Conference Paper

DPA resistance for light-weight implementations of cryptographic algorithms on FPGAs

Volgenau Sch. of IT & E, George Mason Univ., Fairfax, VA, USA
DOI: 10.1109/FPL.2009.5272260 Conference: Field Programmable Logic and Applications, 2009. FPL 2009. International Conference on
Source: IEEE Xplore

ABSTRACT Recent advances in field programmable gate array (FPGA) technology are bound to make FPGAs a popular platform for battery powered devices. Many applications of such devices are mission critical and require the use of cryptographic algorithms to provide the desired security. However, differential power analysis (DPA) attacks pose a sever threat against otherwise secure cryptographic implementations. Current techniques to defend against DPA attacks such as dynamic differential logic (DDL) lead to an increase in area consumption of factor five or more. In this paper we show that moderate security against DPA attacks can be achieved for FPGAs using DDL resulting in an area increase of not much more than a factor two over standard FPGA implementations. Our design flow requires only FPGA design tools and some scripts.

  • [Show abstract] [Hide abstract]
    ABSTRACT: Side Channel Attacks (SCAs) typically gather unintentional (side channel) physical leakages from running crypto-devices to reveal confidential data. Dual-rail Precharge Logic (DPL) is one of the most efficient countermeasures against power or EM side channel threats. This logic relies on the implementation of complementary rails to counterbalance the data-dependent variations of the leakage from dynamic behavior of the original circuit. However, the lack of flexibility of commercial FPGA design tools makes it quite difficult to obtain completely balanced routings between complementary networks. In this paper, a controllable repair mechanism to guarantee identical net pairs from two lines is presented: i. repairs the identical yet conflict nets after the duplication (copy & paste) from original rail to complementary rail, and ii. repairs the non-identical nets in off-the-stock DPL circuits; These rerouting steps are carried out starting from a placed and routed netlist using Xilinx Description Language (XDL). Low level XDL modifications have been completely automated using a set of APIs named RapidSmith. Experimental EM attacks show that the resistance level of an AES core after the automatic routing repair is increased in a factor of at least 3.5. Timing analyses further demonstrate that net delay differences between complementary networks are minimized significantly.
    Reconfigurable Computing and FPGAs (ReConFig), 2012 International Conference on; 01/2012
  • [Show abstract] [Hide abstract]
    ABSTRACT: Implementations of mathematically secure cryptographic algorithms leak information through side channels during run time. Differential Power Analysis (DPA) attacks exploit power leakage to obtain the secret information. Dynamic and Differential Logic (DDL), one of the popular countermeasures against DPA attacks, tries to achieve constant power consumption thereby decor relating the leakage with the data being processed. Separated Dynamic and Differential Logic (SDDL), a variant of DDL, achieves this goal by duplicating the original design into Direct and Complementary parts which exhibit constant switching activity per clock cycle and have balanced net delays. Traditionally, on Field Programmable Gate Arrays (FPGAs) both parts are placed side-by-side to ensure symmetrical routing. However, due to process variations both parts will have slightly different delays. This limits the effectiveness of SDDL. In this paper we introduce a design flow to achieve interleaved placement of SDDL designs on Xilinx Spartan-3E FPGAs while preserving symmetric routing. We explore several placement configurations with respect to routing and security. The results of our experiments show that a well-balanced placement of SDDL can double the effectiveness of the SDDL countermeasures on FPGAs.
    Field Programmable Logic and Applications (FPL), 2011 International Conference on; 10/2011
  • [Show abstract] [Hide abstract]
    ABSTRACT: Dual-rail Precharge Logic (DPL) has been widely studied as an effective countermeasure category for mitigating Side Channel Attack (SCA) threats, where unwanted physical leakages from running crypto devices are inspected and analyzed to retrieve confidential data. DPL protocol requires compensated behavior between the corresponding rails, which differs from conventional logic principles. Thus it needs unusual design flows with repetitive and tedious workload. In this article, we present a custom execution tool to automatically realize a dual rail logic. This controllable and automated design flow relies on Xilinx FPGA platforms, to obtain dual rails with highly symmetric networks. The tool is able to automate the logic transformation from a raw single rail on Xilinx Design Language (XDL) to the Precharge Absorbed DPL (PA-DPL) format. Users can fully or partially convert the circuit in arbitrary placement schemes, without concerning the routing conflicts. Another significance is that this proposal is potentially to be used to other circuits that require precise routing control. SCA Security verification to an 8-bit AES coprocessor on SASEBO-GII indicates enhanced security grade due to the rigorous routing networks achieved by the repair process. Timing analysis further demonstrates that the net delay differences between complementary nets are minimized.
    Microprocessors and Microsystems 02/2014; 38(8). DOI:10.1016/j.micpro.2014.02.005 · 0.60 Impact Factor