1 / 28

Smart card security

Smart card security. Speaker: 陳 育 麟 Advisor: 陳 中 平 教授. Outline. Introduction of SCAs Cryptographic Algorithms Measurements Hamming Weight Simple Power Attack (SPA) Differential Power Attack (DPA) Countermeasures My Countermeasure: EPS Conclusion for EPS. Introduction of SCAs.

tybalt
Download Presentation

Smart card security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Smart card security Speaker: 陳 育 麟 Advisor: 陳 中 平 教授

  2. Outline • Introduction of SCAs • Cryptographic Algorithms • Measurements • Hamming Weight • Simple Power Attack (SPA) • Differential Power Attack (DPA) • Countermeasures • My Countermeasure: EPS • Conclusion for EPS

  3. Introduction of SCAs • Side channel attacks (SCAs)Security ICs are vulnerable to Side-Channel Attacks (SCAs). SCAs find the secret key by monitoring the power consumption, timing information, or electromagnetic radiation that is leaked by the switching behavior of digital CMOS gates, rather than theoretical weaknesses in the algorithms. • Side-channel Information: • Power consumption • Electromagnetic radiation • Timing … Our focus Cryptographic processing (Encrypt / Decrypt) Input message Output message Secret keys

  4. Introduction of SCAs (cont’) • What kinds of SCAs?1. Differential Fault Analysis (DFA) - Biham-Shamir (1997) 2.Timing Attacks - Kocher (1996) 3. Simple Power Analysis (SPA) - Kocher, Jaffe, Jun (1998) 4. Differential Power Analysis (DPA) - Kocher, Jaffe, Jun (1998) Not very accurate! Very accurate!

  5. Cryptographic Algorithms • Data Encryption Standard (DES) • Advanced Encryption Standard (AES) • RSA • Elliptic curve … These cryptographic algorithms can be implemented by either software programming or specific hardware circuit.

  6. Measurements • Tools • Destructive Measurement • Non-destructive Measurement

  7. Measurements (cont’) • Tools Voltage probe Oscilloscope Current probe

  8. Measurements (1) • Destructive MeasurementA small resistor (e.g., 50Ω) is inserted in series with Vdd or GND.

  9. Measurements (2) • Non-destructive MeasurementWe need not modify the original circuit.

  10. Hamming Weight • Hamming Weight vs. Power Consumption Suggest that this curve is the power consumption profile of XOR. Voltage or Current

  11. Simple Power Attack (SPA) • Directly interpret the power consumption 1,2,3 … 16 2nd 3rd Different microprocessor instructions consume different power. Thus, the power consumption profiles are different. ROTATE X1 ROTATE X2

  12. Differential Power Attack (DPA) • Use extra statistical methods

  13. Countermeasures • Power Consumption Balancing This technique is suitable to logic-level synthesis, but its performance is limit.

  14. Countermeasures (1) • Addition of NoiseTo make the power consumption profile blur! To guarantee the efficiency of these two methods, the frequency of the random digit generation might be several time higher than the frequency of the system clock, and the magnitude of the noise might be a lot larger than the original system. Thus, the power consumption is very high. By the way, the area overhead is too high. Not resistant to DPA attack!Not a complete solution! Related patent:US 6,327,661

  15. Countermeasures (2.1) • Isolation circuit (1) Use an RC low-pass filter to blur the power consumption. But … “…Of course, the finite rds and capacitive coupling from drain to gate of MP1 limit the extent of the isolation…,” the paper said. Therefore … Not blurred enough!Not power efficient! Patrick Rakers, Larry Connell, Tim Collins, D Russell “Secure Contactless Smartcard ASIC with DPA Protection”, IEEE Journal of Solid-State Circuits, 2001.

  16. Countermeasures (2.2) • Isolation circuit (2)

  17. Countermeasures (2.3) • Isolation circuit (3) Quoted from:US Patent: 6,510,518 (Jan, 21, 2003)“Balanced Cryptographic Computational Method and Apparatus for Leak Minimization in SmartCards and Other Cryptosystems”

  18. Countermeasures (3.1) • WDDL (1)WDDL stands for Wave Dynamic Differential Logic.It is based on ‘constant power consumption technique’. K. Tiri, D. Hwang, A. Hodjat, B. Lai, S. Yang, P. Schaumont, and I. Verbauwhede, “A Side-Channel Leakage Free Coprocessor IC in 0.18μm CMOS for Embedded AES-based Cryptographic and Biometric Processing”, DAC, June 2005.

  19. Countermeasures (3.2) • WDDL (2) WDDL / Standard CMOS:Area: 3XPower Consumption: 13.5XSpeed: 0.24X • Resistant to both SPA and DPA attack! • The power consumption profile is completely blurred! • It is an effective method! But … • Dynamic logic is sensitive to noise! • The overheads are too high! • Not an economic method! WDDL Standard CMOS

  20. Countermeasures (3.3) • WDDL: Input buffers

  21. Countermeasures (3.4) • SDDL: Core INV gates Core SDDL INV Gate (n-logic) Core SDDL INV Gate (p-logic)

  22. Countermeasures (3.5) • SDDL: Output buffers Core SDDL INV Gate (n-logic) Core SDDL INV Gate (p-logic)

  23. My Countermeasure: EPS • Embedded Power Supply (EPS) Technology:Charge sharing phenomenon.Dynamic regulation. • Main goal:1. Resistant to both SPA and DPA attack! 2. To make the power consumption profile completely blurred! (like ‘addition of noise’ or ‘WDDL’) 3. Area overhead: less than 10%4. On the power consumption side, very little is increased! (not more than 5%)5. On the performance side, very little is lost! (not more than 5%) 6. Very easy to integrate with other circuits!

  24. My Countermeasure: EPS (cont’) • Embedded Power Supply (EPS) The minimum supply voltage of standard CMOS logic is: During the encryption, the pMOS is off and the secure circuit uses the charges of the charge pre-storing capacitor to do the encryption. Thus, no side-channel information is leaked during the encryption. By institute, the charge pre-storing capacitor is very large; therefore, It needs improvement.

  25. My Countermeasure: EPS (cont’) • Improvement for EPS This improvement takes more clocks to finish an encryption. However, this weakness can be avoided by using two charge pre-storing capacitor.

  26. My Countermeasure: EPS (cont’) • Further Improvement for EPS If the secure circuit is positive edge-triggered, the control logic will be negative edge-triggered.

  27. Conclusion for EPS • Capacitor size:Cps >> Cps’ > Cps1 = Cps2 • Area overhead:less than 10% • On the power consumption side, very little has been increased! • On the performance side, very little has been lost! • Resistant to both SPA and DPA attack.

  28. Thank you!

More Related