1 / 13

Smart Card Differential Power Analysis Divide-and-conquer approach

Techniques to Prevent Power Analysis on Encryption Hardware CS252 Final Project By Shengliang Song & Nikita Borisov Professor: Jan Rabaey & Kurt Keutzer. Smart Card Differential Power Analysis Divide-and-conquer approach. Smart Card. Processing Power (Intel 8051, Motorola 6805)

mabli
Download Presentation

Smart Card Differential Power Analysis Divide-and-conquer approach

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Techniques to Prevent Power Analysis on Encryption HardwareCS252 Final ProjectBy Shengliang Song & Nikita BorisovProfessor: Jan Rabaey & Kurt Keutzer Smart Card Differential Power Analysis Divide-and-conquer approach

  2. Smart Card • Processing Power (Intel 8051, Motorola 6805) • Data Storage (EEPROM, FLASH, ROM, RAM) • IO & Power Source (Contact, Contactless)

  3. Smart Cards Power: A) Smart Card Reader Synchronous:powered, clocked and addressed under control of the outside world B) Inductive Coupling Asynchronous:RF/ID and RF/DC ISO 7816-3 (similar to RS232 operating at 9600 baud with even parity)

  4. Differential Power Analysis • Semiconductor logic gates • consuming power • producing electromagnetic radiation • DPA: plaintext or ciphertext => encryption or decryption keys • Observes m encryption operation • Captures power traces T[1..m][1..k] (k samples each) • records the ciphertexts C[1..m] • Delta D[1..k] (by finding the difference between the averages of the traces for which D(c,b,ks) is one and the average of the traces for which D(c,b,ks) is zero.)

  5. Measure a circuit’s power consumption • a small (50 ohm) resistor is inserted in series with the power or ground input Vcc I = Vout/R Vout R = 50 ohm

  6. DPA Traces

  7. DEFENSES Still being studied Balancing computation with complements Splitting bits into randomized shares Special circuit design techniques Randomize order Complicated, costly

  8. Divide-and-conquer approach Build a simple ALU which implements sensitive operations (ROT, ADD, XOR, S[key]) Make it power analysis resistant (Continue Research: IC layer, glu-logical, Computer Architecture) Design control logical normally (8bit CPU or ROM based Machine)

  9. Control: CPU or ROM Based Machine sequencer control datapath control -Code ROM microinstruction () Decoders implement our -code language: For instance: rt-ALU rd-ALU mem-ALU -sequencer: fetch,dispatch, sequential micro-PC Decode Decode Dispatch ROM To DataPath Opcode

  10. ALU & SBox + 10ns ROT 8ns 8ns ALU XOR WE EN 8 AKey[7:0] SBox 8 • Basic Units: • ROT • ADD • XOR • SBox • Shielding will be less complex • Communication: (ALU, Sbox, Ctrl) S[Akey]

  11. ADVANTAGES Smaller than an entire cipher reduce cost of expensive techniques Easier to apply complex design principles Model interactions Reused IO CPU ALU SBOX S[key]

  12. PROBLEMS: communication between controller and ALU can be slow Asynchronous (Req, Ack, ALU takes more than one clock cycle time) Synchronous (ALU need run in a fast clock rate) some cipher specific techniques (eg. Randomized Sbox lookups) are harder to apply

  13. References Smart Cards: http://www.sjug.org/jcsig/others/smart_card.htm Differential Power Analysis: http://www.cryptography.com/dpa/Dpa.pdf

More Related