Multiprocessor information concealment architecture to prevent power analysis-based side channel attacks
Multiprocessor information concealment architecture to prevent power analysis-based side channel attacks
- Author(s): J.A. Ambrose ; R.G. Ragel ; S. Parameswaran ; A. Ignjatovic
- DOI: 10.1049/iet-cdt.2009.0097
For access to this article, please select a purchase option:
Buy article PDF
Buy Knowledge Pack
IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.
Thank you
Your recommendation has been sent to your librarian.
- Author(s): J.A. Ambrose 1 ; R.G. Ragel 2 ; S. Parameswaran 1 ; A. Ignjatovic 1
-
-
View affiliations
-
Affiliations:
1: School of Computer Science and Engineering, University of New South Wales, Sydney, Australia
2: Department of Computer Engineering, University of Peradeniya, Peradeniya, Sri Lanka
-
Affiliations:
1: School of Computer Science and Engineering, University of New South Wales, Sydney, Australia
- Source:
Volume 5, Issue 1,
January 2011,
p.
1 – 15
DOI: 10.1049/iet-cdt.2009.0097 , Print ISSN 1751-8601, Online ISSN 1751-861X
- « Previous Article
- Table of contents
- Next Article »
Side channel attackers observe external manifestations of internal computations in an embedded system to predict the encryption key employed. The ability to examine such external manifestations (power dissipation or electromagnetic emissions) is a major threat to secure embedded systems. This study proposes a secure multiprocessor architecture to prevent side channel attacks, based on a dual-core algorithmic balancing technique, where two identical cores are used. Both cores use a single clock and encrypt simultaneously, with one core executing the original encryption, whereas the second executes the complementary encryption. This effectively balances the crucial information from the power profile (note that it is the information and not the power profile itself), hiding the actual key from the adversary attempting an attack based on differential power analysis (DPA). The two cores normally execute different tasks, but will encrypt together to foil a side channel attack. The authors show that, when our technique is applied, DPA fails on the most common block ciphers, data encryption standard (DES) and advanced encryption standard (AES), leaving the attacker with little useful information with which to perpetrate an attack.
Inspec keywords: public key cryptography; embedded systems; multiprocessing systems
Other keywords:
Subjects: Data security; Multiprocessing systems
References
-
-
1)
- May, D., Muller, H.L., Smart, N.P.: `Non-deterministic processors', Proc. Sixth Australasian Conf. on Information Security and Privacy, ACISP'01, 2001, p. 115–129.
-
2)
- M. Barbosa , D. Page . On the automatic construction of indistinguishable operations. IMA Int. Conf. , 233 - 247
-
3)
- Popp, T., Mangard, S.: `Masked dual-rail pre-charge logic: DPA-resistance without routing constraints', Proc. Cryptographic Hardware and Embedded Systems – CHES 2005, Seventh Int. Workshop, 2005, Edinburgh, Scotland, p. 172–186, 29 August – 1 September (LNCS, 3659).
-
4)
- Trichina, E., Seta, D.D., Germani, L.: `Simplified adaptive multiplicative masking for AES', Revised Papers from the Fourth Int. Workshop on Cryptographic Hardware and Embedded Systems, CHES'02, 2003, p. 187–197.
-
5)
- COMPUTER SYSTEMS LABORATORY (US): Data Encryption Standard (DES), 1994, category: computer security, subcategory: cryptography. Supersedes FIPS PUB 46-1–1988 January 22. Reaffirmed 30 December, 1993. Shipping list no.: 94-0171-P.
-
6)
- Messerges, T.S., Dabbish, E.A., Sloan, R.H.: `Investigations of power analysis attacks on smartcards', Proc. USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology, WOST'99, 1999, p. 17–30.
-
7)
- E. Brier , C. Clavier , F. Olivier . Correlation power analysis with a leakage model. CHES , 16 - 29
-
8)
- Tiri, K., Verbauwhede, I.: `A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation', Proc. Conf. on Design, automation and test in Europe, DATE'04, 2004, p. 10246.
-
9)
- R.P. McEvoy , C.C. Murphy , W.P. Marnane , M. Tunstall . Isolated wddl: a hiding countermeasure for differential power analysis on fpgas. ACM Trans. Reconfigurable Technol. Syst. , 1 , 1 - 23
-
10)
- Wolf, W.: `Multimedia applications of multiprocessor systems-on-chips', Proc. Conf. on Design, Automation and Test in Europe, DATE'05, 2005, p. 86–89.
-
11)
- Waddle, J., Wagner, D.: `Towards efficient second-order power analysis', CHES, 2004, p. 1–15.
-
12)
- W. Stallings . The advanced encryption standard. Cryptologia , 3 , 165 - 188
-
13)
- Hollestelle, G., Burgers, W., den Hartog, J.I.: `Power analysis on smartcard algorithms using simulation', Technical Report CSR 04-22, 2004, http://eprints.eemcs.utwente.nl/798/.
-
14)
- T.S. Messerges , E.A. Dabbish , R.H. Sloan . Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. , 5 , 541 - 552
-
15)
- Ambrose, J.A., Parameswaran, , Ignjatovic, A.: `MUTE-AES: a multiprocessor architecture to prevent power analysis based side channel attack of the AES Algorithm', ICCAD, 2008, p. 489–492.
-
16)
- Brumley, D., Boneh, D.: `Remote timing attacks are practical', Proc. 12th USENIX Security Symp., August 2003.
-
17)
- Peeters, E., Standaert, F.-X., Donckers, N., Quisquater, J.-J.: `Improved higher-order side-channel attacks with FPGA experiments', CHES, 2005, p. 309–323.
-
18)
- Oswald, E., Mangard, S., Herbst, C., Tillich, S.: `Practical second-order DPA attacks for masked smart card implementations of block ciphers', Proc. Topics in Cryptology – CT-RSA 2006, The Cryptographers' Track at the RSA Conf. 2006, 13–17 February 2006, p. 192–207, (LNCS, 3860).
-
19)
- Sauvage, L., Guilley, S., Danger, J.-L., Mathieu, Y., Nassar, M.: `Successful attack on an FPGA-based WDDL DES crypto-processor without place and route constraints', DATE, 2009, p. 640–645.
-
20)
- Brier, E., Clavier, C., Olivier, F.: `Optimal statistical power analysis', Report 2003/152,, 2003, cryptology ePrint Archive.
-
21)
- Coron, J.-S., Goubin, L.: `On boolean and arithmetic masking against differential power analysis', Ches'00, 2000, London, UK, p. 231–237.
-
22)
- J. Daemen , V. Rijmen . (1999) Resistance against implementation attacks: a comparative study of the AES proposals.
-
23)
- Clavier, C., Coron, J.-S., Dabbous, N.: `Differential power analysis in the presence of hardware countermeasures', Proc. Second Int. Workshop on Cryptographic Hardware and Embedded Systems, CHES'00, 2000, p. 252–263.
-
24)
- P. Kocher , J. Jaffe , B. Jun . Differential power analysis. Lecture Notes Comput. Sci. , 388 - 397
-
25)
- Gebotys, C.H., Gebotys, R.J.: `Secure elliptic curve implementations: an analysis of resistance to power-attacks in a DSP Processor', Revised Papers from the Fourth Int. Workshop on Cryptographic Hardware and Embedded Systems, CHES'02, 2003, p. 114–128.
-
26)
- S. Shimizu , H. Ishikawa , A. Satoh , T. Aihara . On-demand design service innovations. IBM J. Res. Dev. , 751 - 765
-
27)
- J. Quisquater , D. Samyde . Electromagnetic analysis (EMA): measures and counter-measures for smart cards. E-smart , 200 - 210
-
28)
- Mangard, S.: `A simple power-analysis (SPA) attack on implementations of the AES key expansion', Fifth Int. Conf. Information Security and Cryptology – ICISC 2002, 28–29 November 2002, Seoul, Korea, p. 343–358, Revised papers, (LNCS, 2587).
-
29)
- H. Saputra , N. Vijaykrishnan , M. Kandemir . Masking the energy behavior of des encryption. DATE
-
30)
- DiBrino, M.T.: `Apparatus and method for managing interrupts in a multiprocessor system', U.S. Patent 5265215, 1993.
-
31)
- Akkar, M.-L., Bevan, R., Dischamp, P., Moyart, D.: `Power analysis, what is now possible', Proc. Sixth Int. Conf. on Theory and Application of Cryptology and Information Security, ASIACRYPT'00, 2000, p. 489–502.
-
32)
- J. Daemen , V. Rijmen . (2002) The design of rijndael: AES – the advanced encryption standard.
-
33)
- W. Stallings . (2002) Cryptography and network security: principles and practice.
-
34)
- Ambrose, J.A., Ragel, R.G., Parameswaran, S.: `RIJID: random code injection to mask power analysis based side channel attacks', DAC, 2007, p. 489–492.
-
35)
- Joye, M., Paillier, P., Schoenmakers, B.: `On second-order differential power analysis', CHES, 2005, p. 293–308.
-
36)
- C. Gebotys . A table masking countermeasure for low-energy secure embedded systems. IEEE Trans. Very Large Scale Integr. (VLSI) Syst. , 7 , 740 - 753
-
37)
- K. Tiri , I. Verbauwhede . A digital design flow for secure integrated circuits. IEEE Trans. CAD Integr. Circuit. Syst. , 7 , 1197 - 1208
-
38)
- National Institute of Standards and Technology: Advanced encryption standard (AES), supersedes FIPS PUB 197–2001, November 2001.
-
39)
- D.D. Hwang , P. Schaumont , K. Tiri , I. Verbauwhede . Securing embedded systems. IEEE Secur. Priv. , 2 , 40 - 49
-
40)
- Samuelsson, T., Akerholm, M., Nygren, P., Stärner, J., Lindh, L.: `A comparison of multiprocessor real-time operating systems implemented in hardware and software', Int. Workshop on Advanced Real-Time Operating System Services (ARTOSS), 2003.
-
41)
- ‘Chip multi processor watch’, http://view.eecs.berkeley.edu/wiki/Chip_Multi_Processor_Watch, accessed 2007.
-
42)
- ‘The PEAS team ASIP meister’. http://www.asip-solutions.com/english/, accessed 2002.
-
43)
- Ambrose, J.A., Ragel, R.G., Parameswaran, S.: `A smart random code injection to mask power analysis based side channel attacks', Proc. Fifth Int. Conf. on Hardware/software codesign and system synthesis, CODES+ISSS'07, 2007, p. 51–56.
-
44)
- S. Danil , M. Julian , B. Alexander , Y. Alex . Design and analysis of dual-rail circuits for security applications. IEEE Trans. Comput. , 4 , 449 - 460
-
45)
- D. Hwang , K. Tiri , A. Hodjat , B.-C. Lai , S. Yang , P. Schaumont , I. Verbauwhede . Aes-based security coprocessor IC in 0.18 um CMOS with resistance to differential power analysis side-channel attacks. IEEE J. Solid-State Circuits , 4 , 781 - 792
-
46)
- Muresan, R., Gebotys, C.H.: `Current flattening in software and hardware for security applications', CODES+ISSS, 2004, p. 218–223.
-
47)
- S.B. Ors , F. Gurkaynak , E. Oswald , B. Preneel . Power-analysis attack on an asic aes implementation. ITCC
-
48)
- ‘Technology@Intel Magazine’, http://www.intel.com/technology/magazine/computing/Coreprogramming-0606.htm, accessed 2007.
-
49)
- Nikitovic, M., Brorsson, M.: `An adaptive chip-multiprocessor architecture for future mobile terminals', Proc. 2002 Int. Conf. on Compilers, Architecture, and Synthesis for Embedded Systems, CASES'02, 2002, p. 43–49.
-
50)
- G.B. Ratanpal , R.D. Williams , T.N. Blalock . An on-chip signal suppression countermeasure to power analysis attacks. IEEE Trans. Depend. Secure Comput. , 3 , 179 - 189
-
51)
- Guilley, S., Sauvage, L., Danger, J.-L., Graba, T., Mathieu, Y.: `Evaluation of power-constant dual-rail logic as a protection of cryptographic applications in FPGAs', SSIRI'08, 2008, p. 16–23.
-
1)