1 / 22

DPA Proof Architecture Evaluation

DPA Proof Architecture Evaluation. N. Valette 1 2 , L. Torres 2 , G. Sassatelli 2 , F. Bancel 1 and N. Bérard 1 1 STMicroelectronics, Smartcard Division 2 LIRMM, Microelectronics Department nicolas.valette@st.com / nicolas.valette@lirmm.fr. Outline. Attacks: State of the Art

morton
Download Presentation

DPA Proof Architecture Evaluation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DPA Proof Architecture Evaluation N. Valette1 2, L. Torres2, G. Sassatelli2, F. Bancel1 and N. Bérard1 1 STMicroelectronics, Smartcard Division 2 LIRMM, Microelectronics Department nicolas.valette@st.com / nicolas.valette@lirmm.fr

  2. Outline • Attacks: State of the Art • Real DPA description • DPA by simulation • Conclusion and future work

  3. Attacks : State of the Art Electro-magnetic emanations Power consumption Smartcard processing data Smartcard processing data Noise Temperature • Different kinds of attacks • Side channels attacks which use leaking information : • Simple Power Analysis (SPA), Differential Power Analysis (DPA), Timing Analysis, Electromagnetic Analysis, Noise Analysis, Temperature Analysis … • Fault Injection which is a non-invasive attack : • Glitches injection, Light Injection, Irradiation … • Reverse engineering which is an invasive attack • To obtain a complete view of the chip layout (different layers)

  4. Differential Power Analysis • The DPA is the most common attack against Smartcards. • It allows to guess the unknown secret key of a cryptographic coprocessor. • It is based on a statistical repartition of power consumption : • Acquisition of power traces • Statistical analysis of power traces • It can be realized on most cryptographics algorithms

  5. Review of DES Li Ki Ri F function Ri+1 Li+1 K SBOX P SBOX E In Out CTL = L16  f (K16,R16) CTR = R16

  6. Real DPA Attack on DES (1) Solve for D CTL = L16  f (K16,R16) CTR = R16 DPA attack on 6-bits of K16 corresponding to SBOX0 : 1. Make an hypothesis on 6-bits of K16 2. Create 2 groups : S0 and S1 3. Get a CTO and its power trace 4. Reverse-calculate the D – bit (from CTO and K16) 5. If (D = 1) then add power trace to S1 else add power trace to S0 D = CTL  f (K16,CTR)

  7. Real DPA Attack on DES (2) D = 0 D = 1

  8. Practical results Complete trace: 16 rounds are visible Reference trace Differential Traces : Right hypothesis Wrong hypothesis Wrong hypothesis

  9. DPA : From real attack to simulation 1) REAL ACQUISITION 1) ACQUISITION BY SIMULATION Vdd Cryptographic process CTi Random Plain Texts Cipher Texts CT1 P&R netlist corresponding to a cryptographic function CT0 Pi Power Traces PTi P1 PT1 Unknown Key PT0 P0 Gnd 2) STATISTICAL REPARTITION CTi Cipher Texts Key Hypothesis CT1 CT0 Repartition Function Pi Power Traces P1 P0 Right Key Hypothesis

  10. DPA on DES by simulation Li Ki Ri F function Ri+1 Li+1 Data entering Sboxes K SBOX P SBOX E K In Output of Sboxes Out 6 In Out SBOX0 4 6 6

  11. DPA Flow Set of Power Traces without RC Set of Power Traces with RC Analysis P&R DSPF File Simulations with Eldo Simulations with Eldo RTL Description of SBOX0 Synthesis Opus Analysis Gated Netlist Eldo Netlist

  12. Results Without RC With RC

  13. Example of architecture evaluation on a DES L K R P SBOX E RTL model synthesized in different ways (with the same library) CTr CTl

  14. Runs description • Run 3 : Automatic synthesis, optimised for area and timing (initial netlist) • Run 5 : Initial netlist with RC load • Run 9 : Idem run5 with different key • Run 10 : Initial netlist plus buffers near outputs • Run 11 : idem run3 • Run 12 : Synthesis only with OR2, NOR2, AND2, NAND2 and INV. • Run 13 : Synthesis with OR2, NOR2, AND2, NAND2 and INV with low bufferization (netlist_LP) • Run 14 : run13 with RC load • Run 15 : Initial netlist plus some distributed buffers • Run 16 : Initial netlist plus few distributed buffers • Run 17 : Automatic synthesis optimised for power consumption (netlist_LP2)

  15. Netlist + output buffers

  16. Low Power Netlist (manual)

  17. Low Power netlist (automatic)

  18. Low Power Netlist (manual) + RC Load

  19. Improvements of the DPA benchmak • Compare simulation results with a real attack • Use the gated netlist of a DES product and its RC load. • Attack this product by simulation to know how many samples are needed to differentiate the right key • Make a real attack on the chip to obtain the number of needed samples • Correlate these numbers of samples

  20. Conclusion and future works • Correlate DPA simulation results with real DPA attack • Evaluate counter measures (at RTL, Gate or P&R level): • Area cost • Security level • Development cost • Evaluate partial or full reconfigurable architectures: use of LUT-based elements to: • be DPA-proof • provide flexibility

  21. Any questions ? nicolas.valette@st.com / nicolas.valette@lirmm.fr

More Related