Presentation is loading. Please wait.

Presentation is loading. Please wait.

Xin Fang, Pei Luo, Yunsi Fei, and Miriam Leeser

Published byDerrick Spencer Modified over 6 years ago

Similar presentations

Presentation on theme: "Xin Fang, Pei Luo, Yunsi Fei, and Miriam Leeser"— Presentation transcript:

1 Xin Fang, Pei Luo, Yunsi Fei, and Miriam Leeser
Leakage Evaluation on Power Balance Countermeasure Against Side-Channel Attack on FPGAs Xin Fang, Pei Luo, Yunsi Fei, and Miriam Leeser Electrical & Computer Engineering Department, Northeastern University, Boston

2 Outline 1. Introduction to Advanced Encryption Standard (AES) Algorithm 2. Introduction to Side Channel Attack (SCA) 3. Power Analysis on AES 4. Countermeasure using WDDL 5. Cons of Wave Dynamic Differential Logic (WDDL) 6. Implementation Improvement by Register Placement 7. Dual Rail Precharge Logic without Early Evaluation (DPL-noEE) 8. Four Experiments Comparison and Conclusion

3 Advanced Encryption Standard (AES)
AES is a symmetric-key encryption algorithm Based on substitution-permutation network Block size 128 bits key size 128, 192 or 256 bits Round number 10, 12 or 14 Each round contains SubByte, ShiftRows, MixColumns and AddRoundKey. (Except 10th Round) Key schedule produces the needed round key from initial key

4 Advanced Encryption Standard (AES)
1. SubByte 3. MixColumns 4. AddRoundKey 2. ShiftRows

5 Correlation Power Analysis
Cryptographic systems are mathematically unbreakable with today’s computing power Side channel Attack is based on leakage information of physical implementation, such as Power, EM leakage, Timing, Fault, etc Different bit transitions in the state register contribute to different power consumption Correlation Power Analysis (CPA) Involve analyzing the correlation between key guess and power consumption For one possible key guess, different input will produce different power. Usually need a large amount of power traces

6 Correlation Power Analysis
Example of standard AES power trace Attack module example: Hamming Distance of the 9th and 10th round Step 1: make the assumption for potential 1 byte key guess Step 2: Based on the ciphertext and partial key guess, calculate the output of 9th round

7 Correlation Power Analysis
Step 3: Calculate the HD(9th, 10th) Step 4: For all pairs of plaintext and ciphertext, Repeat Step 1-3. Step 5: Calculate the correlation between HD(9th, 10th) and power traces. Power consumption: Correlation coefficient: It illustrates the statistically relationship between two random variables Step 6: Find the largest Corr, and the corresponding key guess is correct.

8 Power Attack Countermeasure
Two types of countermeasures to mitigate power leakages: 1. Hiding : balance the power consumption 2. Masking : Using Random Data to cover the real processing data Wave Dynamic Differential Logic (WDDL) is a hiding technique which mitigates side-channel leakage by balancing power consumption. Two Steps for WDDL: 1) Pre-charge Differential input and output signals will both be zero. 2) Evaluation Output will contain complementary values. Results: Number of bit transitions during an operation cycle is constant, independent of the values of the inputs.

9 WDDL implementation of AES on FPGAs

10 Cons of WDDL WDDL can still leak information To mitigate the leakage
Difference in loading capacitance between two complementary wires can cause unbalanced power leakage Early evaluation effect To mitigate the leakage We propose the placement constraints for registers

11 Register Placement Our method constraints the register placement stage to specify the location of state register M and register S Register Placement Principles: 1. Fit two pairs of either register in 1 slice which contains 4 flip-flops 2. Minimize the wiring length between register M and register S For AES, each register contains 128 pairs of bitwise complementary signals 128 slices are required to accommodate all 128 bits for both registers (2*2*128/4)

12 Register Placement Register Placement on Virtex 5
Positive (Left) and Negative (Right) Output Signal Nets for Register S

13 Register Placement Positive (Left) and Negative (Right)
Input Signal Nets for Register M Nets between Register M to S

14 Dual Rail Precharge Logic without Early Evaluation
DPL-noEE: a LUT initialization method used to mitigate power leakage introduced by unbalanced routing Purpose here is to show that our method has already dealt with routing, so DPL- noEE does not contribute to decreasing the correlation Bhasin, Shivam, et al. "Countering early evaluation: an approach towards robust dual-rail precharge logic." WESS ACM, 2010

15 Power trace acquisition
Power trace acquisition conducted with a LeCroy WaveRunner 640Zi oscilloscope on a SASEBO-GII board 100,000 traces acquired; plaintext generated by Pseudo-Random Number Generator SASEBO-GII board One example of power trace of WDDL on AES

16 Attack Module Hamming weight is used to measure sensitive data in registers which are correlated to power dissipation in power traces. Three time points are selected to evaluate the correlation, the 1st, 9th and last round output. Three attack module: correlation(HW(P xor K); power) correlation(HW(C9); power) correlation(HW(C); power) One example of power trace of WDDL on AES

17 Correlation Waveform (1st, 9th and 10th round)
1st Column: Standard WDDL of AES 2nd Column: WDDL with LUT Constraints 3rd Column: LUT and Placement Constraints 4th Column: Add DPL-noEE

18 Correlation Table (1st, 9th and 10th round)
Our method can reduce correlation for more than 30% for the 1st and 10th round of AES, 20% for the 9th round Diminish unbalanced routing problem Attack Point Standard WDDL LUT Primitive LUT and Placement Add DPL-noEE First 0.091 0.090 0.062 0.064 9th 0.080 0.110 0.063 Last 0.061 0.041 0.040 First round input: correlation(HW(P xor K); power) Ninth round output: correlation(HW(C9); power) Last round output: correlation(HW(C); power)

19 FPGA Resource and Power Comparison
1. Decreases the number of slice LUTs from 7031 to 4763 % lower power than WDDL with only LUT primitive constraint Resources Standard WDDL LUT Primitive LUT and Placement Add DPL-noEE Slice Register 1495 Slice LUTs 7031 4763 FPGA Resource Utilization in Virtex-5 Resources Standard WDDL LUT Primitive LUT and Placement Add DPL-noEE Dynamic 0.022w 0.018w Quiescent 0.380w Total 0.402w 0.398w Power Consumption Comparison in Virtex-5

20 Conclusions A methodology of generating register constraints to improve the WDDL implementation on a Virtex 5 FPGA Evaluate it using the standard AES algorithm Significantly reduce power leakage Save FPGA resource and decrease power consumption

21 Thank you! Acknowledgments: Xin Fang, fang.xi@husky.neu.edu
This work is supported in part by NSF under MRI Thank you to Xilinx for their donations. Xin Fang, RCL website:

Download ppt "Xin Fang, Pei Luo, Yunsi Fei, and Miriam Leeser"

Similar presentations

Differential Fault Analysis on AES Variants Kazuo Sakiyama, Yang Li The University of Electro-Communications Nagoya, Japan.

Differential Fault Analysis on AES Variants Kazuo Sakiyama, Yang Li The University of Electro-Communications Nagoya, Japan.
Statistical Tools Flavor Side-Channel Collision Attacks

Statistical Tools Flavor Side-Channel Collision Attacks
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie.

Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie.
Block Ciphers and the Data Encryption Standard

Block Ciphers and the Data Encryption Standard
1 Authors: MILENA STANOJLOVIĆ PREDRAG PETKOVIĆ LABORATORY FOR ELECTRONIC DESIGN AUTOMATION Faculty of Electronic Engineering University of Nis.

1 Authors: MILENA STANOJLOVIĆ PREDRAG PETKOVIĆ LABORATORY FOR ELECTRONIC DESIGN AUTOMATION Faculty of Electronic Engineering University of Nis.
Wide Collisions in Practice Xin Ye, Thomas Eisenbarth Florida Atlantic University, USA 10 th ACNS 2012- Singapore.

Wide Collisions in Practice Xin Ye, Thomas Eisenbarth Florida Atlantic University, USA 10 th ACNS Singapore.
Advanced Encryption Standard

Advanced Encryption Standard
Exploring timing based side channel attacks against 802.11i CCMP Suman Jana, Sneha K. Kasera University of Utah Introduction

Exploring timing based side channel attacks against i CCMP Suman Jana, Sneha K. Kasera University of Utah Introduction
Advanced Encryption Standard. This Lecture Why AES? NIST Criteria for potential candidates The AES Cipher AES Functions and Inverse Functions AES Key.

Advanced Encryption Standard. This Lecture Why AES? NIST Criteria for potential candidates The AES Cipher AES Functions and Inverse Functions AES Key.
The Design of Improved Dynamic AES and Hardware Implementation Using FPGA 89321032 游精允.

The Design of Improved Dynamic AES and Hardware Implementation Using FPGA 游精允.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Decryption Algorithms Characterization Project ECE 526 spring 2007 Ravimohan Boggula,Rajesh reddy Bandala Southern Illinois University Carbondale.

Decryption Algorithms Characterization Project ECE 526 spring 2007 Ravimohan Boggula,Rajesh reddy Bandala Southern Illinois University Carbondale.
Dynamic Power Consumption In Large FPGAs WILLIAM GARCIA, ANDREW MORTELLARO.

Dynamic Power Consumption In Large FPGAs WILLIAM GARCIA, ANDREW MORTELLARO.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Linear Fault Analysis of Block Ciphers Zhiqiang Liu 1, Dawu Gu 1, Ya Liu 1, Wei Li 2 1. Shanghai Jiao Tong University 2. Donghua University ACNS 2012 June.

Linear Fault Analysis of Block Ciphers Zhiqiang Liu 1, Dawu Gu 1, Ya Liu 1, Wei Li 2 1. Shanghai Jiao Tong University 2. Donghua University ACNS 2012 June.
Philip Brisk 2 Paolo Ienne 2 Hadi Parandeh-Afshar 1,2 1: University of Tehran, ECE Department 2: EPFL, School of Computer and Communication Sciences Efficient.

Philip Brisk 2 Paolo Ienne 2 Hadi Parandeh-Afshar 1,2 1: University of Tehran, ECE Department 2: EPFL, School of Computer and Communication Sciences Efficient.
Power Reduction for FPGA using Multiple Vdd/Vth

Power Reduction for FPGA using Multiple Vdd/Vth
Written By: Kris Tiri and Ingrid Verbauwhede Presented By: William Whitehouse.

Written By: Kris Tiri and Ingrid Verbauwhede Presented By: William Whitehouse.
Classical &ontemporyryptology 1 AESAES Classical &ontemporyryptology 2 Advanced Encryption Standard Since DES was becoming less reliable as new cryptanalysis.

Classical &ontemporyryptology 1 AESAES Classical &ontemporyryptology 2 Advanced Encryption Standard Since DES was becoming less reliable as new cryptanalysis.

Similar presentations

Ads by Google