TY - GEN
T1 - Fundamental study on randomized processing in cryptographic IC using variable clock against Correlation Power Analysis
AU - Saito, Megumi
AU - Mizuki, Takaaki
AU - Sone, Hideaki
AU - Hayashi, Yu-Ichi
PY - 2015/12/15
Y1 - 2015/12/15
N2 - Correlation Power Analysis (CPA) is one of the typical side-channel analyses targeting cryptographic IC. CPA calculates the Poisson correlation function between transient currents (which are generated from a cryptographic IC depending on the processed data) and hypothetical current values and then recovers the secret key from a high number of correlation computations. Countermeasures against side-channel attacks mainly focus on algorithms and architecture at the design levels. These methods suffer from some problems, e.g., increase in processing time and circuit scale. This paper discusses a countermeasure against CPA, which can be relatively inexpensively and easily implemented. CPA calculates the correlation value between the transient current waveforms and hypothetical current values under the assumption that the specific process that leaks the secret key information is always performed after a certain time from the time when the cryptographic IC starts performing encryption or decryption and recovers the secret key. Therefore, we consider the possibility of randomizing the time when a cryptographic IC runs the process where the secret key information is leaked to suppress the leakage of side-channel information available in recovering the secret key. In this paper, we propose a method of changing the clock frequencies for each encryption or decryption to randomize the time. In our experiment, we employed Side-channel Attack Standard Evaluation Board (SASEBO-G) and implemented Advanced Encryption Standard (AES) on a field-programmable gate array (FPGA) of SASEBO-G. We measured the transient currents in a cryptographic FPGA that was supplied a spread-spectrum clock while it performs AES encryption. We calculated the correlation value between each transient current waveform and a hypothetical current value and demonstrated that this process is effective as a countermeasure against CPA.
AB - Correlation Power Analysis (CPA) is one of the typical side-channel analyses targeting cryptographic IC. CPA calculates the Poisson correlation function between transient currents (which are generated from a cryptographic IC depending on the processed data) and hypothetical current values and then recovers the secret key from a high number of correlation computations. Countermeasures against side-channel attacks mainly focus on algorithms and architecture at the design levels. These methods suffer from some problems, e.g., increase in processing time and circuit scale. This paper discusses a countermeasure against CPA, which can be relatively inexpensively and easily implemented. CPA calculates the correlation value between the transient current waveforms and hypothetical current values under the assumption that the specific process that leaks the secret key information is always performed after a certain time from the time when the cryptographic IC starts performing encryption or decryption and recovers the secret key. Therefore, we consider the possibility of randomizing the time when a cryptographic IC runs the process where the secret key information is leaked to suppress the leakage of side-channel information available in recovering the secret key. In this paper, we propose a method of changing the clock frequencies for each encryption or decryption to randomize the time. In our experiment, we employed Side-channel Attack Standard Evaluation Board (SASEBO-G) and implemented Advanced Encryption Standard (AES) on a field-programmable gate array (FPGA) of SASEBO-G. We measured the transient currents in a cryptographic FPGA that was supplied a spread-spectrum clock while it performs AES encryption. We calculated the correlation value between each transient current waveform and a hypothetical current value and demonstrated that this process is effective as a countermeasure against CPA.
KW - Cryptographic IC
KW - EM information leakage
KW - Side-channel attack
UR - http://www.scopus.com/inward/record.url?scp=84964057145&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84964057145&partnerID=8YFLogxK
U2 - 10.1109/EMCCompo.2015.7358327
DO - 10.1109/EMCCompo.2015.7358327
M3 - Conference contribution
AN - SCOPUS:84964057145
T3 - EMC Compo 2015 - 2015 10th International Workshop on the Electromagnetic Compatibility of Integrated Circuits
SP - 39
EP - 43
BT - EMC Compo 2015 - 2015 10th International Workshop on the Electromagnetic Compatibility of Integrated Circuits
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 10th International Workshop on the Electromagnetic Compatibility of Integrated Circuits, EMC Compo 2015
Y2 - 10 November 2015 through 13 November 2015
ER -