Towards the Automatic Applications of Side Channel Countermeasures - - PowerPoint PPT Presentation

Towards the Automatic Applications of Side Channel Countermeasures Francesco Regazzoni

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 1

Contents

1

Motivations

2

DPA Resistant Synthesis

3

DPA Resistant Place and Route

4

DPA Resistant Instruction Set Extension

5

Quick Note on Software Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 2

Why Electronic Design Automation for security? Security is very often considered at later stages

• f design

Cost and Time to Market Possible Security pitfalls

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 3

Why Electronic Design Automation for security? Security is very often considered at later stages

• f design

Cost and Time to Market Possible Security pitfalls

EXTRA CONSTRAINT

Use as much as possible “standard” EDA commodities!

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 3

Motivating Example

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 4

Contents

1

Motivations

2

DPA Resistant Synthesis

3

DPA Resistant Place and Route

4

DPA Resistant Instruction Set Extension

5

Quick Note on Software Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 5

Simplified Hardware Design Flow (ASIC)

Algorithm Design C, Matlab, VHDL RTL (Architecture) Design Synthesizable HDL Gate

x y x XOR y

Layout

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 6

Let’s focus on Synthesis

RTL (Architecture) Design Synthesizable HDL Logic Synthesis Gate Level

x y x XOR y

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 7

Logic Synthesis Input and Output INPUT: HDL Description Technological Library (area, timing, power) Synthetic Library (multipliers...) Constraints OUTPUT: Gate Level Netlist Estimation of area, timing, power (!) Timing constraints

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 8

Is it sufficient for DPA? Paul Kocher, Joshua Jaffe, and Benjamin Jun, “Differential Power Analysis”, in Proceedings of Advances in Cryptology-CRYPTO’99, Santa Barbara, California, USA, August 15-19, 1999. (Cited by 5177)

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 9

Countermeasures Power consumption independent from processed key dependent data

Intermediate values of the cryptographic algorithm Intermediate values processed by the device Power consumption of the cryptographic device

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 10

Countermeasures Power consumption independent from processed key dependent data

Intermediate values of the cryptographic algorithm Intermediate values processed by the device Power consumption of the cryptographic device Masking Countermeasures

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 11

Countermeasures Power consumption independent from processed key dependent data

Intermediate values of the cryptographic algorithm Intermediate values processed by the device Power consumption of the cryptographic device Hiding Countermeasures Masking Countermeasures

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 12

Countermeasures Power consumption independent from processed key dependent data

Intermediate values of the cryptographic algorithm Intermediate values processed by the device Power consumption of the cryptographic device Hiding Countermeasures Masking Countermeasures

They can be implemented in Software or in Hardware

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 12

Approach One INPUT: HDL Description Technological Library (area, timing, power) Synthetic Library (multipliers...) Constraints OUTPUT: DPA resistant Gate Level Netlist Estimation of area, timing, power (!) Timing constraints

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 13

Approach Two

INPUT:

HDL Description Technological Library (area, timing, power) Synthetic Library (multipliers...) Constraints (limit the gates)

OUTPUT:

Gate Level Netlist

“Cell Substitution”:

Replace cells with Reload the design for correct area and timing

• K. Tiri and I. Verbauwhede, A digital design flow for secure integrated circuits, IEEE TCAD,

2006

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 14

Contents

1

Motivations

2

DPA Resistant Synthesis

3

DPA Resistant Place and Route

4

DPA Resistant Instruction Set Extension

5

Quick Note on Software Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 15

Place and Route

Gate

x y x XOR y

Place and Route Layout

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 16

Place and Route Input and Output INPUT: Gate level description of the circuit Physical view of the library (pin placement, ...) Constraints from synthesis OUTPUT: Gate Level Netlist Position and interconnection of the gates Estimation of area, timing, power (!)

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 17

This is not yet the end! Security Evaluation Chip Finalization Tape Out Security Evaluation

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 18

Security Evaluation Toggle Count .... SPICE simulation Real measures on fabricated chip

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 19

Reconfigurable Devices

Measure directly Less Freedom Tools more “closed”

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 20

Contents

1

Motivations

2

DPA Resistant Synthesis

3

DPA Resistant Place and Route

4

DPA Resistant Instruction Set Extension

5

Quick Note on Software Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 21

Protect PRESENT with secure hardware Lightweight block cipher 4 bit S-box addRoundKey, sBoxLayer

// Calculate S-box (plaintext XOR key) int PRESENT(int plaintext, int key) {

1 int result = 0; // initialize the result 2 plaintext = plaintext ^key; // perform the xor with the key 3 result = S[plaintext]; // perform the S-box 4 return result; }; // return the result

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 22

What can I do?

ALU ISE A B Memory Register File ISE ISE IMM.

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 23

What can I do?

ALU ISE A B Memory Register File ISE ISE IMM.

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 24

What can I do?

ALU ISE A B Memory Register File ISE ISE IMM.

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 25

What can I do?

ALU ISE A B Memory Register File ISE ISE IMM.

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 26

What can I do?

ALU ISE A B Memory Register File ISE ISE IMM.

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 27

What can I do?

ALU ISE A B Memory Register File ISE ISE IMM.

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 28

What can I do? Something easier?

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 29

Protected / Non Protected CO-Design!

ALU A B Memory Register File ISE ISE IMM. ISE

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 30

Protected / Non Protected CO-Design!

B ALU ISE A Memory Register File ISE ISE IMM.

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 31

Protected / Non Protected CO-Design!

B ALU ISE A Memory Register File ISE ISE IMM.

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 32

Automatic design of DPA resistant ISE

identify sensitive parts Partition Sensitive / Non Sensitive Protect Sensitive Security Evaluation

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 33

Needed “Basic Blocks”

identify sensitive parts Partition Sensitive / Non Sensitive Protect Sensitive Security Evaluation

Generate useful power traces?

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 34

Needed “Basic Blocks”

identify sensitive parts Partition Sensitive / Non Sensitive Protect Sensitive Security Evaluation

Generate useful power traces? Measure the DPA resistance?

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 35

Needed “Basic Blocks”

identify sensitive parts Partition Sensitive / Non Sensitive Protect Sensitive Security Evaluation

Generate useful power traces? Measure the DPA resistance? Countermeasure and its design flow?

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 36

Needed “Basic Blocks”

identify sensitive parts Partition Sensitive / Non Sensitive Protect Sensitive Security Evaluation

Generate useful power traces? Measure the DPA resistance? Countermeasure and its design flow? Partition the algorithm?

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 37

Needed “Basic Blocks”

identify sensitive parts Partition Sensitive / Non Sensitive Protect Sensitive Security Evaluation

Generate useful power traces? Measure the DPA resistance? Countermeasure and its design flow? Partition the algorithm?

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 38

The CMOS Design Flow

processor HDL code ISE HDL code Protected Library crypto.c software CMOS Library

0101001. 1100001. 1100001. 0101001.

Security Evaluaton ISE Extractor Protected Synth and P&R CMOS Synth and P&R crypto_ISE.c SPICE level simulation Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 39

The Processor Customization

processor HDL code ISE HDL code Protected Library crypto.c software CMOS Library

0101001. 1100001. 1100001. 0101001.

Security Evaluaton ISE Extractor Protected Synth and P&R CMOS Synth and P&R crypto_ISE.c SPICE level simulation Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 40

The Protected Design Flow

processor HDL code ISE HDL code Protected Library crypto.c software CMOS Library

0101001. 1100001. 1100001. 0101001.

Security Evaluaton ISE Extractor Protected Synth and P&R CMOS Synth and P&R crypto_ISE.c SPICE level simulation Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 41

The Hybrid Design Flow

processor HDL code ISE HDL code Protected Library crypto.c software CMOS Library

0101001. 1100001. 1100001. 0101001.

Security Evaluaton ISE Extractor Protected Synth and P&R CMOS Synth and P&R crypto_ISE.c SPICE level simulation Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 42

The Simulation Environment

processor HDL code ISE HDL code Protected Library crypto.c software CMOS Library

0101001. 1100001. 1100001. 0101001.

Security Evaluaton ISE Extractor Protected Synth and P&R CMOS Synth and P&R crypto_ISE.c SPICE level simulation Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 43

The Design Evaluation

processor HDL code ISE HDL code Protected Library crypto.c software CMOS Library

0101001. 1100001. 1100001. 0101001.

Security Evaluaton ISE Extractor Protected Synth and P&R CMOS Synth and P&R crypto_ISE.c SPICE level simulation Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 44

Partitioning of the PRESENT algorithm S-box

sbox result

Plain Text key Plain Text key

sbox result

Plain Text key

sbox result

Plain Text key

sbox result

Plain Text key

sbox result

full ISE XOR + S-box ISE S-box ISE XOR ISE Full CMOS

protected logic non protected logic Legend Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 45

Security Evaluation

10

• 6

10

• 5

10

• 4

10

• 3

10

• 2

10

• 1

10 10

1

0.5 1 1.5 2 2.5 3 3.5 4

noise standard deviation mutual information [bit] full CMOS XOR ISE S-box ISE XOR + S-box ISE full ISE

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 46

Contents

1

Motivations

2

DPA Resistant Synthesis

3

DPA Resistant Place and Route

4

DPA Resistant Instruction Set Extension

5

Quick Note on Software Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 47

Overall Software Flow

Transformation Target Identification Code Transformation

sbci r21,0xfd ld r25,Y movw r18,r26 subi r18,0x4f

Input Software Implementation Sensitive Parts

sbci r21,0xfd lds r23,705 mov r25,r23 ld r25,Y lds r23,705 mov r18,r23 mov r19,r23 movw r18,r26 subi r18,0x4f Targets for Protection Example (A) Protected Implementation Example (A) Targets for Protection Example (B) Protected Implementation Example (B) sbci r21,0xfd ld r25,Y movw r18,r26 subi r18,0x4f sbci r21,0xfd ld r25,Y movw r18,r26 subi r18,0x4f

Information Leakage Analysis

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 48

Example on Software

846 847 848 849 850 851 852 853 854 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1

sbci r21,0xfd ld r25,Y movw r18,r26 subi r18,0x4f sbci r19,0xfd movw r28,r18 ld r30,Y Sensitivity (Mutual information) Clock cycle

Instruction - time mapping of unprotected implementation

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 49

Example on Software

846 847 848 849 850 851 852 853 854 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1

sbci r21,0xfd ld r25,Y movw r18,r26 subi r18,0x4f sbci r19,0xfd movw r28,r18 ld r30,Y Sensitivity (Mutual information) Clock cycle

Instruction - time mapping of unprotected implementation

1620 1622 1624 1626 1628 1630 1632 1634 1636 1638 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1

sbci r21,0xfd lds r23,705 mov r25,r23 ld r25,Y lds r23,705 mov r18,r23 mov r19,r23 movw r18,r26 subi r18,0x4f sbci r19,0xfd movw r28,r18 lds r23,705 mov r30,r23 ld r30,Y Sensitivity (Mutual information) Clock cycle

Instruction - time mapping of protected implementation

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 49

Conclusions and Tips Initial steps for power analysis are promising This is just the beginning... Don’t forget verification!

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 50

Acknowledgments Paolo Ienne, Alessandro Cevrero, Yusuf Leblebici, Stéphane Badel, Johann Großschädl, Ali Galip Bayrak, Axel Poschmann, Zeynep Toprak, Marco Macchetti, Laura Pozzi, Christof Paar, Frank Gurkaynak, François-Xavier Standaert, Theo Kluter, Philip Brisk, Michael Schwander, Thomas Eisenbarth

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 51

Questions? Thank you for your attention! mail: regazzoni@alari.ch

Francesco Regazzoni 23 October 2015, Chia, Italy

• P. 52