Baris Ege

Dietary Recommendations for Lightweight Block Ciphers: Power, Energy and Area Analysis of Recently Developed Architectures

In this paper we perform a comprehensive area, power, and energy analysis of some of the most recently-developed lightweight block ciphers and we compare them to the standard AES algorithm. We do this for several different architectures of the considered block ciphers. Our evaluation method consists of estimating the pre-layout power consumption and the derived energy using Cadence Encounter RTL Compiler and ModelSIM simulations. We show that the area is not always correlated to the power and energy consumption, which is of importance for mobile battery-fed devices. As a result, this paper can be used to make a choice of architecture when the algorithm has already been fixed; or it can help deciding which algorithm to choose based on energy and key/block length requirements.

Confused by Confusion: Systematic Evaluation of DPA Resistance of Various S-boxes

When studying the DPA resistance of S-boxes, the research community is divided in their opinions on what properties should be considered. So far, there exist only a few properties that aim at expressing the resilience of S-boxes to side-channel attacks. Recently, the confusioncoefficient property was defined with the intention to characterize the resistance of an S-box. However, there exist no experimental results or methods for creating S-boxes with a “good” confusion coefficient property. In this paper, we employ a novel heuristic technique to generate S-boxes with “better” values of the confusion coefficient in terms of improving their side-channel resistance. We conduct extensive side-channel analysis and detect S-boxes that exhibit previously unseen behavior. For the \(4\times 4\) size we find S-boxes that belong to optimal classes, but they exhibit linear behavior when running a CPA attack, therefore preventing an attacker from achieving 100% success rate on recovering the key.

Security Analysis of Industrial Test Compression Schemes

Test compression is widely used for reducing test time and cost of a very large scale integration circuit. It is also claimed to provide security against scan-based side-channel attacks. This paper pursues the legitimacy of this claim and presents scan attack vulnerabilities of test compression schemes used in commercial electronic design automation tools. A publicly available advanced encryption standard design is used and test compression structures provided by Synopsys, Cadence, and Mentor Graphics design for testability tools are inserted into the design. Experimental results of the differential scan attacks employed in this paper suggest that tools using X-masking and X-tolerance are vulnerable and leak information about the secret key. Differential scan attacks on these schemes have been demonstrated to have a best case success rate of 94.22% and 74.94%, respectively, for a random scan design. On the other hand, time compaction seems to be the strongest choice with the best case success rate of 3.55%. In addition, similar attacks are also performed on existing scan attack countermeasures proposed in the literature, thus experimentally evaluating their practical security. Finally, a suitable countermeasure is proposed and compared to the previously proposed countermeasures.

Differential Scan Attack on AES with X-tolerant and X-masked Test Response Compactor

Scan-chains are test infrastructures included in a circuit for providing high fault coverage. However, they can be exploited by an attacker as a side-channel in the case of a cryptographic application like AES. Test Compression and thereafter X-tolerance and X-masking over it, which reduce test effort without compromising on testability, can help in counteracting scan-based attacks. This work focuses on the security issues of an AES-circuit containing test compression with X-masking and X-tolerance logic. With experimental results, we show the weakness of such an AES circuit against our modified differential scan-attack. Finally, the paper outlines two suitable countermeasures to prevent such attacks.

Optimality and beyond: The case of 4×4 S-boxes

S-boxes with better transparency order are expected to have higher side-channel resistance. For 8×8 S-boxes this is not practical, considering the costs of lookup-table implementations and deterioration of many properties like nonlinearity or delta uniformity. However, if we concentrate on the 4×4 S-box size we can observe that it is possible to obtain S-boxes with better transparency order while maintaining proper “classical” properties. To prove this, we experiment with PRINCE and PRESENT S-boxes. We use various methods and show that evolutionary algorithms are also viable in obtaining the lowest known transparency order value for the nonlinearity value of 4. Next, we show that affine transformation changes the transparency order while keeping “classical” properties intact. By using this technique, it is possible to generate optimal S-boxes with improved DPA-related properties.

Clock Glitch Attacks in the Presence of Heating

Fault attacks have been widely studied in the past but most of the literature describes only individual fault-injection techniques such as power/clock glitches, EM pulses, optical inductions, or heating/cooling. In this work, we investigate combined fault attacks by performing clock-glitch attacks under the impact of heating. We performed practical experiments on an 8-bit AVR microcontroller which resulted in the following findings. First, we identified that the success rate of glitch attacks performed at an ambient temperature of 100°C is higher than under room temperature. We were able to induce more faults and significantly increase the time frame when the device is susceptible to glitches which makes fault attacks easier to perform in practice. Second, and independently of the ambient temperature, we demonstrate that glitches cause individual instructions to repeat, we are able to add new random instructions, and we identified that opcode gets modified such that address registers of individual instructions get changed. Beside these new results, this is the first work that reports results of combined glitch and thermo attacks.

Memory encryption for smart cards

With the latest advances in attack methods, it has become increasingly more difficult to secure data stored on smart cards, especially on non-volatile memories (NVMs), which may store sensitive information such as cryptographic keys or program code. Lightweight and low-latency cryptographic modules are a promising solution to this problem. In this study, memory encryption schemes using counter (CTR) and XOR-Encrypt-XOR (XEX) modes of operation are adapted for the target application, and utilized using various implementations of the block ciphers AES and PRESENT. Both schemes are implemented with a block cipher-based address scrambling scheme, as well as a special write counter scheme in order to extend the lifetime of the encryption key in CTR-mode. Using the lightweight cipher PRESENT, it is possible to implement a smart card NVM encryption scheme with less than 6K gate equivalents and zero additional latency.

S-box, SET, Match: A Toolbox for S-box Analysis

Boolean functions and substitution boxes (S-boxes) represent the only nonlinear part in many algorithms and therefore play the crucial role in their security. Despite the fact that some algorithms today reuse theoretically secure and carefully constructed S-boxes, there is a clear need for a tool that can analyze security properties of S-boxes and hence the corresponding primitives. This need is especially evident in the scenarios where the goal is to create new S-boxes. Even in the cases when some common properties of S-boxes are known, we believe it is prudent to exhaustively investigate all possible sets of cryptographic properties. In this paper we present a tool for the evaluation of Boolean functions and S-boxes suitable for cryptography.

Improving DPA resistance of S-boxes: How far can we go?

Side-channel analysis (SCA) is an important issue for numerous embedded cryptographic devices that carry out secure transactions on a daily basis. Consequently, it is of utmost importance to deploy efficient countermeasures. In this context, we investigate the intrinsic side-channel resistance of lightweight cryptographic S-boxes. We propose improved versions of S-boxes that offer increased power analysis resistance, whilst remaining secure against linear and differential cryptanalyses. To evaluate the side-channel resistance, we work under the Confusion Coefficient model [1] and employ heuristic techniques to produce those improved S-boxes. We evaluate the proposed components in software (AVR microprocessors) and hardware (SASEBO FPGA). Our conclusions show that the model and our approach are heavily platform-dependent and that different principles hold for software and hardware implementations.

Near Collision Side Channel Attacks

Side channel collision attacks are a powerful method to exploit side channel leakage. Otherwise than a few exceptions, collision attacks usually combine leakage from distinct points in time, making them inherently bivariate. This work introduces the notion of near collisions to exploit the fact that values depending on the same sub-key can have similar while not identical leakage. We show how such knowledge can be exploited to mount a key recovery attack. The presented approach has several desirable features when compared to other state-of-the-art collision attacks: Near collision attacks are truly univariate. They have low requirements on the leakage functions, since they work well for leakages that are linear in the bits of the targeted intermediate state. They are applicable in the presence of masking countermeasures if there exist distinguishable leakages, as in the case of leakage squeezing. Results are backed up by a broad range of simulations for unprotected and masked implementations, as well as an analysis of the measurement set provided by DPA Contest v4.