Power analysis attacks against FPGA implementations of the DES

2008

In the decade since the concept was publicly introduced, power analysis attacks on cryptographic systems have become an increasingly studied topic in the computer security community. Research into countermeasures for these cryptographic systems has intensified as well. Experiments have been conducted showing the potential effectiveness of power analysis attacks and preventative techniques on both software (e.g. smartcard, DSP) and hardware (e.g. ASIC, FPGA) processing elements. One key observation that motivates our work is that the majority of the research into power analysis on FPGA-based cryptographic systems has been a) theoretical in nature, b) evaluated through simulation, or c) experimented using custom hardware that does not closely mirror real-world systems. In this paper, we look to bridge this gap between theory and practice by detailing our experience in performing a Differential Power Analysis (DPA) attack on a commercial FPGA development board. We present an automated data acquisition and analysis design for an FPGA-based implementation of the Data Encryption Standard (DES), and discuss some of the challenges and obstacles that we encountered when performing the DPA attack on our chosen commercial platform.

Cryptographic Hardware and Embedded …, 2003

Field Programmable Gate Arrays (FPGAs) are becoming increasingly popular, especially for rapid prototyping. For implementations of cryptographic algorithms, not only the speed and the size of the circuit are important, but also their security against implementation attacks such as side-channel attacks. Power-analysis attacks are typical examples of side-channel attacks, that have been demonstrated to be effective against implementations without special countermeasures. The flexibility of FPGAs is an important advantage in real applications but also in lab environments. It is therefore natural to use FPGAs to assess the vulnerability of hardware implementations to power-analysis attacks. To our knowledge, this paper is the first to describe a setup to conduct power-analysis attacks on FPGAs. We discuss the design of our hand-made FPGA-board and we provide a first characterization of the power consumption of a Virtex 800 FPGA. Finally we provide strong evidence that implementations of elliptic curve cryptosystems without specific countermeasures are indeed vulnerable to simple power-analysis attacks.

2006

This paper reports on the security of cryptographic algorithms implemented on FPGAs against power analysis attacks. We first present some improved experiments against these reconfigurable devices, due to an improved measurement process. Although it is usually believed that FPGAs are noisy targets for such attacks, it is shown that simple power consumption models can nearly perfectly correlate with actual measurements.

2017

Power Analysis Attacks pose serious threats to hardware implementations of cryptographic systems. To retrieve the secret key, the attackers can exploit the mutual information between power consumption and processed data / operations through monitoring the power consumption of the cryptosystems. Field Programmable Gate Arrays (FPGA) have emerged as attractive implementation platforms for providing hardware-like performance and software-like flexibility for cryptosystem developers. These features come at the expense of larger power consumption, which makes FPGAs more vulnerable to power attacks. Different countermeasures have been introduced in the literature, but as they have originally been developed for Application-Specific Integrated Circuits (ASIC), mapping them onto FPGAs degrades their effectiveness. In this work we propose a logic

Proceedings of the 18th ACM conference on Computer and communications security - CCS '11, 2011

Over the last two decades FPGAs have become central components for many advanced digital systems, e.g., video signal processing, network routers, data acquisition and military systems. In order to protect the intellectual property and to prevent fraud, e.g., by cloning an FPGA or manipulating its content, many current FPGAs employ a bitstream encryption feature. We develop a successful attack on the bitstream encryption engine integrated in the widespread Virtex-II Pro FPGAs from Xilinx, using side-channel analysis. After measuring the power consumption of a single power-up of the device and a modest amount of off-line computation, we are able to recover all three different keys used by its triple DES module. Our method allows extracting secret keys from any real-world device where the bitstream encryption feature of Virtex-II Pro is enabled. As a consequence, the target product can be cloned and manipulated at will of the attacker. Also, more advanced attacks such as reverse engineering or the introduction of hardware Trojans become potential threats. As part of the side-channel attack, we were able to deduce certain internals of the hardware encryption engine. To our knowledge, this is the first attack against the bitstream encryption of a commercial FPGA reported in the open literature.

IET Circuits, Devices & Systems, 2008

A current-measuring technique is introduced, which promises to substantially enhance power analysis attacks against cryptographic co-processors. The proposed technique exploits an active circuit to measure the instantaneous current consumption of a device under attack while supplying, at the same time, the device with a stable voltage. Higher gain-bandwidth product, higher sensitivity and lower insertion error are the main advantages with respect to a resistor-based measurement. Experimental results when the proposed circuit is used to measure the current consumption of an FPGA are reported, and the achievable advantage in terms of sensitivity is discussed. Results of a differential power analysis attack are reported too.

Lecture Notes in Computer Science, 2003

Recent developments in information technologies made the secure transmission of digital data a critical design point. Large data flows have to be exchanged securely and involve encryption rates that sometimes may require hardware implementations. Reprogrammable devices such as Field Programmable Gate Arrays are highly attractive solutions for hardware implementations of encryption algorithms and several papers underline their growing performances and

2011

Over the last two decades FPGAs have become central components for many advanced digital systems, e.g., video signal processing, network routers, data acquisition and military systems. In order to protect the intellectual property and to prevent fraud, e.g., by cloning an FPGA or manipulating its content, many current FPGAs employ a bitstream encryption feature. We develop a successful attack on the bitstream encryption engine integrated in the widespread Virtex-II Pro FPGAs from Xilinx, using side-channel analysis. After measuring the power consumption of a single power-up of the device and a modest amount of off-line computation, we are able to recover all three different keys used by its triple DES module. Our method allows extracting secret keys from any real-world device where the bitstream encryption feature of Virtex-II Pro is enabled. As a consequence, the target product can be cloned and manipulated at will of the attacker. Also, more advanced attacks such as reverse engineering or the introduction of hardware Trojans become potential threats. As part of the side-channel attack, we were able to deduce certain internals of the hardware encryption engine. To our knowledge, this is the first attack against the bitstream encryption of a commercial FPGA reported in the open literature.

Cryptographic Hardware and …, 2004

Since their publication in 1998, power analysis attacks have attracted significant attention within the cryptographic community. So far, they have been successfully applied to different kinds of (unprotected) implementations of symmetric and public-key encryption schemes. However, most published attacks apply to smart cards and only a few publications assess the vulnerability of hardware implementations. In this paper we investigate the vulnerability of Rijndael FPGA (Field Programmable Gate Array) implementations to power analysis attacks. The design used to carry out the experiments is an optimized architecture with high clock frequencies, presented at CHES 2003. First, we provide a clear discussion of the hypothesis used to mount the attack. Then, we propose theoretical predictions of the attacks that we confirmed experimentally, which are the first successful experiments against an FPGA implementation of Rijndael. In addition, we evaluate the effect of pipelining and unrolling techniques in terms of resistance against power analysis. We also emphasize how the efficiency of the attack significantly depends on the knowledge of the design.

Integration, the VLSI Journal, 2009

Designers and manufacturers of cryptographic devices are always worried about the vulnerability of their implementations in the presence of power analysis attacks. This article can be categorized into two parts. In the first part, two parameters are proposed to improve the accuracy of the latest hypothetical power consumption model, so-called toggle-count model, which is used in power analysis attacks. Comparison between our proposed model and the toggle-count model demonstrates a great advance, i.e., 16%, in the similarity of hypothetical power values to the corresponding values obtained by an analog simulation. It is supposed that the attacker would be able to build such an accurate power model. Thus, in the second part of this article we aim at evaluating the vulnerability of implementations to power analysis attacks which make use of our proposed power model. Simple power analysis, various types of differential power analysis, and correlation power analysis are taken into account. Then, some techniques are proposed to examine the vulnerability of implementations to such kinds of power analysis attacks.