Masking the Energy Behavior of DES Encryption

2003

Smart cards are vulnerable to both invasive and non-invasive attacks. Specifically, non-invasive attacks using power and timing measurements to extract the cryptographic key has drawn a lot of negative publicity for smart card usage. The power measurement techniques rely on the data-dependent energy behavior of the underlying system. Further, power analysis can be used to identify the specific portions of the program being executed to induce timing glitches that may in turn help to bypass key checking. Thus, it is important to mask the energy consumption when executing the encryption algorithms. In this work, we augment the instruction set architecture of a simple five-stage pipelined smart card processor with secure instructions to mask the energy differences due to key-related data-dependent computations in DES encryption. The secure versions operate on the normal and complementary versions of the operands simultaneously to mask the energy variations due to value dependent operations. However, this incurs the penalty of increased overall energy consumption in the data-path components. Consequently, we employ secure versions of instructions only for critical operations; that is we use secure instructions selectively, as directed by an optimizing compiler. Using a cycle-accurate energy simulator, we demonstrate the effectiveness of this enhancement. Our approach achieves the energy masking of critical operations consuming 83% less energy as compared to existing approaches employing dual rail circuits.

Iee Proceedings-computers and Digital Techniques, 2003

Smart cards are vulnerable to both invasive and non-invasive attacks. Specifically, non-invasive attacks using power and timing measurements to extract the cryptographic key has drawn a lot of negative publicity for smart card usage. The power measurement techniques rely on the data-dependent energy behavior of the underlying system. Further, power analysis can be used to identify the specific portions of the program being executed to induce timing glitches that may in turn help to bypass key checking. Thus, it is important to mask the energy consumption when executing the encryption algorithms.

IEEE Micro, 2001

Lecture Notes in Computer Science, 2005

In implementing cryptographic algorithms on limited devices such as smart cards, speed and memory optimization had always been a challenge. With the advent of side channel attacks, this task became even more difficult because a programmer must take into account countermeasures against such attacks, which often increases computational time, or memory requirements, or both. In this paper we describe a new method for secure implementation of the Advanced Encryption Standard algorithm. The method is based on a data masking technique, which is the most widely used countermeasure against power analysis and timing attacks at a software level. The change of element representation allows us to achieve an efficient solution that combines low memory requirements with high speed and resistance to attacks. Key words and phrases. AES, Galois field, field generator, multiplication in GF (2 n) inversion in in GF (2 n), lookup tables, side-channel attacks, data masking.

IEEE Micro, 2001

IACR Cryptol. ePrint Arch., 2004

In implementing cryptographic algorithms on limited devices such as smart cards, speed and memory optimization had always been a challenge. With the advent of side channel attacks, this task became even more difficult because a programmer must take into account countermeasures against such attacks, which often increases computational time, or memory requirements, or both. In this paper we describe a new method for secure implementation of the Advanced Encryption Standard algorithm. The method is based on a data masking technique, which is the most widely used countermeasure against power analysis and timing attacks at a software level. The change of element representation allows us to achieve an efficient solution that combines low memory requirements with high speed and resistance to attacks. Key words and phrases. AES, Galois field, field generator, multiplication in GF (2 n) inversion in in GF (2 n), lookup tables, side-channel attacks, data masking.

WSEAS Transactions on Information Science and Applications

With the increasing use of electronic control units (ECU's) in automobile or in any embedded system security becomes an area of grave concern. Information is exchanged between ECU's over a CAN (Control Area Network) bus, vehicle to infrastructure (V2I) and vehicle to vehicle (V2V) communication. These interactions open a wide gateway for manipulating information which could lead to disastrous results. EVITA, SEVECOM, SHE are existing security models to address these concerns in automobiles but at the cost of huge footprint area and more power consumption as it uses cryptographic engines like AES-128,ECC, HMAC. We propose the use of bit level permutation GRP (group operations) in cryptographic environment which not only accelerates cryptography but also has a positive impact of providing low cost security solution that is having good encryption standards, relatively less footprint area, less cost and low power consumption. Use of GRP in cryptographic environment is a unique s...

Lecture Notes in Computer Science, 2001

Since Power Analysis on smart cards was introduced by Paul Kocher [7], many countermeasures have been proposed to protect implementations of cryptographic algorithms. In this paper we propose a new protection principle: the transformed masking method. We apply this method to protect two of the most popular block ciphers: DES and the AES Rijndael. To this end we introduce some transformed S-boxes for DES and a new masking method and its applications to the non-linear part of Rijndael.