S-kutusu Büyüklüğünün Korelasyon Güç Analizi Sonuçlarına Etkisi

Yıl 2023, Cilt: 13 Sayı: 1, 31 - 39, 23.01.2023

Selçuk Kavut , Yasin Reşit Yargıcı

Öz

Simetrik bir kripto-sistemde küçük S-kutularının kullanımı, gömüldüğü donanımın güç tüketimini azaltmaktadır. Bu durumun yan kanal analizi (YKA) sonuçlarında gürültünün bozucu etkisini arttırdığı bilinmektedir. Bu çalışmamızda, bahsedilen etkiyi deneysel olarak doğrulamak için, 4x4 S-kutularına sahip hafif sıklet blok şifreleme algoritması PRESENT, SAKURA-X kriptografik donanımı üzerinde gerçeklenmiş ve en etkili YKA yöntemlerinden olan korelasyon güç analizi (KGA) yapılmıştır. Bunun sonucunda, ölçüm düzeneğimiz vasıtasıyla alınan güç ölçümlerinde oluşan gürültünün doğru anahtar tespitini zorlaştırdığı görülmüştür. Ayrıca, PRESENT için gürültülü güç ölçümlerinin benzetimi ile KGA yürütüldüğünde, doğru anahtarın başarılı bir şekilde elde edildiği gözlenmiştir. Diğer taraftan, S-kutuları 8x8 AES S-kutusu ile değiştirilmiş PRESENT için aynı ölçüm düzeneğiyle KGA uyguladığımızda, güç tüketimi artışına paralel olarak, gürültü etkisinin daha az olduğu ve doğru anahtarın daha kolay elde edildiği gösterilmiştir.

Anahtar Kelimeler

PRESENT, S-kutusu, SAKURA-X, Korelasyon Güç Analizi (KGA)

Impact of S-box Size on Results of Correlation Power Analysis

Öz

Use of small S-boxes in a symmetric crypto-system reduces power consumption of its embedded hardware. It is known that this increases the adverse effect of noise on the results of side channel analysis (SCA). Here, to verify the mentioned effect experimentally, the lightweight block cipher PRESENT having 4x4 S-boxes is implemented on the cryptographic hardware SAKURA-X and correlation power analysis (CPA), one of the most powerful methods of SCA, is realized. Consequently, we find that the noise occurring within the power traces obtained by our measurement setup makes it difficult to identify the correct key. Further, when we apply CPA to PRESENT by simulating the noisy power traces, we get the correct key successfully. On the other hand, applying CPA, with the same measurement setup, to PRESENT in which the S-boxes are replaced with the AES S-box of size 8x8, we show that, parallel to the increase in power consumption, the noise effect is lesser and it is easier to find the correct key.

Anahtar Kelimeler

PRESENT, S-box, SAKURA-X, Correlation Power Analysis (CPA)

Kaynakça

• A. Bogdanov, L. R. Knudsen, G. Leander, C. Paar, A. Poschmann, M. J. B. Robshaw, Y. Seurin, C. Vikkelsoe. PRESENT: An ultra-lightweight block cipher. In: Cryptographic Hardware and Embedded Systems - CHES 2007, LNCS, vol. 4727, pp. 450-466, Springer, 2007.
• ISO. ISO/IEC 29192-2:2012 Information technology - Security techniques - Lightweight cryptography - Part 2: Block ciphers. URL: https://www.iso.org/standard/ 56552.html (Erişim tarihi: 10, 19, 2022)
• P. Kocher, J. Jaffe, B. Jun. Differential power analysis. In: Advances in Cryptology - CRYPTO’99, LNCS, vol. 1666, pp. 388-397, Springer, 1999.
• B. Gierlichs, L. Batina, P. Tuyls, B. Preneel. Mutual information analysis. In: Cryptographic Hardware and Embedded Systems - CHES 2008, LNCS, vol. 5154, pp. 426-442, Springer, 2008.
• E. Brier, C. Clavier, F. Olivier. Correlation power analysis with a leakage model. In: Cryptographic Hardware and Embedded Systems - CHES 2004, LNCS, vol. 3156, pp. 16-29 Springer, 2004.
• O. Lo, W. J. Buchanan, D. Carson. 2016. Power analysis attacks on the AES-128 S-box using differential power analysis (DPA) and correlation power analysis (CPA). Journal of Cyber Security Technology, 1(2):88-107, 2016.
• A. Moradi, N. Mousavi, C. Paar, M. Salmasizadeh. A comparative study of mutual information analysis under a Gaussian assumption. In: Information Security Applications - WISA 2009, LNCS, vol. 5932, Springer, 2009.
• S. Nikova, C. Rechberger, V. Rijmen. Threshold implementations against side-channel attacks and glitches. In: Information and Communications Security - ICICS 2006, LNCS, vol. 4307, pp. 529-545 Springer, 2006.
• T. De Cnudde, O. Reparaz, B. Bilgin, S. Nikova, V. Nikov, V. Rijmen. Masking AES with d+1 shares in hardware. In: Cryptographic Hardware and Embedded Systems - CHES 2016, LNCS, vol. 9813, pp. 194-212 Springer, 2016.
• T. Güneysu, A. Moradi. Generic side-channel countermeasures for reconfigurable devices. In: Cryptographic Hardware and Embedded Systems - CHES 2011, LNCS, vol. 6917, pp. 33-48, Springer, 2011.
• S. Mangard, E. Oswald, T. Popp. Power analysis attacks: revealing the secrets of smart cards, Springer, US, 2007.
• E. Biham, A. Shamir. Differential cryptanalysis of DES-like cryptosystems. Journal of Cryptology, 4(1):3-72, 1991.
• M. Matsui. M. Linear cryptanalysis method for DES cipher. In: EUROCRYPT’93, LNCS, vol. 765, pp. 386-397, Springer, 1994.
• M. Renauld, F.-X. Standaert. Algebraic side-channel attacks. In: Information Security and Cryptology - Inscrypt 2009. LNCS, vol. 6151, pp. 393-410, Springer, 2010.
• L. Yang, M. Wang, S. Qiao. Side channel cube attack on PRESENT. Cryptology and Network Security - CANS 2009, LNCS, vol. 5888, pp. 379-391, Springer, 2009.
• X.-J. Zhao, T. Wang, S.-Z. Guo. Improved side channel cube attacks on PRESENT. Cryptology ePrint Archive, URL: https://eprint.iacr.org/2011/165 (Erişim tarihi: 10, 19, 2022).
• X. Duan, Q. Cui, S. Wang, H. Fang, G. She. Differential power analysis attack and efficient countermeasures on PRESENT. In: Proceedings of the 8th IEEE International Conference on Communication Software and Networks - ICCSN 2016, pp. 8-12, IEEE, 2016.
• L. Goubin, A. Martinelli, M. Walle. Impact of Sboxes size upon side channel resistance and block cipher design. In: Progress in Cryptology - AFRICACRYPT 2013, LNCS, vol. 7918, pp 240-259, Springer, 2013.
• C. Carlet, E. de Chérisey, S. Guilley, S. Kavut, D. Tang. Intrinsic resiliency of s-boxes against side-channel attacks best and worst scenarios. IEEE Transactions on Information Forensics and Security, 16:203-218, 2021.
• A. Heuser, S. Picek, S. Guilley, N. Mentens. Lightweight ciphers and their side-channel resilience. IEEE Transactions on Computers, 69(10):1434-1448, 2020.
• J. Zhang, D. Gu, Z. Guo, L. Zhang. Differential power cryptanalysis attacks against PRESENT implementation. In: Proceedings of the 3rd International Conference on Advanced Computer Theory and Engineering - ICACTE 2010, vol. 6, pp. 61-65, IEEE, 2010.
• C. Wang, M. Yu, J. Wang, P. Jiang, X. Tang. A more practical CPA attack against PRESENT hardware implementation. In: Proceedings of the 2nd International Conference on Cloud Computing and Intelligence Systems - CCIS 2012, pp. 1248-1253, IEEE, 2012.
• O. Lo, W. J. Buchanan, D. Carson. Correlation power analysis on the PRESENT block cipher on an embedded device. In: Proceedings of the 13th International Conference on Availability Reliability and Security- ARES 2018, pp. 6-11, ACM, 2018.
• Q. Fang, M. Alioto. Last-round and joint first/last-round power analysis attacks on PRESENT. In: Proceedings of Asian Hardware Oriented Security and Trust Symposium - AsianHOST 2021, pp. 1-6, IEEE, 2021.
• SAKURA (SASEBO-GIII). URL: https://satoh.cs.uec.ac. jp/SAKURA/hardware/SAKURA-X.html (Erişim tarihi: 10, 19, 2022).
• Y. Hori, T. Katashita, A. Sasaki, A. Satoh. SASEBO-GIII: A hardware security evaluation board equipped with a 28-nm FPGA. In: Proceedings of the 1st IEEE Global Conference on Consumer Electronics, pp. 657-660, IEEE, 2012.
• F.-X. Standaert, T. G. Malkin, M. Yung. A unified framework for the analysis of side-channel key recovery attacks. In: Advances in Cryptology - EUROCRYPT 2009, LNCS, vol. 5479, pp 443-461, Springer, 2009.
• GitHub. URL: https://github.com/Selcuk-kripto/cpa_present (Erişim tarihi: 10, 19, 2022).