Abstract
Modern field programmable gate arrays (FPGAs) are power packed with features to facilitate designers. Availability of features like large block memory (BRAM), digital signal processing cores, and embedded CPU makes the design strategy of FPGAs quite different from ASICs. FPGAs are also widely used in security-critical applications where protection against known attacks is of prime importance. We focus on physical attacks that target physical implementations. To design countermeasures against such attacks, the strategy for FPGA designers should be different from that in ASIC. The available features should be exploited to design compact and strong countermeasures. In this article, we propose methods to exploit the BRAMs in FPGAs for designing compact countermeasures. Internal BRAM can be used to optimize intrinsic countermeasures such as masking and dual-rail logics, which otherwise have significant overhead (at least 2 × ) compared to unprotected ones. The optimizations are applied on a real AES-128 co-processor and tested for area overhead and resistance on Xilinx Virtex-5 chips. The presented masking countermeasure has an overhead of only 16% when applied on AES. Moreover, the dual-rail precharge logic (DPL) countermeasure has been optimized to pack the whole sequential part in the BRAM, hence enhancing the security. Proper robustness evaluations are conducted to analyze the optimization in terms of area and security.
- Altera. 2011. Stratix II Device Handbook, Volume 1. Retrieved April 8, 2015, from http://www.altera.com/literature/hb/stx2/stratix2_handbook.pdf.Google Scholar
- Shivam Bhasin, Sylvain Guilley, Annelie Heuser, and Jean-Luc Danger. 2013. From cryptography to hardware: Analyzing and protecting embedded Xilinx BRAM for cryptographic applications. Journal of Cryptographic Engineering 3, 4, 213--225.Google ScholarCross Ref
- Shivam Bhasin, Sylvain Guilley, Youssef Souissi, Tarik Graba, and Jean-Luc Danger. 2011. Efficient dual-rail implementations in FPGA using block RAMs. In Proceedings of ReConFig. IEEE, Los Alamitos, CA, 261--267. DOI:10.1109/ReConFig.2011.32 Google ScholarDigital Library
- Shivam Bhasin, Wei He, Sylvain Guilley, and Jean-Luc Danger. 2013. Exploiting FPGA block memories for protected cryptographic implementations. In Proceedings of ReCoSoC. IEEE, Los Alamitos, CA, 1--8.Google ScholarCross Ref
- Sébastien Briais, Jean-Luc Danger, and Sylvain Guilley. 2013. A formal study of two physical countermeasures against side channel attacks. Journal of Cryptographic Engineering 3, 3, 169--180.Google ScholarCross Ref
- Éric Brier, Christophe Clavier, and Francis Olivier. 2004. Correlation power analysis with a leakage model. In Proceedings of CHES. 16--29.Google ScholarCross Ref
- Claude Carlet and Sylvain Guilley. 2013. Side-channel indistinguishability. In Proceedings of HASP. ACM, New York, NY, Article No. 9. DOI:http://dx.doi.org/10.1145/2487726.2487735 Google ScholarDigital Library
- Suresh Chari, Charanjit S. Jutla, Josyula R. Rao, and Pankaj Rohatgi. 1999. Towards sound approaches to counteract power-analysis attacks. In Cryptology—CRYPTO ’99. Lecture Notes in Computer Science, Vol. 1666. Springer, 398--412. Google ScholarDigital Library
- Saar Drimer, Tim Güneysu, and Christof Paar. 2008. DSPs, BRAMs and a pinch of logic: New recipes for the AES on FPGAs. In Proceedings of FCCM. IEEE, Los Alamitos, CA, 99--108. Google ScholarDigital Library
- Louis Goubin and Jacques Patarin. 1999. DES and differential power analysis. The “duplication” method. In Cryptographic Hardware and Embedded Systems. Lecture Notes in Computer Science, Vol. 1717. Springer, 158--172. Google ScholarDigital Library
- Tim Güneysu and Amir Moradi. 2011. Generic side-channel countermeasures for reconfigurable devices. In Cryptographic Hardware and Embedded Systems. Lecture Notes in Computer Science, Vol. 6917. Springer, 33--48. Google ScholarDigital Library
- Wei He, Andrés Otero, Eduardo de la Torre, and Teresa Riesgo. 2012. Automatic generation of identical routing pairs for FPGA implemented DPL logic. In Proceedings of ReConFig. IEEE, Los Alamitos, CA, 1--6.Google Scholar
- A. Samad Hedayat, Neil James Alexander Sloane, and John Stufken. 1999. Orthogonal Arrays, Theory and Applications. Springer, New York, NY.Google Scholar
- Houssem Maghrebi, Sylvain Guilley, and Jean-Luc Danger. 2011. Leakage squeezing countermeasure against high-order attacks. In Information Security Theory and Practice: Security and Privacy of Mobile Devices in Wireless Communicaion. Lecture Notes in Computer Science, Vol. 6633. Springer, 208--223. DOI: 10.1007/978-3-642-21040-2_14 Google Scholar
- Stefan Mangard, Norbert Pramstaller, and Elisabeth Oswald. 2005. Successfully attacking masked AES hardware implementations. In Cryptographic Hardware and Embedded Systems—CHES 2005. Lecture Notes in Computer Science, Vol. 3659. Springer, 157--171. Google ScholarDigital Library
- Marcel Medwed, François-Xavier Standaert, Johann Großschädl, and Francesco Regazzoni. 2010. Fresh re-keying: Security against side-channel and fault attacks for low-cost devices. In Progress in Cryptology—AFRICACRYPT 2010. Lecture Notes in Computer Science, Vol. 6055. Springer, 279--296. DOI: 10.1007/978-3-642-12678-9_17 Google ScholarDigital Library
- Amir Moradi. 2012. Statistical tools flavor side-channel collision attacks. In Advances in Cryptology—EUROCRYPT 2012. Lecture Notes in Computer Science, Vol. 7237. Springer, 428--445. Google ScholarDigital Library
- Maxime Nassar, Shivam Bhasin, Jean-Luc Danger, Guillaume Duc, and Sylvain Guilley. 2010. BCDL: A high performance balanced DPL with global precharge and without early-evaluation. In Proceedings of DATE. IEEE, Los Alamitos, CA, 849--854. Google ScholarDigital Library
- Maxime Nassar, Sylvain Guilley, and Jean-Luc Danger. 2011. Formal analysis of the entropy/security trade-off in first-order masking countermeasures against side-channel attacks. In Progress in Cryptology—INDOCRYPT 2011. Lecture Notes in Computer Science, Vol. 7107. Springer, 22--39. DOI: 10.1007/978-3-642-25578-6_4 Google ScholarDigital Library
- Maxime Nassar, Youssef Souissi, Sylvain Guilley, and Jean-Luc Danger. 2012. RSM: A small and fast countermeasure for AES, secure against first- and second-order zero-offset SCAs. In Proceedings of DATE. IEEE, Los Alamitos, CA, 1173--1178. Google ScholarDigital Library
- Thomas Popp, Mario Kirschbaum, Thomas Zefferer, and Stefan Mangard. 2007. Evaluation of the masked logic style MDPL on a prototype chip. In Cryptographic Hardware and Embedded Systems—CHES 2007. Lecture Notes in Computer Science, Vol. 4727. Springer, 81--94. Google ScholarDigital Library
- Emmanuel Prouff and Matthieu Rivain. 2007. A generic method for secure SBox implementation. In Information Security Applications. Lecture Notes in Computer Science, Vol. 4867. Springer, 227--244. Google ScholarDigital Library
- Francesco Regazzoni, Yi Wang, and François-Xavier Standaert. 2011. FPGA implementations of the AES masked against power analysis attacks. In Proceedings of COSADE. 56--66.Google Scholar
- François-Xavier Standaert, Tal Malkin, and Moti Yung. 2009. A unified framework for the analysis of side-channel key recovery attacks. In Advances in Cryptology—EUROCRYPT 2009. Lecture Notes in Computer Science, Vol. 5479. Springer, 443--461. Google ScholarDigital Library
- Kris Tiri and Ingrid Verbauwhede. 2004. A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation. In Proceedings of DATE. IEEE, Los Alamitos, CA, 246--251. DOI: 10.1109/DATE.2004.1268856 Google ScholarCross Ref
- Rajesh Velegalati and Jens-Peter Kaps. 2010. Techniques to enable the use of block RAMs on FPGAs with dynamic and differential logic. In Proceedings of ICECS. IEEE, Los Alamitos, CA, 1251--1254.Google ScholarCross Ref
- Jason Waddle and David Wagner. 2004. Towards efficient second-order power analysis. In Cryptographic Hardware and Embedded Systems—CHES 2004. Lecture Notes in Computer Science, Vol. 3156. Springer, 1--15.Google ScholarCross Ref
- Xilinx. 2011. Spartan-6 FPGA Block RAM Resources User Guide—UG383 (v1.5). Retrieved April 8, 2015, from http://www.xilinx.com/support/documentation/user_guides/ug383.pdf.Google Scholar
Index Terms
- Exploiting FPGA Block Memories for Protected Cryptographic Implementations
Recommendations
FPGA Based Countermeasures against Side Channel Attacks on Block Ciphers
ASPDAC '23: Proceedings of the 28th Asia and South Pacific Design Automation ConferenceField Programmable Gate Arrays (FPGAs) are increasingly ubiquitous. FPGAs enable hardware acceleration and reconfigurability. Any security breach or attack on critical computations occurring on an FPGA can lead to devastating consequences. Side-channel ...
Investigation of DPA Resistance of Block RAMs in Cryptographic Implementations on FPGAs
RECONFIG '10: Proceedings of the 2010 International Conference on Reconfigurable Computing and FPGAsSecurity at low cost is an important factor for cryptographic hardware implementations. Unfortunately, the security of cryptographic implementations is threatened by Side Channel Analysis (SCA). SCA attempts to discover the secret key of a device by ...
Hardware-based cyber threats: attack vectors and defence techniques
There are certain vulnerabilities associated with computing hardware that attackers can exploit to launch destructive attacks which often go undetected by the existing hardware and software countermeasures. Side channel attacks (SCAs) and Rowhammer ...
Comments