### Power Analysis Attack on Hardware Implementation of MAC-Keccak on FPGAs [pdf ]

Pei Luo, Yunsi Fei, Xin Fang, A. Adam Ding, Miriam Leeser, David R. Kaeli
December 2014
ReConfig 2014
Abstract:
Keccak is the hash function selected by NIST as the new SHA-3 standard. Keccak is built on Sponge construction and it provides a new MAC function called MAC-Keccak. These new algorithms have raised questions with regards to side-channel leakage and analysis attacks of MAC-Keccak. So far there exists prior work on attacks of software implementations of MAC-Keccak, but there has been no comprehensive side-channel vulnerability assessment of its hardware implementation. In this paper we describe an attack on the $\theta$ step of the first round of MAC-Keccak implemented on an FPGA. We construct several different side-channel leakage models and implement attacks based on them. Our work shows that an unmasked hardware implementation of SHA-3 is vulnerable to power-based side-channel attacks.

### Side-channel Power Analysis of Different Protection Schemes Against Fault Attacks on AES [pdf ]

Pei Luo, Yunsi Fei, Liwei Zhang, and A. Adam Ding
December 2014
ReConfig 2014
Abstract:
A protection circuit can be added into cryptographic systems to detect both soft errors and injected faults required by Differential Fault Analysis (DFA) attacks. While such protection can improve the reliability of the target devices significantly and counteract DFA, they will also incur extra power consumption and other resource overhead. In this paper, we analyze the side-channel power leakage of AES protection methods against fault attacks and quantify the amount. We implement six different schemes and launch correlation power analysis attacks on them. The results show that the protection circuits have all increased the power leakage and therefore make the system more vulnerable to power analysis attacks. We further compare different protection schemes in terms of power consumption, area, fault coverage, and side-channel leakage. Our results demonstrate trade-offs among multiple design metrics, and suggest that reliability, security, and costs have to be all considered together in the design phase of cryptographic systems.

### A statistical model for higher order DPA on masked devices

A. A. Ding, L. Zhang, Y. Fei, and P. Luo
September 2014
CHES 2014
Abstract:
A popular effective countermeasure to protect block cipher implementations against differential power analysis (DPA) attacks is to mask the internal operations of the cryptographic algorithm with random numbers. While the masking technique resists against first-order (univariate) DPA attacks, higher-order (multivariate) attacks were able to break masked devices. In this paper, we formulate a statistical model for higher-order DPA attack. We derive an analytic success rate formula that distinctively shows the effects of algorithmic confusion property, signal-noise-ratio (SNR), and masking on leakage of masked devices. It further provides a formal proof for the centered product combination function being optimal for higher-order attacks in very noisy scenarios. We believe that the statistical model fully reveals how the higher-order attack works around masking, and would offer good insights for embedded system designers to implement masking techniques.

### Scalable and efficient implementation of correlation power analysis using Graphic Processing Units (GPUs)

T. Swamy, N. Shah, P. Luo, Y. Fei, and D. Kaeli
June 2014
Workshop on Hardware and Architectural Support for Security & Privacy (HASP), in conjunction with Int. Symp. Computer Architecture
Abstract:
Correlation Power Analysis (CPA) is a commonly used side-channel attack (SCA) on cryptographic devices, which analyzes power consumption to extract secret information like cryptographic keys. In this work, we have developed an open-source side-channel evaluation platform to evaluate the resilience of a range of devices to SCAs. Our platform includes an experimental setup for power trace collection and a trace analysis library. The time and effort to extract key values can greatly hamper our ability to analyze a single device. In this paper, we describe our work to leverage a Graphics Processing Unit (GPU) to accelerate key extraction. We develop a parallel framework in the Open Computing Language (OpenCL). OpenCL allows our framework to remain portable across a range of processing devices including CPUs, GPUs, and FPGAs. We describe the capabilities of our side-channel evaluation platform, and demonstrate how we leverage parallel processing to provide for more efficient and scalable side-channel analysis.

### A statistics-based fundamental model for side-channel attack analysis

Y. Fei, A. A. Ding, J. Lao and L. Zhang
February 2014
IACR ePrint
Abstract:
Side-channel attacks (SCAs) exploit leakage from the physical implementation of cryptographic algorithms to recover the otherwise secret information. In the last decade, popular SCAs like differential power analysis (DPA) and correlation power analysis (CPA) have been invented and demonstrated to be realistic threats to many critical embedded systems. However, there is still no sound and provable theoretical model that illustrates precisely what the success of these attacks depends on and how. Based on the maximum likelihood estimation (MLE) theory, this paper proposes a general statistical model for side-channel attack analysis that takes characteristics of both the physical implementation and cryptographic algorithm into consideration. The model establishes analytical relations between the success rate of attacks and the cryptographic system. For power analysis attacks, the side-channel characteristic of the physical implementation is modeled as signal-to-noise ratio (SNR), which is the ratio between the single-bit unit power consumption and the standard deviation of power distribution. The side-channel property of the cryptographic algorithm is extracted by a novel algorithmic confusion analysis. Experimental results of DPA and CPA on both DES and AES verify this model with high accuracy and demonstrate effectiveness of the algorithmic confusion analysis and SNR extraction. We expect the model to be extendable to other SCAs, like timing attacks, and would provide valuable guidelines for truly SCA-resilient system design and implementation.