiveness of different methods. The experiment shows that our method has more excellent performance on CPA than others. The first and the second IMF can be chosen as two optimal feature signals in CPA. In the new method, the signals of the first IMF increase peak visibility by 64% than those of the tradition EMD method in the situation of non-noise. On the condition of different noise interference, the orders of attack efficiencies are also same. With external noise interference, the attack effect of the first IMF based on noise with 15dB is the best.

Wu Di,Cui Xiaoxin,Wei Wei,Li Rui,Yu Dunshan,Cui Xiaole

DOI: https://doi.org/10.1109/icsict.2012.6467785

2012-01-01

Abstract:Differential Power Analysis (DPA) is a powerful side channel attack method. Dual Rail Pre-charge Logic (DRP) is an effective circuit level DPA resistant countermeasure, however consumes more energy. Several adiabatic logic can resist differential power analysis attack while energy efficient. In this paper the comparison of DPA resistant ability for DRP logic and adiabatic logic will be presented and to make the comparison, a new criterion was introduced which could be used both for the DRP logic and adiabatic logic. Furthermore, the design issues for adiabatic logic will be discussed. Based on several standard cells and a full adder, the analysis results show that the ECRL logic has a good performance in DPA resistant ability (64%) as well as energy saving (83%).

Wenyi Tang,Song Jia,Yuan Wang

DOI: https://doi.org/10.1587/transele.e99.c.956

2016-01-01

IEICE Transactions on Electronics

Abstract:Side channel attacks (SCAs) on security devices have become a major concern for system security. Existing SCA countermeasures are costly in terms of area and power consumption. This paper presents a novel differential power analysis (DPA) countermeasure referred to as short-time three-phase single-rail precharge logic (STSPL). The proposed logic is based on a single-rail three-phase operation scheme providing effective DPA-resistance with low cost. In the scheme, a controller is inserted to discharge logic gates by reusing evaluation paths to achieve more balanced power consumption. This reduces the latency between different phases, increasing the difficult of the adversary to conduct DPA, compared with the state-of-the-art DPA-resistance logics. To verify the chip's power consumption in practice, a 4-bit ripple carry adder and a 4-bit inverter of AES-SBOX were implemented. The testing and simulation results of DPA attacks prove the security and efficiency of the proposed logic.

Wei Ge,Shenghua Chen,Benyu Liu,Min Zhu,Bo Liu

DOI: https://doi.org/10.1587/transinf.2019edp7308

2020-01-01

IEICE Transactions on Information and Systems

Abstract:Side-channel Attack, such as simple power analysis and differential power analysis (DPA), is an efficient method to gather the key, which challenges the security of crypto chips. Side-channel Attack logs the power trace of the crypto chip and speculates the key by statistical analysis. To reduce the threat of power analysis attack, an innovative method based on random execution and register randomization is proposed in this paper. In order to enhance ability against DPA, the method disorders the correspondence between power trace and operands by scrambling the data execution sequence randomly and dynamically and randomize the data operation path to randomize the registers that store intermediate data. Experiments and verification are done on the Sakura-G FPGA platform. The results show that the key is not revealed after even 2 million power traces by adopting the proposed method and only 7.23% slices overhead and 3.4% throughput rate cost is introduced. Compared to unprotected chip, it increases more than 4000x measure to disclosure.

Yufeng Tang,Zheng Gong,Tao Sun,Jinhai Chen,Fan Zhang

DOI: https://doi.org/10.1007/978-3-030-88323-2_22

2021-01-01

Abstract:White-box block cipher (WBC) aims at protecting the secret key of a block cipher even if an adversary has full control over the implementations. At CHES 2016, Bos et al. proved that WBC are also threatened by side-channel analysis (SCA), e.g., differential fault analysis (DFA) and differential computation analysis (DCA). Therefore, advanced countermeasures have been proposed by Lee et al. for resisting DFA and DCA, such as table redundancy and improved masking methods, respectively. In this paper, we introduce a new adaptive side-channel analysis model which assumes that an adversary adaptively collects the intermediate values of a specific function and can mount the DFA/DCA attack with chosen inputs. In the adaptive SCA model, both theoretical analysis and experimental results show that Lee et al.’s proposed methods are vulnerable to DFA and DCA attacks. Moreover, a negative proposition is also demonstrated on the corresponding high-order countermeasures under our new model.

Liu Lifei,Cui Xiaole,Ran Yalin,Cui Xiaoxin

DOI: https://doi.org/10.1109/ASICON.2015.7517206

2015-01-01

Abstract:Elliptic Curve Cryptosystem (ECC) is one of the most advantageous cryptosystems because of the shortened number of key bits when compared with RSA at the same security level. However, just as the other cryptosystems, ECC hardware is vulnerable to the side-channel analysis attacks which have been proposed. Power Analysis Attack (PA), as one of the most popular side-channel analysis attacks, is implemented easily, so more and more works concentrate on it. This work proposes a countermeasure to resist against Power Analysis. Then we design a unified hardware architecture which is multi-purpose and implementation to verify the effectiveness of the proposed method. The experiment results of FPGA verification platform show that the protected hardware can defend DPA with up to 105 measured power traces.

Nithyashankari Gummidipoondi Jayasankaran,Hao Guo,Satwik Patnaik,Jeyavijayan,Rajendran,Jiang Hu

2023-07-06

Abstract:The various benefits of multi-tenanting, such as higher device utilization and increased profit margin, intrigue the cloud field-programmable gate array (FPGA) servers to include multi-tenanting in their infrastructure. However, this property makes these servers vulnerable to power side-channel (PSC) attacks. Logic designs such as ring oscillator (RO) and time-to-digital converter (TDC) are used to measure the power consumed by security critical circuits, such as advanced encryption standard (AES). Firstly, the existing works require higher minimum traces for disclosure (MTD). Hence, in this work, we improve the sensitivity of the TDC-based sensors by manually placing the FPGA primitives inferring these sensors. This enhancement helps to determine the 128-bit AES key using 3.8K traces. Secondly, the existing defenses use ROs to defend against PSC attacks. However, cloud servers such as Amazon Web Services (AWS) block design with combinatorial loops. Hence, we propose a placement-based defense. We study the impact of (i) primitive-level placement on the AES design and (ii) additional logic that resides along with the AES on the correlation power analysis (CPA) attack results. Our results showcase that the AES along with filters and/or processors are sufficient to provide the same level or better security than the existing defenses.

Cryptography and Security

Ying Zhou,Guoyu Qian,Yueying Xing,Hongying Liu,Satoshi Goto,Yukiyasu Tsunoo

DOI: https://doi.org/10.1109/ISECS.2010.56

2010-01-01

Abstract:Advanced Encryption Standard (AES) is a widely used symmetric cryptographic algorithm. Differential power analysis attack (DPA) is a powerful side-channel attack method which has been successfully used to attack AES. As a lot of people focus on revealing the key, more and more people become interested in how to defend DPA attack. In this paper, we propose a method by adding a set of register and a random generator to defend DPA attack. The proposed method has been implemented on SASEBO board. It can process data with 2.56 Gbps at 200 MHz frequency. And we use the DPA attack to prove it can effectively defend the normal DPA attack.

Qi Chen,Dongyan Zhao,Liang Liu,Xuesong Yan,Yidong Yuan,Xige Zhang,Hongmei Wu,Zhe Wang

DOI: https://doi.org/10.1016/j.csi.2021.103569

IF: 3.721

2022-01-01

Computer Standards & Interfaces

Abstract:Side-channel attacks (SCAs) have become a significant threat nowadays to cryptographic devices, especially central processing units (CPUs). Based on the implementation of AES-128, the side-channel information leakage analysis is carried out in a 32-bit CPU microarchitecture in this work. Correlation power analysis (CPA) results show that it is obvious to reveal the secret key by using only 30 power traces based on the net-list simulation. Three flexibly configurable hardware-based countermeasures are proposed to prevent information leakage in the arithmetic and logic unit (ALU), register file (RF) and load/store unit (LSU), respectively, which are the most sensitive components according to our analysis. The proposed countermeasures have different protection effects on the CPU since the required trace number to reveal the secret key has increased from 30 to 100 similar to 120,000. Moreover, the anti-attack capability of the CPU is improved by 4000 times using the three countermeasures simultaneously. The proposed countermeasures can be freely combined while considering the CPU security and implementation overhead. In practice, the anti-attack capability of the CPU can be further improved when the proposed countermeasures are implemented in real-world measurements, because additional noise will be introduced during the measurements.

DENG Qiu-cheng,BAI Xue-fei,GUO Li,WANG Yao

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2011.02.034

2011-01-01

Abstract:In this paper,we described a differential power analysis attack on the Montgomery Ladder algorithm based on the finite field GF(2m).We first implemented the algorithm with Verilog HDL,and then synthesized it to the netlist using the Charted 0.35μm CMOS technology,thus we can get the power information accurately.We performed a ZEMD differential power analysis attack on this algorithm subsequently,and use the abscissa of P2,a variable of the Montgomery Ladder algorithm,as the intermediate variable to classify the power curves,the result shows that the Montgomery Ladder algorithm couldn′t resist the ZEMD differential power analysis attack.So the algorithm is not secure enough,we need to take some more protective measures in practice.

Yong Gu,Xu-guang Guan,Tong Zhou

DOI: https://doi.org/10.1109/asicon.2017.8252500

2017-01-01

Abstract:Differential power analysis is an effective way to crack the key of the cryptographic chip. The attacker can analyze the key by monitoring the power curve during the execution of their internal programs, which poses a serious threat to the security of the cryptographic device. In order to improve the capability of anti-power analysis of the cryptographic chip, a novel configurable current flattening circuit (CCFC) based on power balance principle is proposed. The circuit is independent of the cryptographic algorithm and does not affect the original design flow of the cryptographic chip. In this paper, the circuit is designed under the SMIC 65nm CMOS technology. The test results show that the circuit can work effectively over a wide frequency range, the flattened current value can be adjusted from 0 to 32mA, and the attenuation of current variations on the power supply can reach 96.2%.

Sulong Tang,Liji Wu,Xiangmin Zhang,Xingjun Wu,Beibei Wang

DOI: https://doi.org/10.1109/cis.2016.0055

2016-01-01

Abstract:SM4 is a 128-bit block cipher used in the WAPI (Wireless LAN Authentication and Privacy Infrastructure) standard for protecting data packets in WLAN. This paper proposes a novel method of CPA (Correlation Power Analysis) on SM4 based on chosen-plaintext. Using SM4 as target algorithm, Sakura-G FPGA board as hardware verification platform, we only collect 1000 power consumption waveforms to obtain the first round key of SM4 successfully, significantly lowering the number of power consumption waveforms used in regular CPA.