Reut Caspi & Moriah Stern Academic Advisor: Prof. Alexander Fish, Dr. Osnat Keren Advisor: Mr. Itamar Levi Motivation Background Power analysis Project Objective Results Further Research Conclusions Small Scale Model Real Life Model 2 Motivation Background Project Objective Results Further Research ο§ Cryptography is the science of transferring information in a secure way. plaintext Conclusions Cryptographic module ciphertext ο§ The effort needed to logically break the AES algorithm is the same as the brute-force attack (2π ). secret key ο§ Side channel information is any information that is not obtained from the communication interface, such as the power-supply current dissipation. ο§ By utilizing this information an attacker can find secret key very fast (and cheaply). 3 Motivation 1. Background Project Objective Results Further Research Conclusions Create a hypothesis of the different currents according to different keys πΌβπ¦πππ‘βππ ππ = π»π β π»π· 4 Motivation Background Project Objective Results Further Research Conclusions 2. Calculate the correlation between the hypothesis current of each key and the measured current. 3. The hypothesis that yields the largest correlation is most likely of the correct key. Device Device In In Device Out Out Inf(In,Key) f(In,Key) f(In,Key) Key Key Key Hypothesis In In Out Side Side Side Channel Channel mChannel Im m I Measurement I Model h Model ModelModel: I Correlation h h Out Model: Model: m h Correlation Model: I Correlation I Physical Ο (IOut ,I ) Out m h Inf(In,Key) Model: Model: Physical Physical Ο (I ,I ) Ο (Im,Ih) Sidef(In,Key) f(In,Key) Secret Key SideSideChannel SNR Secret KeySecret Key Channel Channel SNR SNRHypothesis HypothesisHypothesis Key guess Key guess Key guess Processing ProcessingProcessing Key ranking (SNR) 5 5 Motivation Background Project Objective Results Further Research Where most research is focused (known crypto architecture) What we are researching D Q Combinational logic elements Conclusions D Q CLK Sequential logic elements ο§ Objective: ο§ Finding ways to reduce the information that leaks from the combinational part. ο§ To explore if it is feasible to attack internal nodes? Under which parameters? ο§ Parameters to examine: ο§ Fan-out ο§ Symmetric / Asymmetric design ο§ Logic Structure ο§ Noise β Dependent / Independent 6 Results Motivation Background Project Objective Small Scale Real Life Further Research Conclusions Asymmetric buffer layer ο§ A simple module was designed in order to illustrate specific physical-phenomenarelated trends we believe exist. Level 2 Level 1 In0 Key0 Level n 1 1 2 FO ο§ Additional circuitry was added to assure the attack is that of an inner node. Cint m 2n-1-1 In2n Key2n 2n-1 7 Results Motivation Background Project Objective Small Scale Real Life Further Research Conclusions ο§ Larger load capacitance -> energy increase ο§ The capacitance is simplified to be linear with the fan-out. πΈ = πΆππππ β πππ 2 πΆππππ = πΉπ β πΆπππ£ => πΈ = πΉπ β πΆπππ£ πππ2 8 Results Motivation Project Objective Background Small Scale Real Life Further Research Conclusions ο§ Symmetric design - delay balanced through all-paths. ο§ Asymmetric design - different delays on different paths. ο§ An attack succeeds when different computations leak information at the same time. ο§ As the asymmetry increases it is harder to capture such samples. Asymmetric buffer layer Level 1 In0 Key0 Level 2 Level n 1 1 2 t1 FO Cint m 2n-1-1 In2n Key2n 2n-1 t2 9 Results Motivation Background Project Objective Small Scale Real Life Further Research Conclusions 10 Results Motivation Background Project Objective Small Scale Real Life Further Research Conclusions ο§ The logical structure implies correlations between intermediate computations. ο§ Designs constructed with only AND or only OR based gates are highly sensitive. SNR 1 Logic 100% AND 50%-50% 100% OR 50% and β 50% or 11 Results Motivation Background Project Objective Small Scale Real Life Further Research Conclusions ο§ current we are interested in measuring ο§ βundesiredβ components: ο§ independent of the data - easily filtered out when given enough statistics ο§ data dependent - cannot be completely filtered ο§ Data dependent current is very prominent when discussing inner nodes. ο§ Correctly designed it can enhance the immunity to PA attacks. 12 Results Motivation Background Project Objective Small Scale Real Life Further Research Conclusions Datadependent noise noisy ~200 gates 13 Results Motivation Background Project Objective Small Scale Real Life Further Research Conclusions 14 Results Motivation Project Objective Background Small Scale Real Life Further Research Conclusions ο§ Implementations were synthesized with Cadence Encounter RTL ο§ Design constraints were used to achieve the desired designs. Design Total Nodes No. of FO2 FO3 FO4 FO5 FO6 FO7 FO8 859 763 684 637 602 555 547 Area\Energy β¦ (a) Joint A (a) Joint B (b) Dis-joint 15 Results Motivation Background Project Objective Small Scale Real Life Further Research Conclusions distance from the output increases -> data-dependent βnoiseβ increases (more inner) -> vulnerability to PA attack increases 16 Motivation Background ο§ Inner nodes are likely to dependent on part of the input. Project Objective only Results Future Research Conclusions Joint design be In0 Key0 ο§ Hypothesis functions must be created for sub-keys to remove unwanted noise. ο§ Example: Subset Of KeyBits π π₯1 , β¦ π₯8 , π1 , β¦ π8 = π₯1 β π1 β π₯2 β π2 β π₯3 β π3 β π₯4 β π4 In2n Key2n 17 Motivation Background Project Objective Results Future Research Conclusions Is power analysis feasible in inner nodes? YES! Sometimesβ¦ What effects the feasibility / quality of an attack? What is the cost? enhanced security larger no. of gates larger area 18 THANK YOU!
© Copyright 2026 Paperzz