Protecting integrated circuits against side-channel and fault attacks with dynamic encoding
| Autor: | Maxime Montoya, Simone Bacles-Min, Anca Molnos, Jacques J.A. Fournier |
|---|---|
| Přispěvatelé: | Commissariat à l'énergie atomique et aux énergies alternatives - Laboratoire d'Electronique et de Technologie de l'Information (CEA-LETI), Direction de Recherche Technologique (CEA) (DRT (CEA)), Commissariat à l'énergie atomique et aux énergies alternatives (CEA)-Commissariat à l'énergie atomique et aux énergies alternatives (CEA), Département Systèmes et Circuits Intégrés Numériques (DSCIN), Laboratoire d'Intégration des Systèmes et des Technologies (LIST (CEA)), Commissariat à l'énergie atomique et aux énergies alternatives (CEA)-Commissariat à l'énergie atomique et aux énergies alternatives (CEA)-Direction de Recherche Technologique (CEA) (DRT (CEA)) |
| Rok vydání: | 2023 |
| Předmět: | |
| Zdroj: | Microprocessors and Microsystems: Embedded Hardware Design Microprocessors and Microsystems: Embedded Hardware Design, 2023, 97, pp.104761. ⟨10.1016/j.micpro.2023.104761⟩ |
| ISSN: | 0141-9331 1872-9436 |
| Popis: | International audience; With the Internet of Things, an increasing amount of sensitive data have to be communicated and hence encrypted. Low-cost hardware attacks such as fault analysis or side-channel analysis threaten the implementation of cryptographic algorithms. Many countermeasures have been proposed against either of these attacks, however, only a few countermeasures protect efficiently an implementation against both attacks. These joint countermeasures usually have a prohibitive area and power overhead, and require up to thousands of bits of fresh randomness at each encryption. Therefore, they may not be suited to protect lightweight algorithms in resource-constrained devices. In this paper, we propose a new joint countermeasure against both attacks, called dynamic encoding. It has a smaller power and area overhead than existing joint countermeasures and requires at most 8 random bits at each encryption. It is particularly adapted to protect sequential logic and lightweight algorithms based on shift registers, and it can be extended to protect combinational logic as well. It consists in a power balancing at algorithmic level and provides an inherent fault detection. Simulations with several levels of noise indicate that dynamic encoding provides an efficient protection against side-channel analysis with up to 100,000 traces. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|
Full Text from ScienceDirect