Power Profile Obfuscation Using Nanoscale Memristive Devices to Counter DPA Attacks
Pages 26 - 35
Abstract
Side channel attacks (SCAs), such as differential power analysis (DPA), are considered as one of the most competent attacks to obtain the secure key of a cryptographic algorithm. Conventional countermeasures for DPAs are focused on hiding and masking techniques at different levels of design abstraction, associated with high power or area cost. However, emerging technologies such as resistive random access memory (RRAM), offer unique opportunities to mitigate SCAs/DPAs with their inherent device characteristics such as variability in write time, ultra low power (0.1-3 pJ/bit), and high density (4F 2). In this research, DPA attacks are mitigated by obfuscating the power profile using inverse RRAM modules. The state memory transaction power traces are balanced when the inverse memory is accessed in tandem with the memory module based on a peripheral balancing logic block. A baseline RTL architecture for the 128-bit AES cryptoprocessor is designed and implemented in CMOS technology. Balancing using RRAM and CMOS memory modules is compared against this baseline architecture. A customized simulation framework is developed for extracting the power traces using Synopsys and Cadence tool suites along with a Hamming weight DPA attack module implemented in Python. The attack mounted on the baseline architectures was successful and the full key was recovered. However, DPA attacks mounted on the inverse CMOS and RRAM-based AES cryptoprocessor yielded unsuccessful results with no keys recovered, demonstrating the resiliency of the proposed architecture against DPA attacks. More importantly, the power consumed with the RRAM balancing logic block is one order lower than the corresponding pure CMOS implementation.
References
[1]
N.-F. Standard, “Announcing the advanced encryption standard (aes),” Federal Information Processing Standards Publication, vol. 197, 2001.
[2]
P. Kocher, “Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems,” in Advances in Cryptology CRYPTO 96. New York, NY, USA: Springer, 1996, pp. 104– 113.
[3]
P. Kocher, J. Jaffe, and B. Jun, “Differential power analysis,” in Advances in Cryptology CRYPTO 99. New York, NY, USA: Springer, 1999, pp. 789– 789.
[4]
K. Gandolfi, C. Mourtel, and F. Olivier, “ Electromagnetic analysis: Concrete results,” in Cryptographic Hardware and Embedded Systems CHES 2001. New York, NY, USA: Springer, 2001, pp. 251–261.
[5]
C. Clavier and N. Dabbous, “Differential power analysis in the presence of hardware countermeasures,” in Proc. 2nd Int. Workshop Cryptographic Hardware Embedded Syst., 2000, pp. 252 –263.
[6]
J. Daemen and V. Rijmen, “Resistance against implementation attacks: A comparative study of the AES proposals, ” in Proc. 2nd AES Candidate Conf., 1999, pp. 122 –132.
[7]
A. Moradi, A. Barenghi, T. Kasper, and C. Paar, “On the vulnerability of FPGA bitstream encryption against power analysis attacks: Extracting keys from Xilinx Virtex-II FPGAs,” in Proc. 18th ACM Conf. Comput. Commun. Security, 2011, pp. 111– 124.
[8]
A. Moradi, M. Kasper, and C. Paar, “Black-box side-channel attacks highlight the importance of countermeasures,” inProc. 12th Conf. Topics Cryptology, 2012, pp. 1–18.
[9]
J. Balasch, B. Gierlichs, R. Verdult, L. Batina, and I. Verbauwhede, “Power analysis of Atmel cryptomemory—Recovering keys from secure EEPROMs,” in Proc. 12th Conf. Topics Cryptology, 2012, pp. 19–34.
[10]
P. Grabher, J. Großschädl, and D. Page, “ Non-deterministic processors: FPGA-based analysis of area, performance and security,” in Proc. 4th Workshop Embedded Syst. Security, 2009, pp. 1–10.
[11]
J.-S. Coron and L. Goubin, “On boolean and arithmetic masking against differential power analysis,” in Cryptographic Hardware and Embedded Systems. New York, NY, USA: Springer, 2000, pp. 1–14.
[12]
K. Tiri, D. Hwang, A. Hodjat, B.-C. Lai, S. Yang, P. Schaumont, and I. Verbauwhede, “Prototype IC with WDDL and differential routing—DPA resistance assessment,” in Proc. Cryptographic Hardware Embedded Syst., 2005, pp. 354–365.
[13]
R. Muresan and C. Gebotys, “Current flattening in software and hardware for security applications,” in Proc. Int. Conf. Hardware/Softw. Codes. Syst. Synthesis, 2004, pp. 218 –223.
[14]
E. Trichina, D. De Seta, and L. Germani, “Simplified adaptive multiplicative masking for AES,” in Proc. 4th Int. Workshop Cryptographic Hardware Embedded Syst., 2003, pp. 71–85.
[15]
L. Goubin and J. Patarin, “DES and differential power analysis the duplication method,” in Cryptographic Hardware and Embedded Systems. New York, NY, USA: Springer, 1999, pp. 728–728.
[16]
J. Fournier, S. Moore, H. Li, R. Mullins, and G. Taylor, “Security evaluation of asynchronous circuits,” in Proc. Cryptographic Hardware Embedded Syst., 2003, pp. 137–151 .
[17]
G. Khedkar, and D. Kudithipudi, “RRAM motifs for mitigating differential power analysis attacks (DPA),” in Proc. IEEE Comput. Soc. Annu. Symp. VLSI, 2012, pp. 88 –93.
[18]
P. Lugli, A. Mahmoud, G. Csaba, M. Algasinger, M. Stutzmann, and U. Rührmair, “Physical unclonable functions based on crossbar arrays for cryptographic applications,” Int. J. Circuit Theory Appl., vol. 41, no. 6, pp. 619–633, 2013.
[19]
J. Rajendran, S. Member, and H. Manem, “An energy-efficient memristive threshold logic circuit,” IEEE Trans. Comput., vol. 61, no. 4, pp. 474–487, Apr. 2012.
[20]
T. Messerges, “Securing the AES finalists against power analysis attacks, ” in Fast Software Encryption. New York, NY, USA: Springer, 2001, pp. 293–301.
[21]
L. Chua, “Memristor—The missing circuit element,” IEEE Trans. Circuit Theory, vol. CT-18, no. 5, pp. 507 –519, Sep. 1971.
[22]
L. Chua, and S.-M. Kang, “Memristive devices and systems,” Proc. IEEE, vol. 64, no. 2, pp. 209–223, Feb. 1976.
[23]
L. Chua, “Resistance switching memories are memristors,” Appl. Phys. A, vol. 102, no. 4, pp. 765– 783, Jan. 2011.
[24]
S. H. Jo, T. Chang, I. Ebong, B. B. Bhadviya, P. Mazumder, and W. Lu, “Nanoscale memristor device as synapse in neuromorphic systems,” Nano Lett., vol. 10, no. 4, pp. 1297–301, Apr. 2010.
[25]
J. J. Yang, D. B. Strukov, and D. R. Stewart. (2013, Jan.). Memristive devices for computing. Nature Nanotechnol. [Online]. 8(1), pp. 13–24. Available: http://www.ncbi.nlm.nih.gov/pubmed/23269430
[26]
D. B. Strukov, G. S. Snider, D. R. Stewart, and R. S. Williams. (2008, May). The missing memristor found. Nature [Online]. 453(7191), pp. 80– 83. Available: http://www.ncbi.nlm.nih.gov/pubmed/18451858
[27]
S. H. Jo, K.-H. Kim, and W. Lu, “Programmable resistance switching in nanoscale two-terminal devices,” Nano Lett., vol. 9, no. 1, pp. 496–500, 2008.
[28]
S. H. Jo, K.-H. Kim, and W. Lu, “High-density crossbar arrays based on a Si memristive system,” Nano Lett., vol. 9, no. 2, pp. 870–874, 2009.
[29]
Y. C. Yang, F. Pan, Q. Liu, M. Liu, and F. Zeng, “Fully room-temperature-fabricated nonvolatile resistive memory for ultrafast and high-density memory application,” Nano Lett., vol. 9, no. 4, pp. 1636–1643, 2009.
[30]
J. Joshua Yang, F. Miao, M. D. Pickett, D. A. A. Ohlberg, D. R. Stewart, C. N. Lau, and R. S. Williams. (2009, May). The mechanism of electroforming of metal oxide memristive switches. Nanotechnology [Online]. vol. 20, no. 21, p. 215201. Available: http://www.ncbi.nlm.nih.gov/pubmed/19423925
[31]
M. D. Pickett, D. B. Strukov, J. L. Borghetti, J. J. Yang, G. S. Snider, D. R. Stewart, and R. S. Williams. Switching dynamics in titanium dioxide memristive devices. J. Appl. Phys., vol. 106, no. 7, pp. 1–10, 2009.
[32]
Y. V. Pershin and M. Di Ventra, “Spin memristive systems: Spin memory effects in semiconductor spintronics, ” Phys. Rev. B, vol. 78, no. 11, pp. 1–14, 2008.
[33]
W.-Q. Deng, R. P. Muller, and W. A. Goddard, “ Mechanism of the stoddart-heath bistable rotaxane molecular switch,” J. Amer. Chem. Soc. , vol. 126, no. 42, pp. 13 562–13 563, 2004.
[34]
J. Blanc and D. L. Staebler, “Electrocoloration in srti o 3: Vacancy drift and oxidation-reduction of transition metals,” Phys. Rev. B, vol. 4, no. 10, pp. 3548–3557, 1971.
[35]
Y. Dong, G. Yu, M. C. McAlpine, W. Lu, and C. M. Lieber, “Si/a-si core/shell nanowires as nonvolatile crossbar switches, ” Nano Lett., vol. 8, no. 2, pp. 386 –391, 2008.
[36]
R. Waser, R. Dittmann, G. Staikov, and K. Szot. (2009, Jul.). Redox-based resistive switching memories—Nanoionic mechanisms, prospects, and challenges. Adv. Mater. [Online]. 21(25–26), pp. 2632–2663. Available: http://doi.wiley.com/10.1002/adma.200900375
[37]
D. B. Strukov and R. S. Williams. (2008, Nov.). Exponential ionic drift: Fast switching and low volatility of thin-film memristors. Appl. Phys. A [Online]. 94(3), pp. 515 –519. Available: http://www.springerlink.com/index/10.1007/s00339-008-4975-3
[38]
C. E. Merkel and D. Kudithipudi, “Toward thermal profiling in CMOS/memristor hybrid RRAM architectures, ” in Proc. Int. Conf. VLSI Design, 2012, pp. 167 –172.
[39]
S. H. Jo, K.-H. Kim, and W. Lu. (2009, Feb. ). High-density crossbar arrays based on a Si memristive system. Nano Lett. [Online]. 9(2), pp. 870–874. Available: http://www.ncbi.nlm.nih.gov/pubmed/19206536
[40]
J. Daemen and V. Rijmen, The Design of Rijndael: AES—The Advanced Encryption Standard. New York, NY, USA : Springer, 2002.
[41]
J. A. Ambrose, S. Parameswaran, and A. Ignjatovic, “ MUTE-AES: A multiprocessor architecture to prevent power analysis based side channel attack of the AES algorithm,” in Proc. IEEE/ACM Int. Conf. Comput.-Aided Design, 2008, pp. 678–684.
[42]
S. B. Ors, F. Gurkaynak, E. Oswald, and B. Preneel, “Power-analysis attack on an ASIC AES implementation,” in Proc. Inform. Technol.: Coding Comput. Int. Conf., 2004, pp. 546–552.
[43]
G. Boracchi and L. Breveglieri, “A study on the efficiency of differential power analysis on AES S-Box,” DEI Politecnico di Milano, Milano, Italy, Tech. Rep., 2007.
[44]
N. Pramstaller, F. K. Gurkaynak, S. Haene, H. Kaeslin, N. Felber, and W. Fichtner, “Towards an AES crypto-chip resistant to differential power analysis,” in Proc. 30th Eur. Solid-State Circuits Conf., 2004, pp. 307–310.
[45]
R. Mayer-Sommer, “Smartly analyzing the simplicity and the power of simple power analysis on smartcards,” in Cryptographic Hardware and Embedded Systems. New York, NY, USA: Springer, 2000, pp. 78–92.
[46]
T. S. Messerges, E. A. Dabbish, and R. H. Sloan, “ Examining smart-card security under the threat of power analysis attacks,” IEEE Trans. Comput., vol. 51, no. 5, pp. 541–552, May 2002.
[47]
D. May, H. Muller, and N. Smart, “Non-deterministic processors,” in Information Security and Privacy. New York, NY, USA: Springer, 2001, pp. 115– 129.
[48]
N. Courtois and L. Goubin, “An algebraic masking method to protect AES against power attacks,” in Proc. 8th Int. Conf. Inform. Security Cryptology, 2006, pp. 199– 209.
[49]
M. Rivain and E. Prouff, “Provably secure higher-order masking of AES,” in Proc. 12th Int. Conf.Cryptographic Hardware Embedded Syst., 2010, pp. 413– 427.
[50]
T. Popp and S. Mangard, “Masked dual-rail pre-charge logic: DPA-resistance without routing constraints, ” in Proc. Cryptographic Hardware Embedded Syst., 2005, pp. 172 –186.
[51]
J. A. Ambrose, R. G. Ragel, and S. Parameswaran, “ RIJID: Random code injection to mask power analysis based side channel attacks,” in Proc. 44th ACM/IEEE Design Autom. Conf., 2007, pp. 489–492.
[52]
K. Tiri, D. Hwang, A. Hodjat, B. Lai, S. Yang, P. Schaumont, and I. Verbauwhede, “A side-channel leakage free coprocessor IC in 0.18$\mu$m CMOS for embedded AES-based cryptographic and biometric processing,” in Proc. 42nd Design Autom. Conf., 2005, pp. 222–227.
[53]
G. Smith, “Simulated power attack on SHA-3 candidate grostle,” M.S. thesis, Dept. Comput. Eng., Rochester Inst. Technol., Rochester, NY, USA, 2012.
Index Terms
- Power Profile Obfuscation Using Nanoscale Memristive Devices to Counter DPA Attacks
Index terms have been assigned to the content through auto-classification.
Recommendations
RRAM Motifs for Mitigating Differential Power Analysis Attacks (DPA)
ISVLSI '12: Proceedings of the 2012 IEEE Computer Society Annual Symposium on VLSIHybrid Resistive Random Access Memory(RRAM)/CMOS architectures offer several opportunities in the next generation high performance systems. These systems are vulnerable to side channel attacks(SPA), including Differential Power Analysis (DPA) attacks. ...
Stratification of Hardware Attacks: Side Channel Attacks and Fault Injection Techniques
AbstractCryptographic devices have many encrypted and secured solutions to protect them against hardware attacks. Hardware designers spent huge amount of time and effort in implementing cryptographic algorithms, keeping the analysis of design constraints ...
Can Knowledge Regarding the Presence of Countermeasures Against Fault Attacks Simplify Power Attacks on Cryptographic Devices?
DFT '08: Proceedings of the 2008 IEEE International Symposium on Defect and Fault Tolerance of VLSI Systemsimplementing cryptographic algorithms. Powerful ways for gaining information about the secret key as well as various countermeasures against such attacks have been recently developed. Although it iswell known that such attacks can exploit information ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Copyright © 2014.
Publisher
IEEE Press
Publication History
Published: 01 January 2015
Author Tags
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 03 Jan 2025