Download presentation
Presentation is loading. Please wait.
Published byPauline Russell Modified over 9 years ago
1
Centro de Electrónica Industrial (CEI) | Universidad Politécnica de Madrid | cei@upm.es | www.cei.upm.es Side Channel Attack (SCA) is a special attak method which reveals the confidential data by analying the data-dependent physical leakages from running chips (Microcontroller, Crypto-ASIC or FPGA). EM and power consumption are two major leakage sources. EM SCA poses more threats to conventional SCA coumtermeasures due to its distance-sensitivity. We developed unique circuit structure which resists EPE effects and sophisticated EM attacks. This structure depends on the interleaved dual-core placement while keeping identical routing nets which makes the concentrated EM analysis challenging. Data-dependent Side Channel Leakage Timing result – Net delay comparisons Project sponsored by An Interleaved Dual-Core Structure for Resisting Concentrated EM Side Channel Attacks W. He Different behavior of CMOS cell consumes different amount of power. Changing current causes EM radiations. These minor power consumption and EM variations are therefore data-dependent and can be observed, recoreded by sophisticated measurements. Secrets revelation A group of estimated power/EM leakages are obtained depending on the possible keys. Then, statistical analysis is used to calculate the correlation coefficient between a large group of collected power/EM traces and the estimated power/EM values. The best matched correlation value reveals the real key being used in this crypto- algorithm. Key = f ( Power/EM (Estimated), Power/EM (real measured) ) f: Pearson Correlation Coefficient Attack Setup Structural Protection Dual Rail Pre-charge Logic (DPL) A common way to balance the leakage variations is to use an extra mirror circuit that generates complementary power and EM leakages to flatten the whole variations. Problems and Solutions 1.Glitch 2.Skewed leakage compensation 3.Fluctuant switching edge Early Propagation Effect (EPE) Implementation of PA-DPL Suspicious against concentrated EM attack using tiny EM probe Separate dual core placement Solution: Pre-charge Absorbed DPL (PA-DPL) Solution: Interleaved dual core Controlling routing path is difficult in FPGA implementation. Special technique is used to achieve identical routing for each complementary net pair. Separate dual core placement Interleaved dual core placement Identical routing pair Power Attack Setup EM Attack Setup Net delay without identical routing technique Net delay with identical routing technique Net delay in original core Net delay in complementary core Net delay difference between net pair Theory [1] He, W., De La Torre, E., Riesgo, T.: A Precharge-Absorbed DPL Logic for Reducing Early Propagation Effects on FPGA Implementations. In: 6th IEEE International Conference on ReConFigurable Computing and FPGAs (ReConfig’11), Cancun, Mexico (2011) [2] He, W., De la Torre, E., Riesgo, T.: An Interleaved EPE-Immune PA-DPL Structure for Resisting Concentrated EM Side Channel Attacks on FPGA Implementation. In: 3 rd International Workshop on Constructive Side-Channel Analysis and Secure Design (COSADE’12), Darmstadt, Germany (2012) Net number Net delay (ns)
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.