Cryptology ePrint Archive: Report 2020/250

On a Side Channel and Fault Attack Concurrent Countermeasure Methodology for MCU-based Byte-sliced Cipher Implementations

Ehsan Aerabi and Athanasios Papadimitriou and David Hely

Abstract: As IoT applications are increasingly being deployed, there comes along an ever increasing need for the security and privacy of the involved data. Since cryptographic implementations are used to achieve these goals, it is important for embedded software developers to take into consideration hardware attacks. Side Channel Analysis (SCA) and Fault Attacks (FA) are the main classes of such attacks, which can either reduce or even eliminate the security levels of an em-bedded design. Therefore, cryptographic implementations must address both of them at the same time. To this end, multiple solutions have been proposed to address both attacks in one solution, such as Dual Pre-charge Logic (DPL) and Encoding countermeasures. In this work, we discuss the advantages and disadvantages of the state of the art, concurrent SCA and FA countermeasures. Additionally, we propose a software countermeasure in order to provide protection against both types of attacks. The proposed countermeasure is a general approach, applicable to any byte-sliced cipher and any modern MCUs (32- and 64-bit). The proposed countermeasure is ap-plied to an AES S-BOX implementation, for a 32-bit MCU (ARM Cortex-M3). The countermeasure has been experimen-tally evaluated against Correlation Power Analysis (CPA) attacks for both platforms while its fault detection capabilities are theoretically described.

Category / Keywords: implementation / Hardware security, Side channel attacks, Fault attacks, Countermeasure; AES, byte-sliced ciphers

Original Publication (with minor differences): 2019 IEEE 25th International Symposium on On-Line Testing and Robust System Design (IOLTS)

Date: received 23 Feb 2020, last revised 26 Feb 2020

Contact author: ehsan aerabi at lcis grenoble-inp fr

Available format(s): PDF | BibTeX Citation

Version: 20200226:212703 (All versions of this report)

Short URL: ia.cr/2020/250


[ Cryptology ePrint archive ]