techniques to prevent power analysis on encryption hardware cs252 final project by shengliang song...
Post on 27-Dec-2015
212 Views
Preview:
TRANSCRIPT
Techniques to Prevent Power Analysis on Encryption Hardware
CS252 Final Project
By Shengliang Song & Nikita Borisov Professor: Jan Rabaey & Kurt Keutzer
•Smart Card
•Differential Power Analysis
•Divide-and-conquer approach
Smart Card
• Processing Power (Intel 8051, Motorola 6805)
• Data Storage (EEPROM, FLASH, ROM, RAM)
• IO & Power Source (Contact, Contactless)
Smart Cards
B) Inductive Coupling
Asynchronous: RF/ID and RF/DC
ISO 7816-3 (similar to RS232 operating at 9600 baud with even parity)
Power: A) Smart Card Reader
Synchronous: powered, clocked and addressed
under control of the outside world
Differential Power Analysis
• Semiconductor logic gates – consuming power
– producing electromagnetic radiation
• DPA: plaintext or ciphertext => encryption or decryption keys
– Observes m encryption operation– Captures power traces T[1..m][1..k] (k samples each)– records the ciphertexts C[1..m]– Delta D[1..k] (by finding the difference between the averages of the traces for which D(c,b,ks) is
one and the average of the traces for which D(c,b,ks) is zero.)
Measure a circuit’s power consumption
• a small (50 ohm) resistor is inserted in series with the power or ground input
Vcc
Vout
R = 50 ohm
I = Vout/R
DPA Traces
DEFENSES
• Still being studied
• Balancing computation with complements
• Splitting bits into randomized shares
• Special circuit design techniques
• Randomize order
• Complicated, costly
Divide-and-conquer approach
• Build a simple ALU which implements sensitive operations (ROT, ADD, XOR, S[key])
• Make it power analysis resistant (Continue Research: IC layer, glu-logical, Computer Architecture)
• Design control logical normally (8bit CPU or ROM based Machine)
Control: CPU or ROM Based Machine
sequencercontrol
datapath control
micro-PC-sequencer:fetch,dispatch,sequential
microinstruction ()
DispatchROMOpcode
-Code ROM
DecodeDecode
To DataPath
Decoders implement our -code language:
For instance:rt-ALUrd-ALUmem-ALU
ALU & SBox
S[Akey]
WEEN
SBoxAKey[7:0]
+
8ns
8
ROT
10ns
XOR
8ns
8
•Basic Units:ROTADDXORSBox
•Shielding will be less complex•Communication: (ALU, Sbox, Ctrl)
ALU
ADVANTAGES
• Smaller than an entire cipher• reduce cost of expensive
techniques• Easier to apply complex
design principles• Model interactions• Reused
S[key]
CPUALU
SBOX
IO
PROBLEMS:
• communication between controller and ALU can be slow
• Asynchronous (Req, Ack, ALU takes more than one clock cycle time)
• Synchronous (ALU need run in a fast clock rate)
• some cipher specific techniques (eg. Randomized Sbox lookups) are harder to apply
References
• Smart Cards: http://www.sjug.org/jcsig/others/smart_card.htm
• Differential Power Analysis: http://www.cryptography.com/dpa/Dpa.pdf
top related