A Side-Channel and Fault-Attack Resistant AES Circuit...
Transcript of A Side-Channel and Fault-Attack Resistant AES Circuit...
![Page 1: A Side-Channel and Fault-Attack Resistant AES Circuit ...dutertre/doc_recherche/P_2011_2_talk_ISSCC2… · counter-measures both against side-channel and fault attacks. • Originality](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffe07274431fd3aaa3b6031/html5/thumbnails/1.jpg)
A Side-Channel and Fault-Attack Resistant AES Circuit Working on Duplicated Complemented Values
M. Doulcier-Verdier1,2, J-M. Dutertre2, J. Fournier1,2, J-B. Rigaud2, B. Robisson1,2 & A.Tria1,2.
1 2
![Page 2: A Side-Channel and Fault-Attack Resistant AES Circuit ...dutertre/doc_recherche/P_2011_2_talk_ISSCC2… · counter-measures both against side-channel and fault attacks. • Originality](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffe07274431fd3aaa3b6031/html5/thumbnails/2.jpg)
Context • Cryptographic circuits are subjected to different
kinds of non-invasive physical attacks:
Side-Channel Attacks • Differential Power/EM
Analysis • Correlation Power/EM
Analysis
Fault Attacks • Differential Fault Analysis
![Page 3: A Side-Channel and Fault-Attack Resistant AES Circuit ...dutertre/doc_recherche/P_2011_2_talk_ISSCC2… · counter-measures both against side-channel and fault attacks. • Originality](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffe07274431fd3aaa3b6031/html5/thumbnails/3.jpg)
Side-Channel Attacks EM/Power
Measurements Input
Messages
Key Guesses Statistical
Analysis
Right key guess with highest peak!
![Page 4: A Side-Channel and Fault-Attack Resistant AES Circuit ...dutertre/doc_recherche/P_2011_2_talk_ISSCC2… · counter-measures both against side-channel and fault attacks. • Originality](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffe07274431fd3aaa3b6031/html5/thumbnails/4.jpg)
Differential Fault Attacks
Secret Key K
Input Message M
Correct cipher C
Secret Key K
Input Message M
Faulted cipher C’
DFA Secret Key K
revealed!
![Page 5: A Side-Channel and Fault-Attack Resistant AES Circuit ...dutertre/doc_recherche/P_2011_2_talk_ISSCC2… · counter-measures both against side-channel and fault attacks. • Originality](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffe07274431fd3aaa3b6031/html5/thumbnails/5.jpg)
Advanced Encryption Standard
• The AES was specified by the NIST in 2001 (128-bit key version): – Input message of 16 bytes arranged into 4x4
matrix. – Message is brewed into a “round” function
which is repeated 10 times. – Input key of 16 bytes from which sub-keys are
iteratively for each “round” thru a ‘KEY_EXPANDER’ function.
![Page 6: A Side-Channel and Fault-Attack Resistant AES Circuit ...dutertre/doc_recherche/P_2011_2_talk_ISSCC2… · counter-measures both against side-channel and fault attacks. • Originality](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffe07274431fd3aaa3b6031/html5/thumbnails/6.jpg)
Our Tamper-Resistant AES ‘Original’ AES datapath
‘Duplicated’ AES datapath
Error Propagation: the difference between the data paths is spread:
Against DFA.
The duplicated path works on complemented values to
balance power/EM consumption: Against SCA.
![Page 7: A Side-Channel and Fault-Attack Resistant AES Circuit ...dutertre/doc_recherche/P_2011_2_talk_ISSCC2… · counter-measures both against side-channel and fault attacks. • Originality](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffe07274431fd3aaa3b6031/html5/thumbnails/7.jpg)
TR-AES Chip • HCMOS9gp 0.13µm STM
technology. • Max frequency of 50 MHz. • 1336x1411µm² • 27400 gates
– Including communication interface.
– Overhead of 67% wrt non-secure AES in the same technology.
![Page 8: A Side-Channel and Fault-Attack Resistant AES Circuit ...dutertre/doc_recherche/P_2011_2_talk_ISSCC2… · counter-measures both against side-channel and fault attacks. • Originality](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffe07274431fd3aaa3b6031/html5/thumbnails/8.jpg)
Resistance against EM Analysis • Performed EM-based Correlation Analysis. • Used up to 1,000,000 curves done on several
points of the circuit. • No significant correlation peak obtained for any
key guess.
![Page 9: A Side-Channel and Fault-Attack Resistant AES Circuit ...dutertre/doc_recherche/P_2011_2_talk_ISSCC2… · counter-measures both against side-channel and fault attacks. • Originality](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffe07274431fd3aaa3b6031/html5/thumbnails/9.jpg)
Resistance to laser fault attacks
• Characteristics of the laser source used: – Green 532nm wavelength. – Spot size between 6 and 12 µm. – Min energy value (0.2 to 5 nJ).
• We managed to inject faults in the seperate data paths, – which lead to the error spreading as expected by our
scheme. – the resulting cipher text is useless for differential
cryptanalysis
![Page 10: A Side-Channel and Fault-Attack Resistant AES Circuit ...dutertre/doc_recherche/P_2011_2_talk_ISSCC2… · counter-measures both against side-channel and fault attacks. • Originality](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffe07274431fd3aaa3b6031/html5/thumbnails/10.jpg)
Error propagation using laser
![Page 11: A Side-Channel and Fault-Attack Resistant AES Circuit ...dutertre/doc_recherche/P_2011_2_talk_ISSCC2… · counter-measures both against side-channel and fault attacks. • Originality](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffe07274431fd3aaa3b6031/html5/thumbnails/11.jpg)
Comparison with design from Tokunaga & Blaauw
![Page 12: A Side-Channel and Fault-Attack Resistant AES Circuit ...dutertre/doc_recherche/P_2011_2_talk_ISSCC2… · counter-measures both against side-channel and fault attacks. • Originality](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffe07274431fd3aaa3b6031/html5/thumbnails/12.jpg)
Conclusion • Complemented-duplicated design which offers
counter-measures both against side-channel and fault attacks.
• Originality of our approach – We don’t systematically detect the errors but we
spread them to render faulty cipher texts useless for differential cryptanalysis.
– Since we already duplicate the datapath, we complement the second datapath which provide a counter-measure against side channel attacks at no cost.