CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
A Logic Level Design Methodology for a Secure DPA Resistant ASIC or FPGA Implementation
Proceedings of the conference on Design, automation and test in Europe - Volume 1
Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security)
Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security)
Power and electromagnetic analysis: improved model, consequences and comparisons
Integration, the VLSI Journal - Special issue: Embedded cryptographic hardware
Changing the odds against masked logic
SAC'06 Proceedings of the 13th international conference on Selected areas in cryptography
Correlation-enhanced power analysis collision attack
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Investigation of DPA Resistance of Block RAMs in Cryptographic Implementations on FPGAs
RECONFIG '10 Proceedings of the 2010 International Conference on Reconfigurable Computing and FPGAs
Pinpointing the side-channel leakage of masked AES hardware implementations
CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
DPA leakage models for CMOS logic circuits
CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
A first-order leak-free masking countermeasure
CT-RSA'12 Proceedings of the 12th conference on Topics in Cryptology
Hi-index | 0.00 |
Leaks inside semi-custom ASIC (Application Specific Integrated Circuit) design primitives are rigorously investigated. The study is conducted by measuring a dedicated TEG (Test Element Group) chip with a small magnetic-field probe on the chip surface. Measurement targets are standard cells and a memory macro cell. Leaks inside the primitives are focused as many of conventional countermeasures place measurability boundaries on these primitives. Firstly, it is shown that current-path leak: a leak based on input-dependent active current path within a standard cell [1] is measurable. Major gate-level countermeasures (RSL, MDPL, and WDDL) become vulnerable if the current-path leak is considered. Secondly, it is shown that internal-gate leak: a leak based on non-linear sub-circuit within a XOR cell is measurable. It can be exploited to bias the distribution of the random mask. Thirdly, it is shown that geometric leak: a leak based on geometric layout of the memory matrix structure is measurable. It is a leak correlated to integer representation of the memory address. We also show that a ROM-based countermeasure (Dual-rail RSL memory [10]) becomes vulnerable with the geometric leak. A general transistor-level design method to counteract the current-path and internal-gate leaks is also shown.