Recommendations for Secure IC s and ASIC s

Similar documents
Three Phase Dynamic Current Mode Logic: AMoreSecureDyCML to Achieve a More Balanced Power Consumption

Topic 6. CMOS Static & Dynamic Logic Gates. Static CMOS Circuit. NMOS Transistors in Series/Parallel Connection

Investigating the DPA-Resistance Property of Charge Recovery Logics

SIDE-CHANNEL attacks exploit the leaked physical information

DETECTING POWER ATTACKS ON RECONFIGURABLE HARDWARE. Adrien Le Masle, Wayne Luk

CHAPTER 5 DESIGN AND ANALYSIS OF COMPLEMENTARY PASS- TRANSISTOR WITH ASYNCHRONOUS ADIABATIC LOGIC CIRCUITS

Secure Adiabatic Logic: a Low-Energy DPA-Resistant Logic Style

Dynamic Logic. Domino logic P-E logic NORA logic 2-phase logic Multiple O/P domino logic Cascode logic 11/28/2012 1

A Simulation-Based Methodology for Evaluating the DPA-Resistance of Cryptographic Functional Units with Application to CMOS and MCML Technologies

Power Analysis Attacks on SASEBO January 6, 2010

SUBTHRESHOLD DESIGN SPACE EXPLORATION FOR GAUSSIAN NORMAL BASIS MULTIPLIER

Differential Power Analysis Attack on FPGA Implementation of AES

CPE/EE 427, CPE 527 VLSI Design I: Homeworks 3 & 4

EC 1354-Principles of VLSI Design

EE 330 Lecture 42. Other Logic Styles Digital Building Blocks

EE 330 Lecture 43. Digital Circuits. Other Logic Styles Dynamic Logic Circuits

COMPREHENSIVE ANALYSIS OF ENHANCED CARRY-LOOK AHEAD ADDER USING DIFFERENT LOGIC STYLES

Chapter 6 Combinational CMOS Circuit and Logic Design. Jin-Fu Li Department of Electrical Engineering National Central University Jungli, Taiwan

Investigations of Power Analysis Attacks on Smartcards

Evaluation of On-chip Decoupling Capacitor s Effect on AES Cryptographic Circuit

Power-Area trade-off for Different CMOS Design Technologies

Comparison of High Speed & Low Power Techniques GDI & McCMOS in Full Adder Design

A Low Power and Area Efficient Full Adder Design Using GDI Multiplexer

EEC 118 Lecture #12: Dynamic Logic

Implementation of Low Power High Speed Full Adder Using GDI Mux

Lecture 16. Complementary metal oxide semiconductor (CMOS) CMOS 1-1

EE 330 Lecture 43. Digital Circuits. Other Logic Styles Dynamic Logic Circuits

Combinational Logic Gates in CMOS

EE 330 Lecture 44. Digital Circuits. Other Logic Styles Dynamic Logic Circuits

Information Theoretic and Security Analysis of a 65-nanometer DDSLL AES S-box

Module 4 : Propagation Delays in MOS Lecture 19 : Analyzing Delay for various Logic Circuits

DPA Leakage Models for CMOS Logic Circuits

A Low Power Array Multiplier Design using Modified Gate Diffusion Input (GDI)

Finding the key in the haystack

A New High Speed - Low Power 12 Transistor Full Adder Design with GDI Technique

EE434 ASIC & Digital Systems

DPA 1 attacks on keys stored in CMOS cryptographic devices through the influence of the leakage behavior

Transform. Jeongchoon Ryoo. Dong-Guk Han. Seoul, Korea Rep.

Evaluation of the Masked Logic Style MDPL on a Prototype Chip

MOS CURRENT MODE LOGIC BASED PRIORITY ENCODERS

Implementation of 1-bit Full Adder using Gate Difuision Input (GDI) cell

Integrated Circuits & Systems

Security Evaluation Against Electromagnetic Analysis at Design Time

Low Power Design of Successive Approximation Registers

Low Power, Area Efficient FinFET Circuit Design

Electronic Circuits EE359A

A new 6-T multiplexer based full-adder for low power and leakage current optimization

Investigation on Performance of high speed CMOS Full adder Circuits

Constant Power Reconfigurable Computing

Low-Power Digital CMOS Design: A Survey

Design of Two High Performance 1-Bit CMOS Full Adder Cells

Low Power Design for Systems on a Chip. Tutorial Outline

IC Layout Design of 4-bit Universal Shift Register using Electric VLSI Design System

Separation and Extraction of Short-Circuit Power Consumption in Digital CMOS VLSI Circuits

Evaluation of the Masked Logic Style MDPL on a Prototype Chip

Reduced Swing Domino Techniques for Low Power and High Performance Arithmetic Circuits

CHAPTER 6 GDI BASED LOW POWER FULL ADDER CELL FOR DSP DATA PATH BLOCKS

Low Power &High Speed Domino XOR Cell

PERFORMANCE ANALYSIS OF LOW POWER FULL ADDER CELLS USING 45NM CMOS TECHNOLOGY

Design of 32-bit ALU using Low Power Energy Efficient Full Adder Circuits

Analysis and Mitigation of Process Variation Impacts on Power-Attack Tolerance

A Novel Low-Power Scan Design Technique Using Supply Gating

SURVEY AND EVALUATION OF LOW-POWER FULL-ADDER CELLS

A Literature Survey on Low PDP Adder Circuits

DAT175: Topics in Electronic System Design

ADIABATIC LOGIC FOR LOW POWER DIGITAL DESIGN

High Speed Communication Circuits and Systems Lecture 14 High Speed Frequency Dividers

Design of New Full Swing Low-Power and High- Performance Full Adder for Low-Voltage Designs

A Study on Super Threshold FinFET Current Mode Logic Circuits

Introduction to Electronic Devices

Pardeep Kumar, Susmita Mishra, Amrita Singh

A Novel Approach for High Speed and Low Power 4-Bit Multiplier

IMPLEMENTATION OF ADIABATIC DYNAMIC LOGIC IN BIT FULL ADDER

Design of a High Throughput 128-bit AES (Rijndael Block Cipher)

DPA-Secured Quasi-Adiabatic Logic (SQAL) for Low-Power Passive RFID Tags Employing S-Boxes

Exam Below are two schematics of current sources implemented with MOSFETs. Which current source has the best compliance voltage?

PROCESS-VOLTAGE-TEMPERATURE (PVT) VARIATIONS AND STATIC TIMING ANALYSIS

UNIT-II LOW POWER VLSI DESIGN APPROACHES

FTL Based Carry Look ahead Adder Design Using Floating Gates

Digital Microelectronic Circuits ( ) Pass Transistor Logic. Lecture 9: Presented by: Adam Teman

Time-Memory Trade-Offs for Side-Channel Resistant Implementations of Block Ciphers. Praveen Vadnala

A Hardware-based Countermeasure to Reduce Side-Channel Leakage

Double Stage Domino Technique: Low- Power High-Speed Noise-tolerant Domino Circuit for Wide Fan-In Gates

Leakage Current Analysis

Design of Low Power High Speed Fully Dynamic CMOS Latched Comparator

EM Attack Is Non-Invasive? - Design Methodology and Validity Verification of EM Attack Sensor

Performance Analysis of High Speed Low Power Carry Look-Ahead Adder Using Different Logic Styles

Lecture 11: Clocking

Chapter 13: Introduction to Switched- Capacitor Circuits

! Sequential Logic. ! Timing Hazards. ! Dynamic Logic. ! Add state elements (registers, latches) ! Compute. " From state elements

International Journal of Advanced Research in Biology Engineering Science and Technology (IJARBEST)

Low Power Realization of Subthreshold Digital Logic Circuits using Body Bias Technique

Novel Low-Overhead Operand Isolation Techniques for Low-Power Datapath Synthesis

Design of Robust and power Efficient 8-Bit Ripple Carry Adder using Different Logic Styles

Hardware Bit-Mixers. Laszlo Hars January, 2016

High Speed NP-CMOS and Multi-Output Dynamic Full Adder Cells

Power Analysis Based Side Channel Attack

DIGITAL INTEGRATED CIRCUITS A DESIGN PERSPECTIVE 2 N D E D I T I O N

Contents. Preface. Abstract. 1 Introduction Overview... 1

DESIGN OF CARRY SELECT ADDER WITH REDUCED AREA AND POWER

Transcription:

Recommendations for Secure IC s and ASIC s F. Mace, F.-X. Standaert, J.D. Legat, J.-J. Quisquater UCL Crypto Group, Microelectronics laboratory(dice), Universite Catholique de Louvain(UCL), Belgium email: mace, standaert, legat, quisquater@dice.ucl.ac.be Abstract. For the last ten years, security of integrated circuits has attracted a greater attention from the cryptographic community. Several sources of information leakage within the circuits have been emphasized. Power consumption based attacks have been mounted successfully against various types of circuits like ASIC, smartcards or FPGA. To counter them, specific high level solutions were developed, but none of them achieved a total prevention of such attacks. Circuit and transistor level solutions have also been developed with better results. We present here an interesting alternative to those solutions, using Dynamic Current Mode Logic. This type of logic style gives the same security margins as the other proposed alternatives to CMOS, with better performances in terms of power, delay, complexity of implemented functions and the possibility of an asynchronous mode of the signal propagation. Introduction The security criteria of cryptographic applications have been related to mathematical and statistical properties of the encryption algorithms implemented. However, the reality of data manipulation is far from the assumed closed reliable environments. As a matter of fact, during the last ten years, different attacks have been developed using information leakage caused by the physical implementation of those algorithms. These attacks are, among others, Timing attack [], Simple and Differential Power Analysis Attacks[2], Electromagnetic Analysis[3] or combinations of these attacks. In Power Analysis Attacks, the attacker assumes that the power consumption of a circuit is correlated to the data handled by this one. By monitoring the power traces of the attacked devices, she becomes able to recover secret informations. To prevent these attacks, high-level countermeasures were developed, such as random process interrupts, dummy instructions or random noise addition. But nevertheless, none of them achieved a total securisation of the targeted implementations, and their use has been shown to be inefficient in [4]. Software countermeasures were also proposed but have the drawbacks of reducing the implementation efficiency and still leaking secret information [5]. Interesting alternatives consist in using logic styles with a power consumption not correlated to the handled data. Even if this does not totally prevent such attacks, it has the advantage of making the attack significantly harder, and can be combined with good performances if the appropriate logic style is chosen. One of these solutions was given by Tiri et al. in [6]. They proposed to implement cryptographic applications using Sense Amplifier Based Logic (SABL) and gave some criteria to evaluate security margins in terms of Normalized Standard Deviation (NSD) and Normalized Energy Deviation (NED). As it was previously done in [7], we will show here the interest of using Dynamic Current Mode Logic(DyCML) [8]. We will also show a design methodology and make some comparison between DyCML implementation and other logic styles implementations. The structure of this paper will be the following. We will briefly introduce the principles of Power Analysis Attacks in Section 2. In Section 3 we will shortly present SABL, and DyCML. In this section we will also give a design methodology for DyCML and recall some comparison results between SABL and DyCML, achieved in [7]. Section 4 will show the experiments led and the achieved results for different circuits. We will finally conclude in section 5 and give some guidelines to implement secure IC s. This work was supported by the FRIA grant of the FNRS Belgium

2 Power Analysis Attacks: the principles In the Differential Power Analysis described in [2], the attacker relies on a hypothetical model of the device under attack to predict the power consumption. He then compares these predictions with real power measurements in order to recover secret information. The results of this attack are strongly conditioned by the quality of both the prediction model and the measurements. Let us give an example on a CMOS implementation. For a CMOS device, we assume that the power consumption can be expressed like in [9]: P D = C L V 2 DDP f () where C L is the output load capacitance, V DD the power supply voltage, P the probability of an output transition from a low level to a high level and f the clock frequency. The attacker uses this model to estimate the power consumption of the circuit at time t as an image of the number of transitions within the circuit from a low level to a high level. We will now illustrate the principle of the Power Analysis Attack on a simple SPN (Substitution-Permutation Network) wich contains the basic elements of most modern symmetric encryption algorithms like DES[], AES Rijndael[] or Khazad[2]. Figure : A Simple SPN The different components of the simple SPN are: Bitwise XOR operations ( ) Non-linear boolean functions (implemented within the S-boxes) acting on small data blocks Diffusion layer acting on the whole block size If the attacker targets the 8 MSBs of the left S-box in figure, then, for N different plaintexts, she will first have to predict the number of transitions occurring in the targeted S-box for all possible values of the key K [..7]. The second part of the attack consists in taking real power measurement of the SPN encrypting the same N plaintexts as those used during the prediction phase. The last step consists in computing the correlation between each prediction and the power measurement, this is classically done straightforwardly by using the Pearson coefficient. From this, it is already clear that the quality of the attack will be influenced by the quality of both the prediction and the measurements. 3 SABL and DyCML 3. SABL SABL was introduced by Tiri et al. in [6]. Thanks to the structure of the gate, all its internal capacitance is discharged for each evaluation cycle. This allows us to have a pretty much constant power consumption for the gate and thus minimization of the variations of this consumption. A generic SABL gate is presented in figure 2-b with inverters at the outputs for domino connection between gates. 2

Figure 2: Generic DyCML (a) and SABL (b) gates 3.2 DyCML DyCML was introduced by M. Allam et al. in [8]. DyCML gates are based on the structure of MOS CML gates, from which the load resistors were replaced by precharge pmos transistor and a pmos latch used to maintain the high level on one output. The current source of the CML gates was replaced by a dynamic current source to suppress the DC power consumption of CML. This dynamic current source is composed of 2 n MOS transistors driven by clk and clk, and of a capacitor mounted nmos transistor, C. This transistor will be the virtual ground used during the evaluation phase. The structure of a generic DyCML gate is shown at figure 2-a. DyCML gates can be cascaded in two modes: a clock-delay scheme (synchronous) and a self-timed scheme (asynchronous). In the first one, the clk signal is simply delayed between two cascaded gates. Using seft-timed clock propagation requires the use a special circuit driven by clk, clk and the signal applied to the gate of transistor C. DyCML does not require the use of inverter to buffer the output signal towards the next gate because it does not suffer from charge sharing effects. In their paper, M. Allam et al. gave comparisons of performances achieved by different circuits implemented in different logic styles (CMOS, Domino Logic, CPL, DDCVSL and CML). Those comparisons stated that DyCML outperforms all this logic styles for both power and delay, achieving, compared to CMOS, reductions in Energy-Delay Product up to 92 percents for a full adder cell. 3.3 Dimensioning DyCML gates To obtain good performances, precise sizing of transistors should be achieved. By taking the dimensions yielding to the best PDP (Power - Delay Product) for the gate, we selected the best compromise between power and delay. Several sets of dimension were tested. We finally chose the one for which the dimensions of the pmos of the upper part of the gate have the same size as the nmos of the Differential Pull-Down Network. The second part of the dimensioning consisted in selecting the dimensions for transistor C that generate the desired output swing. However, the value of this swing, as mentioned in [8], is dependent on both the value of the output load capacitance (taking into account the total contributions of both the internal and external load capacitances of the gate) and the dimensions of transistor C. As the values of the diffusion capacitances of a transistor are strongly dependant on the voltages applied to its input [3], the dimensioning of the gate requires several steps, using an iterative method. The first step consists in extracting, from fixed dimensions and the obtained output swing, the value of the total capacitance connected to the output node, using the following formula: C L = W C L C C ox (V DD V swing ) V swing (2) 3

.48.47.46 Output Swing Voltage [V].45.44.43.42.4.4.39 2 3 4 5 6 7 8 Step of the dimensioning Figure 3: Evolution of the output swing during the sizing of a carry gate where W C and L C are the width and length of transistor C, C ox is the oxide capacitance in the used technology, V DD is the power supply voltage and V swing is the obtained output swing. With this value of C L, we can calculate the dimension of next iteration using the formula: V swing C L W C = L C = (3) C ox (V DD V swing ) where V swing is, this time, the desired output swing. These two steps will be repeated until the desired swing is effectively obtained. Figure 3 shows the evolution of the output swing during the dimensioning of a carry gate in DyCML. Figure 3 shows the evolution of the output swing of a gate calculating the carry of a sum, for the different sizing steps. 3.4 Comparison In [7], we gave some comparison results between XOR gates implemented in both SABL and DyCML. These comparisons showed that DyCML achieved highly better performances in terms of both power and delay. Simulations revealed that, for a 2 inputs XOR gate, DyCML achieved a reduction of 8 percents of the Power-Delay Product. 4 Experiments and Results In order to show the advantages of DyCML over SABL, and more, over CMOS, we will now make some comparison between the power consumption behavior of different circuits implemented in those logic styles. We will firstly remind the experiments led in [7], concerning the analysis of the power consumption behavior of a KHAZAD Sbox [2]. As the Khazad Sbox is built on smaller 4-bit blocks, called the P and Q blocks, we will recall here only the simulation results of those blocks. We also will show the behavior in power consumption of more classical circuits: a 4-bit ripple carry adder, a 4-bit carry lookahead adder and a multiplexor. Moreover, as DyCML provides asynchronous signal propagation, this version of DyCML was also explored for its application to the design of the Sbox. Simulations were run using a.3µm partially depleted SOI technology, with a power supply voltage of.2v and minimal width of.5µm for both p and n transistors. For the Sbox, the simulations were run at a frequency of MHz while for the other circuits, we used a frequency of 33MHz. We extracted the power consumption behavior of each circuit, for several input sets using SPICE simulations. For CMOS, we simulated more than different input sets, as the power consumption is dependant on the transitions occurring in the circuit. For DyCML and SABL implementations, we simulation the different possible input combinations, as the evaluation starts on clock transitions and not on input transitions. 4

Ripple Carry Adder Carry Lookahead Adder 4 x 4 bits Multiplexer.8.8.8.6.6.6.4.4.4.2.2.2 2 3 2 3 2 3.4 Mini Box P 2 Mini Box Q.2.8.6.4.2.5.5 µ Power Consumption σ Power Consumption NSD CMOS 2 SABL 3 DyCML Clock Delay 4 DyCML Self Timed 2 3 4 2 3 4 Figure 4: Simulation Results Once we had extracted the power consumption for each implementation of each circuit, we calculated, for each, the mean power consumption µ, the standard deviation of the power consumption σ and the NSD (Normalized Standard Deviation), NSD = µ σ. We present the simulation results in figure 4, where the mean power consumption and the standard deviation of the power consumption are normalized to the values of CMOS. We can see that for each circuit, DyCML and SABL achieve a reduction of the variation in power consumption of almost the same level. However, as it was shown in [7], and as you can see on the graphs, DyCML also achieve a reduction of the mean value of the power consumption. As the relative difference of the mean power consumption and of the standard deviation of the power consumption between DyCML and SABL are the same, the NSD remains unchanged between these two logic styles. Moreover, as shown for the P and Q mini-boxes, the use of the self-timed version of DyCML allows us to reduce a little more the variations of the power consumption, thanks to more stable inputs applied to the gates. The drawback of self-timed DyCML is that it hasn t as good performances as the clock-delayed version. 5 Conclusions We could emphasize here the interest of using DyCML implementation of circuits for secured applications. Even if the security margins achieved by DyCML are the same as the one obtained for SABL, the advantage of DyCML lies in its better performances in term of power consumption and evaluation delay. For these reasons, we thus recommend to use DyCML for secured applications. Moreover, we also gave here a systematic methodology for the sizing of DyCML gates that allows taking into account the dependance of intrinsic capacitors of transistors to the applied voltages at their inputs. We gave some comparison results too between clock-delayed and self-timed version of the DyCML. These results show that, even if the self-timed version is less performative than the clock-delayed one, it manages to reduce a little more the variations of the power consumption. 5

To conclude, let us have the following remark. Particular attention must be given to the entire design of a secured application. It means that every step of the design should be carefully examined to ensure no leakage of information is created. Even if, by using DyCML, gate security can be toughen, we should not forget that a particular attention should be given to the way we connect gates between them. As a matter of fact, we should use interconnections that match the output capacitances connected to both output of the differential gate to avoid creating information leakage due to dissymmetry of the output capacitance[4]. References [] P. Kocher, Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and other systems, Advances in Cryptology CRYPTO 96, Lecture Notes in Computer Science, Springer-Verlag, vol. 9, pp. 4-3, 996. [2] P. Kocher, J. Jaffe, B. Jun, Differential Power Analysis, in The Proceedings of CRYPTO 99, Lecture Notes in Computer Science, vol. 2779, pp.7-3, Springer-Verlag, 999. [3] D. Samyde, J.-J. Quisquater, ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards, Proceedings of the International Conference on Research in Smart Cards: Smart Card Programming and Security, Lecture Notes in Computer Science, vol. 24, pp.2-2, Springer-Verlag, 2 [4] C. Karlof, D. Wagner, Hidden Markov Model Cryptanalysis, in the Proceedings of CHES 23, Lecture Notes in Computer Sciences, vol. 2779, pp.7-3, Springer-Verlag, 23 [5] T. S. Messerges, Using Second-Order Power Analysis to Attack DPA Resistant Software, in The Proceedings of CHES 2, Lecture Notes in Computer Sciences, vol. 965, pp. 7-77, Springer- Verlag, 2. [6] K. Tiri, M. Akmal, I. Verbauwhede, A Dynamic and Differential CMOS Logic with Signal Independent Power Consumption to Withstand Differential Analysis on Smart Cards, in the Proceedings of ESSCIRC 23, [7] F. Mace, F.-X. Standaert, I. Hassoune, J.-D. Legat, J.-J. Quisquater, A Dynamic Current Mode Logic to Counteract Power Analysis Attacks, in The Proceedings of DCIS 24, pp. 86-9, ISBN 2-952297--X [8] M. W. Allam, M. I. Elmasry, Dynamic Current Mode Logic (DyCML): a New Low-Power High Performance Logic Style, IEEE Journal of Solid State Circuits, vol. 36, pp. 55-558, March 2. [9] J. Rabaey, Digital Integrated Circuits, Prentice Hall, 996 [] National Bureau Of Standards, FIPS PUB 46, The Data Encryption Standard, FIPS, NIST, U.S. Dept. of Commerce, 977 [] National Bureau Of Standards, FIPS 97, The Advanced Encryption Standard, FIPS, NIST, U.S. Dept. of Commerce, 2 [2] P. Barreto, V. Rijmen, The KHAZAD Legacy-Level Block Cypher, NESSIE Project Home Page, https://www.cosic.esat.kuleuven.ac.be/nessie, 2 [3] C.C. Enz, F. Krummenacher, E.A. Vittoz, An Analytical MOS transistor Model Valid in All Regions of Operation and Dedicated to Low-Voltage and Low-Current Applications, Analogue integrated circuits and signal processing, pp. 83 4, July 995. [4] K. Tiri, I. Verbauwhede, Place and Route for Secure Standard Cell Design, in The Proceedings of the 6th International Conference on Smart Cards Research and Advanced Applications (CARDIS 24), pp. 43-58, August 24 6

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback