Secured asynchronous-logic cryptography circuits to countermeasure against side-channel attack
This thesis pertains to the investigation of asynchronous-logic design techniques as a countermeasure against the side-channel attack (SCA), i.e., an attack that exploits the secret key of cryptographic devices by analyzing their physical leakage information (e.g., power and electromagnetic). The go...
Saved in:
Main Author: | |
---|---|
Other Authors: | |
Format: | Thesis-Doctor of Philosophy |
Language: | English |
Published: |
Nanyang Technological University
2024
|
Subjects: | |
Online Access: | https://hdl.handle.net/10356/177498 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Nanyang Technological University |
Language: | English |
Summary: | This thesis pertains to the investigation of asynchronous-logic design techniques as a countermeasure against the side-channel attack (SCA), i.e., an attack that exploits the secret key of cryptographic devices by analyzing their physical leakage information (e.g., power and electromagnetic). The goal is to design secure cryptographic devices that are highly resistant to SCA by leveraging asynchronous-logic (async-logic) design techniques. Thereafter, the proposed async-logic cryptographic devices are comprehensively evaluated with various SCA attacking models to validate their SCA resistance level in terms of measurement-to-disclosure (MTD), i.e., the minimum number of measurements to disclose the secret key. This thesis presents four proposed research works, summarized as follows.
Firstly, we propose an SCA-resistant async-logic Advanced Encryption Standard (AES) accelerator with dual-hiding SCA countermeasures, i.e. the amplitude moderation (vertical dimension) and the time moderation (horizontal dimension). In this work, we introduce an async-logic design flow with relative timing to simplify the AES realization in Field-Programmable-Gate-Array (FPGA). The async-logic design flow is validated in two commercially-available Sakura-X and Arty-A7 FPGA boards, and we comprehensively evaluate 74 SCA attacking models for our async-logic AES accelerator on these two boards. The evaluation results show that our async-logic AES accelerator is unbreakable within 1 million electromagnetic (EM) traces whereas the synchronous-logic (sync-logic) counterpart is breakable within < 30k EM traces, manifesting a 33.33× improvement in terms of MTD.
Secondly, we propose an SCA-resistant async-logic AES accelerator embodying both the masking and hiding SCA countermeasures. Our async-logic masked AES accelerator adopts a dual-rail data encoding to perform the masked 128-bit AES operations, and to enable dual-hiding to moderate both the amplitude (vertical dimension) and the time (horizontal dimension) of the side-channel signals. We implement our async-logic masked AES accelerator in FPGA and comprehensively perform the SCA evaluations. The evaluation results show that our async-logic masked AES accelerator is secured against SCA with 1 million EM emanations. This is at least 8.3× more resistant than the sync-logic masked AES accelerator and 200× more resistant than the sync-logic unmasked AES accelerator.
Thirdly, we propose an FPGA-based Dual-Hiding async-logic AES accelerator, that is highly resistant against SCAs and yet low area/energy overheads. The proposed AES accelerator achieves vertical (amplitude) SCA hiding via an area-efficient dual-rail mapping approach and a zero-value (ZV) compensated S-Box, while enhancing the horizontal (temporal) SCA hiding of async-logic operations via a timing-boundary-free input arrival-time randomizer and a skewed-delay controller. The SCA evaluation results show that our proposed design can offer a strong SCA resistance with an MTD of > 20M traces. To compare the design overheads for security, we quantify the figure of merit as normalized (Area×Energy)/(MTD(All) ×10^6 ). The figure of merit of our proposed design is 403× smaller than the benchmark dual-rail sync-logic design and 95× smaller than a reported async-logic design.
Fourthly, we propose an SCA-resistant async-logic AES accelerator that integrates sync-logic Block RAMs (BRAMs) in FPGA as the Substitution-Box. We successfully identify the timing requirements to integrate sync-logic BRAMs in our async-logic AES accelerator and validate our proposed AES accelerator on the Sakura-X FPGA board. With the integration of BRAMs, we improve the resource utilization on FPGA by 1.6× when compared to the state-of-the-art async-logic AES accelerator, while reducing the power overhead by 1.4×. The SCA evaluation results show that our proposed async-logic AES accelerator is highly secure against SCA with an MTD of >30M EM traces. This is >6000× improvement when compared to the benchmark sync-logic AES accelerator and 1.5× improvement when compared to the state-of-the-art async-logic AES accelerator.
Overall, this thesis demonstrates the effectiveness of async-logic design techniques in creating secure cryptographic devices with enhanced resistance against SCAs. Future investigations may delve into integrating additional countermeasures like dynamic voltage scaling and defenses against fault injection attacks, further unlocking the potential of async-logic design techniques as a robust solution for hardware security. |
---|