On measurable side-channel leaks inside ASIC design primitives

Authors:
Takeshi Sugawara;Daisuke Suzuki;Minoru Saeki;Mitsuru Shiozaki;Takeshi Fujino
Affiliations:
Mitsubishi Electric Corporation, Japan;Mitsubishi Electric Corporation, Japan;Mitsubishi Electric Corporation, Japan;Ritsumeikan University, Japan;Ritsumeikan University, Japan
Venue:
CHES'13 Proceedings of the 15th international conference on Cryptographic Hardware and Embedded Systems
Year:
2013

Citing 11
Cited 0

Differential Power Analysis

CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
A Logic Level Design Methodology for a Secure DPA Resistant ASIC or FPGA Implementation

Proceedings of the conference on Design, automation and test in Europe - Volume 1
Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security)

Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security)
Power and electromagnetic analysis: improved model, consequences and comparisons

Integration, the VLSI Journal - Special issue: Embedded cryptographic hardware
Changing the odds against masked logic

SAC'06 Proceedings of the 13th international conference on Selected areas in cryptography
Correlation-enhanced power analysis collision attack

CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Fault sensitivity analysis

CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Investigation of DPA Resistance of Block RAMs in Cryptographic Implementations on FPGAs

RECONFIG '10 Proceedings of the 2010 International Conference on Reconfigurable Computing and FPGAs
Pinpointing the side-channel leakage of masked AES hardware implementations

CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
DPA leakage models for CMOS logic circuits

CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
A first-order leak-free masking countermeasure

CT-RSA'12 Proceedings of the 12th conference on Topics in Cryptology

Quantified Score

Hi-index	0.00

Visualization

Abstract

Leaks inside semi-custom ASIC (Application Specific Integrated Circuit) design primitives are rigorously investigated. The study is conducted by measuring a dedicated TEG (Test Element Group) chip with a small magnetic-field probe on the chip surface. Measurement targets are standard cells and a memory macro cell. Leaks inside the primitives are focused as many of conventional countermeasures place measurability boundaries on these primitives. Firstly, it is shown that current-path leak: a leak based on input-dependent active current path within a standard cell [1] is measurable. Major gate-level countermeasures (RSL, MDPL, and WDDL) become vulnerable if the current-path leak is considered. Secondly, it is shown that internal-gate leak: a leak based on non-linear sub-circuit within a XOR cell is measurable. It can be exploited to bias the distribution of the random mask. Thirdly, it is shown that geometric leak: a leak based on geometric layout of the memory matrix structure is measurable. It is a leak correlated to integer representation of the memory address. We also show that a ROM-based countermeasure (Dual-rail RSL memory [10]) becomes vulnerable with the geometric leak. A general transistor-level design method to counteract the current-path and internal-gate leaks is also shown.