Abstract
Models and tools developed by the semiconductor community have matured over decades of use. As a result, hardware simulations can yield highly accurate and easily automated pre-silicon estimates for, e.g., timing and area figures. In this work, we design, implement, and evaluate CASCADE, a framework that combines a largely automated full-stack standard cell design flow with the state-of-the-art techniques for side-channel analysis. We show how it can be used to efficiently evaluate side-channel leakage prior to chip manufacturing. Moreover, it is independent of the underlying countermeasure and it can be applied starting from the earliest stages of the design flow. Additionally, we provide experimental validation through assessment of the side-channel security of representative cryptographic circuits. We discuss aspects related to the performance, scalability, and utility to the designers. In particular, we show that CASCADE can evaluate information leakage with 1 million simulated traces in less than 4 h using a single desktop workstation, for a design larger than 100 kGE.
Similar content being viewed by others
Notes
A snapshot of CASCADE is available at:
References
Aigner, M., Mangard, S., Menichelli, F., Menicocci, R., Olivieri, M., Popp, T., Scotti, G., Trifiletti, A.: Side channel analysis resistant design flow. In: 2006 IEEE International Symposium on Circuits and Systems, pp. 4 pp. 2912 (2006)
Balasch, J., Gierlichs, B., Verdult, R., Batina, L., Verbauwhede, I.: Power analysis of atmel cryptomemory - recovering keys from secure eeproms. In: O. Dunkelman (ed.) Topics in Cryptology-CT-RSA 2012—The Cryptographers’ Track at the RSA Conference 2012, San Francisco, CA, USA, February 27 - March 2, 2012. Proceedings, LNCS, vol. 7178, pp. 19–34. Springer, Berlin (2012)
Bertoni, G., Martinoli, M.: A methodology for the characterisation of leakages in combinatorial logic. In: Carlet, C., Hasan, M.A., Saraswat, V. (eds.) Security, Privacy, and Applied Cryptography Engineering-SPACE 2016, pp. 363–382. Springer, Berlin (2016)
Bhasin, S., Danger, J., Graba, T., Mathieu, Y., Fujimoto, D., Nagata, M.: Physical security evaluation at an early design-phase: A side-channel aware simulation methodology. In: C. Berger, I. Schaefer (eds.) Engineering Simulations for Cyber-Physical Systems-ES4CPS 2014, p. 13. ACM (2014)
Bloem, R., Gross, H., Iusupov, R., Könighofer, B., Mangard, S., Winter, J.: Formal verification of masked hardware implementations in the presence of glitches. In: Nielsen, J.B., Rijmen, V. (eds.) Advances in Cryptology-EUROCRYPT 2018, pp. 321–353. Springer International Publishing, Cham (2018)
Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J. (eds.) Cryptographic Hardware and Embedded Systems-CHES 2004, LNCS, vol. 3156, pp. 16–29. Springer, Berlin (2004)
Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M.J. (ed.) Advances in Cryptology-CRYPTO ’99, LNCS, vol. 1666, pp. 398–412. Springer, Berlin (1999)
Cnudde, T.D., Bilgin, B., Gierlichs, B., Nikov, V., Nikova, S., Rijmen, V.: Does coupling affect the security of masked implementations? In: Guilley, S. (ed.) Constructive Side-Channel Analysis and Secure Design -COSADE 2017, LNCS, vol. 10348, pp. 1–18. Springer, Berlin (2017)
Cooper, J., DeMulder, E., Goodwill, G., Jaffe, J., Kenworthy, G., Rohatgi, P.: Test Vector Leakage Assessment (TVLA) methodology in practice. International Cryptographic Module Conference (2013)
Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., Shalmani, M.T.M.: On the power of power analysis in the real world: A complete break of the keeloqcode hopping scheme. In: Wagner, D. (ed.) Advances in Cryptology-CRYPTO 2008, LNCS, vol. 5157, pp. 203–220. Springer, Berlin (2008)
Fujimoto, D., Nagata, M., Katashita, T., Sasaki, A.T., Hori, Y., Satoh, A.: A fast power current analysis methodology using capacitor charging model for side channel attack evaluation. In: Hardware-Oriented Security and Trust-HOST 2011, pp. 87–92. IEEE (2011)
Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: Concrete results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2001, LNCS, vol. 2162, pp. 251–261. Springer, Berlin (2001)
Ghoshal, A., Cnudde, T.D.: Several masked implementations of the boyar-peralta AES s-box. In: Progress in Cryptology-INDOCRYPT 2017 Chennai, India, December 10–13, 2017, Proceedings, pp. 384–402 (2017)
Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual information analysis. In: Oswald, E., Rohatgi, P. (eds.) Cryptographic Hardware and Embedded Systems-CHES 2008, LNCS, vol. 5154, pp. 426–442. Springer, Berlin (2008)
Goubin, L., Patarin, J.: DES and differential power analysis (the "duplication" method). In: Koç, Ç.K., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems-CHES’99, LNCS, vol. 1717, pp. 158–172. Springer, Berlin (1999)
Gross, H., Mangard, S., Korak, T.: Domain-Oriented Masking: Compact Masked Hardware Implementations with Arbitrary Protection Order. Cryptology ePrint Archive, Report 2016/486 (2016). http://eprint.iacr.org/2016/486
Kamel, D., Renauld, M., Flandre, D., Standaert, F.: Understanding the limitations and improving the relevance of SPICE simulations in side-channel security evaluations. J. Cryptogr. Eng. 4(3), 187–195 (2014)
Kirschbaum, M., Popp, T.: Evaluation of power estimation methods based on logic simulations. In: Posch, K.C., Wolkerstorfer, J. (eds.) Austrochip 2007, pp. 45–51. Verlag der Technischen Universität, Graz (2007)
Kocher, P.C.: Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems. In: Koblitz, N. (ed.) Advances in Cryptology-CRYPTO ’96, LNCS, vol. 1109, pp. 104–113. Springer, Berlin (1996)
Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M.J. (ed.) Advances in Cryptology-CRYPTO ’99, LNCS, vol. 1666, pp. 388–397. Springer, Berlin (1999)
Macé, F., Standaert, F., Quisquater, J.: Information theoretic evaluation of side-channel resistant logic styles. In: Paillier, P., Verbauwhede, I. (eds.) Cryptographic Hardware and Embedded Systems-CHES 2007, LNCS, vol. 4727, pp. 427–442. Springer, Berlin (2007)
Mangard, S., Schramm, K.: Pinpointing the Side-Channel Leakage of Masked AES Hardware Implementations. In: Goubin, L., Matsui, M. (eds.) Cryptographic Hardware and Embedded Systems-CHES 2006, LNCS, vol. 4249, pp. 76–90. Springer, Berlin (2006)
Moradi, A., Salmasizadeh, M., Shalmani, M.T.M., Eisenbarth, T.: Vulnerability modeling of cryptographic hardware to power analysis attacks. Integr. VLSI J. 42(4), 468–478 (2009). https://doi.org/10.1016/j.vlsi.2009.01.001
Motassadeq, T.E.: Ccs vs nldm comparison based on a complete automated correlation flow between primetime and hspice. In: 2011 Saudi International Electronics, Communications and Photonics Conference (SIECPC), pp. 1–5 (2011)
Nikova, S., Rijmen, V., Schläffer, M.: Secure hardware implementation of non-linear functions in the presence of glitches. In: Lee, P.J., Cheon, J.H. (eds.) Information Security and Cryptology-ICISC 2008, LNCS, vol. 5461, pp. 218–234. Springer, Berlin (2008)
Oswald, D., Paar, C.: Breaking mifare desfire MF3ICD40: power analysis and templates in the real world. In: Preneel, B., Takagi, T. (eds.) Cryptographic Hardware and Embedded Systems-CHES 2011, LNCS, vol. 6917, pp. 207–222. Springer, Berlin (2011)
Popp, T., Kirschbaum, M., Zefferer, T., Mangard, S.: Evaluation of the masked logic style mdpl on a prototype chip. In: Paillier, P., Verbauwhede, I. (eds.) Cryptographic Hardware and Embedded Systems-CHES 2007, pp. 81–94. Springer, Berlin (2007)
Poschmann, A., Moradi, A., Khoo, K., Lim, C., Wang, H., Ling, S.: Side-channel resistant crypto for less than 2, 300 GE. J. Cryptol. 24(2), 322–345 (2011)
Regazzoni, F., Cevrero, A., Standaert, F., Badel, S., Kluter, T., Brisk, P., Leblebici, Y., Ienne, P.: A design flow and evaluation framework for dpa-resistant instruction set extensions. In: Clavier, C., Gaj, K. (eds.) Cryptographic Hardware and Embedded Systems-CHES 2009, LNCS, vol. 5747, pp. 205–219. Springer, Berlin (2009)
Regazzoni, F., Eisenbarth, T., Poschmann, A., Großschädl, J., Gürkaynak, F.K., Macchetti, M., Deniz, Z.T., Pozzi, L., Paar, C., Leblebici, Y., Ienne, P.: Evaluating resistance of MCML technology to power analysis attacks using a simulation-based methodology. Trans. Comput. Sci. IV Spec. Issue Secur. Comput. 4, 230–243 (2009)
Reparaz, O., Gierlichs, B., Verbauwhede, I.: Fast leakage assessment. In: Fischer, W., Homma, N. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2017, LNCS, vol. 10529, pp. 387–399. Springer, Berlin (2017)
Schneider, T., Moradi, A.: Leakage assessment methodology - A clear roadmap for side-channel evaluations. In: Güneysu, T., Handschuh, H. (eds.) Cryptographic Hardware and Embedded Systems-CHES 2015, LNCS, vol. 9293, pp. 495–513. Springer, Berlin (2015)
Standaert, F., Malkin, T., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) Advances in Cryptology-EUROCRYPT 2009, LNCS, vol. 5479, pp. 443–461. Springer, Berlin (2009)
Tiri, K., Verbauwhede, I.: A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation. In: Design, Automation and Test in Europe - DATE 2004, pp. 246–251. IEEE Computer Society (2004)
Tiri, K., Verbauwhede, I.: Simulation models for side-channel information leaks. In: W.H.J. Jr., G. Martin, A.B. Kahng (eds.) Design Automation Conference-DAC 2005, pp. 228–233. ACM (2005)
Tiri, K., Verbauwhede, I.: A vlsi design flow for secure side-channel attack resistant ICs. Design, Autom. Test Eur. 3, 58–63 (2005). https://doi.org/10.1109/DATE.2005.44
Tiri, K., Verbauwhede, I.: A digital design flow for secure integrated circuits. IEEE Trans. CAD Integr. Circuits Syst. 25(7), 1197–1208 (2006)
Trichina, E.: Combinational Logic Design for AES SubByte Transformation on Masked Data. Cryptology ePrint Archive, Report 2003/236 (2003)
Wegener, F., Moradi, A.: A first-order sca resistant aes without fresh randomness. Cryptology ePrint Archive, Report 2018/172 (2018)
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This work was supported in part by the European Commission through Horizon 2020 research and innovation programmes under the Marie Skłodowska-Curie Grant 643161 and Cathedral ERC Advanced Grant 695305; by the Research Council KU Leuven C1 on Security and Privacy for Cyber-Physical Systems and the Internet of Things with contract number C16/15/058; and by Intel Corporation.
Rights and permissions
About this article
Cite this article
Šijačić, D., Balasch, J., Yang, B. et al. Towards efficient and automated side-channel evaluations at design time. J Cryptogr Eng 10, 305–319 (2020). https://doi.org/10.1007/s13389-020-00233-8
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13389-020-00233-8