1,720,991 research outputs found
High-Throughput FPGA-Compatible TRNG Architecture Exploiting Multistimuli Metastable Cells
No full textThis paper presents a True Random Number Generator (TRNG) exploiting latched-XOR (LX) gates and its implementation on a Xilinx Spartan 6 FPGA device. The proposed LX-TRNG aims at improving the Throughput (TP) of conventional ring oscillators (ROs) based TRNGs by combining the effect of latches metastability and ROs jitter. Measurements results have demonstrated that the generated bitstreams show very good randomness exhibiting a byte (bit) entropy of 7.9979 (0.9997), according to T8-test of AIS-31. The proposed TRNG has also been extensively tested under voltage and temperature variations showing very good robustness. In particular both NIST’s and AIS-31 tests are passed for all the considered supply voltage and temperature ranges. The FPGA implementation occupies only 9 Slices and, despite its compactness, it exhibits a throughput as high as 12.5 Mbit/s with a 50 MHz operating frequency. The computation of the figure of merit has shown the capability of the proposed TRNG to optimize the trade-off between hardware resources, bitstreams entropy and throughput, outperforming previous works
Design methodologies for cryptographic hardware with countermeasures against side channel attacks
Full text linkSince the protection of sensible data is considered a major concern in modern devices, the importance of technological aspects have to be addressed properly. Although cryptographic algorithms are considered trustworthy in terms of cryptanalitic resilience, devices that implement such algorithms may not be physically secure. It has been proved that physical emissions in electronics devices can be related to devices' activity. Hence, hardware implementations of cryptographic algorithms have to deal with unavoidable physical emissions.The verification of robustness of an architecture with a given SCA has to deal with the evaluation of data-dependency of the target physical emission.
Attacks Exploiting Static Power (AESP) are a sub-class of PAAs that benefit of the data-dependency of the static currents. In my research activity, I demonstrated how AESP can be very powerful in recovering secret key even from dynamic PAA-protected implementations in nanometer technologies. Moreover, the temperature dependency of this side-channel has been evaluated, since each static current related phenomenon is strongly dependent from the working temperature of the device under attack. Making use of this additional dependency, it is possible to simplify the extraction of information through static power consumption. A multivariate analysis of static power consumption using the working-temperature as additional domain has been investigated, and a brand new profiled attack, Template Attack Exploiting Static Power (TAESP) has been presented. In addition, a new measurement setup for mounting AESP and TAESP has been proposed during the PhD. The proposed measurement setup makes use of only low-cost off-the-shelf components and featuring a control-loop for the working temperature of the device under attack. In this work, a DC pico-ammeter is used in place of the classical Digital Storage Oscilloscope (DSO) to measure static power consumption at steady state.
A novel logic style named Delay-based Dynamic Differential Logic (DDDL or D3L) has been proposed as a new logic-level countermeasure against PAAs. The new logic style has been conceived to be implemented using only standard-cells, usually provided with each digital design kit. The D3L makes use of the Time Enclosed Logic (TEL) signaling, which has been recently demonstrated to outperform the conventional Return-to-Zero (RTZ) protocol in terms of security if mismatch effects are properly taken into account. The new library is presented with a template for 2-input Boolean operands and also a sequential gate is described. Simulations on the novel logic style are provided using a 40nm CMOS design kit, provided by STMicroelectronics. Since it is possible to easily design the D3L library using VHDL (or Verilog), an synthesizable description for two FPGAs (Xilinx Spartan-6 and Altera Cyclone-IV) has been formalized. Dynamic and static power attacks and evaluations have been practically performed on the Altera Cyclone-IV, using a 4-bit PRESENT-based crypto-core as case study, making also a comparison between D3L with other popular FPGA-compatible dual-rail pre-charge logic styles used to counteract PAAs.
During the research activity, also an analog approach in counteracting PAAs has been investigated. The analog-approach is not well explored in literature, but it offers several possibility and benefits in counteracting the steal of information through power consumption. Two countermeasure schemes based on a feedback-loop architecture and with a pure current-mode approach have been presented, named On-chip Current Equalizer (OCE) and improved On-chip Current Equalizer (iOCE). The purpose of OCE and iOCE is to maintain the current consumption constant neglecting the data-dependent activities that take place in the cryptographic circuit. OCE and iOCE aim to equalize the instantaneous current consumption as well as the energy per cycle.
An intense experimental activity regarding the test and security evaluation of the 65nm SERPAES prototype chip has been carried out during the PhD. The SERPAES, designed at our laboratory, contains five implementations of AES-128 block cipher and two full-custom designed prototype implementations of 4-bit data-path of the SERPENT block cipher. AES implementations are designed with RTL-level countermeasures, aiming to randomize the power consumption of the data-path. Experimental analysis of PAA-resilience on AES-4 core have been performed, giving actual and information theoretic security metrics. The protection scheme implemented on AES-4 is based on the adoption of the Secure Double Rate Register (SDRR), aiming to randomize the power consumption of combinational network and registers. In addition, an evaluation of the security and robustness to PAAs has been performed on the full-custom section of the SERPAES chip, containing two implementations of 4-bit data-path based on round-0 of the SERPENT block cipher. SERPENT-based cores are implemented using the following full-custom logics: Sense Amplifier-Based Logic (SABL) and improved Delay-based Dual-rail Pre-charge Logic (iDDPL). PAA evaluations on both cores have been carried out giving a fair comparison of state-of-the-art full-custom PAA-countermeasures. The comparison has been performed for different cases of capacitive unbalance, in order to measure the performance of both logic styles in tolerating capacitive mismatches
Template attacks exploiting static power and application to CMOS lightweight crypto-hardware
No full textA new class of template attacks aiming at recovering the secret key of a cryptographic core from measurements of its static power consumption is presented in this paper. These attacks exploit the dependence of the static current of Complementary metal–oxide–semiconductor Integrated Circuits on the input vector and the maximum likelihood decision rule as a statistical distinguisher. In the proposed Template Attacks Exploiting Static Power (TAESP), we take advantage of the temperature dependence of static currents in order to build a new multivariate approach able to extract relevant information from cryptographic devices. As a validation case study, we consider the PRESENT-80 block cypher algorithm and its implementation on a 40 nm Complementary metal–oxide–semiconductor process. Monte Carlo and corner simulations at transistor level are used to show the effectiveness of the TAESP in the presence of die-to-die and intra-die process variations. A real attack scenario is then built by adding Gaussian noise to current samples extracted from transistor-level simulations. The univariate TAESP in which just one temperature is considered to build the templates is compared against the multivariate TAESP in which measurements at different controlled temperatures are exploited. This comparison shows that using just a few different temperatures to build multivariate templates allows to strongly increase the effectiveness of the attack. Copyright © 2016 John Wiley & Sons, Ltd
Univariate power analysis attacks exploiting static dissipation of nanometer CMOS VLSI circuits for cryptographic applications
No full textIn this work we focus on Power Analysis Attacks (PAAs) which exploit the dependence of the static current of sub- 50nm CMOS integrated circuits on the internally processed data. Spice level simulations of static current as a function of the input state have been carried out to show that static power consumption of nanometer logic gates continues to exhibit a strong dependence on input vector even for sub-50nm circuits and that the coefficient of variation for a nand gate is strongly increasing with the scaling of CMOS technology. We demonstrate that it is possible to recover the secret key of a cryptographic core by exploiting this data dependence by means of different statistical distinguishers. For the first time in the literature we formulate the Attack Exploiting Static Power (AESP) as a univariate attack by using the mutual information approach to quantify the information that leaks through the static power side channel independently from the adopted leakage model. This analysis shows that countermeasures conceived to protect cryptographic hardware from attacks based on dynamic power consumption (e.g. WDDL, MDPL, SABL) still exhibit a leakage through the static power side channel. Finally, we show that the Time Enclosed Logic (TEL) concept does not leak information through the static power (even in the worst case scenario in which the attacker can stop the clock signal) and is suitable to be used as a countermeasure against both attacks explointig dynamic power and attacks exploiting static power
Implementation of the present-80 block cipher and analysis of its vulnerability to side channel attacks exploiting static power
No full textIn this work, the implementation of the PRESENT-80 block cipher in a 40nm CMOS technology, and its vulnerability to Side Channel Attacks Exploiting Static Power is investigated. In the last two decades, several countermeasures to thwart DPA/CPA attacks based on the exploitation of dynamic power consumption have been proposed. In particular, WDDL logic style is a gate-level countermeasure, to Power Analysis Attacks exploiting dynamic Power. It has been demonstrated that, in deep sub-micron technologies, the static power consumption is no more negligible as in the past and malicious attackers can benefit from the dependability of the static power consumption on the processed data: Leakage Power Analysis (LPA) has been proposed to recover sensible information. The possibility to recover the secret key from a protected secure implementation exploiting static power is not a minor threat, and we analyze this vulnerability with actual security metrics and with an information theoretic approach, showing that gate level countermeasures such as WDDL can be successfully attacked exploiting static power instead of dynamic power
Fully integrable current-mode feedback suppressor as an analog countermeasure against CPA attacks in 40nm CMOS technology
No full textSecurity of sensible data for ultraconstrained IoT smart devices is one of the most challenging task in modern design. The needs of CPA-resistant cryptographic devices has to deal with the demanding requirements of small area and small impact on the overall power consumption. In this work, a novel current-mode feedback suppressor as on-chip analog-level CPA countermeasure is proposed. It aims to suppress differences in power consumption due to data-dependency of CMOS cryptographic devices, in order to counteract CPA attacks. The novel countermeasure is able to improve MTD of unprotected CMOS implementation of at least three orders of magnitude, providing a ×1.1 area and ×1.7 power overhead
On-chip analog current equalizer as a countermeasure against side-channel attacks in CMOS nanometer technology
No full textThe possibility of recovering sensible information through the observation of dynamic power consumption of a cryptographic device is a critical issue in security applications. As it has been widely demonstrated in the literature, it is possible to reveal the secret keys of a cryptographic device exploiting the information leaked by the implementation through the power side channel. An on-chip, analog, current mode, power consumption equalizer is proposed in this work to overcome the possibility of a successful CPA/DPA attack. The proposed current equalizer circuit allows reducing the variability in the current drawn by a cryptographic CMOS circuit at each clock cycle. This approach allows to avoid full custom logic styles and/or balanced differential routing and can be directly applied to cryptographic devices implemented in standard CMOS logic
Design of low-voltage high-speed CML D-latches in nanometer CMOS technologies
No full textThis paper presents the design of a novel low-voltage high-speed D-latch circuit suitable for nanometer CMOS technologies. The proposed topology is compared against the low-voltage triple-tail D-latch and its advantages are demonstrated both by simulations, under different performance/power consumption tradeoffs with a 40-nm CMOS technology, and theoretically, thanks to a simple model of the propagation delay derived for both low-voltage topologies. In order to further demonstrate the advantages of the proposed topology, it has also been used to design a D flip-flop (DFF), where thanks to the feature to need just 1 clock differential pair; a further speed improvement is achieved over the conventional triple-tail topology. Indeed, by comparing a two-stage frequency divider designed using both the triple-tail DFF and the proposed folded DFF, a 54% improvement in the maximum operating frequency is found when using the proposed folded DFF
A Monostable Physically Unclonable Function Based on Improved RCCMs with 0–1.56% Native Bit Instability at 0.6–1.2 V and 0–75 °C
Full text linkIn this work, a Physically Unclonable Function (PUF) based on an improved regulated cascode current mirror (IRCCM) is presented. The proposed IRCCM improves the loop-gain of the gain-boosting branch over the conventional RCCM PUF, thereby increasing the output resistance and amplifying the mismatches due to random variations. The introduction of an explicit reference current in the biasing branch of the IRCCM results in lower native unstable bits, good robustness against environmental variations and very stable power consumption. The proposed PUF has been validated through measurement results on a test-chip implemented in a 130 nm CMOS process. The PUF performance was measured for supply voltages between 0.6 and 1.2V, and temperatures ranging from 0 °C to 75 °C. A comparison against similar designs from the literature has shown that the proposed PUF exhibits state of the art performance with improved reliability under supply voltage variations
Multivariate Analysis Exploiting Static Power on Nanoscale CMOS Circuits for Cryptographic Applications
No full textLatest nanometer CMOS technology nodes have highlighted new issues in security of cryptographic hardware implementations. The constant growth of the static power consumption has led to a new class of side-channel attacks. Common attacks exploiting static power use an univariate approach to recover information from cryptographic engines. In our work, a multivariate approach based on information theoretic security metrics is presented. The temperature-dependence helps to exploit more information leakage from the hardware implementation. Starting from a univariate analysis, mutual information reveals that increasing the working temperature, the information leaked through the static power side channel is increased as well. In this work a multivariate analysis exploiting static power consumption is presented in which the temperature-domain is used to extract more information. The use of information theoretic approach allows to precisely quantify the amount of information that can be leaked from a cryptographic hardware implementation. The perceived information shows taking advantage of the use of more than one temperature, the security level can be decreased. The improvement achieved using the presented approach is demonstrated on a 40 nm CMOS implementation of the Present 80 crypto core
- …
