DPA resistance for light-weight implementations of cryptographic algorithms on FPGAs
ABSTRACT Recent advances in field programmable gate array (FPGA) technology are bound to make FPGAs a popular platform for battery powered devices. Many applications of such devices are mission critical and require the use of cryptographic algorithms to provide the desired security. However, differential power analysis (DPA) attacks pose a sever threat against otherwise secure cryptographic implementations. Current techniques to defend against DPA attacks such as dynamic differential logic (DDL) lead to an increase in area consumption of factor five or more. In this paper we show that moderate security against DPA attacks can be achieved for FPGAs using DDL resulting in an area increase of not much more than a factor two over standard FPGA implementations. Our design flow requires only FPGA design tools and some scripts.
- SourceAvailable from: psu.edu[show abstract] [hide abstract]
ABSTRACT: This paper analyzes the dynamic power consumption in the fabric of Field Programmable Gate Arrays (FPGAs) by taking advantage of both simulation and measurement. Our target device is Xilinx Virtex^TM-II family, which contains the most recent and largest programmable fabric. We identify important resources in the FPGA architecture and obtain their utilization, using a large set of real designs. Then, using a number of representative case studies we calculate the switching activity corresponding to each resource. Finally, we combine effective capacitance of each resource with its utilization and switching activity to estimate its share of power consumption. According to our results, the power dissipation share of routing, logic and clocking resources are 60%, 16%, and 14%, respectively. Also, we concluded that dynamic power dissipation of a Virtex-II CLB is 5.9W per MHz for typical designs, but it may vary significantly depending on the switching activity.12/2003;
Conference Proceeding: Power Analysis of FPGAs: How Practical is the Attack?[show abstract] [hide abstract]
ABSTRACT: Recent developments in information technologies made the secure transmission of digital data a critical design point. Large data flows have to be exchanged securely and involve encryption rates that sometimes may require hardware implementations. Reprogrammable devices such as Field Programmable Gate Arrays are highly attractive solutions for hardware implementations of encryption algorithms and several papers underline their growing performances and flexibility for any digital processing application. Although cryptosystem designers frequently assume that secret parameters will be manipulated in closed reliable computing environments, Kocher et al. stressed in 1998 that actual computers and microchips leak information correlated with the data handled. Side-channel attacks based on time, power and electromagnetic measurements were successfully applied to the smart card technology, but we have no knowledge of any attempt to implement them against FPGAs. This paper examines how monitoring power consumption signals might breach FPGA-security. We propose first experimental results against FPGA-implementations of cryptographic algorithms in order to confirm that power analysis has to be considered as a serious threat for FPGA security. We also highlight certain features of FPGAs that increase their resistance against side-channel attacks.Field Programmable Logic and Application, 13th International Conference, FPL 2003, Lisbon, Portugal, September 1-3, 2003, Proceedings; 01/2003
Conference Proceeding: Masking and Dual-Rail Logic Don't Add Up.[show abstract] [hide abstract]
ABSTRACT: Masked logic styles use a random mask bit to de-correlate the power consumption of the circuit from the state of the algorithm. The eect of the random mask bit is that the circuit switches between two complementary states with a dierent power profile. Earlier work has shown that the mask-bit value can be estimated from the power con- sumption profile, and that masked logic remains susceptible to classic power attacks after only a simple filtering operation. In this contribu- tion we will show that this conclusion also holds for masked pre-charged logic styles and for all practical implementations of masked dual-rail logic styles. Up to now, it was believed that masking and dual-rail can be com- bined to provide a routing-insensitive logic style. We will show that this assumption is not correct. We demonstrate that the routing imbalances can be used to detect the value of the mask bit. Simulations as well as analysis of design data from an AES chip support this conclusion.Cryptographic Hardware and Embedded Systems - CHES 2007, 9th International Workshop, Vienna, Austria, September 10-13, 2007, Proceedings; 01/2007