Skip to main content
Top
Published in: Journal of Cryptographic Engineering 3/2014

01-09-2014 | Special Section on Proofs 2013

Understanding the limitations and improving the relevance of SPICE simulations in side-channel security evaluations

Authors: Dina Kamel, Mathieu Renauld, Denis Flandre, François-Xavier Standaert

Published in: Journal of Cryptographic Engineering | Issue 3/2014

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

Simulation is a very powerful tool for hardware designers. It generally allows the preliminary evaluation of a chip’s performance before its final tape out. As security against side-channel attacks is an increasingly important issue for cryptographic devices, simulation also becomes a desirable option for preliminary evaluation in this case. However, its relevance highly depends on the proper modeling of all the attack peculiarities. For example, several works in the literature directly exploit SPICE-like simulations without considering measurement peripherals. But the outcome of such analyses may be questionable, as witnessed by the recent results of Renauld et al. at CHES 2011, which showed how far the power traces of an AES S-box implemented using a dynamic and differential logic style fabricated in 65nm CMOS can lie from their post-layout simulations. One important difference was found in the linear dependencies between the (simulated and actual) traces and the S-box input/output bits. While simulations exhibited highly non-linear traces, actual measurements were much more linear. As linearity is a crucial parameter for the application of non-profiled side-channel attacks (which are only possible under the assumption of “sufficiently linear leakages”), this observation motivated us to study the reasons of such differences. Consequently, this work discusses the relevance of simulation in security evaluations, and highlights its dependency on the proper modeling of measurement setups. For this purpose, we present a generic approach to build an adequate model to represent measurement artifacts, based upon real data from equipment providers for our AES S-box case study. Next, we illustrate the transformation of simulated leakages, from highly non-linear to reasonably linear, exploiting our model and regression-based side-channel analysis. While improving the relevance of simulations in security evaluations, our results also raise doubts regarding the possibility to design dual-rail implementations with highly non-linear leakages.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Footnotes
1
The noise-freeness naturally depends on the sampling, but in view of our low-noise measurements, we were able to extract well estimated means in our experiments.
 
2
Gaussian noise is added to the simulated traces in a post processing step assuming the noise-free simulated traces to provide the means of our leakages.
 
3
Strictly speaking, there are \(256^2\) transitions that could be considered. To reduce the cost of our analysis, we only considered transitions between 0 and a value between 0 and 255. From past experiments, we do not expect this restriction to have a strong impact on our conclusions, in particular for the part related to the leakages linearity.
 
4
Models for the package [19] and QFP socket [3] do not exactly correspond to our setup (e.g. they differ in pin count)—but were the only publicly available ones.
 
Literature
1.
go back to reference Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Cryptographic Hardware and Embedded Systems—CHES 2004: 6th International Workshop Cambridge, MA, USA, August 11–13, 2004. Proceedings, Lecture Notes in Computer Science, vol. 3156, pp. 16–29. Springer (2004). doi:10.1007/978-3-540-28632-5_2 Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Cryptographic Hardware and Embedded Systems—CHES 2004: 6th International Workshop Cambridge, MA, USA, August 11–13, 2004. Proceedings, Lecture Notes in Computer Science, vol. 3156, pp. 16–29. Springer (2004). doi:10.​1007/​978-3-540-28632-5_​2
2.
go back to reference Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Proceedings of Cryptographic Hardware and Embedded Systems, CHES, pp. 13–28 (2002) Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Proceedings of Cryptographic Hardware and Embedded Systems, CHES, pp. 13–28 (2002)
3.
go back to reference Giga Test Labs: ARIES Electronics 64 Pin QFP (0.55 mm) Test Socket, Electrical Characterisation 0.05–3.05 GHz. Characterisation report (1997) Giga Test Labs: ARIES Electronics 64 Pin QFP (0.55 mm) Test Socket, Electrical Characterisation 0.05–3.05 GHz. Characterisation report (1997)
4.
go back to reference Hassoune, I., Macé, F., Flandre, D., Legat, J.D.: Dynamic differential self-timed logic families for robust and low-power security ICs. Integration 40(3), 355–364 (2007) Hassoune, I., Macé, F., Flandre, D., Legat, J.D.: Dynamic differential self-timed logic families for robust and low-power security ICs. Integration 40(3), 355–364 (2007)
5.
go back to reference Iokibe, K., Amano, T., Okamoto, K., Toyota, Y.: Equivalent circuit modeling of cryptographic integrated circuit for information security design. Electromagn. Compat. IEEE Trans. 55(3), 581–588 (2013). doi:10.1109/TEMC.2013.2250505 CrossRef Iokibe, K., Amano, T., Okamoto, K., Toyota, Y.: Equivalent circuit modeling of cryptographic integrated circuit for information security design. Electromagn. Compat. IEEE Trans. 55(3), 581–588 (2013). doi:10.​1109/​TEMC.​2013.​2250505 CrossRef
6.
go back to reference Iokibe, K., Higashi, R., Tsuda, T., Ichikawa, K., Nakamura, K., Toyota, Y., Koga, R.: Modeling of microcontroller with multiple power supply pins for conducted emi simulations. In: Advanced Packaging and Systems Symposium, 2008. EDAPS 2008. Electrical Design of, pp. 135–138 (2008). doi:10.1109/EDAPS.2008.4736018 Iokibe, K., Higashi, R., Tsuda, T., Ichikawa, K., Nakamura, K., Toyota, Y., Koga, R.: Modeling of microcontroller with multiple power supply pins for conducted emi simulations. In: Advanced Packaging and Systems Symposium, 2008. EDAPS 2008. Electrical Design of, pp. 135–138 (2008). doi:10.​1109/​EDAPS.​2008.​4736018
8.
go back to reference Li, H., Markettos, A., Moore, S.: Security evaluation against electromagnetic analysis at design time. In: Rao, J., Sunar, B. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2005, Lecture Notes in Computer Science, pp. 280–292. Springer, Berlin (2005)CrossRef Li, H., Markettos, A., Moore, S.: Security evaluation against electromagnetic analysis at design time. In: Rao, J., Sunar, B. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2005, Lecture Notes in Computer Science, pp. 280–292. Springer, Berlin (2005)CrossRef
9.
go back to reference Macé, F., Standaert, F.X., Quisquater, J.J.: Information theoretic evaluation of side-channel resistant logic styles. In: Paillier, P., Verbauwhede, I. (eds.) CHES, Lecture Notes in Computer Science, pp. 427–442. Springer, Berlin (2007) Macé, F., Standaert, F.X., Quisquater, J.J.: Information theoretic evaluation of side-channel resistant logic styles. In: Paillier, P., Verbauwhede, I. (eds.) CHES, Lecture Notes in Computer Science, pp. 427–442. Springer, Berlin (2007)
10.
go back to reference Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks—Revealing the Secrets of Smart Cards. Springer, Berlin (2007)MATH Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks—Revealing the Secrets of Smart Cards. Springer, Berlin (2007)MATH
11.
go back to reference Mangard, S., Popp, T., Gammel, B.M.: Side-channel leakage of masked CMOS gates. In: Menezes, A. (ed.) CT-RSA, Lecture Notes in Computer Science, pp. 351–365. Springer, Berlin (2005) Mangard, S., Popp, T., Gammel, B.M.: Side-channel leakage of masked CMOS gates. In: Menezes, A. (ed.) CT-RSA, Lecture Notes in Computer Science, pp. 351–365. Springer, Berlin (2005)
13.
go back to reference Regazzoni, F., Cevrero, A., Standaert, F.X., Badel, S., Kluter, T., Brisk, P., Leblebici, Y., Lenne, P.: A design flow and evaluation framework for DPA-Resistant instruction set extensions. In: Clavier, C., Gaj, K. (eds.) CHES, Lecture Notes in Computer Science, pp. 205–219. Springer, Berlin (2009) Regazzoni, F., Cevrero, A., Standaert, F.X., Badel, S., Kluter, T., Brisk, P., Leblebici, Y., Lenne, P.: A design flow and evaluation framework for DPA-Resistant instruction set extensions. In: Clavier, C., Gaj, K. (eds.) CHES, Lecture Notes in Computer Science, pp. 205–219. Springer, Berlin (2009)
14.
go back to reference Regazzoni, F., Eisenbarth, T., Poschmann, A., Großschädl, J., Gürkaynak, F.K., Macchetti, M., Deniz, Z.T., Pozzi, L., Paar, C., Leblebici, Y., Ienne, P.: Evaluating resistance of mcml technology to power analysis attacks using a simulation-based methodology. Trans. Comput. Sci. 4, 230–243 (2009) Regazzoni, F., Eisenbarth, T., Poschmann, A., Großschädl, J., Gürkaynak, F.K., Macchetti, M., Deniz, Z.T., Pozzi, L., Paar, C., Leblebici, Y., Ienne, P.: Evaluating resistance of mcml technology to power analysis attacks using a simulation-based methodology. Trans. Comput. Sci. 4, 230–243 (2009)
15.
go back to reference Renauld, M., Kamel, D., Standaert, F.X., Flandre, D.: Information theoretic and security analysis of a 65-nanometer DDSLL AES S-Box. In: Proceedings of Cryptographic Hardware and Embedded Systems, CHES, pp. 223–239 (2011) Renauld, M., Kamel, D., Standaert, F.X., Flandre, D.: Information theoretic and security analysis of a 65-nanometer DDSLL AES S-Box. In: Proceedings of Cryptographic Hardware and Embedded Systems, CHES, pp. 223–239 (2011)
16.
go back to reference Renauld, M., Standaert, F.X., Veyrat-Charvillon, N., Kamel, D., Flandre, D.: A formal study of power variability issues and side-channel attacks for nanoscale devices. In: EUROCRYPT, pp. 109–128 (2011) Renauld, M., Standaert, F.X., Veyrat-Charvillon, N., Kamel, D., Flandre, D.: A formal study of power variability issues and side-channel attacks for nanoscale devices. In: EUROCRYPT, pp. 109–128 (2011)
17.
go back to reference Schindler, W., Lemke, K., Paar, C.: A stochastic model for differential side channel cryptanalysis. In: Proceedings of Cryptographic Hardware and Embedded Systems, CHES, Springer, LNCS 3659, pp. 30–46. Springer, Berlin (2005) Schindler, W., Lemke, K., Paar, C.: A stochastic model for differential side channel cryptanalysis. In: Proceedings of Cryptographic Hardware and Embedded Systems, CHES, Springer, LNCS 3659, pp. 30–46. Springer, Berlin (2005)
18.
go back to reference Standaert, F.X., Malkin, T.G., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques, EUROCRYPT, pp. 443–461. Springer, Berlin (2009). doi:10.1007/978-3-642-01001-9_26 Standaert, F.X., Malkin, T.G., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques, EUROCRYPT, pp. 443–461. Springer, Berlin (2009). doi:10.​1007/​978-3-642-01001-9_​26
19.
go back to reference Texas instruments: AN-1205 electrical performance of packages. Application report (2004). Texas instruments: AN-1205 electrical performance of packages. Application report (2004).
20.
go back to reference Tiri, K., Verbauwhede, I.: Simulation models for side-channel information leaks. In: Jr. Joyner, W.H., Martin, G., Kahng, A.B. (eds.) DAC, pp. 228–233. ACM, USA (2005) Tiri, K., Verbauwhede, I.: Simulation models for side-channel information leaks. In: Jr. Joyner, W.H., Martin, G., Kahng, A.B. (eds.) DAC, pp. 228–233. ACM, USA (2005)
21.
go back to reference Tiri, K., Verbauwhede, I.: A digital design flow for secure integrated circuits. IEEE Trans. CAD Integr. Circuits Syst. 25(7), 1197–1208 (2006)CrossRef Tiri, K., Verbauwhede, I.: A digital design flow for secure integrated circuits. IEEE Trans. CAD Integr. Circuits Syst. 25(7), 1197–1208 (2006)CrossRef
22.
go back to reference Veyrat-Charvillon, N., cois Xavier Standaert, F.: Generic side- channel distinguishers: Improvements and limitations. In: Advances in Cryptology—CRYPTO 2011–31st Annual Cryptology Conference, Lecture Notes in Computer Science, vol. 6841, p. 348. Springer, Berlin (2011) Veyrat-Charvillon, N., cois Xavier Standaert, F.: Generic side- channel distinguishers: Improvements and limitations. In: Advances in Cryptology—CRYPTO 2011–31st Annual Cryptology Conference, Lecture Notes in Computer Science, vol. 6841, p. 348. Springer, Berlin (2011)
23.
Metadata
Title
Understanding the limitations and improving the relevance of SPICE simulations in side-channel security evaluations
Authors
Dina Kamel
Mathieu Renauld
Denis Flandre
François-Xavier Standaert
Publication date
01-09-2014
Publisher
Springer Berlin Heidelberg
Published in
Journal of Cryptographic Engineering / Issue 3/2014
Print ISSN: 2190-8508
Electronic ISSN: 2190-8516
DOI
https://doi.org/10.1007/s13389-014-0080-z

Other articles of this Issue 3/2014

Journal of Cryptographic Engineering 3/2014 Go to the issue

Premium Partner