Sharif Digital Repository

Side-channel attacks are a group of powerful attacks in hardware security that exploit the deficiencies in the implementation of systems. Timing side-channel attacks are one of the main side-channel attack categories that use the time difference of running an operation in different states. Many powerful attacks can be classified into this type of attack, including cache attacks. The limitation of these attacks is the need to run the spy program on the victim’s system. Various studies have tried to overcome this limitation by implementing these attacks remotely on JavaScript and WebAssembly. This paper provides the first comprehensive evaluation of timing side-channel attacks on JavaScript... 

Several logic styles such as Masked Dual-Rail Pre-charge Logic (MDPL) and Dual-Rail Random Switching Logic (DRSL) have been recently proposed to make implementations resistant against power analysis attacks. In this paper, it is shown that the circuits which contain sequential elements, flip-flops, and implemented in MDPL or DRSL styles are vulnerable to DPA attacks. Based on our results, the information leakage of CMOS D-flip-flops that are used to construct MDPL and DRSL D-flip-fiops is the cause of this vulnerability. To reduce the leakage, a modification on the structure of the MDPL and DRSL flip-flops are proposed; two CMOS D-flip-flops are used in the suggested structure. The proposed... 

In this paper, a new logic style is proposed to be used in the implementation of cryptographic algorithms. The aim of this approach is to counteract power analysis attacks. The proposed technique is based on the transition signaling. In dual-rail transition logic, one-bit value is transmitted by a transition on the proper signal of a couple of wires. According to this concept, converter units and logic gates are defined; it is proposed to use flip-flops to build DTL alternative parts. Although the usage of flip-flops leads to increase the required area, experimental results show that the power consumption of DTL circuits depends on unpredictable initial state of T-flip-flops. In other words,... 

Composite field arithmetic is known as an alternative method for lookup tables in implementation of S-box block of AES algorithm. The idea is to breakdown the computations to lower order fields and compute the inverse there. Recently this idea have been used both for reducing the area in implementation of S-boxes and masking implementations of AES algorithm. The most compact design using this technique is presented by Canright using only 92 gates for an S-box block. In another approach, IAIK laboratory has presented a masked implementation of AES algorithm with higher security comparing common masking methods using Composite field arithmetic. Our work in this paper is to use basic ideas of... 

In this paper we describe two differential fault attack techniques against Advanced Encryption Standard (AES). We propose two models for fault occurrence; we could find all 128 bits of key using one of them and only 6 faulty ciphertexts. We need approximately 1500 faulty ciphertexts to discover the key with the other fault model. Union of these models covers all faults that can occur in the 9th round of encryption algorithm of AES-128 cryptosystem, One of main advantage of proposed fault models is that any fault in the AES encryption from start (AddRoundKey with the main key before the first round) to MixColumns function of 9th round can be modeled with one of our fault models. These models... 

In this work, we present a novel FPGA-based implementation of the AES algorithm which has a two-layered resistance against power analysis attacks. Our countermeasure is based on the concept of finite state machine equipped with a random number generator. Beyond masking the intermediate variables as the first layer of defense, we randomize the sequences of operations and add dummy computations as the second layer of defense. Therefore, the first order attack is prevented and the number of power traces needed for a successful second order attack is vastly increased and the correlation coefficient is decreased, as expected. © 2017 IEEE  

Cyber-physical systems contain networked embedded systems. Such systems may implement cryptographic algorithms for processing and/or communication. Therefore, they can be prone to side-channel attacks. Differential power analysis is one of such attacks, which is considered among the most serious threats against cryptographic devices. Various metrics have been proposed to evaluate the resistance of different implementations against these attacks. Some of these metrics need side-channel attacks to be conducted and depend on the considered power model. Due to the vast variety of proposed side-channel attacks and power models, comprehensively evaluating a design under these metrics is commonly... 

Side Channel Analysis (SCA) are still harmful threats against security of embedded systems. Due to the fact that every kind of SCA attack or countermeasure against it needs to be implemented before evaluation, a huge amount of time and cost of this process is paid for providing high resolution measurement tools, calibrating them and also implementation of proposed design on ASIC or target platform. In this paper, we have introduced a novel simulation platform for evaluation of power based SCA attacks and countermeasures. We have used Synopsys power analysis tools in order to simulate a processor and implement a successful Differential Power Analysis (DPA) attack on it. Then we focused on the... 

In this paper we propose a new method for applying hiding countermeasure against CPA attacks. This method is for software implementation, based on smoothing power consumption of the device. We propose a new heuristic encoding scheme for implementing block cipher algorithms. Our new method includes only AND-equivalent and XOR-equivalent operations since every cryptographic algorithm can be implemented with two basic operations, namely AND, XOR. In order to practically evaluate resistance improvement against CPA, we implement the proposed coding scheme on SIMON, a lightweight block cipher, on a smartcard with ATmega163 microprocessor. The results of this implementation show a 350 times more... 

Basically, charge recovery logic styles have been devised for low-power purposes. However, they have some other characteristics such as inherent pipelining mechanism, low data-dependent power consumption, and low electromagnetic radiations which are usually neglected by researchers. These properties can be useful in other application areas such as side channel attack resistant cryptographic hardware. This paper addresses these properties of charge recovery logics and examines a common one, called 2N-2N2P, as a side channel attack countermeasure by information theoretic evaluation metrics. The observed results show that the usage of this logic style leads to improve DPA-resistance as well as... 

The elliptic curve cryptography (ECC) has gained attention mainly due to its lower complexity compared to other asymmetric methods while providing the same security level. The most performance critical operation in ECC is the point multiplication. Thus, its efficient implementation is desirable. One of the most secure and lightweight ECC curves, which satisfies all standard security criteria, is the Curve25519. In this paper, a low latency Karatsuba-Ofman-based field multiplier (KOM) and an efficient point multiplication over Curve25519 have been proposed. The improvements have been achieved mainly due to the proposed low latency pipelined KOM and efficient scheduling of field operations.... 

Augmenting the security of cryptographic algorithms by protecting them against side-channel active attacks (and natural faults) is essential in cryptographic engineering. BLAKE algorithm is an efficient hash function which has been developed based on Bernstein's ChaCha stream cipher. Because of the fact that Google has chosen ChaCha along with Bernstein's Poly1305 message authentication code as a replacement for RC4 in TLS for Internet security, BLAKE's implementation is of paramount importance. In this paper, we present high-performance fault detection schemes for BLAKE. Specifically, for the round function, two fault diagnosis approaches are developed and analyzed in terms of error... 

This paper presents an extension to PathFinder FPGA routing algorithm, which enables it to deliver FPGA designs free from risks of crosstalk attacks. Crosstalk side-channel attacks are a real threat in large designs assembled from various IPs, where some IPs are provided by trusted and some by untrusted sources. It suffices that a ring-oscillator based sensor is conveniently routed next to a signal that carries secret information (for instance, a cryptographic key), for this information to possibly get leaked. To address this security concern, we apply several different strategies and evaluate them on benchmark circuits from Verilog-to-Routing tool suite. Our experiments show that, for a... 

Embedded systems account for wide range of applications. However, the design of such systems is faced with a diverse spectrum of criteria. The energy consumption, performance, and demanding security concerns are some of the most significant challenges in designing of such systems. With these challenges, the design process can be managed more easily if a flexible logic circuit with the ability of satisfying the abovementioned concerns is taken into account. To achieve such a logic circuit, in this paper we have combined the sub-threshold operation and charge recovery techniques. Using our technique, lower power consumption, ability of operating at higher frequencies, and more security (to...