Recent advances in Field Programmable Gate Array (FPGA) technology are bound to make FPGAs a popular platform for battery powered devices. Many applications of such devices are mission critical and require the use of cryptographic algorithms to provide the desired security. However, Differential Power Analysis (DPA) attacks pose a sever threat against otherwise secure cryptographic implementations. Current techniques to defend against DPA attacks such as Dynamic Differential Logic (DDL) lead to an increase in area consumption of factor five or more. In this project we show that moderate security against DPA attacks can be achieved for FPGAs using DDL resulting in an area increase of not much more than a factor two over standard FPGA implementations. Our design flow requires only FPGA design tools and some scripts.
Related Publication
Current techniques to implement Dynamic Differential Logic (DDL), a countermeasure against Differential Power Analysis (DPA) on Field Programmable Gate Arrays (FPGAs) lead to an increase in area consumption of up to factor 11. In this project we introduce Partial DDL, a technique in which DDL is applied only to a part of the cryptographic hardware implementation. We propose principle rules for Partial DDL to guide the designer in how to split up a circuit into DDL protected and unprotected paths. In order to validate our approach we implemented a lightweight architecture of AES in the Partial Separated Dynamic Differential Logic (Partial SDDL) for FPGAs. The results show that our implementation with Partial SDDL is as resistant to DPA as a full SDDL implementation while it consumes only 76% of the total area occupied by the full SDDL design. This is an area increase of 2.3 times over an unprotected single ended design.
Related Publication
Security at low cost is an important factor for cryptographic hardware implementations. Unfortunately, the security of cryptographic implementations is threatened by Side Channel Analysis (SCA). SCA attempts to discover the secret key of a device by exploiting implementation characteristics and bypassing the algorithm's mathematical security. Differential Power Analysis (DPA) is a type of SCA, which exploits the device's power consumption characteristics. Several countermeasures to DPA have been proposed, however, all of them increase security at the cost of increased area which in-turn leads to increased power consumption and reduced throughput. FPGAs are popular due to their reconfigurability, lower development cost, off-the-shelf availability and shorter time to market. Block RAMs (BRAM) are large memories in FPGAs that are commonly used as ROM, FIFO, Look-up tables, etc. In this project we explore the DPA resistance of BRAMs in Xilinx FPGAs and verify if their usage can improve the security. The results of our Advanced Encryption Standard (AES) implementations show that using BRAMs alone can improve the security over a look-up table (LUT) only design 9 times. Applying Separated Dynamic Differential Logic (SDDL) for FPGAs, a countermeasure against DPA, to this design doubles the security again leading to an 18 fold increase over the unprotected LUT design.
Related Publication
Block RAMs (BRAMs) are commonly used by implementations of cryptographic algorithms on Field Programmable Gate Arrays (FPGAs). Unfortunately, any hardware implementation of a cryptographic function is susceptible to differential power analysis (DPA) attacks unless it is protected. Dynamic and Differential Logic (DDL), a constant power consumption logic style, is the most popular and successful defense method against DPA attacks. The required Measurements to Disclosure (MTD) of the key has been shown to be larger than the life period of the secret key in most systems. DDL implementations on FPGAs proposed till date incur a large area overhead. In this roject we show that BRAMs can be used within a DDL design without compromising its security. We propose and analyze several implementation techniques for using BRAMs in DDL designs. Our results show that such DDL implementations increase the MTDs by a factor 4 over unprotected designs which use BRAMs and by a factor 2.5 over DDL implementations which do not use BRAMs.
Related Publication
Implementations of mathematically secure cryptographic algorithms leak information through side channels during run time. Differential Power Analysis (DPA) attacks exploit power leakage to obtain the secret information. Dynamic and Differential Logic (DDL), one of the popular countermeasures against DPA attacks, tries to achieve constant power consumption thereby decorrelating the leakage with the data being processed. Separated Dynamic and Differential Logic (SDDL), a variant of DDL, achieves this goal by duplicating the original design into Direct and Complementary parts which exhibit constant switching activity per clock cycle and have balanced net delays. Traditionally, on Field Programmable Gate Arrays (FPGAs) both parts are placed side-by-side to ensure symmetrical routing. However, due to process variations both parts will have slightly different delays. This limits the effectiveness of SDDL. In this project we introduce a design flow to achieve interleaved placement of SDDL designs on Xilinx Spartan-3E FPGAs while preserving symmetric routing. We explore several placement configurations with respect to routing and security. The results of our experiments show that a well-balanced placement of SDDL can double the effectiveness of the SDDL countermeasures on FPGAs.
Related Publication