A pre-silicon logic level security verification flow for higher-order masking schemes against glitches on FPGAs

Abstract

Higher-order masking schemes have been proven in theory to be secure countermeasures against side-channel attacks in the algorithm level. The ISW framework is one of the most acceptable secure models of the existing higher-order masking schemes. However, a gap may exist between scheme and implementation. Several analyses have exhibited the weakness of masking in hardware designs on FPGAs. Firstly, we give the definition of leakage point and introduce three implementation logical flaws: glitch, EDA optimization and intermediate variable of scheme flaw. Secondly, we propose a leakage verification flow for implementing and verifying circuits realized higher-order masking schemes to avoid these leakage points. The flow provides an efficient evaluation method to locate and identify leakage points in masking hardware implementations. With the knowledge of the weaknesses of implementation, the implementation should be modified by corresponding methods to fix flaws, especially for glitch, which has been regarded as the main challenge of masking in hardware designs, we provide a method to remove the leakage point using Dijkstra algorithm with no extra time and area overheads. Finally, the design flow is evaluated on the implementation of Rivain&Prouff masking. Our experiments demonstrate how it automatically locates and protects the implementation. In addition, the experiments are also performed on flawed implementations due to EDA optimization and intermediate variables.