Design and characterisation of an AES chip embedding countermeasures
International Journal of Intelligent Engineering Informatics
Security protection on FPGA against differential power analysis attacks
Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research
Randomized execution algorithms for smart cards to resist power analysis attacks
Journal of Systems Architecture: the EUROMICRO Journal
Utilizing random noise in cryptography: where is the tofu?
Proceedings of the International Conference on Computer-Aided Design
Implementation of correlation power analysis attack on an FPGA DES design
International Journal of Information and Communication Technology
Hi-index | 14.98 |
Cryptographic circuits are nowadays subject to attacks that no longer focus on the algorithm but rather on its physical implementation. Attacks exploiting information leaked by the hardware implementation are called side-channel attacks (SCAs). Among these attacks, the differential power analysis (DPA) established by Paul Kocher et al. in 1998 represents a serious threat for CMOS VLSI implementations. Different countermeasures that aim at reducing the information leaked by the power consumption have been published. Some of these countermeasures use sophisticated back-end-level constraints to increase their strength. As suggested by some preliminary works (e.g., by Li from Cambridge University), the prediction of the actual security level of such countermeasures remains an open research area. This paper tackles this issue on the example of the AES SubBytes primitive. Thirteen implementations of SubBytes, in unprotected, WDDL, and SecLib logic styles with various back-end-level arrangements are studied. Based on simulation and experimental results, we observe that static evaluations on extracted netlists are not relevant to classify variants of a countermeasure. Instead, we conclude that the fine-grained timing behavior is the main reason for security weaknesses. In this respect, we prove that SecLib, immune to early-evaluation problems, is much more resistant against DPA than WDDL.