Title: Techniques to Prevent Power Analysis on Encryption Hardware CS252 Final Project By Shengliang Song
1Techniques to Prevent Power Analysis on
Encryption HardwareCS252 Final ProjectBy
Shengliang Song Nikita Borisov Professor Jan
Rabaey Kurt Keutzer
- Smart Card
- Differential Power Analysis
- Divide-and-conquer approach
2Smart Card
- Processing Power (Intel 8051, Motorola 6805)
- Data Storage (EEPROM, FLASH, ROM, RAM)
- IO Power Source (Contact, Contactless)
3Smart Cards
B) Inductive Coupling Asynchronous RF/ID and
RF/DC ISO 7816-3 (similar to RS232 operating at
9600 baud with even parity)
Power A) Smart Card Reader Synchronous powered,
clocked and addressed under control of the
outside world
4Differential Power Analysis
- Semiconductor logic gates
- consuming power
- producing electromagnetic radiation
- DPA plaintext or ciphertext gt encryption or
decryption keys - Observes m encryption operation
- Captures power traces T1..m1..k (k samples
each) - records the ciphertexts C1..m
- Delta D1..k (by finding the difference between
the averages of the traces for which D(c,b,ks) is
one and the average of the traces for which
D(c,b,ks) is zero.)
5Measure a circuits power consumption
- a small (50 ohm) resistor is inserted in series
with the power or ground input
Vcc
I Vout/R
Vout
R 50 ohm
6DPA Traces
7DEFENSES
- Still being studied
- Balancing computation with complements
- Splitting bits into randomized shares
- Special circuit design techniques
- Randomize order
- Complicated, costly
8Divide-and-conquer approach
- Build a simple ALU which implements sensitive
operations (ROT, ADD, XOR, Skey) - Make it power analysis resistant (Continue
Research IC layer, glu-logical, Computer
Architecture) - Design control logical normally (8bit CPU or ROM
based Machine)
9Control CPU or ROM Based Machine
10ALU SBox
- Basic Units
- ROT
- ADD
- XOR
- SBox
- Shielding will be less complex
- Communication (ALU, Sbox, Ctrl)
SAkey
11ADVANTAGES
IO
- Smaller than an entire cipher
- reduce cost of expensive techniques
- Easier to apply complex design principles
- Model interactions
- Reused
CPU
ALU
SBOX
Skey
12PROBLEMS
- communication between controller and ALU can be
slow - Asynchronous (Req, Ack, ALU takes more than one
clock cycle time) - Synchronous (ALU need run in a fast clock rate)
- some cipher specific techniques (eg. Randomized
Sbox lookups) are harder to apply
13References
- Smart Cards http//www.sjug.org/jcsig/others/smar
t_card.htm - Differential Power Analysis http//www.cryptograp
hy.com/dpa/Dpa.pdf