[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content
Springer Nature Link
Log in

Do Not Rely on Clock Randomization: A Side-Channel Attack on a Protected Hardware Implementation of AES

  • Conference paper
  • First Online:
Foundations and Practice of Security (FPS 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13877))

Included in the following conference series:

Abstract

Clock randomization is one of the oldest countermeasures against side-channel attacks. Various implementations have been presented in the past, along with positive security evaluations. However, in this paper we show that it is possible to break countermeasures based on a randomized clock by sampling side-channel measurements at a frequency much higher than the encryption clock, synchronizing the traces with pre-processing, and targeting the beginning of the encryption. We demonstrate a deep learning-based side-channel attack on a protected FPGA implementation of AES which can recover a subkey from less than 500 power traces. In contrast to previous attacks on FPGA implementations of AES which targeted the last round, the presented attack uses the first round as the attack point. Any randomized clock countermeasure is significantly weakened by an attack on the first round because the effect of randomness accumulated over multiple encryption rounds is lost.

M. Brisfors and M. Moraitis—Both authors contributed equally to this manuscript.

This work was supported in part by the research grant 2021-02426 from Vinnova, the research grant 2020-11632 from the Swedish Civil Contingencies Agency, and the Vinnova Competence Center for Trustworthy Edge Computing Systems and Applications at KTH Royal Institute of Technology.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 55.99
Price includes VAT (United Kingdom)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
GBP 69.99
Price includes VAT (United Kingdom)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Note that \(_nC_r\) is an alternative notation of \(n \atopwithdelims ()r\).

  2. 2.

    An alternative design with dynamically reconfigurable MMCMs is mentioned, but not implemented.

  3. 3.

    A BUFGMUX_CTRL is a Global Clock Control Buffer (BUFGCTRL) with the clock enable (CE) inputs set to constant 1 and select inputs (S) connected to the selection signal. When the select signal is connected to the CE inputs, the glitch-free functionality is lost and the switching occurs asynchronously.

  4. 4.

    The Nyquist rate is defined as twice the bandwidth of the signal.

  5. 5.

    Here by “typical” we mean the AES implementation in which one round is computed per clock cycle and the state is stored at the end of the round.

  6. 6.

    The cumulative effect of randomness can be described by a random walk, and the variance of a random walk increases with the walk length. Thus, if the timing shifts are randomly distributed, the uncertainty in the first round is provably smaller than the uncertainty in the last.

References

  1. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_25

    Chapter  Google Scholar 

  2. Kocher, P.C., Jaffe, J., Jun, B.: Using unpredictable information to minimize leakage from smartcards and other cryptosystems. US Patent 6,327,661

    Google Scholar 

  3. Kocher, P.C., Jaffe, J., Jun, B., Rohatgi, P.: Introduction to differential power analysis. J. Cryptogr. Eng. 1, 5–27 (2011)

    Article  Google Scholar 

  4. Bucci, M., Luzzi, R., Guglielmo, M., Trifiletti, A.: A countermeasure against differential power analysis based on random delay insertion. In: IEEE International Symposium on Circuits and Systems (ISCAS), vol. 4, pp. 3547–3550 (2005)

    Google Scholar 

  5. Lu, Y., O’Neill, M.P., McCanny, J.V.: FPGA implementation and analysis of random delay insertion countermeasure against DPA. In: 2008 International Conference on Field-Programmable Technology, pp. 201–208 (2008)

    Google Scholar 

  6. Zafar, Y., Har, D.: A novel countermeasure enhancing side channel immunity in FPGAs. In: 2008 International Conference on Advances in Electronics and Micro-electronics, pp. 132–137 (2008)

    Google Scholar 

  7. Zafar, Y., Park, J., Har, D.: Random clocking induced DPA attack immunity in FPGAs. In: 2010 IEEE International Conference on Industrial Technology, pp. 1068–1070 (2010)

    Google Scholar 

  8. Boey, K.H., Hodgers, P., Lu, Y., O’Neill, M., Woods, R.: Security of AES Sbox designs to power analysis. In: 2010 17th IEEE International Conference on Electronics, Circuits and Systems, pp. 1232–1235 (2010)

    Google Scholar 

  9. Boey, K.H., Lu, Y., O’Neill, M., Woods, R.: Random clock against differential power analysis. In: 2010 IEEE Asia Pacific Conference on Circuits and Systems, pp. 756–759 (2010)

    Google Scholar 

  10. Güneysu, T., Moradi, A.: Generic side-channel countermeasures for reconfigurable devices. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 33–48. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23951-9_3

    Chapter  Google Scholar 

  11. Ravi, P., Bhasin, S., Breier, J., Chattopadhyay, A.: PPAP and iPPAP: PLL-based protection against physical attacks. In: 2018 IEEE Computer Society Annual Symposium on VLSI (ISVLSI), pp. 620–625. IEEE (2018)

    Google Scholar 

  12. Coron, J.-S., Kizhvatov, I.: An efficient method for random delay generation in embedded software. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 156–170. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04138-9_12

    Chapter  MATH  Google Scholar 

  13. Coron, J.-S., Kizhvatov, I.: Analysis and improvement of the random delay countermeasure of CHES 2009. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 95–109. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15031-9_7

    Chapter  MATH  Google Scholar 

  14. Fritzke, A.W.: Obfuscating against side-channel power analysis using hiding techniques for AES (2012)

    Google Scholar 

  15. Jayasinghe, D., Ignjatovic, A., Parameswaran, S.: RFTC: runtime frequency tuning countermeasure using FPGA dynamic reconfiguration to mitigate power analysis attacks. In: 2019 56th ACM/IEEE Design Automation Conference (DAC), pp. 1–6. IEEE (2019)

    Google Scholar 

  16. Hettwer, B., Das, K., Leger, S., Gehrer, S., Güneysu, T.: Lightweight side-channel protection using dynamic clock randomization. In: 2020 30th International Conference on Field-Programmable Logic and Applications (FPL), pp. 200–207 (2020)

    Google Scholar 

  17. Jayasinghe, D., Ignjatovic, A., Parameswaran, S.: UCloD: small clock delays to mitigate remote power analysis attacks. IEEE Access 9, 108411–108425 (2021)

    Article  Google Scholar 

  18. Xilinx: Vivado Design Suite 7 Series FPGA and Zynq-7000 SoC Libraries Guide (UG953) (2022)

    Google Scholar 

  19. Schlichthärle, D.: Digital Filters. Editorial Springer (2000)

    Google Scholar 

  20. van Woudenberg, J.G.J., Witteman, M.F., Bakker, B.: Improving differential power analysis by elastic alignment. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 104–119. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19074-2_8

    Chapter  Google Scholar 

  21. Abdellatif, K.M., Couroussé, D., Potin, O., Jaillon, P.: Filtering-based CPA: a successful side-channel attack against desynchronization countermeasures. In: Proceedings of the Fourth Workshop on Cryptography and Security in Computing Systems, pp. 29–32 (2017)

    Google Scholar 

  22. Schimmel, O., Duplys, P., Boehl, E., Hayek, J., Bosch, R., Rosenstiel, W.: Correlation power analysis in frequency domain. In: COSADE 2010 First International Workshop on Constructive SideChannel Analysis and Secure Design (2010)

    Google Scholar 

  23. Hogenboom, J., Batina, L.: Principal component analysis and side-channel attacks-master thesis. In: Principal Component Analysis and Side-Channel Attacks-Master Thesis, pp. 536–539 (2010)

    Google Scholar 

  24. Muijrers, R.A., van Woudenberg, J.G.J., Batina, L.: RAM: rapid alignment method. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 266–282. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-27257-8_17

    Chapter  Google Scholar 

  25. Fledel, D., Wool, A.: Sliding-window correlation attacks against encryption devices with an unstable clock. In: Cid, C., Jacobson, M., Jr. (eds.) SAC 2018. LNCS, vol. 11349, pp. 193–215. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-10970-7_9

    Chapter  Google Scholar 

  26. Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28632-5_2

    Chapter  Google Scholar 

  27. Robyns, P., Quax, P., Lamotte, W.: Improving CEMA using correlation optimization. IACR Trans. Cryptogr. Hardw. Embed. Syst. 1–24 (2019)

    Google Scholar 

  28. NewAE Technology Inc.: Chipwhisperer. https://newae.com/tools/chipwhisperer

  29. ProjectVault: Verilog implementation of AES-128. https://github.com/ProjectVault/orp/tree/master/hardware/mselSoC/src/systems/geophyte/rtl/verilog/crypto_aes/rtl/verilog

  30. NewAE Technology Inc.: CW305 Artix Target common sources. https://github.com/newaetech/chipwhisperer/tree/develop/hardware/victims/cw305_artixtarget/fpga/common

Download references

Author information

Authors and Affiliations

  1. Royal Institute of Technology (KTH), Electrum 229, 196 40, Stockholm, Sweden

    Martin Brisfors, Michail Moraitis & Elena Dubrova

Authors
  1. Martin Brisfors
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michail Moraitis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Elena Dubrova
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Michail Moraitis .

Editor information

Editors and Affiliations

  1. University of Ottawa, Ottawa, ON, Canada

    Guy-Vincent Jourdan

  2. Université Grenoble Alpes, Grenoble, France

    Laurent Mounier

  3. University of Ottawa, Ottawa, ON, Canada

    Carlisle Adams

  4. University Toulouse III Paul Sabatier, Toulouse, France

    Florence Sèdes

  5. Telecom SudParis, Palaiseau, France

    Joaquin Garcia-Alfaro

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Brisfors, M., Moraitis, M., Dubrova, E. (2023). Do Not Rely on Clock Randomization: A Side-Channel Attack on a Protected Hardware Implementation of AES. In: Jourdan, GV., Mounier, L., Adams, C., Sèdes, F., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2022. Lecture Notes in Computer Science, vol 13877. Springer, Cham. https://doi.org/10.1007/978-3-031-30122-3_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-30122-3_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-30121-6

  • Online ISBN: 978-3-031-30122-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation