Skip to main content
SpringerLink
Log in

Side Channel Attacks

  • Chapter
Book cover Security Trends for FPGAS

Abstract

This chapter presents the main Side-Channel Attacks, a kind of hardware cryptanalytic techniques which exploits the physical behavior of an IC to extract secrets implied in cryptographic operations. We show in this chapter the main modern concepts about Side Channel Attacks (Simple and Differential Power Analysis) and how they can be deployed on FPGA architecture. We give also a set of details on platform and equipment needed to conduct such type of experiments. Then we propose a discussion about the leakage model of digital IC, comprising FPGA, and we illustrate these attacks on a set of real case study. We conclude this chapter by giving the latest information and link toward new efficient Side Channel Attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Tektronix Current Probes Ct1, Ct2, Ct6. http://www.tek.com

  2. Data Encryption Standard: FIPS PUB 46-3 (1999)

    Google Scholar 

  3. Advanced Encryption Standard: FIPS PUB 197 (2001)

    Google Scholar 

  4. A method for resynchronizing a random clock on smartcards. In: Eurosmart (2001)

    Google Scholar 

  5. A simple power analysis attack against the key schedule of the camellia block cipher. Inf. Process. Lett. 95(3), 409–412 (2005)

    Google Scholar 

  6. Improving the DPA attack using wavelet transform. In: NIST Physical Security Testing Workshop (2005)

    Google Scholar 

  7. High-resolution side-channel attack using phase-based waveform matching. In: CHES, pp. 187–200 (2006)

    Google Scholar 

  8. Diode Laser Station. Riscure (2009)

    Google Scholar 

  9. DPA contest 2008/2009. http://www.dpacontest.org (2009)

  10. Anderson, R., Kuhn, M.: Low cost attacks on tamper resistant devices. In: Proceedings of the 5th International Workshop on Security Protocols, pp. 125–136 (1998)

    Chapter  Google Scholar 

  11. Archambeau, C., Peeters, É., Standaert, F.-X., Quisquater, J.-J.: Template attacks in principal subspaces. In: CHES, Yokohama, Japan, October 10–13. LNCS, vol. 4249, pp. 1–14. Springer, Berlin (2006)

    Google Scholar 

  12. Bar-el, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The sorcerer’s apprentice guide to fault attacks (2004)

    Google Scholar 

  13. Di-Battista, J., Courrège, J.-C., Rouzeyre, B., Torres, L., Perdu, P.: When failure analysis meets side-channel attacks. In: CHES, pp. 188–202 (2010). doi:10.1007/978-3-642-15031-9_13

    Google Scholar 

  14. Bevan, R., Knudsen, E.: Ways to enhance differential power analysis. In: ICISC, pp. 327–342 (2002)

    Google Scholar 

  15. Bhasin, S., Selmane, N., Guilley, S., Danger, J.-L.: Security evaluation of different AES implementations against practical setup time violation attacks in FPGAs. In: HOST (Hardware Oriented Security and Trust), July 27th, pp. 15–21. IEEE Comput. Soc., Los Alamitos (2009). doi:10.1109/HST.2009.5225057. In conjunction with DAC-2009, Moscone Center, San Francisco, CA, USA

    Google Scholar 

  16. Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: CRYPTO, pp. 513–525 (1997)

    Google Scholar 

  17. Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults (extended abstract). In: EUROCRYPT, pp. 37–51 (1997)

    Google Scholar 

  18. Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: CHES, pp. 16–29 (2004)

    Google Scholar 

  19. Brumley, D., Boneh, D.: Remote timing attacks are practical. In: SSYM’03: Proceedings of the 12th Conference on USENIX Security Symposium, pp. 1–1. USENIX Association, Berkeley (2003)

    Google Scholar 

  20. Chari, S., Rao, J., Rohatgi, P.: Template attacks. In: CHES, pp. 13–28 (2002)

    Google Scholar 

  21. Clavier, C., Coron, J.-S., Dabbous, N.: Differential power analysis in the presence of hardware countermeasures. In: CHES, pp. 252–263 (2000)

    Google Scholar 

  22. Coron, J.-S., Naccache, D., Kocher, P.: Statistics and secret leakage. ACM Trans. Embed. Comput. Syst. 3(3), 492–508 (2004)

    Article  Google Scholar 

  23. Dehbaoui, A., Lomne, V., Maurine, P., Torres, L.: Magnitude squared incoherence EM analysis for integrated cryptographic module localisation. Electron. Lett. 45(15), 778–780 (2009). doi:10.1049/el.2009.0342

    Article  Google Scholar 

  24. Dinur, I., Shamir, A.: Generic analysis of small cryptographic leaks. In: FDTC, Santa Barbara, CA, USA, August 21, pp. 51–65. IEEE Comput. Soc., Los Alamitos (2010). doi:10.1109/FDTC.2010.11

    Google Scholar 

  25. Dinur, I., Shamir, A.: Side channel cube attacks on block ciphers. Cryptology ePrint Archive, Report 2009/127. http://eprint.iacr.org/ (March 2009)

  26. Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: concrete results. In: CHES, pp. 251–261 (2001)

    Google Scholar 

  27. Gierlichs, B., Lemke-Rust, K., Paar, C.: Templates vs. stochastic methods. In: CHES, Yokohama, Japan, October 10–13. LNCS, vol. 4249, pp. 15–29. Springer, Berlin (2006)

    Google Scholar 

  28. Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual information analysis. In: CHES, pp. 426–442 (2008)

    Google Scholar 

  29. Batina, L., Gierlichs, B., Prouff, E., Rivain, M., Standaert, F., Veyrat-Charvillon, N.: Mutual information analysis: a comprehesive study. J. Cryptol. 24(2), pp. 269–291 (2010)

    Article  Google Scholar 

  30. Giraud, C., Thiebeauld, H.: A survey on fault attacks. In: Smart Card Research and Advanced Applications VI, IFIP 18th, World Computer Congress, TC8/WG8.8 & TC11/WG11.2 Sixth International Conference on Smart Card Research and Advanced Applications (CARDIS), Toulouse, France, 22–27 August, pp. 159–176. Kluwer, Dordrecht (2004)

    Google Scholar 

  31. Guilley, S., Hoogvorst, P., Pacalet, R.: Differential power analysis model and some results. In: Proceedings of WCC/CARDIS, Toulouse, France, August, pp. 127–142. Kluwer, Dordrecht (2004). doi:10.1007/1-4020-8147-2_9

    Google Scholar 

  32. Handschuh, H., Paillier, P., Stern, J.: Probing attacks on tamper-resistant devices. In: CHES, pp. 303–315 (1999)

    Google Scholar 

  33. Kafi, M., Guilley, S., Marcello, S., Naccache, D.: Deconvolving protected signals. In: ARES/CISIS, Fukuoka, Kyūshū, Japan, March 16th–19th, pp. 687–694. IEEE Comput. Soc., Los Alamitos (2009). doi:10.1109/ARES.2009.197

    Google Scholar 

  34. Khelil, F., Hamdi, M., Guilley, S., Danger, J.-L., Selmane, N.: Fault analysis attack on an FPGA AES implementation. In: NTMS, Tangier, Morocco, November, pp. 1–5. IEEE (2008). doi:10.1109/NTMS.2008.ECP.45

  35. Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: CRYPTO ’96: Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology, pp. 104–113. Springer, London (1996)

    Google Scholar 

  36. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: CRYPTO, pp. 388–397 (1999)

    Google Scholar 

  37. Le, T.-H., Clédiere, J., Canovas, C., Robisson, B., Serviere, C., Lacoume, J.-L.: A proposition for correlation power analysis enhancement. In: CHES, pp. 174–186 (2006)

    Google Scholar 

  38. Li, Y., Sakiyama, K., Batina, L., Nakatsu, D., Ohta, K.: Power variance analysis breaks a masked ASIC implementation of AES. In: DATE, Dresden, Germany, March 8–12, pp. 1059–1064. IEEE (2010)

    Google Scholar 

  39. Lin, L., Burleson, W.: Analysis and mitigation of process variation impacts on power-attack tolerance. In: DAC, pp. 238–243 (2009)

    Chapter  Google Scholar 

  40. Maghrebi, H., Danger, J.-L., Flament, F., Guilley, S.: Evaluation of countermeasures implementation based on Boolean masking to thwart first and second order side-channel attacks. In: SCS, Jerba, Tunisia, pp. 1–6. IEEE (2009). Complete version online: http://hal.archives-ouvertes.fr/hal-00425523/en/. doi:10.1109/ICSCS.2009.5412597

  41. Maghrebi, H., Guilley, S., Danger, J.-L., Flament, F.: Entropy-based power attack. In: HOST, Anaheim Convention Center, Anaheim, CA, USA, June 13–14, pp. 1–6. IEEE Comput. Soc., Los Alamitos (2010). doi:10.1109/HST.2010.5513124

    Google Scholar 

  42. Mangard, S.: A simple power-analysis (SPA) attack on implementations of the AES key expansion. In: ICISC, pp. 343–358 (2002)

    Google Scholar 

  43. Messerges, T., Dabbish, E., Sloan, R.: Investigations of power analysis attacks on smartcards. In: WOST, pp. 17–17 (1999)

    Google Scholar 

  44. Meynard, O., Rçal, D., Guilley, S., Danger, J.-L., Homma, N.: Enhancement of simple electro-magnetic attacks by pre-characterization in frequency domain and demodulation techniques. In: DATE, Grenoble, France, March 14–18. IEEE Comput. Soc., Los Alamitos (2011)

    Google Scholar 

  45. Natale, G.D., Flottes, M.-L., Rouzeyre, B.: An integrated validation environment for differential power analysis. In: DELTA, pp. 527–532 (2008)

    Google Scholar 

  46. Nohl, K., Evans, D., Starbug, S., Plötz, H.: Reverse-engineering a cryptographic RFID tag. In: Proceedings of the 17th Conference on Security Symposium, pp. 185–193. USENIX Association, Berkeley (2008). http://portal.acm.org/citation.cfm?id=1496711.1496724

    Google Scholar 

  47. Ordas, T., Lisart, M., Sicard, E., Maurine, P., Torres, L.: Near-field mapping system to scan in time domain the magnetic emissions of integrated circuits. In: PATMOS, pp. 229–236 (2008)

    Google Scholar 

  48. Peeters, E., Standaert, F.-X., Quisquater, J.-J.: Power and electromagnetic analysis: improved model, consequences and comparisons. Integration VLSI J. 40, 52–60 (2007). doi:10.1016/j.vlsi.2005.12.013

    Article  Google Scholar 

  49. Prouff, E., Rivain, M.: Theoretical and practical aspects of mutual information based side channel analysis. In: ACNS, Paris-Rocquencourt, France, June 2–5. LNCS, vol. 5536, pp. 499–518. Springer, Berlin (2009)

    Google Scholar 

  50. Prouff, E., Rivain, M., Bevan, R.: Statistical analysis of second order differential power analysis. IEEE Trans. Comput. 58(6), 799–811 (2009)

    Article  MathSciNet  Google Scholar 

  51. Quisquater, J.-J., Standaert, F.-X.: Physically secure cryptographic computations: from micro to nano electronic devices. In: DSN, Workshop on Dependable and Secure Nanocomputing (WDSN), June 28. IEEE Comput. Soc., Edinburgh (2007). Invited Talk, 2 pages

    Google Scholar 

  52. Réal, D., Valette, F., Drissi, M.: Enhancing correlation electromagnetic attack using planar near-field cartography. In: DATE, Nice, France, April 20–24, pp. 628–633. IEEE (2009)

    Google Scholar 

  53. Réal, D., Canovas, C., Clédiere, J., Drissi, M., Valette, F.: Defeating classical hardware countermeasures: a new processing for side channel analysis. In: DATE, pp. 1274–1279 (2008)

    Chapter  Google Scholar 

  54. Satoh, A.: Side-channel Attack Standard Evaluation Board, SASEBO. Project of the AIST—RCIS (Research Center for Information Security). http://www.rcis.aist.go.jp/special/SASEBO/

  55. Sauvage, L.: Cartographie électromagnétique pour la cryptanalyse physique. PhD thesis, TELECOM-ParisTech, Paris, France (September 2009)

    Google Scholar 

  56. Sauvage, L., Guilley, S., Mathieu, Y.: Electromagnetic radiations of FPGAs: high spatial resolution cartography and attack of a cryptographic module. ACM Trans. Reconfigurable Technol. Syst. 2(1), 1–24 (2009). Full text in http://hal.archives-ouvertes.fr/hal-00319164/en/. doi:10.1145/1502781.1502785

    Article  Google Scholar 

  57. Sauvage, L., Guilley, S., Flament, F., Danger, J.-L., Mathieu, Y.: Cross-correlation cartography. In: ReConFig, Cancún, Quintana Roo, México, December 13–15, pp. 268–273. IEEE Comput. Soc., Los Alamitos (2010). doi:10.1109/ReConFig.2010.75

    Google Scholar 

  58. Sauvage, L., Nassar, M., Guilley, S., Flament, F., Danger, J.-L., Mathieu, Y.: Exploiting dual-output programmable blocks to balance secure dual-rail logics. Int. J. Reconfigurable Comput. 2010, 375245 (2010). 12 pages. doi:10.1155/2010/375245

    Google Scholar 

  59. Schindler, W.: Advanced stochastic methods in side channel analysis on block ciphers in the presence of masking. J. Math. Cryptol. 2(3), 291–310 (2008). ISSN (Online) 1862-2984, ISSN (Print) 1862-2976. doi:10.1515/JMC.2008.013

    Article  MathSciNet  MATH  Google Scholar 

  60. Schindler, W., Lemke, K., Paar, C.: A stochastic model for differential side channel cryptanalysis. In: CHES, pp. 30–46 (2005)

    Google Scholar 

  61. Schmidt, J.-M., Hutter, M.: Optical and EM fault-attacks on CRT-based RSA: concrete results. In: Austrochip (2007)

    Google Scholar 

  62. Schmidt, J.-M., Kim, C.H.: A probing attack on AES, pp. 256–265 (2009)

    Google Scholar 

  63. Skorobogatov, S., Anderson, R.: Optical fault induction attacks. In: CHES, pp. 2–12 (2002)

    Google Scholar 

  64. Standaert, F.-X., Gierlichs, B., Verbauwhede, I.: Partition vs. comparison side-channel distinguishers: an empirical evaluation of statistical tests for univariate side-channel attacks against two unprotected CMOS devices. In: ICISC, Seoul, Korea, December 3–5. LNCS, vol. 5461, pp. 253–267. Springer, Berlin (2008)

    Google Scholar 

  65. Standaert, F.-X., Koeune, F., Schindler, W.: How to compare profiled side-channel attacks? In: ACNS, Paris-Rocquencourt, France, June 2–5. LNCS, vol. 5536, pp. 485–498. Springer, Berlin (2009)

    Google Scholar 

  66. Standaert, F.-X., Rouvroy, G., Quisquater, J.-J.: FPGA implementations of the DES and triple-DES masked against power analysis attacks. In: Proceedings of FPL 2006, Madrid, Spain, August. IEEE (2006)

    Google Scholar 

  67. Standaert, F.-X., Batina, L., Mulder, E.D., Lemke, K., Mentens, N., Oswald, E., Peeters, E.: Report on DPA and EMA Attacks on FPGAs. July 31 ECRYPT IST-2002-507932, “European Network of Excellence in Cryptography”. Deliverable D.VAM.5. http://www.ecrypt.eu.org/ecrypt1/documents/D.VAM.5-1.pdf

  68. Tiri, K., Verbauwhede, I.: A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation. In: DATE’04, Paris, France, February, pp. 246–251. IEEE Comput. Soc., Los Alamitos (2004). doi:10.1109/DATE.2004.1268856

    Google Scholar 

  69. Torrance, R., James, D.: The state-of-the-art in IC reverse engineering. In: CHES, pp. 363–381 (2009)

    Google Scholar 

  70. Veyrat-Charvillon, N., Standaert, F.-X.: Mutual information analysis: how, when and why? In: CHES, Lausanne, Switzerland, September 6–9. LNCS, vol. 5747, pp. 429–443. Springer, Berlin (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Laboratory of the ANSSI, French Network and Information Security Agency, Paris, France

    V. Lomné

  2. LIRMM—UMR CNRS 5506, University of Montpellier 2, Montpellier, France

    A. Dehaboui, P. Maurine, L. Torres & M. Robert

Authors
  1. V. Lomné
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. A. Dehaboui
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. P. Maurine
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. L. Torres
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. M. Robert
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to L. Torres .

Editor information

Editors and Affiliations

  1. Netheos Company, rue Auguste Broussonnet 300, Montpellier, 34090, France

    Benoit Badrignans

  2. Communications et Electronique, Ecole Nationale Superieure de Telecom., rue Barrault 46, Paris, 75013, France

    Jean Luc Danger

  3. Cryptography, University of St. Etienne, St. Etienne, France

    Viktor Fischer

  4. Lab-STICC-CNRS, UMR 3192, Centre de Recherche, Universite de Bretagne Sud - UEB, Centre de Recherche - BP 92116, Lorient Cedex, 56321, France

    Guy Gogniat

  5. Microelectronics, University Monpellier 2, Rue ADA 161, Montpellier 2, 34392, France

    Lionel Torres

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer Science+Business Media B.V.

About this chapter

Cite this chapter

Lomné, V., Dehaboui, A., Maurine, P., Torres, L., Robert, M. (2011). Side Channel Attacks. In: Badrignans, B., Danger, J., Fischer, V., Gogniat, G., Torres, L. (eds) Security Trends for FPGAS. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-1338-3_3

Download citation

  • DOI: https://doi.org/10.1007/978-94-007-1338-3_3

  • Publisher Name: Springer, Dordrecht

  • Print ISBN: 978-94-007-1337-6

  • Online ISBN: 978-94-007-1338-3

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation