nach oben

Erschienen in:

2015 | OriginalPaper | Buchkapitel

Towards Evaluating DPA Countermeasures for Keccak K1012ECCAK on a Real ASIC

verfasst von : Michael Muehlberghuber, Thomas Korak, Philipp Dunst, Michael Hutter

Erschienen in: Constructive Side-Channel Analysis and Secure Design

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

We present Zorro, a taped-out ASIC hosting three distinct authenticated encryption architectures based on the SpongeWrap construction. All designs target resource-constrained environments such as smart cards or embedded devices and therefore, have been protected against DPA attacks while keeping low-area as the most important design goal in mind. Each of the three architectures contains masking and hiding countermeasures. They solely differ with regard to the implemented secret-sharing scheme. While the first design is based on a 3-share threshold implementation (TI), which does not fulfill the uniformity property, the other two make use of the 3-share approach with re-masking and the 4-share approach as proposed by Bilgin et al. Our smallest, provable first-order DPA secure Keccak implementation requires only 14.5 kGE (which is less than half of the size of related work) and contains both front-end and back-end design overheads. Moreover, we present first DPA results of the Zorro ASIC by comparing hiding and masking countermeasures. We were able to recover the cipherkey from a masking-secured TI implementation based on three shares with about 70 000 power traces.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Faster Mask Conversion with Lookup Tables

Nächstes Kapitel Side-Channel Security Analysis of Ultra-Low-Power FRAM-Based MCUs

This mode involves a secret key that needs to be protected against implementation attacks. It is used in, e.g., stream encryption or authenticated encryption modes.

Note that such numbers can vary significantly compared to the actual area figures of a finalized chip ready for tapeout, depending on the implemented design.

The confidence interval of the coefficient, where 99.99 % of all samples (4-\(\sigma \) border) are located in the normal distribution model for 1 000 traces, is about 0.12.

CAESAR: Competition for Authenticated Encryption: Security, Applicability, and Robustness, March 2013. http://competitions.cr.yp.to/caesar.html

Bertoni, G., Daemen, J., Debande, N., Le, T.-H., Peeters, M., Van Assche, G.: Power analysis of hardware implementations protected with secret sharing. Cryptology ePrint Archive: Report 2013/067, February 2013

Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Duplexing the sponge: single-pass authenticated encryption and other applications. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 320–337. Springer, Heidelberg (2012) CrossRef

Bertoni, G., Daemen, J., Peeters, M., Assche, G.V., Keer, R.V.: Keccak Implementation Overview, May 2012. http://keccak.noekeon.org/Keccak-implementation-3.2.pdf (Version 3.2)

Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Sponge functions. In: ECRYPT Hash Workshop, Barcelona, Spain, 24–25 May 2007. http://sponge.noekeon.org/SpongeFunctions.pdf

G. Bertoni, J. Daemen, M. Peeters, and G. Van Assche. KECCAK specifications, Version 2, 10 September 2009. http://keccak.noekeon.org/Keccak-specifications-2.pdf

Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Building power analysis resistant implementations of keccak. In: 2nd SHA-3 Candidate Conference (2010)

Bilgin, B., Daemen, J., Nikov, V., Nikova, S., Rijmen, V., Van Assche, G.: Efficient and first-order DPA Resistant implementations of keccak. In: Francillon, A., Rohatgi, P. (eds.) CARDIS 2013. LNCS, vol. 8419, pp. 187–199. Springer, Heidelberg (2014)

Borisov, N., Goldberg, I., Wagner, D.: Intercepting mobile communications: the insecurity of 802.11. In: Naghshineh, M., Zorzi, M., (eds.) MobiCom 2001, pp. 180–189. ACM (2001)

10.

Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004) CrossRef

11.

Canvel, B., Hiltgen, A.P., Vaudenay, S., Vuagnoux, M.: Password interception in a SSL/TLS channel. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 583–599. Springer, Heidelberg (2003) CrossRef

12.

Gérard, B., Grosso, V., Naya-Plasencia, M., Standaert, F.-X.: Block ciphers that are easier to mask: how far can we go? In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 383–399. Springer, Heidelberg (2013) CrossRef

13.

Gilbert Goodwill, B.J., Jaffe, J., Rohatgi, P.: A testing methodology for side-channel resistance validation. In: NIST Non-invasive attack testing workshop (2011)

14.

Kavun, E.B., Yalcin, T.: A lightweight implementation of keccak hash function for radio-frequency identification applications. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 258–269. Springer, Heidelberg (2010) CrossRef

15.

Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)

16.

Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks - Revealing the Secrets of Smart Cards. Springer, New York (2007). ISBN 978-0-387-30857-9MATH

17.

Nikova, S., Rijmen, V., Schläffer, M.: Secure hardware implementation of non-linear functions in the presence of glitches. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 218–234. Springer, Heidelberg (2009) CrossRef

18.

Nikova, S., Rijmen, V., Schläffer, M.: Secure hardware implementation of nonlinear functions in the presence of glitches. J. Cryptology 24(2), 292–321 (2011)MathSciNetCrossRefMATH

19.

NIST. SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions (DRAFT FIPS PUB 202), May 2014

20.

Pessl, P., Hutter, M.: Pushing the limits of SHA-3 hardware implementations to fit on RFID. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 126–141. Springer, Heidelberg (2013) CrossRef

21.

Prouff, E., Rivain, M., Bévan, R.: Statistical analysis of second order differential power analysis. IEEE Trans. Comput. 58(6), 799–811 (2009)MathSciNetCrossRef

Titel: Towards Evaluating DPA Countermeasures for Keccak K1012ECCAK on a Real ASIC
verfasst von: Michael Muehlberghuber
Thomas Korak
Philipp Dunst
Michael Hutter
Verlag: Springer International Publishing
Buch: Constructive Side-Channel Analysis and Secure Design
Print ISBN: 978-3-319-21475-7

Electronic ISBN: 978-3-319-21476-4

Copyright-Jahr: 2015
DOI: https://doi.org/10.1007/978-3-319-21476-4_15

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner