A Generic TC-Based Method to Find the Weakness in Different Phases of Masking Schemes

Ming Tang; Yuguang Li; Yanbin Li; Pengbo Wang; Dongyan Zhao; Weigao Chen; Huanguo Zhang

doi:10.26599/TST.2018.9010024

Tsinghua Science and Technology 2018, 23(5): 574-585 https://doi.org/10.26599/TST.2018.9010024

Open Access | Issue | Published: 17 September 2018

A Generic TC-Based Method to Find the Weakness in Different Phases of Masking Schemes

Show Author's Information Hide Author's Information Ming Tang(

), Yuguang Li, Yanbin Li, Pengbo Wang, Dongyan Zhao, Weigao Chen, Huanguo Zhang

School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China

State Key Laboratory of Cryptology, Beijing 100878, China.

State Grid Key Laboratory of PICD & AT, Beijing Smart-Chip Microelectronics Technology Co. Ltd., Beijing 100080, China.

State Grid Xinjiang Electric Power Corporation Maintenance Company, Urumqi 830002, China.

Keywords:

Side-Channel Attack (SCA), toggle count, masking, simulation-based analysis

Cite this article:

Tang M, Li Y, Li Y, et al. A Generic TC-Based Method to Find the Weakness in Different Phases of Masking Schemes. Tsinghua Science and Technology, 2018, 23(5): 574-585. https://doi.org/10.26599/TST.2018.9010024

Download citation

EndNote(RIS)

BibTeX

460

Views

Downloads

Citations

Crossref

N/A

WoS

Scopus

CSCD

Abstract Full text About this article

Abstract

Masking is one of the most commonly used Side-Channel Attack (SCA) countermeasures and is built on a security framework, such as the ISW framework, and ensures theoretical security through secret sharing. Unfortunately, the theoretical security cannot guarantee practical security, because several possible weaknesses may exist in the actual implementation. These weaknesses likely come from the masking schemes or are introduced by the implementation methods. Finding the possible weakness of the masking scheme is an interesting and important issue for real applications. In this paper, the possible weaknesses for masking schemes in Field-Programmable Gate Array (FPGA) design are discussed. It was found that the combinational circuit is the key to the security of masking schemes. The Toggle Count (TC) method and its extension are utilized to evaluate the security of masking schemes in the design phase and the implementation phase separately. Comparing different logic-level simulators for the Xilinx FPGA platform, the behavioral and post-translate simulations are considered as the analysis method in the design phase, while the post-map and the post-route simulations are used to find the weakness during the implementation phase. Moreover, a Standard Delay Format (SDF) based improvement scheme is proposed to significantly increase the effectiveness of the TC model.

Full text

Abstract

Full text

Outline

About this article

A Generic TC-Based Method to Find the Weakness in Different Phases of Masking Schemes

Show Author's information Hide Author's Information Ming Tang(

), Yuguang Li, Yanbin Li, Pengbo Wang, Dongyan Zhao, Weigao Chen, Huanguo Zhang

School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China

State Key Laboratory of Cryptology, Beijing 100878, China.

State Grid Key Laboratory of PICD & AT, Beijing Smart-Chip Microelectronics Technology Co. Ltd., Beijing 100080, China.

State Grid Xinjiang Electric Power Corporation Maintenance Company, Urumqi 830002, China.

Abstract

Keywords: Side-Channel Attack (SCA), toggle count, masking, simulation-based analysis

References(26)

[1]

P. Kocher, J. Jaffe, and B. Jun, Differential power analysis, presented at the 19th Annual International Cryptology Conference, Santa Barbara, CA, USA, 1999.

DOI

[2]

S. Chari, J. R. Rao, and P. Rohatgi, Template attacks, presented at the International Workshop on Cryptographic Hardware and Embedded Systems, San Francisco, CA, USA, 2002.

[3]

E. Brier, C. Clavier, and F. Olivier, Correlation power analysis with a leakage model, presented at the 6th International Workshop on Cryptographic Hardware and Embedded Systems, Cambridge, MA, USA, 2004.

DOI

[4]

B. Gierlichs, L. Batina, P. Tuyls, and B. Preneel, Mutual information analysis, presented at the 10th International Workshop on Cryptographic Hardware and Embedded System, Washington, DC, USA, 2008.

[5]

M.-L. Akkar and C. Giraud, An implementation of DES and AES, secure against some attacks, presented at the 3rd International Workshop on Cryptographic Hardware and Embedded Systems, Paris, France, 2001.

DOI

[6]

E. Oswald, S. Mangard, N. Pramstaller, and V. Rijmen, A side-channel analysis resistant description of the AES s-box, presented at the 12th International Workshop on Fast Software Encryption, Paris, France, 2005.

DOI

[7]

J.-S. Coron, Higher order masking of look-up tables, presented at the 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Copenhagen, Denmark, 2014.

DOI

[8]

M. Tang, Z. Guo, A. Heuser, Y. Ren, J. Li, and J.-L. Danger, PFD—A flexible higher-order masking scheme, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, .

DOI Google Scholar

[9]

Y. Ishai, A. Sahai, and D. Wagner, Private circuits: Securing hardware against probing attacks, presented at the 23rd Annual International Cryptology Conference, Santa Barbara, CA, USA, 2003.

DOI

[10]

A. Raghunathan, S. Dey, and N. K. Jha, High-level macro- modeling and estimation techniques for switching activity and power consumption, IEEE Transactions on Very Large Scale Integration (VLSI) Systems, vol. 11, no. 4, pp. 538-557, 2003.

DOI Google Scholar

[11]

S. Mangard, T. Popp, and B. M. Gammel, Side-channel leakage of masked cmos gates, presented at the Cryptographers’ Track at the RSA Conference 2005, San Francisco, CA, USA, 2005.

DOI

[12]

S. Mangard, N. Pramstaller, and E. Oswald, Successfully attacking masked aes hardware implementations, presented at the 7th International Workshop on Cryptographic Hardware and Embedded Systems, Edinburgh, UK, 2005.

DOI

[13]

Y. Lu and V. D. Agrawal, CMOS leakage and glitch minimization for power-performance tradeoff, Journal of Low Power Electronics, vol. 2, no. 3, pp. 378-387, 2006.

DOI Google Scholar

[14]

D. Suzuki, M. Saeki, and T. Ichikawa, Dpa leakage models for CMOS logic circuits, presented at the 7th International Workshop on Cryptographic Hardware and Embedded Systems, Edinburgh, UK, 2005.

DOI

[15]

A. Moradi, M. Salmasizadeh, M. T. M. Shalmani, and T. Eisenbarth, Vulnerability modeling of cryptographic hardware to power analysis attacks, INTEGRATION, the VLSI Journal, vol. 42, no. 4, pp. 468-478, 2009.

DOI Google Scholar

[16]

J. Becker, M. Huebner, and M. Ullmann, Power estimation and power measurement of xilinx virtex fpgas: Trade- offs and limitations, presented at the 16th Symposium on Integrated Circuits and Systems Design, Sao Paulo, Brazil, 2003.

[17]

D. Meintanis and I. Papaefstathiou, Power consumption estimations vs measurements for fpga-based security cores, presented at the 3th International Conference on Reconfigurable Computing and FPGAs, Cancun, Mexico, 2008.

DOI

[18]

R. Bonamy, D. Chillet, S. Bilavarn, and O. Sentieys, Power consumption model for partial and dynamic reconfiguration, presented at the 7th International Conference on Reconfigurable Computing and FPGAs, Cancun, Mexico, 2012.

DOI

[19]

A. Moradi, S. Guilley, and A. Heuser, Detecting hidden leakages, presented at the 12th International Conference on Applied Cryptography and Network Security, Lausanne, Switzerland, 2014.

DOI

[20]

Hardware Security Project, Side-channel attack standard evaluation board (sasebo), http://satoh.cs.uec.ac.jp/SASEBO/en/board/sasebo-g2.html, 2017.

[21]

T. ParisTech, Dpa contest v2, http://www.dpacontest.org/v2/index.php, 2010.

[22]

Y. S. Dhillon, A. U. Diril, and A. Chatterjee, Soft-error tolerance analysis and optimization of nanometer circuits, presented at the 12th Design, Automation, and Test in Europe Conference and Exhibition, Nice, France, 2009.

DOI

[23]

S. Mangard, E. Oswald, and T. Popp, Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer Science & Business Media, 2008.

[24]

D. Thomas and P. Moorby, The Verilog Hardware Description Language. Springer Science & Business Media, 2002.

[25]

S. Mangard and K. Schramm, Pinpointing the side-channel leakage of masked AES hardware implementations, presented at the 8th International Workshop on Cryptographic Hardware and Embedded Systems, Yokohama, Japan, 2006.

DOI

[26]

V. Sagdeo, Standard delay format, in The Complete Verilog Book, V. Sagdeo, ed. Springer, 1998, pp. 321-363.

About this article

Publication history

Acknowledgements

Rights and permissions

Publication history

Received: 24 September 2017

Accepted: 29 September 2017

Published: 17 September 2018

Issue date: October 2018

Copyright

Acknowledgements

This work was supported in part by the National Natural Science Foundation of China under Grant (No. 61472292), the key technology research of new-generation high-speed and high-level security chip for smart grid (No. 526816160015), and in part by the Technological Innovation of Hubei Province (Major Special Project, No. 2018AAA046).