Paper 2017/1195

CAPA: The Spirit of Beaver against Physical Attacks

Oscar Reparaz and Lauren De Meyer and Begül Bilgin and Victor Arribas and Svetla Nikova and Ventzislav Nikov and Nigel Smart

Abstract

In this paper, we introduce CAPA: a combined countermeasure against physical attacks. Our countermeasure provides security against higher-order SCA, multiple-shot DFA and combined attacks, scales to arbitrary protection order and is suitable for implementation in embedded hardware and software. The methodology is based on an attack model which we call tile-probe-and-fault, which is an extension (in both attack surface and capabilities) of prior work such as the wire-probe model. The tile-probe-and-fault leads one to naturally look (by analogy) at actively secure multi-party computation protocols such as SPDZ. We detail several proof-of-concept designs using the CAPA methodology: a hardware implementation of the KATAN and AES block ciphers, as well as a software bitsliced AES S-box implementation. We program a second-order secure version of the KATAN design into a Spartan-6 FPGA and perform a side-channel evaluation. No leakage is detected with up to 18 million traces. We also deploy a second-order secure software AES S-box implementation into an ARM Cortex-M4. Neither first- nor second-order leakage is detected with up to 200 000 traces. Both our implementations can detect faults within a strong adversarial model with arbitrarily high probability.

Note: Added Acknowledgements Section