Projects per year
Abstract
Passive physical attacks, like power analysis, pose a serious threat to the security of embedded systems and corresponding countermeasures need to be implemented. In this talk, we demonstrate how the costs for protecting digital circuits against passive physical attacks can be lowered significantly. We introduce a novel masking approach called domain-oriented masking (DOM). Our approach provides the same level of security as threshold implementations (TI), while it requires less chip area and less randomness. DOM can also be scaled easily to arbitrary protection orders for any circuit. To demonstrate the flexibility of our scheme, we apply DOM to a hardware design of the Advanced Encryption Standard (AES). The presented AES implementation is built in a way that it can be synthesized for any protection order. Although our AES design is scalable, it is smaller, faster, and less randomness demanding than other side-channel protected AES implementations. Our first-order secure AES design, for example, requires only 18 bits of randomness per S-box operation and 6 kGE of chip area. We demonstrate the flexibility of our AES implementation by synthesizing it up to the 15th protection order. Beside our theoretical security analysis, we also evaluate the security of the AES implementation with a t-test based side-channel leakage assessments up to the second protection order.
To demonstrate the flexibility of our scheme, we apply DOM to a hardware design of the Advanced Encryption Standard (AES). The presented AES implementation is built in a way that it can be synthesized for any protection order. Although our AES design is scalable, it is smaller, faster, and less randomness demanding than other side-channel protected AES implementations. Our first-order secure AES design, for example, requires only 18 bits of randomness per S-box operation and 6~kGE of chip area. We demonstrate the flexibility of our AES implementation by synthesizing it up to the 15th protection order. Beside our theoretical security analysis, we also evaluate the security of the AES implementation with a t-test based side-channel leakage assessments up to the second protection order.
To demonstrate the flexibility of our scheme, we apply DOM to a hardware design of the Advanced Encryption Standard (AES). The presented AES implementation is built in a way that it can be synthesized for any protection order. Although our AES design is scalable, it is smaller, faster, and less randomness demanding than other side-channel protected AES implementations. Our first-order secure AES design, for example, requires only 18 bits of randomness per S-box operation and 6~kGE of chip area. We demonstrate the flexibility of our AES implementation by synthesizing it up to the 15th protection order. Beside our theoretical security analysis, we also evaluate the security of the AES implementation with a t-test based side-channel leakage assessments up to the second protection order.
Original language | English |
---|---|
Pages | 3 |
Number of pages | 3 |
DOIs | |
Publication status | Published - 24 Oct 2016 |
Event | ACM Workshop on Theory of Implementation Security - Vienna, Austria Duration: 24 Oct 2016 → … https://www.cosic.esat.kuleuven.be/events/acm-ccs2016/ |
Workshop
Workshop | ACM Workshop on Theory of Implementation Security |
---|---|
Abbreviated title | TIS '16 |
Country/Territory | Austria |
City | Vienna |
Period | 24/10/16 → … |
Internet address |
Keywords
- masking
- domain-oriented masking
- private circuits
- threshold implementations
- ISW
- side-channel analysis
- DPA
- hardware security
- AES
Projects
- 3 Finished
-
-
HECTOR - Hardware enable crypto and randomness
Korak, T., Mangard, S. & Mendel, F.
1/03/15 → 31/07/18
Project: Research project
-
SCALAS - Secure Contactless Applications based on Leakage-resilient cryptographic Schemes
Peßl, P. & Mangard, S.
1/07/14 → 31/12/16
Project: Research project