Side-Channel Resistant Cryptographic System Design and Implementation
Cryptography involves the study of mathematical techniques that allow the practitioner to achieve or provide the following:
- Confidentiality is a service used to keep the content of information accessible to only those authorized to have it.
- Integrity is a service that requires that computer system assets and transmitted information be capable of modification only by authorized users.
- Authentication is a service that is concerned with assuring that the origin of a message is correctly identified.
- Non-repudiation is a service which prevents both the sender and the receiver of a transmission from denying previous commitments or actions.
These security services are provided by using cryptographic algorithms. There are two major classes of algorithms in cryptography: Private-key or Symmetric-key algorithms and Public-key algorithms.
Digital systems can be designed in three ways: software, hardware and hardware/software co-design. Software implementations have the great advantage that they are portable to multiple hardware platforms. Their disadvantages are their high power consumption and lower speed when compared to specialized hardware architectures and their inability to protect private keys from disclosure with the same degree of security that is achievable in hardware. Designers try to combine the flexibility of software and the efficiency of hardware in hardware/software co-design In this method the system is partitioned in software and hardware parts according to system requirements like high speed, low cost and low power consumption. The partitions are designed separately.
The main task of cryptographic hardware is the acceleration of operations frequently used in cryptosystems or the acceleration of a complete cryptographic algorithm. In applications, hardware devices are also required to store secret or private keys securely. Hence, a cryptographic device must prevent the extraction of any sensitive information. A side-channel attack (SCA) takes advantage of implementation specific characteristics to recover the secret parameters involved in the computation. It is therefore less general, but often more powerful than classical cryptanalysis.
SCAs were recognized in the cryptographic community as a major threat in 1996, when the first article about timing attacks was published. In a side-channel attack, the adversary uses the standard functionality of the cryptographic device. The physical and/or electrical effects of the functionality of the device are then used for the attack. If these effects unintentionally deliver information about the key which is used inside the device, then they deliver side-channel information and are called side-channels.
SCAs are divided in four groups according to the side-channel information that they exploit. Timing analysis attacks exploit the timing information on the cryptographic hardware. Power analysis attacks use the dynamic power consumption of the cryptographic hardware during the execution of the cryptographic algorithm. Electromagnetic analysis attacks use the electromagnetic radiation (EMR) of the cryptographic hardware during the execution of the cryptographic algorithm. Acoustic (sound) analysis attacks exploit the sound coming out of the cryptographic hardware during the execution of the cryptographic algorithm.
All the groups of the SCAs have two types. In a simple attack, an attacker uses the side-channel information from one measurement directly to determine (parts of) the secret key. In differential attack, many measurements are used in order to filter out noise. While a simple attack exploits the relationship between the executed operations and the side-channel information, a differential attack exploits the relationship between the processed data and the side-channel information.
New side-channel attack methods and countermeasures are being proposed continuously. Still an ultimate solution as a countermeasure is not proposed yet. Most of the attacks and countermeasures work theoretically, but can not be implemented in practice. In this project first symmetric and public key cryptosystems will be implemented in software and hardware with countermeasures against side-channel attacks. The designers should be able to simulate the implementation behavior against side-channel attacks during the design process. While the designs are simulated for timing and correct functional behavior, currently there is no possibility to simulate the side-channel behavior o the system during design process. One of the aims of this project is to integrate the simulation of the side effect of the system to the design flow. After completing the implementation of the systems while they function normally side-channel attacks will be implemented on them and resistant of the implementations will be tested. Such a test environment does not exist in Turkey yet. By this project a research laboratory for designing and testing cryptographic systems will be built in our country.
Because the smartcards can be used by everybody and easily programmed, they are the most vulnerable cryptographic devices to side-channel attacks. The software environment will be the smartcards and the microcontrollers mostly used in smartcards. In order to test these devices, a measurement environment which includes a printed card boards (PCB) for some microcontroller will be setup.
As part of a modern design flow, field programmable gate arrays (FPGAs) are gaining more importance. Reasons for this include their relatively low cost and the available tools. Register transfer level descriptions (like VHDL for example) for a circuit can easily be ported, if not directly used, for an FPGA implementation of the circuit. Naturally, it is desirable to use the resulting FPGA implementation also for an evaluation of the designed circuit against power-analysis attacks. A measurement setup with a FPGA board will be built.
Side-channel resistant of the cryptographic devices is not used as a requirement in the hardware/software so-design process during the system partitioning. In this project, we aim to partition the system by considering the security and develop a tool with which we can simulate the side-channel behavior of whole system during the design process. The software part of the system will be mapped to a microcontroller and the hardware part will be mapped to an FPGA. A PCB will be designed to accompany these devices and let them communicate. This circuit will be used to make the side-channel measurements and implement the attacks.
The success of the SCAs depends on mostly the side channel model of the device under attack. In the literature a model which only considers the 0 to 1 transition of the registers and ignores the combinational part of the circuit is used. In this project side channel models for all the processors used will be developed by including some effects like the load capacitance, the length of the line to which the gate’s output is connected, etc. So far, the model for the power consumption has been used for the EMR estimations also. But the magnitude of the EMR not only depends on the magnitude of the current flows on a wire but also depends on the direction of the current. For example two currents with the same magnitude which flow in the opposite directions can cancel out each others EMR. EMR models of the processors will be developed by considering the transistor layout of the devices. The antennas used for the EMR measurements are implemented heuristically in the literature. In this project we will design antennas by considering the EMR model of the device under attack, the measurement environment, the distance to the device, the position of the antenna, etc.
|