Towards efficient and automated side-channel evaluations at design time

Abstract

Models and tools developed by the semiconductor community have matured over decades of use. As a result, hardware simulations can yield highly accurate and easily automated pre-silicon estimates for, e.g., timing and area figures. In this work, we design, implement, and evaluate CASCADE, a framework that combines a largely automated full-stack standard cell design flow with the state-of-the-art techniques for side-channel analysis. We show how it can be used to efficiently evaluate side-channel leakage prior to chip manufacturing. Moreover, it is independent of the underlying countermeasure and it can be applied starting from the earliest stages of the design flow. Additionally, we provide experimental validation through assessment of the side-channel security of representative cryptographic circuits. We discuss aspects related to the performance, scalability, and utility to the designers. In particular, we show that CASCADE can evaluate information leakage with 1 million simulated traces in less than 4 h using a single desktop workstation, for a design larger than 100 kGE.

This is a preview of subscription content, log in to check access.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13

Notes

  1. 1.

    A snapshot of CASCADE is available at:

    https://github.com/dsijacic/CASCADE.

References

  1. 1.

    Aigner, M., Mangard, S., Menichelli, F., Menicocci, R., Olivieri, M., Popp, T., Scotti, G., Trifiletti, A.: Side channel analysis resistant design flow. In: 2006 IEEE International Symposium on Circuits and Systems, pp. 4 pp. 2912 (2006)

  2. 2.

    Balasch, J., Gierlichs, B., Verdult, R., Batina, L., Verbauwhede, I.: Power analysis of atmel cryptomemory - recovering keys from secure eeproms. In: O. Dunkelman (ed.) Topics in Cryptology-CT-RSA 2012—The Cryptographers’ Track at the RSA Conference 2012, San Francisco, CA, USA, February 27 - March 2, 2012. Proceedings, LNCS, vol. 7178, pp. 19–34. Springer, Berlin (2012)

  3. 3.

    Bertoni, G., Martinoli, M.: A methodology for the characterisation of leakages in combinatorial logic. In: Carlet, C., Hasan, M.A., Saraswat, V. (eds.) Security, Privacy, and Applied Cryptography Engineering-SPACE 2016, pp. 363–382. Springer, Berlin (2016)

    Google Scholar 

  4. 4.

    Bhasin, S., Danger, J., Graba, T., Mathieu, Y., Fujimoto, D., Nagata, M.: Physical security evaluation at an early design-phase: A side-channel aware simulation methodology. In: C. Berger, I. Schaefer (eds.) Engineering Simulations for Cyber-Physical Systems-ES4CPS 2014, p. 13. ACM (2014)

  5. 5.

    Bloem, R., Gross, H., Iusupov, R., Könighofer, B., Mangard, S., Winter, J.: Formal verification of masked hardware implementations in the presence of glitches. In: Nielsen, J.B., Rijmen, V. (eds.) Advances in Cryptology-EUROCRYPT 2018, pp. 321–353. Springer International Publishing, Cham (2018)

    Google Scholar 

  6. 6.

    Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J. (eds.) Cryptographic Hardware and Embedded Systems-CHES 2004, LNCS, vol. 3156, pp. 16–29. Springer, Berlin (2004)

    Google Scholar 

  7. 7.

    Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M.J. (ed.) Advances in Cryptology-CRYPTO ’99, LNCS, vol. 1666, pp. 398–412. Springer, Berlin (1999)

    Google Scholar 

  8. 8.

    Cnudde, T.D., Bilgin, B., Gierlichs, B., Nikov, V., Nikova, S., Rijmen, V.: Does coupling affect the security of masked implementations? In: Guilley, S. (ed.) Constructive Side-Channel Analysis and Secure Design -COSADE 2017, LNCS, vol. 10348, pp. 1–18. Springer, Berlin (2017)

    Google Scholar 

  9. 9.

    Cooper, J., DeMulder, E., Goodwill, G., Jaffe, J., Kenworthy, G., Rohatgi, P.: Test Vector Leakage Assessment (TVLA) methodology in practice. International Cryptographic Module Conference (2013)

  10. 10.

    Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., Shalmani, M.T.M.: On the power of power analysis in the real world: A complete break of the keeloqcode hopping scheme. In: Wagner, D. (ed.) Advances in Cryptology-CRYPTO 2008, LNCS, vol. 5157, pp. 203–220. Springer, Berlin (2008)

    Google Scholar 

  11. 11.

    Fujimoto, D., Nagata, M., Katashita, T., Sasaki, A.T., Hori, Y., Satoh, A.: A fast power current analysis methodology using capacitor charging model for side channel attack evaluation. In: Hardware-Oriented Security and Trust-HOST 2011, pp. 87–92. IEEE (2011)

  12. 12.

    Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: Concrete results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2001, LNCS, vol. 2162, pp. 251–261. Springer, Berlin (2001)

    Google Scholar 

  13. 13.

    Ghoshal, A., Cnudde, T.D.: Several masked implementations of the boyar-peralta AES s-box. In: Progress in Cryptology-INDOCRYPT 2017 Chennai, India, December 10–13, 2017, Proceedings, pp. 384–402 (2017)

  14. 14.

    Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual information analysis. In: Oswald, E., Rohatgi, P. (eds.) Cryptographic Hardware and Embedded Systems-CHES 2008, LNCS, vol. 5154, pp. 426–442. Springer, Berlin (2008)

    Google Scholar 

  15. 15.

    Goubin, L., Patarin, J.: DES and differential power analysis (the "duplication" method). In: Koç, Ç.K., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems-CHES’99, LNCS, vol. 1717, pp. 158–172. Springer, Berlin (1999)

    Google Scholar 

  16. 16.

    Gross, H., Mangard, S., Korak, T.: Domain-Oriented Masking: Compact Masked Hardware Implementations with Arbitrary Protection Order. Cryptology ePrint Archive, Report 2016/486 (2016). http://eprint.iacr.org/2016/486

  17. 17.

    Kamel, D., Renauld, M., Flandre, D., Standaert, F.: Understanding the limitations and improving the relevance of SPICE simulations in side-channel security evaluations. J. Cryptogr. Eng. 4(3), 187–195 (2014)

    Article  Google Scholar 

  18. 18.

    Kirschbaum, M., Popp, T.: Evaluation of power estimation methods based on logic simulations. In: Posch, K.C., Wolkerstorfer, J. (eds.) Austrochip 2007, pp. 45–51. Verlag der Technischen Universität, Graz (2007)

    Google Scholar 

  19. 19.

    Kocher, P.C.: Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems. In: Koblitz, N. (ed.) Advances in Cryptology-CRYPTO ’96, LNCS, vol. 1109, pp. 104–113. Springer, Berlin (1996)

    Google Scholar 

  20. 20.

    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M.J. (ed.) Advances in Cryptology-CRYPTO ’99, LNCS, vol. 1666, pp. 388–397. Springer, Berlin (1999)

    Google Scholar 

  21. 21.

    Macé, F., Standaert, F., Quisquater, J.: Information theoretic evaluation of side-channel resistant logic styles. In: Paillier, P., Verbauwhede, I. (eds.) Cryptographic Hardware and Embedded Systems-CHES 2007, LNCS, vol. 4727, pp. 427–442. Springer, Berlin (2007)

    Google Scholar 

  22. 22.

    Mangard, S., Schramm, K.: Pinpointing the Side-Channel Leakage of Masked AES Hardware Implementations. In: Goubin, L., Matsui, M. (eds.) Cryptographic Hardware and Embedded Systems-CHES 2006, LNCS, vol. 4249, pp. 76–90. Springer, Berlin (2006)

    Google Scholar 

  23. 23.

    Moradi, A., Salmasizadeh, M., Shalmani, M.T.M., Eisenbarth, T.: Vulnerability modeling of cryptographic hardware to power analysis attacks. Integr. VLSI J. 42(4), 468–478 (2009). https://doi.org/10.1016/j.vlsi.2009.01.001

    Article  Google Scholar 

  24. 24.

    Motassadeq, T.E.: Ccs vs nldm comparison based on a complete automated correlation flow between primetime and hspice. In: 2011 Saudi International Electronics, Communications and Photonics Conference (SIECPC), pp. 1–5 (2011)

  25. 25.

    Nikova, S., Rijmen, V., Schläffer, M.: Secure hardware implementation of non-linear functions in the presence of glitches. In: Lee, P.J., Cheon, J.H. (eds.) Information Security and Cryptology-ICISC 2008, LNCS, vol. 5461, pp. 218–234. Springer, Berlin (2008)

    Google Scholar 

  26. 26.

    Oswald, D., Paar, C.: Breaking mifare desfire MF3ICD40: power analysis and templates in the real world. In: Preneel, B., Takagi, T. (eds.) Cryptographic Hardware and Embedded Systems-CHES 2011, LNCS, vol. 6917, pp. 207–222. Springer, Berlin (2011)

    Google Scholar 

  27. 27.

    Popp, T., Kirschbaum, M., Zefferer, T., Mangard, S.: Evaluation of the masked logic style mdpl on a prototype chip. In: Paillier, P., Verbauwhede, I. (eds.) Cryptographic Hardware and Embedded Systems-CHES 2007, pp. 81–94. Springer, Berlin (2007)

    Google Scholar 

  28. 28.

    Poschmann, A., Moradi, A., Khoo, K., Lim, C., Wang, H., Ling, S.: Side-channel resistant crypto for less than 2, 300 GE. J. Cryptol. 24(2), 322–345 (2011)

    MathSciNet  Article  Google Scholar 

  29. 29.

    Regazzoni, F., Cevrero, A., Standaert, F., Badel, S., Kluter, T., Brisk, P., Leblebici, Y., Ienne, P.: A design flow and evaluation framework for dpa-resistant instruction set extensions. In: Clavier, C., Gaj, K. (eds.) Cryptographic Hardware and Embedded Systems-CHES 2009, LNCS, vol. 5747, pp. 205–219. Springer, Berlin (2009)

    Google Scholar 

  30. 30.

    Regazzoni, F., Eisenbarth, T., Poschmann, A., Großschädl, J., Gürkaynak, F.K., Macchetti, M., Deniz, Z.T., Pozzi, L., Paar, C., Leblebici, Y., Ienne, P.: Evaluating resistance of MCML technology to power analysis attacks using a simulation-based methodology. Trans. Comput. Sci. IV Spec. Issue Secur. Comput. 4, 230–243 (2009)

    Google Scholar 

  31. 31.

    Reparaz, O., Gierlichs, B., Verbauwhede, I.: Fast leakage assessment. In: Fischer, W., Homma, N. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2017, LNCS, vol. 10529, pp. 387–399. Springer, Berlin (2017)

    Google Scholar 

  32. 32.

    Schneider, T., Moradi, A.: Leakage assessment methodology - A clear roadmap for side-channel evaluations. In: Güneysu, T., Handschuh, H. (eds.) Cryptographic Hardware and Embedded Systems-CHES 2015, LNCS, vol. 9293, pp. 495–513. Springer, Berlin (2015)

    Google Scholar 

  33. 33.

    Standaert, F., Malkin, T., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) Advances in Cryptology-EUROCRYPT 2009, LNCS, vol. 5479, pp. 443–461. Springer, Berlin (2009)

    Google Scholar 

  34. 34.

    Tiri, K., Verbauwhede, I.: A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation. In: Design, Automation and Test in Europe - DATE 2004, pp. 246–251. IEEE Computer Society (2004)

  35. 35.

    Tiri, K., Verbauwhede, I.: Simulation models for side-channel information leaks. In: W.H.J. Jr., G. Martin, A.B. Kahng (eds.) Design Automation Conference-DAC 2005, pp. 228–233. ACM (2005)

  36. 36.

    Tiri, K., Verbauwhede, I.: A vlsi design flow for secure side-channel attack resistant ICs. Design, Autom. Test Eur. 3, 58–63 (2005). https://doi.org/10.1109/DATE.2005.44

    Article  Google Scholar 

  37. 37.

    Tiri, K., Verbauwhede, I.: A digital design flow for secure integrated circuits. IEEE Trans. CAD Integr. Circuits Syst. 25(7), 1197–1208 (2006)

    Article  Google Scholar 

  38. 38.

    Trichina, E.: Combinational Logic Design for AES SubByte Transformation on Masked Data. Cryptology ePrint Archive, Report 2003/236 (2003)

  39. 39.

    Wegener, F., Moradi, A.: A first-order sca resistant aes without fresh randomness. Cryptology ePrint Archive, Report 2018/172 (2018)

Download references

Author information

Affiliations

Authors

Corresponding author

Correspondence to Danilo Šijačić.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This work was supported in part by the European Commission through Horizon 2020 research and innovation programmes under the Marie Skłodowska-Curie Grant 643161 and Cathedral ERC Advanced Grant 695305; by the Research Council KU Leuven C1 on Security and Privacy for Cyber-Physical Systems and the Internet of Things with contract number C16/15/058; and by Intel Corporation.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Šijačić, D., Balasch, J., Yang, B. et al. Towards efficient and automated side-channel evaluations at design time. J Cryptogr Eng (2020). https://doi.org/10.1007/s13389-020-00233-8

Download citation

Keywords

  • Side-channel analysis
  • ASIC
  • Hardware simulation
  • Design time methodology