Abstract
This paper presents UCloD, a novel random clock delay-based robust and scalable countermeasure against recently discovered remote power analysis (RPA) attacks. UCloD deploys very small clock delays (in the picosecond range) generated using the tapped delays lines (TDLs) to mitigate RPA attacks. UCloD provides the most robust countermeasures demonstrated thus far against RPA attacks. RPA attacks use delay sensors, such as Time to Digital Converters (TDC) or Ring Oscillators (ROs) to measure voltage fluctuations occurring in power delivery networks (PDNs) of Field Programmable Gate Arrays (FPGAs). These voltage fluctuations reveal secret information, such as secret keys of cryptographic circuits. The only countermeasure proposed thus far activates ROs to consume significant power and has managed to secure Advanced Encryption Standard (AES) circuits for up to 300,000 encryptions. Using TDLs available in FPGAs, UCloD randomly varies the clock to the cryptographic circuits under attack to induce noise in the adversary's delay sensor(s). We demonstrate correlation power analysis (referred to as CPA) attack resistance of UCloD AES implementations for up to one million encryptions. Compared to an unprotected AES circuit, UCloD implementations have minimal overheads (0.2% Slice LUT overhead and 4.8% Slice register overhead for Xilinx implementations and 0.5% LogicCells overhead for Lattice Semiconductor implementations).
Highlights
Side channel analysis attacks [1] use emanated by-products of an encryption execution, such as power dissipation [2](referred to as PA attacks), electromagnetic (EM) radiation [3], elapsed time [4] and cache hit/miss information [5] to deduce the secret key from cryptographic algorithms
Side channel analysis attacks have shown successful at revealing secret keys from block cipher algorithms, such as Advanced Encryption Standard (AES) [6] and Elliptic-curve cryptography [7] running on Application Specific Integrated Circuits (ASICs) [8], embedded processors [9], Graphics Processing Units (GPUs) [10] and Field Programmable Gate Arrays–FPGAs [11]
remote power analysis (RPA) attacks impose unprecedented threats of being able to measure the voltage fluctuations occurring in the power delivery networks (PDNs) of FPGAs
Summary
Side channel analysis attacks [1] use emanated by-products of an encryption execution, such as power dissipation [2](referred to as PA attacks), electromagnetic (EM) radiation [3], elapsed time [4] and cache hit/miss information [5] to deduce the secret key from cryptographic algorithms. The newly proposed, Remote Power Analysis (referred to as RPA) attacks [13] uses a custom hardware design (referred to as a Delay Sensor) which acts as a sensor to detect voltage fluctuations occurring in the power delivery network (PDN) of FPGAs [14]. Voltage fluctuations occur in the PDN due to the power dissipation of other hardware designs, such as the AES circuitry executed along with the delay sensor on the FPGA. According to the authors in [15], multiple ROs have to be placed in the FPGA, while a single TDC sensor is able to reveal the secret key of AES [13]. This section briefly outlines necessary background information about AES block cipher algorithm, CPA attacks and TDC sensors. We have used AES 128-bit implementation (similar to the AES circuit used in [13]) to test the CPA attack resistance of UCloD implementations
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
