Konrad J. Kulikowski

Robust protection against fault-injection attacks on smart cards implementing the advanced encryption standard

We present a method of protecting a hardware implementation of the advanced encryption standard (AES) against a side-channel attack known as differential fault analysis attack. The method uses systematic nonlinear (cubic) robust error detecting codes. Error-detecting capabilities of these codes depend not just on error patterns (as in the case of linear codes) but also on data at the output of the device which is protected by the code and this data is unknown to the attacker since it depends on the secret key. In addition to this, the proposed nonlinear (n,k)-codes reduce the fraction of undetectable errors from 2/sup -r/ to 2/sup -2r/ as compared to the corresponding (n,k) linear code (where n - k = r and k >= r). We also present results on a FPGA implementation of the proposed protection scheme for AES as well as simulation results on efficiency of the robust codes.

DIFFERENTIAL FAULT ANALYSIS ATTACK RESISTANT ARCHITECTURES FOR THE ADVANCED ENCRYPTION STANDARD

We present two architectures for protecting a hardware implementation of AES against side-channel attacks known as Differential Fault Analysis attacks. The first architecture, which is efficient for faults of higher multiplicity, partitions the design into linear (XOR gates only) and nonlinear blocks and uses different protection schemes for these blocks. We protect the linear blocks with linear codes and the nonlinear with a complimentary nonlinear operation resulting in robust protection. The second architecture uses systematic nonlinear (cubic) robust error detecting codes and provides for high fault detection for faults of low and high multiplicities but has higher hardware overhead.

Power attacks on secure hardware based on early propagation of data

The early propagation effect found in many logic gates is a potential source of data-dependent power consumption. We show that the effect and the corresponding power dependency can be targeted for successful power analysis attacks in cryptographic hardware. Many of the current balanced gate designs did not directly consider the effect and are vulnerable to power analysis attacks

Delay insensitive encoding and power analysis: a balancing act [cryptographic hardware protection]

Unprotected cryptographic hardware is vulnerable to a side-channel attack known as differential power analysis (DPA). This attack exploits data-dependent power consumption of a computation to determine the secret key. Dual-rail asynchronous circuits have been regarded as a potential countermeasure to this attack. In this paper, we evaluate the security of asynchronous dual-rail circuits against DPA. Our results show that, unless special precautions are taken, asynchronous circuits are not inherently more DPA resistant than their synchronous dual-rail counterparts. We show that the use of null-spaced or return-to-zero (RTZ) protocols, used to provide delay-insensitive encoding for asynchronous circuits, can make a DPA attack easier. We present an overview of balancing dynamic implementations of dual-rail fine-grained asynchronous gates that offer a solution for the DPA weakness. We demonstrate the use of asynchronous balanced cells that use RTZ which are not only secure against DPA but also deliver high performance with low design effort through automated pipelining.

Comparative Analysis of Robust Fault Attack Resistant Architectures for Public and Private Cryptosystems

The adaptive and active nature of fault based side-channel attacks along with the large arsenal of fault injection methods complicates the design of effective countermeasures. To overcome the unpredictability of fault attackers protection methods based on robust codes were proposed which can provide uniform error detection against all errors eliminating possible weaknesses in the protection. In this paper we evaluate and compare the error detection properties and hardware overheads of architectures based on robust, partially robust, and minimum distance robust codes for both public and private key cryptosystems.

Design of Memories with Concurrent Error Detection and Correction by Nonlinear SEC-DED Codes

In this paper we propose memory protection architectures based on nonlinear single-error-correcting, double-error-detecting (SEC-DED) codes. Linear SEC-DED codes widely used for design of reliable memories cannot detect and can miscorrect lots of errors with large Hamming weights. This may be a serious disadvantage for many modern technologies when error distributions are hard to estimate and multi-bit errors are highly probable. The proposed protection architectures have fewer undetectable errors and fewer errors that are miscorrected by all codewords than architectures based on linear codes with the same dimension at the cost of a small increase in the latency penalty, the area overhead and the power consumption. The nonlinear SEC-DED codes are generalized from the existing perfect nonlinear codes (Vasil’ev codes, Probl Kibern 8:375–378, 1962; Phelps codes, SIAM J Algebr Discrete Methods 4:398–403, 1983; and the codes based on one switching constructions, Etzion and Vardy, IEEE Trans Inf Theory 40:754–763, 1994). We present the error correcting algorithms, investigate and compare the error detection and correction capabilities of the proposed nonlinear SEC-DED codes to linear extended Hamming codes and show that replacing linear extended Hamming codes by the proposed nonlinear SEC-DED codes results in a drastic improvement in the reliability of the memory systems in the case of repeating errors or high multi-bit error rate. The proposed approach can be applied to RAM, ROM, FLASH and disk memories.

Robust codes and robust, fault-tolerant architectures of the Advanced Encryption Standard

Hardware implementations of cryptographic algorithms are vulnerable to fault analysis attacks. Methods based on traditional fault-tolerant architectures are not suited for protection against these attacks. To detect these attacks we propose an architecture based on robust nonlinear systematic error-detecting codes. These nonlinear codes are capable of providing uniform error detecting coverage independently of the error distributions. They make no assumptions about what faults or errors will be injected by an attacker. Architectures based on these robust constructions have fewer undetectable errors than linear codes with the same n,k. We present the general properties and construction methods of these codes as well as their application for the protection of a cryptographic devices implementing the Advanced Encryption Standard.

DPA on faulty cryptographic hardware and countermeasures

Balanced gates are an effective countermeasure against power analysis attacks only if they can be guaranteed to maintain their power balance. Traditional testing and reliability methods are used primarily only to ensure the correctness of the logical functionality and not the balance of a circuit. Due to the hardware redundancy in balanced gate designs, there are many faults which can imbalance a balanced gate without causing logical errors. As a result, traditional testing and reliability methods and architectures are unable to test and verify if a gate is completely defect and fault-free and hence balanced. Our simulations show that a few faulty balanced gates can make a circuit as vulnerable to power analysis attacks as a completely imbalanced implementation. This vulnerability opens the possibility of new methods of attacks based on a combination of fault and power attacks. A solution to the vulnerability based on a built-in differential self-balance comparator is presented.

Automated design of cryptographic devices resistant to multiple side-channel attacks

Balanced dynamic dual-rail gates and asynchronous circuits have been shown, if implemented correctly, to have natural and efficient resistance to side-channel attacks. Despite their benefits for security applications they have not been adapted to current mainstream designs due to the lack of electronic design automation support and their non-standard or proprietary design methodologies. We present a novel asynchronous fine-grain pipeline synthesis methodology that addresses these limitations. It allows synthesis of asynchronous quasi delay insensitive circuits from standard high-level hardware description language (HDL) specifications. We briefly present a proof of concept differential dynamic power balanced micropipeline library cells that are approximately 6 times more balanced than the best (differential dynamic) cells designed using previous balancing methods. An implementation of the Advanced Encryption Standard based on these balanced cells and synthesized using our tool flow shows a 6.6 times throughput improvement over the synchronous automatically pipelined implementation using the same TSMC 0.18μm technology synthesized from the same HDL specification.

Asynchronous balanced gates tolerant to interconnect variability

Existing methods for gate level power attack countermeasures depend on exact capacitance matching of the dual-rail data outputs of each gate. Process variability and a lack of design tools make this requirement very difficult to satisfy in practice. We present a novel asynchronous dual-rail gate design which is power balanced, does not require capacitance matching of the data outputs, and is tolerant to process variability on the routed interconnect between gates.