Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hardware Masking, Revisited

Published byJan Böhmer Modified over 6 years ago

Similar presentations

Presentation on theme: "Hardware Masking, Revisited"— Presentation transcript:

1 Hardware Masking, Revisited
Maik Ender Amir Moradi Thomas De Cnudde September 11 - CHES Amsterdam

2 We checked the influence of these parameters on the leakage
The idea is to build a model for the physical characteristics of a device, and then design masking schemes with provable security in that model We checked the influence of these parameters on the leakage

3 What do we control in the measurement setup and in the implementation?
Supply Voltage Shunt Resistor Distance between the shares Temperature Circuit Size Clock Frequency Number of Shares

4 Hardware Masking, Revisited
1 2 Can we make Masked Implementations leak? 3 Conclusions - Summary - Implications Experiments on a Toy Example We end with a conclusion where we summarise our findings and discuss the implications of our work to reveal the influence of the various parameters on the leakage

5 Hardware Masking, Revisited
1 2 3 Can we make Masked Implementations leak? Experiments on a Toy Example Conclusions revealing the influence on the leakage by 1. the various parameters 2. coupling of FPGA wires

6 One share in our toy example consists of consecutive MixColumn modules
We can choose between a lower power consumption from 3 MCs a higher power consumption from 6 MCs

7 Four iterated MixColumns shares are placed next to each other and in full isolation
Using the Isolated Design Flow (IDF) of Xilinx We can test the influence of the number of shares and the distance between the shares on the leakage

8 Supply Voltage & Shunt Resistor
Vdd 1.0v, 1.0Ω Vdd 1.0v, 0.0Ω The higher the supply voltage, the higher the leakage Vdd 1.2v, 1.0Ω (Sakura-G default) 12 Vdd 1.2v, 0.0Ω Vdd 1.3v, 0.0Ω 10 The lower the shunt resistor, the higher the leakage max(|t-statistic|) 8 6 Fixed-vs-random t-test iterated_MC1 and iterated_MC4 3 MCs active 6MHz 21°C 4 2 20M 40M 60M 80M 100M Number of Traces

9 Distance The distance between the shares
Iterated_MC1↔2 Iterated_MC1↔3 Iterated_MC1↔4 8 The distance between the shares does not influence leakage much 6 max(|t-statistic|) 4 Fixed-vs-random t-test 3 MCs active 6MHz Vdd 1.2v, 0.0Ω , 21°C 2 20M 40M 60M 80M 100M Number of Traces

10 Temperature The higher the temperature, the higher the leakage
21°C 50°C 70°C The higher the temperature, the higher the leakage 15 10 max(|t-statistic|) Quality of the randomness is not altered by the temperature Fixed-vs-random t-test iterated_MC1 and iterated_MC4 3 MCs active 6MHz Vdd 1.3v, 0.0Ω 5 20M 40M 60M 80M 100M Number of Traces

11 Circuit Size and Clock Frequency
The more MCs active, the higher the leakage 3MC, 6MHz 20 3MC, 48MHz 6MC, 6MHz The higher the peak-to-peak power consumption, the higher the leakage 6MC, 48MHz 15 The higher the clock frequency, the higher the leakage max(|t-statistic|) 10 5 Fixed-vs-random t-test iterated_MC1 and iterated_MC4 Vdd 1.3v, 0.0Ω, 21°C 20M 40M 60M 80M 100M Number of Traces

12 Number of Shares max(|t-statistic|) Number of Traces 200M 150M 100M 50M 15 10 5 2 shares 1,2 3 shares 1 to 3 4 shares 1 to 4 All linear 1st-, 2nd- and 3rd-order designs leak in the 1st-order! No 2nd-order leakage in the 2nd-order secure design No 2nd- or 3rd-order leakage in The 3rd-order secure design Fixed-vs-random t-test 1st-, 2nd- and 3rd-order masking 6 MCs active 6MHz Vdd 1.3v, 0.0Ω, 21°C

13 Hardware Masking, Revisited
1 2 3 Can we make Masked Implementations leak? Experiments on a Toy Example Conclusions revealing the influence on the leakage by 1. the various parameters 2. coupling of FPGA wires

14 Does leakage current in open switch transistors contribute to the leakage in FPGAs?

15 What is the influence of the leakage current?
Open transistors inside a switch matrix could couple wires from two different shares What is the influence of the number of shared open switches? What is the influence of the leakage current?

16 Our experiments are designed with an increasing number of shared open switches
20 20 16

17 We route two wires close to each other in the middle of two iterated_MC shares

18 Number of shared open switches
original 20 0 shared open switches 20 shared open switches Routing does not have much effect on the observed leakage 20+16 shared open switches 15 max(|t-statistic|) 10 Fixed-vs-random t-test 6 MCs active Vdd 1.3v, 0.0Ω, 6MHz, 21°C 5 50M 100M 150M 200M Number of Traces

19 Hardware Masking, Revisited
1 2 3 Can we make Masked Implementations leak? Experiments on a Toy Example Conclusions - Threshold Implementation of PRESENT - Domain-Oriented Masking of AES - d+1 Threshold Implementations of AES

20 A Threshold Implementation of PRESENT
max(|t-statistic|) Number of Traces 200M 150M 100M 50M 2 Vdd 1.3v, 0.0Ω Vdd 1.0v, 1.0Ω 4 6 8 PRESENT-80 TI from [PMK+11] 1st-order implementation with 3 shares leaks in the 1st order Fixed-vs-random t-test 8 rounds of encryption 12MHz 21°C

21 Masked AES implementations with d+1 shares
Number of Traces 100M 80M 60M 40M 20M DOM, 2 shares DOM, 3 shares d+1 TI, 2 shares d+1 TI, 3 shares max(|t-statistic|) 2 4 6 8 10 Domain-Oriented Masking from [GMK16] d+1 TI from [DRB+16] All 1st- and 2nd-order designs leak in the 1st-order! Second order leakage: t=200 for 2 share implementations Third order leakage: t=10 for 3 share implementations Fixed-vs-random t-test full encryption 24MHz Vdd 1.2v, 1.0Ω, 21°C

22 Hardware Masking, Revisited
1 2 Can we make Masked Implementations leak? 3 Conclusions Experiments on a Toy Example - Summary - Implications

23 Hardware Masking, Revisited
Can we make Masked Implementations leak? YES!

24 Summary for the Spartan-6 FPGA
Higher leakage with higher supply voltages lower shunt resistors higher temperatures higher peak-to-peak power consumption (higher clock frequency or larger circuits) lower number of shares Leakage does not depend much on the distance between the shares the leakage current from open transistors between the shares

25 Implications Assumptions can be violated! Not surprising, e.g. glitches, early signal propagation Correctly masked implementations leak? Yes, with a high number of traces in a low noise environment Can this be exploited by an attacker? How? What about ASICs? Likely more traces needed…

26 Potential Solutions Temporal non-completeness?
Don’t process on more than d shares per clock cycle for dth-order security Expensive… Embedded voltage regulators? Do EM signals show similar issues? Sharing the Vdd lines? Not clear how to apply nonlinear functions in this setting… Use the leakage detection in addition to attacks? Moments-Correlating DPA [MS16]

27 September 11 - CHES 2018 - Amsterdam

Download ppt "Hardware Masking, Revisited"

Similar presentations

Statistical Tools Flavor Side-Channel Collision Attacks

Statistical Tools Flavor Side-Channel Collision Attacks
1 Power Management for High- speed Digital Systems Tao Zhao Electrical and Computing Engineering University of Idaho.

1 Power Management for High- speed Digital Systems Tao Zhao Electrical and Computing Engineering University of Idaho.
HCC Analog Monitor HCC Design Review April 24, 2014 Mitch Newcomer Nandor Dressnandt Aditya Narayan Amogh Halergi Dawei Zhang* * Original design work 2010-2012.

HCC Analog Monitor HCC Design Review April 24, 2014 Mitch Newcomer Nandor Dressnandt Aditya Narayan Amogh Halergi Dawei Zhang* * Original design work
Design for Manufacturability and Power Estimation Lecture 25 Alessandra Nardi Thanks to Prof. Jan Rabaey and Prof. K. Keutzer.

Design for Manufacturability and Power Estimation Lecture 25 Alessandra Nardi Thanks to Prof. Jan Rabaey and Prof. K. Keutzer.
Wide Collisions in Practice Xin Ye, Thomas Eisenbarth Florida Atlantic University, USA 10 th ACNS 2012- Singapore.

Wide Collisions in Practice Xin Ye, Thomas Eisenbarth Florida Atlantic University, USA 10 th ACNS Singapore.
CIRCUITS, DEVICES, AND APPLICATIONS Eng.Mohammed Alsumady

CIRCUITS, DEVICES, AND APPLICATIONS Eng.Mohammed Alsumady
Exploring timing based side channel attacks against 802.11i CCMP Suman Jana, Sneha K. Kasera University of Utah Introduction

Exploring timing based side channel attacks against i CCMP Suman Jana, Sneha K. Kasera University of Utah Introduction
Institute of Digital and Computer Systems 1 Fabio Garzia / Finding Peak Performance in a Process23/06/2015 Chapter 5 Finding Peak Performance in a Process.

Institute of Digital and Computer Systems 1 Fabio Garzia / Finding Peak Performance in a Process23/06/2015 Chapter 5 Finding Peak Performance in a Process.
The Design of Improved Dynamic AES and Hardware Implementation Using FPGA 89321032 游精允.

The Design of Improved Dynamic AES and Hardware Implementation Using FPGA 游精允.
Adapting Synchronizers to the Effects of On-Chip Variability David Kinniment Alex Yakovlev Jun Zhou Gordon Russell Presented by Dmitry Verbitsky.

Adapting Synchronizers to the Effects of On-Chip Variability David Kinniment Alex Yakovlev Jun Zhou Gordon Russell Presented by Dmitry Verbitsky.
Radu Muresan CODES+ISSS'04, September 8-10, 2004, Stockholm, Sweden1 Current Flattening in Software and Hardware for Security Applications Authors: R.

Radu Muresan CODES+ISSS'04, September 8-10, 2004, Stockholm, Sweden1 Current Flattening in Software and Hardware for Security Applications Authors: R.
Dynamic Power Consumption In Large FPGAs WILLIAM GARCIA, ANDREW MORTELLARO.

Dynamic Power Consumption In Large FPGAs WILLIAM GARCIA, ANDREW MORTELLARO.
By Praveen Venkataramani Vishwani D. Agrawal TEST PROGRAMMING FOR POWER CONSTRAINED DEVICES 5/9/201322ND IEEE NORTH ATLANTIC TEST WORKSHOP 1.

By Praveen Venkataramani Vishwani D. Agrawal TEST PROGRAMMING FOR POWER CONSTRAINED DEVICES 5/9/201322ND IEEE NORTH ATLANTIC TEST WORKSHOP 1.
RRB/STS ORNL Workshop Integrated Hardware/Software Security Support R. R. BrooksSam T. Sander Associate ProfessorAssistant Professor Holcombe Department.

RRB/STS ORNL Workshop Integrated Hardware/Software Security Support R. R. BrooksSam T. Sander Associate ProfessorAssistant Professor Holcombe Department.
Juanjo Noguera Xilinx Research Labs Dublin, Ireland Ahmed Al-Wattar Irwin O. Irwin O. Kennedy Alcatel-Lucent Dublin, Ireland.

Juanjo Noguera Xilinx Research Labs Dublin, Ireland Ahmed Al-Wattar Irwin O. Irwin O. Kennedy Alcatel-Lucent Dublin, Ireland.
Stephen Pemberton TE-MPE-EE 1 DQLPUR Prototype Testing Initial Results: Thermal Tests Voltage Drop Off Tests.

Stephen Pemberton TE-MPE-EE 1 DQLPUR Prototype Testing Initial Results: Thermal Tests Voltage Drop Off Tests.
Frank Ludwig / 03.12.04 Content : 1 Introduction to noise 2 Noise characterization of the actual LLRF system 3 Conceptional improvements 4 Different sensors.

Frank Ludwig / Content : 1 Introduction to noise 2 Noise characterization of the actual LLRF system 3 Conceptional improvements 4 Different sensors.
Www.advancedmsinc.com EZ-COURSEWARE State-of-the-Art Teaching Tools From AMS Teaching Tomorrow’s Technology Today.

EZ-COURSEWARE State-of-the-Art Teaching Tools From AMS Teaching Tomorrow’s Technology Today.
Inferno : Side-channel Attacks for Mobile Web Browsers Manuel Philipose, Matthew Halpern, Pavel Lifshits, Mark Silberstein, Mohit Tiwari Background and.

Inferno : Side-channel Attacks for Mobile Web Browsers Manuel Philipose, Matthew Halpern, Pavel Lifshits, Mark Silberstein, Mohit Tiwari Background and.
ENGG 6090 Topic Review1 How to reduce the power dissipation? Switching Activity Switched Capacitance Voltage Scaling.

ENGG 6090 Topic Review1 How to reduce the power dissipation? Switching Activity Switched Capacitance Voltage Scaling.

Similar presentations

Ads by Google