Weiwei Shan,Shuai Zhang,Jiaming Xu,Minyi Lu,Longxing Shi,Jun Yang

DOI: https://doi.org/10.1109/jssc.2019.2953855

IF: 5.4

2019-01-01

IEEE Journal of Solid-State Circuits

Abstract:Hardware countermeasure of side channel attack (SCA) becomes necessary to protect crypto circuits. Many countermeasures endured large area and power consumption. We propose a SCA-resistant methodology based on machine learning, which compensates the Hamming distance (HD) probability of the intermediate data directly. By making the HD probabilities unable to be distinguished from correct and incorrect sub-keys, it provides resistance to SCA. Optimum HD redistribution is obtained by a machine learning algorithm and then sent to the compensation circuit. Applied in an Advanced Encryption Standard (AES)-128 circuit, the whole compensated circuit is implemented on a 28-nm CMOS process. The experimental results show that it resists correlation-based SCA with 1.5 million traces, corresponding to 446 $\times $ improvements of measures to disclosure compared with a nonprotected AES circuit. In addition, it has no impact on the frequency and throughput rate, and its power overhead of 38% and area overhead of 36% are relatively low, making it suitable for resource-constrained encryption circuits.

Xinjie Zhao,Fan Zhang,Shize Guo,Tao Wang,Zhijie Shi,Huiying Liu,Keke Ji

DOI: https://doi.org/10.1007/978-3-642-29912-4_17

2012-01-01

Abstract:Algebraic side-channel attack (ASCA) is a powerful cryptanalysis technique different from conventional side-channel attacks. This paper studies ASCA from three aspects: enhancement, analysis and application. To enhance ASCA, we propose a generic method, called Multiple Deductions-based ASCA (MDASCA), to cope the multiple deductions caused by inaccurate measurements or interferences. For the first time, we show that ASCA can exploit cache leakage models. We analyze the attacks and estimate the minimal amount of leakages required for a successful ASCA on AES under different leakage models. In addition, we apply MDASCA to attack AES on an 8-bit microcontroller under Hamming weight leakage model, on two typical microprocessors under access driven cache leakage model, and on a 32-bit ARM microprocessor under trace driven cache leakage model. Many better results are achieved compared to the previous work. The results are also consistent with the theoretical analysis. Our work shows that MDASCA poses great threats with its excellence in error tolerance and new leakage model exploitation.

Shize Guo,Xinjie Zhao,Fan Zhang,Tao Wang,Zhijie Jerry Shi,Francois-Xavier Standaert,Chujiao Ma

DOI: https://doi.org/10.1109/tifs.2014.2315534

IF: 7.231

2014-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Algebraic side-channel attack (ASCA) is a typical technique that relies on a general solver to solve the equations of a cipher and its side-channel leaks. It falls under analytical side-channel attack and can recover the entire key at once. Many ASCAs are proposed against the AES, and they utilize the Grobner basis-based, SAT-based, or optimizer-based solver. The advantage of the general solver approach is its generic feature, which can be easily applied to different cryptographic algorithms. The disadvantage is that it is difficult to take into account the specialized properties of the targeted cryptographic algorithms. The results vary depending on what type of solver is used, and the time complexity is quite high when considering the error-tolerant attack scenarios. Thus, we were motivated to find a new approach that would lessen the influence of the general solver and reduce the time complexity of ASCA. This paper proposes a new analytical side-channel attack on AES by exploiting the incomplete diffusion feature in one AES round. We named our technique incomplete diffusion analytical side-channel analysis (IDASCA). Different from previous ASCAs, IDASCA adopts a specialized approach to recover the secret key of AES instead of the general solver. Extensive attacks are performed against the software implementation of AES on an 8-bit microcontroller. Experimental results show that: 1) IDASCA can exploit the side-channel leaks in all AES rounds using a single power trace; 2) it has less time complexity and more robustness than previous ASCAs, especially when considering the error-tolerant attack scenarios; and 3) it can calculate the reduced key search space of AES for the given amount of side-channel leaks. IDASCA can also interpret the mechanism behind previous ASCAs on AES from a quantitative perspective, such as why ASCA can work under unknown plaintext/ciphertext scenarios and what are the extreme cases in ASCAs.

Weiwei Shan,Shuai Zhang,Yukun He

DOI: https://doi.org/10.1049/el.2017.1460

2017-01-01

Electronics Letters

Abstract:Side channel analysis (SCA) is effective to reveal the key of crypto devices by applying statistical analysis to a number of power traces, thus hardware countermeasure is necessary to protect the crypto circuits. A SCA-resistance methodology by machine learning trained power compensation module is proposed to compensate the probability of hamming distance (HD) of the intermediate data directly, to make it unable to be distinguished from correct and incorrect sub-key, thus providing resistance to SCA. The machine learning algorithm is used to find out the best HD redistribution mapping by using neural dynamic programming. Implemented on an AES-128 encryption algorithm circuit on a Xilinx Spartan-6 FPGA mounted on a SAKURA-G board, experimental SCA results show that it can provide more than 200 x measures to disclosure and still has no sign to reveal the advanced encryption standard (AES) sub-key. In addition, it has low power and area overhead and zero frequency overhead, thus is appropriate for hardware implementation of SCA countermeasure.

Qihui Zhang,Tian Cao,Dunshan Yu,Xixin Cao,Xing Zhang,Yin Ye,Botao Chen

DOI: https://doi.org/10.1109/edssc.2015.7285157

2015-01-01

Abstract:AES has been widely used in current financial security application, but side-channel attacks are considered as serious threats to AES cryptographic algorithm. Asynchronous AES design will be a potential solution because of its natural properties. First, our asynchronous AES architecture, round key generation architecture and mix column calculation architecture are proposed. Then, properties of Balsa HDL are investigated and exploited to reduce area and power, followed by GTECH-based design flow is described. Finally, a VLSI implementation of our AES crypto-processor is carried out with TSMC 130 nm CMOS technology. Experimental results show that our proposed asynchronous AES architecture can respectively achieve 67.7% and 40% lower ciphering time and power delay product of its counterpart, and its area is only 7.3% and 15% of those reported in other papers. Moreover, it can be easily integrated into an asynchronous security chip.

Qi Chen,Dongyan Zhao,Liang Liu,Xuesong Yan,Yidong Yuan,Xige Zhang,Hongmei Wu,Zhe Wang

DOI: https://doi.org/10.1016/j.csi.2021.103569

IF: 3.721

2022-01-01

Computer Standards & Interfaces

Abstract:Side-channel attacks (SCAs) have become a significant threat nowadays to cryptographic devices, especially central processing units (CPUs). Based on the implementation of AES-128, the side-channel information leakage analysis is carried out in a 32-bit CPU microarchitecture in this work. Correlation power analysis (CPA) results show that it is obvious to reveal the secret key by using only 30 power traces based on the net-list simulation. Three flexibly configurable hardware-based countermeasures are proposed to prevent information leakage in the arithmetic and logic unit (ALU), register file (RF) and load/store unit (LSU), respectively, which are the most sensitive components according to our analysis. The proposed countermeasures have different protection effects on the CPU since the required trace number to reveal the secret key has increased from 30 to 100 similar to 120,000. Moreover, the anti-attack capability of the CPU is improved by 4000 times using the three countermeasures simultaneously. The proposed countermeasures can be freely combined while considering the CPU security and implementation overhead. In practice, the anti-attack capability of the CPU can be further improved when the proposed countermeasures are implemented in real-world measurements, because additional noise will be introduced during the measurements.

Xiangyu Li,Chaoqun Yang,Jiangsha Ma,Yongchang Liu,Shujuan Yin

DOI: https://doi.org/10.1109/tvlsi.2017.2752212

2017-01-01

IEEE Transactions on Very Large Scale Integration (VLSI) Systems

Abstract:Energy-efficient countermeasures to side-channel attacks are required for Internet of Things hardware. This paper proposes a special hiding technique for the substitution operation in block ciphers, which equalizes the power consumption of a circuit by appropriate feedforward compensation and is called power-aware hiding (PAH). A hybrid application configuration, in which PAH is applied to the S-boxes while the left linear operations are protected with a general masking method, is proposed as well. This solution not only has higher energy efficiency but can also be implemented automatically in a semicustom manner. The Advanced Encryption Standard VLSI adopting this solution was implemented and manufactured in 180-nm technology as a demonstration. The implementation issues regarding the countermeasures are discussed in this paper. Testing shows that the chip has a throughput up to 1.175 Gb/s with 18.1-mW power consumption and its number of measurements to disclosure is 13.4 million.

Weiwei Shan,Longxing Shi,Xingyuan Fu,Xiao Zhang,Chaoxuan Tian,Zhipeng Xu,Jun Yang,Jie Li

DOI: https://doi.org/10.1145/2593069.2593077

2014-01-01

Abstract:A side-channel analysis resistant reconfigurable cryptographic coprocessor is designed and fabricated in 0.18μm CMOS with 1.8V supply and 100MHz frequency, supporting multiple block cipher algorithms of AES, DES, RC6 and IDEA. Our countermeasure utilizes idle processing elements existed in reconfigurable array to do dummy operations to hide leakage information. This method has little impact on area and frequency, and it is flexible after silicon. It resists SPA and DPA without distinguishing the encryption region. And by correlation-based electromagnetic analysis, measurement to disclosure of DES enhances 36 times with partial countermeasures and AES discloses no subkey after more than one million electromagnetic traces with full countermeasures.

Weiwei Shan,Xingyuan Fu,Zhipeng Xu

DOI: https://doi.org/10.1109/tcad.2015.2419621

IF: 2.9

2015-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:A secure reconfigurable cryptographic co-processor supporting multiple algorithms of advanced encryption standard (AES), data encryption standard (DES), rivest cipher 6, and international data encryption algorithm is proposed using its own reconfigurable feature to resist side-channel attack (SCA). It is integrated into a system-on-chip and fabricated in 0.18 mu m CMOS process with 1.8 V supply voltage and 100 MHz max frequency. Several kinds of specific countermeasures are proposed to hide leakage information by utilizing idle reconfigurable processing elements to do dummy operations. Its advantages lie in its little impact on area and frequency as well as high flexibility after silicon that countermeasures can also be reconfigured. Furthermore, different protections including several kinds of global countermeasures and encryption flow related countermeasures can be stacked, thus the security level can be tuned by trading for some performance or power consumption. Experimental SCA attack results show that it resists simple power analysis and differential power analysis without revealing the subkey. For correlation-based electromagnetic analysis (EMA) of DES configuration, it increases 36x measure to disclosure when applied with partial countermeasures compared to unprotected DES. As to AES configuration with full countermeasures, it resists EMA with no sign to reveal the right subkey for up to 1.2 million electromagnetic traces.

Xiangyu Li,Pengyuan Jiao,Chaoqun Yang

DOI: https://doi.org/10.1088/1674-4926/42/3/032402

2021-01-01

Abstract:A side-channel attack (SCA)-resistant AES S-box implementation is proposed, which is an improvement from the power-aware hiding (PAH) S-box but with higher security and a smaller area. We use the composite field approach and apply the PAH method to the inversion in the nonlinear kernel and a masking method to the other parts. In addition, a delay-matched enable control technique is used to suppress glitches in the masked parts. The evaluation results show that its area is contracted to 63.3% of the full PAH S-box, and its power-delay product is much lower than that of the masking implementation. The leakage assessment using simulation power traces concludes that it has no detectable leakage under t-test and that it at least can thwart the moment-correlation analysis using 665 000 noiseless traces.

Yufeng Tang,Zheng Gong,Tao Sun,Jinhai Chen,Fan Zhang

DOI: https://doi.org/10.1007/978-3-030-88323-2_22

2021-01-01

Abstract:White-box block cipher (WBC) aims at protecting the secret key of a block cipher even if an adversary has full control over the implementations. At CHES 2016, Bos et al. proved that WBC are also threatened by side-channel analysis (SCA), e.g., differential fault analysis (DFA) and differential computation analysis (DCA). Therefore, advanced countermeasures have been proposed by Lee et al. for resisting DFA and DCA, such as table redundancy and improved masking methods, respectively. In this paper, we introduce a new adaptive side-channel analysis model which assumes that an adversary adaptively collects the intermediate values of a specific function and can mount the DFA/DCA attack with chosen inputs. In the adaptive SCA model, both theoretical analysis and experimental results show that Lee et al.’s proposed methods are vulnerable to DFA and DCA attacks. Moreover, a negative proposition is also demonstrated on the corresponding high-order countermeasures under our new model.

Xinchao Shang,Weiwei Shan,Xinning Liu

DOI: https://doi.org/10.1142/S0218126618501803

2018-01-01

Journal of Circuits Systems and Computers

Abstract:Nowadays, countermeasures against side-channel attack (SCA) have become necessary in hardware security. And the need for supporting multiple crypto algorithms on a chip is increasing. We propose a reconfigurable crypto coprocessor, which not only supports multiple crypto algorithms, but also provides multiple effective SCA countermeasures of SPA, DPA and EMA, by making use of its own reconfigurable features other than using extra resources. The countermeasure methods include several global and encryption flow related countermeasures, which can also be reconfigured along with the circuit function. This coprocessor is a coarse-grained reconfigurable architecture composed of several reconfigurable modules, such as logic arithmetic, shift, modular ADD/Substrate, permutation, S-box and modular multiplication units, all of which are reconfigurable. This reconfigurable cryptographic coprocessor is integrated into a system-on chip with a 32-bit CPU and fabricated in 0.18 m CMOS process with 1.8 V supply and 100 MHz maximum frequency. Experimental results show that it can successfully resist SPA and DPA with one million power traces. As for EMA, if we use full countermeasures, it can resist EMA with up to 1.2 million electromagnetic traces without revealing the right subkey. Thus, this reconfigurable coprocessor can provide a good solution for both supporting multiple algorithms and providing SCA resistance, with no frequency influence, neglectable area overhead and small power overhead.

Liguo Dong,Xinliang Ye,Libin Zhuang,Ruidian Zhan,M. Shamim Hossain

DOI: https://doi.org/10.1111/exsy.13664

IF: 3.3

2024-06-27

Expert Systems

Abstract:The threat of side‐channel attacks poses a significant risk to the security of cryptographic algorithms. To counter this threat, we have designed an AES system capable of defending against such attacks, supporting AES‐128, AES‐192, and AES‐256 encryption standards. In our system, the CPU oversees the AES hardware via the AHB bus and employs true random number generation to provide secure random inputs for computations. The hardware implementation of the AES S‐box utilizes complex domain inversion techniques, while intermediate data is shielded using full‐time masking. Furthermore, the system incorporates double‐path error detection mechanisms to thwart fault propagation. Our results demonstrate that the system effectively conceals key power information, providing robust resistance against CPA attacks, and is capable of detecting injected faults, thereby mitigating fault‐based attacks.

computer science, artificial intelligence, theory & methods

Takaya Kubota,Kota Yoshida,Mitsuru Shiozaki,Takeshi Fujino

DOI: https://doi.org/10.1016/j.micpro.2020.103383

IF: 3.503

2021-11-01

Microprocessors and Microsystems

Abstract:<p>In the field of image recognition, machine learning technologies, especially deep learning, have been rapidly advancing alongside the advances of hardware such as GPUs. In image recognition, in general, large numbers of labeled images to be identified are input to a neural network, and repeatedly learning the images enables the neural network to identify objects with high accuracy. A new profiling side-channel attack method, the deep learning side-channel attack (DL-SCA), utilizes the neural network's high identifying ability to unveil a cryptographic module's secret key from side-channel information. In DL-SCAs, the neural network is trained with power waveforms captured from a target cryptographic module, and the trained network extracts the leaky part that depends on the secret. However, at this stage, the main target of investigation has been software implementation, and studies regarding hardware implementation, such as ASIC, are somewhat lacking. In this paper, we first depict deep learning techniques, profiling side-channel attacks, and leak models to clarify the relation between secret and side channels. Next, we investigate the use of DL-SCA against hardware implementations of AES and discuss the problem derived from the Hamming distance model and ShiftRow operation of AES. To solve the problem, we propose a new network training method called "mixed model dataset based on round-round XORed value." We prove that our proposal solves the problem and gives the attack capability to neural networks. We also compare the attack performance and characteristics of DL-SCA to conventional analysis methods such as correlation power analysis and conventional template attack. In our experiment, a dedicated ASIC chip for side-channel analysis is utilized and the chip is also equipped with a side-channel countermeasure AES. We show how DL-SCA can recover secret keys against the side-channel countermeasure circuit. Our results demonstrate that DL-SCA can be a more powerful option against side-channel countermeasure implementations than conventional SCAs.</p>

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Xiaoyu Ma,Fan Zhang,Yan Han

DOI: https://doi.org/10.1088/1742-6596/2221/1/012047

2022-01-01

Abstract:Abstract An authenticated encryption chip with novel nonce generation circuit was developed. This circuit associates the nonce generation with the contents and receiving time of plaintext. It will also generate overlapping power compensation for the whole chip. The integrated chip was fabricated under SMIC 180nm technology. Under 1.8V VDD, 100MHz global clock, the power consumption is about 14mW within 50k gates. The test result exhibits more than 10 times the strength in resistance to side-channel attack than the unprotected version without increasing hardware cost.

ZENG Yong-hong,ZOU Xue-cheng,LIU Zheng-lin,LEI Jian-ming

DOI: https://doi.org/10.3969/j.issn.1004-3365.2007.04.034

IF: 1.992

2007-01-01

Microelectronics Journal

Abstract:S-box is the key step of hardware implementation of Advanced Encryption Standard(AES) and it consumes much of the total power for AES.A new architecture of asynchronous pipeline over composite field was proposed to reduce the total S-box power.In this implementation,level-sensitive latches were inserted in datapath to block the propagation of the dynamic hazards.The opens and closes of latches were controlled by the latch controller based on an asynchronous handshake element,H-element.The circuit was an ASIC based on 0.25 μm CMOS process.Layout simulation shows that the S-box circuit consumes less power than composite field S-box,whilst there is moderate area penalty.The proposed S-box circuit can be embedded in AES cryptographic engine for such applications as smart cards and wireless sensors network node chips.

Yidong Yuan,Qi Chen,Xuesong Yan,Lei Li,Liang Liu,Yiqiang Zhao

DOI: https://doi.org/10.1117/12.2642112

2022-01-01

Abstract:Side-channel attacks (SCAs) have become one of the main threats to encryption devices due to their low cost, short time, and strong attack capability. CPU is the core of encryption devices. Thus the resistance to SCAs of the CPU is essential for protecting encrypted information. Based on the register-transfer level (RTL) net-list simulation and CPA method, this paper carries out SCAs on the CPU running the AES-128 algorithm. A protection scheme based on random power consumption disturbance strategy is proposed. It uses register configuration to send random pseudo operation insertion requests to some idle modules inside the CPU at a certain frequency, thereby reducing the correlation between the power consumption and encrypted data. This paper innovatively analyses the effects of the number of randomly flipped modules and the insertion frequency of random pseudo operation on the CPU's resistance to SCAs. According to experimental results, when the CPU is not protected, only 30 power traces are able to reveal the correct key. The required trace number increases when the random power consumption disturbance strategy is applied. The anti-attack performance of the CPU is proportional to the number of randomly flipped idle modules, and approximately inversely proportional to the power consumption signal-to-noise ratio (SNR). Particularly, when all idle modules randomly flip at a frequency of 25%, the CPU’s anti-attack performance has been improved by 3700 times. The proposed protection scheme is simple, easy to implement and highly flexible, by taking the safety performance, power consumption, area and other factors into consideration.

Yi-cheng CHEN,Xue-cheng ZOU,Zheng-lin LIU,Xiao-fei CHEN,Yu HAN

DOI: https://doi.org/10.1016/s1005-8885(08)60087-4

2008-01-01

Abstract:It is an important challenge to implement a low- cost power analysis immune advanced encryption standard (AES) circuit. The previous study proves that substitution boxes (S-Boxes) in AES are prone to being attacked, and hard to mask for its non-linear characteristic. Besides, large amounts of circuit resources in chips and power consumption are spent in protecting S-Boxes against power analysis. Thus, a novel power analysis immune scheme is proposed, which divides the data-path of AES into two parts: inhomogeneous S-Boxes instead of fixed S-Boxes are selected randomly to disturb power and logic delay in the non-linear module; at the same time, the general masking strategy is applied in the linear part of AES. This improved AES circuit was synthesized with united microelectronics corporation (UMC) 0.25 μm 1.8 V complementary metal-oxide-semiconductor (CMOS) standard cell library, and correlation power analysis experiments were executed. The results demonstrate that this secure AES implementation has very low hardware cost and can enhance the AES security effectually against power analysis.

Junkai Liu,Shihui Zheng,Lize Gu

DOI: https://doi.org/10.1109/trustcom53373.2021.00081

2021-01-01

Abstract:Side-channel analysis (SCA) based on deep learning (DL) techniques have the benefit that they can disclose the secret key of protected block ciphers without preprocessing. But the size of convolutional neural network (CNN) architecture is so large that the training process is too time-consuming and the required number of traces for recovering secret key is too much. In this paper, we apply heatmap and SNR to reduce the number of parameters of our CNN architecture to 5,269,568 (i.e., one to tenth to the CNNbest). We also combine our CNN architecture with the multi-label classification and the transfer learning techniques to reduce the number of required traces. Consequently, two new CNN architectures are presented and validated on the public ASCAD dataset. The execution time of the training process approximates 15 minutes on average. The first CNN architecture can recover a key byte with only 30 synchronized traces. Combined with the transfer learning technique, the second CNN architecture requires 141 and 171 traces respectively in two different desynchronization cases. To our knowledge, for both synchronization and desynchronization cases, our analysis methods need the smallest amount of traces to extract a key byte.

Qian Zhang,Yongbin Zhou,Shuang Qiu,Wei Cheng,Jingdian Ming,Rui Zhang

DOI: https://doi.org/10.1109/iccd.2018.00087

2018-01-01

Abstract:Efficient cryptographic implementations with desired side-channel attacks (SCA) resistance are highly required, especially for those resources-constrained devices. In this paper, we propose a very compact AES hardware implementation scheme provably secure against 1st-order SCAs. Basically, our scheme is inspired by ideas of Redundant Tower Field (RTF for short) circuit due to Ueno et al. and of private circuits due to Ishai, Sahai and Wagner (ISW for short), and is therefore named ISW-RTF. In terms of security, practical attacks on real leakages from prototype implementation show that ISW-RTF scheme is secure against 1st-order attacks and 2nd-order zero-offset attacks as well. Results of t-test leakage detection of these leakages also verify this observation. In terms of efficiency, compared with the state-of-the-art 1st-order masking scheme, our scheme outperforms at least 55.08% decreases in area, and 34.87% decreases in area-time product on three popular FPGA/ASIC devices. To the best of our knowledge, the proposed ISW-RTF scheme is the most compact one provably secure against SCA.