Gelişmiş Şifreleme Standardı (AES) Algoritmasının Yan-Kanal Saldırılarına Dayanıklı ve Enerji Verimliliği Yüksek Paralel ASIC Uygulaması

Öz

Şifreleme, giderek birbirine bağlanan bir dünyada her zamankinden daha önemli hale gelmektedir. Gelişmiş Şifreleme Standardı (AES), matematiksel özellikleri sayesinde 20 yıldan fazla bir süre sonra hala güvenli kabul edilmektedir. Ancak yan kanal saldırıları (SCA), uygunsuz AES uygulamalarını tehdit etmektedir. Bu çalışmada farklı AES uygulamaları tanıtılmakta ve bunların güç Yan-Kanal Saldırısı’na (SCA), spesifik olarak Korelasyon Güç Analizi (CPA) saldırısı, karşı dirençleri gösterildi. Enerji verimliliği açısından, yan-kanal saldırısına karşı yapılan eklemeler nedeniyle güç tüketiminde meydana gelen artış, yazmaç düzeyindeki organizasyonlar ve çip akışı bazlı optimizasyonlar ile minimuma indirildi. Farklı AES uygulamaları oluşturuldu ve Cadence ASIC akışı (TSMC 65 nm LP teknolojisi) aracılığıyla işlendi. Yan-Kanal Saldırısı direnci, RTL'den GDSII'ye çip akışından sonra elde edilen gerçekçi güç tüketimi değerleri üzerinde çalışan ChipWhisperer platformu kullanılarak değerlendirildi. Sonuçlar, AES turlarının boru hattına yerleştirilmesinin ve açılmasının (unroll), enerji verimliliğinde minimum azalma karşılığında Yan-Kanal Saldırısı direncini arttırdığını göstermektedir. Önerilen uygulamalar farklı Yan-Kanal Saldırısı savunma önlemleriyle kullanılmaya uygundur.

Anahtar Kelimeler

• Gelişmiş Şifreleme Standardı (AES) ASIC Uygulaması
• Donanım Güvenliği
• Dijital CMOS Tasarımı
• Yan-Kanal Saldırıları
• Korelasyon Güç Analizi (CPA)
• ChipWhisperer

An Energy-efficient Parallel ASIC Implementation of Advanced Encryption Standard (AES) Algorithm Robust against Side-channel Attacks

Öz

Encryption becomes more crucial than ever in an increasingly interconnected world. Advanced Encryption Standard (AES) is still considered secure after more than 20 years thanks to its mathematical properties. However, side-channel attacks (SCA) threaten improper AES implementations. In this paper, different AES implementations are introduced, and their resistances against power SCA, namely Correlation Power Analysis (CPA) attack, are shown. For energy efficiency, the increase in power consumption due to the extras added for countering SCA was minimized by register-level organizations and process-related optimizations. Different AES implementations were constructed and processed through Cadence ASIC flow (TSMC 65 nm LP technology). SCA resistance was evaluated using the ChipWhisperer platform operating on realistic power consumption values obtained after RTL-to-GDSII flow. The results demonstrate that pipelining and unrolling the AES rounds increase the SCA resistance at the expense of a minimal reduction in energy efficiency. The proposed implementations are suitable for use with different side-channel attack countermeasures.

Anahtar Kelimeler

• ASIC Implementation of Advanced Encryption Standard (AES)
• Hardware Security
• Digital CMOS Design
• Side-Channel Attacks
• Correlation Power Analysis (CPA)
• ChipWhisperer

Kaynakça

1. [1] Daemen, J., Rijmen, V. 2000. The Block Cipher Rijndael. In J.-J. Quisquater, B. Schneier ed. Smart Card Research and Applications. Springer Berlin Heidelberg, Berlin, Heidelberg, pp. 277–284. DOI: https://doi.org/10.1007/10721064_26
2. [2] National Institute of Standards and Technology. 2016. Cryptographic Standards and Guidelines AES Development. https://csrc.nist.gov/projects/cryptographic-standards-and-guidelines/archived-crypto-projects/aes-development (Accessed: 23.07.2022).
3. [3] Alghazzawi, D. M., Hasan, S. H., Trigui, M. S. 2014. Advanced Encryption Standard - Cryptanalysis research. 2014 International Conference on Computing for Sustainable Global Development (INDIACom), pp. 660–667. DOI: 10.1109/IndiaCom.2014.6828045
4. [4] Socha, P., Brejník, J., Bartik, M. 2018. Attacking AES implementations using correlation power analysis on ZYBO Zynq-7000 SoC board. 2018 7th Mediterranean Conference on Embedded Computing (MECO), pp. 1–4. DOI: 10.1109/MECO.2018.8406034
5. [5] Zhou, Y., Feng, D. 2005. Side-Channel Attacks: Ten Years After Its Publication and the Impacts on Cryptographic Module Security Testing. IACR Cryptol. ePrint Arch., 388. http://eprint.iacr.org/2005/388 (Accessed: 23.07.2022).
6. [6] Ghandali, S., Ghandali, S., Tehranipoor, S. 2021. Deep K-TSVM: A Novel Profiled Power Side-Channel Attack on AES-128. IEEE Access, Vol. 9, pp. 136448–136458. DOI: 10.1109/ACCESS.2021.3117761
7. [7] Mushtaq, M., Akram, A., Bhatti, M. K., Rais, R. N. B., Lapotre, V., Gogniat, G. 2018. Run-time Detection of Prime + Probe Side-Channel Attack on AES Encryption Algorithm. 2018 Global Information Infrastructure and Networking Symposium (GIIS), pp. 1–5. DOI: 10.1109/GIIS.2018.8635767
8. [8] Guo, S., Zhao, X., Zhang, F., Wang, T., Shi, Z. J., Standaert, F.-X., Ma, C. 2014. Exploiting the Incomplete Diffusion Feature: A Specialized Analytical Side-Channel Attack Against the AES and Its Application to Microcontroller Implementations. IEEE Transactions on Information Forensics and Security, Vol. 9(6), pp. 999–1014. DOI: 10.1109/TIFS.2014.2315534

9. [9] Brier, E., Clavier, C., Olivier, F. 2004. Correlation Power Analysis with a Leakage Model. In M. Joye, J.-J. Quisquater ed. Cryptographic Hardware and Embedded Systems - CHES 2004. Springer Berlin Heidelberg, Berlin, Heidelberg, pp. 16–29. DOI: https://doi.org/10.1007/978-3-540-28632-5_2
10. [10] Kundrata, J., Fujimoto, D., Hayashi, Y., Barić, A. 2020. Comparison of Pearson correlation coefficient and distance correlation in Correlation Power Analysis on Digital Multiplier. 2020 43rd International Convention on Information, Communication and Electronic Technology (MIPRO), pp. 146–151. DOI: 10.23919/MIPRO48935.2020.9245325
11. [11] Brown, S. D., Vranesic, Z. G. 2012. Fundamentals of Digital Logic with VHDL Design. 3rd edition. McGraw Hill Education, p. 624.
12. [12] Weste, N. H. E., Harris, D. 2005. CMOS VLSI Design: A Circuits and Systems Perspective. 3rd edition. Pearson Education, pp. 188-191, 196.
13. [13] TSMC Technologies. https://europractice-ic.com/technologies/asics/tsmc/ (Accessed: 23.07.2022).
14. [14] Sedra, A. S., Smith, K. C. 2011. Microelectronic Circuits. 6th edition. Oxford University Press, New York, pp. 362-366.
15. [15] Bassham, L. E. 2002. The Advanced Encryption Standard Algorithm Validation Suite (AESAVS). https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/aes/AESAVS.pdf (Accessed: 23.07.2022).
16. [16] NewAE Technology. 2022. Analyzer. https://chipwhisperer.readthedocs.io/en/latest/analyzer-api.html (Accessed: 08.05.2023).
17. [17] NewAE Technology. 2018. Correlation Power Analysis. https://wiki.newae.com/Correlation_Power_Analysis (Accessed: 23.07.2022).
18. [18] O’Flynn, C. 2016. Introduction to Side-Channel Power Analysis (SCA, DPA). https://www.youtube.com/watch?v=OlX-p4AGhWs (Accessed: 11.05.2023).
19. [19] Tokunaga, C., Blaauw, D. 2009. Secure AES Engine with a Local Switched-Capacitor Current Equalizer. 2009 IEEE International Solid-State Circuits Conference - Digest of Technical Papers, pp. 64-65,65a. DOI: 10.1109/ISSCC.2009.4977309
20. [20] Lu, S., Zhang, Z., Papaefthymiou, M. 2015. 1.32GHz High-Throughput Charge-Recovery AES Core with Resistance to DPA Attacks. 2015 Symposium on VLSI Circuits (VLSI Circuits), pp. C246–C247. DOI: 10.1109/VLSIC.2015.7231274
21. [21] Miura, N., Fujimoto, D., Korenaga, R., Matsuda, K., Nagata, M. 2014. An Intermittent-Driven Supply-Current Equalizer for 11x and 4x Power-Overhead Savings in CPA-Resistant 128bit AES Cryptographic Processor. 2014 IEEE Asian Solid-State Circuits Conference (A-SSCC), pp. 225–228. DOI: 10.1109/ASSCC.2014.7008901
22. [22] Chou, Y.-H., Lu, S.-L. L. 2019. A High Performance, Low Energy, Compact Masked 128-Bit AES in 22nm CMOS Technology. 2019 International Symposium on VLSI Design, Automation and Test (VLSI-DAT), pp. 1–4. DOI: 10.1109/VLSI-DAT.2019.8741835
23. [23] Kar M., Singh A., Mathew S. K., Rajan A., De V., Mukhopadhyay S. 2018. Reducing Power Side-Channel Information Leakage of AES Engines Using Fully Integrated Inductive Voltage Regulator. IEEE Journal of Solid-State Circuits, Vol. 53(8), pp. 2399-2414. DOI: 10.1109/JSSC.2018.2822691
24. [24] Dhanuskodi, S. N., Holcomb, D. 2019. Enabling Microarchitectural Randomization in Serialized AES Implementations to Mitigate Side Channel Susceptibility. 2019 IEEE Computer Society Annual Symposium on VLSI (ISVLSI), Miami, FL, USA, pp. 314-319. DOI: 10.1109/ISVLSI.2019.00064
25. [25] Tiri, K., Hwang, D., Hodjat, A., Lai, B.-C., Yang, S., Schaumont, P., Verbauwhede, I. 2005. Prototype IC with WDDL and Differential Routing -- DPA Resistance Assessment. In J. R. Rao, B. Sunar ed. Cryptographic Hardware and Embedded Systems -- CHES 2005. Springer Berlin Heidelberg, Berlin, Heidelberg, pp. 354–365. DOI: https://doi.org/10.1007/11545262_26
26. [26] Ors, S. B., Gurkaynak, F., Oswald, E., Preneel, B. 2004. Power-Analysis Attack on an ASIC AES Implementation. International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004., Vol. 2, pp. 546-552. DOI: 10.1109/ITCC.2004.1286711
27. [27] Peng, Y., Zhao, H., Sun, X., Sun, C. 2017. A Side-Channel Attack Resistant AES with 500Mbps, 1.92pJ/Bit PVT Variation Tolerant True Random Number Generator. 2017 IEEE Computer Society Annual Symposium on VLSI (ISVLSI), pp. 249–254. DOI: 10.1109/ISVLSI.2017.51
28. [28] Lagasse, J., Bartoli, C., Burleson, W. 2019. Combining Clock and Voltage Noise Countermeasures Against Power Side-Channel Analysis. 2019 IEEE 30th International Conference on Application-Specific Systems, Architectures and Processors (ASAP), pp. 214–217. DOI: 10.1109/ASAP.2019.00009